From wcs at anchor.ho.att.com  Fri Jul  1 00:26:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 1 Jul 94 00:26:36 PDT
Subject: (FWD) WHAT MOTIVATES CRYP
Message-ID: <9407010725.AA10158@anchor.ho.att.com>


Bob Morris writes:

> I'm a leftie and was also a bit bemused by the idea of using crypto to
> avoid paying taxes.  Hopefully we can find a bit more exalted use of
> crypto than that.

Some of the peace movement folks I've hung around with over the years
were part of the "Resist paying taxes because they pay for the War Department"
movement, with various methods of not paying ranging from public refusal
to working in the underground economy to making less money.
Then there was that Thoreau fella....

> However, I assume all here are agreed that strong private crypto is a
> good thing.  "Politics makes strange bedfellows", indeed.
> This wouldn't be the first time that those on the fringes of the left
> and the right saw a common enemy - encroaching government with control
> in their hearts.

If your political scale puts different sets of people who oppose
encroaching government control on opposite fringes, it needs some rework.
(Not to say that some of us won't cultivate the fringiness available
in any particular movement; many of us find the mainstream libertarian
"deep-in-center-field" position to be a bit boring....)

		Bill
		





From frissell at panix.com  Fri Jul  1 02:37:36 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 02:37:36 PDT
Subject: (FWD) WHAT MOTIVATES CRYP
Message-ID: <199407010937.AA24176@panix.com>



B >I'm a leftie and was also a bit bemused by the idea of using crypto 
B >to
B >avoid paying taxes.  Hopefully we can find a bit more exalted use of
B >crypto than that.

It seems to me that the War Resistors League (WRL) tax evasion campaign 
against the Vietnam War could have benefited from crypto.  Tax resistance 
is practiced by both "left" and "right".

DCF
--- WinQwk 2.0b#1165                                                                                                                             





From frissell at panix.com  Fri Jul  1 02:37:37 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 02:37:37 PDT
Subject: Detweiler clone at WS
Message-ID: <199407010937.AA24172@panix.com>



R.>The down side was that licensing was mentioned as the first recourse
R.>from the state.  When we complained of the financial hit, the talk
R.>turned to registration.  But the sense was clearly toward proactive
R.>state control.

Are these people mentally retarded or what.  A BBS is a publication.  The 
1st Amendment was specifically written to outlaw the British licensing of 
publications.  No risk.

DCF

--- WinQwk 2.0b#1165
                                                                              





From limpe001 at hio.tem.nhl.nl  Fri Jul  1 02:42:39 1994
From: limpe001 at hio.tem.nhl.nl (HHM LIMPENS)
Date: Fri, 1 Jul 94 02:42:39 PDT
Subject: Commercial version of PGP
Message-ID: <9407011034.AA00385@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----

Hi, 

 I got a question from a Polish PGS user who wants to know wheter he
 can make a commercial version of PGP for Europaen users.

 He mentioned the Swiss patent holding of IDEA, but he wasn't able to 
 contact the people over there as the fax/phone numbers were disconnected. :-|

 Does anyone with a bit legal knowledge know anything about this?
 i.e. does he have to obtain licenses from RSA (although he only plans to
 export in Europe) and from the patent holders of RSA.

 And how about Phil ? Does Philip Zimmermann allow this kind of usage of his
 code ?  
- -- 

Eric.

    'If we are ever in danger of undermining the NSA, they will either
     buy us or shoot us.'

 +----------------------------------------+----------------------------+
 | Eric Limpens                           |  Where is my spycamera !?  |
 |                                        |     ..Bart Simpson..       |
 | <Limpe001 at hio.tem.nhl.nl>              +----------------------------+
 | S=limpe001;OU=hio;OU=tem;O=nhl;PRMD=surf;ADMD=400net;C=nl           |
 |          finger limpe001 at 141.252.36.60 for PGP 2.7 key              |
 +---------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhPxIOgWAlGwR3dDAQGfOgQAz2V8KNrC7hV94iIG9GeDet00a48OLlTi
IM+TX7fQMC3QVR/VYS90KRETA2MdbYGcAzyAoGfJm4OOL8paLstoe4VsvzVq+8r8
alpTCvzoO3c038hiCY0kfhKB6Fmny5LzscntRgtCyZuQ6td+GsGTUGG2usSqSfQV
JFK+PulxmBY=
=q5+4
-----END PGP SIGNATURE-----




From bart at netcom.com  Fri Jul  1 04:32:19 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Fri, 1 Jul 94 04:32:19 PDT
Subject: The 800 number requested
Message-ID: <199407011132.EAA16246@netcom9.netcom.com>



    The outfit was called "Full Disclosure" and was at 800 235 1414.
    I haven't tried it for a long time so, no guarantee its still
    active.




From frissell at panix.com  Fri Jul  1 04:55:25 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 04:55:25 PDT
Subject: (Fwd) What motivates Cryp
Message-ID: <199407011155.AA04832@panix.com>


J >I got PGP running on my machine a few weeks ago because I liked 
J >the  idea of being able to communicate privately if I wanted, 

The major motivation.  Crypto gives you the power to carve out a "zone of 
privacy" at will and say to the whole world, "This part of my life is mine 
alone."

J >It may seem that I am being particularly naive in being  
J >surprised by this but I am from the UK where libertarian views 
J >of this  kind are not so widely held.

Though they *were* largely invented there...

J >Similarly my motivations for 
J >using cryptography come simply from a desire for privacy from 
J >Govt. and other snooping but NOT  from the 'cyber-survivalist' 
J >inclinations that seem to motivate some in  the US at least. 

Distinguish "desire for privacy from Govt." and "'cyber-survivalist' 
inclinations" -- seems like the identical motive.  It *is* government that 
digital volunteerists (a friendlier term) seek privacy from.

J >I read some stuff on Vince Cate's WWW site by Tim May about how 
J >crypto was going to bring down governments due to (legal?) tax 
J >evasion by those who are computer literate . I have to say that 
J >I think this is highly unlikely 

I think Tim uses the term "collapse of governments."  Most of us are just 
making predictions about the sort of institutional changes that will occur 
as people discover that they have more choices.  Since controlling people 
by threatening to kill them if they disobey (the Political Means) only 
works if you can carry out your threat, if people can erect "unbreakable" 
barriers against States, their power is reduced.  One doesn't have to 
overthrow them.  They are overthrown by a change in their tactical 
capabilities.

J >general herald an age of 'survival of the fittest' where those 
J >clued up about computers will be able to take advantage and do 
J >better due to paying less taxes  etc.

J >Personally I have no desire to evade tax since I quite like 
J >being able  to drive on tarmac without holes, and having 
J >schooling and health care  provided for all with the richer 
J >folk subsidising the poorer folk. 

And here I thought "lefties" were opposed to coercive monopolies. 

J >I'd never come across a right-wing anarchist before reading the 
J >crypto groups - weird!

We're everywhere!  


DCF

"Libertarian anarchist since Steve B. gave him a copy of Lysander 
Spooner's 'No Treason -- the Constitution of No Authority' in 1970."

--- WinQwk 2.0b#1165
                                                                                          





From perry at imsi.com  Fri Jul  1 05:02:30 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 1 Jul 94 05:02:30 PDT
Subject: Detweiler clone at WSJ
In-Reply-To: <199406301603.JAA07502@well.sf.ca.us>
Message-ID: <9407011202.AA16143@snark.imsi.com>



Brad Dolan says:
> 
> The drumbeat against all those anonymous pedophiles continues....
> _Wall Street Journal_, 6/30/94
> PERSONAL TECHNOLOGY by Walter S. Mossberg
> "Keeping Your Kids Away From Creeps As They Play Online"

They aren't the only ones talking about it. I've seen three articles
about this in the past week.

Perry





From perry at imsi.com  Fri Jul  1 05:13:32 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 1 Jul 94 05:13:32 PDT
Subject: PC Expo summary!!
In-Reply-To: <9407010136.AA03743@prism.poly.edu>
Message-ID: <9407011213.AA16156@snark.imsi.com>



Arsen Ray Arachelian says:
> > rarachel at photon.poly.edu (Arsen Ray Arachelian):
> > >                   FEB 17  CYPHERPUNKS TRANSCRIPT
> > >     Copyright (C) 1994, cypherpunks at toad.com  All Rights Reserved.      
> >                           ^^^^^^^^^^^^^^^^^^^^
> > I wonder how the courts will interpret that ;)
> 
> This will certainly put a nice toad up the NSA's ass.   Anyone reading this
> will see that the cypherpunks are a bunch of folk that stick together as a
> single entity whose purpose right now is to kill clipper.

That wasn't the topic of the discussion in question, actually. It was
largely just a discussion on cryptography in general and its
implications, slanted towards anarchists, who were the audiance being
addressed. Most of the population is extremely hostile to anarchism,
so from a PR point of view that talk isn't what you want. Also, it
unfairly makes it look like "cypherpunk" means "anarchist". Now, it
happpens that I am an anarchist, but that isn't what most people
associated with the term "cypherpunk" believe in, and it isn't fair to
paint them that way -- hell, many people on this mailing list are
overtly hostile to anarchism.

I don't want people to think you have to hate the idea of government
in order to like cryptography.

The copyright is also meaningless because a non-person (human or
corporate) cannot copyright something. Certainly an email address
can't hold a copyright. In any case I consider it a little odd that I
would not under your copyright be permitted to sell someone a copy of
my own words.

Lastly, I don't know what was on that disk exactly, but I've started
getting calls from random kooks about it. I find that a bit
disturbing. Did you leave my phone number on it or something?

Perry





From gtoal at an-teallach.com  Fri Jul  1 05:18:30 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 1 Jul 94 05:18:30 PDT
Subject: (FWD) WHAT MOTIVATES FORWARDERS?
Message-ID: <199407011218.NAA09977@an-teallach.com>


Actually, no, it's not really a forward of anything at all.  It's just
that this forwarding business is *really* getting out of hand.  For
Christ's sake guys, if *you* can read stuff on other groups, credit
us with the intelligence of being able to find it too.  If this keeps
up we'll have the who 20Mb/day of usenet funnelling through cypherpunks.

How about in future just saying "Hey, anyone who doesn't know about
talk.politics.crypto, go have a look at it on usenet.  By the way
there's an interesting thread going on just now about blah blah blah."?

G





From paul at poboy.b17c.ingr.com  Fri Jul  1 05:33:47 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Fri, 1 Jul 94 05:33:47 PDT
Subject: (FWD) WHAT MOTIVATES FORWARDERS?
In-Reply-To: <199407011218.NAA09977@an-teallach.com>
Message-ID: <199407011235.AA14672@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> How about in future just saying "Hey, anyone who doesn't know about
> talk.politics.crypto, go have a look at it on usenet.  By the way
> there's an interesting thread going on just now about blah blah blah."?

Tim actually did just that when he posted his pointer.

IMHO a more serious and prevalent problem is the onslaught of spam
whenever EFF, CPSR, EPIC, NSA, or EIEIO issue press releases even
tangentially related to crypto. Not only do I usually get a copy in my
main inbox (since my filter doesn't catch it because it's not via
toad.com), there are always some helpful folks who forward it verbatim
without checking the list first. There are even a few hardcore
crossposters who will post the same article _multiple_ times when they
don't see the first one appear instantly.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | Why did an NSA agent threaten to kill Jim Bidzos?
perobich at ingr.com           | Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhQNjqfb4pLe9tolAQHTMAQAgD2qJ42pvTe9Jis0a5o7ZOiAnS/byXIF
Jt4Uka2Tat8wGLSGmxgDyMa3ZqNifcfvHqipBlr+Wbj7zqSDE1tlym6X20IFiJQi
Y8dIfmxtGI7g4BsBxral2/k13gZ9G2MqMipj4yLIs8Cp8WEFDWmwPMFt7hNhJvrz
O2QL3aza5zg=
=E3sW
-----END PGP SIGNATURE-----





From nobody at soda.berkeley.edu  Fri Jul  1 05:49:48 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Fri, 1 Jul 94 05:49:48 PDT
Subject: Devil's Advocate (again)
Message-ID: <199407011249.FAA25594@soda.berkeley.edu>



I notice the argument against "why do you need crypto... are you
doing something ILLEGAL" is that the argument that "why don't you
want a camera in your house... are you doing something ILLEGAL".

This is good, but where in the Constitution does it say that people
can have crypto not regulated by the Government?  Would this be
under the First Amendment of free speech?

Again, I am playing Devil's Advocate here.


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%IS^P;+]AB?X9TW6\8WR:"P&2%))6DK&_"'9H7Z#TP^%/-Q).;<[88Q
ME30D:-V2"G!=KV&$CCA?;+(6+E.#?2%P`0:V-J'.#NA:J^2@,\;GUI)DG5,O
%CR6`-HX`
====Encrypted-Sender-End====





From roy at sendai.cybrspc.mn.org  Fri Jul  1 06:02:23 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 1 Jul 94 06:02:23 PDT
Subject: Detweiler clone at WS
In-Reply-To: <199407010937.AA24172@panix.com>
Message-ID: <940701.070436.2K1.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, frissell at panix.com (Duncan Frissell) writes:

> R.>The down side was that licensing was mentioned as the first recourse
> R.>from the state.  When we complained of the financial hit, the talk
> R.>turned to registration.  But the sense was clearly toward proactive
> R.>state control.
> 
> Are these people mentally retarded or what.

I'm not qualified to answer that.  :)

> A BBS is a publication.  The
> 1st Amendment was specifically written to outlaw the British licensing of 
> publications.  No risk.

Until some case law comes about that recognizes this, It Just Ain't So.
Right now, electronic publishing isn't recognized by the courts as
publishing (because we don't kill trees, I suppose).
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhQHBBvikii9febJAQF88wQAkHE6Kj9ALRSXZBy5jP2+8X4afaoC4PD+
12jUKDlLfPw1PE7NicHwwO/gBk9Zhq0s2+rTpvaG5Ih61VxC/xQ+IAsrK1B9Dpfr
WReuAi4NsDih5wO4EFKMR7aYlreTPqGXOtu1M4hq46C26OVgi5MPnjp6T8jOHGch
X2tTml0XqEI=
=9pxs
-----END PGP SIGNATURE-----






From perry at imsi.com  Fri Jul  1 06:04:15 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 1 Jul 94 06:04:15 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <199407011249.FAA25594@soda.berkeley.edu>
Message-ID: <9407011303.AA16253@snark.imsi.com>



Anonymous User says:
> I notice the argument against "why do you need crypto... are you
> doing something ILLEGAL" is that the argument that "why don't you
> want a camera in your house... are you doing something ILLEGAL".
> 
> This is good, but where in the Constitution does it say that people
> can have crypto not regulated by the Government?  Would this be
> under the First Amendment of free speech?
> 
> Again, I am playing Devil's Advocate here.

The first amendment is a good start.
The fourth amendment protections against unreasonable search could be
held to not require that everyone conduct all their business in such a
way as to make search maximally easy. (The courts have already held,
for instance, that you are under no obligation to keep your business
records in english.)
The ninth amendment, and the derived "right to privacy" ideas that
culminated in Roe v. Wade, could also be invoked.

.pm





From perry at imsi.com  Fri Jul  1 06:12:16 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 1 Jul 94 06:12:16 PDT
Subject: Detweiler clone at WS
In-Reply-To: <940701.070436.2K1.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <9407011312.AA16277@snark.imsi.com>



Roy M. Silvernail says:
> > A BBS is a publication.  The
> > 1st Amendment was specifically written to outlaw the British licensing of 
> > publications.  No risk.
> 
> Until some case law comes about that recognizes this, It Just Ain't So.
> Right now, electronic publishing isn't recognized by the courts as
> publishing (because we don't kill trees, I suppose).

Untrue as of Tuesday, when the Supremes came out with a decision
recognising (to a limited extent) the 1st amendment rights of cable
companies. However, you are right that no direct precedent exists.


Perry





From gtoal at an-teallach.com  Fri Jul  1 06:19:10 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 1 Jul 94 06:19:10 PDT
Subject: (Fwd) What motivates Cryp
Message-ID: <199407011318.OAA11586@an-teallach.com>


	J >It may seem that I am being particularly naive in being  
	J >surprised by this but I am from the UK where libertarian views 
	J >of this  kind are not so widely held.

	Though they *were* largely invented there...

I think it's just that most of us get out when we see state control
here getting oppresive past our personal limits.  (Which it just
did, hello Criminal Justice Bill, goodbye Graham)

G





From khijol!erc at apple.com  Fri Jul  1 06:21:41 1994
From: khijol!erc at apple.com (Ed Carp [Sysadmin])
Date: Fri, 1 Jul 94 06:21:41 PDT
Subject: ANI 800 number
In-Reply-To: <199406300256.TAA07138@kaiwan.kaiwan.com>
Message-ID: <m0qJi7u-0004G1C@khijol.uucp>


> shamrock at netcom.com (Lucky Green) wrote:
> 
> | About 1.5 years ago, Sandy posted an 800 number that would give you the |
> | number of the phone you are calling from. Does anyone still have that?  |
> 
> No, but you can use AT&T's test number - 1073214049889664
> (you won't be charged for the call)
> 
> If you're interested in that type of thing, you might want to read alt.2600

Too bad it doesn't work from Canada :(
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From matsb at sos.sll.se  Fri Jul  1 06:21:58 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Fri, 1 Jul 94 06:21:58 PDT
Subject: What motivates crypto-folk?
In-Reply-To: <199407010541.WAA24567@netcom8.netcom.com>
Message-ID: <Pine.3.85.9407011106.A13835-0100000@cor.sos.sll.se>



Bob Morris wrote:

> This wouldn't be the first time that those on the fringes of the left
> and the right saw a common enemy - encroaching government with control
> in their hearts.

I don't think mayists should be categorized as ultra right-wingers.
Save that epithet for those in favour of both unrestricted market
capitalism AND a strong government and judicical system to keep
the small guys in leashs, sort of an oligarchy and very far from
anarchy. And I don't think any ultra left-wingers are lurking on
cypherpunks. That epithet should be saved for people believing in
strong military-style bureaucracies to implement 'equality' but,
as we all know, this is just another form of oligarchy, far from
anarchy (and historically separated from anarchy in the 19th
century). One thing these two fringe beliefs have in common is
the trust in gun barrels for political power.

There is a way to privacy (through crypto-anarchy) separated
from unrestricited anarcho-capitalism that might be defined as
more to the left (depending on your semantics of course).
I don't have a good name for it, but a vision. Taxation only
of hardware (in a broad sense) production might be enforcable
in spite of strong crypto and could pay for a minimal standard
of living for all citizens of an industrialized country-unit
(at least if population growth stops) including the lame or
lazy. And some environmental issues are too important to be
decided by private enterprise. National parks do not have to
cost anything if we just decide that unexploited land is not
to be owned by anyone (well, the present owners will be poorer
but every political change has it's victims).

But such a pinko-green approach to privacy does not, and should
not in my humble opinion, have to extend to public funding of
education, libraries, minorities, arts, infobahns or other soft
issues. And it gives no one a right to pry into my software
collection or drug cabinet.

Mats Bergstrom








From ravage at bga.com  Fri Jul  1 06:43:47 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 1 Jul 94 06:43:47 PDT
Subject: Devil's advocate
In-Reply-To: <9407010127.AA13673@mycroft.rand.org>
Message-ID: <199407011343.IAA08806@zoom.bga.com>


> 
> Answer 1:
>     Wrong question: Once you allow the question "What do you have to hide?"
>     about your communications, you don't have a good place to stop the
>     inquiries about the rest of your life.  Law enforcement should not be
>     allowed to dictate that you behave in a way that will facilitate their
>     surveillance; they need to show probable cause <before> starting their
>     proceedings against you.
>
My responce would be why do you want to know what I information I am    
exchangeing and while we are on the topic, can I look at your corresponcance?

I suspect that this flip would shut them up quite quickly.

It is not the law enforcement but rather the legislatures impression of the
desires of the general populace that will dictate this.

> Answer 2:
>     Sometimes the advances of science favor the police, and sometimes they
>     don't -- luck of the draw.  LE has a lot of tools available that they
>     didn't have a few decades ago, including DNA matching, fiber analysis,
>     and cellular phone triangulation.  Crypto may reduce one way for them
>     to read our mail, but they have others that weren't available before;
>     if they have reasonable cause for a court order, let them roll in the
>     Van Eck radiation van, plant bugs, sneak in and dump your hard disk,
>     or whatever.
>
If law enforcement was meant to be easy why do we have the Constitution and
such concpets as proof and probably cause?

The argument that we should do anything simply because it makes somebodies
job easier is fallacious. Our responsibilities (both personal and societal)
don't include making other peoples lives easier (it does mean not making them
harder in some cases).

> 
> That's all independent of whether you can trust Mykotronx and their
> masters not to keep copies of the keys while they're making them before
> they put them in escrow.
>
When we are talking about a persons freedoms and rights I would hold that
no person or agency is entitled to trust. They must prove they are a 
paramour.






From sommerfeld at orchard.medford.ma.us  Fri Jul  1 07:04:53 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Fri, 1 Jul 94 07:04:53 PDT
Subject: someone clue me in about USACM..
Message-ID: <199407011401.KAA00547@orchard.medford.ma.us>


Could someone explain to me the difference, if any, between the
"USACM" and the panel of luminaries who put out the "Codes, Keys, and
Conflicts" paper?

The paper was downright bland in tone, while the one-page USACM
position in the press release is clearly hostile towards the EES.

Who is the USACM?  How big is it, who can join, and who has?

						- Bill





From werner at mc.ab.com  Fri Jul  1 07:33:15 1994
From: werner at mc.ab.com (werner at mc.ab.com)
Date: Fri, 1 Jul 94 07:33:15 PDT
Subject: ANI 800 number
Message-ID: <9407011433.AA14935@werner.mc.ab.com>


>From: khijol!erc at apple.com (Ed Carp [Sysadmin])
>Date: Fri, 1 Jul 1994 08:55:30 -0400 (EDT)
>
>> shamrock at netcom.com (Lucky Green) wrote:
>> 
>> No, but you can use AT&T's test number - 1073214049889664
>
>Too bad it doesn't work from Canada :(

Doesn't seem to work for me in Cleveland, either.  Maybe you have to have
AT&T long distance for it to work.

tw





From sandfort at crl.com  Fri Jul  1 08:23:50 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 1 Jul 94 08:23:50 PDT
Subject: (FWD) WHAT MOTIVATES FORWARDERS?
In-Reply-To: <199407011218.NAA09977@an-teallach.com>
Message-ID: <Pine.3.87.9407010826.A503-0100000@crl.crl.com>


C'punks,

On Fri, 1 Jul 1994, Graham Toal wrote:

> . . . this forwarding business is *really* getting out of hand.  For
> Christ's sake guys, if *you* can read stuff on other groups, credit
> us with the intelligence of being able to find it too.  If this keeps
> up we'll have the who 20Mb/day of usenet funnelling through cypherpunks.
> . . .

Well, I for one like to see forwarded stuff.  I have no desire to chase 
down likely references.  Maybe I'm lazy for letting others filter stuff 
for me, or maybe you're lazy for not hitting "D".  Quien sabe?


 S a n d y







From sandfort at crl.com  Fri Jul  1 08:38:22 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 1 Jul 94 08:38:22 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <199407011249.FAA25594@soda.berkeley.edu>
Message-ID: <Pine.3.87.9407010857.A2006-0100000@crl.crl.com>


C'punks,

On Fri, 1 Jul 1994, Anonymous User wrote:

> . . . where in the Constitution does it say that people
> can have crypto not regulated by the Government?  Would this be
> under the First Amendment of free speech?

Try the 9th and 10th Amendments.


 S a n d y







From joshua at cae.retix.com  Fri Jul  1 08:46:08 1994
From: joshua at cae.retix.com (joshua geller)
Date: Fri, 1 Jul 94 08:46:08 PDT
Subject: ANI 800 number
In-Reply-To: <9407011433.AA14935@werner.mc.ab.com>
Message-ID: <199407011546.IAA03634@sleepy.retix.com>



>   >From: khijol!erc at apple.com (Ed Carp [Sysadmin])

>   >> shamrock at netcom.com (Lucky Green) wrote:

>   >> No, but you can use AT&T's test number - 1073214049889664

>   >Too bad it doesn't work from Canada :(

>   Doesn't seem to work for me in Cleveland, either.  Maybe you have to have
>   AT&T long distance for it to work.

it doesn't work from LA and I do have AT&T long distance.

josh






From gtoal at an-teallach.com  Fri Jul  1 09:03:21 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 1 Jul 94 09:03:21 PDT
Subject: (FWD) WHAT MOTIVATES FORWARDERS?
Message-ID: <199407011603.RAA15896@an-teallach.com>


	Well, I for one like to see forwarded stuff.  I have no desire to chase 
	down likely references.  Maybe I'm lazy for letting others filter stuff 
	for me, or maybe you're lazy for not hitting "D".  Quien sabe?

It's you :-)

Really, it's a question of degree and obscurity.  A forward a day isn't
too bad, a dozen a day is, especially if they're 600 lines of EFF press
release which we see *everywhere*.  However if the item was found in
some out of the way place (like say a BITNET mailing list for librarians)
then forwarding would be reasonable.  But stuff from comp.org.eff.talk,
sci.crypt, talk.politics.crypto and alt.security.pgp which are groups
that most people interested in crypto will read, is a bit redundant.
If you're not reading them, you *should* be.

G





From tcmay at netcom.com  Fri Jul  1 09:22:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 09:22:34 PDT
Subject: Electronic press ?=? Paper press
In-Reply-To: <940701.070436.2K1.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <199407011622.JAA24851@netcom4.netcom.com>


Roy M. Silvernail wrote:

(quoting Duncan Frissell)

> > A BBS is a publication.  The
> > 1st Amendment was specifically written to outlaw the British licensing of 
> > publications.  No risk.
> 
> Until some case law comes about that recognizes this, It Just Ain't So.
> Right now, electronic publishing isn't recognized by the courts as
> publishing (because we don't kill trees, I suppose).

Not so.

Writers who use computers, journalists who write directly to
electronic distribution, etc., are just as protected against
censorship or prior restraint as paper-oriented journalists are.

Any law which required, for example, writers like us to submit their
writings to some government censorship agency would of course be
struck down immediately.

(Note: "Wartime" situations may be different, which is why I fear the
term "War" in "War on Drugs," "War on Money Launderers," and "War on
Barny Bashers.")

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jim at bilbo.suite.com  Fri Jul  1 09:25:39 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Fri, 1 Jul 94 09:25:39 PDT
Subject: What was the House Rules Committee vote?
Message-ID: <9407011623.AA00517@bilbo.suite.com>



The House Rules Committee was supposed to vote on the General Export  
Administration Act HR 3937 yesterday.  Anybody know the result of the  
vote?  Did they mark the bill "open"?

Jim_Miller at suite.com





From blancw at microsoft.com  Fri Jul  1 09:33:22 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 1 Jul 94 09:33:22 PDT
Subject: Devil's Advocate
Message-ID: <9407011535.AA21466@netmail2.microsoft.com>


I'm not so kind as others on this list.

I think people should live consistent with their philosophy and what 
they advocate.
Many times arguments are useless and only experience serves to convince.
I wouldn't try to convert another from their faith just because it 
would do me good.
As long as it's possible to find alternate methods of doing the same 
thing (in this case achieving privacy), I wouldn't try too hard to save 
Liberals from themselves.
I think they deserve to use Clipper.

Blanc





From jdwilson at gold.chem.hawaii.edu  Fri Jul  1 09:37:21 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Fri, 1 Jul 94 09:37:21 PDT
Subject: USACM Calls for Clipper Withdrawal (fwd)
Message-ID: <Pine.3.07.9407010657.A6744-d100000@gold.chem.hawaii.edu>



---------- Forwarded message ----------
Date: Thu, 30 Jun 1994 16:35:37 +0000
From: "US ACM, DC Office" <usacm_dc at acm.org>
To: "usacm_dc at acm.org" <distribution.list at acm.org>
Subject: USACM Calls for Clipper Withdrawal

                              
                              U S A C M

 Association for Computing Machinery, U.S. Public Policy Committee

                          * PRESS  RELEASE *
 
Thursday, June 30, 1994	

Contact: 
Barbara Simons (408) 463-5661, simons at acm.org (e-mail)
Jim Horning  (415) 853-2216, horning at src.dec.com (e-mail)
Rob Kling (714) 856-5955, kling at ics.uci.edu (e-mail)


     COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER 

            COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR 
                     SECRET DECISION-MAKING

     WASHINGTON, DC ��The public policy arm of the oldest and 
largest international computing society today urged the White 
House to withdraw the controversial "Clipper Chip" encryption 
proposal.  Noting that the "security and privacy of electronic 
communications are vital to the development of national and 
international information infrastructures," the Association for 
Computing Machinery's U.S. Public Policy Committee (USACM) added 
its voice to the growing debate over encryption and privacy 
policy.

     In a position statement released at a press conference on 
Capitol Hill, the USACM said that "communications security is too 
important to be left to secret processes and classified 
algorithms."  The Clipper technology was developed by the National 
Security Agency, which classified the cryptographic algorithm that 
underlies the encryption device.  The USACM believes that Clipper 
"will put U.S. manufacturers at a disadvantage in the global 
market and will adversely affect technological development within 
the United States."   The technology has been championed by the 
Federal Bureau of Investigation and the NSA, which claim that 
"non-escrowed" encryption technology threatens law enforcement and 
national security.

     "As a body concerned with the development of government 
technology policy, USACM is troubled by the process that gave rise 
to the Clipper initiative," said Dr. Barbara Simons, a computer 
scientist with IBM who chairs the USACM.  "It is vitally important 
that privacy protections for our communications networks be 
developed openly and with full public participation."

     The USACM position statement was issued after completion of a 
comprehensive study of cryptography policy sponsored by the ACM 
(see companion release).  The study, "Codes, Keys and Conflicts: 
Issues in U.S Crypto Policy," was prepared by a panel of experts 
representing various constituencies involved in the debate over 
encryption.

     The ACM, founded in 1947, is a 85,000 member non-profit 
educational and scientific society dedicated to the development 
and use of information technology, and to addressing the impact of 
that technology on the world's major social challenges.  USACM was 
created by ACM to provide a means for presenting and discussing 
technological issues to and with U.S. policymakers and the general 
public.  For further information on USACM, please call (202) 298-
0842.

   =============================================================


       USACM Position on the Escrowed Encryption Standard


The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto 
Policy" sets forth the complex technical and social issues 
underlying the current debate over widespread use of encryption.  
The importance of encryption, and the need for appropriate 
policies, will increase as networked communication grows.  
Security and privacy of electronic communications are vital to  
the development of national and international information 
infrastructures.

The Clipper Chip, or "Escrowed Encryption Standard" (EES) 
Initiative, raises fundamental policy issues that must be fully 
addressed and publicly debated.  After reviewing the ACM study, 
which provides a balanced discussion of the issues, the U.S. 
Public Policy Committee of ACM (USACM) makes the following 
recommendations.

  1.  The USACM supports the development of public policies and 
technical standards for communications security in open forums in 
which all stakeholders -- government, industry, and the public -- 
participate.  Because we are moving rapidly to open networks, a 
prerequisite for the success of those networks must be standards 
for which there is widespread consensus, including international 
acceptance.  The USACM believes that communications security is 
too important to be left to secret processes and classified 
algorithms.  We support the principles underlying the Computer 
Security Act of 1987, in which Congress expressed its preference 
for the development of open and unclassified security standards.

  2.  The USACM recommends that any encryption standard adopted by 
the U.S. government not place U.S. manufacturers at a disadvantage 
in the global market or adversely affect technological development 
within the United States.  Few other nations are likely to adopt a 
standard that includes a classified algorithm and keys escrowed 
with the U.S. government.

  3.  The USACM supports changes in the process of developing 
Federal Information Processing Standards (FIPS) employed by the 
National Institute of Standards and Technology.  This process is 
currently predicated on the use of such standards solely to 
support Federal procurement.  Increasingly, the standards set 
through the FIPS process directly affect non-federal organizations 
and the public at large.  In the case of the EES, the vast 
majority of comments solicited by NIST opposed the standard, but 
were openly ignored.  The USACM recommends that the standards 
process be placed under the Administrative Procedures Act so that 
citizens may have the same opportunity to challenge government 
actions in the area of information processing standards as they do 
in other important aspects of Federal agency policy making.

  4.  The USACM urges the Administration at this point to withdraw 
the Clipper Chip proposal and to begin an open and public review 
of encryption policy.  The escrowed encryption initiative raises 
vital issues of privacy, law enforcement, competitiveness and 
scientific innovation that must be openly discussed.

  5.  The USACM reaffirms its support for privacy protection and 
urges the administration to encourage the development of 
technologies and institutional practices that will provide real 
privacy for future users of the National Information 
Infrastructure.










From jdwilson at gold.chem.hawaii.edu  Fri Jul  1 09:38:00 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Fri, 1 Jul 94 09:38:00 PDT
Subject: ACM Releases Crypto Study (fwd)
Message-ID: <Pine.3.07.9407010602.B6744-c100000@gold.chem.hawaii.edu>



---------- Forwarded message ----------
Date: Thu, 30 Jun 1994 16:34:47 +0000
From: "US ACM, DC Office" <usacm_dc at acm.org>
To: "usacm_dc at acm.org" <distribution.list at acm.org>
Subject: ACM Releases Crypto Study


                Association for Computing Machinery

                           PRESS RELEASE
         __________________________________________________

Thursday, June 30, 1994

Contact:

Joseph DeBlasi, ACM Executive Director (212) 869-7440 
Dr. Stephen Kent, Panel Chair (617) 873-3988 
Dr. Susan Landau, Panel Staff (413) 545-0263


    COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY

      "CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL

     WASHINGTON, DC � A panel of experts convened by the nation's 
foremost computing society today released a comprehensive report 
on U.S. cryptography policy.  The report, "Codes, Keys and 
Conflicts: Issues in U.S Crypto Policy," is the culmination of a 
ten-month review conducted by the panel of representatives of the 
computer industry and academia, government officials, and 
attorneys.  The 50-page document explores the complex technical 
and social issues underlying the current debate over the Clipper 
Chip and the export control of information security technology.

     "With the development of the information superhighway, 
cryptography has become a hotly debated policy issue," according 
to Joseph DeBlasi, Executive Director of the Association for 
Computing Machinery (ACM), which convened the expert panel.  "The 
ACM believes that this report is a significant contribution to the 
ongoing debate on the Clipper Chip and encryption policy.  It cuts 
through the rhetoric and lays out the facts."

     Dr. Stephen Kent, Chief Scientist for Security Technology 
with the firm of Bolt  Beranek and Newman, said that he was 
pleased with the final report.  "It provides a very balanced 
discussion of many of the issues that surround the debate on 
crypto policy, and we hope that it will serve as a foundation for 
further public debate on this topic."  

     The ACM report addresses the competing interests of the 
various stakeholders  in  the  encryption debate  --  law 
enforcement agencies,  the intelligence community, industry and 
users of communications services.  It reviews the recent history 
of U.S. cryptography policy and identifies key questions that 
policymakers must resolve as they grapple with this controversial 
issue.

     The ACM cryptography panel was chaired by Dr. Stephen Kent.  
Dr. Susan Landau, Research Associate Professor in Computer Science 
at the University of Massachusetts, co-ordinated the work of the 
panel and did most of the writing. Other panel members were Dr. 
Clinton Brooks, Advisor to the Director, National Security Agency; 
Scott Charney, Chief of the Computer Crime Unit, Criminal 
Division, U.S. Department of Justice; Dr. Dorothy Denning, 
Computer Science Chair, Georgetown University; Dr. Whitfield 
Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony 
Lauck, Corporate Consulting Engineer, Digital Equipment 
Corporation; Douglas Miller, Government Affairs Manager, Software 
Publishers Association; Dr. Peter Neumann, Principal Scientist, 
SRI International; and David Sobel, Legal Counsel, Electronic 
Privacy Information Center.  Funding for the cryptography study 
was provided in part by the National Science Foundation. 

     The ACM, founded in 1947, is a 85,000 member non-profit 
educational and scientific society dedicated to the development 
and use of information technology, and to addressing the impact of 
that technology on the world's major social challenges.  For 
general information, contact ACM, 1515 Broadway, New York, NY  
10036. (212) 869-7440 (tel), (212) 869-0481 (fax).

     Information on accessing the report electronically will be 
posted soon in this newsgroup.













From tcmay at netcom.com  Fri Jul  1 09:44:03 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 09:44:03 PDT
Subject: What motivates crypto-folk?
In-Reply-To: <Pine.3.85.9407011106.A13835-0100000@cor.sos.sll.se>
Message-ID: <199407011643.JAA27139@netcom4.netcom.com>


I regret that I've been too busy to comment on much on the left vs.
right debate here, but Mats Bergstrom's analysis merit's comment:

> I don't think mayists should be categorized as ultra right-wingers.

"Mayists"! Kind of like Maoists--but different!

> Save that epithet for those in favour of both unrestricted market
> capitalism AND a strong government and judicical system to keep
> the small guys in leashs, sort of an oligarchy and very far from
> anarchy. And I don't think any ultra left-wingers are lurking on
...

Yes, I've seen few if any of these extremes on this list.

> There is a way to privacy (through crypto-anarchy) separated
> from unrestricited anarcho-capitalism that might be defined as
> more to the left (depending on your semantics of course).
> I don't have a good name for it, but a vision. Taxation only
> of hardware (in a broad sense) production might be enforcable
> in spite of strong crypto and could pay for a minimal standard
> of living for all citizens of an industrialized country-unit
> (at least if population growth stops) including the lame or
> lazy. And some environmental issues are too important to be
> decided by private enterprise. National parks do not have to
> cost anything if we just decide that unexploited land is not
> to be owned by anyone (well, the present owners will be poorer
> but every political change has it's victims).

Mats has accurately captured the flavor of crypto anarchy, and how it
differes from more conventionally libertarian anarchocapitalist views.
Specifically, large corporations are unlikely to thrive...for the
simple Cyperpunkish reason that a large group can't very well keep
secrets. (I'm not arguing that an Intel or a Pfizer _deserves_ to have
its secrets sold, only that this is a consequence of increased
informational degrees of freedom, privacy, and strong crypto.)

I'm suspicious about the "minimal standard of living" point, though,
but will note that private charity tends to work when the
disabled/retarded component of the population is less than about 10%.
(When more and more people claim disabilities, inability to work,
psychic damage, or just plain unwillingness to work, charity won't
work. And my belief is that coercion of charity (=taxes) also won't
work.) 

> But such a pinko-green approach to privacy does not, and should
> not in my humble opinion, have to extend to public funding of
> education, libraries, minorities, arts, infobahns or other soft
> issues. And it gives no one a right to pry into my software
> collection or drug cabinet.
> 
> Mats Bergstrom

But I mostly agree with everything Mats has said. Leftists should take
heart that crypto anarchy also reduces the power of corporations (many
of whom climb into bed with government the first chance they get to
suppress competition, get favorable laws and patents, etc. As
Mussolini said, "Fascism *is* corporatism.")

Many leftists I know claim to be anti-capitalist, naturally. But they
are often deeply market-oriented, participating in "farmer's markets"
with zeal. To libertarians, of course, this *is* capitalism! (Read
Karl Hess' "Capitalism for Kids" for an easy treatment of this. Lots
of other libertarian books, too.)

This list has traditionally not been a place to debate left-right or
libertarian issues. Passing references, yes, but not serious debate.
In accord with this unwritten rule, I'll stop now.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Fri Jul  1 10:02:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 10:02:27 PDT
Subject: My view on Forwardings
Message-ID: <199407011702.KAA29030@netcom4.netcom.com>


I agree with Graham Toal that forwardings are getting out of hand. 

I'm quick on the "Delete" key, as Sandy Sandfort is, so it doesn't
bother me _too_ much. But what it does indicated is general
cluelessness.

For example, minutes ago I received yet another forwarding of the
"USACM" press release! Did the forwarder think we had not seen the
versions sent yesterday?

Or perhaps he was not reading the list closely enough to see these
forwardings--and thought we needed another copy just for good measure.

My solution is to keep a list (manually) of folks who have acted
thusly, and then to avoid responding to them in the future. (I can't
easily implement kill files in "elm.")

I might suggest a "press release list" that people could subscribe to,
except that alternate lists have failed, and the forwarders are
unlikely to remain confined to such a narrow forum. And as Graham
noted, numerous newsgroups already exist for such press releases.

I have to admit that I've started to ignore most EFF, CPSR, and EPIC
press releases, as they are low on content and heavy on long-winded
policy statements.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From schneier at chinet.chinet.com  Fri Jul  1 10:16:22 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Fri, 1 Jul 94 10:16:22 PDT
Subject: Programmer Wanted - Second Salvo
Message-ID: <m0qJlws-00029GC@chinet>



Greetings:

I recently posted a posting (whatever) looking for a programmer to do
some contract work.  After talking with a few people, someone suggested
that I post what I want on the mailing list.

What I am looking for is someone to do some of the odd programming
projects that I have been wishing someone would do.  This isn't work
that I have a contract to do, just things that I want to see done.
Most of it, probably all of it, will end up as public domain code.
I would do it myself, but 1) I am too busy, and 2) I am not really a 
good programmer.  I am willing to pay for time, but I can't
promise wages competitive with a commercial contract.

This stuff won't make anyone rich, but it will give someone a piece of
code you can put on your resume and may do some good for the world.

First I am looking for a simple MS-DOS file encrypter.  Something that
works off the command line and uses a few different algorithms.
Given that all of the algorithms are already in public domain C, I can't
believe this will take all that long.

After that I have an algorithm from Japan that I'd like to see coded up
in C.  Then an algorithm from South Africa.  Then some stuff on stream
ciphers.  And so on.

If anyone is interested, please give me some idea of what you would
consider a fair hourly rate.  And a telephone number, so I can call
and talk with you.

Bruce

**************************************************************************
* Bruce Schneier
* Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
* schneier at chinet.com
**************************************************************************




From frissell at panix.com  Fri Jul  1 10:18:53 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 10:18:53 PDT
Subject: Detweiler clone at WS
In-Reply-To: <940701.070436.2K1.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <Pine.3.87.9407011343.A11973-0100000@panix.com>




On Fri, 1 Jul 1994, Roy M. Silvernail wrote:

> Until some case law comes about that recognizes this, It Just Ain't So.
> Right now, electronic publishing isn't recognized by the courts as
> publishing (because we don't kill trees, I suppose).
> - -- 
> Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

I know the courts have never ruled in a case in point but is there any 
doubt that BBS are publications.  They are in text for the most part.  
They resemble the "Broadsides" that were a big part of public discourse 
in 1789 in the Confederacy (The US under the Articles of Confederation).

What are they, chopped liver?

DCF






From smb at research.att.com  Fri Jul  1 10:20:10 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 1 Jul 94 10:20:10 PDT
Subject: What motivates crypto-folk?
Message-ID: <9407011719.AA05432@toad.com>


Being a self-proclaimed left-winger, I do feel compelled to add one
or two random notes.  Much (though of course not all) of the Left
is strongly civil libertarian.  Such folks (including, of course, me)
tend to be strongly opposed to things like Clipper.


			--Steve Bellovin





From frissell at panix.com  Fri Jul  1 10:27:48 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 10:27:48 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <9407011303.AA16253@snark.imsi.com>
Message-ID: <Pine.3.87.9407011344.A15239-0100000@panix.com>




On Fri, 1 Jul 1994, Perry E. Metzger wrote:

> The ninth amendment, and the derived "right to privacy" ideas that
> culminated in Roe v. Wade, could also be invoked.
> 
> .pm
> 

Additionally, since properly executed crypto can only be breached by the 
application of torture to the key holder, The VIIIth Amendment's 
prohibition of cruel and unusual punishment may apply.

DCF

"Not to mention the IInd Amendment RKBA and in the case of the Digital 
Telephony Initiative the IIIrd Amenment's prohibition on quartering 
troops in private homes."






From rfb at lehman.com  Fri Jul  1 10:44:18 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Fri, 1 Jul 94 10:44:18 PDT
Subject: (FWD) WHAT MOTIVATES CRYP
In-Reply-To: <9407010725.AA10158@anchor.ho.att.com>
Message-ID: <9407011109.AA16236@fnord.lehman.com>


    Date: Fri, 1 Jul 94 03:25:15 EDT
    From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204)
    
    Some of the peace movement folks I've hung around with over the
    years were part of the "Resist paying taxes because they pay for
    the War Department" movement, with various methods of not paying
    ranging from public refusal to working in the underground economy
    to making less money.

Yup.  There's also at least one couple who have been resisting
taxation for several decades using the only fully `legal' method --
they give away, in a deductible manner, any money that would put them
above the `poverty line'.  Of course, this method makes it more
difficult to play with computerized crypto :-)

BTW, has the LP made any `official' statements on any of the legal
issues relating to crypto?  If Howard Stearns is elected, will NYC pot
holes be filled with Clipper chips?  (BTW, isn't the LP
anti-death-penalty, unlike their NY gubernatorial candidate?)

			Rick





From Eric_Weaver at avtc.sel.sony.com  Fri Jul  1 10:49:32 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 1 Jul 94 10:49:32 PDT
Subject: What motivates crypto-folk?
In-Reply-To: <199407011643.JAA27139@netcom4.netcom.com>
Message-ID: <9407011749.AA07862@sosfc.avtc.sel.sony.com>


Apologies, all, for spewing what was supposed to be a personal reply
to the list.  Political flames to me alone, please.  I'll ignore them.






From adam at bwh.harvard.edu  Fri Jul  1 10:49:41 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 1 Jul 94 10:49:41 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <Pine.3.87.9407011344.A15239-0100000@panix.com>
Message-ID: <199407011746.NAA13073@duke.bwh.harvard.edu>


DCF wrote:

| Additionally, since properly executed crypto can only be breached by the 
| application of torture to the key holder, The VIIIth Amendment's 
| prohibition of cruel and unusual punishment may apply.

There are a number of good ways to breach modern cryptography without
torture.  They include:

Van Eck (Tempest) monitoring.
Sodium pentathol & its more modern cousins.
Bribery.
Blackmail.


Adam

-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From Eric_Weaver at avtc.sel.sony.com  Fri Jul  1 10:50:20 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 1 Jul 94 10:50:20 PDT
Subject: What motivates crypto-folk?
In-Reply-To: <199407011643.JAA27139@netcom4.netcom.com>
Message-ID: <9407011748.AA07853@sosfc.avtc.sel.sony.com>


   X-Btw: sony.com is also sonygate.sony.com
   From: tcmay at netcom.com (Timothy C. May)
   Date: Fri, 1 Jul 1994 09:43:48 -0700 (PDT)

	[...]

   But I mostly agree with everything Mats has said. Leftists should take
   heart that crypto anarchy also reduces the power of corporations (many
   of whom climb into bed with government the first chance they get to
   suppress competition, get favorable laws and patents, etc. As
   Mussolini said, "Fascism *is* corporatism.")

Now where have I heard that?    ;-}

   Many leftists I know claim to be anti-capitalist, naturally. But they
   are often deeply market-oriented, participating in "farmer's markets"
   with zeal. To libertarians, of course, this *is* capitalism! (Read
   Karl Hess' "Capitalism for Kids" for an easy treatment of this. Lots
   of other libertarian books, too.)

Sigh!  Tell me, do you subscribe to Bill Bradford's rag "Liberty" too?
I can never throw away "Lassiez Faire Books" catalogs, even though
they have a pathological worship for Nathan Blumenthal...





From ravage at bga.com  Fri Jul  1 10:51:27 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 1 Jul 94 10:51:27 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <Pine.3.87.9407011344.A15239-0100000@panix.com>
Message-ID: <199407011751.MAA20268@zoom.bga.com>


> 
> Additionally, since properly executed crypto can only be breached by the 
> application of torture to the key holder, The VIIIth Amendment's 
> prohibition of cruel and unusual punishment may apply.
>
How can sitting in jail cell under contempt of court charge for undetermined
periods be considered cruel or unusual punishment? Would seem to me that if
a person refuses to comply and reveal their keys they should expect some
form of legal retribution.

If a person were to sit there long enough I am shure they would crack if
for no other reason than family pressure and the sure realization that 
their homes and other possessions will be repossessed or otherwise lost.






From sandfort at crl.com  Fri Jul  1 11:04:13 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 1 Jul 94 11:04:13 PDT
Subject: ANI 800 number
In-Reply-To: <199407011546.IAA03634@sleepy.retix.com>
Message-ID: <Pine.3.87.9407011052.A15793-0100000@crl2.crl.com>


C'punks,

On Fri, 1 Jul 1994, joshua geller wrote:

> . . .
> >   >> No, but you can use AT&T's test number - 1073214049889664
> 
> >   >Too bad it doesn't work from Canada :(
> 
> >   Doesn't seem to work for me in Cleveland, either.  Maybe you have to have
> >   AT&T long distance for it to work.
> 
> it doesn't work from LA and I do have AT&T long distance.

Worked for me from San Francisco (San Rafael, actually).  Interestingly, 
it gave me my phone number, including area code, plus the number "8" 
following the rest of the number.  Anyone know why?


 S a n d y








From ravage at bga.com  Fri Jul  1 11:15:45 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 1 Jul 94 11:15:45 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <199407011746.NAA13073@duke.bwh.harvard.edu>
Message-ID: <199407011815.NAA21951@zoom.bga.com>


> 
> There are a number of good ways to breach modern cryptography without
> torture.  They include:
> 
> Van Eck (Tempest) monitoring.
> Sodium pentathol & its more modern cousins.
>
I believe this is considered torture in the US.

Bribery.
> Blackmail.
>
Both of these are great but any evidence is inadmissable in court and 
therefore of no use to a prosecutor.
> -- 
> Adam Shostack 				       adam at bwh.harvard.edu





From werner at mc.ab.com  Fri Jul  1 11:23:48 1994
From: werner at mc.ab.com (tim werner)
Date: Fri, 1 Jul 94 11:23:48 PDT
Subject: (FWD) WHAT MOTIVATES FORWARDERS?
In-Reply-To: <199407011603.RAA15896@an-teallach.com>
Message-ID: <199407011823.OAA11419@sparcserver.mc.ab.com>


>Date: Fri, 1 Jul 1994 17:03:17 +0100
>From: gtoal at an-teallach.com (Graham Toal)
>
> Well, I for one like to see forwarded stuff.  I have no desire to chase 
> down likely references.  Maybe I'm lazy for letting others filter stuff 
> for me, or maybe you're lazy for not hitting "D".  Quien sabe?
>
>Really, it's a question of degree and obscurity.  A forward a day isn't
>too bad, a dozen a day is, especially if they're 600 lines of EFF press
>release which we see *everywhere*. 

I second that.  I'm already subscribed to the eff newsletter, and it's
irritating enough to have to see it in comp.org.eff.talk.  

tw





From rishab at dxm.ernet.in  Fri Jul  1 11:28:40 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 1 Jul 94 11:28:40 PDT
Subject: What motivates Crypto-folk?
Message-ID: <gate.DVFToc1w165w@dxm.ernet.in>


sandfort at crl.com:
> > Thanks for your thoughtful comments.  However the message was 
> > not by me but by Sherry May <scmay at rschp2.anu.edu.au>.
> 
> Sherry May, Tim's EVIL TWIN?  (Or is it the other way 'round?)

Sherry Mayo, not May -- <scmayo at ....>

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Fri Jul  1 11:29:54 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 1 Jul 94 11:29:54 PDT
Subject: USACM
Message-ID: <gate.sDHToc1w165w@dxm.ernet.in>


sommerfeld at orchard.medford.ma.us (Bill Sommerfeld):
> Who is the USACM?  How big is it, who can join, and who has?

I thought it was pretty clear that the USACM is the US Public Policy committee
of the Association for Computing Machinery. This would suggest a branch of the
ACM, which as you know is rather large. 

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Fri Jul  1 11:29:55 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 1 Jul 94 11:29:55 PDT
Subject: Pedophiles everywhere!!!
Message-ID: <gate.ekgToc1w165w@dxm.ernet.in>


"Perry E. Metzger" <perry at imsi.com>:
> > The drumbeat against all those anonymous pedophiles continues....
> > _Wall Street Journal_, 6/30/94
> > PERSONAL TECHNOLOGY by Walter S. Mossberg
> > "Keeping Your Kids Away From Creeps As They Play Online"
> 
> They aren't the only ones talking about it. I've seen three articles
> about this in the past week.

Even the Clipper article in the Economist, who should know better, that 
appeared a few weeks ago talked about pedophiles abounding in a Clipper-less 
world...

I think the pedophilic possibilities of the Internet capture the imaginations
of the media -- their deepest desires, perhaps.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Fri Jul  1 11:30:56 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 1 Jul 94 11:30:56 PDT
Subject: WHAT MOTIVATES FORWARDERS?
Message-ID: <gate.LwgToc1w165w@dxm.ernet.in>


perobich at ingr.com:
> IMHO a more serious and prevalent problem is the onslaught of spam
> whenever EFF, CPSR, EPIC, NSA, or EIEIO issue press releases even
> tangentially related to crypto. Not only do I usually get a copy in my
> main inbox (since my filter doesn't catch it because it's not via

I had cribbed about this a while ago, after I received 6 copies of an EFF
release. I suggested that we agree on individuals responsible to forward
posts from different sources. IAC the major ones - EFF, EPIC, CPSR... seem 
to have cypherpunks at toad.com on _their_ lists, and many of us subscribe to 
them independently.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From jamiel at sybase.com  Fri Jul  1 11:40:43 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 1 Jul 94 11:40:43 PDT
Subject: What motivates crypto-folk?
Message-ID: <9407011839.AA24761@ralph.sybgate.sybase.com>


At  1:28 PM 07/01/94 +0200, Mats Bergstrom wrote:

>anarchy. And I don't think any ultra left-wingers are lurking on
>cypherpunks. That epithet should be saved for people believing in

Depends on what you call ultra-left. You have a very serious socialist
here... I don't advertise it much becuase too many libertarian
types spam me trying to tell me why I'm wrong. Maybe I am the only
one that gets tired of those arguments...

[tame but promising aproach to social welfare deleted]

>But such a pinko-green approach to privacy does not, and should
>not in my humble opinion, have to extend to public funding of
>education, libraries, minorities, arts, infobahns or other soft
>issues. And it gives no one a right to pry into my software
>collection or drug cabinet.

Well, you were doing well for a while...:) And this pinko agrees
110% with the last statement.

My own personal opinion is that waiting for governments to collapse
due to crypto and tech is gonna have you waiting a long, long time.
I prefer doing something with the tools at hand to dreaming. And the
government isn't all bad, as is; just mostly bad. Heck, let me be
so optimistic as to say maybe even fixable, at least to what I want
to see.

>Mats Bergstrom

Jamie "Is a Mayist Like a Janist?" Lawrence

--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From pstemari at bismark.cbis.com  Fri Jul  1 11:53:31 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Fri, 1 Jul 94 11:53:31 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <199407011815.NAA21951@zoom.bga.com>
Message-ID: <9407011852.AA28309@focis.sda.cbis.COM>


Jim choate <ravage at bga.com>:

> Both of these are great but any evidence is inadmissable in court and 
> therefore of no use to a prosecutor.

"Your honor, we would like a (search warrant)(wiretap order)(arrest
warrant) for XXX based on the following information we received from a
confidential informant."





From bryner at atlas.chem.utah.edu  Fri Jul  1 11:54:19 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Fri, 1 Jul 94 11:54:19 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <Pine.3.87.9407011344.A15239-0100000@panix.com>
Message-ID: <Pine.3.89.9407011206.A25977-0100000@atlas.chem.utah.edu>


On Fri, 1 Jul 1994, Duncan Frissell wrote:
> Additionally, since properly executed crypto can only be breached by the 
> application of torture to the key holder, The VIIIth Amendment's 
> prohibition of cruel and unusual punishment may apply.
This is not even slightly true.  They can say that if you don't show them 
your tax status, they sieze everyting you have.  This would require some 
random key.  This dosn't involve tourture, just tax.

Roger.






From grendel at netaxs.com  Fri Jul  1 12:32:39 1994
From: grendel at netaxs.com (Michael Handler)
Date: Fri, 1 Jul 94 12:32:39 PDT
Subject: Detweiler clone at WSJ
In-Reply-To: <9407011202.AA16143@snark.imsi.com>
Message-ID: <Pine.3.89.9407011531.A4783-0100000@unix1.netaxs.com>


On Fri, 1 Jul 1994, Perry E. Metzger wrote:

> Brad Dolan says:
> > 
> > The drumbeat against all those anonymous pedophiles continues....
> > _Wall Street Journal_, 6/30/94
> > PERSONAL TECHNOLOGY by Walter S. Mossberg
> > "Keeping Your Kids Away From Creeps As They Play Online"
> 
> They aren't the only ones talking about it. I've seen three articles
> about this in the past week.

	As somebody else has said, this seems to be the Clinton 
Administration's main focus of attack now. Since pedophiles/child abuse 
is such a hot-button issue, they're harping on it quite strongly. I'm 
almost tempted to try and get an anonymous survey started, to see if we 
can debunk this...

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule






From frissell at panix.com  Fri Jul  1 12:33:34 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 12:33:34 PDT
Subject: Illegal Acts & Crypto
Message-ID: <199407011931.AA15203@panix.com>


The dumbest question of all:

"But if you aren't doing anything illegal, why do you need crypto? (or 
have to worry about stop-and-frisk, or need legal due process 
protections.)  Only lawbreakers have to worry if their privacy is 
violated."

Great thought.  Now tell me what will be illegal in 40 years in all the 
jurisdictions in which I will live.  In addition, tell me what 
(legal) behaviors or characteristics of mine will nonetheless cause me to 
lose social approbation//jobs//friends//etc in all of the societies in 
which I will live.

Statistics say I've got 40 years left.  Forty years ago, smoking was a 
virtue and sodomy a vice.  Twenty-five years ago, money laundering was as 
legal as church on a Sunday and every bank in America offered defacto 
secret bank accounts.  Given the speed with which things are changing, in 
twenty-five more years, participating on a crypto mailing list like this 
could be punished by the death penalty under the Krypto Kingpins Kontrol 
Act of 2005.  Or if things go another way, advocates of government key 
escrow systems could be subject to outlawry and instant public "vector 
control measures" if they accidentally wander onto the land of the wrong 
proprietary community.  You never know.

In the last 200 years of human history, people have been killed at one 
time or another in one place or another simply because they had any human 
characteristic you could name or indulged in any human behavior.  You name 
the characteristic or behavior and I bet I can name the time when people 
somewhere were died because of it.

Giving up your privacy is too great a risk.  What do you gain.

Besides, if we are all equal then the rulers are equal to us and we don't 
have to give up our autonomy to them.

DCF
--- WinQwk 2.0b#1165         





From frissell at panix.com  Fri Jul  1 12:41:00 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 1 Jul 94 12:41:00 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <Pine.3.89.9407011206.A25977-0100000@atlas.chem.utah.edu>
Message-ID: <Pine.3.87.9407011534.A15211-0100000@panix.com>




On Fri, 1 Jul 1994, Roger Bryner wrote:

> This is not even slightly true.  They can say that if you don't show them 
> your tax status, they sieze everyting you have.  This would require some 
> random key.  This dosn't involve tourture, just tax.
> 
> Roger.
> 

However, strong crypto can protect "everything you have" or at least cash 
and securities behind unbreachable walls.  Likewise it can protect 
ownership structures so that you can even control physical assets without 
governments being able to sieze them.

DCF






From tcmay at netcom.com  Fri Jul  1 12:42:26 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 12:42:26 PDT
Subject: What motivates crypto-folk?
In-Reply-To: <9407011839.AA24761@ralph.sybgate.sybase.com>
Message-ID: <199407011938.MAA24868@netcom13.netcom.com>


Jamie Lawrence wrote:

> Depends on what you call ultra-left. You have a very serious socialist
> here... I don't advertise it much becuase too many libertarian
> types spam me trying to tell me why I'm wrong. Maybe I am the only
> one that gets tired of those arguments...

I'm also tired of them, and I don't spam folks who are liberals or
leftists. I've generally found that people's political views are
formed when they are of college age, and rarely change significantly
after that. Not sure why this is so, but I think it is.

> My own personal opinion is that waiting for governments to collapse
> due to crypto and tech is gonna have you waiting a long, long time.
> I prefer doing something with the tools at hand to dreaming. And the

Just to be clear about this, in no way, shape or form am I just
"waiting for governments to collapse."

I'll make the charitable assumption that "I prefer doing something with
the tools at hand to dreaming" is not an insinuation that we
libertarians or crypto anarchists are idle dreamers.


> Jamie "Is a Mayist Like a Janist?" Lawrence

The Jains eschew eating living things, while the Mayists *only* eat
freshly-killed meat. But you knew that.


--Klaus! von Future Prime


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From grendel at netaxs.com  Fri Jul  1 12:45:31 1994
From: grendel at netaxs.com (Michael Handler)
Date: Fri, 1 Jul 94 12:45:31 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <199407011815.NAA21951@zoom.bga.com>
Message-ID: <Pine.3.89.9407011532.A929-0100000@unix2.netaxs.com>


On Fri, 1 Jul 1994, Jim choate wrote:

> > There are a number of good ways to breach modern cryptography without
> > torture.  They include:
> > 
> > Van Eck (Tempest) monitoring.
> > Sodium pentathol & its more modern cousins.
> >
> I believe this is considered torture in the US.
> 
> > Bribery.
> > Blackmail.
>
> Both of these are great but any evidence is inadmissable in court and 
> therefore of no use to a prosecutor.

	Do you think the NSA cares either about the majority of US laws 
or the admissibility of evidence? If they want your key badly enough, 
they will get it, and in all probability will have no compunctions 
against any of those methods.

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule






From sandfort at crl.com  Fri Jul  1 12:59:51 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 1 Jul 94 12:59:51 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <9407011852.AA28309@focis.sda.cbis.COM>
Message-ID: <Pine.3.87.9407011242.A17684-0100000@crl.crl.com>


C'punks,

Let's keep our eyes on the prize.  Courts will do what courts will do.  
Maybe someone will shoot us up with sodium pentathal, maybe not.  The 
real point of Cypherpunks is that it's better to use strong crypto than 
weak crypto or no crypto at all.  Our use of crypto doesn't have to be 
totally bullet proof to be of value.  Let *them* worry about the 
technicalities while we make sure they have to work harder and pay more 
for our encrypted info than they would if it were in plaintext.


 S a n d y








From dave at marvin.jta.edd.ca.gov  Fri Jul  1 13:30:00 1994
From: dave at marvin.jta.edd.ca.gov (Dave Otto)
Date: Fri, 1 Jul 94 13:30:00 PDT
Subject: What motivates crypto-folk?
In-Reply-To: <199407011938.MAA24868@netcom13.netcom.com>
Message-ID: <9407012028.AA28690@marvin.jta.edd.ca.gov>


on Fri, 01 Jul 1994 12:38:40 -0700 (PDT)  tcmay at netcom.com wrote:
> I'm also tired of them, and I don't spam folks who are liberals or
> leftists. I've generally found that people's political views are
> formed when they are of college age, and rarely change significantly
> after that. Not sure why this is so, but I think it is.

I'd like to think that MY political beliefs have changed significantly since
"college age."  Although it is possibly true that it takes a major change in
your life to change your politics.  My views shifted sharply right with
the birth of my first kid.  They shifted (up? sideways?) towards
Libertarianism several years ago when government interference caused me to
become unemployed.  That trend continues the longer I spend on the net.
It really *IS* the only answer :-)


       Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org
   "Pay no attention to the man behind the curtain!"     [the Great Oz]
          finger DaveOtto at ACM.org for PGP 2.6 key  <0x3300e841>
     fingerprint =  78 71 3A 5B FD 8A 9A F1  8F BC E8 6A C7 BD A4 DD





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Fri Jul  1 13:30:33 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Fri, 1 Jul 94 13:30:33 PDT
Subject: Clipper "voluntary" like taxes are?
Message-ID: <773094093/vac@FURMINT.NECTAR.CS.CMU.EDU>



On the front page of the 6/29/94 WSJ there is mention of the fact that the
IRS chief refers to the US tax system as "voluntary".  I had heard this
"voluntary" before.  So at about 3:20 today I called the IRS at
1-800-tax-1040 to ask if this was correct.  After about 40 minutes on hold
(fortunately I have a computer to keep me busy) I got someone.  They said
that, yes, the US does have a "voluntary compliance" tax system.  They
said that I could find the tax codes saying this in the local library.  I
tried to pin down why they used the word "voluntary".  After asking a
couple questions I said, "but if we don't comply there are penalties,
right?", they said yes, then I said, "so why is it voluntary?" and they
hung up on me.

Since this same government says that Clipper is "voluntary" I am worried
that they mean some new Orwellian definition of "voluntary" and not the old
fashioned "voluntary" many of us might have assumed.  Voluntary used to
mean things like "without legal obligation" and such (see below).  

Get a copy of PGP while you can,

  -- Vince


Word         voluntary (VAHL'uhn-ter'ee)  adj.
Definition   --adj.  1. a. Arising from one's own free will.  b. Acting on
             one's own initiative.  2. Acting or serving in a specified
             capacity willingly and without constraint or guarantee of reward.
             3. Normally controlled by or subject to individual volition.  4.
             Capable of exercising will; volitional.  5. Proceeding from
             impulse; spontaneous.  6. Law.  a. Acting or performed without
             external persuasion or compulsion.  b. Without legal obligation,
             payment, or valuable consideration: a voluntary conveyance.  c.
             Not accidental; intentional: voluntary manslaughter.  --n., pl. -
             ies.  1. Mus. Solo organ music, occasionally improvised, that is
             played usually before and sometimes during or after a church
             service.  2. A volunteer.
             voluntarily (-taruh-lee) --adv.
             voluntariness --n.
Etymology    ME < Lat. voluntarius < voluntas, choice < velle, to wish.
Domain       Literature, Rhetoric, Philosophy, Law, Music
Synonyms     voluntary, intentional, deliberate, willful, willing, spontaneous.
             These adjectives mean unforced. Voluntary is applied in several
             related senses to what is done by choice, to physical movement
             subject to regulation by the will, and less often to action that
             is not only of one's choice but premeditated. The last-named
             sense is more basic to intentional and deliberate; in addition,
             deliberate stresses the idea of action taken with full awareness
             of the consequences. Willful can mean merely in accordance with
             one's will but often implies headstrong persistence in a self-
             determined course of action. Willing suggests acceding to a
             course proposed by another, without reluctance or even eagerly.
             Spontaneous refers to behavior that seems wholly unpremeditated,
             a natural response and a true reflection of one's feelings.







From tcmay at netcom.com  Fri Jul  1 13:37:12 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 13:37:12 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <199407011746.NAA13073@duke.bwh.harvard.edu>
Message-ID: <199407012037.NAA17138@netcom11.netcom.com>



> There are a number of good ways to breach modern cryptography without
> torture.  They include:
> 
> Van Eck (Tempest) monitoring.
> Sodium pentathol & its more modern cousins.
> Bribery.
> Blackmail.


> Adam Shostack 				       adam at bwh.harvard.edu

Much more likely:

* Diskettes left lying around. Secret keys on home computers.

* Incompletely erased files. (Norton Utilities can recover erased
files; mil-grade multiple-pass erasure may be needed.)


A simple search warrant executed on your premises will usually crack
open all your crypto secrets. (Fixes to this are left as an exercise.)

Where to store one's secret key is an issue that makes academic the
issue of whether one's key can be compelled. A diskette stored at
one's home, in one's briefcase, etc., can be gotten. A pendant or
dongle or whatever that stores the key can also be gotten. The
passphrase (8-12 characters, typically) is secure, but not the key.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From andy at autodesk.com  Fri Jul  1 14:01:09 1994
From: andy at autodesk.com (Andrew Purshottam)
Date: Fri, 1 Jul 94 14:01:09 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <199407012037.NAA17138@netcom11.netcom.com>
Message-ID: <199407012057.NAA24090@meefun.autodesk.com>


Excuse my ignorance of PGP, I am fairly new to using it, and thinking about
its operation and source code. Is not your secret key stored encoded by
the pass phrase, so that if the pass phrase is in your head, the secret
key on disk is useless to an attacker? Of course, while PGP is running,
after you have entered the pass phrase, the secret key is available within 
your machine, and could be stolen, and if your OS leaves pagefiles etc
arounnd, might even be taken after you shut down PGP.

Or am I missing something? Thanks, Andy





From blancw at microsoft.com  Fri Jul  1 14:17:04 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 1 Jul 94 14:17:04 PDT
Subject: Illegal Acts & Crypto
Message-ID: <9407012018.AA06258@netmail2.microsoft.com>


Some collected thoughts & misc. impressions:

Images of the psychology of crypto-users:
.  scurrying around like rats, hiding in the dark from regular 
interactions (regular = unconcerned)
.  fear of being onesself in the light, lacking courage
.  having a view of life which is not trusting, but suspicious and cynical
.  not identifying with the group, therefore keeping things from them, 
something akin to hoarding & not sharing (closed to the other members 
of the society, rather than open)
.  not necessarily "officially"  illegal, but generally not  really  
"one of us", as in hypocritical -  "with us, but not *of* us"

i.e., an individual, having separated themselves from the group from 
the use of an individuating tool/mechanism.

Encrypted Info (Positive):
.  being particular & specific, exclusive ("for your eyes only")
.  channelling the sent info to arrive at the intended destination only
.  limited to those involved, rather than diffused throughout to others 
for whom it is meaningless or without value; relevancy
.  the info being the product of one's Own (mind, purpose), therefore 
also being the prerogative of one's own judgement to determine its 
dissemination

Encrypted Info (Negative):
.  fear that it *will* involve others, having a negative, destructive 
potential to harm innocents
.  fear of not being able to control the developments from these and 
from its larger counterpart, organized "crime"
.  trying to beat them to the punch instead of having to deal with the 
after-effects
.  inadequacy of preparations for dealing with the element of surprise 
in cases of destructive, harmful influences:

Consequential Circumstance:
.  insufficient self-reliance, having to wait for the cavalry to come 
over the hill to save oneself.
.  having to maintain a relationship with the saviours (the managers & 
real owners of the general welfare) which maintains the individual in a 
dependent, subordinate, infantile state

Blanc





From jamiel at sybase.com  Fri Jul  1 14:23:44 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 1 Jul 94 14:23:44 PDT
Subject: (Fwd) What motivates Cryp
Message-ID: <9407011840.AB24761@ralph.sybgate.sybase.com>


At  7:55 AM 07/01/94 -0400, Duncan Frissell wrote:

>J >Similarly my motivations for 
>J >using cryptography come simply from a desire for privacy from 
>J >Govt. and other snooping but NOT  from the 'cyber-survivalist' 
>J >inclinations that seem to motivate some in  the US at least. 
>
>Distinguish "desire for privacy from Govt." and "'cyber-survivalist' 
>inclinations" -- seems like the identical motive.  It *is* government that 
>digital volunteerists (a friendlier term) seek privacy from.

The same as "desire for safety from thugs" and "NRA-Nut".
I don't subscribe to the theory that I need to have a gun
to keep myself safe, and I am antigun, but such as the US
is now, I can see myself buying one under some ocnditions
and being first in line to hand it over when they are
finally outlawed. But I don't need a flak jacket, grenades,
a bullet prrof car, etc. 

I may need crypto to keep my privacy, even though I believe
in theory that it shouldn't be nessessary, but I don't need
all the other bullshit (sorry if I'm stepping on anyone)
'cyber-survivalist' indicates.



-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>







From ravage at bga.com  Fri Jul  1 14:24:25 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 1 Jul 94 14:24:25 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <Pine.3.89.9407011532.A929-0100000@unix2.netaxs.com>
Message-ID: <199407012124.QAA04164@zoom.bga.com>


> 
> 	Do you think the NSA cares either about the majority of US laws 
> or the admissibility of evidence? If they want your key badly enough, 
> they will get it, and in all probability will have no compunctions 
> against any of those methods.
> 
> --------------------------------------------------------------------------
> Michael Brandt Handler                                <grendel at netaxs.com> 

True, but then again the NSA does not have a history of using torture and
violence againsta US citizens. They may be implicit in the sicking of other
more rabidly violent agents but violence is not in their best interest.

I am more worried about the local police department, state law agencies, and
traditional federal law enforcement. These are the folks who spend the majority
of their funding spending time watching individuals and their behaviour on a
regular basis. I really doubt the NSA is able to monitor single individuals
for long terms (the Puzzle Palace makes several references to their asking
other agencies for assisstance when this was needed because they didn't have
the resources). I don't think this historical pattern is broken at this 
point.






From sandfort at crl.com  Fri Jul  1 14:30:37 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 1 Jul 94 14:30:37 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <Pine.3.89.9407011532.A929-0100000@unix2.netaxs.com>
Message-ID: <Pine.3.87.9407011310.A21482-0100000@crl.crl.com>


C'punks,

On Fri, 1 Jul 1994, Michael Handler wrote:

> . . . Do you think the NSA cares either about the majority of US laws 
> or the admissibility of evidence? 

Actually, yes, for two reasons:  First, they cannot overtly break the 
law.  Other groups of thugs such as the FBI, the justice system, etc. 
will take umbridge if their turf is invaded.  Second, though the NSA must 
have its share of evil people, they must also have their share of decent 
folks.  Decent folks would include whistleblowers who could blow the 
cover of the NSA's bad folks.  Hell, they might even use strong crypto 
routed through anonymous remailers!

> If they want your key badly enough, 
                        ^^^^^^^^^^^^ 
> they will get it, and in all probability will have no compunctions 
> against any of those methods.

All actions have costs.  How badly do they have to want it to risk 
exposure to public/legal scrutiny?  Even if they want it that much, must 
we assume they have no compunctions?  Calm down.  If the world were as 
lopsided as some of us seem to think, we would all be in jail or in the 
ground.  Perceptions of powerlessness result in paralysis.  Don't let the 
boogyman keep you from writing code.


 S a n d y









From cme at tis.com  Fri Jul  1 14:44:50 1994
From: cme at tis.com (Carl Ellison)
Date: Fri, 1 Jul 94 14:44:50 PDT
Subject: Illegal Acts & Crypto
In-Reply-To: <199407011931.AA15203@panix.com>
Message-ID: <9407012144.AA03204@tis.com>



>The dumbest question of all:
>
>"But if you aren't doing anything illegal, why do you need crypto? (or 
>have to worry about stop-and-frisk, or need legal due process 
>protections.)  Only lawbreakers have to worry if their privacy is 
>violated."

Not that I think Government Is Our Friend (tm), but all this talk about
needing privacy to protect us from the government is missing the biggest
point.

We need privacy from criminals.

We need to keep keys private, even from the government, because:
1.	sometimes the criminals are *in* the government
2.	a key database is too easy for a criminal organization to get to






From roy at sendai.cybrspc.mn.org  Fri Jul  1 15:03:05 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 1 Jul 94 15:03:05 PDT
Subject: Detweiler clone at WS
In-Reply-To: <Pine.3.87.9407011343.A11973-0100000@panix.com>
Message-ID: <940701.155307.4J7.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

Quoth frissell at panix.com (Duncan Frissell), in list.cypherpunks:

> On Fri, 1 Jul 1994, Roy M. Silvernail wrote:
> 
>> Until some case law comes about that recognizes this, It Just Ain't So.
>> Right now, electronic publishing isn't recognized by the courts as
>> publishing (because we don't kill trees, I suppose).
>> - -- 
>> Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org
> 
> I know the courts have never ruled in a case in point but is there any 
> doubt that BBS are publications.

- From the court's point of view, there was.  Another message on the list
mentions a favorable decision Tuesday that will help to set some good
precedent.  Up until then, BBS' were't recognized _legally_ as publishers.

> What are they, chopped liver?

In case you missed it, I never said I agreed with this point... only
tried to put some quasi-legal light on it.  I think legal recognition is
way overdue.
- -- 
    Roy M. Silvernail       |  #include <stdio.h>            | PGP 2.3 public
roy at sendai.cybrspc.mn.org   |  main(){                       | key available
                            |  int x=486;                    | upon request
                            |  printf("Just my '%d.\n",x);}  | (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhSDDhvikii9febJAQGMYQQAjxpnUlu5mnDxHBcqCCeiu7XhIIw3lhYG
Ecc25u1wuXDqwXK8XPaWbbJYOK9FBEHz8jffLmWNK5CcG1oCO7HzM5rx244kDIYi
/My/79Zrgmcl/D/ZzEntyDF+s74XFe+AiQxowlXcrdzslChf0NTJxnk6MqR7EkuT
4Ix5b0WFS8g=
=awDm
-----END PGP SIGNATURE-----






From rah at shipwright.com  Fri Jul  1 15:03:43 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 1 Jul 94 15:03:43 PDT
Subject: What motivates crypto-folk?
Message-ID: <199407012203.SAA07813@zork.tiac.net>


At 11:45 AM 7/1/94 -0800, Jamie Lawrence wrote:

>My own personal opinion is that waiting for governments to collapse
>due to crypto and tech is gonna have you waiting a long, long time.

God. What I do when the brain's offline.  I'm looking at my wife's copy of
this month's Harvard magazine, which is about, of all things, trees.  It
seems that
the american chestnut used to be a great big tree. Remember the doggerel
about the spreading chestnut tree and the smithy?  Anyway, at the turn of
the century an imported fungal disease killed all the chestnut trees to the
ground.  Someone in the article is quoted as saying "...chestnuts are
continuing to sprout from the base and the tree is in the process of
becoming a shrub."

This apt metaphor is what I expect will happen to large organizations as a
result of hyperdistributed (ubiquitous) computer networks and strong
crypto.  Of course, like the "expectation" that extraterrestrial life
exists in the universe, it might as well be a religious tenent until we
actually see it happen. Having political discussions like this one only
gets us in the mood to make it happen if it's possible, but it certainly
don't make it so.

I don't think I could call myself a crypto-anarchist, even after that
somewhat hardline paragraph.  I call myself a "congenital republican".
That's inconsistent enough to keep my friends and family happy, and myself
gainfully employed.  What I realy think is my own business.

As usual, Tim is right.  This really isn't crypto.  It's just "about" crypto.

>Jamie "Is a Mayist Like a Janist?" Lawrence
>
>--
>"Blah Blah Blah"
>___________________________________________________________________
>Jamie Lawrence                                  <jamiel at sybase.com>

Bob "I ain't no Jainist, I just ate bugs(fleas?) for lunch" Hettinga ;-).






-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From jamiel at sybase.com  Fri Jul  1 15:12:35 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 1 Jul 94 15:12:35 PDT
Subject: What motivates crypto-folk?
Message-ID: <9407012005.AA08986@ralph.sybgate.sybase.com>


At 12:38 PM 07/01/94 -0700, Timothy C. May wrote:

>I'm also tired of them, and I don't spam folks who are liberals or
>leftists. I've generally found that people's political views are
>formed when they are of college age, and rarely change significantly
>after that. Not sure why this is so, but I think it is.

So that makes 2 things we agree on... :)

And I think that you are right about college. Mine have taken minor
changes (maybe that's because I haven't ever finished school), like
on crypto for instance (I admit it... used to lean to the anti-side),
but school choice does have greater significance than I think a lot
of people give it credit for.

>Just to be clear about this, in no way, shape or form am I just
>"waiting for governments to collapse."

I wasn't refering to you specifically, Tim. The folk on this
list for (well, the most part) are a lot more active than the
population at large (pat, pat). When I wrote that I was thinking
of this little enclave of folks that used to frequent several lists
that I was on and post enourmous tirades about how then the government
shriveled up and died of it own accord everything was gonna be
great and so on. Gimme a busy anarchist to an couch potato anything
any day...

>I'll make the charitable assumption that "I prefer doing something with
>the tools at hand to dreaming" is not an insinuation that we
>libertarians or crypto anarchists are idle dreamers.

As above, I should have been more careful about the insinuation.
Tim, Didn't know you did charity. ;)

>The Jains eschew eating living things, while the Mayists *only* eat
>freshly-killed meat. But you knew that.

Wow, that makes three things...

>--Klaus! von Future Prime


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>







From jdwilson at gold.chem.hawaii.edu  Fri Jul  1 15:25:23 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Fri, 1 Jul 94 15:25:23 PDT
Subject: My view on Forwardings
In-Reply-To: <199407011702.KAA29030@netcom4.netcom.com>
Message-ID: <Pine.3.07.9407011231.E8939-a100000@gold.chem.hawaii.edu>



This forwarder gets the point and will cease to contribute except as
mentioned earlier (unusual sources, etc.)

-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From tcmay at netcom.com  Fri Jul  1 15:27:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 15:27:37 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <199407012057.NAA24090@meefun.autodesk.com>
Message-ID: <199407012226.PAA01800@netcom7.netcom.com>


> 
> Excuse my ignorance of PGP, I am fairly new to using it, and thinking about
> its operation and source code. Is not your secret key stored encoded by
> the pass phrase, so that if the pass phrase is in your head, the secret
> key on disk is useless to an attacker? Of course, while PGP is running,
> after you have entered the pass phrase, the secret key is available within 
> your machine, and could be stolen, and if your OS leaves pagefiles etc
> arounnd, might even be taken after you shut down PGP.
> 
> Or am I missing something? Thanks, Andy

I haven't seen a formal analysis of the strength of PGP if the secret
key is known but the passphrase is still secure, but from conventional
crypto we would assume that the search space would be greatly reduced.
My passphrase, for example, is 11 characters long. Other folks may use
fewer characters. 

And many people pick passphrases of less total entropy (that is, more
predictable). Fragments of names, phrases, etc.

The number of passphrase guesses that would have to be made depends on
the characters used and the particular characters chose. For example,
if most people use 8 characters chosen from the 26 letters, in one
case, then 26^8 = 2 x 10e11 possibilities. Increasing this to, say, 40
characters and a length of 10 implies 4 x 10e17 possibilities, which
is almost out of reach for brute-force cracking.

(But most passphrases picked by humans have lower entropy than this.)

Speculatively, knowing the passphrase-encrypted secret key may make it
easier to crack RSA; this is just a speculation. It is not yet even
been proven that RSA is a strong as factoring. i.e., we don't know for
sure that the RSA information provided as part of the protocol doesn't
in some way make the problem simpler than straight factoring of the
modulus.

In short, these are reasons to keep your secret key secret. Your
passphrase alone may be insufficient (else why not just dispense with
the secret key and just have a passphrase?).

I haven't checked to see what Schneier or Zimmermann had to say about
this, so maybe they have more information.

--Tim May





-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From bmorris at netcom.com  Fri Jul  1 15:28:12 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Fri, 1 Jul 94 15:28:12 PDT
Subject: WHAT MOTIVATES CRYPTO-FOL
Message-ID: <199407012228.PAA02933@netcom11.netcom.com>


To: cypherpunks at toad.com

MM> There is a way to privacy (through crypto-anarchy) separated
MM> from unrestricited anarcho-capitalism that might be defined as
MM> more to the left (depending on your semantics of course).

Whatever we end up with, and I'm agreed that things are changing very
fast, that government will have to have the support of the people.  No
government lasts long without that.  And I'll end this political thread
now as it's a bit off-topic.

( Sometimes my posts to cypherpunks appear here AND I get a msg back
saying the msg bounced.  Sometimes the entire msg bounces for no
apparent reason.  Does this happen to anyone else? )

 * RM 1.4 B0037 *
                                                                                                  





From lcottrell at popmail.ucsd.edu  Fri Jul  1 15:37:50 1994
From: lcottrell at popmail.ucsd.edu (Lance Cottrell)
Date: Fri, 1 Jul 94 15:37:50 PDT
Subject: Physical storage of key is the weakest link
Message-ID: <199407012234.PAA09853@ucsd.edu>


tcmay at netcom.com tells us:
>Much more likely:
>
>* Diskettes left lying around. Secret keys on home computers.
>
>* Incompletely erased files. (Norton Utilities can recover erased
>files; mil-grade multiple-pass erasure may be needed.)
>
>
>A simple search warrant executed on your premises will usually crack
>open all your crypto secrets. (Fixes to this are left as an exercise.)
>
>Where to store one's secret key is an issue that makes academic the
>issue of whether one's key can be compelled. A diskette stored at
>one's home, in one's briefcase, etc., can be gotten. A pendant or
>dongle or whatever that stores the key can also be gotten. The
>passphrase (8-12 characters, typically) is secure, but not the key.
>
>--Tim May

If your passphrase is good (128+ bits of entropy), then your private key is
as secure as the messages that you send. Although it need be broaken only
once, I see no real danger of IDEA being compromised in the near future.
Given a good passphrase, I would suggest that you want multiple coppies of
your key to prevent loss or accidental destruction. My passphrase is > 30
characters. Fortunately Mac PGP remembers the key during any given session
so typing is kept down a bit.

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







From andy at autodesk.com  Fri Jul  1 15:48:09 1994
From: andy at autodesk.com (Andrew Purshottam)
Date: Fri, 1 Jul 94 15:48:09 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <199407012226.PAA01800@netcom7.netcom.com>
Message-ID: <199407012246.PAA24405@meefun.autodesk.com>


[good discussion of how the pass phrase is more guessable 
 that the secret key deleted ]
>> In short, these are reasons to keep your secret key secret. Your
>> passphrase alone may be insufficient (else why not just dispense with
>> the secret key and just have a passphrase?).

Well, because the secret key is part of a <secret key, public key> pair,
and is thus some un-rememberable number, rather than a hash of something
rememberable.
 





From 0005514706 at mcimail.com  Fri Jul  1 16:07:21 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Fri, 1 Jul 94 16:07:21 PDT
Subject: Politics and crypto
Message-ID: <32940701230523/0005514706NA2EM@mcimail.com>


Cypherpunks:

There seems to be a debate floating through here on how an individual's 
political beliefs may influence their usage of cryptography.

When I was first formulating my personal beliefs regarding politics, it seemed 
that Western democratic nations had created an artificial dichotomy for 
themselves. The political Left had the belief that while you, an individual, 
should have the right to do what you want with your body (free choice, free 
speech, substance use, etc.), they wanted to control what you did with your 
money (social programs, playing field leveling, etc.). The political Right had 
the belief that you should have the right to do what you want with your money 
(free markets, minimal taxation, etc.), but not with your body (right to life, 
war on drugs, etc.). The 'lunatic fringe' opinion, that there was no dichotomy, 
and that you should be able to do what you want with your money/body because 
they are the same thing, was the Libertarian position.

Personally, I feel that a perfect world should be Libertarian. In reality, I 
believe that political systems evolve, and that the supporting infrastructure of
the region in question will dictate the most efficient form of government for it
(I'm sorry, but regions in South and Central America do not have the supporting 
economy to actually afford the luxury of democracy). Politics are a tool for 
control, but as a system, they are subject to the same evolutionary pressures as
organic systems.

Just as lower life forms in simple ecological niches evolve into higher life 
forms in more complex niches, political systems evolve as well. There is a good 
reason why revolutionaries in very poor nations tend to espouse socialist or 
communist rhetoric--those are political systems that can raise the quality of 
life considerably and immediately, a necessity for partisan support. Only once 
there is a strong enough foundation in place can a Nation (not Empire) support 
the freedoms and inefficiencies of a democracy; when the time is right, it will 
happen on its own (witness the collapse of the Soviet Union--the well educated 
population in central, controlling regions decided they wanted a better 
lifestyle). Sadly, this is why many American attempts to foster democratic 
tendencies in satellite nations or in countries in turmoil have failed. It would
be like trying to build a self-sustaining aircraft manufacturing plant in 
primitive Africa. In such a case, it is easy to understand how anomalous this 
is--there is no infrastructure to support the plant, and there is no point in 
having the planes that it would produce. Thus the lack of a political doctrine 
here--it would be inappropriate. Who can tell the proper order of things? Who 
can say that it wasn't a natural occurrence that the USSR brought the region 
from a backward agrarian economy into the industrial age and could go no 
farther? Who can say if the 'top of the food chain' is really a representative 
democracy? Not I. Note that this does not reflect the need, at all levels, for 
basic human rights (Maslow's hierarchy).

Cypherpunks need to view political beliefs as orthogonal to what they doing.  
For propaganda purposes (read 'psychological warfare'), arguments do need to be 
structured along lines that the target audience can understand. When talking to 
the Western Left, push examples that stress the emotional human rights; 
arguments for the Right should be reasoned on an economic basis.  Libertarians 
will understand either. Anarchists will appreciate the 'sand in the gearworks' 
appeal of strong crypto.

As a side note, the Clinton Administration seems to be veering off into 
dangerous territory for citizens of America. They seem to want centralized 
control of both aspects, a person's body *and* money; programs such as 
healthcare, Clipper, national ID cards, national information infrastructures, 
and so forth are all direct yet subtle attacks on such basic freedoms. It 
creates both the motive *and* mechanism for tyrrany.

Michael Wilson
Managing Director, The Nemesis Group
An old hand at political engineering...





From jdwilson at gold.chem.hawaii.edu  Fri Jul  1 16:19:57 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Fri, 1 Jul 94 16:19:57 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
Message-ID: <Pine.3.07.9407011338.A9243-a100000@gold.chem.hawaii.edu>



Once again DDDU has an encryption News Brief re the Standards & clipper,
and Bruce Schneier has an article on Eurocrypt '94 with some highlights
from the same.  As he is on the list (yes?) perhaps he might upload it
here...


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From tcmay at netcom.com  Fri Jul  1 16:32:47 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 16:32:47 PDT
Subject: Beware of keystroke capture tools!
Message-ID: <199407012332.QAA08516@netcom7.netcom.com>


I want to remind folks of another _practical_ security weakness in
using PGP or any other crypto program: keystroke capture utilities.

These are small utilities (inits in Mac terms, perhaps TSRs in DOS
terms, and who knows what in Windoze terms) that record all keyboard
input. Very useful for recovering from crashes and such.

These started in the Unix community, where I've forgotten the name
("history"?). In the Mac community, "Last Resort" has been doing this
for a couple of years, and now several other packages offer similar
capabilities (QuicKeys has "GhostWriter," or somesuch).

Many's the time I've forgotten I had thse things enabled, only to find
in my System Folder a folder marked "Saved Work" or the like,
containing files of all the histories from each rebooting.

The security risks are obvious:

* passphrases (and perhaps even the original key generation process,
in toto) are captured over and over again.

* the stored history files may be tucked away in odd places on one's
disk, on various backup tapes made, and so on. (Easily recoverable
with search warrants.)

* anyone with access to one's machine (a snoopy coworker, an employer,
a spouse, even an NSA black bag job) can insert this harmless-looking
utility and then pick up the results later.

There are commands to bypass such keystroke capture--specifically
intended to head off these breaches--but most people will forget
sometimes, and may not even know the program is installed. (And there
are at least 3 of these for the Mac, so confusion is increased.)

This is a well-known security concern, but I thought it important to
mention.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From bryner at atlas.chem.utah.edu  Fri Jul  1 17:14:59 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Fri, 1 Jul 94 17:14:59 PDT
Subject: Beware of keystroke capture tools!
In-Reply-To: <199407012332.QAA08516@netcom7.netcom.com>
Message-ID: <Pine.3.89.9407011842.A28164-0100000@atlas.chem.utah.edu>


WfOn Fri, 1 Jul 1994, Timothy C. May wrote:

> I want to remind folks of another _practical_ security weakness in
> using PGP or any other crypto program: keystroke capture utilities.
I would be intersted in technical details of these for several machenes.  
I am interested in going around them.  Code for these programs  would be 
appreciated.

One really good way is to display the alphabet on the termanal, with 
mixed up character corispondence, done as a one-time pad.

You then enter the char from the display and a spy would need to see your 
screen, and your keystroke record, and match them up.

Roger,  Mad Dog Libertarian, Bryner.
**************************************
P.S. A very strong pro-Liberty candidate I worked for here just won their 
primary, in a region that goes in favor or her party.







From blancw at microsoft.com  Fri Jul  1 17:42:03 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 1 Jul 94 17:42:03 PDT
Subject: Politics and crypto
Message-ID: <9407012343.AA12980@netmail2.microsoft.com>


From: Michael Wilson

The political Left had the belief that while you, an individual, should 
have the right to do what you want with your body. . ., they wanted to 
control what you did with your money. . . The political Right had the 
belief that you should have the right to do what you want with your 
money . . , but not with your body. . .  .
..................................................
	True!

....programs such as healthcare, Clipper, national ID cards, national 
information infrastructures,
and so forth are all direct yet subtle attacks on such basic freedoms. 
It creates both the motive *and* mechanism for tyrrany.
..................................................
	Thus the Administration would undermine the motives & mechanisms for privacy.
	
	Everyone wants the advantages for themselves and not for their 
enemies; it would be useful to be able to distinguish enemies from 
friends, but this is not an easy task when everyone's philosophies & 
politics are so mixed up  & inconsistent & counterproductive.

	At some point, it becomes unavoidable to conclude that in reality, 
it's "every man for himself"; i.e. -  anything which helps individual, 
independent competence is a valuable & valid pursuit.

Blanc





From hfinney at shell.portal.com  Fri Jul  1 18:30:23 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 1 Jul 94 18:30:23 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <199407012226.PAA01800@netcom7.netcom.com>
Message-ID: <199407020131.SAA11491@jobe.shell.portal.com>


Tim May writes:
>Speculatively, knowing the passphrase-encrypted secret key may make it
>easier to crack RSA; this is just a speculation. It is not yet even
>been proven that RSA is a strong as factoring. i.e., we don't know for
>sure that the RSA information provided as part of the protocol doesn't
>in some way make the problem simpler than straight factoring of the
>modulus.

Here is a little-known fact.  In fact, I had forgotten it myself until
what Tim said reminded me.  Your PGP secret key file is partially encrypted
using IDEA keyed with the hash of your pass phrase.  But some fields are
left in the clear.  In particular, the number of bits in p and q is left
exposed, as is the number of bits in d, the decryption exponent.

Now, this is not really a big deal.  Usually with a 1024-bit key p and
q will both be 512 bits long, so knowing this for sure doesn't add that
much information.  And I don't think that knowing the exact number of
bits in the factors will help with the factoring when the two factors are
about the same size.  Nevertheless it does represent an information leak
that many people may not be aware exists.

One way an attacker might exploit this is as follows.  Suppose he wants
to do an exhaustive search of pass phrases.  As Tim said, a lot of people
may have ones which are easy to guess.  How does he know when he's guessed
correctly?  The secret key has a checksum (in the clear).  After decrypting
all of d, p, q, and u, PGP accumulates a checksum as it does this and com-
pares it with the checksum stored in the secret key.  If they match, PGP
(or the cracker) knows that he has used the right pass phrase.

This requires decrypting all four of these numbers, a total of about
320 bytes.  But he can do a provisional check much faster by using the
in-the-clear lengths.  Just decrypting the first byte of each MP number
allows you to see immediately what the bit length of the resulting MP
value will be since they are stored in MSB form.  For the most extreme
case, suppose the length of p were one more than a multiple of 8, say
505 bits.  Now we decrypt the first part of p and see if the first byte
of the decryption is exactly 1.  If not, we can know immediately that we
have the wrong pass phrase and move on without doing any more IDEA op-
erations.  This will immediately reject 255 out of 256 wrong pass phrases.

I don't know how much of a speedup you would actually see from this; IDEA
has a setup phase and you still have to run MD5 on each pass phrase.
But possibly it could be significant.


Hal Finney
hfinney at shell.portal.com






From kentborg at world.std.com  Fri Jul  1 18:53:29 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 1 Jul 94 18:53:29 PDT
Subject: Password Difficulties
Message-ID: <199407020153.AA07332@world.std.com>


Hey folks, passwords are hard to choose!
 
It boils down to this: I can't remember as many bits as the TLAs can
crack by brute force.
 
Starting with a bunch of coin tosses I tried ways of coding them: hex,
ASCII, and words off word lists.
 
Horrors!  The hex is too long, the ASCII is too long and too obscure,
words words chosen by those bits too many and too obscure.
 
Sorry, there is no way regular people are going to remember pass words
or phrases with more than about 50-bits worth of information in
them--and even doing that well is going to be rare.
 
We need to slowdown password testing?
 
Obvious things come to mind.  1) Try to pair up short passwords with
slow hardware, like a smartcard that can only consider a few passwords
a second.  2) Try to hide behind an expensive operation.  (Does
encrypting my private key 1,000,000-times equal encrypting it once
with a key 20-bits longer?)
 
What do we do?  (What are you folks doing right now?)


-kb, the Kent who occasionally considers practicalities


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From nobody at shell.portal.com  Fri Jul  1 18:53:52 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 1 Jul 94 18:53:52 PDT
Subject: MAIL: chained remailing strategy
Message-ID: <199407020155.SAA12732@jobe.shell.portal.com>


Hal Finney wrote:

> Here are the times at which my remailer has received messages 
> over the past week.  (This is the only form of log which I keep, 
> except for messages titled "DEATH TO BLACKNET".)  In return for 
> this information, please provide a histogram showing usage as a 
> function of time of day.  Thanks - Hal Finney

You're on, Hal.  Thanks for the work you put into that, and I'll 
see if I can whip up a program to produce a histogram ... well, 
at least in tabular form.  Thanks for the challenge...  In fact, 
if you want, I can send you the source code (in "C"), privately.

This mention of "DEATH TO BLACKNET" sounds intriguing.  Is this 
some sort of abusive/harassing message you're trying to track 
down?  With encrypted chaining available to hide the actual 
subject until the last link, it would seem that the sender is 
either naive, or else WANTS the Subject: line itself to send some 
sort of "statement".  (What is "BLACKNET", BTW?)

This brings up a related question, however.  How often, if at 
all, are you asked to help trace down the source of a message 
handled by your remailer?  Under what circumstances would you 
cooperate with such a request?

I've noticed that you have a 510 bit public key for your 
remailer.  Did you choose the shorter length to speed things up, 
or what?  I tend to use a remailer with a longer key as my FIRST 
link in the chain.  Maybe it's overkill, but why not?

And, finally, as a chained remailer user, I've read the periodic 
"status reports" by fingering "ghio at andrew.cmu.edu" and your 
remailer must certainly rank as one of the promptest and most 
reliable.  In fact, I think I'll include you *SOMEWHERE* on the 
chain for this reply... <g>






From mattt at microsoft.com  Fri Jul  1 19:41:10 1994
From: mattt at microsoft.com (Matt Thomlinson)
Date: Fri, 1 Jul 94 19:41:10 PDT
Subject: Physical storage of key is the weakest link
Message-ID: <9407020142.AA14517@netmail2.microsoft.com>


what does this mean, exactly? anything?

thx,

mattT
----------
From: Hal  <hfinney at shell.portal.com>
To:  <cypherpunks at toad.com>
Subject: Re: Physical storage of key is the weakest link
Date: Friday, July 01, 1994 6:31PM

Tim May writes:
>Speculatively, knowing the passphrase-encrypted secret key may make it
>easier to crack RSA; this is just a speculation. It is not yet even
>been proven that RSA is a strong as factoring. i.e., we don't know for
>sure that the RSA information provided as part of the protocol doesn't
>in some way make the problem simpler than straight factoring of the
>modulus.

Here is a little-known fact.  In fact, I had forgotten it myself until
what Tim said reminded me.  Your PGP secret key file is partially encrypted
using IDEA keyed with the hash of your pass phrase.  But some fields are
left in the clear.  In particular, the number of bits in p and q is left
exposed, as is the number of bits in d, the decryption exponent.

Now, this is not really a big deal.  Usually with a 1024-bit key p and
q will both be 512 bits long, so knowing this for sure doesn't add that
much information.  And I don't think that knowing the exact number of
bits in the factors will help with the factoring when the two factors are
about the same size.  Nevertheless it does represent an information leak
that many people may not be aware exists.

One way an attacker might exploit this is as follows.  Suppose he wants
to do an exhaustive search of pass phrases.  As Tim said, a lot of people
may have ones which are easy to guess.  How does he know when he's guessed
correctly?  The secret key has a checksum (in the clear).  After decrypting
all of d, p, q, and u, PGP accumulates a checksum as it does this and com-
pares it with the checksum stored in the secret key.  If they match, PGP
(or the cracker) knows that he has used the right pass phrase.

This requires decrypting all four of these numbers, a total of about
320 bytes.  But he can do a provisional check much faster by using the
in-the-clear lengths.  Just decrypting the first byte of each MP number
allows you to see immediately what the bit length of the resulting MP
value will be since they are stored in MSB form.  For the most extreme
case, suppose the length of p were one more than a multiple of 8, say
505 bits.  Now we decrypt the first part of p and see if the first byte
of the decryption is exactly 1.  If not, we can know immediately that we
have the wrong pass phrase and move on without doing any more IDEA op-
erations.  This will immediately reject 255 out of 256 wrong pass phrases.

I don't know how much of a speedup you would actually see from this; IDEA
has a setup phase and you still have to run MD5 on each pass phrase.
But possibly it could be significant.


Hal Finney
hfinney at shell.portal.com






From schirado at lab.cc.wmich.edu  Fri Jul  1 19:54:16 1994
From: schirado at lab.cc.wmich.edu (No Taxes through No Government)
Date: Fri, 1 Jul 94 19:54:16 PDT
Subject: Un-Documented Feature
Message-ID: <9407020254.AA24485@lab.cc.wmich.edu>



trollins at debbie.telos.com (Tom Rollins) writes:

>PGP 2.6ui has an undocumented feature.
>
>When generating a Public/Secret key pair PGP documentaion shows
>the command "pgp -kg" as the way to generate the keys.
>I had posted about how pgp uses a small public key exponent
>of 17 which is 5 bits.
>It turns out that this is only the default setting.
>An Un-Documented feature in PGP 2.6ui (I don't know about other
>versions as I don't have source code for them) lets you specify
>the number of bits in your public key exponent.
>The command "pgp -kg keybits ebits" will let you specify this
>public key exponent size. For example "pgp -kg 1024 256" will
>generate a key with modulus of aprox 1024 bits and a public
>key exponent of 256 bits rather than the 5 bit default.
>
>Too Bad pgp doesn't let you look at the public key exponent.
>I had to write some code to see them.

Questions:

1) In non-mathematical terms, if possible, what difference does this
   make in terms of security?

2) Does anyone know why is this undocumented?

3) What changes did you make? Sounds like it would be a well-received
   set of patches to be made public.


(I'm well aware of the current arguments regarding algorithmic strength
being no substitute for secure key management; I'm merely curious.)






From mattt at microsoft.com  Fri Jul  1 19:58:20 1994
From: mattt at microsoft.com (Matt Thomlinson)
Date: Fri, 1 Jul 94 19:58:20 PDT
Subject: Physical storage of key is the weakest link
Message-ID: <9407020200.AA14654@netmail2.microsoft.com>


duh.

sorry, guys.

wow, that doesn't happen very often. a personal msg from me to
the list.

won't happen again.

mt
(phantom at u.washington.edu)









From tcmay at netcom.com  Fri Jul  1 20:13:49 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 20:13:49 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <9407020200.AA14654@netmail2.microsoft.com>
Message-ID: <199407020313.UAA07688@netcom5.netcom.com>


Matt Thomlinson tells us one truth and one lie in his post:

> duh.
> 
> sorry, guys.
> 
> wow, that doesn't happen very often. a personal msg from me to
> the list.

This is true. It doesn't happy very often.


> won't happen again.
> 

This, however, is almost certainly not true. Unless Matt stops
posting, he's bound to slip up again.

--Tim


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From lcottrell at popmail.ucsd.edu  Fri Jul  1 20:37:00 1994
From: lcottrell at popmail.ucsd.edu (Lance Cottrell)
Date: Fri, 1 Jul 94 20:37:00 PDT
Subject: Mac PGP 2.6 sig file
Message-ID: <199407020336.UAA04397@ucsd.edu>


I have just unstuffed the Mac PGP archive I grabbed from MIT. Inside is a
detached signature file. What file is a signature for? Is it for the binhex
file, for the first archive, for the archive in the archive? Has anyone
made this work?

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







From fnerd at smds.com  Fri Jul  1 21:11:46 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Fri, 1 Jul 94 21:11:46 PDT
Subject: Credit-card PCs exist
Message-ID: <9407020400.AA06998@smds.com>


I'm looking at an ad for "CARDIO 386," a PC in a thick card 
a little bigger than a credit card.

It has a 236-pin connector with
   a full AT bus,
   VGA interface for video or LCD,
   IDE interface for hard disk,
   1 parallel, 2 serial, keyboard, mouse and floppy interfaces.

Up to 256K Rom and 4M DRAM.  I don't see built-in SRAM or battery,
but they have SRAM and flash cards as well as a PCMCIA interface.

The point is that it's what developers and their tools are used to.  
You could run regular PGP on it, for instance.

(That reminds me: does anyone know whether automatic teller
machines are PCs inside?)

S-MOS Systems of San Jose, CA.  "A Seiko Epson Affiliate."
and of which i am not an affiliate,
-fnerd
- - - - - - - - - - - - - - -
spam is in the eye of the beholder (splat)
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From schneier at chinet.chinet.com  Fri Jul  1 21:15:42 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Fri, 1 Jul 94 21:15:42 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <Pine.3.07.9407011338.A9243-a100000@gold.chem.hawaii.edu>
Message-ID: <m0qJvy4-0002FgC@chinet>


                    EUROCRYPT '94 CONFERENCE


In the cryptographic world--at least, the cryptographic world
outside the military--there are two major annual conferences:
Crypto and Eurocrypt.  Eurocrypt '94 was held in Perugia, Italy,
on May 9-12.  There were about 300 people in attendance,
representing the best in academic cryptography from five
continents (I didn't notice anyone from South America or
Antarctica).  A total of 37 papers were presented at the main
session, and another twenty or so at an informal "rump session"
one evening.

Much of what was presented was very theoretical, and only of
marginal interest to front-line programmers actually implementing
this stuff.  Here is a list of what I found useful and important:

     Feedback with Carry Shift Registers (FCSRs):  Linear
Feedback Shift Registers (LFSRs) have been the workhorse of
military cryptography for years.  Goresky and Klapper have
discovered a new class of shift registers which should prove to
be just as useful.  There are analogues for most of the LFSR
theory that apply to FCSRs.  Algorithms that were implemented
with LFSRs can be implemented with FCSRs, possibly with different
degrees of security.  Even more interesting should be
cryptographic algorithms which use a mixture of LFSRs and FCSRs. 
I expect this development to dramatically change the development
of stream ciphers.

     Synthesis of Public-Key Algorithms:  There are a lot of
public-key digital signature algorithms in the literature based
on the problem of taking discrete logarithms in a finite field: 
ElGamal, Schnorr, and the Digital Signature Standard (DSS) are
three examples.  Nyberg and Rueppel presented a paper which
unified all of these algorithms (108 in total) into one unified
family.  They also showed how to do encryption with all of them. 
What this does it allow further research to proceed on the entire
family of algorithms, and not just on one particular one.  It
also lays to rest Schnorr's claim that the DSS infringed on his
patent; it is now clear that both Schnorr and DSS are specific
cases on this general algorithm.

     The Digital Signature Standard:  Naccache, M'Raihi,
Raphaeli, and Vaudenay presented enhancements to the DSS: one
that increases speed, one that reduces storage requirements
(important for smart-card implementations), etc.  Their most
interesting enhancement is the ability to verify multiple
signatures in a single operation.  A complaint against DSS is
that signature verification is slow; the batch verification
method in this paper should silence that complaint once and for
all.

     Visual Cryptography:  Shamir developed a one-time-pad
cryptosystem that is suitable for encrypting visual images.  The
key is a pattern of black and white pixels on a transparency; the
ciphertext is another pattern of black and white pixels.  Overlay
the key on the ciphertext and the message appears.  This is
unconditionally secure; even alien civilizations with undreamed-
of computing power cannot break this cryptosystem.  Applications
include sending an encrypted message via fax: the receiver can
carry the key transparency with him and can receive the encrypted
fax from an insecure machine.  Cool stuff.

     Designated Confirmer Signatures:  Undeniable signatures are
signatures which need permission from the signer to verify. 
Applications include computer publication of data.  The recipient
of the data wants to be able to verify the publisher's signature,
so he knows that the data is authentic.  The publisher only wants
his signature to be verifiable by people who have paid for the
data, and not by people who have pirated it.  Undeniable
signatures do that.  Chaum's extension allows the publisher to
designate an agent who can help receivers verify the signatures.

     Differential and Linear Cryptanalysis:  Both of these
techniques were further refined by several people.  Two papers,
one by Biham and another by Chabaud and Vaudenay, looked at
similarities between the two.  Matsui found an alternate order
for the S-boxes that is resistant to linear cryptanalysis, but
unfortunately it is weak against differential cryptanalysis.

     Self-Shrinking Generator:  The shrinking generator was a big
hit at Crypto '93.  Basically, a LFSR is decimated by another
LFSR.  This stream algorithm is simple to implement, and looks
very strong.  Meyer and Staffelbach developed a variant of this
generator, which uses a single LFSR.  The even bits of the
generator are used to decimate the odd bits.  This is even
simpler to implement and is just as strong.

     Formal Protocol Design:  One of the problems with
authentication protocols, like Kerberos, is proving that they are
correct.  There's nothing more embarrassing than fielding a
protocol and finding a security problem two years later. 
Syverson and Meadows have developed an expert system that helps
detect security problems in protocols.

Several interesting papers were presented at the rump session.  
Biham presented a paper showing that triple-DES in cipher
feedback mode, with triple-DES as the bock cipher, is more secure
than a large number of variant possibilities.  Knudsen found a
class of "weak" keys for DES and LOKI when those algorithms are
used as one-way hash functions.  There is nothing to worry about;
the odds of picking such a key at random is very small.  Charnes
and O'Connor presented some initial comments on the GOST
algorithm, an encryption algorithm from the Soviet Union.
Also interesting were the side discussions.  At least two
cryptographers are working on something called "higher-order
differential cryptanalysis."  Although this technique has had
great success against DES with only 5 rounds, no one knows how to
extend it to full 16-round DES.  One cryptographer has developed
an alternate set of DES S-boxes that is resistant to both
differential and linear cryptanalysis, while another has
developed a method for generating key-dependent S-boxes that
increase the effective key size of DES beyond 56 bits.  If there
are going to be any more attacks against DES, this--and Hellman's
attempts to combine differential and linear cryptanalysis--is
where to watch for them.

RSA-129 was recently factored.  This is the 129-digit number, the
product of two large primes, that was featured in Martin
Gardner's original Scientific American column about the RSA
algorithm.  Although this doesn't affect the security of the
1024-bit numbers used in programs like PGP, it does show how far
we've come in fifteen years.  Gardner was sure this number would
not be factored for millions of years.

The other big news is a security problem with the Secure Hash
Algorithm (SHA), discussed in the Apr 94 DDJ.  The cryptographers
at NSA have found a problem with the algorithm.  They won't tell
anyone what it is, or even how serious it is, but they promise a
fix soon.  Everyone is waiting with baited breath.


From bryner at atlas.chem.utah.edu  Fri Jul  1 21:40:22 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Fri, 1 Jul 94 21:40:22 PDT
Subject: Credit-card PCs exist
In-Reply-To: <9407020400.AA06998@smds.com>
Message-ID: <Pine.3.89.9407012204.A29038-0100000@atlas.chem.utah.edu>


On Sat, 2 Jul 1994, FutureNerd Steve Witham wrote:
> I'm looking at an ad for "CARDIO 386," a PC in a thick card 
> a little bigger than a credit card.
Where!  I need one BAD!:-)

Roger.






From bogus@does.not.exist.com  Fri Jul  1 22:04:55 1994
From: bogus@does.not.exist.com ()
Date: Fri, 1 Jul 94 22:04:55 PDT
Subject: Chained Remailing Strategy and Tactics
In-Reply-To: <199406300128.SAA25746@jobe.shell.portal.com>
Message-ID: <gate.8ZZToc1w165w@vox.hacktic.nl>



-----BEGIN PGP SIGNED MESSAGE-----


nobody at shell.portal.com writes:

>Can some of the major remailer operators make available some 
>"sanitized" traffic stats of average traffic by hour and day of 
>the week?  The vox.hacktic.nl remailer sounds useful in this 
>regard, since it apparently uses a UUCP link, and batches up 
>accumulated messages, both incoming and outgoing.  When are the 
>"best" times for chained traffic to arrive there?

I donnot keep logs. 

The following is published every saturday by xs4all.hacktic.nl,
the node I poll at:


   UUCP traffic on node xs4all from 1994-06-25 05:16 to 1994-07-02 05:11

Remote   -----------K-Bytes----------- ----Hours---- --Avg CPS-- --Files--
 Host         Recv      Sent     Total   Recv   Sent  Recv  Sent Recv Sent
- -------- --------- --------- --------- ------ ------ ----- ----- ---- ----
vox          616.9    4678.1    5295.0    0.2    1.2   992  1103  390  912

- -------- --------- --------- --------- ------ ------ ----- ----- ---- ----
Total      17931.1  299714.2  317645.3    6.1   60.1   815  1386 5723 2689


Those 390 files leaving my system are personal email, usenet postings,
a pgs-mailing list, request for help and actual request for remailing,
and maybe some UUCP control files .

I'll start working monday at a new job, so my planned pollings are:
Mon-Fri: 07:30+08:00+14:00+18:05+21:00+00:00 
Sat-Sun:      +12:00+14:00+18:00+21:00+00:00+03:00
[dutch time = GMT +0200 incl DST]


-----BEGIN PGP SIGNATURE-----
Version: 2.6 for VoX Labz.

iQCVAgUBLhTsWVnfdBSNVpE9AQHEngP/cVBgojQV5qlyHzANivxU9wLV+s7LxTcq
Cb/HPHjLXZ0syK53/DWlA1rSlYyY1bPSHksI9jjk/lLDjqHRqyoVRSsEpD/bjVw0
It8FBnIFm2DwXbThpnNTkjirnI8Y7nj+J97xpISr/a4KL6iaFywXPCeCadtRtsPZ
/Hgy/70wPAw=
=mCrc
-----END PGP SIGNATURE-----
--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From bryner at atlas.chem.utah.edu  Fri Jul  1 22:08:51 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Fri, 1 Jul 94 22:08:51 PDT
Subject: Sorry about spam.
In-Reply-To: <Pine.3.89.9407012204.A29038-0100000@atlas.chem.utah.edu>
Message-ID: <Pine.3.89.9407012328.A29371-0100000@atlas.chem.utah.edu>


Sorry about the personal message.  I ment to remove the cypherpunks line.

Roger





From scmayo at rschp2.anu.edu.au  Fri Jul  1 22:37:50 1994
From: scmayo at rschp2.anu.edu.au (Sherry Mayo)
Date: Fri, 1 Jul 94 22:37:50 PDT
Subject: Blame me! I started the "What motivates crypto-folk" thread
Message-ID: <9407020537.AA21798@toad.com>


I only joined the cypherpunks list a few days ago so 'imagine my
surprise' to see that a post I sent to talk.politics.crypto had been
forwarded here and was the topic of some considerable debate!
I've also had stacks of replies by email, so I thought I should
stick my head above the parapet and post here with a few observations.

It is self evident from the emails I have received that crypto-use
and cypherpunks encompass people of every political stripe. Someone
used the phrase 'strange bedfellows' to describe the variety of people
on cypherpunks and I couldn't agree more. The majority of people shared
a simple desire for privacy, from government snooping in particular.
I guess the articles I had read on WWW that lead to my original post
were not very representative of crypto-users as a whole.

I wasn't really intending to start a political left vs right debate with
my post. As many people have pointed out to me, crypto is a neutral tool that
can be used by all sorts of people for all sorts of ends. I don't expect
to agree politically with all those people any more that I expect to
agree with all car drivers (for example). I was just curious that there
was an *apparent* trend in the politics of the crypto articles I read -
How wrong I was :-)

To all those who have replied to me by email, thanks for your views.


Sherry Mayo


PS. Someone wrote:

> > Thanks for your thoughtful comments.  However the message was 
> > not by me but by Sherry May <scmay at rschp2.anu.edu.au>.
> 
> Sherry May, Tim's EVIL TWIN?  (Or is it the other way 'round?)

Ha ha ha this had me ROTFL!!!

PPS. Its Mayo - I'm no relation!






From wcs at anchor.ho.att.com  Fri Jul  1 23:00:49 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 1 Jul 94 23:00:49 PDT
Subject: Credit-card PCs exist
Message-ID: <9407020559.AA25969@anchor.ho.att.com>


> (That reminds me: does anyone know whether automatic teller
> machines are PCs inside?)

I should know our cash machine line by now, but anyway...
I think ours are basically PCs with OS/2 operating systems;
having real multitasking is useful in a communication device,
and it's a reasonably flexible environment for adding drivers for 
miscellaneous peripherals, like cash dispensers.

A few years ago I saw a cash machine that was not working,
and had a very dos-llike boot error message on the screen.

Grocery store aisle signs are often driven by Amigas,
and occcasionally have confused-Amiga messages on them.

ObCrypto: according to someone on the net, some appallingly large 
fraction of teller machines don't use encryption on their comm links.
(Grocery store signs do just fine without crypto :-), though some
of the new radio-transmission shelf price labels might be interesting
hacking for somebody with lots of time on their hands.)





From wcs at anchor.ho.att.com  Fri Jul  1 23:16:05 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 1 Jul 94 23:16:05 PDT
Subject: Illegal Acts & Crypto
Message-ID: <9407020614.AA26069@anchor.ho.att.com>


Blanc Weber writes:
> Images of the psychology of crypto-users:
> .  scurrying around like rats, hiding in the dark from regular 
> interactions (regular = unconcerned)
> .  fear of being onesself in the light, lacking courage
> .  having a view of life which is not trusting, but suspicious and cynical
> .  not identifying with the group, therefore keeping things from them, 
> something akin to hoarding & not sharing (closed to the other members 
> of the society, rather than open)
> .  not necessarily "officially"  illegal, but generally not  really  
> "one of us", as in hypocritical -  "with us, but not *of* us"

A lot of the crypto users I know are quite the opposite - folks willing
to stand up in public, speaking truth to power, challenging the
NSA in court or in the newspapers, and working to distribute 
and share free software with other programmers to improve the work
done by everybody.  Many of them are as trusting as anyone else
intellegent I know, though I'll have to grant a certain amount of cynicism :-)

> Consequential Circumstance:
> .  insufficient self-reliance, having to wait for the cavalry to come 
> over the hill to save oneself.

Cypherpunks write code!

		Bill


Celebrate Independence Day the traditional way - overthrow a government! :-)





From wcs at anchor.ho.att.com  Fri Jul  1 23:17:40 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 1 Jul 94 23:17:40 PDT
Subject: Detweiler clone at WS
Message-ID: <9407020616.AA26086@anchor.ho.att.com>


> Roy M. Silvernail says:
> > > A BBS is a publication.  The
> > > 1st Amendment was specifically written to outlaw the British licensing of 
> > > publications.  No risk.
> > 
> > Until some case law comes about that recognizes this, It Just Ain't So.
> > Right now, electronic publishing isn't recognized by the courts as
> > publishing (because we don't kill trees, I suppose).
> 

Cubby vs. CompuServe is at least the beginning of that recognition.

		Bill
Celebrate Independence Day the traditional way - overthrow a government! :-)





From joshua at cae.retix.com  Sat Jul  2 00:39:21 1994
From: joshua at cae.retix.com (joshua geller)
Date: Sat, 2 Jul 94 00:39:21 PDT
Subject: Password Difficulties
In-Reply-To: <199407020153.AA07332@world.std.com>
Message-ID: <199407020739.AAA04202@sleepy.retix.com>



>   Hey folks, passwords are hard to choose!

?

>   It boils down to this: I can't remember as many bits as the TLAs can
>   crack by brute force.

I generally choose things like (no, this is not a real one):

Rare steak tastes good when it is cooked over a wood fire. better than
chicken. better than fish. good with worcestershire sauce.

this is for a pgp passphrase, of course.

I find it not to be a problem remembering a sentence character for
character.

>   Starting with a bunch of coin tosses I tried ways of coding them: hex,
>   ASCII, and words off word lists.

>   Horrors!  The hex is too long, ....

>   Sorry, there is no way regular people are going to remember pass words
>   or phrases with more than about 50-bits worth of information in
>   them--and even doing that well is going to be rare.

?

josh





From kentborg at world.std.com  Sat Jul  2 01:41:42 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 2 Jul 94 01:41:42 PDT
Subject: Password Difficulties
Message-ID: <199407020841.AA23083@world.std.com>


joshua at cae.retix.com writes:
>>   Hey folks, passwords are hard to choose!
>
>?

What part don't you understand?

Give people the opportunity to chose "random" passwords and they
choose easily guessed strings.  (Well demonstrated.)

Tell people to chose a *phrase* and they are going to frequently type
"The quick brown fox...".  (My assertion.)

Your suggestion about rare steak is so long that "normal" people are
not going to bother with it.  Just getting people to type the
19-characters of "the quick brown fox"--just four words--is going to
be hard, and there are not very many bits of information in 4 short
common English words--forget that they are a chiche.

Besides, your sample phrase might not have as many bits in it as you
think.

>Rare steak tastes good when it is cooked over a wood fire. better
>chicken. better than fish. good with worcestershire sauce.

22 words, a good start.  But all will appear in a short dictionary
list, 4 gramatical sentences, sentences with related meaning.  Not so
good.  Slightly non-standard capitalization--but only a few bits in
that.  You suggest a phrase that is going to seem annoying to people
raised on 4-digit PINs, yet it still might not have, say, the 128-bits
lots of people want.

My 128 coin tosses can be roughly turned into 8-words, but out of a
much larger word list than your phrase and with no gramatical
connections--and hard to remember.  Each transformation I might do to
those words to help remember them chops off a few of my original bits.
By the time I have something my mother is going to bother with there
are few bits left.  A little brute force and those bits are blown.

And why should you care if my mom uses weak keys?  Because it will
undermine the legal weight of things like digital signatures.  Because
all communication you have with "normal" people will be nearly in the
clear because of their poor security.  If you want privacy, you need
to help others have privacy.

Back to a rephrasing of my original question: should programs like PGP
super-duper encrypt the private key (and remove those hints poeple
have mentioned recently) as a way of slowing down brute-force attacks?


-kb

P.S. Remember, even a good hashing algorithm should not be expected to
create entropy out of thin air.  Too few bits in means too few bits
out.  Just because I don't know how to analyze those bits does not
mean you should be content.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From mimir at illuminati.io.com  Sat Jul  2 05:14:53 1994
From: mimir at illuminati.io.com (Al Billings)
Date: Sat, 2 Jul 94 05:14:53 PDT
Subject: Credit-card PCs exist
In-Reply-To: <9407020400.AA06998@smds.com>
Message-ID: <Pine.3.89.9407020731.A23450-0100000@illuminati.io.com>


On Sat, 2 Jul 1994, FutureNerd Steve Witham wrote:

> I'm looking at an ad for "CARDIO 386," a PC in a thick card 
> a little bigger than a credit card.
> 
> It has a 236-pin connector with
>    a full AT bus,
>    VGA interface for video or LCD,
>    IDE interface for hard disk,
>    1 parallel, 2 serial, keyboard, mouse and floppy interfaces.
> 
> Up to 256K Rom and 4M DRAM.  I don't see built-in SRAM or battery,
> but they have SRAM and flash cards as well as a PCMCIA interface.

How much does it cost?







From rishab at dxm.ernet.in  Sat Jul  2 07:15:48 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sat, 2 Jul 94 07:15:48 PDT
Subject: Cypherpunks of the world unite!
Message-ID: <gate.5V1uoc1w165w@dxm.ernet.in>


Michael Wilson <0005514706 at mcimail.com>:
> There is a good reason why revolutionaries in very poor nations tend to 
> espouse socialist or communist rhetoric--those are political systems that can 
> raise the quality of life considerably and immediately, 

I see governments as representing the collective will of society, responsible 
for only those things that are best achieved through everyone's cooperation.
It is now fashionable to talk about the Asian way -- subjugating freedom to
prosperity. This is of course bunkum, freedom is an ideal and is universal. The
way to get to that may differ from society to society, particularly, as Michael
says, in poor nations. It isn't necessary to have a strong state to survive;
India, with a similar standard of living in 1950, has been democratic with
more or less regular, free and fair elections. Contrary to popular perception,
India has been no more 'socialist' than many European countries such as France,
with stockmarkets and large state-owned enterprises. It is naturally more
difficult to control crime or rising population here than in China, where petty
thieves and corrupt officials are frequently executed.

Freedom is a right equally applicable everywhere, whatever the political, social
or economic situation. Any technology that promotes it is important for the
whole world.

Cypherpunks of the world unite! You have nothing to lose but your escrowed 
keychains!


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Sat Jul  2 07:15:53 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sat, 2 Jul 94 07:15:53 PDT
Subject: The usefulness of PGP pass phrases
Message-ID: <gate.78wuoc1w165w@dxm.ernet.in>


tcmay at netcom.com (Timothy C. May):
> > after you have entered the pass phrase, the secret key is available within 
> > your machine, and could be stolen, and if your OS leaves pagefiles etc
> > arounnd, might even be taken after you shut down PGP.
> > Or am I missing something? Thanks, Andy
> 
> I haven't seen a formal analysis of the strength of PGP if the secret
> key is known but the passphrase is still secure, but from conventional
> crypto we would assume that the search space would be greatly reduced.

The secret key is _encrypted_ with the passphrase. Strength of PGP with a
known secret keyFILE, not key, and unknown passphrase, is the strength of the
cipher used to encrypt the secret key with. In this case, the strength of IDEA.
Of course, your pass phrase is as susceptible to dictionary attack as your UNIX
password, and it would be easier to decrypt a message by decrypting through 
such attacks or brute force your keyfile, than to factor large numbers to get 
at your session key.

> You obviously can't do with just the paIn short, these are reasons to keep your secret key secret. Your
> passphrase alone may be insufficient (else why not just dispense with
> the secret key and just have a passphrase?).

RSA would have a tough time using a 11 char English phrase as an exponent ;-)

To quote from the PGP manual:

     PGP also asks for a "pass phrase" to protect your secret key in case
     it falls into the wrong hands.  
     Nobody can use your secret key file without this pass phrase.       
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ps. as Tim correctly said, Jains don't like killing living things. They are 
Jains, not Jainists (followers of some hypothetical Mr. Jain?); the word comes 
from the Sanskrit for 'to overcome'.

     
-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From bmorris at netcom.com  Sat Jul  2 09:16:28 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sat, 2 Jul 94 09:16:28 PDT
Subject: IS IT POSSIBLE?
Message-ID: <199407021616.JAA09281@netcom12.netcom.com>


To: cypherpunks at toad.com

I've heard rumors through the years that CIA/NSA/whoever can aim a
parabolic antenna at your window, read the electronic pulses surrounding
your computer, and thusly determine what you are typing.  Is there any
truth to this?

 * RM 1.4 B0037 *
                                                                                                                 





From ghio at cmu.edu  Sat Jul  2 09:20:13 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Sat, 2 Jul 94 09:20:13 PDT
Subject: ANI numbers
Message-ID: <9407021616.AA00152@toad.com>


joshua geller <joshua at cae.retix.com> wrote:

> it doesn't work from LA and I do have AT&T long distance.


It works for me and I live in LA (San Pedro, actually).

It also worked when I was in Pittsburgh.

The number is 1073214049889664

But if you live in the Los Angeles area, you can use PacBell's numbers 1223 or
2112345, or if you have GTE, 114





From paul at hawksbill.sprintmrn.com  Sat Jul  2 09:27:27 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Sat, 2 Jul 94 09:27:27 PDT
Subject: IS IT POSSIBLE?
In-Reply-To: <199407021616.JAA09281@netcom12.netcom.com>
Message-ID: <9407021729.AA18191@hawksbill.sprintmrn.com>



> 
> I've heard rumors through the years that CIA/NSA/whoever can aim a
> parabolic antenna at your window, read the electronic pulses surrounding
> your computer, and thusly determine what you are typing.  Is there any
> truth to this?
>

Not exactly in this manner, but yes. Given the proper equipment, you 
can put someone on a raft in the middle of a lake plinking away on the
keyboard -- and discern every keystroke from the shoreline. 

That's no secret, mein freund.

- paul
 




From tcmay at netcom.com  Sat Jul  2 09:47:23 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 2 Jul 94 09:47:23 PDT
Subject: IS IT POSSIBLE?
In-Reply-To: <199407021616.JAA09281@netcom12.netcom.com>
Message-ID: <199407021647.JAA27109@netcom8.netcom.com>


> 
> To: cypherpunks at toad.com
> 
> I've heard rumors through the years that CIA/NSA/whoever can aim a
> parabolic antenna at your window, read the electronic pulses surrounding
> your computer, and thusly determine what you are typing.  Is there any
> truth to this?

Yes. PCs, and especially the _monitors_ of PCs, put out a lot of RF.
(Most of you will have seen that turning on your PC or Mac near a
television with an antenna input--as opposed to cable input--will
cause various kinds of "hash" on the t.v.)

It's been possible for many years to build a box which can "tune in"
to the RF and actually see a direct replica of what's on the CRT. This
from some distance. A paper on this was done a while back, from which
the name "van Eck" or "Van Eck" comes. 

How far away, and whether a van parked a block away can do it, is
unknown to me. There are people on this list who have done
this...perhaps they can comment anonymously.

Note that the TEMPEST spec for shielding equipment is directly related
to this.

Is this a concern for ordinary Cypherpunks? Well, I don't worry about
it. I'm presently fairly upfront about my views, and use encryption
very rarely, ironic as that may seem.

What can be done?

* Laptops put out much less RF (try the television test). The LCD
doesn't have the deflector coils of a CRT to radiate in synch with the
screen action, so the problem of snooper is much harder.

(My Powerbook 170 still puts "wavy lines" on an antenna-input t.v., so
_something_ is being emitted....whethe it is _readable_ is another
matter. But then, the NSA has a lot more expertise than most of us
have, so....)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jim at acm.org  Sat Jul  2 10:01:13 1994
From: jim at acm.org (Jim Gillogly)
Date: Sat, 2 Jul 94 10:01:13 PDT
Subject: Password Difficulties
In-Reply-To: <199407020841.AA23083@world.std.com>
Message-ID: <9407021700.AA16651@mycroft.rand.org>



> kentborg at world.std.com (Kent Borg) writes:
> joshua at cae.retix.com writes:
> Besides, your sample phrase might not have as many bits in it as you
> think.

> >Rare steak tastes good when it is cooked over a wood fire. better
> >chicken. better than fish. good with worcestershire sauce.

> 22 words, a good start.  But all will appear in a short dictionary
> list, 4 gramatical sentences, sentences with related meaning.  Not so

I think it's quite likely to have 128 bits worth of keyfulness (no, that's
not a Term of Art).  Shannon estimated from experiments (people guessing
the next letter in connected standard English text) that English contains
about one bit of information per character.  The ungrammatical structures
and missing caps would add more bits to the data in those areas, so the
120 or so characters would yield more than 120 bits of information.
Guessing a long passphrase from a dictionary attack doesn't work, as you
can tell from some simple arithmetic: 22 words out of a 1,000-word
dictionary is like 10^66 possibilities, and 'worcestershire' wouldn't be
in the 1,000-word dictionary.  Note also that guessing keyphrases using
some kind of Markov algorithm isn't going to be easy, because unlike the
Shannon experiment you don't get any feedback on your trials until you
have every bloody bit right.  It requires enumerating all legal 128-byte
English sequences and testing each in turn.

It's much easier to use an attack like Tim suggested than to break even
a weakish passphrase (well, not as weak as "quick brown fox").  One example
would be infiltrating Cypherpunk PGP key-signing parties: write a TSR or
custom COMMAND.COM that will capture all keystrokes typed on your laptop,
and offer it to others for signing your key and others'.  Don't forget to
have any command that accesses the floppy disk check for a file called
"secring.pgp" and copy it to your hard drive under the name
c:\scratch\junk17.foo.  Remember, you're signing keys to verify that you
know who they are... not that you trust them.

	Jim Gillogly
	9 Afterlithe S.R. 1994, 16:57





From usura at vox.hacktic.nl  Sat Jul  2 10:38:19 1994
From: usura at vox.hacktic.nl (Alex de Joode)
Date: Sat, 2 Jul 94 10:38:19 PDT
Subject: PGPKey for vox.hacktic.nl
Message-ID: <THmuoc1w165w@vox.hacktic.nl>


-----BEGIN PGP SIGNED MESSAGE-----


This is a 1000 bits PGP key for the remailers at vox.hacktic.nl,
it will be valid for the month July.

The 512 bits PGP will remain valid for "general" use, the 1000 bits
KEY will be changed every month.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6 for VoX Labz.

mQCpAi4VnJsAAAED6J6slxXd/i/gckEHHykILgG9MnItD4pTnI2qDbN7JS7/RTTQ
CBBzX1OBRepf8L58UuNaLSpwU1wAqgsyxdhtnvHJKTDGwDN6eRthpkPXigmIy1/H
uvHTci9snnOvINjWMii44Osrc3g3SNAg481bi8PQP/8uHU6bRukx7VRlAQCAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbQtVm9YIFJlbWFpbGluZyBTZXJ2
aWNlIDxyZW1haWxAdm94LmhhY2t0aWMubmw+tDBbS0VZIHZhbGlkIHRpbGwgMTk5
NC0zMS0wNyAyMy41OS41OSBHTVQgKyAwMjowMF0=
=yb/k
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6 for VoX Labz.

iQCVAgUBLhWk2lnfdBSNVpE9AQHC4AP/WdhPEsrEG9dErRyDlJy+Pfgvwf1bD9wC
Iv/33qJAcydeNYxfHn7ikW9NdZYFiyFwrHXGW5Q0+tpxtbl9aiIqWF7vFqntRodP
hkFyEua3+tI0bd/fgBT5YHbyFJOdol+52aRgJgy58CUjTFFA4qASS1GbdMvSzLqt
iQ5O4POCd2w=
=wcCa
-----END PGP SIGNATURE-----

--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From fhalper at pilot.njin.net  Sat Jul  2 11:06:23 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Sat, 2 Jul 94 11:06:23 PDT
Subject: MacPGP Bug
Message-ID: <9407021806.AA09728@pilot.njin.net>


   I friend of mine has shown me a bug in MacPGP that allows someone to come
along after you have decrypted a message, check "Recycle Passwords" in the 
options menu and proceed to decrypt any encrypted messages you have.  
Even if you didn't have "Recycle passwords" selected before you decrypted the 
message, PGP will recycle the passwords.  I assume it exists in all versions.
Reuben Halper
P.S.  I am going away so I have to unsubscribe from the list for a month or so.
Please send any comments to Reuben8878 at aol.com





From ben at Tux.Music.ASU.Edu  Sat Jul  2 11:12:52 1994
From: ben at Tux.Music.ASU.Edu (Ben Goren)
Date: Sat, 2 Jul 94 11:12:52 PDT
Subject: Password Difficulties
In-Reply-To: <199407020739.AAA04202@sleepy.retix.com>
Message-ID: <Pine.3.89.9407021039.A4740-0100000@Tux.Music.ASU.Edu>


On Sat, 2 Jul 1994, joshua geller wrote:
> [. . .]
> >   It boils down to this: I can't remember as many bits as the TLAs can
> >   crack by brute force.
> 
> I generally choose things like (no, this is not a real one):
> 
> Rare steak tastes good when it is cooked over a wood fire. better than
> chicken. better than fish. good with worcestershire sauce.

You can improve entropy even more, and still keep it memorable, by doing 
something such as the following:

Rare 513AK tastes g))d when it is c))K#D over a wood fjord. 
BETTERthanCHICKEN....

Using poor or improper English--or some other language--will also help. 
So now, we might have:

Viva dA5 bu0n) Rare 513AK tastes w3#l it when 15 c))k#D....

You, of course, will have to be the judge of how much mutilation you can 
remember.

And note that, while such changes will help with passphrases, any 
sophisticated dictionary/algorithm-based password (>8 charcters) cracker 
will be able to guess most of them. "f43d" is no more secure than "fred." 
Better to hit random keys on the keyboard or use a true random number 
generator--flip a coin 56 times to get a 7-bit ASCII string, more if you 
get control characters--to get your eight characters, and just force 
yourself to remember it. Even something like "g&*3VkjH" is memorable--I 
did use that one for a couple weeks some months ago.

Speaking of which, are there any /bin/passwd plugins that use 
passphrases rather than passwords? Or should I be a good cypherpunk and 
write some code?

> [. . .]
> josh

b&
--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.





From bmorris at netcom.com  Sat Jul  2 12:12:28 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sat, 2 Jul 94 12:12:28 PDT
Subject: PASSWORD DIFFICULTIE
Message-ID: <199407021912.MAA10503@netcom8.netcom.com>


To: cypherpunks at toad.com

KK> 22 words, a good start.  But all will appear in a short dictionary
KK> list, 4 gramatical sentences, sentences with related meaning.  Not so

But will a dictionary attack work when the passphrase is multiple words?
Because then it would have to try all the words in the dictionary
grouped with other worde, and the permutations thus become huge.

i.e. "spinachwalrusgazebo" is three words, and to me, would seem immune
from a dictionary attack, because the attack only uses single words.  Is
this right?

 * RM 1.4 B0037 *
                                                                                       





From die%pig.jjm.com%jjmhome.jjm.com at jjmhome  Sat Jul  2 12:20:52 1994
From: die%pig.jjm.com%jjmhome.jjm.com at jjmhome (Dave Emery)
Date: Sat, 2 Jul 94 12:20:52 PDT
Subject: ANI numbers
In-Reply-To: <9407021616.AA00152@toad.com>
Message-ID: <9407021920.AA24347@pig.jjm.com>


> 
> It works for me and I live in LA (San Pedro, actually).
> 
> The number is 1073214049889664

	Works great from Lexington Mass on AT&T. Reads back my number followed
by 8 and 0000002.

-- 






From sandfort at crl.com  Sat Jul  2 12:31:25 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 2 Jul 94 12:31:25 PDT
Subject: Cypherpunks of the world unite!
In-Reply-To: <gate.5V1uoc1w165w@dxm.ernet.in>
Message-ID: <Pine.3.87.9407021243.A27738-0100000@crl.crl.com>


C'punks,

On Sat, 2 Jul 1994 Rishab wrote:

> . . .
> It is now fashionable to talk about the Asian way -- subjugating freedom to
> prosperity. This is of course bunkum, freedom is an ideal and is universal.
> . . .

Ever been to Singapore?  That is *exactly* the social contract into which
the Singaporeans have entered.  When I was there, I tried to give a copy
of PGP to the young man who sold and set up our computer equipment.  He
turned it down.  He told me he didn't need that kind of privacy for his
messages or files.  He couldn't understand why he would want encryption
that would keep the government from reading his data.  He seemed truly 
mystified.  It gave me the willies.


 S a n d y









From adam at bwh.harvard.edu  Sat Jul  2 12:31:35 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Sat, 2 Jul 94 12:31:35 PDT
Subject: PASSWORD DIFFICULTIE
In-Reply-To: <199407021912.MAA10503@netcom8.netcom.com>
Message-ID: <199407021930.PAA14064@duke.bwh.harvard.edu>


Bob MorrisG writes:

| i.e. "spinachwalrusgazebo" is three words, and to me, would seem immune
| from a dictionary attack, because the attack only uses single words.  Is
| this right?

	I fail to see why the attack can't be extended.  Yes, its a
lot of combinations, but fewer than trying to guess 'the 43(!) BROWN
FOxes jump over the {lazy} "dog."  Its a lot fewer tahn trying to
guess zlpfq*20M

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From 0005514706 at mcimail.com  Sat Jul  2 12:36:10 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sat, 2 Jul 94 12:36:10 PDT
Subject: Passwords, passphrases, etc.
Message-ID: <61940702193416/0005514706NA3EM@mcimail.com>


Cypherpunks:

The evolution of the discussion here regarding passwords or passphrases is a 
telling indicator, and one which people here should think about, because you are
reinventing the NSA.

You start with a desire for privacy/secrecy, and so you create a package as a 
functional cryptosystem.  The requirements of the cryptosystem, however, makes 
memorization of the cryptographic key non-trivial (and nobody here suggests 
offline storage, as the NSA primarily uses); this causes you to use an access 
control mechanism that protects the key on a local basis.  This then makes you 
think about armoured operating systems, physical security of the site, biometric
security, signals emission, coersion methods, etc.  It is a capsule history of 
the enemy, and I hope it helps you understand what created them; the major 
difference was that they had an available budget and potent adversaries.  
Imagine the cypherpunks sitting around and attacking their own system and others
(Clipper, for instance), getting paid to write code, build hardware, whatever 
necessary to attack/defend, and with operational support and infrastructure.  
Quite educational, isn't it?

Another brief observation you might want to think about in regards to the 
implications; the data in the public domain for cryptanalysis tends to be based 
primarily in the English language (frequency tables, dictionary attacks, etc.). 
Isn't it striking that so little of similar data has leaked out for what one can
assume were the real targets--Russian, Arabic, German, etc.?  Seems to be quite 
an effort to attack English-based systems.  There also seems to be an unusual 
silence on what one would consider to be important cryptanalysis data--if you 
were NSA, wouldn't you be certain to suppress data that helped your adversary?  
Just food for thought.  Is this a true emphasis or a Potemkin village?

One benefit of being multilingual; all access codes that I need to remember are 
obscure phrases in little known dialects.  I imagine they would look like 
gibberish to the uninitiated.

Michael Wilson
Managing Director, The Nemesis Group

[I hope that the record of purchases made through the Maryland Procurement group
are making their way from systems such as Mead Data and into private systems for
analysis; warning, access of such data is expensive.]





From kentborg at world.std.com  Sat Jul  2 12:52:19 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 2 Jul 94 12:52:19 PDT
Subject: Password Difficulties
Message-ID: <199407021952.AA21913@world.std.com>


ben at Tux.Music.ASU.Edu and joshua at cae.retix.com both suggest ways to
choose passwords/phrases--things no normal person will do.

What do we do about a population which thinks a 4-digit PIN is secure?
If people use their current ATM PINs--and a lot of computer users *do*
when they are allowed--there will be problems: if we want privacy we
had better figure out how to give everyone privacy.

Part of my original post was cribbing from a paper I once read on the
security of crypt on Unix machines.  It talked of multiple
applications of crypt to slow down brute-force password cracking.
Should things like PGP use this technique in protecting the secret
key?  Does a million encryptions equal 10-bits added to the key?
(Assuming the million encryptions cannot be composed into a single
equivalent encryption.)

-kb


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From VACCINIA at UNCVX1.OIT.UNC.EDU  Sat Jul  2 12:56:55 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Sat, 2 Jul 94 12:56:55 PDT
Subject: Secure Device and Secure Drive problems
Message-ID: <01HE8IT5BVW2000MRV@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

I have been having quite a bit of difficulty with my encrypted drive mangling
files. After getting secure drive 1.3d installed on my hard drive, I find that 
various files are being corrupted and many times after accessing the drive a 
bunch of crosslinked files are present. The TSR was being loaded into high 
memory (login /s was included in my autoexec.bat and safe mode was on after 
the boot); I use Novell DOS 7.0. I had to uninstall the encryption on the 
drive and am thinking of trying Secure Device to see if the problem persists.

Has anyone had any problems such as this? Any suggestions would be welcome as
I desire to keep PGP on the encrypted drive. Encrypted floppies do not seem to 
be a problem (good thing I keep an encrypted floppy backup of my PGP files :-) 
Does anyone know where I can get a utility to decompress the secdevice.arj
file? Is it the same as .arc files? Thanks.

Vaccinia at uncvx1.oit.unc.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhXv0D2paOMjHHAhAQF3UQQAzOFteMznnS/l+pzLRyJaCkpabKnJu9f8
750rHEEXSdIUJRbx7xUn8/V5zzcc0oeBYqbRSsNdm0JmuLGPG3dHW9LFR+vzFnbu
oV+3Gqf+RAuMI1W3piCfDKjzsIfRYFlzn0dAKPsc6JIqCBKq5nMyl/m5WUvt8WFa
5qgbCg1a5+k=
=UYEQ
-----END PGP SIGNATURE-----





From kentborg at world.std.com  Sat Jul  2 13:21:48 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 2 Jul 94 13:21:48 PDT
Subject: PASSWORD DIFFICULTIE
Message-ID: <199407022021.AA29049@world.std.com>


bmorris at netcom.com wrote:
>i.e. "spinachwalrusgazebo" is three words, and to me, would seem immune
>from a dictionary attack, because the attack only uses single words.  Is
>this right?

Wrong.  Read chapter 7 of Schneier's Applied Cryptography, a
dictionary attack is richer than just throwing a dictionary at it.
There is no reason not to try all combinations of several words from
smallish dictionaries.

Those three words would likely show up in a 4,000-word dictionary.  A
1-in-4000 choice is 12-bits.  You chose three words, I count about
36-bits there then.  Generously add another few bits for
capitalization and spacing, and you are still at or under the 40-bits
the NSA feels comfortable with.

(The fact that you would hash this out to 128-bits should not confuse
us.  A hash function cannot make up entropy.)

How many of us have dreamed up wild login passwords (in our youths,
perhaps, but we were more savvy than most youths or adults), only to
years later read David Klein's recipe for an extended dictionary crack
and realize that he would get many of your "clever" passwords?  Same
thing for pass-phrases: clever people will come up with clever
techniques, so only trust a cold count of random bits.  The phrase
"spinachwalrusgazebo" is worth no more than 40-bits, is weak, and yet
is stronger than the keys most normal people will pick.

Passwords are hard to choose.


-kb, the Kent who is on a bit-counting harangue.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!


P.S.  When earlier comparing a million encryptions to 10-bits, I
obviously meant 20-bits--either that or I was being very conservative.
:)





From roy at sendai.cybrspc.mn.org  Sat Jul  2 13:27:19 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sat, 2 Jul 94 13:27:19 PDT
Subject: Physical storage of key is the weakest link
In-Reply-To: <199407012226.PAA01800@netcom7.netcom.com>
Message-ID: <940702.124829.1M6.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, Mssr. tcmay at netcom.com (Timothy C. May):

> In short, these are reasons to keep your secret key secret. Your
> passphrase alone may be insufficient (else why not just dispense with
> the secret key and just have a passphrase?).

Another reason for a secret key and passphrase... with a passphrase
alone, you couldn't change it without changing the public key too.
Since I stupidly typed my passphrase in the clear in front of someone
once, I was very glad the phrase was changeable! :)
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org
  perl -e '$x = 1/20; print "Just my \$$x! (adjusted for inflation)\n"'
        "What do you mean, you've never been to Alpha Centauri?"
                                               -- Prostetnic Vogon Jeltz

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhWpQhvikii9febJAQGNggP/eWj28ovHgb6y45TZA1OqAR6S/jCMgi0z
QqfB+TvpLbf6WZYVI1K44DiLgjAn2IWddSqWQ2lz3IuhyXMM4S8V5tFoGNWE+lUn
FG1hO4fjV1XUn+tJCqeeJdN77gd1+Nzszu8m8/Pq9eU+q+bcehTIaRCQNvrOC9D/
ZkEuSDYcBVY=
=/C3u
-----END PGP SIGNATURE-----






From tcmay at netcom.com  Sat Jul  2 13:54:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 2 Jul 94 13:54:37 PDT
Subject: NSA and CSS Computer Resources
In-Reply-To: <61940702193416/0005514706NA3EM@mcimail.com>
Message-ID: <199407022054.NAA13143@netcom13.netcom.com>


I didn't comment before on Michael Wilson's revelations about the
Maryland Procurement Office (and how it revealed NSA purchases). But I
will now.

He writes:

> Michael Wilson
> Managing Director, The Nemesis Group
> 
> [I hope that the record of purchases made through the Maryland Procurement group
> are making their way from systems such as Mead Data and into private systems for
> analysis; warning, access of such data is expensive.]

Actually, there are much cheaper way to get even more accurate data.
Gunter Ahrendt has been the compiler of a list of supercomputer sites,
a list which he publishes weekly in comp.sys.super. (I haven't seen it
recently, so it may be dormant for the summer.)

Here's an excerpt for the NSA and CSS:

2) 83.73 - (02-JUN-1993) [NSA]
        National Security Agency,California,US
        1) 3 * Cray C916-512  83.73

3) 69.79 - (22-JUL-1993) [CSS]
        National Computing Security Center,Central Security
Service,National
        Security Agency Headquarters,Fort George G Meade,Maryland,US,
        postmaster at ftmeade-eas.army.mil
        1)     TMC CM-5/512     ~35.04  {linearly scaled from a 64CPU
unit}
        2) 5 * Cray Y-MP/8-256   34.75

etc.

I don't discount the possibility that NSA, CSS, NRO, etc. try to hide
some of their purchases--certainly in budgets, if not physically. But
in general they have little to gain by hiding the fact that they have,
for example, 8 Connection Machines. After all, Thinking Machines knows
(purchase, service), and word gets out.

Ahrendt has had good accuracy.

In any case, the number of supercomputers the NSA and its related
affiliate agencies have is not too worrisome to me.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ebrandt at jarthur.cs.hmc.edu  Sat Jul  2 14:17:41 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sat, 2 Jul 94 14:17:41 PDT
Subject: Password Difficulties
In-Reply-To: <199407020153.AA07332@world.std.com>
Message-ID: <9407022117.AA06795@toad.com>


> It boils down to this: I can't remember as many bits as the TLAs can
> crack by brute force.

Have you *tried* to memorize these long passphrases?  I pick ones that
are substantially too complex for me to memorize in one trial.  So I
write the candidate passphrase on paper until I have a grasp on it,
then burn the paper, scatter the ashes (yes, literally), and begin to
use the passphrase.  My experience is that once I've successfully
remembered a phrase two or three times, I will not forget it.

This approach is vulnerable to anyone who is able to snoop around my
belongings, but at that point they might just as well do what they
did to Ames.  I hardly think I warrant this kind of attention.

   Eli   ebrandt at hmc.edu






From schneier at chinet.chinet.com  Sat Jul  2 14:44:18 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Sat, 2 Jul 94 14:44:18 PDT
Subject: Password Difficulties
In-Reply-To: <9407021700.AA16651@mycroft.rand.org>
Message-ID: <m0qKCoT-0002IRC@chinet>


Figure that each English character has 1.8 bits of entropy.  (This is
a conservative number, because it doesn't take into account case, spacing,
or punctuation.)  If I want a passphrase that will map into a 64-bit 
keyspace, I need at least a 35-chararcter phrase.

I generally assume that I need about one word per byte of key.  Thus, if
I want to generate a 64-bit key, I need an eight-word phrase.

Bruce




From nobody at shell.portal.com  Sat Jul  2 14:50:32 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 2 Jul 94 14:50:32 PDT
Subject: SecureDrive for OS/2?
Message-ID: <199407022151.OAA21435@jobe.shell.portal.com>


Is there a version of SecureDrive, or something equivalent, that
will work with a FAT partition under OS/2?  I have SecureDrive 
running under DOS with no problem.  It also works with Windoze.  
If I bring up a DOS box under OS/2, I can install it just fine, 
and it even validates my passphrase correctly.  Unfortunately, 
everything read from the encrypted partition is still garbled.

My theory is that OS/2 isn't using the same interrupts to do disk 
access, and the ones that SecureDrive hooks and intercepts.

Anyone got a solution that will work with OS/2?





From nobody at shell.portal.com  Sat Jul  2 15:09:16 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 2 Jul 94 15:09:16 PDT
Subject: Clipper = Bobbitized Crypto
Message-ID: <199407022210.PAA24462@jobe.shell.portal.com>


> I'm not so kind as others on this list.

> I think people should live consistent with their philosophy and 
> what they advocate. Many times arguments are useless and only 
> experience serves to convince. I wouldn't try to convert another 
> from their faith just because it would do me good. As long as 
> it's possible to find alternate methods of doing the same thing 
> (in this case achieving privacy), I wouldn't try too hard to save 
> Liberals from themselves. I think they deserve to use Clipper.

Consistency with one's own philosophy, huh?  I dont see much of 
that in liberal politics, although maybe to be fair it should be 
applied to politics in general.  Let me cite some examples:

1.) Anti-gun politicians who would regulate away the average 
    citizen's right to self-defense with firearms, but only after 
    they are assured of Secret Service protection, or private 
    bodyguards for themselves.  IOW, a level of personal security 
    not affordable to their constituency.  Clipper is the 
    personal security equivalent of having to call 911 when 
    threatened and patiently wait for the police to show up to 
    protect you, vs. having a small army of Secret Service agents 
    on call 24 hours a day to spring into action to defend you.  

2.) Politicians who accept campaign contributions from teachers' 
    unions, the National Education Association, etc., who vote 
    down any legislation designed to give the average citizen a 
    choice in their child's education, other than the entrenched 
    public school monopoly.  Yet, most of these same people put 
    their own kids in PRIVATE schools, financed from tax dollars 
    by the salaries that we pay them.

3.) Politicians who already employ strong crypto, unavailable to 
    the general public, who want to limit the rest of us to 
    "Clipper".

All three points apply directly to Clinton, but not exclusively 
to him, of course.

You know, there's just something about the name "Clipper" that 
conjures up pictures of Lorena Bobbitt...  Maybe that's what 
Clipper really is ... Bobbitized crypto... <g>

Anyway, back to your point, the average "liberal on the street" 
may indeed be stuck with Clipper.  And as long as Washington DC 
is dominated by a single party with a liberal bent, maybe they 
can convince the rest of their "fellow travellers" that "Big 
Brother loves you and has a wonderful plan for your life", and 
thus to accept Clipper and its host of problems.  But let 
liberals lose control of this country, and then watch them change 
their tune, when the Big Brother technology they put in place is 
now in the hands of "the other side".

Does anyone remember 20+ years ago when the roles were reversed?  
It was the liberals who were protesting wiretaps, etc. by the 
Nixon administration?  Putting a liberal in the White House 
somehow "blesses" these same things?






From gtoal at an-teallach.com  Sat Jul  2 15:48:28 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Sat, 2 Jul 94 15:48:28 PDT
Subject: NSA and CSS Computer Resources
Message-ID: <199407022248.XAA04312@an-teallach.com>


	From: "Timothy C. May" <tcmay at netcom.com>

	I didn't comment before on Michael Wilson's revelations about the
	Maryland Procurement Office (and how it revealed NSA purchases). But I
	will now.

I didn't follow it up either because, apart from Tim's point -- that the
big hardware is mostly known about from the other side -- all his statements
have been content-free posturing.  If he has any solid info I wish he'd post
it in toto, or shut up.  His style reminded me of that idiot on
alt.conspiracy et al who keeps reposting the same jaded old stories in
one or two page installments and never puts the whole series up for
ftp.

Sorry, but no sale.  I stopped being snagged by cliff-hanger teasers
back when they stopped showing Flash Gordon in the old fleapit every
Saturday night.

If he does come up with the goods, the thing to look for is not
what's there but what's *missing*.  Things they don't have to buy
in tells much more about their in-house capabilities than things that
are put on public record.

G





From lcottrell at popmail.ucsd.edu  Sat Jul  2 15:51:00 1994
From: lcottrell at popmail.ucsd.edu (Lance Cottrell)
Date: Sat, 2 Jul 94 15:51:00 PDT
Subject: Password Difficulties
Message-ID: <199407022250.PAA24741@ucsd.edu>


I make a point of using at least one non-dictionary word in every passphase
I make. That is one word not from this or any other language. It seems to
me that the inclustion of such a word somewhere in the password is going to
render the dictionary attack useless (since it is not possible to tell when
you are close).
It seems to me that, although I can not prove it, one does not have to
introduce may non-dictionary elements before a simple brute force becomes
simpler than a dictionary attack. How does one exploit the 1 bit per
character of english, if it is not known what parts of the phrase (if any)
are in standard english?

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







From 0005514706 at mcimail.com  Sat Jul  2 16:00:37 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sat, 2 Jul 94 16:00:37 PDT
Subject: 'Black' budget purchases
Message-ID: <32940702225823/0005514706NA2EM@mcimail.com>


Cypherpunks:

	---	The following is posted by Tim May	---
I didn't comment before on Michael Wilson's revelations about the
Maryland Procurement Office (and how it revealed NSA purchases). But I
will now.

He writes:

> Michael Wilson
> Managing Director, The Nemesis Group
> 
> [I hope that the record of purchases made through the Maryland Procurement 
group
> are making their way from systems such as Mead Data and into private systems 
for
> analysis; warning, access of such data is expensive.]

Actually, there are much cheaper way to get even more accurate data.
Gunter Ahrendt has been the compiler of a list of supercomputer sites,
a list which he publishes weekly in comp.sys.super. (I haven't seen it
recently, so it may be dormant for the summer.)

Here's an excerpt for the NSA and CSS:

2) 83.73 - (02-JUN-1993) [NSA]
        National Security Agency,California,US
        1) 3 * Cray C916-512  83.73

3) 69.79 - (22-JUL-1993) [CSS]
        National Computing Security Center,Central Security
Service,National
        Security Agency Headquarters,Fort George G Meade,Maryland,US,
        postmaster at ftmeade-eas.army.mil
        1)     TMC CM-5/512     ~35.04  {linearly scaled from a 64CPU
unit}
        2) 5 * Cray Y-MP/8-256   34.75

etc.

I don't discount the possibility that NSA, CSS, NRO, etc. try to hide
some of their purchases--certainly in budgets, if not physically. But
in general they have little to gain by hiding the fact that they have,
for example, 8 Connection Machines. After all, Thinking Machines knows
(purchase, service), and word gets out.

Ahrendt has had good accuracy.

In any case, the number of supercomputers the NSA and its related
affiliate agencies have is not too worrisome to me.

--Tim May

---	end of inclusion	---

The data from the Maryland Procurement Office that is stored in certain 
databases (and removed from others, as I have just discovered when I checked) 
provides the complete 'black' budget purchases of the intelligence community, 
not just their purchases of supercomputers.  Such raw data goes a long way 
towards confirming other bits of intelligence, such as the establishment by NSA 
of its own chip manufacturing facility owing to a lack of trust in undocumented 
sections of commercial silicon.  This data is useful beyond knowing the numbers 
of supercomputers available (although it does help provide an upper boundary on 
raw processing power, useful for quantifying tolerances).

What we find interesting regarding the number of supercomputers at NSA is what 
they do to the keyspace; a supposition of ours from the early period of 
commercial public key was an attack on the domain of potential keys.  Given a 
known keylength, a powerful systematic search for primes that fit that range 
can, over time, begin to damage the strength of the system.  Careful analysis of
technical resource also allows one to speculate--are CM platforms (pardon the 
pun) used for exhaustive systematic search for keys, while Cray systems are used
for attacks on the keyspace?  Differentiation of parallel versus scalar 
processing towards attack domains is interesting.

Additionally, having such information is useful beyond its application towards 
analysis.  Operationally, it is useful for an adversary to know, for instance, 
that photo recon analysis is performed on NeXT workstations.  This knowledge 
provides specifications on just what can achieved in the way of image 
enhancements, etc.  It also opens up a realm of options in informational 
warfare; knowledge of the target platform is critical toward building a tailored
attack mechanism to cripple their capability, while knowledge of their providers
supplies an adversary with the introduction mechanism (there is no such thing as
an isolated system).

Michael Wilson
Managing Director, The Nemesis Group
The Adversary





From hfinney at shell.portal.com  Sat Jul  2 16:11:38 1994
From: hfinney at shell.portal.com (Hal)
Date: Sat, 2 Jul 94 16:11:38 PDT
Subject: MAIL: chained remailing strategy
In-Reply-To: <199407020155.SAA12732@jobe.shell.portal.com>
Message-ID: <199407022312.QAA05337@jobe.shell.portal.com>


Nobody writes:

>This mention of "DEATH TO BLACKNET" sounds intriguing.  Is this 
>some sort of abusive/harassing message you're trying to track 
>down?  With encrypted chaining available to hide the actual 
>subject until the last link, it would seem that the sender is 
>either naive, or else WANTS the Subject: line itself to send some 
>sort of "statement".  (What is "BLACKNET", BTW?)

Several months ago arch anti-cypherpunk Larry Detweiler, about to lose
his account, set up a daemon to post an edited version of Tim May's old
"Blacknet" spoof to random and inappropriate usenet groups.  ("Blacknet"
was Tim's hypothetical cryptographically anonymous black market for il-
legal information exchange.)  He happened to use my remailer as a single
hop to the net.  I logged in and found my mailbox full of people complaining
about this message which "I" had sent to sci.med.diabetes and such.  So
I added a line to the .maildelivery file so that any message with the
subject line Detweiler was using would be dumped to a file rather than
forwarded.  This is the only kind of logging I do, other than recording the
date and time at which the remailer sends each message, the source of my
previous posting.


>This brings up a related question, however.  How often, if at 
>all, are you asked to help trace down the source of a message 
>handled by your remailer?  Under what circumstances would you 
>cooperate with such a request?

In the year and a half that I have been running this remailer, I have
been asked probably a dozen times if I could tell where some abusive
message comes from.  I am not able to do so since after the message has
been sent the information is gone.  At best I could insert a log if it
looked like something really vicious was going on.  Even then, if the
sender used chaining then every remailer on the chain would have to
anticipate and log his messages (or all messages).  My general practice
is to add every person who complains about receiving an unwanted
message to my list of outgoing blocked addresses.


>I've noticed that you have a 510 bit public key for your 
>remailer.  Did you choose the shorter length to speed things up, 
>or what?  I tend to use a remailer with a longer key as my FIRST 
>link in the chain.  Maybe it's overkill, but why not?

I chose the ~512 bit key in recognition of the limited security provided
by my remailer.  Like every automated remailer, the decryption key has to
be on the system essentially in cleartext.  I don't come up and type in a
pass phrase for every message which goes through.  This means that anyone
who can hack Unix can learn my remailer secret key.  Under the circum-
stances, there would be no point in going with 1024 bits, and in fact it
would give an entirely false and unjustified sense of security.

>And, finally, as a chained remailer user, I've read the periodic 
>"status reports" by fingering "ghio at andrew.cmu.edu" and your 
>remailer must certainly rank as one of the promptest and most 
>reliable.  In fact, I think I'll include you *SOMEWHERE* on the 
>chain for this reply... <g>

I can't take any credit for either the promptness or reliability; that is
a function of my internet service provider, the Portal system.  Frankly,
I have not been too happy with the reliability and availability of the
system; mail and news seem to fail for 24 to 36 hour periods every month
or so, and the system seems to have unscheduled downtime a few hours a
week.  But I suppose almost everyone has complaints like this.  The one
thing I will give the Portal people high marks for is that they have never
said anything about my remailer.  I'm sure some of the nasty letters I have
received after inappropriate mail and news postings have been cc'd to the
sysops here, but I haven't heard one word.  I understand that at the
"Hackers' Conference" a couple of years ago the owner of the Portal system
endorsed the concept of remailers.  (This was reported by Tim May.)  Perhaps
he is silently offering me some sort of protection.  Whatever the reason,
I am pleased that I have been able to keep the service going this long.

Hal Finney
hfinney at shell.portal.com





From jim at acm.org  Sat Jul  2 16:16:54 1994
From: jim at acm.org (Jim Gillogly)
Date: Sat, 2 Jul 94 16:16:54 PDT
Subject: Passwords, passphrases, etc.
In-Reply-To: <61940702193416/0005514706NA3EM@mcimail.com>
Message-ID: <9407022316.AA16916@mycroft.rand.org>



> Michael Wilson <0005514706 at mcimail.com> writes:
> Another brief observation you might want to think about in regards to the 
> implications; the data in the public domain for cryptanalysis tends to be based
> primarily in the English language (frequency tables, dictionary attacks, etc.).
> Isn't it striking that so little of similar data has leaked out for what one can
> assume were the real targets--Russian, Arabic, German, etc.?  Seems to be quite
> an effort to attack English-based systems.  There also seems to be an unusual

Pedagogy rather than conspiracy -- you're reading the wrong books.  It's
easier to explain stuff to people in a language they understand, so they
can do the right things with guessing the middles of words and phrases,
extending key or plaintext islands, and so on.

Try Kullback's "Statistical Methods in Cryptanalysis", which does literary
and telegraphic English, as well as frequencies for French, German, Italian,
Japanese, Portuguese, Russian and Spanish; and digraphs for Czech, French,
German, Italian (military), Japanese, Polish, Spanish, and Swedish.
Sacco's "Manual of Cryptography" also has various languages, and Givierge
concentrates on French (as you might expect).  Military Cryptanalytics
part I vol 2 (Friedman and Callimahos) has lots of foreign language and
English stats: German, French, Italian, Spanish, Portuguese, and Russian.
The stats in Military Cryptanalytics Part III (the declassified parts)
include 24 languages.  All but the last are available from Aegean Park
Press, P.O. Box 2837, Laguna Hills CA 92654-0837, (714)586-8811.

	Jim Gillogly
	9 Afterlithe S.R. 1994, 23:16





From tcmay at netcom.com  Sat Jul  2 16:44:58 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 2 Jul 94 16:44:58 PDT
Subject: 'Black' budget purchases
In-Reply-To: <32940702225823/0005514706NA2EM@mcimail.com>
Message-ID: <199407022345.QAA11226@netcom5.netcom.com>


Michael Wilson writes:

> The data from the Maryland Procurement Office that is stored in certain 
> databases (and removed from others, as I have just discovered when I checked) 
> provides the complete 'black' budget purchases of the intelligence community, 
> not just their purchases of supercomputers.  Such raw data goes a long way 
> towards confirming other bits of intelligence, such as the establishment by NSA 
> of its own chip manufacturing facility owing to a lack of trust in undocumented 
> sections of commercial silicon.  This data is useful beyond knowing the numbers 

That the NSA contracted National Semiconductor to build a facility
on-site has been common knowledge since 1989-90. The fab is not state
of the art (i.e., is not 1.8 micron or better) and is believed to be
used for the very reasonable purpose of producing keying material in a
secure environment (ROMs, PROMs, fuse-linked micros, PLAs, etc.). It
is unlikely--but possible--that high-performance micros are being
manufactured there.


> of supercomputers available (although it does help provide an upper boundary on 
> raw processing power, useful for quantifying tolerances).
> 
> What we find interesting regarding the number of supercomputers at NSA is what 
> they do to the keyspace; a supposition of ours from the early period of 
> commercial public key was an attack on the domain of potential keys.  Given a 
> known keylength, a powerful systematic search for primes that fit that range 
> can, over time, begin to damage the strength of the system.  Careful analysis of

This is nonsense. A typical 1024-bit RSA system uses p and q close to
512 bits each, e.g., 511 and 513. Whatever.

Now a 512-bit number is a 150-plus decimal digit number. About .5-1%
of all of these numbers are prime (by the Prime Number Theorem, or
somesuch...about 1/N of all N-digit numbers are prime, as I recall).

How big a keyspace is this to start searching "systematically"?
Considering that there are "only" about 10^73 particles of all kinds
in the entire universe (based on our best estimate of the size of the
universe, the density of galaxies, gas clouds, etc.), this means that
if every particle in the universe were searching for and recording the
primes they discovered, each particle would have to store 10^77
primes!

So much for "a powerful systematic search for primes that fit that
range."


> technical resource also allows one to speculate--are CM platforms (pardon the 
> pun) used for exhaustive systematic search for keys, while Cray systems are used
> for attacks on the keyspace?  Differentiation of parallel versus scalar 
> processing towards attack domains is interesting.

"Parallel versus scalar processing"? Parallelism means nothing at
these scales...see the above point.


> Michael Wilson
> Managing Director, The Nemesis Group
> The Adversary


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From nowhere at bsu-cs.bsu.edu  Sat Jul  2 16:56:45 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sat, 2 Jul 94 16:56:45 PDT
Subject: No Subject
Message-ID: <199407022355.SAA01612@bsu-cs.bsu.edu>



 
extracted from:
 
LAN Magazine
volume 9, number 8
August 1994
 
 
Is it 1984?
by Ted Bunker
 
The security of data over networks has risen to debate in Congress.
Does the clipper chip ensure security or violate citizens' rights?
 
 
 
 
FBI Director Louis Freeh is worried. The bad guys are beginning to see
the light, and it is digital.
 
Freeh fears some pretty nasty folks have discovered they can commit
highway robbery and more, without even leaving home. Worse, to Freeh
and other top cops, by using some pretty basic technologies, savvy
criminals can do their crimes without worrying about doing time.
 
Some crooks, spies, drug traffickers, terrorists and frauds already
use the tools of the information age to outfox law enforcement
officers. Hackers use PBXs to hide their tracks as they rip off phone
companies and poke around in other people's files. Reprogrammed
cellular phones give cops fits.
 
Even simpler technologies can ruin an FBI agent's day. For instance,
last year routine telephone services such as call forwarding thwarted
investigators trying to tap lines 29 times.
 
To Freeh and other law enforcement officials, things are bound to get
worse. As digital telecommunications technologies and powerful,
portable computers spread, they threaten to undermine the
investigative tools of electronic surveillance that the FBI says have
helped put tens of thousands of criminals behind bars in the past 25
years and saved billions of dollars and thousands of lives, No one
disputes this assessment.
 
But many Americans consider the Clinton administration's proposed
solutions to be worse than the problems Freeh and other law
enforcement officials confront.
 
Embodied by the much-maligned Clipper chip key escrow encryption
system and the FBI's Digital Telephony proposal, the solutions put
forward by the Clinton Administration have raised a rare mix of
opponents: Civil libertarians, conservatives, and technology gurus
have all lined up against the government's plans. Some vehemently
oppose these plans as serious threats to individual rights. Others say
they could prove ruinous to a leading U.S. industry at a time when the
worldwide market for telecommunications and computers is growing at an
explosive rate. Underlying all the objections is one common thread.
 
 
Do you trust your government?
 
"Basically, the issue is, 'Do you trust your government?'" observed
David Farber, a telecommunications professional at the University of
Pennsylvania in Philadelphia. Farber, testifying before a House
subcommittee on the issue last May, said one of his 23-year-old
students replied that to him and others of his generation, the phrase
"trust government" is meaningless.
 
Lack of trust in government is understandable. After all, those who
are old enough can remember Communist witch hunts in the 1940s and
1950s, the Army's pursuit of anti-Vietnam War activists in the 1960s,
and of course, watergate and the downfall of President Nixon. All
were, to some measure, abuses of the public trust.
 
Add to that historical conditioning the potent mix of technologies
involved in digital communications systems and cryptography, and its
not hard to open up deep-seated veins of skepticism and mistrust.
 
In the words of Rep. Dan Glickman, D-KS, today's digital systems are
"scarier" when it comes to wiretapping and other surveillance
capabilities, "because it's kind of inherently in the machinery
itself." Gone are the people -- the linemen, the switchboard
operators, the central office switch personnel -- who might exercise
their judgement and question a request to tap a line or record the
numbers someone dials. Today's chips and switching systems can be
programmed to do it all automatically.
 
"If they had the right software package," Freeh told one joint House-
Senate subcommittee hearing last March, phone company staff "could be
home sleeping at night and we could have the access we need."
 
With the right software and hardware combinations and just a few
keystrokes, the government could listen in on just about anyone. In
the digital age, even a computer could do the listening, alerting a
law-enforcement agent only when certain key words or numbers are
uttered. That's exactly what worries civil libertarians such as Jerry
Berman, executive director of the Electronic Frontier Foundation and
a spokesman for the public-policy interest group Digital Privacy and
Security Working Group, both based in Washington, D.C.
 
"In short, the [Digital Telephony] bill lays the groundwork for turning
the National Information Infrastructure into a nationwide surveillance
system, to be used by law enforcement with few technical or legal
safeguards," Berman told the House subcommittee in May. "Although the
FBI suggests that the bill is primarily designed to maintain the
status quo wiretap capability in the face of technological changes, in
fact, it seeks vast new surveillance and monitoring tools."
 
Strong language, to be sure. But then, the FBI's Digital Telephony
proposal is such strong medicine that some people think it could
poison a critical industry and seriously retard the development of the
national information infrastructure. Similar criticisms have been
leveled against the Clipper chip plan.
 
"If we are to maintain our leading position in the information
marketplace, we must give our full support to the development of open
international security standards that protect the interests of all
parties fairly," said Whitfield Diffie, one of the inventors of the
public-key encryption concept and now a distinguished engineer with
Sun Microsystems (Mountain View, CA). "A standard based on a secret
American technology and designed to give American intelligence access
to the communications it protects seems an unlikely candidate for
widespread acceptance."
 
How did we get here? The first formal attempts to address the
challenges posed by digital communications systems began during the
Bush Administration. Meetings between Justice department and telephone
company officials started in 1990 and continued into early 1992, when
a formal industry group, the Alliance for Telecommunications Industry
Solutions (Washington, D.C.), set up its Electronics Communications
Service Providers committee.
 
But the group holds no authority over the estimated 2,000 providers of
telecommunications services operating in the country. And in any case,
in the view of the FBI, it came up with no workable solutions to the
problems posed by new technology. So, in 1992, the FBI made its first
attempt to push through legislation, meeting with a withering assault
by civil libertarians and industry figures who said it overreaching,
intrusive, and without adequate justification.
 
A few months after President Clinton took office, he ordered a
National Security Council (NSC) review of the problem. Eight months
later, the NSC panel offered several policy options. "As a result of
their review of the options, it was unanimously decided that
comprehensive legislation was the only effective way to deal with the
digital telephony problem," Freeh testified at the March House-Senate
hearing. The resulting proposal, he added, neither enlarges nor
reduces current authority for government access to communications
content or call setup information, such as numbers dialed or the
locations of phones.
 
In his written testimony, Freeh went on to sum up the proposal's main
elements: It would require common carriers to supply the capability
and necessary capacity to enable government to conduct lawfully
authorized electronic surveillance. Phone companies would have to
provide assistance for all wiretap, trace, and "pen register" dialing
records "expeditiously and simultaneously," Freeh wrote.
(Law-enforcement officials can obtain a warrant to place a pen
register on a phone line to record what numbers were dialed and from
where they were dialed.) Phone companies would also have to comply
regardless of system features used or the mobility of the target.
Phone companies would also be required to give authorities access in
unobtrusive ways, and be able to supply the content and other
information to remote locations. Failure to comply could result in
fines of up to $10,000 per day.
 
"The essence of the legislation is to clarify and more fully define
the nature and extent of the service provider's 'assistance'
requirement that was enacted by Congress in 1970, which Congress
imposed so that court orders would not be frustrated due to a
provider's failure to furnish needed technological assistance and
facilities," explained James Kallstrom, special agent in charge of the
FBI's Special Operations division in its New York field office.
Kallstrom, like Freeh and others before him at other hearings,
stressed that failure to adopt the measures sought by the FBI could
expose the nation to the predations of sophisticated criminals.
 
Rather than pitting government against the First and Fourth Amendment
rights of law-abiding Americans, Kallstrom told a congressional
committee, "I see this as a balance of power between the government
and the criminals."
 
 
The cost of compliance
 
Critics remain unconvinced, however, and not just on civil liberties
grounds.
 
While he said the proposal is "overly broad," Ron Neel, president of
the United States Telephone Association (Washington, D.C.), added, it
"does not cover all of the technologies and systems that should be
covered by any rules that are put in place." The USTA is a lobbying
group representing about 1,100 local telephone companies. Ultimately,
Neel told congressional inquisitors, the FBI bill could prompt greater
use of such advanced telecommunications systems as special mobile
radio and personal communications services, which aren't considered
common carriers.
 
"It makes unreasonable and perhaps impossible demands on those it does
not cover," Neel continued, adding: "It is unnecessarily punitive, and
it is economically unfair and impractical."
 
To assure access at any given time, all telephone companies will have
to post someone to a law-enforcement liaison role at all times, or risk
a $10,000 a day fine or being shut down entirely, Neel says. The cost
of this and other aspects of the FBI's plan could be staggering.
 
Just to make sure wiretaps could be placed on calls that are
automatically forwarded to another number could cost $1.8 billion,
Neel says. Others estimate compliance will cost several billion
dollars each year, a cost that Neel says would undoubtedly be passed
on to consumers. While the proposal calls for agencies to compensate
phone companies for their costs, he notes that collection can be
time-consuming, and that, in any case, it is left to the government to
decide how much to pay.
 
FBI and other administration officials remain unfazed by such
cost-conscious criticisms. "Today will be the cheapest day on which
Congress could fix this thing," Kallstrom said. "Two years from now,
it will be geometrically more expensive."
 
Freeh contends that the government isn't trying to dictate technical
standards or tell industry what technology to use or to avoid. But,
because of the vagueness of the requirements, Neel and others say the
the proposed law will stifle development of new technology.
 
"This legislation would make the Attorney General the arbiter of
whatever technologies and equipment can be deployed in the public
telecommunications network," Neel said. "Our nation cannot be held
hostage to inexpert analysis of telecommunications technology as we
move into the information age," he asserted, adding that the FBI
proposal "creates an enormous speed bump in the information
superhighway."
 
Others outside the industry agree with Neel's assessment. "The Digital
Telephony proposal presents a major drag," said Farber, the Penn
professor. "Whenever a new feature is being considered for
implementation and marketing, one very important issue will be how
much it will cost to implement it."
 
Farber says compliance could easily cost the industry more than #3
billion a year, and adds the modifications it could require might
disrupt the nation's communications networks. Ultimately, he says the
Digital Telephony and Clipper plans could diminish American
competitiveness in developing markets, such as Eastern Europe or
Southeast Asia. That is a frightening prospect to some in the
industry, and for good reason.
 
Global telecommunications demand is growing fast, and combined with
the computer and entertainment industries, it is expected to reach
$3.5 trillion by the end of the decade, according to the International
Telecommunications Union. The ITU expects the computer,
communications, and entertainment industries to have merged completely
by then.
 
"Telecommunications is becoming the world's biggest economic sector,
growing faster than anything else, being the real engine for growth in
almost all economies," said Pekka Tarjanne, the ITU's
secretary-general, at an ITU trade fair in Cairo earlier this year.
"The overall growth rate of the sector is continuing to accelerate in
spite of worldwide recession."
 
To prevent erosion of America's leading position as a
telecommunications equipment and service provider to the world, Neel
said, "It is extremely important that the public maintain confidence
in the privacy of the telephone system."
 
Freeh may not want certain types of information, Neel said, but it's
"extremely difficult to ferret out the kind of information he doesn't
want." And in so doing, Neel concluded, "It forces the phone company
to become an agent of law enforcement."
 
Freeh counters by stressing that the FBI wants only to preserve its
present authority. "Law enforcement is not seeking to build 'back
doors' to sneak into common carrier's systems," Freeh said. "The
proposed legislation is not some dreaded Orwellian prophecy come
true."
 
Besides, Freeh asserted, telecommunications industry officials "have
bluntly told law enforcement that the existing telecommunications
systems and networks will thwart court-authorized intercepts." Freeh
said in recent years several hundred authorized surveillance efforts
have failed partly or entirely because of "technological impediments."
He said last year alone, 91 intercepts ran into technological
problems, most involving either cellular telephones or call-forwarding
features. But Congress remains unconvinced.
 
"We are inching closer and closer to 1984, aren't we?" observed Sen.
William S. Cohen, R-ME, during one of the several congressional
hearings. He blamed "increasingly intrusive technology" for this trend.
Yet, he recognized the FBI's need to guard against criminal activity
and terrorist attack. There is a "constant tension" between the need
for privacy and the need for protection, he added.
 
"We do have some very serious privacy concerns," said Sen. Patrick
Leahy, D-VT, the chairman of the Judiciary committee's technology
subcommittee. "That's one of the underlying questions in this whole
thing."
 
 
It's a matter of privacy
 
Concerns about privacy and the potential for abuse are not without
foundation, as even some lawmakers can attest. Rep. Don Edwards, D-CA,
chairman of the civil rights subcommittee of the House Judiciary
committee, recalled that in his short service as an FBI agent in the
days before legal authority for wiretaps existed, the agency used the
technology anyway. Today, this kind of abuse is frightening indeed.
 
Freeh's proposal, Berman said, "will tell you what movies you may be
watching, what newspapers you're reading, what doctor you're seeing...
This is NCIC squared." NCIC is a national computerized criminal
records system operated by the Justice department.
 
"I don't want anybody to go nose around in all that, anymore than I'd
want somebody to open my mail," Leahy said. But Freeh claimed that
such transactional information is not covered by the proposal, and is
adequately protected under existing laws.
 
Besides those with concerns about preserving civil liberties, some
members of Congress worry that the FBI proposal and the Clipper chip
plan would put government in a position to shape a huge and rapidly
evolving sector of the nation's economy. Plenty of lawmakers share
Leahy's appreciation of just how technologically backward the
government can be, especially when it comes to computers and
communications systems.
 
So when Freeh stood in front of lawmakers in a Senate hearing room
last march to say that Americans "want to have a cop" on the digital
information highway, he was met with considerable skepticism.
 
"I am not prepared to support a government veto on technology
advances," Leahy told Freeh. "I'm frustrated by that idea."  He added,
"If we do that, then you'll find people going to Sweden and Germany to
buy their phone systems, because we'll fall behind."
 
Noting the government's "outrageous" track record when it comes to
deploying telecommunications and computer technology, Leahy said if
the Justice Department had to sign off on any telecommunications
advances before they could be deployed, "We'd still be back in rotary
telephones."
 
He has a point. After all, the White House employed telephone operators
on an old-fashioned switchboard system until last year. And during the
Persian Gulf War, off-the-shelf cellular telephone systems turned out
to work better than expensive military communications gear.
 
 
Science and Art
 
But when it comes to cryptography, the mathematical science of
encoding and decoding, U.S. government employees are among the best in
the world. And many of them work for the Pentagon's National Security
Agency, or NSA, an electronic cloak-and-dagger operation charged with
collecting "signals intelligence" against foreign targets. NSA is also
charged with maintaining computer systems security for the U.S.
government, which is why it designed the key escrow encryption system
of which the Clipper and lesser-known Capstone chips are part.
 
Unofficially, NSA is thought to have prompted the Clipper plan in
order to head off the commercial success of strong encoding
technologies developed outside the government. That view fits with
NSA's historic role in making available the current widely used
encoding system called Data Encryption Standard, or DES. Under Adm.
Bobby Ray Inman, NSA made DES available for use within the United
States in the 1970's.
 
Earlier this year, the Clinton administration announced it would
implement the Clipper chip system as a "voluntary" standard suitable
for all non-classified government communications. The action makes it
possible for all government agencies to require the use of
Clipper-enabled communications devices for any sensitive work, either
by staff or outside contractors. With the government's tremendous
buying power, the White House's action could crowd out competing
cryptographic technologies, making Clipper the de facto standard. And
some outside the government ask why is that necessary.
 
To date, law-enforcement officials have not been "significantly
frustrated by voice encryption," according to Assistant Attorney
General Jo Ann Harris, chief of the Justice department's criminal
division. In pursuing the Clipper plan, she told Sen. Leahy in May, "We
are trying to anticipate, to get ahead of the curve."
 
Clipper refers to a chip that encodes communications as they pass
through it. It is designed to be embedded in telephones, fax machines,
and modems. While Clipper systems make calls indecipherable to anyone
eavesdropping, the Clipper chip has a "trap door" that the government
can open, giving investigators access to decrypted or "clear" calls.
The key to this door, unique to each chip, would be split into two
pieces and held separately in "escrow" by Treasury and Commerce
department officials.
 
To many people outside government, Clipper's accessibility, however
closely guarded, opens the door to abuse.
 
Earlier this year, some 45,000 people signed an electronic petition
against Clipper circulated over the Internet. One oft-cited poll in
March found 80 percent of those asked objected to the Clipper plan.
Still, the White House, led by Vice President Al Gore, plows ahead
with Clipper.
 
"There is an inherent balancing test which has to be applied," Gore
told a group of reporters in a private meeting in late February. "The
law enforcement and national security interests are of the first order
of magnitude and extremely important." He asserted that Clipper
strikes the right balance between national security interests and the
privacy rights of the individuals and firms.
 
"We have no intention of supporting some system that will create a de
facto ease of entry into the information superhighway for
law-enforcement officials without proper legal proceedings," Gore
said.
 
Critics fear that's just what Clipper ultimately will allow.
 
"Many worry that such an escrow system could be vulnerable to misuse
by a future administration or overzealous law-enforcement
organizations," Farber told the House subcommittee. "The position of
the administration worries many in the technical community, since they
feel it is but the first step to the banning of any form of encryption
except that approved and escrowed by the government."
 
"The Clinton administration says 'not on our watch,' and I believe
them," Farber added. "However, our grandchildren will not have them on
watch when they grow up. So we need a lasting and effective solution
to this problem, not a quick fix that is technologically unsound and
unwise as a matter of public policy."
 
Clipper's defenders say it is the fairest, most effective way to
ensure the preservation of the law-enforcement agency's current
authority, while at the same time providing society with a very strong
method of protecting communications. For instance, Clipper is 16
million times harder to break using a "brute force" approach than DES.
 
>From Adm Michael McConnell, the director of NSA, to FBI agents such as
Kallstrom, Clipper supporters claim much of the opposition to the plan
stems from misinformation. Opponents say one reason for that is that
much of the Clipper system remains shrouded in secrecy, including the
algorithm, known as Skipjack, used to encrypt communications as they
pass through the Clipper chips.
 
Dorothy Denning, a cryptographer who heads Georgetown University's
computer science department, was among a handful of outsiders allowed
to examine the classified Skipjack algorithm. After trying to break
it, she and others determined that "there was no significant risk that
Skipjack could be broken by any short-cut method of attack." Moreover,
she testified, it would be 36 years before a brute force approach --
trying every possible combination of keys -- would be economically
feasible.
 
But the details of how the escrow bureaucracy would work and how
authorized agents would obtain and use the keys, then destroy them,
have yet to be worked out. At one point, the Justice department's
Harris said she believed the Clipper keys, once issued, would
"self-destruct after a certain period of time."
 
Opponents remain unconvinced. Some, like University of Pennsylvania's
Farber, suggest placing the keys under the control of nonexecutive
branch agencies, or even in the custody of some private-sector
organization. Clipper is a non-starter as long as the government
controls the keys, say executives in banking, computer services, and
other industries.
 
Comments by Les Alberthal, chairman and chief executive of General
Motors' EDS (Dallas) unit, reflect the discomfort felt by many
business people when they consider Clipper and its implications.
 
"I can understand what the government is trying to do," Alberthal
says. "I shudder a little bit at the potential of that sort of
eavesdropping on normal business and normal people's lives.
 
"We criticized Russia for years for doing that, and yet we're turning
around and trying to do the same thing. Somehow or other, we're going
to have to figure out some process, whereby the illegal kind of
activities, the courts can get at to deal with," Alberthal notes,
adding: "But I do not believe a blanket ability to enter into, watch,
monitor, or pull information out of normal processes or business
cycles is really going to work."
 
 
An American disadvantage
 
While the U.S. government meddles with the market for encryption,
causing major purchasers to delay acquisitions, it gives foreign
competitive advantages over its suppliers, in the view of Martin
Hellman, a Stanford University electrical engineering professor who
studied the issue for the Business Software Alliance (Washington,
D.C.). Government meddling risks slowing the development of America's
information structure, he adds, pointing out that it may also lead to
the creation of incompatible infrastructures in other parts of the
world, where encryption technology is not restricted.
 
Hellman and others say that for any network to gain widespread
acceptance as a medium for commerce, it must be trusted to deliver
communications with absolute privacy and integrity. "Just as people do
not use post cards for most of their mail, prudent users will refuse
to trust most information to an insecure NII," Hellman writes in a
study of the issue. Absent that level of security, the American
information superhighway could become a monumental white elephant.
 
"Local area networks are, in reality, spy networks in which each node
watches all the information flowing over the shared cable and picks
out only those messages with its address. It would take only a minor
modification to create phantom nodes that watch all information
flowing over the cable and pick out only those intended for someone
else on the network," Hellman writes. "Because such phantom nodes look
like normal nodes, it would be hard to detect their existence."
 
E-mail messages, for instance, often pass through "supernodes" en
route to their final destination, and thus could easily be picked off
and copied or altered along the way, hellman notes. He says the NSA,
aware of the potential problems this could cause, "prohibits its own
confidential information from being sent over the Internet. Instead,
the agency uses its own secure e-mail network and is extremely careful
to prevent any connection between the two."
 
Additionally, Hellman observes that America's allies -- as well as its
old opponents -- continue to pry into the affairs of U.S. businesses,
particularly those with proprietary technology. Government officials
in the U.S. and Canada have testified recently concerning the
activities of French, Japanese, Chinese, and Russian services spying
on U.S. corporations. So those that operate without the benefit of
data encryption and other security measures are at risk.
 
 
Reluctant acceptance
 
Data security and integrity is a vital issue to many people in
business. One survey, conducted among Fortune 500 companies by Forest
& Sullivan last year, found 92 percent of the 151 respondents felt
information security was important. Data encryption was counted as an
important tool to that end by 46 percent. Datapro, a McGraw Hill
research unit based in Delran, NJ, found that 29 percent of the 1,153
respondents in a 1992 survey used end-to-end encryption systems to
guard their communications.
 
Yet for all that interest, AT&T, the only maker of Clipper telephone
systems, counts the FBI as its biggest customer. Earlier this year,
the agency ordered 9,000 of the Clipper units, which retail at a cost
of $1,090 each.
 
Stephen Walker, founder and president of Trusted Information Systems
(Glenwood, MD), a long-time NSA cryptographer, argues that the Clipper
plan is hopelessly flawed from an economic standpoint. Citing market
estimates that there are 250,000 voice encryption systems in use
today, Walker told a Senate hearing that the $14 million Clipper setup
costs and its $16 million annual budget would mean that the cost of
intercepting Clipper encrypted calls could run as high as $6.4 million
each, given that only an estimated 2.5 Clipper-encoded calls would be
intercepted each year.
 
He derived those numbers based on the estimated 500 million phones in
use in the United States, the number of wiretaps likely in a year
(5,000), and the statistical likelihood that a target line would be
encrypted, assuming that all encryption would be with Clipper systems.
 
Besides those impractical economics, Walker points out that by
doubling up DES encryption -- running a communication through two
different devices -- someone who wants to frustrate a wiretap could
have a code that is stronger than Clipper, and for which there would
be no escrowed key. Besides, he and others note, there are literally
hundreds of other encryption systems available today, including many
that use DES and some that use "public key" methods that make encoded
electronic mail unbreakable.
 
Based on his analysis, Walker added, "I'm convinced that five years
from now they'll say 'This isn't working,' so we'll have to change
the rules." Then, he predicted, Clipper will be made mandatory for all
encoded communications.
 
One way in which Clipper could be made acceptable, Walker says, is to
make the judiciary system act as the escrow agent. That way it would
at least be independent of the executive branch, and would reinforce
the traditional American method of balancing governmental power among
its different branches.
 
But Diffie, the Sun engineer, contended that any escrowed system is
hopelessly flawed when it comes to communications encryption security.
Good security practice in communications, he observed, means keeping
the decoded keys around far as short a time as necessary, then
destroying them. Today, secure phones use keys that exist only for as
long as a single encrypted call lasts, and once destroyed can never be
recreated. "A key escrow proposal surrenders this advantage," he said,
"by creating a new set of escrowed keys that are stored indefinitely
and can always be used to read earlier traffic."
 
Stored data that is encrypted is useless without a key, Diffie
noted. For that reason, the user has to keep a copy of the key
somewhere, and that makes it obtainable by traditional methods like
those that are used to retrieve paper records today.
 
Finally, Diffie noted, "The reason there is so much disagreement is
that there is so little evidence of a problem." No one has claimed,
after all, that the bad guys are using voice encryption technology
today. Even master spy Aldrich Ames, the renegade CIA officer
turned Soviet mole, used clear lines to plot his misdeeds.
 
With the rapid advances in computing and communications technologies,
Diffie asserted, "If allowing or even encouraging wide dissemination
of high-grade cryptography proves to be a mistake, it is likely to be
a correctable mistake."
 
"If, on the other hand, we set the precedent of building government
surveillance capabilities into our security equipment, we risk
entrenching a bureaucracy that will not easily surrender that power
this gives."
 
 
--------------------------------------------------------------------
 
Ted Bunker is a freelance journalist who covers technology policy
issues. He is based in Washington, D.C. and can be reached at
tbunker at aol.com.
 






From nowhere at bsu-cs.bsu.edu  Sat Jul  2 17:01:27 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sat, 2 Jul 94 17:01:27 PDT
Subject: No Subject
Message-ID: <199407030000.TAA02030@bsu-cs.bsu.edu>



Can someone explain to me how to get the "Subject" line of an anon
message to appear using the "##" features? I dpn't seem to be having
much luck...






From ifarqhar at laurel.ocs.mq.edu.au  Sat Jul  2 17:01:34 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Sat, 2 Jul 94 17:01:34 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <m0qJvy4-0002FgC@chinet>
Message-ID: <199407030001.AA14425@laurel.ocs.mq.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

>     Feedback with Carry Shift Registers (FCSRs):  Linear
>Feedback Shift Registers (LFSRs) have been the workhorse of
>military cryptography for years.  Goresky and Klapper have

An interesting thought hit me when reading this.  The "classic"
Cray series (Cray-1, X-MP, Y-MP) all have a rather curious instruction
generally known as population count.  All it does is to take a register
and count the number of one bits in it, and return that count.  Originally
I could never figure out a use for this, but later was told that it was the
"canonical NSA instruction", and was consistently demanded by almost all
military SIGINT operations.

On reading this, I realised that one possible use was to implement a
vectorized version of a LFSR.  Take a vector register (the shift register),
AND it with a mask of the taps into another vector register, and then
do a population count to determine the carry in.

Just a thought.  It's the only plausable use that I have yet thought of
for this instruction.  Has anyone else got any ideas?

As for military ciphers having been "the workhorse of military
cryptography for years", I am reminded (with some amusement) of the
structure of A5.  I wonder if all of the fuss about secrecy was not
about the almost non-existant security of the cipher, but simply it's
similarity to more sophisticated military ciphers?

						Ian.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLhX/qtCZASdT8NoBAQF8SAP/V5FKgEaCk1GQXV9rrK+AMry2Bzb9Xlyu
bYMqjN94mAqqkNOe1r2ChmUF4kleTUMxdx1Krje3xhLDPL31HH4lvJ386sm6Ogrm
/iu/TgjoSnGbMYtoq+C2ZJacA/NBDzItTeUaZgkWRS62Emo/cFIGarT130clL8/x
HnNbtdGtSOE=
=VVZZ
-----END PGP SIGNATURE-----




From smb at research.att.com  Sat Jul  2 17:06:05 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sat, 2 Jul 94 17:06:05 PDT
Subject: Password Difficulties
Message-ID: <9407030005.AA11165@toad.com>


	 Figure that each English character has 1.8 bits of entropy.
	 (This is a conservative number, because it doesn't take into
	 account case, spacing, or punctuation.)  If I want a
	 passphrase that will map into a 64-bit keyspace, I need at
	 least a 35-chararcter phrase.

Don't forget the difficulty of typing such a long phrase, with
echoing turned off.





From 0005514706 at mcimail.com  Sat Jul  2 18:05:16 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sat, 2 Jul 94 18:05:16 PDT
Subject: Reply to Tim May's comments
Message-ID: <42940703010324/0005514706NA2EM@mcimail.com>


Tim May wrote (reply comments offset by leading '***'):

Subject:  Re: 'Black' budget purchases
 
Michael Wilson writes:

> The data from the Maryland Procurement Office that is stored in certain 
> databases (and removed from others, as I have just discovered when I checked) 
> provides the complete 'black' budget purchases of the intelligence community, 
> not just their purchases of supercomputers.  Such raw data goes a long way 
> towards confirming other bits of intelligence, such as the establishment by 
NSA 
> of its own chip manufacturing facility owing to a lack of trust in 
undocumented 
> sections of commercial silicon.  This data is useful beyond knowing the 
numbers 

That the NSA contracted National Semiconductor to build a facility
on-site has been common knowledge since 1989-90. The fab is not state
of the art (i.e., is not 1.8 micron or better) and is believed to be
used for the very reasonable purpose of producing keying material in a
secure environment (ROMs, PROMs, fuse-linked micros, PLAs, etc.). It
is unlikely--but possible--that high-performance micros are being
manufactured there.

*** We were tracking NSA purchases of material over a decade ago; as for their 
usage of the technology, my statement was simply that they felt, after serious 
analysis, that they couldn't trust commercial silicon.  The issue was trust, not
computation power.

> of supercomputers available (although it does help provide an upper boundary 
on 
> raw processing power, useful for quantifying tolerances).
> 
> What we find interesting regarding the number of supercomputers at NSA is what
> they do to the keyspace; a supposition of ours from the early period of 
> commercial public key was an attack on the domain of potential keys.  Given a 
> known keylength, a powerful systematic search for primes that fit that range 
> can, over time, begin to damage the strength of the system.  Careful analysis 
of

This is nonsense. A typical 1024-bit RSA system uses p and q close to
512 bits each, e.g., 511 and 513. Whatever.

Now a 512-bit number is a 150-plus decimal digit number. About .5-1%
of all of these numbers are prime (by the Prime Number Theorem, or
somesuch...about 1/N of all N-digit numbers are prime, as I recall).

How big a keyspace is this to start searching "systematically"?
Considering that there are "only" about 10^73 particles of all kinds
in the entire universe (based on our best estimate of the size of the
universe, the density of galaxies, gas clouds, etc.), this means that
if every particle in the universe were searching for and recording the
primes they discovered, each particle would have to store 10^77
primes!

So much for "a powerful systematic search for primes that fit that
range."

*** You assume that your selection of primes is random; it is the case, 
particularly in the initial usages of public-key systems, that attacks could be 
made on keyspaces based on the prime generation method.  A point that 
number-crunch jockeys tend to forget is that psychology and systems analysis 
provide greater in-roads against secure systems than brute force.

> technical resource also allows one to speculate--are CM platforms (pardon the 
> pun) used for exhaustive systematic search for keys, while Cray systems are 
used
> for attacks on the keyspace?  Differentiation of parallel versus scalar 
> processing towards attack domains is interesting.

"Parallel versus scalar processing"? Parallelism means nothing at
these scales...see the above point.

*** Your point is orthogonal to our point.  The two systems are used for 
different attacks--parallelism can be used for exhaustive search, such as for 
DES keys, while scalar processing can be used for testing primality.

> Michael Wilson
> Managing Director, The Nemesis Group
> The Adversary


--Tim May

*** TNG





From gtoal at an-teallach.com  Sat Jul  2 18:10:08 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Sat, 2 Jul 94 18:10:08 PDT
Subject: Simulated stock-market...
Message-ID: <199407030110.CAA07344@an-teallach.com>


Anyone wants to flame me for cross-posting an article so soon after
whinging about everyone else doing it, feel free - I deserve it.
I thought a few of us would like to see it anyway though!  <duck & run...>

If it's a well simulated real market you might want to try some of
those tricks we were discussing some time ago to move money around...

G

From: orwant at ATHENA.MIT.EDU (Jon Orwant)
Newsgroups: misc.invest,misc.invest.stocks,alt.internet.services
Subject: MAMMON: telnet mammon.media.mit.edu 10900
Date: 2 Jul 1994 05:59:59 GMT
Organization: MIT Media Lab
Lines: 32
NNTP-Posting-Host: puttanesca.mit.edu
Keywords: stocks


                 MAMMON

   An Internet stock-picking "tournament"

MAMMON allows you to manage a virtual portfolio
in which you can buy and sell stocks at their
current market price.

You can view MAMMON as either a competition
to develop the most valuable portfolio (the
wealthiest accounts are available via the TOP
command), or as a way to test your stock
strategies, or merely as a way to record 
your investments.

*   New accounts get $100000 in play money

*   24 hours/day operation

*   It's free.  Just

                  telnet mammon.media.mit.edu 10900

Try it.

Jon Orwant
orwant at media.mit.edu
MIT Media Lab










From tcmay at netcom.com  Sat Jul  2 18:48:13 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 2 Jul 94 18:48:13 PDT
Subject: Reply to Tim May's comments
In-Reply-To: <42940703010324/0005514706NA2EM@mcimail.com>
Message-ID: <199407030148.SAA07365@netcom4.netcom.com>


This'll have to be my last reply to Michael Wilson. No offense meant,
but we are not even close to speaking the same language. 


> *** You assume that your selection of primes is random; it is the case, 
> particularly in the initial usages of public-key systems, that attacks could be 
> made on keyspaces based on the prime generation method.  A point that 
> number-crunch jockeys tend to forget is that psychology and systems analysis 
> provide greater in-roads against secure systems than brute force.

Your phrasing is Greek to me. The primes are generated by picking a
very large random number, of 150 digits or so (depends on key length
chosen), and then iterating-and-testing until a prime is found. (I
wrote a version of this for my own crude version of RSA, in
Mathematica...not very fast, but immensely educational for me.)

So I run this and start with a random number of: 
3865018936355867.....38587493661988826448627 (152 digits)

I run this process a second time and get:
193648376263874....8747487458364253 (152 digits)

And I could keep running this as many times as I like, with the
numbers being different every time.

(These are just examples, not real numbers.)

Now tell me, even granted that my RNG is not "perfect" (in the sense
we talk about so often here), how could an attacker--even one using
the "psychology and systems analysis" Wilson cites--know where to
start? Which number I generated? The search space is just too
large. Just too much entropy.

PGP, for example, asks for keyboard input to get enough entropy. (I
assume some of the collected entropy goes directly into the prime
generation process, of course.) 

Even all the world's supercomputers are not going to be able guess (in
any number of trials in a million years) the specific 140- or 150- or
160-digit number I generated. (Caveat: Unless the RNG is a brain-dead
seeded generator. But that's why MailSafe, PGP, and other programs ask
for keyboard input as a source of entropy. Even if the distillation of
entropy results in "only" 250 bits of entropy, it's still hopeless to
try to enumerate the primes.)

I agree with Graham Toal: it's time Michael Wilson either _tells us_
what his magical schemes are, or shuts up. Pompous language is no
substitute for meaningful information.

> "Parallel versus scalar processing"? Parallelism means nothing at
> these scales...see the above point.
> 
> *** Your point is orthogonal to our point.  The two systems are used for 
> different attacks--parallelism can be used for exhaustive search, such as for 
> DES keys, while scalar processing can be used for testing primality.

Gobbledegook! A "parallel" machine with 1024 nodes is at most 1024
times faster than a single node...no magical gains. The RSA-129
challenge did use lots (hundreds, maybe thousands) of nodes, but this
was--as expected--a proportionate gain.

Saying an intractable problem becomes tractable with "parallel
processing" is simply wrong. I suppose one could magically hypothesize
a machine with "10^100 nodes" and say "See, parallel processing
allowed us to factor this and such number," but this is pure fantasy.

Exponential blowup (non-polynomial time) means just that...a few
factors of 16 or 4096 or whatever just don't make a difference.

Please provide us with specifics of your methods. If you say they are
"proprietary" or that you are seeking a patent on them, I won't be
surprised. 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Sat Jul  2 18:50:53 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 2 Jul 94 18:50:53 PDT
Subject: NSA Wafer Fab
Message-ID: <199407030151.SAA07582@netcom4.netcom.com>



> That the NSA contracted National Semiconductor to build a facility
> on-site has been common knowledge since 1989-90. The fab is not state
> of the art (i.e., is not 1.8 micron or better) and is believed to be

Whoops! I meant to say "0.8 micron."

For reference points, 66 MHz Pentiums are typically 0.8 micron, 90 and
100 MHz Pentiums are typically 0.6-0.65 micron, and absolute state of
the fabs are 0.4 micron (a few in Japan, a few in the U.S.--all very
large and very expensive). Intel is spending $1.3 billion (that's $1.3
thousand million to you Brits) on a 0.25 micron fab to be completed in
1996-7 in Chandler, Arizona.

If the NSA is building special-purpose cipher-crunchers (which would
not surprise any of us), they could easily buy the 1000 or 10,000 or
whatever number in the market. They would be fools to try to
manufacture state of the art microprocessors in a relatively small,
several years old, facility on the outskirts of Fort Meade.

(By cipher-crunchers, I mean DES-busters, maybe password-searchers,
but not 300-digit number factorers, a la my last post.)

The NSC fab at NSA may well be a 1 - 1.5 micron fab, considering it's
genealogy. But not much better than that, I would guess. Just as
important as the lithographic feature sizes supported is the "Class"
rating of the wafer fab (a measure of air purity in terms of particles
per unit volume).

The NSA fab is almost certainly not a Class 10 fab, and is probably
used to fab MSI and LSI components. Maybe a little bit of VLSI.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."





From fasttech!zeke at uu4.psi.com  Sat Jul  2 18:55:19 1994
From: fasttech!zeke at uu4.psi.com (Bohdan Tashchuk)
Date: Sat, 2 Jul 94 18:55:19 PDT
Subject: too bad Bush didn't propose Clipper
Message-ID: <9407030144.AA27586@fasttech>


This is a very obvious observation, but bear with me. I haven't seen
anyone enunciate it, but maybe I haven't been paying close attention.

If Republican ex-CIA director George Bush had publicly proposed the
Cripple system developed during his administration, then the whole
concept would have been "dead on arrival". In fact, the quite-similar
FBI telephony proposals were originally floated on his watch, and went
absolutely nowhere in Congress.

Can anyone imagine the Democrats accepting something like this while a
Republican President was in power? Can anyone imagine any left-wing
special interest groups not immediately and loudly foaming at the mouth
about this?

But both of these groups accept Slick Willie as "one of their own",
and Cripple is being seriously debated in Congress. Too bad George
didn't win the election.






From blancw at microsoft.com  Sat Jul  2 19:37:51 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sat, 2 Jul 94 19:37:51 PDT
Subject: FW: A third voice re: science and spirit
Message-ID: <9407030139.AA19598@netmail2.microsoft.com>


From: Bhikkhu

     ...  I don't know if you have been around
     many research-type psychologists, but they can be every bit as
     neurotic as you imply :-)
---------------------------------

This is sort of amusing:

	Does this make it a case of the "blind leading the blind", or
	"it takes one to know one"?

Blanc






From blancw at microsoft.com  Sat Jul  2 19:41:16 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sat, 2 Jul 94 19:41:16 PDT
Subject: FW: A third voice re: science and spirit
Message-ID: <9407030143.AA19614@netmail2.microsoft.com>


OOps  -   sorry, I sent that message to the wrong list.

	Ingore,
	         delete,
		forget it.

Blanc






From bmorris at netcom.com  Sat Jul  2 21:10:11 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sat, 2 Jul 94 21:10:11 PDT
Subject: IS IT POSSIBLE?
Message-ID: <199407030356.UAA17472@netcom12.netcom.com>


To: cypherpunks at toad.com

PP> can put someone on a raft in the middle of a lake plinking away on the
PP> keyboard -- and discern every keystroke from the shoreline.

Then the typing of a passphrase could be intercepted - in the unlikely
event that one is deemed important enough to be monitored by several
people with some presumably expensive equipment - ah well, I'm not going
to worry about it.

 * RM 1.4 B0037 *
                                                                                               





From werner at mc.ab.com  Sat Jul  2 22:00:54 1994
From: werner at mc.ab.com (tim werner)
Date: Sat, 2 Jul 94 22:00:54 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
Message-ID: <199407030500.BAA16926@sparcserver.mc.ab.com>


>
>An interesting thought hit me when reading this.  The "classic"
>Cray series (Cray-1, X-MP, Y-MP) all have a rather curious instruction
>generally known as population count.  All it does is to take a register
>and count the number of one bits in it, and return that count.
>    ...
>Just a thought.  It's the only plausable use that I have yet thought of
>for this instruction.  Has anyone else got any ideas?

This instruction would be useful in all sorts of applications.  I was just
wishing I had such a thing only last week.  I had to write a little loop to
check the number of bits set in a word.  Each bit represented an action,
and in my particular case it was an error if more than 1 action was
requested.  The loop was really a waste when you consider that it could
have been done in 1 instruction.

tw





From tcmay at netcom.com  Sat Jul  2 23:43:40 1994
From: tcmay at netcom.com (Timothy C. May by way of tcmay@netcom.com Timothy C. May)
Date: Sat, 2 Jul 94 23:43:40 PDT
Subject: NSA and CSS Computer Resources
Message-ID: <199407030643.XAA16053@netcom.netcom.com>


Earlier I mentioned the list of supercomputer installations that Gunter
Ahrendt maintains and I included a few (dated) excerpts. Well, tonight I
found a new version posted.

I'm only including the top handful of sites.

Not reported are installations in non-U.S. intelligence agencies, such as
Chobetsu, SDECE, Mossad, BND, etc. They probably don't have Crays,
Connection Machines, or Paragons.

I'll also edit the intro material a bit. The sites are ranked in order of
what I'd call "Cray equivalents," where the Cray Y-MP/1 is rated at 1. For
example, the top-ranked site has the estimated equivalent of 380 Cray
Y-MP/1s.

--Tim May


From: gunter at yarrow.wt.uwa.edu.au (Gunter Ahrendt)
Newsgroups: comp.sys.super
Subject: JUL-1994 List of the world's most powerful computing sites
Date: 3 Jul 94 01:37:07 GMT
Organization: The University of Western Australia
Message-ID: <gunter.773199427 at yarrow>

        03-JUL-1994 List of the world's most powerful computing sites
        =============================================================
  (available by fingering me, joining my mailing list or in comp.sys.super)

    ....
        Ratings are ratios to a Cray Y-MP/1 based on NASA NPB BT Size A
benchmark reports. Figures prefixed '~' denote approximations usually
based on comparable programs, figures suffixed '?' denote relative guesses
based on Intel iPSC/860 peak Gflops ratios.
        The current minimum performance for inclusion is a benchmarked rating
of 4 BT, or 10.56 Gflops peak for unbenchmarked systems.
...

1) 380.82 - (27-JUN-1994) [NAL]
        National Aerospace Lab,Chofu-shi,Tokyo,Japan,
        nahirose at asuka.aerospace-lab.go.jp
        1) NAL NWT 2/140        ~357    (5.1 @ 2 cpus)
        2) Intel Paragon-336      18.38 (7 @ 128 cpus)
        3) Fujitsu VP2600/10    ~  5.44

2) 196.1 - (APR-1994) [CSS]
        Central Security Service,National Security Agency Headquarters,Fort
        George G Meade,Maryland,US,postmaster at dockmaster.ncsc.mil
        1)  TMC CM-5/512                   44.8 (2.8 @ 32 cpus)
        2)  Cray C916-1024                 35.52 = 2.22 * 16 cpus
        3)  Cray C916-1024                 35.52 = 2.22 * 16 cpus
        4)  Cray C916-1024                 35.52 = 2.22 * 16 cpus
        5)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
        6)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
        7)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
        8)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
        9)  Cray M98-4096               ~   7.01
        10) Cray 3/2-64 [-4Q96]             5.73?
        11) NSA SMPP-2/2M [+4Q96]        7407.05?

3) 146.41 - (10-JUN-1994) [LANL]
        Los Alamos National Labs,Los Alamos,New Mexico,US,iaa at lanl.gov
        1) TMC CM-5/1056-32 [-4Q94]      92.4   (2.8 @ 32 cpus)
        2) Cray T3D SC128-8/3-64         15     (12 @ 128 cpus + 1 * 3 cpus)
        3) Cray Y-MP/8-128                8    = 1 * 8 cpus
        4) Cray Y-MP/8-128                8    = 1 * 8 cpus
        5) Cray Y-MP/8-64                 8    = 1 * 8 cpus
        6) Cray Y-MP/8-32                 8    = 1 * 8 cpus
        7) Cray M98-2048                ~ 7.01
        8) TMC CM-5/1056-128 [+4Q94]     92.4   (2.8 @ 32 cpus)

4) 142.08 - (10-JUN-1994) [NSA]
        National Security Agency,Dallas,Texas,US,postmaster at dockmaster.ncsc.mil
        1) Cray C916-512                35.52 = 2.22 * 16 cpus
        2) Cray C916-512                35.52 = 2.22 * 16 cpus
        3) Cray C916-512                35.52 = 2.22 * 16 cpus
        4) Cray C916-512                35.52 = 2.22 * 16 cpus
        5) Cray C916-1024 [+2Q95]       35.52 = 2.22 * 16 cpus
        6) Cray C916-1024 [+2Q95]       35.52 = 2.22 * 16 cpus
        7) Cray C916-1024 [+2Q95]       35.52 = 2.22 * 16 cpus
        8) Cray C916-512 [+2Q95]        35.52 = 2.22 * 16 cpus

5) 112.97 - (16-JUN-1994) [CRI]
        Cray Research Computer Network,Eagan,Minnesota,US,root at cray.com
        1)  Cray C916-256                 35.52  = 2.22 * 16 cpus
        2)  Cray T3D 256                  24      (12 @ 128 cpus)
        3)  Cray Y-MP/8E-128               8     = 1 * 8 cpus
        4)  Cray Y-MP/8D-128               8     = 1 * 8 cpus
        5)  Cray Y-MP/8D-64                8     = 1 * 8 cpus
        6)  Cray Y-MP/8D-32                8     = 1 * 8 cpus
        7)  Cray M98-4096               ~  7.01
        8)  Cray Y-MP8I/6-64               6     = 1 * 6 cpus
        9)  Cray C92A-128                  4.44  = 2.22 * 2 cpus
        10) Cray Y-MP/4E-64                4     = 1 * 4 cpus
        11) Cray T91 [+1Q95]               4.44?
        12) Cray T3D 1024A [+4Q96]       204.8 ?
        13) Cray T932 [+4Q96]            142.08?
        14) Cray T3D 1024B [+4Q99]       640   ?

6) 106 - (20-MAY-1994) [SANDIA]
        Sandia National Labs,Albuquerque,New Mexico,US,arbreck at sandia.gov
        1) Intel Paragon-1840   98       (7 @ 128 cpus)
        2) Cray Y-MP/8-64        8      = 1 * 8 cpus

7) 104.38 - (29-JUN-1994) [MSCI]
        Minnesota Supercomputer Center,Minneapolis,Minnesota,US,consult at msc.edu
        1) TMC CM-5/896VU               78.4   (2.8 @ 32 cpus)
        2) Cray C916/9-512              19.98 = 2.22 * 9 cpus
        3) Cray T3D 64 [-4Q94]           6
        4) Cray T3D 128 [+4Q94]         12

8) 98.4 - (02-JUN-1994) [ATP]
        Angstrom Technology Partnership,Tsukuba,Japan,sato at jrcat.or.jp
        1) Fujitsu VPP500/32    76.8    (4.8 @ 2 cpus)
        2) TMC CM-5E/128        21.6    (5.4 @ 32 cpus)

9) 83.52 - (17-JUN-1994) [PSC]
        Pittsburgh Supercomputing Center,Pittsburgh,Pennsylvania,US,
        remarks at psc.edu
        1) Cray T3D 512         48     (12 @ 128 cpus)
        2) Cray C916-512        35.52 = 2.22 * 16 cpus

10) 82.4 - (10-JUN-1994) [CALTECH]
        Caltech,Pasadena,California,US,goss at delilah.ccsf.caltech.edu
        1) Intel Paragon-555             30.35  (7 @ 128 cpus)
        2) Intel Touchstone Delta-513   ~28.05  (7 @ 128 cpus)
        3) Cray T3D 256                  24     (12 @ 128 cpus)

11) 81.55 - (21-JUN-1994) [LLNL]
        Lawrence Livermore National Labs,Livermore,California,US,
        seager at llnl.gov
        1) Cray C916-256                          35.52  = 2.22 * 16 cpus
        2) Meiko CS-2/256-512VU [-4Q96]         ~ 24      (1.5 @ 16 cpus)
        3) Cray Y-MP/8-128                         8     = 1 * 8 cpus
        4) Cray Y-MP/8-64                          8     = 1 * 8 cpus
        5) Cray 2S/8-128                           6.03?
        6) Cray T3D SC128-8/3-64 [+3Q94]          15      (12 @ 128+1 * 3 cpus)
        7) Meiko CS-2/1280-2560VU [+4Q96]       ~120      (1.5 @ 16 cpus)

12) 77.31 - (07-APR-1994) [TSUKUBA]
        Uni of Tsukuba,Ibaraki,Japan,root at ume.cc.tsukuba.ac.jp
        1) Fujitsu VPP500/30                     72     (4.8 @ 2 cpus)
        2) Tsukuba QCDPAX-480                     5.31?
        3) Tsukuba CP-PACS/1024 [+3Q96]         113.68?

13) 75.44 - (25-JUN-1994) [NAS]
        NAS,NASA Ames Research Center,Mountain View,California,US,
        jet at nas.nasa.gov
        1) Cray C916-1024                35.52 = 2.22 * 16 cpus
        2) Cray C98-128                  17.76 = 2.22 * 8 cpus
        3) TMC CM-5/128VU-32/256         11.2   (2.8 @ 32 cpus)
        4) Intel Paragon-204             11.16  (7 @ 128 cpus)
        5) IBM 9076 SP2/160 [+3Q94]     ~63.8   (3.19 @ 8 cpus)








From joshua at cae.retix.com  Sat Jul  2 23:43:44 1994
From: joshua at cae.retix.com (joshua geller)
Date: Sat, 2 Jul 94 23:43:44 PDT
Subject: Password Difficulties
In-Reply-To: <9407030005.AA11165@toad.com>
Message-ID: <199407030643.XAA04448@sleepy.retix.com>



steve bellovin writes:
>bruce schneier writes:

>	    Figure that each English character has 1.8 bits of entropy.
>	    (This is a conservative number, because it doesn't take into
>	    account case, spacing, or punctuation.)  If I want a
>	    passphrase that will map into a 64-bit keyspace, I need at
>	    least a 35-chararcter phrase.

>   Don't forget the difficulty of typing such a long phrase, with
>   echoing turned off.

but it's not that difficult. at least, I don't have any difficulty with 
it. perhaps I really am superhuman, but somehow I doubt it.

josh






From kentborg at world.std.com  Sun Jul  3 00:09:59 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 3 Jul 94 00:09:59 PDT
Subject: Password Difficulties
Message-ID: <199407030709.AA16211@world.std.com>


lcottrell at popmail.ucsd.edu writes:
>I make a point of using at least one non-dictionary word in every
>passphase I make.

Something pronouncable?  Something that follows rules of some natural
language, something short that could have been a word?

Good, but not the whole cigar.  Last I used VMS you could get it to
suggest non-word word-a-likes to use as your password.  Seems terrible
brute forcable in 1994.  

Adding a non-word to a pass phrase is like increasing the size of the
dictionary, and if you only do one non-word then only *that* word
picks up more bits of entropy in the phrase.  Yes, there are bits in
where you put the word, but the whole phrase did not become made of
deep bits.

But my point is really that even these often-less-good-than-they-look
measures are far better than what *real* people are going to do.


-kb, the Kent who wonders whether real people will ever have decent security


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Sun Jul  3 00:14:07 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 3 Jul 94 00:14:07 PDT
Subject: A 4000-Cray Machine at NSA in 1997?
In-Reply-To: <199407030643.XAA16053@netcom.netcom.com>
Message-ID: <199407030714.AAA04682@netcom12.netcom.com>



I just noticed the scheduled delivery/installation/completion of a
7400-Cray equivalents machine in around 1997:

> 2) 196.1 - (APR-1994) [CSS]
>         Central Security Service,National Security Agency Headquarters,Fort
>         George G Meade,Maryland,US,postmaster at dockmaster.ncsc.mil
>         1)  TMC CM-5/512                   44.8 (2.8 @ 32 cpus)
>         2)  Cray C916-1024                 35.52 = 2.22 * 16 cpus
>         3)  Cray C916-1024                 35.52 = 2.22 * 16 cpus
>         4)  Cray C916-1024                 35.52 = 2.22 * 16 cpus
>         5)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
>         6)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
>         7)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
>         8)  Cray Y-MP/8E-256                8    = 1 * 8 cpus
>         9)  Cray M98-4096               ~   7.01
>         10) Cray 3/2-64 [-4Q96]             5.73?
>         11) NSA SMPP-2/2M [+4Q96]        7407.05?
              ^^^             ^^^^         ^^^^

Note also that poor Seymour Cray's Cray-3 (from Cray Computer, *not*
Cray Research, as you all must surely know) is not very competitive
with the various hypercubes and other parallel machines (like Intel's
Paragon and Thinking Machine's CM-5, both closely matched at around
90-100 Cray equivalents). I think this means the end of mostly
uniprocessor machines, even if made out of GaAs.

But the "NSA SMPP-2/2M" is intriguing. Speculatively (_very_), I
wonder if this is the "million processor" (or 2 million, if that's
what the "2M" means) machine researchers have talked about. (Danny
Hillis said at Hackers '90 that he hoped to see this built.)

I wonder who the contractor is?

Food for thought.

(And just what will the NSA SMPP-2/2M use for its food?)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Sun Jul  3 00:51:40 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 3 Jul 94 00:51:40 PDT
Subject: Visual Passphrases
In-Reply-To: <199407030709.AA16211@world.std.com>
Message-ID: <199407030730.AAA05703@netcom12.netcom.com>



Another approach to getting enough entropy in passwords/phrases is a
"visual key" where one mouses from position to position in a visual
environment. That is, one is presented with a scene containg some
number of nodes, perhaps representing familiar objects from one's own
home, and a path is chosen.

The advantage is that most people can remember fairly complicated
(read: high entropy) "stories." Each object triggers a memory of the
next object to visit. (Example: door to kitchen to blender to
refrigerator to ..... ) This is the visual memory system said to be
favored by Greek epic poets.

This also gets around the keyboard-monitoring trick (but not
necessarily the CRT-reading trick, of course).

I haven't used one of these schemes, but I recall hearing that at
least one commercial product offers this as an option.

It might be an interesting hack to offer this as a front end for PGP.

Even a simple grid of characters which could be moused on could be an
assist in using long passphrases.

(But someone has probably patented this approach.)

--Tim May

P.S. I'm not hung up on passphrases as a major weakness. I think theft
of keys and keystroke capturing on compromised machines are much
more important practical weaknesses.

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sun Jul  3 00:57:24 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sun, 3 Jul 94 00:57:24 PDT
Subject: 2D Political Spectrum (Nolan Chart)
Message-ID: <773222102/vac@FURMINT.NECTAR.CS.CMU.EDU>



As part of a Mosaic new page:

ftp://furmint.nectar.cs.cmu.edu/security/cypheressay/what-is-cypherpunk.html

I put together a file on the 2D political spectrum.  This helps to
explain why Libertarians and the "Left wing" folks are both on this
list.

  -- Vince

-----------------------------------------------------------------------

The two dimensional political spectrum was first developed by Nolan, so
it is usually called the "Nolan Chart".  A person gets a score on
economic issues and on personal issues.  This 2D plane is rotated 45
degrees so that "left" and "right" match with the old 1D spectrum.

                                .                                      
                              ./ \.                                            
                            ./  .  \.                                         
                          ./  .   .  \.                                        
                        ./  .   .   .  \.                                     
                      ./   LIBERTARIAN   \.
                    ./ \.   .   .   .   ./ \.
                  ./  .  \.___.___.___./  .  \.
                ./  .   . ! .   .   . ! .   .  \.
              ./  .   .   !   .   .   !   .   .  \.
            ./  .   .   . ! .   .   . ! .   .   .  \.
         100 \.  "LEFT"   !  MODERATE !  "RIGHT"  ./ 100
            90 \.   .   . ! .   .   . ! .   .   ./ 90
              80 \.   .   !___.___.___!   .   ./ 80
                70 \.   ./  .   .   .  \.   ./ 70
                  60 \./  .   .   .   .  \./ 60
 Personal Freedom   50 \. AUTHORITARIAN ./ 50    Economic Freedom
     Percentile       40 \.   .    .   / 40         Percentile
                        30 \.   .   ./ 30    
                          20 \.   ./ 20
                            10 \./ 10
                              0   0

 
Personal Freedom Issues (free or government controlled?):

    privacy, birth control, gambling, prostitution, homosexuality, drugs, 
    pornography, censorship (even anti-American stuff), military draft,
    control of radio or TV content (profanity, violence, ...), etc

Economic Freedom Issues (free or government controlled?):

    cable companies, taxi companies, licenses for businesses in general, 
    mail delivery, stock market, minimum wages, farm prices, prices in general,
    banks in general, airlines, car gas-mileage, nuclear power, oil prices, 
    money supply, current interest rate, maximum legal interest rate, 
    exports, imports, employee hiring and firing, etc

Common Agreement on Purpose of Government:

    All major groups on the political landscape agree that fraud and the 
    initiation of physical force are both bad and should be punished.  
    The con-man, fraud, swindler, or cheat, takes by trickery and 
    deception.  The "violent criminal" is someone who physically does 
    something to someone else or their property without permission, or 
    threatens to do so.  Everyone also agrees that a government should 
    defend the country against foreign invasion.

Issues that do not fit nicely into Nolan Chart:

    Sort of economic: welfare, death penalty, foreign aid
    Sort of personal: abortion, 

Calibration of 2D Political Spectrum:

    Someone should calibrate a set of questions that break down the 
    population by percentiles for the Nolan Chart.  This could be done 
    by someone like Gallup or maybe as a thesis project.  It would be very 
    interesting.  Fun to see scores for differed countries and also how
    a countries score varies over time.  If anyone knows of a large set
    of calibrated questions, please let me know.


   -- Vincent Cate
      vac at cs.cmu.edu

 This file is ftp://furmint.nectar.cs.cmu.edu/security/political-spectrum.txt 





From ebrandt at jarthur.cs.hmc.edu  Sun Jul  3 01:15:21 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sun, 3 Jul 94 01:15:21 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <199407030500.BAA16926@sparcserver.mc.ab.com>
Message-ID: <9407030815.AA20743@toad.com>


> From: tim werner <werner at mc.ab.com>
> The loop was really a waste when you consider that it could
> have been done in 1 instruction.

You can do better than a bit-serial loop -- though not down to
one instruction!  There are a lot of very cool approaches, only
one of which I remember.

Look at the problem as that of finding the sum of n 1-bit blocks.
Well, we can easily find the sum of a single n-bit block.  The
intermediate conversions are the magic part.

Let's look at an 8-bit word.  How shall we get, for example, from a
sum of 4 2-bit blocks to a sum of 2 4-bit blocks?  What we do is add
adjacent blocks.  The block-pair sums will actually fit in three
bits, so they'll certainly fit in four without overflowing.  And all
of this can be done bit-parallel using logic ops.

In C, this looks like:

int byte_ones(int a)
// hope this is correct...
{
	a = (a & 0x55) + (a & 0xAA)/2;		// 0x55 == 01010101b
	a = (a & 0x33) + (a & 0xCC)/4;		// 0x33 == 00110011b
	a = (a & 0x0F) + (a & 0xF0)/16;		// 0x0F == 00001111b
	return  a;
}

Oh, and one AND in the third line is superfluous.  This is not the
fastest algorithm for this, but it's the only one I understand and
remember.

   Eli   ebrandt at hmc.edu
(I won't ask why you needed a one-hot encoding in the first place...)





From kentborg at world.std.com  Sun Jul  3 01:18:48 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 3 Jul 94 01:18:48 PDT
Subject: Visual Passphrases
Message-ID: <199407030818.AA22200@world.std.com>


tcmay at netcom.com writes:
>P.S. I'm not hung up on passphrases as a major weakness. I think theft
>of keys and keystroke capturing on compromised machines are much
>more important practical weaknesses.

Certainly passwords are not the only threat, and the rarity of Tempest
equipment at the local computer store does mean that the TLAs keep an
ability to spy on anyone they can aim an antenna at, but for some
folks (read: most folks) there might be much easier ways.

I actually don't worry so much about RF monitoring because the natural
evolution of computers is slowly killing emmisions.  Particularly for
battery operated equipment and equipment near OSHA inspectors.


-kb

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From norm at netcom.com  Sun Jul  3 01:24:40 1994
From: norm at netcom.com (Norman Hardy)
Date: Sun, 3 Jul 94 01:24:40 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
Message-ID: <199407030824.BAA24447@netcom.netcom.com>


At 01:00 1994/07/03 -0400, tim werner wrote:
>This instruction would be useful in all sorts of applications.  I was just
>wishing I had such a thing only last week.  I had to write a little loop to
>check the number of bits set in a word.  Each bit represented an action,
>and in my particular case it was an error if more than 1 action was
>requested.  The loop was really a waste when you consider that it could
>have been done in 1 instruction.
>
>tw
In C, {int j... if(j & (j-1)) not_exactly_one_bit; ...}







From barrett at daisy.ee.und.ac.za  Sun Jul  3 02:02:04 1994
From: barrett at daisy.ee.und.ac.za (Alan Barrett)
Date: Sun, 3 Jul 94 02:02:04 PDT
Subject: Password Difficulties
In-Reply-To: <9407030005.AA11165@toad.com>
Message-ID: <Pine.3.89.9407031029.A196-0100000@newdaisy.ee.und.ac.za>


> Don't forget the difficulty of typing such a long phrase, with
> echoing turned off.

Steve, did you learn anything interesting from your experiment several
months ago in which you were testing the ability of folk to type long
passwords?  I remember being surprised at how short your test passwords
were, given the nature of the experiment.  (I have no difficulty
typing 50-character pass phrases with echoing turned off.)

--apb (Alan Barrett)





From tn0s+ at andrew.cmu.edu  Sun Jul  3 02:07:50 1994
From: tn0s+ at andrew.cmu.edu (Timothy L. Nali)
Date: Sun, 3 Jul 94 02:07:50 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <9407030815.AA20743@toad.com>
Message-ID: <4i5by0G00WBMA0jZF6@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 3-Jul-94 Re: Dr. Dobbs Dev. Update
1.. by Eli Brandt at jarthur.cs.hm 
> int byte_ones(int a)
> // hope this is correct...
> {
>         a = (a & 0x55) + (a & 0xAA)/2;          // 0x55 == 01010101b
>         a = (a & 0x33) + (a & 0xCC)/4;          // 0x33 == 00110011b
>         a = (a & 0x0F) + (a & 0xF0)/16;         // 0x0F == 00001111b
e>         return  a;
> }

Note that some compilers might not be smart enough to use logical shift
ops and instead use expensive division ops.  Just to be safe...

int byte_ones(int a)
{
         a = (a & 0x55) + ((a & 0xAA) << 1);          // 0x55 == 01010101b
         a = (a & 0x33) + ((a & 0xCC) << 2);          // 0x33 == 00110011b
         a = (a & 0x0F) + ((a & 0xF0) << 4);          // 0x0F == 00001111b
         return a;
}

And this runs in O(lg n) where n is the number of bits in `a'.  Does
anybody have an algorithm for this that beats O(lg n)?

 

_____________________________________________________________________________
 
 Tim Nali            \  "We are the music makers, and we are the dreamers of
 tn0s at andrew.cmu.edu  \   the dreams" -Willy Wonka and the Chocolate Factory







From barrett at daisy.ee.und.ac.za  Sun Jul  3 02:53:06 1994
From: barrett at daisy.ee.und.ac.za (Alan Barrett)
Date: Sun, 3 Jul 94 02:53:06 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <9407030815.AA20743@toad.com>
Message-ID: <Pine.3.89.9407031141.B196-0100000@newdaisy.ee.und.ac.za>


> You can do better than a bit-serial loop -- though not down to
> one instruction!  There are a lot of very cool approaches, only
> one of which I remember.

Bit counting was discussed in great detail in comp.lang.c in October
1990.  I saved an excellent summary by Chris Torek, which I can post if
there is interest.  It includes a program to test 17 different methods
of bit counting, and a table of results from six machine/compiler
combinations.

In 5 of the 6 tested environments, the fastest method for counting the
1's in a 32-bit word turned out to be some variant of a table lookup
(but not always the same variant).  In 1 of the 6 tested environments,
the fastest code was the following, which is similar to that posted here
by Eli Brandt:

/*
 * Explanation:
 * First we add 32 1-bit fields to get 16 2-bit fields.
 * Each 2-bit field is one of 00, 01, or 10 (binary).
 * We then add all the two-bit fields to get 8 4-bit fields.
 * These are all one of 0000, 0001, 0010, 0011, or 0100.
 *
 * Now we can do something different, becuase for the first
 * time the value in each k-bit field (k now being 4) is small
 * enough that adding two k-bit fields results in a value that
 * still fits in the k-bit field.  The result is four 4-bit
 * fields containing one of {0000,0001,...,0111,1000} and four
 * more 4-bit fields containing junk (sums that are uninteresting).
 * Pictorially:
 *	    n = 0aaa0bbb0ccc0ddd0eee0fff0ggg0hhh
 *	 n>>4 = 00000aaa0bbb0ccc0ddd0eee0fff0ggg
 *	  sum = 0aaaWWWWiiiiXXXXjjjjYYYYkkkkZZZZ
 * where W, X, Y, and Z are the interesting sums (each at most 1000,
 * or 8 decimal).  Masking with 0x0f0f0f0f extracts these.
 *
 * Now we can change tactics yet again, because now we have:
 *	    n = 0000WWWW0000XXXX0000YYYY0000ZZZZ
 *	 n>>8 = 000000000000WWWW0000XXXX0000YYYY
 * so	  sum = 0000WWWW000ppppp000qqqqq000rrrrr
 * where p and r are the interesting sums (and each is at most
 * 10000, or 16 decimal).  The sum `q' is junk, like i, j, and
 * k above; but it is not necessarry to discard it this time.
 * One more fold, this time by sixteen bits, gives
 *	    n = 0000WWWW000ppppp000qqqqq000rrrrr
 *	n>>16 = 00000000000000000000WWWW000ppppp
 * so	  sum = 0000WWWW000ppppp000sssss00tttttt
 * where s is at most 11000 and t is it most 100000 (32 decimal).
 *
 * Now we have t = r+p = (Z+Y)+(X+W) = ((h+g)+(f+e))+((d+c)+(b+a)),
 * or in other words, t is the number of bits set in the original
 * 32-bit longword.  So all we have to do is return the low byte
 * (or low 6 bits, but `low byte' is typically just as easy if not
 * easier).
 *
 * This technique is also applicable to 64 and 128 bit words, but
 * 256 bit or larger word sizes require at least one more masking
 * step.
 */
int
tG_sumbits(n)
	register unsigned long n;
{

	n = (n & 0x55555555) + ((n >> 1) & 0x55555555);
	n = (n & 0x33333333) + ((n >> 2) & 0x33333333);
	n = (n + (n >> 4)) & 0x0f0f0f0f;
	n += n >> 8;
	n += n >> 16;
	return (n & 0xff);
}

--apb (Alan Barrett)





From bwallet at mason1.gmu.edu  Sun Jul  3 06:07:02 1994
From: bwallet at mason1.gmu.edu (Bradley C Wallet)
Date: Sun, 3 Jul 94 06:07:02 PDT
Subject: ANI numbers
In-Reply-To: <9407021616.AA00152@toad.com>
Message-ID: <Pine.3.89.9407030934.A17148-0100000@mason1.gmu.edu>


> The number is 1073214049889664

1-0732-1-404-988-9664

a carrier code followed by an ani in the 404 area code...it works, but it 
isn't free...should work just as well as a 1-404-988-9666.

brad





From werner at mc.ab.com  Sun Jul  3 08:06:09 1994
From: werner at mc.ab.com (tim werner)
Date: Sun, 3 Jul 94 08:06:09 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
Message-ID: <199407031505.LAA18047@sparcserver.mc.ab.com>


>Date: Sun, 3 Jul 1994 01:24:39 -0700
>From: norm at netcom.com (Norman Hardy)
>At 01:00 1994/07/03 -0400, tim werner wrote:
>>...  I had to write a little loop to
>>check the number of bits set in a word.
>>...  The loop was really a waste when you consider that it could
>>have been done in 1 instruction.

>In C, {int j... if(j & (j-1)) not_exactly_one_bit; ...}

I knew if I subscribed to this list I'd eventually pick up something
useful.  I already asked a couple of people at work if they knew of a
trick to see if there was just one bit set, and no one did.
Otherwise I would feel extra stupid.  :-)

tw





From barrett at daisy.ee.und.ac.za  Sun Jul  3 08:26:56 1994
From: barrett at daisy.ee.und.ac.za (Alan Barrett)
Date: Sun, 3 Jul 94 08:26:56 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <199407031505.LAA18047@sparcserver.mc.ab.com>
Message-ID: <Pine.3.89.9407031727.D196-0100000@newdaisy.ee.und.ac.za>


> >In C, {int j... if(j & (j-1)) not_exactly_one_bit; ...}

C code that does bit twiddling should almost always use unsigned
rather than signed integers, or you may get some nasty surprises on C
implementations that do not use two's complement representation for
signed integers.

--apb (Alan Barrett)





From rarachel at prism.poly.edu  Sun Jul  3 08:50:27 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 3 Jul 94 08:50:27 PDT
Subject: Devil's Advocate (again)
In-Reply-To: <199407011249.FAA25594@soda.berkeley.edu>
Message-ID: <9407031537.AA01063@prism.poly.edu>


::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%IS^P;+]AB?X9TW6\8WR:"P&2%))6DK&_"'9H7Z#TP^%/-Q).;<[88Q
ME30D:-V2"G!=KV&$CCA?;+(6+E.#?2%P`0:V-J'.#NA:J^2@,\;GUI)DG5,O
%CR6`-HX`
====Encrypted-Sender-End====

The 1st ammendment guarantees freedom of speech.  This includes the right
to speak in any "language" you want.   Cryptography is a way of changing
the "language" of a text or binary file so that only the intended recipient
is able to understand it.  Hence, cyphertext is protected by the 1st ammendment.

Whether this will hold up in court....  





From nobody at shell.portal.com  Sun Jul  3 09:20:22 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 3 Jul 94 09:20:22 PDT
Subject: ANI numbers
Message-ID: <199407031621.JAA24394@jobe.shell.portal.com>


> > The number is 1073214049889664

> 1-0732-1-404-988-9664

> a carrier code followed by an ani in the 404 area code...it 
> works, but it isn't free...should work just as well as a 
> 1-404-988-9666.
             ^^^

I thought that ANI only was supposed to work on 800 numbers, the 
theory being that since the callEE was paying the toll, he was 
entitled to know who was calling.  So now we have to worry about 
ANI on non-800 numbers, too?

I noticed you changed the last digit from a "4" to a "6" so that 
the number now ends in "666".  Is this some sort of commentary on 
the "number from hell"? <g>








From nobody at shell.portal.com  Sun Jul  3 09:20:37 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 3 Jul 94 09:20:37 PDT
Subject: FW: A third voice re: science and spirit
Message-ID: <199407031622.JAA24435@jobe.shell.portal.com>


Subj:   FW: A third voice re: science and spirit

> OOps  -   sorry, I sent that message to the wrong list.
>
>        Ingore,
         ^^^^^^
>                 delete,
>                forget it.
>
> Blanc

"Ingore"?  Is that anything like an "AlGore"?  Is that a verb to 
describe the state of the country, as in "we've just been 
INGOREd"?





From rarachel at prism.poly.edu  Sun Jul  3 09:29:31 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 3 Jul 94 09:29:31 PDT
Subject: PC Expo summary!!
In-Reply-To: <9407011213.AA16156@snark.imsi.com>
Message-ID: <9407031617.AA01489@prism.poly.edu>


> > > >                   FEB 17  CYPHERPUNKS TRANSCRIPT
> > > >     Copyright (C) 1994, cypherpunks at toad.com  All Rights Reserved.      
> > >                           ^^^^^^^^^^^^^^^^^^^^
> > > I wonder how the courts will interpret that ;)
> > 
> > This will certainly put a nice toad up the NSA's ass.   Anyone reading this
> > will see that the cypherpunks are a bunch of folk that stick together as a
> > single entity whose purpose right now is to kill clipper.
 
> That wasn't the topic of the discussion in question, actually. It was
> largely just a discussion on cryptography in general and its
> implications, slanted towards anarchists, who were the audiance being
> addressed. Most of the population is extremely hostile to anarchism,
> so from a PR point of view that talk isn't what you want. Also, it
> unfairly makes it look like "cypherpunk" means "anarchist". Now, it
> happpens that I am an anarchist, but that isn't what most people
> associated with the term "cypherpunk" believe in, and it isn't fair to
> paint them that way -- hell, many people on this mailing list are
> overtly hostile to anarchism.

I agree.  However, I was severely pressed for time, and this was the best
resource I could find that dealt with most of the issues dealing with Clipper.
I don't think it made anarchist==cypherpunk, though granted some folks would
take it that way.  Certainly a cypherpunk is nothing more than somone who
uses crypto for his privacy and demands strong crypto. However the transcript
did offer a lot of information as to what the uses are both legal and illegal
and what the dangers of weak crypto & clipper.

I did ask around for beginners articles & was told to write some up myself.
I would have, had I not been pressed for time.  As I said in the pc-expo
summary, I had to write lots of software, and weed though about 900 files that
I captured off this list to see what I can use.  None of them had as much raw
info as this file.  In the heading to this file, I did write "Please forgive
the political slant of this file and instead look at the info it provides"
or something like it.  While that won't really make much different for those
who'd say "Damn anarchists," it made me feel better. :-)

> I don't want people to think you have to hate the idea of government
> in order to like cryptography.

This wasn't my original intention, but unless someone (even myself) writes
a nice big text file on all the issues from clipper, to rsa, to patents to
pgp to even Tempest and IR face scans at the airport, this was the best resource
I could find.  Even Tim wasn't able to help out.   I had little choice.  IT
was either include this file and offend some readers, or don't include it and
leave them clueless.  Which would you rather had me do?

Now keep in mind that about 30% of the disk receivers will never see any
articles because of my big mistake in the installation script, and the rest
will figure out how to get it, or won't be interested so they won't see it...

> The copyright is also meaningless because a non-person (human or
> corporate) cannot copyright something. Certainly an email address
> can't hold a copyright. In any case I consider it a little odd that I
> would not under your copyright be permitted to sell someone a copy of
> my own words.

You obviously can sell someone a copy of it.  You wrote it, it's under your
copyright more than the cypherpunks.  You have to keep in mind that the visuals
of this disk were to make it look like some big corporation was putting out
demo software. Not a bunch of loosely connected folks who know each other
only via email (mostly anyway.)  Putting a copyright notice on it certainly
brings this out more.  Also the title of the disk wasn't "Cypherpunks Disks"
it was "Data Security & Privacy\n A Free Software Demo"  In small letters
it stated that PGP & SecureDevice & WNS were on the disk.

I also put "For demo/educational uses only" and "NOT FOR EXPORT"  All this
lends itself to look professional rather than freewareish.  I'll send ya
a copy of the disk if you like; you'll see that the installer program is also
of the "professional" look & feel.  Or at least as much as I could make it
look professional in the short time that I had.

> Lastly, I don't know what was on that disk exactly, but I've started
> getting calls from random kooks about it. I find that a bit
> disturbing. Did you leave my phone number on it or something?

Nope. Not unless you're in the phone book.  The random cooks could be
press folks as I did give out quite a few copies to them.  So try & find out
if they are or not.  If anything, you can tell'em I did the disk and give'em
my work number (212-412-8475) and I'll deal with them.

The only thing referring to you was your name.  I don't think I even included
your email address... I did include "for more info, send email to cypherpunks@
toad.com" and told them how to subscribe and to expect tons of email if they
do.  I didn't even put my address on it.  My name is only on the copyright
notices of the installer, menu, and file viewer programs.  I didn't put my
email address\, nor phone number, nor anything else except my name on the disk.

As far as copyright is concerned, while we are just a "mailing list" we can
also be thought as an organization.  We are "organized" and our address is
only on the internet.  The method of organization is anarchy.  None the less
we aren't any less of an organization than any other.  We just don't operate
in the same way IBM or MicroSoft, or EFF or EPIC does.  Does that mean we
can't copyright stuff in the cypherpunks name?  I don't know, I'm not a lawyer
and I agree with you that it probably wouldn't hold true infront of a 
copyright judge or a copyright lawyer.  None the less, it was put there for
effect and it did its job for effect, not for copyright.


If you want to sell the disk, you can't, except for the cost of duplicating
the disk. ie: user groups, etc.  If you want to sell your speech, you can.
It's yours and nobody claims any copyright owenership to it.  If Dave Mandl
wants to sell it, he too can. :-)  Now I wouldn't be able to sell it and I
haven't, and neither can any cypherpunk on this list.   Again the disk itself
is copyrighted as a collection.  I didn't claim that cypherpunks had ownership
of PGP, WinPGP, WNSTORM, SecureDevice, or the articles.  Infact a lot of the
Wired articles were on it (with their own copyright notices of course.)  If
the Libertarians want to "Sell" copies of the transcript I guess they could if
it were okay with you and Dave.

(For those of you unfamiliar with a collection copyright, it's basically a
copyright on a collection of things that are either copyrighted or public
domain (if they're copyrighted, they can still be distributed, but that
strongly depends on the real owner of the copyright.)  If someone else takes
the same collection of files and sells it, he is violating the collection
copyright.)

Now all this aside, I doubt that I'd actually go and sue PC Magazine for
selling the disks at $100 a pop.  Of course the guy getting his hands on the
disk might notice he was had, but that's another thing.
	




From rarachel at prism.poly.edu  Sun Jul  3 09:41:27 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 3 Jul 94 09:41:27 PDT
Subject: Un-Documented Feature
In-Reply-To: <9407020254.AA24485@lab.cc.wmich.edu>
Message-ID: <9407031628.AA01687@prism.poly.edu>


> Questions:
> 
> 1) In non-mathematical terms, if possible, what difference does this
>    make in terms of security?

None mathematically.  A friend of mine (denaro09 at darwin.poly.edu) has an
interesting thought on this.  If the NSA does have any method of screwing
RSA in any way, it's probably optimized for the common key lengths for PGP.
ie: 512, 1024, etc.  So he uses a 1023 bit key.  That one bit less may be
unsecure for him, but the idea is still sound.  Maybe a 1025 bit key would
give them less of an advantage.  Even so this is all speculation.  We don't
know what the NSA knows...





From mspellman at cix.compulink.co.uk  Sun Jul  3 10:04:16 1994
From: mspellman at cix.compulink.co.uk (Martin Spellman)
Date: Sun, 3 Jul 94 10:04:16 PDT
Subject: Van Eck Detection
Message-ID: <memo.546806@cix.compulink.co.uk>



> > To: cypherpunks at toad.com
> > 
> > I've heard rumors through the years that CIA/NSA/whoever can aim a
> > parabolic antenna at your window, read the electronic pulses
> surrounding> your computer, and thusly determine what you are typing. 
> Is there any> truth to this?
 
> How far away, and whether a van parked a block away can do it, is
> unknown to me. There are people on this list who have done
> this...perhaps they can comment anonymously.
> 
> Note that the TEMPEST spec for shielding equipment is directly related
> to this.

In Britain we have 'TV detector Vans'. These are to detect licence 
evaders (you need to pay an annual licence for the BBC channels). They 
are provided by the Department of Trade and Industry. They use something 
like a small minibus and use Van Eck principles. They have two steerable 
detectors on the van roof so they can triangulate. But TV shops have to 
notify the Government of buyers - so that is the basic way in which 
licence evaders are detected.
I read of a case on a bulletin board where someone did not have a TV but 
used a PC. He got a knock on the door. They said he appeared to have a TV 
but they could not make out what channel he was watching!

Martin Spellman
<mspellman at cix.compulink.co.uk>






From mspellman at cix.compulink.co.uk  Sun Jul  3 10:12:20 1994
From: mspellman at cix.compulink.co.uk (Martin Spellman)
Date: Sun, 3 Jul 94 10:12:20 PDT
Subject: Mysterious Deaths was: J.Bidzos life threatened
Message-ID: <memo.543792@cix.compulink.co.uk>



> gtoal at an-teallach.com (Graham Toal) wrote:

> Several years ago lots of British scientists died under 
> mysterious  circumstances.  They were generally described as 
> 'defence scientists'  but what a significant number of them had 
> in common was work in  the area of surveillance.  Several of 
> them were connected to UK's  system X.  
 (One UK govt official was found dead in  
> his hotel room in an arab country while there at a trade fair 
> in  an unofficial capacity helping to promotye system X). 

For those who want to follow this up a bit more there was a book 
published in 1990:
'Open Verdict - An Account of 25 mysterious deaths in the defence 
industry'by Tony Collins  ISBN 07474 0146 2
Publisher Sphere Books
Well worth reading if you can get hold of it.

Collins picked up this story when he was a journo with 'Computer News' in 
England. He later became Executive Editor of Computer Weekly.
It all happened in the mid 80s and most of those involved were computer 
programmers. 28 cases are dealt with in the book and there may have been 
more (or less) as much of the evidence is circumstantial and all may not 
have been connected.
Collins reckons it has more to do with Electronic Warfare(EW) or C3i than 
digital exchange surveillance. Although System X was apparently a key 
component of IUKADGE (Improved UK Air Defence Ground Environment) an 
early warning system. The backbone for this was UNITER - a comms system 
to link over 100 USAF and RAF bases around the world.
Many of the people worked for GEC Marconi and GEC Plessey (the main 
System X contractor).
Jonathan Wash, fell from a hotel balcony in Abidjan, capital of the Ivory 
Coast, West Africa, on 19 November 1985, shortly after expressing a fear 
for his life. He was working for Telconsult, a subsidiary of BT (the 
telecoms transnational which is also a major defence contractor). He was 
helping the government there assess bids for a digital exchange contract.
Some of the others that died worked for GCHQ, the junior partner of the 
NSA.Some of the deaths were very odd, to say the least! and some were not 
fully investigated as murder was not suspected. It is an inviting field 
for conspiracy theorists.
Hilda Murrell, whose death may be linked to our nuclear power industry 
was also killed around this time (24 March 1984).
System X was delayed for a long time and one rumour was that they had 
designed the basic exchange OK - the problems lay with doing all the 
'other bits' that went into it.






From tcmay at netcom.com  Sun Jul  3 10:25:57 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 3 Jul 94 10:25:57 PDT
Subject: PC Expo summary!!
In-Reply-To: <9407031617.AA01489@prism.poly.edu>
Message-ID: <199407031726.KAA03936@netcom6.netcom.com>



First, what Arsen Ray A. did at PC-Expo was admirable. I haven't
criticized it in any way.

However, my name comes up in two ways here, so I wish to comment.

* the "focus" on cryptoanarchy, which, as Perry M. noted may not be
the best introductory material. This has also come up in connection
with newcomers like Sherry Mayo discovering our group through URLs
that are out there and being put off by the putative focus, based on
the article the URL compilers have selected for inclusion.

* my alleged inability or unwillingness to help Arsen Ray A.

I'll use Arsen's article as the basis for comment:


> I agree.  However, I was severely pressed for time, and this was the best
> resource I could find that dealt with most of the issues dealing with Clipper.

Well, I understand the pressures of time :-}. But Arsen first
mentioned the PC-Expo diskette project in late April or early May,
according to my archives, so there were 7 to 9 weeks to put articles
together. Granted, people did not respond to calls to write tutorials,
but that's to be expected, for some good and some human nature
reasons. Face it, people just don't write free articles. Or "stone
soup" articles ("Hey, here's the title...now you fill in the
details.").

Besides, a truly vast amount of stuff has already been written on
Clipper, on escrow in general, on Digital Telephony, etc. Articles
that were posted to Cypherpunks may not be salable in toto, but
certainly excerpts fall under the "fair use" standards (I routinely
snatch phrases and paragraphs, with attribution, for the FAQ I'm still
trying to get finished).

So I am not overly sympathetic to the claims that nothing was
available. Or that Cypherpunks would not write stuff for the PC-Expo
diskettes! (I don't mean this to be harsh to Arsen...just a factual
comment on his article.)

> I don't think it made anarchist==cypherpunk, though granted some folks would
> take it that way.  Certainly a cypherpunk is nothing more than somone who
> uses crypto for his privacy and demands strong crypto. However the transcript
> did offer a lot of information as to what the uses are both legal and illegal
> and what the dangers of weak crypto & clipper.

I think the Dave Mandl-Perry Metzger piece was fine. Not likely to get
people to use crypto, but it may recruit some libertarians and
anarchists to our cause--and that is always good!

> I did ask around for beginners articles & was told to write some up myself.
> I would have, had I not been pressed for time.  As I said in the pc-expo
> summary, I had to write lots of software, and weed though about 900 files that
> I captured off this list to see what I can use.  None of them had as much raw

I was asked to either write something up for this diskette, or to
"mosh together" some of my essays. I declined, feeling it was Arsen's
project and that he should write the connective material
himself...good experience in learning to write a tutorial, etc. I'm
also skeptical about the need for more essays on why Clipper is
bad....anybody who hasn't already read about 30 articles and
editorials on Clipper has been living in a cave for the past 14 months.


> This wasn't my original intention, but unless someone (even myself) writes
> a nice big text file on all the issues from clipper, to rsa, to patents to
> pgp to even Tempest and IR face scans at the airport, this was the best resource
> I could find.  Even Tim wasn't able to help out.   I had little choice.  IT
> was either include this file and offend some readers, or don't include it and
> leave them clueless.  Which would you rather had me do?

"Tim wasn't able to help out" for the reasons mentioned above. And
even had I been willing to, I got the urgent message from Arsen just a
few days before the deadline (I can check my records, but it was
recently). (Don't say "I" knew the deadline since April....I never
volunteered to write essays on a custom basis for this project.)


About the "Copyright Cypherpunks" blurb:

> You obviously can sell someone a copy of it.  You wrote it, it's under your
> copyright more than the cypherpunks.  You have to keep in mind that the visuals
> of this disk were to make it look like some big corporation was putting out
> demo software. Not a bunch of loosely connected folks who know each other
> only via email (mostly anyway.)  Putting a copyright notice on it certainly
> brings this out more.  Also the title of the disk wasn't "Cypherpunks Disks"
> it was "Data Security & Privacy\n A Free Software Demo"  In small letters
> it stated that PGP & SecureDevice & WNS were on the disk.

Had that been an interview I gave, I'd've been pissed off to see
someone else attach the "Copyright Cypherpunks" blurb on my words.
Even with my permission (and I assume Dave Mandl and Perry Metzger
were asked for permission), attaching the words "Copyright
Cypherpunks" is misleading: Cypherpunks are not an organized group.
Issuing things in their name creates a misleading impression....and
might, very unlikely though it is, create some kind of legal pressures
on us. (An advantage to our disorganization is that governments can't
find anyone to prosecute for the crimes of the "group.")


> As far as copyright is concerned, while we are just a "mailing list" we can
> also be thought as an organization.  We are "organized" and our address is
> only on the internet.  The method of organization is anarchy.  None the less
> we aren't any less of an organization than any other.  We just don't operate
> in the same way IBM or MicroSoft, or EFF or EPIC does.  Does that mean we
> can't copyright stuff in the cypherpunks name?  I don't know, I'm not a lawyer
> and I agree with you that it probably wouldn't hold true infront of a 
> copyright judge or a copyright lawyer.  None the less, it was put there for
> effect and it did its job for effect, not for copyright.

The main problem is one of taste. If I attached a Cypherpunks
copyright on my latest video, "Debbie Does Fort Meade," folks here
might be upset. (I'm not saying Arsen's thing was all that
serious--most likely the essay was read by exactly 7 people, 6 of whom
have forgotten it, and 1 of whom is wondering why his mail to the
incorrect address "cypherpunks at toad.com" is going unanswered.)

Again, I congratulate Arsen for his intitiative. I don't cotten to his
denunciation of us a few days for somehow failing him, though. The job
of an editor is not an easy one; it's a lot more than just announcing
a project and then waiting for others to finish the work. (This
apprach rarely works even when _money_ is offered, let alone when the
work is for free, etc.)

I've spent entirely too much time writing articles for Cyphepunks, so
I am bemused to see charges that Cypherpunks are not doing enough.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ebrandt at jarthur.cs.hmc.edu  Sun Jul  3 11:24:03 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sun, 3 Jul 94 11:24:03 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <4i5by0G00WBMA0jZF6@andrew.cmu.edu>
Message-ID: <9407031823.AA25826@toad.com>


> Note that some compilers might not be smart enough to use logical shift
> ops and instead use expensive division ops.  Just to be safe...
> 
> int byte_ones(int a)
> {
>          a = (a & 0x55) + ((a & 0xAA) << 1);          // 0x55 == 01010101b
>          a = (a & 0x33) + ((a & 0xCC) << 2);          // 0x33 == 00110011b
>          a = (a & 0x0F) + ((a & 0xF0) << 4);          // 0x0F == 00001111b
>          return a;
> }

One advantage of writing it as division is that it's hard to accidentally
reverse, as above.  :-)  I was just trying to cut down on parens...

   Eli   ebrandt at hmc.edu






From rarachel at prism.poly.edu  Sun Jul  3 11:27:50 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 3 Jul 94 11:27:50 PDT
Subject: PC Expo summary!!
In-Reply-To: <199407031726.KAA03936@netcom6.netcom.com>
Message-ID: <9407031815.AA02636@prism.poly.edu>


> First, what Arsen Ray A. did at PC-Expo was admirable. I haven't
> criticized it in any way.

Please, call me Ray. :-)  Nevermind what Poly tells ya. :-)

I thank you, although there is room for criticism. :-)  I did screw up a couple
of things as I did mention earlier.  But at least now there's a precedent so
that others elsewhere can do the same thing, and will be able to do it
without that bug.
 
> However, my name comes up in two ways here, so I wish to comment.
> 
> * the "focus" on cryptoanarchy, which, as Perry M. noted may not be
> the best introductory material. This has also come up in connection
> with newcomers like Sherry Mayo discovering our group through URLs
> that are out there and being put off by the putative focus, based on
> the article the URL compilers have selected for inclusion.

Agreed, but I had little else that would make as much of a difference.
 
> * my alleged inability or unwillingness to help Arsen Ray A.
> 
> I'll use Arsen's article as the basis for comment:
> 
> > I agree.  However, I was severely pressed for time, and this was the best
> > resource I could find that dealt with most of the issues dealing with Clipper.
> 
> Well, I understand the pressures of time :-}. But Arsen first
> mentioned the PC-Expo diskette project in late April or early May,
> according to my archives, so there were 7 to 9 weeks to put articles
> together. Granted, people did not respond to calls to write tutorials,
> but that's to be expected, for some good and some human nature
> reasons. Face it, people just don't write free articles. Or "stone
> soup" articles ("Hey, here's the title...now you fill in the
> details.").

Yes, quite true.  At that time I was working part time and had a lot of spare
time to work with.  I was basically collecting posts from the lists which I
would consider using.  Come May however, my free time dropped to almost zero.
Again, this is nothing but hindsight, but what's done is done.  Let's hope
for the best result.
 
> Besides, a truly vast amount of stuff has already been written on
> Clipper, on escrow in general, on Digital Telephony, etc. Articles
> that were posted to Cypherpunks may not be salable in toto, but
> certainly excerpts fall under the "fair use" standards (I routinely
> snatch phrases and paragraphs, with attribution, for the FAQ I'm still
> trying to get finished).

Again, PC Expo was Tuesday.  I finished the disk between Sunday and Monday.
I barely had enough time to put the stuff that I did manage to put on the
disk.  I didn't have time to clip quotes out of articles though I intended
to do so.  However Wired's articles on the Cypherpunks & Clipper were very
handy and did make their way on the disk. 
 
> So I am not overly sympathetic to the claims that nothing was
> available. Or that Cypherpunks would not write stuff for the PC-Expo
> diskettes! (I don't mean this to be harsh to Arsen...just a factual
> comment on his article.)

Most of my bitching was directed to those punx who volunteered then backed
out.  Sorry if this wasn't clear.  Yes, there were plenty of articles, but
I did not have them all available to me.  All in all, the Wired articles and
the Transcript were the best of the crop.  The others were tidbits of sorts
and didn't quite fit in as the Uncypherpunk's Manual to Cypherpunk issues.
:-)  I asked you for material because A) You wrote tons of it, B) I was
hoping you had some around which you could forward to me, or C) you had
or would have written something ; D) which I asked was if you could mosh
something together as you mention further on..

This wasn't a "Tim, he didn't help out at all."  You did, I did have some 
of your posts on the disk; but not much in terms of what was needed.

> I think the Dave Mandl-Perry Metzger piece was fine. Not likely to get
> people to use crypto, but it may recruit some libertarians and
> anarchists to our cause--and that is always good!

But perhaps some will use it anyway, even if they have qualms about the
transcript. :-)  Let's hope that in the least it helped spread PGP a bit
further. 
 
> I was asked to either write something up for this diskette, or to
> "mosh together" some of my essays. I declined, feeling it was Arsen's
> project and that he should write the connective material
> himself...good experience in learning to write a tutorial, etc. I'm
> also skeptical about the need for more essays on why Clipper is
> bad....anybody who hasn't already read about 30 articles and
> editorials on Clipper has been living in a cave for the past 14 months.
 
Which I would have if I had the time or the foresight to start such an article
ahead of time instead of thinking I had captured enough from the list.  I
perhaps will do so for future disks, etc.  Again, I know you are busy and
would not have asked if I wasn't under a lot of time stress..

> Had that been an interview I gave, I'd've been pissed off to see
> someone else attach the "Copyright Cypherpunks" blurb on my words.
> Even with my permission (and I assume Dave Mandl and Perry Metzger
> were asked for permission), attaching the words "Copyright
> Cypherpunks" is misleading: Cypherpunks are not an organized group.
> Issuing things in their name creates a misleading impression....and
> might, very unlikely though it is, create some kind of legal pressures
> on us. (An advantage to our disorganization is that governments can't
> find anyone to prosecute for the crimes of the "group.")

Well what did you want me to do with those who were interested?  Not put
any sort of contact info on there whatsoever?  Certainly the copyright
on that particular transcript may be misleading, but are Perry and Dave
non-cypherpunks?  Well, never mind, I'm painting myself in a corner here.
Certainly, Dave and Perry own the copyright to this. I conceeded that point
many a time.
 
> > As far as copyright is concerned, while we are just a "mailing list" we can
> > also be thought as an organization.  We are "organized" and our address is
> > only on the internet.  The method of organization is anarchy.  None the less
> > we aren't any less of an organization than any other.  We just don't operate
> > in the same way IBM or MicroSoft, or EFF or EPIC does.  Does that mean we
> > can't copyright stuff in the cypherpunks name?  I don't know, I'm not a lawyer
> > and I agree with you that it probably wouldn't hold true infront of a 
> > copyright judge or a copyright lawyer.  None the less, it was put there for
> > effect and it did its job for effect, not for copyright.
> 
> The main problem is one of taste. If I attached a Cypherpunks
> copyright on my latest video, "Debbie Does Fort Meade," folks here
> might be upset. (I'm not saying Arsen's thing was all that
> serious--most likely the essay was read by exactly 7 people, 6 of whom
> have forgotten it, and 1 of whom is wondering why his mail to the
> incorrect address "cypherpunks at toad.com" is going unanswered.)

What's wrong with "cypherpunks at toad.com?"  I certainly send messages to that
address, and get replies, even if I write from a different machine because
most folks will do a cc:cypherpunks to a reply, so their reply goes to both
cypherpunks and the email address of the person they're responding to.

I certainly wouldn't be upset about Debbie Does Fort Meade. :-)  Nonetheless
it was a speech given by two cypherpunks.  If someone in an organization does
something you dislike, it doesn't pull him out of that organization necessarily
and again, the transcript was labeled "Crypto-anarchy" with a blurb about
"cypherpunks Perry Metzger & Dave Mandl" at least that was on the flyer which
announced the meeting.

I disagree that we shouldn't put copyright notices on future diskettes
simply because of appearances which I mentioned in the post to Perry.  I
strongly feel that putting a shitty looking diskette with out making it look
professional will hurt more than help.  As you've said, since we're not quite
that organized, we are shielded from some government problems, but putting
a copyright notice in the cypherpunks name doesn't really expose us to
any problems as there is no real organization to the cypherpunks.

We can certainly explore this point further.
 
> Again, I congratulate Arsen for his intitiative. I don't cotten to his
> denunciation of us a few days for somehow failing him, though. The job
> of an editor is not an easy one; it's a lot more than just announcing
> a project and then waiting for others to finish the work. (This
> apprach rarely works even when _money_ is offered, let alone when the
> work is for free, etc.)
> 
> I've spent entirely too much time writing articles for Cyphepunks, so
> I am bemused to see charges that Cypherpunks are not doing enough.

I agree that you've done lots and I've done some, and others have pitched
in.  But out of all the 700 cpunx on the list or whatever majordomo will
report, what percetange have sat on our asses and done nothing?  If you
have written and worked, I do not believe that you would think my diatribes
were aimed at you.  Granted I did mention your name, but I did not imply
you were not doing enough.  I stated that you were "unable" to help, and
that was in the context of the PC Expo project.  That doesn't reflect any
other work you've done for other projects.

Anyway, I was damned stressed out and am sure that when others will scrutinize
the whole disk, byte for byte, and my actions they may find other glitches.
If I have put you on the spot, it was not intentional.  I'm still a bit
burned out from that two day marathon of completing the disk.  I was far
more concerned with getting more folks to get off their asses and do something
than pointing the finger at others for my shortcommings.

I DO hope that all "bugs" (be they software, or wetware) involved in this
project won't hurt future projects.  Perhaps by the time the next Expo will
occur, you'd have finished the FAQ and it would be useful for it.  Too bad
Dickweiler turned psycopath before finishing a decent FAQ.

One word of advice for the future my droogs:  If you write something spiffy,
please consider allowing me and anyone else who might do an Expo raid to use
your articles.  And perhaps we can write more magazine style articles than
just argue over the finer points of a thread.  I can include threads, yes,
but there are always imbeciles who have qualms about having their words
appear elsewhere.  I don't agree with them, but I have to respect their
wishes.  If you'd ease up a bit, your words will do a far greater service.

And for the rest of you, find out if there's any Expos around your town and
join in the raids.  I'll be glad to help you put together a disk, etc.  Even
if your town doesn't have Expos, see if you could give out the disks to
local user groups, or organizations who would be interested, but may not
be aware of PGP et al.





From sandfort at crl.com  Sun Jul  3 11:35:48 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 3 Jul 94 11:35:48 PDT
Subject: Password Difficulties
In-Reply-To: <Pine.3.89.9407031029.A196-0100000@newdaisy.ee.und.ac.za>
Message-ID: <Pine.3.87.9407031129.A18252-0100000@crl2.crl.com>


C'punks,

There has been some discussion about typing long passphrases with echo 
off.  I don't have any trouble, but I'm a touch typist.  Perhaps it is 
only the hunt-and-peck, two-finger typists who are have a problem.


 S a n d y

Typing--one of the three most useful courses I took in high school.






From nowhere at bsu-cs.bsu.edu  Sun Jul  3 12:30:18 1994
From: nowhere at bsu-cs.bsu.edu (Chael Hall)
Date: Sun, 3 Jul 94 12:30:18 PDT
Subject: ANI numbers
In-Reply-To: <199407031621.JAA24394@jobe.shell.portal.com>
Message-ID: <199407031929.OAA06993@bsu-cs.bsu.edu>


>I thought that ANI only was supposed to work on 800 numbers, the 
>theory being that since the callEE was paying the toll, he was 
>entitled to know who was calling.  So now we have to worry about 
>ANI on non-800 numbers, too?

     There may or may not be an 800-number associated with it.  If you 
call the number to which an 800-number is pointed, ANI info will print 
just as though you had called the 800-number.  Also, other non-800 
numbers can have ANI and ALI.  For example, 911.

Chael

--
Chael Hall
nowhere at bsu-cs.bsu.edu	00CCHALL at BSUVC.BSU.EDU
nowhere at chaos.bsu.edu	chall at bsu.edu
(317) 776-4010, Ext. #538




From mark at unicorn.com  Sun Jul  3 13:32:04 1994
From: mark at unicorn.com (Mark Grant)
Date: Sun, 3 Jul 94 13:32:04 PDT
Subject: Privtool ("Privacy Tool") Beta release
Message-ID: <Pine.3.89.9407032135.A1196-0100000@unicorn.com>



Hi, recently a few people have been asking about PGP-aware mail programs
for X-Windows, and I thought they might be interested in the one that I've
been hacking together over the last nine months. At the moment, the Beta
release is available from ftp.c2.org in /pub/privtool as
privtool-0.80.tar.Z, and I've attached the README.1ST file so that you can
check out the features and bugs before you download it. 

Currently the program requires the Xview toolkit to build, and has only
been compiled on SunOS 4.1 and Solaris 2.1. I don't think that there
should be any ITAR problems as there is no actual cryptography code in the
program (you need a copy of PGP and ideally a copy of PGP Tools to run
it), however as I'm not a lawyer and I'm in Europe anyway, if anyone in
Europe is willing to make it available on an FTP site, contact me and I
can upload it there. 

Also, if anyone wants to collaborate on a port to Xt, Motif, Windows etc,
or knows how to fix some of the Xview funnies, mail me at
mark at unicorn.com. I'm going to be off the net for most of the next two
weeks, so don't expect a fast response in the immediate future. 
 
                        Mark Grant
 
P.S. People wanting to integrate PGP with other programs might be
interested in the pgplib.c and support files in the Privtool source, which
give a high-level C interface to encrypt/decrypt/sign/verify messages,
either calling PGP Tools or (on Unix) forking off a copy of PGP and
examining the messages it prints out (though I haven't tested this with
2.6, only 2.3a). You're free (within the terms of the GPL) to use it in
your own applications if it's of use to you (it only took me a couple of
hours to add decryption/signature verification to Pine, for example). 

--- 
        Privtool Beta Release   @(#)README.1ST  1.9 6/31/94
        -----------------------------------------------------
 
Privtool ("Privacy Tool") is intended to be a PGP-aware replacement 
for the standard Sun Workstation mailtool program, with a similar 
user interface and automagick support for PGP-signing and 
PGP-encryption. Just to make things clear, I have written this 
program from scratch, it is *not* a modified mailtool (and I'd hope 
that the Sun program code is much cleaner than mine 8-) !). 
 
When the program starts up, it displays a list of messages in your 
mailbox, along with flags to indicate whether messages are signed 
or encrypted, and if they have had their signatures verified or 
have been decrypted.
 
When you double click on a message, it will be decrypted (requesting
your passphrase if neccesary), and/or will have the signature checked,
and the decrypted message will be displayed in the top part of the
display window, with signature information in the bottom part. The
mail header is not displayed, but can be read by pressing the 'Header'
button to display the header window. In addition, the program has
support for encrypted mailing list feeds, so that if the decrypted
message includes another standard-format message it will replace
the original message and be fed back into the display processing
chain.
 
When composing a message or replying to one, the compose window has
several check-boxes, including one for signature, and one for
encryption. If these are selected, then the message will be automatically
encrypted and/or signed (requesting your passphrase when neccesary) before
it is sent.

Being an Beta release, there are a number of bugs and nonfeatures :

Known Bugs :
 
        Message list scrollbar often set to stupid position when loading
        a mail file.
 
        When you save changes to the mail file, it throws away the
        signature verification and decrypted messages, so that the
        next time you view a message it has to be verified or decrypted
        again.
 
        'New mail' indicator in icon does not go away if you open the
        window and close it again without reading any messages.
 
Known Nonfeatures :
 
        Currently if you send encrypted mail to multiple recipients, all must
        have valid encrpytion keys otherwise you will have to send the
        message in plaintext. Also, the message will be sent encrypted to all
        users, not just the one who is receiving each copy.
 
        'Add Key' button is enabled and disabled as appropriate, but does
        not do anything ! A number of other buttons and menu items do
        not work either.
 
        Passphrase is stored in ASCII rather than MD5 form, making it
        easier for hackers to find if you're on a multi-user machine (of 
        course, you shouldn't be, but many of us are).
 
        Kill-by-subject does not work.
 
        Ignores Reply-To: lines, and could probably do with an improved
        mail-reading algorithm.
 
        Only one display window, and only one compose window.
 
        Message List window code needs rewrite.
 
        Code should be more modular to assist with ports to Xt, Motif, Mac,
        Windows, etc. 
 
        Not very well documented !
 
        Encrypted messages are saved to mail files in encrypted form. There
        is currently no option to save messages in decrypted form.
 
        No current support for remailers and pseudonyms (this will be added
        for the final release).
 
        Not very well tested on Solaris 2.x.
 
Privtool can be compiled to either use PGPTools, or to fork off a copy of
PGP whenever it is needed. There are also a number of different security
level options for the passphrase, varying from 'read it from PGPPASS and
keep it in memory' to 'request it every time and delete it as soon as
possible', via 'request it when neccesary and delete it if it's not used
for a while'.
 
See the README file for information on compiling the code, and the
user.doc file for user documentation (the little that currently 
exists). You should also ensure that you read the security concerns
section in user.doc before using the program.
 
                Mark Grant (mark at unicorn.com)
 
 






From warlord at MIT.EDU  Sun Jul  3 13:47:57 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Sun, 3 Jul 94 13:47:57 PDT
Subject: Password Difficulties
In-Reply-To: <Pine.3.87.9407031129.A18252-0100000@crl2.crl.com>
Message-ID: <9407032047.AA24854@toxicwaste.media.mit.edu>


> There has been some discussion about typing long passphrases with echo 
> off.  I don't have any trouble, but I'm a touch typist.  Perhaps it is 
> only the hunt-and-peck, two-finger typists who are have a problem.

I'm not a touch typist (although I am also not quite a hunt-and-peck
typist, either).  And using only about 6 fingers (well, I am counting
both thumbs in this count, and sometimes I use my other fingers as
well) I have no problems typing in my long (40-50 char) pass phrase!

However, I am a computer geek (well, I prefer to be known as a nerd,
but I have Nerd Pride, so... ;-) Anyways, I have a feeling that
Steve's testing was done with non-computer-geek-type people.  I.e.,
secretaries, managers, and high-up muckety-mucks.  Is this true,
Steve?  What was your sample space in your research?

-derek






From sandfort at crl.com  Sun Jul  3 14:04:45 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 3 Jul 94 14:04:45 PDT
Subject: ACAPULCO H.E.A.T.
Message-ID: <Pine.3.87.9407031328.A22478-0100000@crl.crl.com>


C'punks,

Today's episode was, "Codename:  Feminine Intuition."

The Bad News:	No crypto

The Good News:	No Fabio

Gooder News:	Lots of shots of Alison Armitage in swim suits.


 S a n d y








From jgostin at eternal.pha.pa.us  Sun Jul  3 14:56:12 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sun, 3 Jul 94 14:56:12 PDT
Subject: (None)
Message-ID: <940703160818T8mjgostin@eternal.pha.pa.us>


bmorris at netcom.com (Bob MorrisG) writes:

> I've heard rumors through the years that CIA/NSA/whoever can aim a
> parabolic antenna at your window, read the electronic pulses surrounding
> your computer, and thusly determine what you are typing.  Is there any
> truth to this?
     If this is a reference to the TEMPEST attack, yes, they can. From
what I hear, it's trivially easy for them to do, because they have The
Right Equipment. Rumor also suggests that that The Right Equipment isn't
so difficult to come by. I don't pretend to understand the intricacies of
TEMPEST, but I do know that the government requires all of their computers
(used at any level of security above none) to be TEMPEST shielded. This
tells us its a real concern.

     There are other ways to beat TEMPEST, like making it damn near
impossible to get close enough to the computer in question to get a
reading.

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From smb at research.att.com  Sun Jul  3 16:49:16 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 3 Jul 94 16:49:16 PDT
Subject: Password Difficulties
Message-ID: <9407032349.AA28389@toad.com>


	 I'm not a touch typist (although I am also not quite a hunt-and-peck
	 typist, either).  And using only about 6 fingers (well, I am counting
	 both thumbs in this count, and sometimes I use my other fingers as
	 well) I have no problems typing in my long (40-50 char) pass phrase!

	 However, I am a computer geek (well, I prefer to be known as a nerd,
	 but I have Nerd Pride, so... ;-) Anyways, I have a feeling that
	 Steve's testing was done with non-computer-geek-type people.  I.e.,
	 secretaries, managers, and high-up muckety-mucks.  Is this true,
	 Steve?  What was your sample space in your research?

My tests were informal.  The target was mostly taken from the sci.crypt
readership -- I don't deal much with management...

The initial tests were on passphrases of lengths from 12 to 20, as I
recall.  The phrases were created by chosing random words from
/usr/dict/words -- and the resulting pass-phrases were exceedingly
weird, which may have contributed to folks difficulty in typing them.
Not that the scores were bad, but they weren't great.

Access was by telnetting to a special port (or was it a special login?
I forget).  All and sundry are welcome to participate.

Anyway, I never had a chance to follow up, since I was distracted by
the book I was writing.  That's done, and I'm getting back to research
(though I'm thinking of starting another book this fall...).  Rerunning
the experiment, using longer passphrases, is high on my list; there's
some chance I'll be getting to it this summer, along with a student
who's working for me.  (We're currently working on another project of
interest to this audience; the paper will be available for ftp when
it's ready, though that's still a couple of months off.)

			--Steve Bellovin

P.S.  For the record -- I've been a touch typist for >30 years, as
appalling as that number sounds.  And secretaries are likely to be
*better* typists, not worse.  My concern for folks typing ability
was just that:  concern.  We don't *know*.  We do know that lots of
folks aggressively pick bad passwords; it isn't at all clear to me
if the problem is typing, memory, or both.  Passphrases will tend
to exacerbate both problems.





From dmandl at panix.com  Sun Jul  3 17:20:04 1994
From: dmandl at panix.com (David Mandl)
Date: Sun, 3 Jul 94 17:20:04 PDT
Subject: PC Expo summary!!
Message-ID: <199407040019.AA27737@panix.com>


At 10:26 AM 7/3/94 -0700, Timothy C. May wrote:
>
>About the "Copyright Cypherpunks" blurb:
>
>Had that been an interview I gave, I'd've been pissed off to see
>someone else attach the "Copyright Cypherpunks" blurb on my words.
>Even with my permission (and I assume Dave Mandl and Perry Metzger
>were asked for permission), attaching the words "Copyright
>Cypherpunks" is misleading: Cypherpunks are not an organized group.
>Issuing things in their name creates a misleading impression....and
>might, very unlikely though it is, create some kind of legal pressures
>on us. (An advantage to our disorganization is that governments can't
>find anyone to prosecute for the crimes of the "group.")

Just for the record: I discussed the transcript with RAR (though I didn't
see it) before he posted it.  I made it clear that anything he did with it
was OK with me.  The "copyright" issue is funny: Personally, I generally
anti-copyright things like that.  I didn't even notice the "copyright" when
I quickly skimmed the transcript (which is all I've had time to do--just
checking to see whether I'd made any obviously bone-headed statements).  I
assume it was meant kind of tongue-in-cheek, and nothing more; I agree that
it might call undue attention to the group and piss off list members who
don't want that transcript representing them.  That's perfectly reasonable.
Again, far as I'm concerned, I'd rather the "c" word just didn't appear.

Yeah, it may not be the best piece to distribute to the general public
since, as Perry pointed out, this was specifically an anarchist talk.  The
audience consisted mainly of people who already consider themselves
anarchists and would therefore be interested in these new developments from
that perspective.  Don't know how much sense it makes to people who don't
accept that to begin with.  Personally, I usually don't shy away from using
blatantly political language when I think it's necessary or appropriate,
regardless of the audience (on my radio show, for example), but I can see
how people might think it's counter-productive here.

As far as distribution goes, I'm glad it was posted to the list, at least.
Beyond that, anything that's OK with Perry is OK with me.  But there's no
reason that all list members should be blamed for that talk.  It was just
me and Perry, speaking for ourselves.

One more thing: If anyone were to _charge_ anything for copies of that
transcript beyond a reasonable "handling" fee, I'd be REALLY mad.  That
doesn't include Perry, of course, but I doubt that he's considering making
his fortune off that anyway.

   --Dave.

--
Dave Mandl
dmandl at panix.com







From venom at kaos.aum.edu  Sun Jul  3 17:25:13 1994
From: venom at kaos.aum.edu (James E. Riggs)
Date: Sun, 3 Jul 94 17:25:13 PDT
Subject: Password Difficulties
In-Reply-To: <Pine.3.87.9407031129.A18252-0100000@crl2.crl.com>
Message-ID: <Pine.3.89.9407031935.A331-0100000@kaos>




On Sun, 3 Jul 1994, Sandy Sandfort wrote:

> C'punks,
> 
> There has been some discussion about typing long passphrases with echo 
> off.  I don't have any trouble, but I'm a touch typist.  Perhaps it is 
> only the hunt-and-peck, two-finger typists who are have a problem.
> 
> 
>  S a n d y
> 
> Typing--one of the three most useful courses I took in high school.
> 
> 


I am also a touch typist and have not problems typing long passphrases 
with echo off.  I was also wondering about this discussion.  I can type a 
long passphrase with little trouble.

						Jim Riggs






From joshua at cae.retix.com  Sun Jul  3 17:34:55 1994
From: joshua at cae.retix.com (joshua geller)
Date: Sun, 3 Jul 94 17:34:55 PDT
Subject: Password Difficulties
In-Reply-To: <9407032349.AA28389@toad.com>
Message-ID: <199407040034.RAA04757@sleepy.retix.com>



>   My tests were informal.  The target was mostly taken from the sci.crypt
>   readership -- I don't deal much with management...

>   The initial tests were on passphrases of lengths from 12 to 20, as I
>   recall.  The phrases were created by chosing random words from
>   /usr/dict/words -- and the resulting pass-phrases were exceedingly
>   weird, which may have contributed to folks difficulty in typing them.
>   Not that the scores were bad, but they weren't great.

I wonder how much the success that I (and apparently others) have with
long pass phrases is due to the fact that we pick our own sentences
which have some meaning (presumably) to us.

josh





From smb at research.att.com  Sun Jul  3 17:42:14 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 3 Jul 94 17:42:14 PDT
Subject: Password Difficulties
Message-ID: <9407040042.AA29205@toad.com>


	 I wonder how much the success that I (and apparently others) have with
	 long pass phrases is due to the fact that we pick our own sentences
	 which have some meaning (presumably) to us.

Yes, that is an issue.  I attempted to compensate for that by not
turning off echoing.  This way, if you pause in the middle, you'll
be able to see where you are.





From hfinney at shell.portal.com  Sun Jul  3 17:53:54 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 3 Jul 94 17:53:54 PDT
Subject: Password Difficulties
Message-ID: <199407040055.RAA15180@jobe.shell.portal.com>


(I tried posting on this a couple of days ago, but I never saw the
message.  Apologies if this is a rehash.)

Kent Borg makes a good point that our 128-bit IDEA keys are generated by
pass phrases of typically a few dozen bits.  He suggests doing things to
slow down the process of turning a pass phrase into a key, perhaps by
iterating MD5 multiple times.  A similar thing is done in the SecureDrive
software as well as in RSA's Public Key Cryptography Standards (PKCS).

The problem is that this doesn't help all that much.  If you slow down
the process by, say, a factor of 1000, that is about equivalent to adding
10 bits of entropy to the pass phrase (either way would slow down the
searcher by that much).  10 bits is perhaps nothing to sneeze at but it
doesn't really solve the problem.  I suspect that Kent is right that most
pass phrases don't have over 50 or 60 bits of entropy, far below the 128
bits of protection that we like to think IDEA is giving us.

Hal





From bryner at atlas.chem.utah.edu  Sun Jul  3 18:04:58 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Sun, 3 Jul 94 18:04:58 PDT
Subject: Password Difficulties
In-Reply-To: <9407032349.AA28389@toad.com>
Message-ID: <Pine.3.89.9407031844.A9194-0100000@atlas.chem.utah.edu>


On Sun, 3 Jul 1994 smb at research.att.com wrote:
> The initial tests were on passphrases of lengths from 12 to 20, as I
> recall.  The phrases were created by chosing random words from
> /usr/dict/words -- and the resulting pass-phrases were exceedingly
> weird, which may have contributed to folks difficulty in typing them.
> Not that the scores were bad, but they weren't great.
Try using 4 dicts next time, adverb, adj, noun, and verb.

Afterall, "wombats drill telephones with vitamin b12 ,but ports know 
shelves only with cyano groups." sounds nice, but "sofa loveseat table lamp 
chair shelf coatrack futon" is not nice at all, and less secure.

Another option is to let the user page through 3-4 options untill they 
find one they "like" in that position.

Roger, 






From dberg at netcom.com  Sun Jul  3 11:44:26 1994
From: dberg at netcom.com (Dave Berg)
Date: Sun, 3 Jul 1994 18:44:26 GMT
Subject: Cryptologist needed
Message-ID: <dbergCsDo22.AJ8@netcom.com>


A friend has asked me to try and find someone who can solve a difficult
problem.  They have some data which has been encrypted by some
unscrupulous parties.  The data is used by an application which
runs under MS-DOS.  They're willing to pay for someone's time to
retrieve the data as it would be useful for actions they have pending.

Anyone out there who can help?  I could probably do it myself if I
knew of any available decryption software which can run under DOS.

Thanks for your attention.






From smb at research.att.com  Sun Jul  3 18:48:18 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 3 Jul 94 18:48:18 PDT
Subject: Password Difficulties
Message-ID: <9407040148.AA29983@toad.com>


	 I suspect that Kent is right that most pass phrases don't have
	 over 50 or 60 bits of entropy, far below the 128 bits of
	 protection that we like to think IDEA is giving us.

There's an interesting issue here:  is it feasible to construct an
enumeration based on the 50-60 bits of information?  If not, the
protection is rather stronger in a practical sense.  But if one can
generate a reasonably comprehensive enumeration, then an enemy who
can brute-force (say) a 56-bit key could attack a PGP keyring as well.

It should be more or less obvious to this group, but it bears repeating
anyway.  The number of possible keys sets an upper bound on the
difficulty of attacking a system; it says nothing about the lower bound.
(Proof:  a monoalphabetic substitution on English has 26! possible keys,
which is about 88 or 89 bits.  But solutions are extremely trivial.)
Passphrases aren't 128 bits -- but they may be quite strong nevertheless.





From jpb at gate.net  Sun Jul  3 18:58:55 1994
From: jpb at gate.net (Joseph Block)
Date: Sun, 3 Jul 94 18:58:55 PDT
Subject: Pass Phrases
Message-ID: <199407040159.VAA67913@inca.gate.net>


Re:

>Sorry, there is no way regular people are going to remember pass words
>or phrases with more than about 50-bits worth of information in
>them--and even doing that well is going to be rare.

I just pick a sentence and use either the first letter of each word or the
last.  If I pick a verse of a song that makes it easy to remember.

If you're willing to chance a little less security of the phrase, pick one
from a book or CD you have near your terminal - I have four or five hundred
paperbacks within 10 feet of my terminal.  It is very easy to remember "book x,
chapter 5 paragraphs 8 through 12."  If you feel paranoid, add 1 letter to each
of the letters derived from your special phrase or some similar modifying
function.

jpb at gate.net




From ebrandt at jarthur.cs.hmc.edu  Sun Jul  3 20:15:41 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sun, 3 Jul 94 20:15:41 PDT
Subject: Pass Phrases
In-Reply-To: <199407040159.VAA67913@inca.gate.net>
Message-ID: <9407040315.AA00976@toad.com>


> If I pick a verse of a song that makes it easy to remember.

Aaaaaaagh!

   Eli   ebrandt at hmc.edu






From ebrandt at jarthur.cs.hmc.edu  Sun Jul  3 20:23:29 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sun, 3 Jul 94 20:23:29 PDT
Subject: Password Difficulties
In-Reply-To: <9407040148.AA29983@toad.com>
Message-ID: <9407040323.AA01106@toad.com>


> There's an interesting issue here:  is it feasible to construct an
> enumeration based on the 50-60 bits of information?

This does present some problems to an attacker.  There's a tradeoff
between the effective key length and the complexity of the enumerator
to generate these keys.  The fancier the model, the lower the
passphrase entropy, but the harder -- and slower -- it becomes to use.
This all seems hard to quantify, though.

   Eli   ebrandt at hmc.edu






From cdodhner at indirect.com  Sun Jul  3 20:24:50 1994
From: cdodhner at indirect.com (Special Agent Thomas Johnson - NSA)
Date: Sun, 3 Jul 94 20:24:50 PDT
Subject: TEMPEST jamming possible?
In-Reply-To: <940703160818T8mjgostin@eternal.pha.pa.us>
Message-ID: <Pine.3.89.9407032026.B13473-0100000@id1.indirect.com>


On Sun, 3 Jul 1994, Jeff Gostin wrote:

>      There are other ways to beat TEMPEST, like making it damn near
> impossible to get close enough to the computer in question to get a
> reading.

Or could it be possible to put out enough 'garbage' radiation to throw 
them off? it seems to me that if you knew which frequencies to use, you 
could blast out cryptographicly random white radio noise which would make 
it imposible to determine what was 'good stuff'. Basicly the concept is 
to encrypt all of your wasted radiation with a one-time pad, and throw 
away the keys.

Happy Hunting, -Chris.

______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner at indirect.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
------------------------------------------------------------------------------






From nobody at ds1.wu-wien.ac.at  Sun Jul  3 20:49:41 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Sun, 3 Jul 94 20:49:41 PDT
Subject: PGP Questions
Message-ID: <9407040349.AA14158@ds1.wu-wien.ac.at>


I seem to remember reading somewhere that using PGP to encrypt a message
for multiple recipients (in the same output file) somehow made 
cryptanalysis easier, but I don't seem to recall the rationale behind that 
concern.  Can somebody comment on that.

Also, concerning the PGP 2.3a/2.6/2.6ui controversy, is the only "problem" 
with 2.6 the fact that after 9/1/94 it will start reporting an incompatible 
version number that will make its output unreadable by older versions?  If 
so, and if source code is available, why couldn't the date checking routine 
be located in the source code and simply commented out, then the whole 
thing recompiled?

                                --





From nobody at ds1.wu-wien.ac.at  Sun Jul  3 20:50:00 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Sun, 3 Jul 94 20:50:00 PDT
Subject: No Subject
Message-ID: <9407040349.AA14174@ds1.wu-wien.ac.at>


::
Post-To: sci.crypt,alt.security.pgp
Subject: PGP Questions

I seem to remember reading somewhere that using PGP to encrypt a message 
for multiple recipients (in the same output file) somehow made 
cryptanalysis easier, but I don't seem to recall the rationale behind that 
concern.  Can somebody comment on that.

Also, concerning the PGP 2.3a/2.6/2.6ui controversy, is the only "problem" 
with 2.6 the fact that after 9/1/94 it will start reporting an incompatible 
version number that will make its output unreadable by older versions?  If 
so, and if source code is available, why couldn't the date checking routine 
be located in the source code and simply commented out, then the whole 
thing recompiled?

                                --





From merriman at metronet.com  Sun Jul  3 21:33:07 1994
From: merriman at metronet.com (David Merriman)
Date: Sun, 3 Jul 94 21:33:07 PDT
Subject: Remailers
Message-ID: <199407040433.AA17963@metronet.com>


Grady Ward, over on alt.security.pgp/sci.crypt posted a little something
to the effect (I'm paraphrasing, here) that sending a couple meg of random
noise/bytes to an out-of-U.S. person/site would probably be a Good Thing
To Do.  The idea is that if each of us were to send out something like an
encrypted list of insults/profanity/noise, then the occasional *real*
message/file wouldn't stand out so much (plus have the added benefit of
screwing with the system in general). I realize that this is just fundamental
traffic analysis, but going through the list of remailers I've got, I could
see only a single non-U.S. (or at least, clearly identifiable as such) site.

Would it be completely out of line to ask if any of our non-US/Canada (or
Canada/US, if you prefer :-) subscribers would make available some kind of
Email drop to facilitate such activity?  It wouldn't have to be terribly
responsive, I wouldn't think - simply redirecting the appropriately
addressed mail to the bitbucket would be fine for the most part.  The
Really Motivated might take the file, rotate it left or right a bit, and
XOR it with the original of itself and send it back in some variable number
of chunks (or multiplied by 1/2 pi, or.....  anyway, you get the idea).

Incidental question: do the anon remailers do anything to erase any 
'ghost' images of data that has gone through them?  I mean, after they've
forwarded a message, do they do anything like wipe the scratch files, or
overwrite them with random data, or some similar bit-scrambling?  Or is
the traffic high enough that such measures don't have to be specifically
invoked?

Dave Merriman
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PGP Public Key Fingerprint for David K. Merriman <merriman at metronet.com>
PGP 2.6ui fingerprint  =  1E 97 E6 0F E0 EA D8 FE  0E C3 DC A7 F9 A5 06 66 





From jpb at gate.net  Sun Jul  3 21:35:25 1994
From: jpb at gate.net (Joseph Block)
Date: Sun, 3 Jul 94 21:35:25 PDT
Subject: Pass Phrase Clarification
In-Reply-To: <9407040315.AA00976@toad.com>
Message-ID: <199407040435.AAA44488@inca.gate.net>


Re:
> 
> > If I pick a verse of a song that makes it easy to remember.
> 
> Aaaaaaagh!

Eli, what I mean is, say you are using the stanza

Can we film the operation,
Is the head dead yet?
Get the widow on the set,
give us dirty laundry

as a mnemonic.

The pass phrase becomes cwftoithdygtwotsgudl
If you pick a simple modification like add 1 to the first letter, 2 the second,
3 to the third, and then repeat (123123) you get a pass phrase of
dyiuqlujgziwxqwtixen.  Throw in some numbers and you should get a decently
random pass phrase that is easy to remember.

If you're really paranoid, pick two phrases from different books and use words
from both to compute the phrase.

Hardly a major security risk if you pick something obscure.

jpb at gate.net




From warlord at MIT.EDU  Sun Jul  3 21:42:57 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Sun, 3 Jul 94 21:42:57 PDT
Subject: No Subject
In-Reply-To: <9407040349.AA14174@ds1.wu-wien.ac.at>
Message-ID: <9407040442.AA16557@deathtongue.MIT.EDU>


> I seem to remember reading somewhere that using PGP to encrypt a message 
> for multiple recipients (in the same output file) somehow made 
> cryptanalysis easier, but I don't seem to recall the rationale behind that 
> concern.  Can somebody comment on that.

This is incorrect.  There is a possible security problem with *pure*
RSA, but PGP does not use pure RSA.  When you encrypt to multiple
recipients in PGP (and you can verify this by reading the code), you
choose a random IDEA session key, and then you RSA-encrypt that key
(with random-data padding) in each public key, changing the random
padding with each encryption.

> Also, concerning the PGP 2.3a/2.6/2.6ui controversy, is the only "problem" 
> with 2.6 the fact that after 9/1/94 it will start reporting an incompatible 
> version number that will make its output unreadable by older versions?  If 
> so, and if source code is available, why couldn't the date checking routine 
> be located in the source code and simply commented out, then the whole 
> thing recompiled?

No can do; this would validate the MIT license on the code.  The
change, about which you can obtain via anonymous ftp even if you are
not in the US, is that the data-packet version number will change from
'2' to '3' on september 1st, rendering older versions unable to read
the data after 1 September.

Hope this helps

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord at MIT.EDU    PP-ASEL     N1NWH    PGP key available





From ebrandt at jarthur.cs.hmc.edu  Sun Jul  3 21:52:58 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sun, 3 Jul 94 21:52:58 PDT
Subject: Pass Phrase Clarification
In-Reply-To: <199407040435.AAA44488@inca.gate.net>
Message-ID: <9407040452.AA02228@toad.com>


> Hardly a major security risk if you pick something obscure.

Obscurity is no substitute for strong random numbers...  You can
pick your passphrases however you want, but I hope they're not
ftpable from ftp.uwp.edu.

   Eli   ebrandt at hmc.edu






From root%pig.jjm.com%jjmhome.jjm.com at jjmhome  Sun Jul  3 22:00:27 1994
From: root%pig.jjm.com%jjmhome.jjm.com at jjmhome (0000-Super User0000)
Date: Sun, 3 Jul 94 22:00:27 PDT
Subject: TEMPEST jamming possible?
In-Reply-To: <Pine.3.89.9407032026.B13473-0100000@id1.indirect.com>
Message-ID: <9407040458.AA04284@pig.jjm.com>


> 
> On Sun, 3 Jul 1994, Jeff Gostin wrote:
> 
> Or could it be possible to put out enough 'garbage' radiation to throw 
> them off? it seems to me that if you knew which frequencies to use, you 
> could blast out cryptographicly random white radio noise which would make 
> it imposible to determine what was 'good stuff'. Basicly the concept is 
> to encrypt all of your wasted radiation with a one-time pad, and throw 
> away the keys.

	Yes you can jam TEMPEST detection systems.   Since many of them
use correlation detection technology to extract weak repetitive signals
from uncorrellated hash, you had better radiate coherent garbage
rather than just lots of noise, since the processing gain of the coherence
can be rather large (tens of db or more).

						Dave Emery







From nobody at soda.berkeley.edu  Sun Jul  3 22:12:27 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Sun, 3 Jul 94 22:12:27 PDT
Subject: Happy Birthday, Comrades
Message-ID: <199407040512.WAA19021@soda.berkeley.edu>



 
Happy Birthday USA.
 
On your 218th birthday, you should be proud of yourself. As a leading
power in the world, you're certainly leading by example.
 
Once upon a time, you were a shining example of truth, hope and diligence.
Now you've become a vision of deception, state-rule and 21st century
socialism.
 
The United States Government's vision of Digital Telephony and
Skipjack powers are historical, yet laughable.
 
P.T. Barnum would be amazed.
 
Your fear of the digital future is real -- it cannot be controlled by
governments, corporate mongerers, nor super-secretive organized
intelligensia.The digital landscape cannot be shaped or legislated; the
thought is mere folly.
 
Happy Birthday USA.
 
 
- Cyber Denizen number 1
 


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%ES^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%&A[UZ`_A(M=9BSFS!;6=
M@!L`9>H>\/$$WU)F&K/ANMBP7</'S^)^S(V$RR!1GXI`Z&IL8["=,"`'+8T]
$H,-SD```
====Encrypted-Sender-End====





From Richard.Johnson at Colorado.EDU  Mon Jul  4 00:37:21 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Mon, 4 Jul 94 00:37:21 PDT
Subject: PGP 2.6 legal_kludge
Message-ID: <199407040738.BAA12513@spot.Colorado.EDU>


  nobody wrote:

> Also, concerning the PGP 2.3a/2.6/2.6ui controversy, is the only "problem"
> with 2.6 the fact that after 9/1/94 it will start reporting an incompatible
> version number that will make its output unreadable by older versions?  If
> so, and if source code is available, why couldn't the date checking routine
> be located in the source code and simply commented out, then the whole
> thing recompiled?

Because the license prohibits nuking the "legal_kludge".  You wouldn't
want to violate the MIT PGP 2.6 license, now would you. ;-)


Rich






From tcmay at netcom.com  Mon Jul  4 00:57:06 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 4 Jul 94 00:57:06 PDT
Subject: (fwd) Re: PGP Pass Phrase Security
Message-ID: <199407040733.AAA06269@netcom.netcom.com>



I thought this FAQ from Grady Ward (sometimes on our list, sometimes not)
might fit with the discussion of password and passphrase security.

There's a lot of crunching needed to determine if a selected passphrase has
enough entropy. (And to some extent, it is not computable to determine if a
string has entropy L, as a sufficiently clever attacker may realize a
seemingly complex string actually is much simpler, more predictable, lower
entropy than other analyses might suggest.)

As others have said, using these sources for passphrases is a Bad Idea:

- phrases from popular songs (and several levels of permutations)
- famous quotes (and permutations, e.g, "Four scored but seven didn't" is
not a very good passphrase, in comparison with "Fully weaSSel lampshop
3856fq3")
- lines from novels, television

These all have much less entropy than the "shocking nonsense" that many
recommend. Memorizing good passphrases is expected to be hard. Personal
information leaks bits. Finding personal information that is meaningful to
one, but has not been revealed to others (or included in databases) is
tough.

Anyway, here is Grady's FAQ on this:


PASSPHRASE FAQ
V. 1.0    1 November 1993


'"PGP," warns Dorothy Denning, a Georgetown University professor
who has worked closely with the National Security Agency, "could
potentially become a widespread problem.'  -- (E. Dexheimer)


Comments to: Grady Ward, grady at netcom.com
Contributors:
John Kelsey, c445585 at mizzou1.missouri.edu (Appendix A.)
RSA Data Security (Appendix C. The MD5 Algorithm)
Jim Gillogly (Appendix D. The Secure Hash Algorithm)


FAQ: How do I choose a good password or phrase?

ANS: Shocking nonsense makes the most sense

        With the intrinsic strength of some of the modern
encryption, authentication, and message digest algorithms such as
RSA, MD5, SHS and IDEA the user password or phrase is becoming
more and more the focus of vulnerability.

        For example, Deputy Ponder with the Los Angeles County
Sheriff's Department admitted in early 1993 that both they and the
FBI despaired of breaking the PGP 1.0 system except through a
successful dictionary attack (trying many possible passwords or
phrases from lists of probable choices and their variations)
rather than "breaking" the underlying cryptographic algorithm
mathematically.

        The fundamental reason why attacking or trying to guess the
user's password or phrase will increasingly be the focus of
cryptanalysis is that the user's choice of password may represent
a much simpler cryptographic key than optimal for the encryption
algorithm being used. This weakness of the user's password choice
provides the potential cryptanalytic wedge.

        For example, suppose a user chooses the password 'david.' On
the surface the entropy of this key (or the number of different
equiprobable key states) appears to be five characters chosen from
a set of twenty-six with replacements: 26^5 or 1.188 x 10^7. But
since the user is apparently biased toward common given names,
which a majority appear in lists numbering only 6,000-7,000
entries, the true entropy is undoubtedly much closer to 6.5 x
10^3, or about four orders of magnitude smaller than the raw
length might suggest. (In fact this password probably possesses a
much smaller entropy than even this for the very common name
"david" would be one of the first names to be checked by an
optimized dictionary attack program.)

        In other words the "entropy" of a keyspace is not a fixed
physical quantity: the cryptanalyst can exploit whole cultural
biases and contexts, not just byte frequencies, digraphs, or even
whole-word correlations to reduce the key space he or she is
trying to explore.

        To thwart this avenue of attack we would like to discover a
method of selecting passwords or phrases that have at least as
many bits of entropy (or "hard-to-guessness") as the entropy of
the cryptographic key of the underlying algorithm being used.

        To compare, DES (Data Encryption Standard) is believed to
have about 54-55 bits (~4 x 10 ^16) of entropy while the IDEA
algorithm is believed to have about 128 bits (~3.5 x 10^38) of
entropy. The closer the entropy of the user's password or phrase
is to the intrinsic entropy of the cryptographic key of the
underlying algorithm being used, the more likely an attacker would
need to search a substantially larger portion of the algorithm's
key space in order to rediscover the key.

        Unfortunately many documents suggest choosing passwords or
phrases that are distinctly inferior to the latest method. For
example, one white paper widely archived on the internet suggests
selecting an original password by constructing an acronym from a
popular song lyric or from a line of script from, for example, the
SF movie "Star Wars". Both of these ideas turn out to be weak
because both the entire script to Stars Wars and entire sets of
song lyrics to thousands of popular songs are available on-line to
everyone and, in some cases, are already embedded into "crack"
dictionary attack programs (See ftp.uwp.edu).

        However, the conflict between choosing an easy-to-remember
key and choosing a key with a high level of entropy is not a
hopeless task if we exploit mnemonic devices that have been used
for a long time outside the field of cryptography. With the goal
of making up a passphrase not included in any existing corpus yet
very easy to remember, an effective technique is one known as
"shocking nonsense."

        "Shocking nonsense" means to make up a short phrase or
sentence that is both nonsensical and shocking in the culture of
the user, that is, it contains grossly obscene, racist, impossible
or other extreme juxtaposition of ideas. This technique is
permissable because the passphrase, by its nature, is never
revealed to anyone with sensibilities to be offended.

        Shocking nonsense is unlikely to be duplicated anywhere
because it does not describe a matter-of-fact that could be
accidentally rediscovered by anyone else and the emotional
evocation makes it difficult for the creator to forget. A mild
example of such shocking nonsense might be: "mollusks peck my
galloping genitals ." The reader can undoubtedly make up many far
more shocking or entertaining examples for himself or herself.

        Even relatively short phrases offer acceptable entropy
because the far larger "alphabet" pool of word symbols that may be
chosen than the 26 characters that form the Roman alphabet. Even
choosing from a vocabulary of a few thousand words a five word
phrase might have on the order of 58 to 60 bits of entropy -- more
than what is needed for the DES algorithm, for example.

        When you are permitted to use passphrases of arbitrary
length (in PGP for example) it is not necessary to further perturb
your 'shocking nonsense' passphrase to include numbers or special
symbols because the pool of word choices is already very high. Not
needing those special symbols or numbers (that are not
intrinsically meaningful) makes the shocking nonsense passphrase
that much easier to remember.

        If you are forced to use, say, a Unix password utility that
permits only passwords of restricted length, one good strategy is
to process a your secret passphrase using MD5 or SHA, then
UUENCODE the result and select your shorter key from the output.
See Appendix C and D for actual MD5 and SHA source implmentations.


Appendix A.  For software developers

        For software developers designing "front-ends" or user
interfaces to conventional short-password applications, very good
results will come from permitting the user arbitrary length
passphrases that are then "crunched" or processed using a strong
digest algorithm such as the 160-bit SHS (Secure Hash Standard) or
the 128-bit MD5 (Message Digest rev.5).[See following Appendices]
The interface program then chooses the appropriate number of bits
from the digest and supplies them to the engine enforcing a short
password. This 'key crunching' technique will assure the developer
that even the short password key space will have a far greater
opportunity of being fully exploited by the user.

   John Kelsey writes:
        "I think it's a really good idea to use a randomly-generated
salt to generate a key from a password, and that this salt should
be as large as possible. Basically, this is to keep an attacker
from spending lots of computer power *once* to generate a
dictionary of likely keys.  If users use good techniques to choose
passwords, this won't matter much, but if they don't, this may
save them from having their encrypted files or transmissions
routinely read.  The simplest scheme I can see for this is simply
to prepend a 128-bit salt (generated as strongly as possible) to
each encrypted file.  Generate the key from the password by pre-
filling a buffer with the 128-bit salt, then XORing in the keyed-
in password, or by appending the key to the keyed-in password.
Then, run SHA or MD5 or whatever to get the key.
   A secondary point:  Adding a random salt ensures that people
who use the same password/passphrase for lots of
files/transmissions don't get the same key every time.  Since most
successful attacks against modern encryption schemes use *lots* of
ciphertext from the same key, this might add some practical
security, at relatively low cost."
   --John Kelsey, c445585 at mizzou1.missouri.edu


Appendix B. A tool to experimentally investigate entropy

        A practical Unix tool for investigating the entropy of
typical user keys can be found in Wu and Manber's 'agrep'
(approximate grep) similarity pattern matching tool available in C
source from cs.arizona.edu [192.12.69.5]. This tool can determine
the "edit distance," that is, the number of insertions,
substitutions, or deletions that would be required of an arbitrary
pattern in order for it to match any of a large corpus of words or
phrases, say the usr/dict word list, or over the set of Star Trek
trivia archives. The user can then adjust the pattern to give an
arbitrary high threshold difference between it and common words
and phrases in the corpus to make crack programs that
systematically vary known strings less likely to succeed. It is
often surprising to discover that a substring pattern like
"hxirtes" is only of edit distance two from as many as forty
separate words ranging from "bushfires" to "whitest." Certainly no
password or phrase ought to be chosen as a working password or
phrase that is within two or fewer edit distance from a known
string or substring in any on-line collection.



Appendix C. & D. not included for bandwidth reasons

--
Grady Ward       |  For information and free samples on | "Look!"
grady at netcom.com |  royalty-free Moby natural language  |  -- Madame Sosostris
+1 707 826 7715  |  development core rules, run:        |     A91F2740531E6801
(voice/24hr FAX) |  finger grady at netcom.com             |     5B117D084B916B27


..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From kentborg at world.std.com  Mon Jul  4 02:11:07 1994
From: kentborg at world.std.com (Kent Borg)
Date: Mon, 4 Jul 94 02:11:07 PDT
Subject: Pass Phrases
Message-ID: <199407040913.AA16672@world.std.com>


jpb at gate.net writes:
>I just pick a sentence and...If you feel paranoid...

Allow me to take back all I said about my difficulty in finding good
passwords.  I can make up plenty difficult passphrases, and I can even
type them blindly.


What worries me is that *others* will not be as wonderfully smart and
clever as am I.


Most persons in in the modern world already have to remember several
"passwords", most of them being PINs.  Large numbers of persons in the
modern world also use some sort of computer that also requires a
password.  Many of these people are even allowed to choose their own
passwords.

The resulting security is *terrible*.  People pick terrible passwords,
just read one of the papers on dictionary attacks on /etc/passwd.

There are two general approaches to this problem: 1) Lecture on the
importance of picking good passwords.  2) Slow down the testing of the
poor passwords people do pick.  

Wait, there is a third approach: ignore the problem!  Pat ourselves on
the back for choosing (and being able to type) passphrases with maybe
40-bits of entropy in them.  

Sorry folks, the best way to make your 40-bits secure is to force the
TLAs to crack *everyone's* keyrings, try to make them all a bit more
secure.

It seems to me doing what we can to slow down the testing of passwords
is a good idea.  Of course keeping encrypted private keys out of
circulation is a good idea, but that does not mean there is nothing
else to be done.


-kb, the Kent who can get annoying


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From bart at netcom.com  Mon Jul  4 03:30:27 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Mon, 4 Jul 94 03:30:27 PDT
Subject: (fwd) Cryptologist needed
Message-ID: <199407041033.DAA13286@netcom2.netcom.com>


Xref: netcom.com ba.jobs.contract:7506
Newsgroups: ba.jobs.contract
Path: netcom.com!dberg
From: dberg at netcom.com (Dave Berg)
Subject: Cryptologist needed
Message-ID: <dbergCsDo22.AJ8 at netcom.com>
Summary: Help need decrypting application software's data
Keywords: DOS decryption
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Sun, 3 Jul 1994 18:44:26 GMT
Lines: 10

A friend has asked me to try and find someone who can solve a difficult
problem.  They have some data which has been encrypted by some
unscrupulous parties.  The data is used by an application which
runs under MS-DOS.  They're willing to pay for someone's time to
retrieve the data as it would be useful for actions they have pending.

Anyone out there who can help?  I could probably do it myself if I
knew of any available decryption software which can run under DOS.

Thanks for your attention.





From edgar at spectrx.sbay.org  Mon Jul  4 04:11:53 1994
From: edgar at spectrx.sbay.org (Edgar W. Swank)
Date: Mon, 4 Jul 94 04:11:53 PDT
Subject: Lotto odds
Message-ID: <sBRXoc2w165w@spectrx.sbay.org>


My thanks to Tim for his comments on my post:

    > Tim May said,
    >
    >     ...As for lotto, simple calculations tell anyone that the best way
    >     to win is not to play.  The return _at best_ is 30 or 40 cents on
    >     the dollar, with the rest going to all the various programs the
    >     lotto is supposed to support.  The more you play, the more you
    >     lose.
    >
    > Actually, if memory serves, the CA Lotto claims to return 50% of
    > income in prizes with the remainder divided between schools and

    Maybe, but the state has a wonderful scam of paying off a "5 million
    dollar jackpot" over 20 years; the true value (what the same deal
    would cost you to buy as an annuity) is less than $5 M, possibly much
    less. If private outfits did this, they'd be jailed.

Yes, but the return is still 50%.

    > "administration."  Better than 30-40, but still worse than odds on any
    > casino game or even the "numbers racket" run by organized crime.
                  ^^^^^^^
    "Or even"? The numbers games almost always have much better odds than
    the State pays...that's one reason for their popularity (another is
    tax avoidance).

I've never played the numbers game myself, but I've heard that the
payoff is 600-to-1 on a 1000-to-1 bet.  That's a 60% payout, compared
to the lottery's 50%, hardly "much" better.  Compare to casino games;
Keno, 80%; Slots, 90%+; Roulette, 95%; Craps, 99%.

    > Calculation of "x" is not "simple", since you also have to figure in
    > the 20-year (with no interest) payout of large prizes.

    Oh, I see you mentioned this scam. (Calculation should still be
    simple, as any spreadsheet can handle discounted present values and
    the like.)

Not simple for me.  If it's simple for you (or anyone reading this) I
would be interested in the results of the calculation.  Recall "x" is
either the number of times the jackpot must be passed or the nominal
value of the grand prize for which there is a positive return for the
player (assume no prize split).  You might work this out for time
values of money of 5-10-15% per annum.

    I've never played, and never plan to. Money down the drain.

I rarely play (have never won).  My wife (an ethnic Chinese) plays
weekly in a "pool" where she works.  She plays on her own when she
sees a good "omen", like finding dog shit in front of her house(!?).

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From Stu at nemesis.wimsey.com  Mon Jul  4 04:37:33 1994
From: Stu at nemesis.wimsey.com (Stuart Smith)
Date: Mon, 4 Jul 94 04:37:33 PDT
Subject: (FWD) WHAT MOTIVATES FORWARDERS?
In-Reply-To: <Pine.3.87.9407010826.A503-0100000@crl.crl.com>
Message-ID: <2e16e391.nemesis@nemesis.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.3.87.9407010826.A503-0100000 at crl.crl.com> you write:
>Well, I for one like to see forwarded stuff.  I have no desire to chase 
>down likely references.  Maybe I'm lazy for letting others filter stuff 
>for me, or maybe you're lazy for not hitting "D".  Quien sabe?

... maybe I don't like paying for 20 copies of the EFF press
release coming down my UUCP link?

Just a thought...

Perhaps the EFF people would like to include a little header in
their releases explaining the groups/lists which already
receive the text automatically and explain the concept of
reference pointers.

- --
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhbxm6i5iP4JtEWBAQHKHgQAjjBhIB6Gy4IaLXsw8rZXo0a+ex0dKuG4
/TyEdxiDvGaDmKx05Hol6+3lUU0iWd8Pv9rmFm2BgfXYl/H5KTr9TuHyHHtYo5b4
EeFAPhQIGfWLO+Y5zdXRSpzc25AKhF19yXkKws7e6C0Ot4IBpPCnWcoxvWNTgxUy
edNyrbaYAEU=
=H2+k
-----END PGP SIGNATURE-----





From Stu at nemesis.wimsey.com  Mon Jul  4 04:37:35 1994
From: Stu at nemesis.wimsey.com (Stuart Smith)
Date: Mon, 4 Jul 94 04:37:35 PDT
Subject: Password Difficulties
In-Reply-To: <199407020841.AA23083@world.std.com>
Message-ID: <2e16ea88.nemesis@nemesis.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

In article <199407020841.AA23083 at world.std.com> you write:
>Back to a rephrasing of my original question: should programs like PGP
>super-duper encrypt the private key (and remove those hints poeple
>have mentioned recently) as a way of slowing down brute-force attacks?

In general, multiple encryption does not signifigantly increase
security.  Just for starters, we don't know if IDEA is a group..
If it is, you can encrypt all you want and you won't get one
extra bit of security.  Trying to analyse just *one*
cryptosystem or algorithm for security holes and information
leaks is hard enough - trying to analyse the interaction between
several layers of said algorithm or even between different
algorithms seems harder and lacking in promise.  Of course you
could view this as defence of multiple-encryption: "if there
*is* some weird interaction that reveals my key when you xor the
secret-key file with any Nick Danger script, no one will ever
discover it because it will be too hard"  but this strikes me as
the security through obscurity myth.

You can't get something for nothing.  With a 12 bit pass phrase,
you have 12 bits of security - I don't see any known way to
increase this without increasing the pass phrase length.

I haven't looked into this alot, but I wonder how the approach
used with many unix passwd utilities would fare?  For instance,
checking password/phrase crackability if you will - comparing
against a dictionary, measuring entropy or just plain not
accepting pass phrases shorter than x.  Also, many passwd utils
will generate "pronouncable" random text.  Perhaps with several
short words generated thusly would get you the entropy you need.

Thoughts?

- --
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhb4kKi5iP4JtEWBAQGjyQP7BIFaiEGEbAs3JFMCL/A/NBn5GIqB1XqK
KZwlKHixqDhG3TaqrxTIbe5e6/rKGnYz8ct2ETq3BZMucSuv4nFwizXxlw8Ra9zO
IWCbre0j2A/wOEd2mLksov1cnJdwVDYQ2XIyTvV55J2ajIxiu4rIA0ErOIEE2sH0
dn2R9K9A6qU=
=tFK0
-----END PGP SIGNATURE-----





From Rolf.Michelsen at delab.sintef.no  Mon Jul  4 05:10:08 1994
From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen)
Date: Mon, 4 Jul 94 05:10:08 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <m0qJvy4-0002FgC@chinet>
Message-ID: <Pine.3.88.9407041313.B8036-0100000-0100000-0100000-0100000@svme.er.sintef.no>


On Fri, 1 Jul 1994, Bruce Schneier wrote:

>      Synthesis of Public-Key Algorithms:  There are a lot of
> public-key digital signature algorithms in the literature based
> on the problem of taking discrete logarithms in a finite field: 
> ElGamal, Schnorr, and the Digital Signature Standard (DSS) are
> three examples.  Nyberg and Rueppel presented a paper which
> unified all of these algorithms (108 in total) into one unified
> family.  They also showed how to do encryption with all of them. 

Hrm...  As far as I recall they showed how to do _message_recovery_ (not 
encryption) with the discrete log signature functions.  Message recovery 
and encryption are two quite different things for assymetric schemes such as 
the discrete log ones (as opposed to RSA).  Correct me if I'm wrong...

>      Visual Cryptography:  Shamir developed a one-time-pad
> cryptosystem that is suitable for encrypting visual images.  The
> key is a pattern of black and white pixels on a transparency; the
> ciphertext is another pattern of black and white pixels.  Overlay
> the key on the ciphertext and the message appears.  This is
> unconditionally secure; even alien civilizations with undreamed-
> of computing power cannot break this cryptosystem.  Applications
> include sending an encrypted message via fax: the receiver can
> carry the key transparency with him and can receive the encrypted
> fax from an insecure machine.  Cool stuff.

Yea, cool stuff, especially if the fax doesen't shrink the transmitted 
picture :-)  This is also great for demonstrating crypto to newbies by 
showing that noise+noise=picture.

-- Rolf



----------------------------------------------------------------------
Rolf Michelsen                           "Standards are wonderful --     
Email: rolf.michelsen at delab.sintef.no      everyone should have one"
Phone: +47 73 59 87 33                       -- Ancient FORTH proverb
----------------------------------------------------------------------







From jgostin at eternal.pha.pa.us  Mon Jul  4 06:48:52 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Mon, 4 Jul 94 06:48:52 PDT
Subject: TEMPEST Jamming
Message-ID: <940704021615t5Wjgostin@eternal.pha.pa.us>


root%pig.jjm.com%jjmhome.jjm.com at jjmhome.toad.com (0000-Super User(0000))
writes:

>> On Sun, 3 Jul 1994, Jeff Gostin wrote:
     I most certainly did _NOT_. Someone followed-up to what I wrote. He
wrote it.

                                        --Jeff





From jpb at gate.net  Mon Jul  4 07:34:04 1994
From: jpb at gate.net (Joseph Block)
Date: Mon, 4 Jul 94 07:34:04 PDT
Subject: PGP 2.6 legal_kludge
In-Reply-To: <199407040738.BAA12513@spot.Colorado.EDU>
Message-ID: <199407041437.KAA102769@inca.gate.net>


Re:
> > Also, concerning the PGP 2.3a/2.6/2.6ui controversy, is the only "problem"
> > with 2.6 the fact that after 9/1/94 it will start reporting an incompatible
> > version number that will make its output unreadable by older versions?  If
> > so, and if source code is available, why couldn't the date checking routine
> > be located in the source code and simply commented out, then the whole
> > thing recompiled?

So what stops someone from patching 2.3?  Since 2.3 is already allegedly in
violation, why not just make it compatible with 2.6?

jpb at gate.net




From sommerfeld at orchard.medford.ma.us  Mon Jul  4 07:36:26 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Mon, 4 Jul 94 07:36:26 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <Pine.3.88.9407041313.B8036-0100000-0100000-0100000-0100000@svme.er.sintef.no>
Message-ID: <199407041435.KAA00391@orchard.medford.ma.us>


   > Applications include sending an encrypted message via fax: the
   > receiver can carry the key transparency with him and can receive
   > the encrypted fax from an insecure machine.  Cool stuff.

   Yea, cool stuff, especially if the fax doesen't shrink the transmitted 
   picture :-)  

Shamir's comment on this at his talk at MIT was that the accuracy of a
fax machine in the horizontal direction was much better than the
accuracy in the vertical direction.  If the visually encrypted
document is a text file, you can adjust it so that it's correctly
registered for a few lines, read those lines, slide the key
transparancy by a small fraction of an inch, read the next few lines,
and repeat until you're done with the message.

							- Bill






From jpb at gate.net  Mon Jul  4 07:48:05 1994
From: jpb at gate.net (Joseph Block)
Date: Mon, 4 Jul 94 07:48:05 PDT
Subject: Pass Phrases
Message-ID: <199407041451.KAA56206@inca.gate.net>


Maybe I'm just being a little dense about this.

If I am the only person who knows what pair of texts I'm using and what
permutation algorithm, and what the random number I'm going to salt the
pass phrase with, and where I'm going to put the random digits, how is it
insecure?

Say I use the following two key phrases

The Quick Brown Fox Jumps Over The Lazy Dog
Oh Be A Fine Girl Kiss Me

I decide my method is going to be first letter of each word of the first
phrase, last letter of each word of the second phrase

I get

THQEBAFLJSOMTHLEDA

I then throw in 1701 as follows

1701THQ1EBA7FLJ0SOM1THL1EDA7

Without knowing the phrases, method, or number, what makes this insecure?

I'm not deliberately trying to be dense, I'd like to know why I shouldn't use
this sort of mnemonic method to remember the pass phrase.

jpb at gate.net




From dcwill at ee.unr.edu  Mon Jul  4 08:18:47 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Mon, 4 Jul 94 08:18:47 PDT
Subject: Pass Phrases
In-Reply-To: <199407041451.KAA56206@inca.gate.net>
Message-ID: <9407041521.AA02775@solstice>


> 
> Say I use the following two key phrases
> 
> The Quick Brown Fox Jumps Over The Lazy Dog
> Oh Be A Fine Girl Kiss Me
> 
> I decide my method is going to be first letter of each word of the first
> phrase, last letter of each word of the second phrase
> 
> I get
> 
> THQEBAFLJSOMTHLEDA

Really? How about

  THQEBAFEJLOSTELHDE

> 
> I'm not deliberately trying to be dense, I'd like to know why I shouldn't use
> this sort of mnemonic method to remember the pass phrase.

Maybe it's not really an effective mnemonic after all? Somebody's .sig file
says "one man's mnemonic is another man's crypto." Can you really type this
from memory using the key phrases without writing them down?

(Based on your first attempt, some would say "apparently not".)  ;-)

=D.C. Williams

> 
> jpb at gate.net
> 






From nobody at shell.portal.com  Mon Jul  4 08:51:04 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Mon, 4 Jul 94 08:51:04 PDT
Subject: No Subject
Message-ID: <199407041555.IAA01229@jobe.shell.portal.com>


I have followed with interest this discussion of passphrase
"entropy".  What I'm not clear on is the effect of a hashing 
algorithm on the final entropy.  If I come up with a "random" set 
of printable characters which contain 128 bits of entropy, and 
feed them to MD5, let's say, will I still have 128 bits of 
entropy on the output?  Or do I need some sort of safety margin 
above 128 bits to "be sure"?

What's lurking in the back of my mind is this -- if you enter 
something with LESS than 128 bits, the hashing algorithm has to 
"pad" or otherwise fill in the missing bits from <somewhere>.  
Now if I have entered a phrase with EXACTLY 128 bits of entropy, 
hypothetically, is that enough to have flushed the padding or 
whatever out of the pipeline?

Can we really treat MD5 as a "magic black box", or does the 
optimal input require a knowledge of how the box works?

    .





From bryner at atlas.chem.utah.edu  Mon Jul  4 09:59:43 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 4 Jul 94 09:59:43 PDT
Subject: Pass Phrases
In-Reply-To: <9407041521.AA02775@solstice>
Message-ID: <Pine.3.89.9407041010.A6205-0100000@atlas.chem.utah.edu>


On Mon, 4 Jul 1994, D.C. Williams wrote:
> > The Quick Brown Fox Jumps Over The Lazy Dog
> > Oh Be A Fine Girl Kiss Me
Lets say you pick these from a set of books.

All this does is give you a larger dictionary, with say 10^6 vs 10^3 entries.
It could be even longer if you use fragments of sentences.

This means you will need half the number of sentences you needed words for.

Some one might be clued in by the fact that your books show considerable 
use at certain pages.

The mixing up stuff adds bits, but not that many, perhaps 10 if you 
really do a good job.

so I would say you have 10^5(4 digit number) *(10^6)^2(two sentences) 
*10^3(choosing the nth letter, or stagering) or about 10^20.

Seems ok to me, about 60 bits.

If I bust you and look at your books, though, you could be screwed.
This is not much of a concern in a reasonably free country, but....
Also, if you don't have your books, you can't get into your computer.

Roger.






From bryner at atlas.chem.utah.edu  Mon Jul  4 10:03:19 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 4 Jul 94 10:03:19 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <199407041555.IAA01229@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9407041124.A6205-0100000@atlas.chem.utah.edu>


On Mon, 4 Jul 1994 nobody at shell.portal.com wrote:
> Now if I have entered a phrase with EXACTLY 128 bits of entropy, 
> hypothetically, is that enough to have flushed the padding or 
> whatever out of the pipeline?
I have had this question also, has it been shown that the transformation 
of 128bit words through md5 is *theoretically* invertable, as if it is 
not, iterating it 1024 times could actually make you *LOOSE* entropy.
(say it was a random transformation, it would not contain each of the 128 
bit outputs, ie some inputs would map to the same output.)

I am not aware of any such result.

Roger.






From tcmay at netcom.com  Mon Jul  4 10:09:50 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 4 Jul 94 10:09:50 PDT
Subject: Pass Phrases
In-Reply-To: <199407041451.KAA56206@inca.gate.net>
Message-ID: <199407041713.KAA05267@netcom5.netcom.com>


Joseph Block writes:

> Maybe I'm just being a little dense about this.
> 
> If I am the only person who knows what pair of texts I'm using and what
> permutation algorithm, and what the random number I'm going to salt the
> pass phrase with, and where I'm going to put the random digits, how is it
> insecure?
...

> I then throw in 1701 as follows
> 
> 1701THQ1EBA7FLJ0SOM1THL1EDA7
> 
> Without knowing the phrases, method, or number, what makes this insecure?
                                                                  ^^^^^^^^^

It's not that this password is "insecure" on the face of it, it's that
the password has much less entropy than its 25 or 30 characters would
otherwise suggest. Dividing passwords into "secure" and "insecure"
is not very useful...intstead, one talks about entropy, a measure of
randomness or unpredictability.

The "structure of password space" is rich and crufty, filled with
nooks and crannies of easily-guessed (relatively) n-bit passwords in a
sea of nearly unguessable passwords. The trick is not let human
psychology lead you into picking a relatively easy to guess
passphrase. 

It may seem "really hard to guess" a password that takes the opening
lines of "Atlas Shrugged" and twiddles and salts them a bit, but
"opening line" attacks may be programmed to run in a few seconds on
the Crays that do these sorts of things. Entropy that just isn't there
can't be conjured up.

(As usual, I'm not saying this is a pressing concern. I still use an
11-character nonsense word as my password. This partly reflects my
judgement on where the attacks on my PGP use are likely to be.)


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From strick at versant.com  Mon Jul  4 10:10:25 1994
From: strick at versant.com (strick -- henry strickland)
Date: Mon, 4 Jul 94 10:10:25 PDT
Subject: recognizing what you've read before
In-Reply-To: <2e16e391.nemesis@nemesis.wimsey.com>
Message-ID: <9407041716.AA27191@versant.com>


# Perhaps the EFF people would like to include a little header in
# their releases explaining the groups/lists which already
# receive the text automatically and explain the concept of

I've thought about automating this from the user end.

Define some characteristic signature for a paragraph, and some
way to recognize one inside a text file.

Here's my best approach.  Only pay attention to the letters and
numbers [A-Za-z0-9].   Treat everything else as white space.
Use some kind of hashing or checksum to digest the body of
a paragraph.  Ignoring punctuation and newlines lets you recognize 
a paragraph even if it is quoted or re-fmt'ed.

Define paragraphs to recognize two different formats:

	1.  Lines with letters, delimited by lines without letters.
	    That will recognize the format I've used until now,
	    which I find most readable in email.

   2.   Lines that are indented more than the previous line
begin new paragraphs.  That will recognize the paragraphs from
here on.
   3.  It would probably also help to recognize some important
things that are not paragraphs of readable text, such as uuencodes
and C source and unreadable PGP blocks.
   The idea, of course, is to keep a database of paragraph
signatures that you have seen, and probably whether or not you
bothered to read it before.  When a new message arrives, it can
be characterized like "18% new, 23% read before, 51% skipped before,
8% not text".
   You still have the problem of finding truncated paragraphs
like the one I quoted at the top of this message.
   Those could be recognized if you did lines instead of
paragraphs.  It would take some experimentation to fine tune.
   Finally, a mailing list itself could remember what has been
sent on it, and attempt to reject large messages of mostly 
redundant paragraphs.

					>strick<





From dcwill at ee.unr.edu  Mon Jul  4 10:17:12 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Mon, 4 Jul 94 10:17:12 PDT
Subject: Pass Phrases
In-Reply-To: <Pine.3.89.9407041010.A6205-0100000@atlas.chem.utah.edu>
Message-ID: <9407041720.AA02947@solstice>


> 
> On Mon, 4 Jul 1994, D.C. Williams wrote:
> > > The Quick Brown Fox Jumps Over The Lazy Dog
> > > Oh Be A Fine Girl Kiss Me

Not exactly. Note the extra >>. Mine was a reply to the original
post, where the original proposal/question was offered.

I disavow any credit for the pass phrase mnemonic proposed by Joseph
Block. I only pointed how difficult it apparently is to use.

=D.C. Williams





From sico at hacktic.nl  Mon Jul  4 10:18:07 1994
From: sico at hacktic.nl (Sico)
Date: Mon, 4 Jul 94 10:18:07 PDT
Subject: Password Difficulties
Message-ID: <433_9407041815@apsf.hacktic.nl>



Hi folks,

Saturday July 02 1994 04:00, Kent Borg wrote:

 KB> Hey folks, passwords are hard to choose!

It is indeed a problem. I hear that grady at netcom.com recently posted some
useful info on this matter somewhere on UseNet, but I can't find it. I recall
having found an interesting article sometime last year, but I lost it. In
short, it said that pass phrases and such should be "shocking nonsense". The
"shocking" element will help you remember it, and the "nonsense" element will
make it difficult for others to guess it.

 KB> It boils down to this: I can't remember as many bits as the TLAs can
 KB> crack by brute force.

My pass phrase is a couple of words long and contains deliberate misspellings
and unusual capitalization. To be able to remember it, I simply use PGP every
day, even if there's nothing to sign or decrypt. ;-)

I'm a (long time) 2-finger typist but I have no problems with echo off.

[rest deleted]

CU,  Sico.





From jgostin at eternal.pha.pa.us  Mon Jul  4 10:18:27 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Mon, 4 Jul 94 10:18:27 PDT
Subject: War of the 2.x versions!
Message-ID: <940704123455N6djgostin@eternal.pha.pa.us>


Joseph Block <jpb at gate.net> writes:

> So what stops someone from patching 2.3?  Since 2.3 is already allegedly in
> violation, why not just make it compatible with 2.6?
     Because if you did that, you wouldn't need 2.6ui. Of course, 2.6ui
uses no MIT code and doesn't use 2.3a code either. It's from scratch.
Yeah, that's the ticket.


                                                  --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From tcmay at netcom.com  Mon Jul  4 10:40:46 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 4 Jul 94 10:40:46 PDT
Subject: Logical Depth
In-Reply-To: <199407041555.IAA01229@jobe.shell.portal.com>
Message-ID: <199407041744.KAA08649@netcom5.netcom.com>


Nobody wrote:

> I have followed with interest this discussion of passphrase
> "entropy".  What I'm not clear on is the effect of a hashing 
> algorithm on the final entropy.  If I come up with a "random" set 
> of printable characters which contain 128 bits of entropy, and 
> feed them to MD5, let's say, will I still have 128 bits of 
> entropy on the output?  Or do I need some sort of safety margin 
> above 128 bits to "be sure"?
> 
> What's lurking in the back of my mind is this -- if you enter 
> something with LESS than 128 bits, the hashing algorithm has to 
> "pad" or otherwise fill in the missing bits from <somewhere>.  
> Now if I have entered a phrase with EXACTLY 128 bits of entropy, 
> hypothetically, is that enough to have flushed the padding or 
> whatever out of the pipeline?
> 
> Can we really treat MD5 as a "magic black box", or does the 
> optimal input require a knowledge of how the box works?

Consider a cellular automata...the Game of Life is a simple example it
2-D, but 1-D versions have been studied extensively.

It starts with the string: "1 0 1"

and iterates/crunches on it, producing this output:

              1 0 1
            1 1 0 1 0
          0 1 0 1 0 0 0
        0 1 1 0 0 0 1 0 1
      1 0 0 1 0 1 1 1 0 1 1

(etc.)

Now does the final string, a seemingly randomly-looking and
"high-entropy" string actually have high entropy? No, not if the
machine (CA rule set) that generated it is known.

(As an aside, encrypted strings _appear_ to have high entropy, but
generally they don't actually have this high entropy....because they
are actually fairly low entropy strings like "Frost in Brazil, buy
coffee futures today." Such strings are called "cryptoregular.")

In the above case, one can treat the machine as the key. Steven
Wienberg conjectured that cellular automata could be used for
encryption. I think it was later proved, not too surprisingly to me at
least, that his CA-based systems were formally equivalent to linear
feedback shift registers (LFSRs), which are are not very strong.

The point I want to make though is that the 3 bits started with (1 0
1) turn into 40 or 100 or whatever bits throught the process of
crunching on them. Things which give evidence of having a lot of
"history" or computation behind them are said to have high "logical
depth."

The most obvious example around us is _life_. For example, it is often
claimed by certain enthusiasts of nanotechnology that the creation of
life-like agents should be relatively easy because, for example, e.
coli "only" contains a few megabytes of code in its DNA. Since we can
make _chips_ that store this amount of code....

Aargghh! The problem is _which_ code! A few meg doesn't sound like
much, but e. coli only lives when the code is the right code, a
relatively few of the 2^1,000,000 or more sequences that are possible.
(Now that's a search space!).

Life has had several billion years and incredible numbers of
generations to find the interesting places in "DNA space." This is
what is meant by logical depth.

Back to crypto. The point "nobody" made about MD5 and the like
"padding out" the bits is a good one. There are, in a sense, no more
bits of entropy than one started with, because MD5 and similar hashes
are _deterministic_.

But an attacker must contend with the increased logical depth, which
is in some sense orthogonal to bit entropy (randomness). (If I could
draw a picture here, it would have an x-axis reprsenting bit entropy
and a y-axis representing logical depth.)

This can slow down an attack, in that the attacker probably (*) needs
to do certain computations to track this logical depth. Like requiring
someone in a contest to stop and do some computations, even if
deterministic.

I don't know of any good analyses of the cryptographic effects of
such lines of thinking.

(* I said "probably" because there's always the possibility that what
Alice thinks is an extra set of computations her hash is forcing Bob
to do is not actually needed, that Bob knows of some tricks that
allows him to bypass them. A standard crypto problem.)

Well, sorry for the long discussion. This business of logical depth is
near and dear to me, and is a part of "algorithmic information
theory," the field pioneered by Kolmogorov and Chaitin. Lots of
interesting resonances with crypto.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Mon Jul  4 10:47:14 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 4 Jul 94 10:47:14 PDT
Subject: Password Difficulties
In-Reply-To: <433_9407041815@apsf.hacktic.nl>
Message-ID: <199407041748.KAA09344@netcom5.netcom.com>



Sico writes:

> It is indeed a problem. I hear that grady at netcom.com recently posted some
> useful info on this matter somewhere on UseNet, but I can't find it. I recall
> having found an interesting article sometime last year, but I lost it. In
> short, it said that pass phrases and such should be "shocking nonsense". The
> "shocking" element will help you remember it, and the "nonsense" element will
> make it difficult for others to guess it.

I forwarded this Grady Ward FAQ to the Cypherpunks list last night.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Mon Jul  4 11:47:53 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 4 Jul 94 11:47:53 PDT
Subject: Question for PGP Gurus
Message-ID: <199407041851.LAA17276@netcom5.netcom.com>



PGP gurus, 

I don't follow the ins and outs of PGP very closely, and I can't find
anything on this directly in my archived articles.

Someone has told me that pre-MIT versions of PGP may have compromised
security because "the session key is hashed solely from the
plaintext."

Is this true? What's the significance? Is there any weakness?


Thanks,

--Tim


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From norm at netcom.com  Mon Jul  4 12:35:09 1994
From: norm at netcom.com (Norman Hardy)
Date: Mon, 4 Jul 94 12:35:09 PDT
Subject: Pass Phrases
Message-ID: <199407041939.MAA14332@netcom.netcom.com>


At 20:15 1994/07/03 -0700, Eli Brandt wrote:
>> If I pick a verse of a song that makes it easy to remember.
>
>Aaaaaaagh!
...
..
NSA must have an interesting collection of literature on line. They need
high bandwidth (but not rapid) access to it. This could be the beginning of
a new business if they ever turn their swords into plowshares. Conversely
if anyone aspires to digitize a great deal of literature I am sure that NSA
would subscribe, thus seeding a new industry. I seem to recall something
about a Midwest university beginning to digitize a large body of
literature.







From norm at netcom.com  Mon Jul  4 12:35:10 1994
From: norm at netcom.com (Norman Hardy)
Date: Mon, 4 Jul 94 12:35:10 PDT
Subject: Remailers
Message-ID: <199407041939.MAA14336@netcom.netcom.com>


At 23:33 1994/07/03 -0500, David Merriman wrote:
>Grady Ward, over on alt.security.pgp/sci.crypt posted a little something
>to the effect (I'm paraphrasing, here) that sending a couple meg of random
>noise/bytes to an out-of-U.S. person/site would probably be a Good Thing
>To Do. 
...
In the middle 70s, after Tymnet went international, I would occasionally
send a megabyte to our Paris computer in a proprietary compression format.
I do not believe that NSA spent the time to decode our format, although it
would been relatively easy for them to do so. I can only conclude that they
did not then have blanket surveillance in place, else they would have
contacted me. Both their capacity and international traffic have increased
many times. I suspect that I could do the same now.







From rfb at lehman.com  Mon Jul  4 12:49:45 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Mon, 4 Jul 94 12:49:45 PDT
Subject: Lotto odds
In-Reply-To: <sBRXoc2w165w@spectrx.sbay.org>
Message-ID: <9407041953.AA23366@fnord.lehman.com>


    From: edgar at spectrx.sbay.org (Edgar W. Swank)
    Date: Mon, 04 Jul 94 04:05:27 PDT

    My thanks to Tim for his comments on my post:
    
        Maybe, but the state has a wonderful scam of paying off a "5 million
        dollar jackpot" over 20 years; the true value (what the same deal
        would cost you to buy as an annuity) is less than $5 M, possibly much
        less. If private outfits did this, they'd be jailed.

Publisher's Clearinghouse is a private outfit which does this.
    
    Yes, but the return is still 50%.

I have no idea whether the return on California Lotto is 50%, however
if this claim ignores the discounted value of future cashflows, that
is, the fact that a dollar that you have today is worth more than a
dollar that you will receive in the future, then it is a bogus claim.
    
        > Calculation of "x" is not "simple", since you also have to figure in
        > the 20-year (with no interest) payout of large prizes.
    
        Oh, I see you mentioned this scam. (Calculation should still be
        simple, as any spreadsheet can handle discounted present values and
        the like.)
    
    Not simple for me.  If it's simple for you (or anyone reading this) I
    would be interested in the results of the calculation.  Recall "x" is
    either the number of times the jackpot must be passed or the nominal
    value of the grand prize for which there is a positive return for the
    player (assume no prize split).  You might work this out for time
    values of money of 5-10-15% per annum.

This guesswork is unnecessary as their is an active and liquid market
for future dollars.  If your maximum prize is $10MM divided into 30
annual cashflows, you can go out to the market and price comparable
securities to determine the fair market value.  In fact, if you just
won, you can go out today and sell your future cashflows for their
discounted value.

If you want to skip the bond math, you could get a reasonable ballpark
on a lower bound by looking at the prices on 30 year treasuries, as
long as you realize that you are ignoring differences in credit risk
and cashflow schedules.

			Rick





From bryner at atlas.chem.utah.edu  Mon Jul  4 12:58:06 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 4 Jul 94 12:58:06 PDT
Subject: obscurity is security (was Re: Logical Depth
In-Reply-To: <199407041744.KAA08649@netcom5.netcom.com>
Message-ID: <Pine.3.89.9407041224.A6765-0100000@atlas.chem.utah.edu>


On Mon, 4 Jul 1994, Timothy C. May wrote:
> and iterates/crunches on it, producing this output:
> 
>               1 0 1
>             1 1 0 1 0
>           0 1 0 1 0 0 0
>         0 1 1 0 0 0 1 0 1
>       1 0 0 1 0 1 1 1 0 1 1
The ALGORITHIM also contains information.  If the ALGORITHIM is part of a 
secret key, so much the better.  To say exactly how much information an 
algorithim contains is, to say the least, formatable.  In the case of 
functions, it is simple.

Lets put the question to addition, how much entropy does + have when 
applied to bits.?

Roger, Mad Dog, Bryner.





From blancw at microsoft.com  Mon Jul  4 13:23:56 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 4 Jul 94 13:23:56 PDT
Subject: ACAPULCO H.E.A.T.
Message-ID: <9407041930.AA01237@netmail2.microsoft.com>


From: Sandy Sandfort

Gooder News:	Lots of shots of Alison Armitage in swim suits.
........................................

Oh, good.  I feel safer now.


Blanc








From jgostin at eternal.pha.pa.us  Mon Jul  4 13:45:58 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Mon, 4 Jul 94 13:45:58 PDT
Subject: (None)
Message-ID: <940704161337h9Gjgostin@eternal.pha.pa.us>


Joseph Block <jpb at gate.net> writes:

> 1701THQ1EBA7FLJ0SOM1THL1EDA7
> Without knowing the phrases, method, or number, what makes this insecure?
> I'm not deliberately trying to be dense, I'd like to know why I shouldn't use
> this sort of mnemonic method to remember the pass phrase.

     _Essentially_, you have a random string of text. Mind you, it's not
statistically, nor cryptographically, random, but it's something that no
PERSON would guess. If you are trying to get something to keep PEOPLE out,
you've picked a nice one. If, OTOH, you're trying to get something to keep
HACKERS/MACHINES out, you've got a somewhat time consuming one. Does that
answer your question? :-)

                                   --jeff

--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From davehart at eskimo.com  Mon Jul  4 13:51:06 1994
From: davehart at eskimo.com (Dave Hart)
Date: Mon, 4 Jul 94 13:51:06 PDT
Subject: Detweiler clone at WSJ
In-Reply-To: <9407011202.AA16143@snark.imsi.com>
Message-ID: <Pine.3.89.9407041358.A24267-0100000@eskimo.com>




> > The drumbeat against all those anonymous pedophiles continues....
> > _Wall Street Journal_, 6/30/94
> > PERSONAL TECHNOLOGY by Walter S. Mossberg
> > "Keeping Your Kids Away From Creeps As They Play Online"

Does anyone have Mossberg's email address?  I tried to guess a hostname, 
but wsj.com, dowjones.com and dj.com all do not exist.

I'd like to suggest a couple of things to Mossberg to go along with his 
ban on anonymity:

1)  Mandatory Caller ID.  Not Calling Number ID, but Caller ID, where all 
new phones sold after January 1, 1995 are required to have a smart-card 
reader which verifies the identity of the caller and transmits that to 
the called party.

2)  Mandatory licensing of print media, from photocopied fliers to 
scholarly journals.  Licensed publications would agree to accept material 
for publication only when accompanied by either a notarized statement of 
identity or a digital signature from the same smart-card used for #1.

3)  And, of course, to stamp out anonymity in face-to-face encounters, 
all subjects would be required to carry their smart-card at all times and 
present it upon demand by anyone.

There!  That should protect us from all the creeps in the world.  Of 
course, there will be a few anarchist crybabies who will call these 
measures fascist, and a few victims of the new openess, but this is a 
small price to pay for the protection of our children from all the freaks 
and motherfuckers of the world.

--- davehart at eskimo.com





From rarachel at prism.poly.edu  Mon Jul  4 14:19:17 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 4 Jul 94 14:19:17 PDT
Subject: PC Expo summary!!
In-Reply-To: <199407040019.AA27737@panix.com>
Message-ID: <9407042111.AA20620@prism.poly.edu>


> Just for the record: I discussed the transcript with RAR (though I didn't
> see it) before he posted it.  I made it clear that anything he did with it
> was OK with me.  The "copyright" issue is funny: Personally, I generally
> anti-copyright things like that.  I didn't even notice the "copyright" when
> I quickly skimmed the transcript (which is all I've had time to do--just
> checking to see whether I'd made any obviously bone-headed statements).  I
> assume it was meant kind of tongue-in-cheek, and nothing more; I agree that
> it might call undue attention to the group and piss off list members who
> don't want that transcript representing them.  That's perfectly reasonable.
> Again, far as I'm concerned, I'd rather the "c" word just didn't appear.

I'm glad you thought it was funny. :-)  At least someone besides myself did.
:-)  It was more for that "pro" look & feel than anything else.

However, I don't seem to have heard from any cypherpunk who felt it was out
of place to put "cypherpunks" on it rather than just you and Perry.  Okay,
so Tim did complain, but I don't take his complaint to be "Oh my god! You've
made me out to be an anarchist" ;-)  So if anyone does have a cow, would he or
she please let me know?  This has been a public service request. :-)

Actually as far as the PC Expo disks are concerned anyone whose articles
weren't on the disk, who didn't contribute anything, and is pissed has no
say in the matter, so I guess other than the few names that made it on the
disk...
 
> Yeah, it may not be the best piece to distribute to the general public
> since, as Perry pointed out, this was specifically an anarchist talk.  The
> audience consisted mainly of people who already consider themselves
> anarchists and would therefore be interested in these new developments from
> that perspective.  Don't know how much sense it makes to people who don't
> accept that to begin with.  Personally, I usually don't shy away from using
> blatantly political language when I think it's necessary or appropriate,
> regardless of the audience (on my radio show, for example), but I can see
> how people might think it's counter-productive here.

But lets not look the obvious.  Perhaps some members of the "underground"
received that disk and were very happy with it?  Perhaps it turned some
anal folks over to the other side?  Anything is possible.  Still perhaps
there will be better materials for the next expo.   Personally I don't find
anything wrong with the transcript.  I enjoyed your speech, and you both
did a fine job at outlining the real legal and fuzzy uses for crypto and
that is a whole lot more honest that what's been spewing out of the NSA
and FBI.  Even if someone didn't agree with all the uses, after reading that
piece he certainly is at least aware of them.  Right?
 
> As far as distribution goes, I'm glad it was posted to the list, at least.
> Beyond that, anything that's OK with Perry is OK with me.  But there's no
> reason that all list members should be blamed for that talk.  It was just
> me and Perry, speaking for ourselves.

The only other place it went was on the PC EXPO disk.  As for blaming the others
for your words, I'd say they should be proud of such blame, and if they object
why have I not heard from them yet?  Certainly I do not think that Tim
would object to being called a crypto-anarchist, other than Perry he's the only
one I've really heard complain about the copyright.

> One more thing: If anyone were to _charge_ anything for copies of that
> transcript beyond a reasonable "handling" fee, I'd be REALLY mad.  That
> doesn't include Perry, of course, but I doubt that he's considering making
> his fortune off that anyway.

So then I did do well to place a "NOT FOR SALE" tag on the file.




From blancw at microsoft.com  Mon Jul  4 14:30:10 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 4 Jul 94 14:30:10 PDT
Subject: FW: A third voice re: science and spirit
Message-ID: <9407042036.AA01566@netmail2.microsoft.com>


From:  <nobody at shell.portal.com>

"Ingore"?  Is that anything like an "AlGore"?  Is that a verb to
describe the state of the country, as in "we've just been
INGOREd"?
........................................

Could be, if you want it to be.
But it could also be part of some shocking, nonsensical AlGoreYTHM.

Blanc





From warlord at MIT.EDU  Mon Jul  4 14:38:23 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 4 Jul 94 14:38:23 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <Pine.3.89.9407041124.A6205-0100000@atlas.chem.utah.edu>
Message-ID: <9407042142.AA28845@toxicwaste.media.mit.edu>


MD5, like all hash functions, are many-to-one functions.  This means
that theoretically there are an infinite number of messages that will
hash to the same value.  This also means that reverting from the hash
back to your original message is nigh impossible.  The security of MD5
is based upon the fact that *finding* two messages that hash to the
same value is as difficult as a brute-force attack, which requires
2^128 trials (maybe it's 2^127, but I don't think that really
matters).

I dion't believe that multiple iterations of MD5 will cause you to
lose entropy.  Actually, you will lose entropy on teh *first*
iteration, since MD5 will \*only\* let you have 128 bits of Entropy,
since there are only 128 bits in the output.  In subsequent
iterations, you just move those bits around.

Does this answer your question?

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord at MIT.EDU    PP-ASEL     N1NWH    PGP key available






From blancw at microsoft.com  Mon Jul  4 14:40:51 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 4 Jul 94 14:40:51 PDT
Subject: Detweiler clone at WSJ
Message-ID: <9407042047.AA01634@netmail2.microsoft.com>


From: Dave Hart

<list of things to do to make the life of moral innocents safer>

There!  That should protect us from all the creeps in the world.  Of
course, there will be a few anarchist crybabies who will call these
measures fascist, and a few victims of the new openess...(etc)

..........................................................

Don't laugh -  they'll probably agree these are really good ideas.   
The author might even commend you for being so thorough and stringing 
them together to make such a complete package.

Blanc






From wcs at anchor.ho.att.com  Mon Jul  4 14:44:09 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 4 Jul 94 14:44:09 PDT
Subject: Password entropy
Message-ID: <9407042147.AA17444@anchor.ho.att.com>


"Nobody" asks whether you really get 128 bits of entropy out of MD5
if you put in fewer bits, and whether you need to put in more than
128 bits of entropy to get 128 bits of entropy out.  (This is mainly
relevant for the case where you iterate MD5 N times for large N.)

Entropy = -sum ( p(Xi) * log2(p(Xi) ) , Xi { outcomes of a random event X }
which is the sum of the amount of information each event gives you times the
probability of the event occurring.  In this application, the events are
"the input to MD5 is" and "the output from MD5 is", and each input is one
of many (presumably independent) values leading to the same output.

You know that Entropy(MD5(Xi)) is <= 128, since there are only 2**128
possible outputs, and they're supposedly equiprobable given random input.
If the distribution of the Xi's is known, and it has substantially lower
entropy than 128 bits, then the output also has lower entropy, since the
probability of MD5(Xi) appearing is the probability of Xi.

There's a bit more entropy lost in the MD5 step - if MD5(Xi) = MD5(Xj),
-p(Xi|Xj)*log(p(Xi|Xj) < -p(Xi)*log(p(Xi)) + -p(Xj)*log(p(Xj)).
On the other hand, collisions are infrequent - the probability of a
pair of numbers having the same MD5 value is presumed to be 2**-128,
and the usual birthday paradox calculations apply, so you'll probably
find one if you take 2**64 random samples.

At this point, knowing the details of the MD5 algorithm *does* matter;
you can analytically find a few pairs of inputs that have the same
MD5 value - but if you're choosing random inputs it's not likely to happen.
If you could analytically invert MD5 (it's presumed that you can't,
even for the 128-bit-input case), or store the results in a 2**128 large
lookup table (:-), you could find out exactly how much lossage there is.
Don't worry about it :-)

If you still *are* worried about it, however, you can scramble things a bit;
since MD5 produces 128 bits of output but uses 448 bits of input+padding,
you can add a different constant to the input at each step.
If you're using it as a salt, put it at the beginning; if you're
just doing it for multiple iterations it doesn't matter much.

		Bill
		
Celebrate Independence Day the traditional way - overthrow a government!





From warlord at MIT.EDU  Mon Jul  4 14:49:10 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 4 Jul 94 14:49:10 PDT
Subject: Question for PGP Gurus
In-Reply-To: <199407041851.LAA17276@netcom5.netcom.com>
Message-ID: <9407042153.AA28890@toxicwaste.media.mit.edu>


> Someone has told me that pre-MIT versions of PGP may have compromised
> security because "the session key is hashed solely from the
> plaintext."
> 
> Is this true? What's the significance? Is there any weakness?

This is not true.  The session key is based upon random input (key
timings from the passphrase, and other sources of random input) as
well as the randseed.bin file, which was generated by random
keypresses at key generation.  (It may also include other sources of
randomness as well; I do not recall).

This is only for the random session keys.  If you use conventional
crypto mode (pgp -c), then the IDEA key is based solely on the hash of
the passphrase, and I believe the IV is not random (maybe it should be
a random IV?)

Hope this helps, Tim.

-derek







From bryner at atlas.chem.utah.edu  Mon Jul  4 15:18:45 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 4 Jul 94 15:18:45 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <9407042142.AA28845@toxicwaste.media.mit.edu>
Message-ID: <Pine.3.89.9407041629.A7942-0100000@atlas.chem.utah.edu>


On Mon, 4 Jul 1994, Derek Atkins wrote:
> Does this answer your question?
No.  

Again, the only way that MD5 can keep the entropy of a string is for 
every single 128 bit string to map itself onto a unique 128 bit string, 
for if two 128 bit strings produce the same output, then you loose entropy.

The question is, when md5 is restricted to 128 bit values, does it loose 
entropy, and if so how much?  As much as a random mapping?  if so, the 
1024 bit itteration in secure drive HARMS security.

Roger.





From bryner at atlas.chem.utah.edu  Mon Jul  4 15:21:38 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 4 Jul 94 15:21:38 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <9407042142.AA28845@toxicwaste.media.mit.edu>
Message-ID: <Pine.3.89.9407041617.A7942-0100000@atlas.chem.utah.edu>


On Mon, 4 Jul 1994, Derek Atkins wrote:
> is based upon the fact that *finding* two messages that hash to the
> same value is as difficult as a brute-force attack, which requires
> 2^128 trials (maybe it's 2^127, but I don't think that really
This is incorrect, with a large memory, this is the birthday paradox in 
action, and it takes about 2^64 tries, which puts SHS right up there at 
2^80 same as skipjack.

Even with less memory, you can still improve on this though not as much.

Roger, Mad Dog Libertarian, Bryner.





From bryner at atlas.chem.utah.edu  Mon Jul  4 15:30:59 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 4 Jul 94 15:30:59 PDT
Subject: Password entropy
In-Reply-To: <9407042147.AA17444@anchor.ho.att.com>
Message-ID: <Pine.3.89.9407041650.A7942-0100000@atlas.chem.utah.edu>



<thanks for the analysis above>
On Mon, 4 Jul 1994 wcs at anchor.ho.att.com wrote:
> If you still *are* worried about it, however, you can scramble things a bit;
> since MD5 produces 128 bits of output but uses 448 bits of input+padding,
> you can add a different constant to the input at each step.
> If you're using it as a salt, put it at the beginning; if you're
> just doing it for multiple iterations it doesn't matter much.
This is not correct.  You still have the same problem that you don't know 
if the transformation is 1=>1.  You have added a lot of "psudo-random" 
stuff but unless you keep this in your head, it is laying around for your 
oppenent to grab(assuming non-secrecy of the algorithim).

Assuming a random function for MD5, it is simple to calculate the loss of 
entropy by calculating the number of collisions on adverage(intigrate the 
probilility of n collisions) and assumeing indipendence between rounds.  

I might point out that a better "buisy work" function would be to use to 
output of a RNG as a key for multiple idea incryptions, or some such 
scheme as this, as you are guarenteed of not loosing any entropy if you 
can (theoretically) decrypt the result.

The problem with such a "buisy work" function is that it sould be hard to 
simplify, ie xoring with the sequence 1010101010101010101010101... is 
easy to calculate dirrectly, without going through all the steps.  This, 
I would guess, gets into a whole other ball of wax.

Roger, Mad Dog Libertarian, Bryner.






From roy at sendai.cybrspc.mn.org  Mon Jul  4 15:58:11 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Mon, 4 Jul 94 15:58:11 PDT
Subject: Question for PGP Gurus
In-Reply-To: <199407041851.LAA17276@netcom5.netcom.com>
Message-ID: <940704.170829.5q1.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, tcmay:

> PGP gurus, 
> 
> I don't follow the ins and outs of PGP very closely, and I can't find
> anything on this directly in my archived articles.
> 
> Someone has told me that pre-MIT versions of PGP may have compromised
> security because "the session key is hashed solely from the
> plaintext."
> 
> Is this true? What's the significance? Is there any weakness?

It's not true.  The MD5 hash of the plaintext is used as a part of the
overall session key generation, if available.  Here's a comment from
~/pgp23/src/crypto.c:

    /*  Now we have to generate a random session key and IV.
        As part of this computation, we use the MD5 hash of the
        current file, if it has previously been obtained due to a
        signing operation.  If it has not been obtained, we hash
        the first 2K (for efficiency reasons) for input into
        the key generatrion process.  This is to ensure that
        capturing a randseed.bin file will not allow reconstruction
        of subsequent session keys without knowing the message
        that was encrypted.  (A session key only protects a
        single message, so it is reasonable to assume that an
        opponent trying to obtain a session key is trying to
        obtain, and thus is ignorant of, the message it encrypts.)

        This is not perfect, but it's an improvement on how session
        keys used to be generated, and can be changed in future
        without compatibility worries.
    */

The hash of the current file is combined with the contents of
randseed.bin.  Looks like the hash value is being used to gain a few
bits of entropy that can't be recovered from randseed.bin alone.

Checking the 2.6 code, I find the MD5 of the current file is used in the
random session key generation, but slightly differently:

 * The MD5 of the current file is used to "prewash" the random numbers,
 * to make it more difficult for an attacker to predict the output.

If the key were solely hashed from the plaintext, that could make for
some known-plaintext attacks.  But since a new session key is used each
time, there doesn't seem to be much value in it.  As it is, I don't see
a problem with the session key generation using the file hash as a part
of its entropy.

Then again, could an IDEA session key be recovered by a known-plaintext
attack?  If so, could a known-plaintext attack then be made against RSA?
(for that matter, is RSA vulnerable at all to known-plaintext attack?)
- -- 
    Roy M. Silvernail       |  #include <stdio.h>            | PGP 2.3 public
roy at sendai.cybrspc.mn.org   |  main(){                       | key available
                            |  int x=486;                    | upon request
                            |  printf("Just my '%d.\n",x);}  | (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhiMeRvikii9febJAQH/GQP8C/fNNkxlhz1vMnyNbyxdT9UeMUKrE4I8
bmyfWYSV9RxBQZR6OA2tU2hUWiX5Yvycn/IYYmxYbFEkio1zDSRuhit3svB1LPQY
lzBhkaf+Uqjl7zx5HFD7ON+0kjr8D01r4g+HQceQwep4jOWTXZ/OZKas/aiOqhH7
Pv08H0BEpps=
=ZtUN
-----END PGP SIGNATURE-----






From rarachel at prism.poly.edu  Mon Jul  4 21:09:35 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 4 Jul 94 21:09:35 PDT
Subject: PC Expo Disk Available
Message-ID: <9407050402.AA24347@prism.poly.edu>


Hey guys, I've just sent up the PC Expo disk package to ftp.wimsey.bc.ca
incase anyone is interested in it.  Give it some time as Mark has to clear it
but it's in the incoming folder right now...

I'll try to send it up to some other sites, but I guess I won't send it to
csua.berkeley.edu as it isn't being taken care of... (if you know otherwise
let me know and I'll send it there too...)





From fasttech!zeke at uu4.psi.com  Mon Jul  4 21:39:46 1994
From: fasttech!zeke at uu4.psi.com (Bohdan Tashchuk)
Date: Mon, 4 Jul 94 21:39:46 PDT
Subject: Pass Phrases
Message-ID: <9407050430.AA06018@fasttech>


We Americans have had many years of being forced to remember relatively
high-entropy things. Roughly 23 or 33 bits. I refer, of course, to phone
numbers. I, for one, have no problem remembering a few dozen of these,
in various area codes, even though I don't dial some of them for years.

Our neural cortexes have been "conditioned" to remember 7 digit (or 10 digit)
numbers. Much more easily than, say, 8 or 9 digit numbers.

So I claim that a simple way to get an easy 33 bits of entropy into your pass
phrase would be to generate a "random" 10 digit number, but then remember it
as an area code + phone number. You would, of course, combine this number
with some other sources of entropy, such as words or phrases.

If you really wanted to, you could forget the words or phrases and just
remember four numbers of this sort. You would have your magical 128+ bits
of entropy a lot more easily than remembering 40 random decimal digits.





From cme at tis.com  Tue Jul  5 10:11:34 1994
From: cme at tis.com (Carl Ellison)
Date: Tue, 5 Jul 94 10:11:34 PDT
Subject: AOL and CPSR gopher
Message-ID: <9407051703.AA12962@tis.com>


I tried out America OnLine last night (free disk in the mail) and saw that they
had support for gopher -- so I poked around and found the CPSR site --
and from that, the pub/cypherpunks directory.

However, there was no pgp directory and no code in the cypherpunks
directory.

Does anyone know if this is manipulation by AOL or some side effect of gopher?
(I'm new to both AOL and gopher).

 - Carl





From mech at eff.org  Tue Jul  5 10:12:28 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 5 Jul 94 10:12:28 PDT
Subject: BoardWatch on digital cash
Message-ID: <199407051712.NAA07891@eff.org>


See current (July 1994) _BoardWatch_, pp. 60-63.  There's an article on an
e-money scheme called NetCash.  Unfortunately it is utterly stupid, but
BW is giving it a semi-endorsement.  Some of you d-c afficionados might
like to disabuse them of some notions. 

Some of the flaws:

1) not cryptographically secure
2) someone can randomly guess the ser. # of your digicash and go spend it
3) non-anonymous
4) the person transferring the netbucks to you can actually spend it
before you validate it with the central server (e.g. it would only be of
use in cases where product/service has yet to be rendered, and customer
gives you the netmoney, which you verify and only then serve them. 
Completely useless otherwise.)

There are more, but those are the main ones.

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From exabyte!gedora!mikej2 at uunet.uu.net  Tue Jul  5 10:15:06 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Tue, 5 Jul 94 10:15:06 PDT
Subject: Where is SecureDevice? wuarchive directory missing..
In-Reply-To: <2E12F1FB@mspost.dr.att.com>
Message-ID: <Pine.3.89.9407051036.C3813-0100000@gedora>




On Thu, 30 Jun 1994, Philippe Nave wrote:
>... 
> story.) I'm looking for SecureDevice, hoping that
> it will let me create a secure area on my hard drive.

Try 
ftp://ftp.csn.org/mpj/I_will_not_export/crypto_???????/secdrv/secdev.arj
See
ftp://ftp.csn.org/mpj/README.MPJ for the ???????






From matthewn at uiuc.edu  Tue Jul  5 10:20:08 1994
From: matthewn at uiuc.edu (TheElusiveMatthew)
Date: Tue, 5 Jul 94 10:20:08 PDT
Subject: Pass Phrases
In-Reply-To: <199407041939.MAA14332@netcom.netcom.com>
Message-ID: <Pine.3.05.9407050933.A5336-9100000@dcl-nxt01>


On Mon, 4 Jul 1994, Norman Hardy wrote:

> I seem to recall something about a Midwest university beginning to
> digitize a large body of literature. 

That would be the Gutenberg Project, here at the University of Illinois,
Champaign/Urbana.



Matt Hewn <matthewn at uiuc.edu>
--
Information is not knowledge; knowledge is not wisdom; wisdom is not truth.
Truth is absolute.






From mmarkley at microsoft.com  Tue Jul  5 10:24:01 1994
From: mmarkley at microsoft.com (Mike Markley)
Date: Tue, 5 Jul 94 10:24:01 PDT
Subject: (None)
Message-ID: <9407051625.AA17615@netmail2.microsoft.com>


----------
| From: Jeff Gostin  <jgostin at eternal.pha.pa.us>
| To:  <cypherpunks at toad.com>
| Subject: (None)
| Date: Sunday, July 03, 1994 4:08PM
|
| bmorris at netcom.com (Bob MorrisG) writes:
|
| > I've heard rumors through the years that CIA/NSA/whoever can aim a
| > parabolic antenna at your window, read the electronic pulses surrounding
| > your computer, and thusly determine what you are typing.  Is there any
| > truth to this?
|      If this is a reference to the TEMPEST attack, yes, they can. From
| what I hear, it's trivially easy for them to do, because they have The
| Right Equipment. Rumor also suggests that that The Right Equipment isn't
| so difficult to come by. I don't pretend to understand the intricacies of
| TEMPEST, but I do know that the government requires all of their computers
| (used at any level of security above none) to be TEMPEST shielded. This
| tells us its a real concern.
|
|      There are other ways to beat TEMPEST, like making it damn near
| impossible to get close enough to the computer in question to get a
| reading.
|
|                                         --Jeff
| --
| ======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
|   ==    ==        | The new, improved, environmentally safe, bigger, better,|
|   ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
| ====    ======    | Now with a new fresh lemon scent!                       |
| PGP Key Available 
+---------------------------------------------------------+
|

How well does a Tempest attack work with multiple machines in the same 
room? It seems to me that it would take additional equipment to filter 
out the different machines that are being run. It also seems that it 
should be trivial to create a noise generator that would make Tempest 
useless. Kind of like using a spark plug to foil older radar guns.

Mike.
=====================================================

Mike Markley <mmarkley at microsoft.com>

I'm not a Microsoft spokesperson. All opinions expressed
here are mine.
=====================================================
 





From danisch at ira.uka.de  Tue Jul  5 10:25:26 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Tue, 5 Jul 94 10:25:26 PDT
Subject: MIME-Type for pgp keyrings/messages ?
Message-ID: <9407051440.AA16922@deathstar.iaks.ira.uka.de>



Is there a MIME-Type defined for binary/ascii-armored 
pgp messages and keyrings?

perhaps something like application/crypt-pgp ?

Thanks
Hadmut





From paul at poboy.b17c.ingr.com  Tue Jul  5 10:26:20 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Tue, 5 Jul 94 10:26:20 PDT
Subject: SecureDrive for OS/2?
In-Reply-To: <199407022151.OAA21435@jobe.shell.portal.com>
Message-ID: <199407051553.AA01651@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> Is there a version of SecureDrive, or something equivalent, that
> will work with a FAT partition under OS/2?  I have SecureDrive 
> running under DOS with no problem.  It also works with Windoze.  
> If I bring up a DOS box under OS/2, I can install it just fine, 
> and it even validates my passphrase correctly.  Unfortunately, 
> everything read from the encrypted partition is still garbled.

In the same vein, is there a version that works, or can be made to work,
with Windows NT?

_Paul

- -- 
Paul Robichaux, KD4JZG      | Why did an NSA agent threaten to kill Jim Bidzos?
perobich at ingr.com           | Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhmB2Kfb4pLe9tolAQG05gQAkwZuZPs+aLmQ0R+uPDNex0YtL/dL9N+W
nTFRYrCWbOohz5RNhgwpf3rmcUPH2IMgSMgTSZRbGuwY8FvwJfvBf65aY3uj7/Lg
8vvy+LRw0XLSwWNxKSNkhBQ7wVqqR8iby5M+2wOTbBN9Tnwc+e1KodOIIeRd6iFQ
6tYc7VEOrFg=
=Qkkf
-----END PGP SIGNATURE-----





From perry at imsi.com  Tue Jul  5 10:27:03 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 5 Jul 94 10:27:03 PDT
Subject: Password Difficulties
In-Reply-To: <199407020841.AA23083@world.std.com>
Message-ID: <9407051331.AA19522@snark.imsi.com>



Kent Borg says:
> Besides, your sample phrase might not have as many bits in it as you
> think.
> 
> >Rare steak tastes good when it is cooked over a wood fire. better
> >chicken. better than fish. good with worcestershire sauce.
> 
> 22 words, a good start.  But all will appear in a short dictionary
> list, 4 gramatical sentences, sentences with related meaning.

Were I using a sentence like that, I'd probably spice it up with low
probability words and the like, as in

"rare olliphant meat tastes good when cooked over a burning car. better
than oktopuss. not as good as republican. tasty with wasabi and chives."

Still fewer bits than I'd like, but you do better when things take an
unexpected turn mid-phrase.

Perry





From bdolan at well.sf.ca.us  Tue Jul  5 10:29:04 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Tue, 5 Jul 94 10:29:04 PDT
Subject: fink.net@doj.gov
Message-ID: <199407051330.GAA12261@well.sf.ca.us>


Maybe they should set up an anonymous forwarder......


----------------------------   begin included text   ------------------
From:	SMTP%"srctran at world.std.com"  5-JUL-1994 09:23:35.81
Subj:	PAT NEWS:  Wanna be a patent spy for the Justice Department?

Date: Tue, 5 Jul 1994 09:02:00 -0400
From: srctran at world.std.com (Gregory Aharonian)
Message-Id: <199407051302.AA01920 at world.std.com>
To: patents at world.std.com
Subject: PAT NEWS:  Wanna be a patent spy for the Justice Department?


    Want to be a spy?  Here's your chance.  The US Department of Justice is
seeking evidence of restraint of trade and monopolization in the computer
and telecommunications industry.  Currently their big investigation is that
of Microsoft, but they are looking for other cases of abuse of economic
power by dominant companies.

    With regards to patents, the Justice Department is looking for cases where
the owner of a patent denied a potential licensee a license for the patent,
while giving licenses to some of your competitors.  Maybe this is a case of
anti-trust, depending on market conditions.

    Of course, given that some companies might be unwilling to inform on their
suppliers or competitors, the Justice Department is open to anonymous tips
from knowledgable sources.  While you can have your attorney contact and meet
with Justice Department attorneys, you can also send in tips, via, you guess
it, the Internet:

			antitrust at justice.usdoj.gov

    Be that Deep Electronic Throat!!!


Greg Aharonian
Internet Patent News Service
(for subscription info, send 'help' to   patents at world.std.com)
(for prior art search services info, send 'prior' to patents at world.std.com)
---------------------------  end included text  ---------------------------


Brad   bdolan at well.sf.ca.us







From paul at poboy.b17c.ingr.com  Tue Jul  5 10:29:25 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Tue, 5 Jul 94 10:29:25 PDT
Subject: 'Black' budget purchases
In-Reply-To: <32940702225823/0005514706NA2EM@mcimail.com>
Message-ID: <199407051602.AA01790@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

Michael Wilson writes about the NSA's wafer fab facility, which I
think Tim has addressed in some detail. He then goes on to say:

> Additionally, having such information is useful beyond its
> application towards analysis.  Operationally, it is useful for an
> adversary to know, for instance, that photo recon analysis is
> performed on NeXT workstations.  This knowledge provides
> specifications on just what can achieved in the way of image
> enhancements, etc.  It also opens up a realm of options in
> informational warfare; knowledge of the target platform is critical
> toward building a tailored attack mechanism to cripple their
> capability, while knowledge of their providers supplies an adversary
> with the introduction mechanism (there is no such thing as an isolated
> system).

I don't agree. If you know that NRO, for example, is using
Intergraph's Interact photogrammetry workstations (disclaimer: I don't
know if they are or not) that will indeed tell you give you a floor
value for the capability of their analyses, but only because the
Interact is an off-the-shelf unit. Add in custom software- as the NSA
is certain to have done- and your floor value is only that. In the
case of photointerp, I suggest that knowing how many pixels a NeXT box
can display is not particularly useful in building an attack strategy.

In general, I don't think that knowledge of hardware capabilities is
too valuable. We had a similar discussion w.r.t. key lengths recently;
I think the consensus was that knowing how many large supercomputers
NSA had didn't mean that you could accurately estimate their factoring
abilities, since it is likely that any advances they've made would be
concealed. Again, you end up with the floor value.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | Why did an NSA agent threaten to kill Jim Bidzos?
perobich at ingr.com           | Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhmD7afb4pLe9tolAQFMXwP/cE5li0JDgFJO6KwLbg1V7Dk/5SDHvpQS
/8MdIRXikz6fvQOnauZKeUM2oRNVhOCXy3WHWHNhJsbz42rJaU/oWyFfjed4cIMM
b5ChyACMhlxtZYiVoUD853VLf0KknecfPxeyoQBMtxV0hePmfPfyzvuHVK4FVE7i
7vVIYlP5ixc=
=p5Wp
-----END PGP SIGNATURE-----





From patrick at CS.MsState.Edu  Tue Jul  5 10:58:05 1994
From: patrick at CS.MsState.Edu (Patrick G. Bridges)
Date: Tue, 5 Jul 94 10:58:05 PDT
Subject: fink.net@doj.gov
In-Reply-To: <199407051330.GAA12261@well.sf.ca.us>
Message-ID: <9407051757.AA05191@Walt.CS.MsState.Edu>


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> Brad Dolan <bdolan at well.sf.ca.us> writes:

    |> Maybe they should set up an anonymous forwarder......
    |> ---------------------------- begin included text
    |> ------------------
From: SMTP%"srctran at world.std.com"
    |> 5-JUL-1994 09:23:35.81 Subj: PAT NEWS: Wanna be a patent spy
    |> for the Justice Department?

    |> Date: Tue, 5 Jul 1994 09:02:00 -0400 From:
    |> srctran at world.std.com (Gregory Aharonian) Message-Id:
    |> <199407051302.AA01920 at world.std.com> To: patents at world.std.com
    |> Subject: PAT NEWS: Wanna be a patent spy for the Justice
    |> Department?


    |>     Want to be a spy?  Here's your chance.  The US Department
    |> of Justice is seeking evidence of restraint of trade and
    |> monopolization in the computer and telecommunications industry.
    |> Currently their big investigation is that of Microsoft, but
    |> they are looking for other cases of abuse of economic power by
    |> dominant companies.

So, can we turn in the State Department and NSA for restraint of trade?

- -- 
*** Patrick G. Bridges  		patrick at CS.MsState.Edu ***
***      PGP 2.6 public key available via finger or server     ***
***             PGP 2.6 Public Key Fingerprint:		       ***
***      D6 09 C7 1F 4C 18 D5 18  7E 02 50 E6 B1 AB A5 2C      ***
***                #include <std/disclaimer.h>		       ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhme7EoL7Aaetl5pAQHkiQQAr8QtoVwYqbGjKzkmwSQaVR9x+qwvwm4f
xscDKKYFtet+HcspI2iLawDaR+GZCBME2ezBcgtkVvRPq0H9T6IgZzK88inX6kcJ
yCYNdrlZJATc9DFVmTniyLxKqfriR+nsrWpViJnRE7A+MoDRG02MOAJjqoRiiDU+
0ZnUn/y3guY=
=56hW
-----END PGP SIGNATURE-----






From exabyte!gedora!mikej2 at uunet.uu.net  Tue Jul  5 11:15:21 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Tue, 5 Jul 94 11:15:21 PDT
Subject: Password Difficulties
In-Reply-To: <9407022117.AA06795@toad.com>
Message-ID: <Pine.3.89.9407051145.D3813-0100000@gedora>




On Sat, 2 Jul 1994, Eli Brandt wrote:

> > It boils down to this: I can't remember as many bits as the TLAs can
> > crack by brute force.
> 
> Have you *tried* to memorize these long passphrases?  I pick ones that
> are substantially too complex for me to memorize in one trial.  So I
> write the candidate passphrase on paper until I have a grasp on it,
> then burn the paper, scatter the ashes (yes, literally), and begin to
> use the passphrase.  My experience is that once I've successfully
> remembered a phrase two or three times, I will not forget it.
> ... 

I have actually tried memorizing truly random passwords of 8 characters 
or longer (generated with a paranoid program similar to PGP 2.6's 
excellent technique).  I've found that if I review it enough, that I find 
patterns and mnemonic clues in such passwords that help me to remember 
them.  I don't imagine too many people will go through that effort, so I 
still think that a longer pass phrase that sort of "makes sense" is 
better for a PGP key.  Still, I do use the truly random passwords on 
publicly accessible Unix systems like CSN, since that makes dictionary 
attacks improbable.







From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Tue Jul  5 11:40:28 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Tue, 5 Jul 94 11:40:28 PDT
Subject: Offshore Banking
Message-ID: <773433336/vac@FURMINT.NECTAR.CS.CMU.EDU>



Some people here are probably interested in this.

   -- Vince

From: privacy at well.sf.ca.us (David Johnson)
Newsgroups: misc.invest
Subject: Offshore Banking & Privacy
Date: 5 Jul 1994 12:59:29 GMT


PRIVACY & OFFSHORE BANKING: What the IRS doesn't want you to know!

By David Johnson


I'll get right to the point!  The purpose of this brief article is to take a
look at banking and investing overseas, using fiscal tax shelters (havens) to 
reduce and eliminate taxes, and foremost, to provide confidentiality in 
personal and business matters.  Period.

For various reasons, offshore banking has been tagged as "unsafe", "risky", 
"illegal", or "for the wealthy".  All are anything but the truth!  It's 
time to dispell the myths!  Let's seperate the fact from the bull!  First 
off, one must understand that it is normal for those who know little or 
nothing about something (besides what they hear from others) to be afraid 
and suspicious of it.  Misinformed financial planners, attorneys and 
accountants may know economics and law in the United States, but few know 
about handling business outside of the country.  Let's tackle these 
misconceptions one at a time:

LEGALITY - There isn't and will never be a law restricting the sending of 
funds outside the United States.  How do I know?  Simple.  As a country 
dependant on international trade (billions of dollars a year and counting), 
the American economy would be destroyed.  How?  Since all U.S. global trade 
is transacted in U.S. Dollars, there would be no imports or exports, due to
the fact that the United States would not be able to buy and sell goods.  
Make sense?  

If you wanted to, you could remove or transfer some (or all) of your money 
our of your bank or credit union to anywhere in the world, LEGALLY.  

U.S. banks and the IRS disseminate negative propaganda dealing with offshore 
banking, making it seem unsafe or some type of criminal act.  Why?  Banks just 
want to keep your money in their institutions to use for thieir own profitable 
purposes.  Did you know that most U.S. banks themselves accept deposits from 
people overseas and often invest in foreign stocks and hold accounts with 
foreign banks?  It's true!  As far as the IRS, they obviously want your money
in U.S. banks where they can tax every dollar you earn in interest, and keep 
track of how many liquid assets you have and where they are.

The confusion with tax legalities is sometimes due to lack of knowledge.  In 
the U.S., tax evasion is a crime, tax avoidance is not.  As you know, there 
are zillions of laws on the books in every country.  Without a doubt, what is 
legal in one place may be against the law elsewhere.  For example, income tax 
evasion is not a crime in jurisdictions where there is no income tax.  Thus,  
in most cases (except those with significant political and/or business weight) 
countries that are not allies usually don't assist other nations in enforcing 
laws that are not laws in their countries.  Further, a country has no legal 
right to conduct an investigation in a foreign country, without consent of the 
respective government.  In reality, a country has every right to deny ANY 
other nation permission to make examinations in their territory.  Therefore, 
it is difficult, if not impossible for authorities in the U.S. to obtain
financial transaction records of tax evaders in many foreign-based 
institutions (outside of those located in areas that have some type of
cooperation treaties).  Strict banking secrecy laws also contribute to the
difficulty. Most tax haves impose lengthy prison terms and/or hefty fines for 
violations of a client's secrecy.  INTER-FIPOL (The International Fiscal Police) 
is the tax crime equivalent of INTERPOL (The International Police Organization), 
which is a network of law enforcement authorities in numerous countries which 
exchange information on criminals.  Many evaders are opening accounts in 
fictitious names and using mail fowarding & pick-up drops for privacy.

PRACTICALITY - Movie-makers and recent international scandals, such as BCCI and 
Iran-Contra, have contributed to negative views about offshore banking.  
Contrary to popular belief, rich criminals and corrupt government officials
make up a small segment of the total number of customers at any given offshore
institution.  Now more than ever, the average American blue-collar worker and 
businessman is using offshore banking as a way to reduce taxes (through legal
avoidance).  Many accounts may be opened for the same amount required in the 
U.S (about $100) or less.  In some cases, there is no minimum opening deposit 
at all.  Further, the interest rates are usually substantially higher than in 
the U.S. (since federal law sets limits on the amount of interest a bank can 
pay you).  But by far, the reason most people turn to offshore banks is their 
confidentiality.

One might ask, "if these banks are so good, why don't they advertise in the 
U.S."?  The answer is simple...they are prohibited!  Federal law restricts 
offshore banks from advertising their services in U.S. magazines and newspapers,
unless they agree to the same restrictions that govern F.D.I.C. institutions
(such as interest limitation).  Why?  That's simple too...to keep competition 
down.  Opening an account with these banks is as simple as writing a formal
letter to the institution and  requesting information about their various
services and the appropriate application forms, and returning them to the bank.
It really that easy!  Most banks never have to see you in person.

SAFETY - All offshore banks are regulated in one form or another, like their 
U.S. counterparts, but minus the limiting federal laws.  Less restrictive 
regulations abroad allow foreign banks more freedom in locating the best 
investments worldwide, allowing them to pass on and share their profits with 
their customers.  As for insurance, forget the F.D.I.C. or other private 
insurance companies!  They usually only allow a liquidity factor (insurance) 
of about 10% of public deposits.  Many offshore banks are self-insured, 
meaning they have AT LEAST one dollar in cash to coverevery dollar on deposit, 
That translates to 100%+ insurance.  Also, the majority of the world largest 
and strongest banks (as far as assets) are overseas, not in the United States.  
Call your local library's business & finance or commercial department and ask
the librarian to look it up.  

INTERNAL REVENUE SERVICE (IRS) - Treasury form 90.22-1 (Report of Foreign Bank
and Financial Accounts must, by law, be completed and returned to the I.R.S. by
June 30th of each year you possess a foreign account.  For a copy of the form,
call the IRS at (800) 829-1040, or check your phone directory for the number of
your nearest forms distribution center.

U.S. CUSTOMS - U.S. Department of Treasury's Currency and Foreign Transactions
Reporting Act details which monetary instruments (checks, money orders, ect.) 
must, by law, be reported to the federal government.  A copy of an illustrated 
circular which explains the act in full is available for the cost of $5 from: 
Worldwide Consultants, 2421 W. Pratt Blvd., Suite 971, Chicago, IL 60645 U.S.A.

WHAT YOU DON'T HAVE TO REPORT - Here are two categories of instruments that you
are not required to report: 

If you make out a personal check or money order to an offshore bank, you don't 
have to report it.

And, if you have a check or money order payable to you, you may restrictively 
endorse it (i.e. pay to the order of XYZ Bank), and you do not have to report it
either.

TAX EVASION - If you deposit your paycheck in a U.S. bank, chances are you've
already paid income taxes on it (unless it is a personal check).  So, you have
no further obligations, since taxes were deducted before the check even hit your
hand.  With a savings or brokerage account, at the end of the year when you get
your annual statement, you simply add the total amount of interest or profit
earned to your income, and pay taxes on the grand total.  The same is only
true offshore if the country the bank is located in imposes a withholding tax.
Since I'm on the subject of taxes, did you know that the United States and the 
Philippines are the only two nations in the world that tax income earned 
outside of their countries?  Anyway...back to tax evasion.  Below are a few 
examples of ways some individuals have cheated the IRS:

A lawyer received payment by personal check from a client and deposited it
in his offshore account.  Since the deposit didn't appear on his business
reords, the chances are it would never be found out (even if he was audited).

One couple sold a valuable antique and had the buyer send the payment directly
to their offshore bank account.  Later the couple used the money to tour 
Europe and the Carribean.

Another example is the S&L bank customer who enticed his "unscrupulous" banker
to electronically transfer a large sum of cash offshore without reporting the 
transaction to the I.R.S..  Then the customer borrowed the money back from the
offshore bank.  Since loan proceeds are not taxable, no taxes were paid.

These types of schemes are no longer used by the rich with extra money to hide,
but by average Americans who don't like to pay taxes on every single cent they
earn.
     
HOW HIDDEN ASSETS ARE FOUND - Having conducted investigations in the
U.S. and abroad, I am familiar with the various techniques which may
be used to locate leads to funds being kept offshore.  Here are a few:

1.  Checking passports (and travel agents) for evidence of visits to "high
profile" destinations such as: Switzerland, Cayman Islands, The Bahamas, Isle
of Man, Netherland Antilles, and other known banking and tax havens.  Travel 
to these type of areas nwill surely throw up a red flag, giving seekers a
place to start looking for your assets.

2.  Examining telephone (home, business & hotel), fax and mobile (cellular)
phone records to identify undisclosed business connections and contacts.

3.  Reviewing credit card statements to determine who you do business with,
where you travel (domestic & foreign), and what products and services you use.
These records leave a revealing paper trail miles long.

4.  Garbage is often sifted through for information such as statements, 
invoices, correspondence, and other relevant material useful in tracking your
affairs.  Use a high-quality paper shredder, discard your garbage at another
location, or burn and crush it.  It sounds drastic, but what you throw away
says a lot about you, and many leads can be found there.

5.  Compiling a list of parties that you have a relationship with (business or
otherwise) by recording the return addresses on your incoming mail.  This
technique can disclose friends, associates and partners.  If you must receive
important mail at your residence or business address, be sure to have your 
correspondents omit using a return address.

6.  Looking into banking transactions.  All withdrawals or deposits $3,000 or
more must be reported by your bank to the federal government, whether made by
cash, check or electronic transfer.  Keep transactions under $3,000.

7.  Checking private courier's logs (UPS, DHL, RPS, Federal Express, Airborne
Express, ect.) for delivery of special or important letters and packages.

8.  Examining telex records of your company or business to locate areas of 
foreign activities.

RESOURCE DIRECTORY

F.E.C., Inc.
Box 959, Centro Colon Office Building-1007
San Jose, Costa Rica

The above company is the JC Penney of financial privacy.  If no one else, 
contact them!  Provide them with your name, mailing address, and mention
SOURCE: 91/12-0695, and they'll send you complete details about their
services by International Airmail.  You'll get information on everything 
you need to know about keeping your assets safe from invaders.  Definately 
an all-time favorite one stop shopping place for many reasons:

1.  They offer damn near every confidential service imaginable.  Here
are just a few:  the Divorce Protection Program, the Savings Account
Program, the Client Loan Program, the Mail Service Program, and others.

2.  Their Representative Program gives the average Joe an opportunity 
to make money 100% tax-free, through commissions by offering their
services to other on a part-time or full-time basis.

3.  They give advice and assistance in tax-reduction and setting up
domestic & foreign corporations in tax havens here and abroad.

4.  All fees are quite reasonable and affordable by almost anyone.



Scope International Ltd.
62 Murray Rd., Waterlooville
Hampshire PO8 9JL, England
Tel: (44) 0705-592255
Fax: (44) 0705-591975

Publisher of numerous reports by Dr. William G. Hill, Esq., the world's most
free-thinking attorney.  They also provide privacy & financial consultations.




TSB Bank                Liechtensteinische Landesbank       Bank of Nauru
25 New Street           FL-9490 Vaduz                       P.O. Box 289
St. Helier              Stadtle 44, Postfach 384            Nauru
Channel Islands         Leichtenstein
Fax 44-53423058


Jyske Bank              Banca Serfin                        Bank of New Zealand
Vesterbrogade 9         Padre Mier Ote 134                  31-05 OCBC Centre
DK-1780 Copenhagen      64000 Monterrey                     65 Chulia Street
Denmark                 Mexico                              0104 Singapore
Fax (45) 33-787833                                          Tel 65-915744

All of the above six institutions provide a wide range of offshore
services including, savings &  checking accounts, loans, credit cards,
traveler's checks, stocks & bonds and global investment services.



Expat World
P.O. Box 1341
Raffles City 9117, Singapore

This newsletter for international free-thinkers is packed with all types
of goodies about living a global lifestyle.  Send $5 for a sample copy.



The International Harry Schultz Letter
P.O. Box 622
CH-1001 Lausanne, Switzerland
Fax: (32) 16535777 (Belgium)

This newsletter is read in 91 countries, and is published by none other than
Harry Schultz, The World's Highest-Paid Financial Consultant (according to
Guiness Book of World Records).  It provides advice and covers worldwide 
economic cahnges.



International Herald Tribune
(800) 882-2884 (in the U.S.)
(800) 535-8913 (from Canada)
(212) 752-3890 (outside the U.S. & Canada)
(212) 755-8785 (fax)

This newspaper is circulated to over 160 countries, and contains articles and
advertisements from financial institutions, office rental and business service 
providers and entrpreneurs around the globe.



Outpost (Wyoming), (800) 331-4460
Fast Foward (Florida), (800) 321-9950
Mail, Messages & More (Nevada), (800) 722-7468
Omni Worldwide Offices (numerous locations), (800) 331-6664
Wayne Budd, Budd Bldg. #5, Eldorado, Ontario, Canada, Fax (614) 473-4460

The above companies are mail fowarding companies provide the fowarding of
mail internationally, send confidential mail to alternative addresses, and 
take and relay  messages.



R.L. Polk & Company
1155 Brewery Park Blvd.
Detroit, Michigan 48207 U.S.A.

Publisher of Polk's International Bank Directory ($67.50).  This publication,
which is updated annually, lists every bank in the world (including its total
assets and heads of each department).  You may view a copy of this publication
at your local library.



American Voice Mail, (800) 347-2861

This company can provide you with a voice mail box where you can receive
phone calls (with a recording left in your own [or someone else's] voice).  
They can set up service in almost any area code and in any name (or alias).



Traceless Phone Calls (900) CALL-888

Domestic and International calls can be made through this number without 
telephone records of where the call went.  The charges are $1.95 per minute
(domestic), and $3.95 per minute (international).  For more information about 
the service, call Int'l Phone Company at (800) 823-0080 or (408) 738-3700.



ABOUT THE AUTHOR - David Johnson is an international consultant specializing 
in privacy, security and investigative matters.  He has lived in Asia for 
close to two years, where he saw ten countries.  He may be reached by E-mail
at privacy at well.sf.ca.us 

YOUR FEEDBACK (QUESTIONS, COMMENTS, NEWS, GRIEVANCES, ECT.) IS ENCOURAGED.

Please feel free to distribute, post, or archive this article on any computer 
system worldwide.  The publication and/or distribution of this article in 
paper format is prohibited without consent of the author.





From gtoal at an-teallach.com  Tue Jul  5 11:43:41 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 5 Jul 94 11:43:41 PDT
Subject: fink.net@doj.gov
Message-ID: <199407051841.TAA05429@an-teallach.com>


:     Want to be a spy?  Here's your chance.  The US Department of Justice is
: seeking evidence of restraint of trade and monopolization in the computer
: and telecommunications industry.  Currently their big investigation is that
: of Microsoft, but they are looking for other cases of abuse of economic
: power by dominant companies.

:     With regards to patents, the Justice Department is looking for cases where
: the owner of a patent denied a potential licensee a license for the patent,
: while giving licenses to some of your competitors.  Maybe this is a case of
: anti-trust, depending on market conditions.

I LOVE IT!!!!

Finally we've found someone with the balls to challenge Clipper!!!

Get writing, folks!

G





From tcmay at netcom.com  Tue Jul  5 11:51:24 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 5 Jul 94 11:51:24 PDT
Subject: BoardWatch on digital cash
In-Reply-To: <199407051712.NAA07891@eff.org>
Message-ID: <199407051850.LAA20572@netcom4.netcom.com>


Stanton McCandlish writes:

> See current (July 1994) _BoardWatch_, pp. 60-63.  There's an article on an
> e-money scheme called NetCash.  Unfortunately it is utterly stupid, but
> BW is giving it a semi-endorsement.  Some of you d-c afficionados might
> like to disabuse them of some notions. 
> 
> Some of the flaws:
> 
> 1) not cryptographically secure
...rest of flaws elided...

Indeed, there are many kinds of "digital cash" or "digital money"
being floated. I suspect the term is about to join "Information
Superhighway" and "infobahn" in the popular media.

But all but a very few of them are polar opposites of what we as
Cypherpunks want. Microsoft wants home banking, VISA wants it, and
various cryptographically-incompetent schemes are being proposed.

As you on this list all know, these are Bad Ideas.

What we can do to head them off or to deploy the right kinds of
systems is the challenge ahead of us.

Our apparent victory in the Clipper matter (the public scorn for
Clipper, the editorials against it, the weaknesses exposed, and the
favorable articles about CPs) may serve us in good stead. But it will
be a tough struggle, as things are moving fast behind the scenes.

(My greatest fear: legislation to support home/cable banking, with
restriction on competitors.)


--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From rah at shipwright.com  Tue Jul  5 14:08:44 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 5 Jul 94 14:08:44 PDT
Subject: BoardWatch on digital cash
Message-ID: <199407052107.RAA14918@zork.tiac.net>


At 11:50 AM 7/5/94 -0700, Timothy C. May wrote:

>But all but a very few of them are polar opposites of what we as
>Cypherpunks want. Microsoft wants home banking, VISA wants it, and
>various cryptographically-incompetent schemes are being proposed.

I've been talking off line with people about business models for e$.

We have to deal with the fact that for most people privacy is not as big an
issue as it is for us.  There was a quote in MacWeek today to the effect
that 80% of the people are satisfied with 70% of the Mac's functionality,
and so they buy Windows.

With that in mind, here are three business models for discussion.

The Redmond Scenario: Here's a business model (not a new one either) which
has 70% of the functionality of DigiCash(tm), and that 80% of the people
will buy into. It works like those ATM terminals you see at grocery store
checkout counters now. But I think there's also way to hack into it a
DigiCash(tm) option later...

Attach a card-swiping peripheral to a PC. Use secure Mosaic or equivalent
as the transaction protocol. When someone buys something from a vendor, the
HTML form asks for a swipe in the reader and the customer's PIN. The latest
version of "Debbie Does Ft. Meade, LXIX" is then downloaded to the
customer.  The customer has just made a trusted-third-party "cash"
transaction.  Obviously, this for credit card transactions, too.  For a
"cash" transaction, the vendor's software sends a secure (vendor can't
tamper, either) message including card swipes and PINs for both the
customer and the vendor, crediting the vendor's account and debiting the
customer's account to an ATM gateway (probably sold to a bank as a
"drive-up window on the information superhighway"<gak!>) . Instant
transaction settlement. Not private.

The Cupertino Scenario:  This one of many right ways to do DigiCash(tm). It
achieves the same result (DDFM LXIX is sold) as the Redmond Scenario with
the same technology.  In this case, the ATM gateway sells (for some
combination of a spread and float interest on outstanding cash)
Digicash(tm) directly to the purchasers, just like physical ATM does with
paper cash at a shopping mall.  The transaction is done with a card swipe
and the cash is put on the customer's hard drive to be spent. Consumer uses
digital cash to buy DDFM LXIX. Vendor either keeps e$, or deposits with own
bank, or cashes it out with DigiCash(tm) issuer.

The Houdini (more lives than a cat, that Houdini...) Scenario. Just like
Redmond scenario but, in every transaction, the option is there to use
DigiCash(tm).  The reason the option is kept alive is that the bank (the
owner of the "drive up window"<gak!>) gets a *commission* on DigiCash(tm),
just like they do with Travelers' Checks.  If the customer pays with
DigiCash(tm), the swipe/PIN doesn't touch the vendor, it goes to the ATM
gate. e$ is issued to the customer and used to pay off the vendor, who
doesn't even have to have a bank account at this point, which "suitably
incentivizes" the vendor to maybe offer a discount, 'cause his costs are
lower. (Eric has killed me on this already, but I stand ready to be killed
for it again. Sigh)  Customers are "incentivized" by privacy, of course...

>What we can do to head them off or to deploy the right kinds of
>systems is the challenge ahead of us.

As I said to somebody offline a while ago.  The thing we don't want to do
is provoke an immune response from the banking system before we get
started.  I believe that there are all sorts of real good reasons the
banking community would like to do e$.  I think that we may have evolution
on our side here.  It seems to me that strong crypto transaction settlement
and e$ are the necessary and *sufficient* conditions for the kind of global
information economy that most people on this group believe is coming.

One of the things I thought about was the idea of a conference on internet
commerce, geared toward educating a smallish (100-150) business,
regulatory, and finance people about the technology and the potential of
e$.  I wrote up a bunch of dog-and-pony slides outlining an agenda and
potential speakers, and then the ritalin wore off. ;-). Nonetheless, I have
been doing a bunch of work for the World Trade Center in Boston lately
(where the air-conditioned part of MacWorld is held ;-)), and my client
referred me to a good conference planner.  If anyone wants to egg me on
about this, (I'm *not* asking for free work from *anyone*, I swear) e-mail
me.  I could use some moral support, at the least.

>But it will
>be a tough struggle, as things are moving fast behind the scenes.

Would you like to share something, Tim? (jeez, I sound like I'm in a CR
group...)

>
>(My greatest fear: legislation to support home/cable banking, with
>restriction on competitors.)

Remember that Citicorp has been plugging home/telephone banking for years.
I also think that any regulatory response at this point will only cause the
kinds of "regulatory arbitrage" Eric has been talking about.



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From jgostin at eternal.pha.pa.us  Tue Jul  5 14:50:32 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 5 Jul 94 14:50:32 PDT
Subject: BoardWatch & DigiCash.
Message-ID: <940705162833U2zjgostin@eternal.pha.pa.us>


Stanton McCandlish <mech at eff.org> writes:

> See current (July 1994) _BoardWatch_, pp. 60-63.  There's an article on an
> e-money scheme called NetCash.  Unfortunately it is utterly stupid, but
> BW is giving it a semi-endorsement.
     That says as much for BW as it does for NetCash. I've read a few
issues of BW, and have found it to be about as useless as most of the
Ziff-Davis publications. Anyone care to suggest a magazine (or other form
of trade rag) that gives unbiased information (or at least as close as
possible)? Z-D lost my subscription to both PC Mag and PC Computing, for
different reasons. The one overriding factor in both, though, was the
Party Line approach to reporting.

                                        --Jeff

PS:  Yeah, I know... It's more than a tad off-topic, so please feel free
     to reply by email.





From markh at wimsey.bc.ca  Tue Jul  5 15:54:04 1994
From: markh at wimsey.bc.ca (Mark C. Henderson)
Date: Tue, 5 Jul 94 15:54:04 PDT
Subject: PC Expo Disk Available
Message-ID: <m0qLJLp-0005EFC@vanbc.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: PC Expo Disk Available

> Hey guys, I've just sent up the PC Expo disk package to ftp.wimsey.bc.ca
> incase anyone is interested in it.  Give it some time as Mark has to clear it
> but it's in the incoming folder right now...

It is available to U.S. and Canadian persons at ftp.wimsey.bc.ca 
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/pcxpo/pcxpo.zip

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBVAgUBLhnkIWrJdmD9QWqxAQFk2QH/VZnf1PqE0ftwQdfQLIu8Q4kaOeBh0C2R
wN8mdxSEpSgWsCOzqgpN9jv195/GrQMETqAznUs2L6jA4rWyfnlbPg==
=nPCR
-----END PGP SIGNATURE-----

-- 
Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433
ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
low security key fingerprint: EC E7 C3 A9 2C 30 25 C6  F9 E1 25 F3 F5 AF 92 E3
cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto





From klbarrus at owlnet.rice.edu  Tue Jul  5 16:14:32 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 5 Jul 94 16:14:32 PDT
Subject: GOPHER: AOL, CPSR, cypherpunks
Message-ID: <9407052314.AA15883@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks,

Earlier, somebody (I beleive Carl Ellison, but I screwed up and
deleted the file) asked about AOL and the gopher site.

The problem may not be AOL or CPSR actually.

What happened is this: Chael reorganized the gopher site, placing the
Cypherpunks Gopher Archive into a subdirectory.  So the archive is
still at chaos.bsu.edu, but no longer immediately at the top level.
Perhaps CPSR's pointer to the site is no longer valid!

Or maybe the problem is that he also upgraded to a new gopher server,
which is supposed to be backwards compatible ;) and one of these days
I'll create some sort of index files (?) to take advantage of the new
features, etc.  So maybe this is the problem, a new version that AOL
doesn't handle.

So try gopher'ing directly to chaos.bsu.edu and then into the
"Cypherpunks Gopher Archive" if going through somebody else isn't
working.

Hm... I'll inform CPSR about the change.

Karl Barrus
klbarrus at owlnet.rice.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhnpG8SF/V8IjI8hAQGn0gP/YjRzP3OODE9e7pXdHhOpHtY6UddH75Fj
7z1T/RA9JuL3es926zNZP2K9C1p9AlgwKyPcea2GWkgT8q79Ink4VXKGJbwEzzwV
Kyh5a3Efm7ZsewxlUnrkRtppH2qc//bhNkpaTSIlM1Ccl7+yBttONyq6qHFfpzLd
m88J8APnLWM=
=AbvY
-----END PGP SIGNATURE-----





From klbarrus at owlnet.rice.edu  Tue Jul  5 16:25:22 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 5 Jul 94 16:25:22 PDT
Subject: MD5: hashing, > 1->1
Message-ID: <9407052324.AA16560@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

>> is based upon the fact that *finding* two messages that hash to the
>> same value is as difficult as a brute-force attack, which requires
>> 2^128 trials (maybe it's 2^127, but I don't think that really

> This is incorrect, with a large memory, this is the birthday paradox in 
> action, and it takes about 2^64 tries, which puts SHS right up there at 
> 2^80 same as skipjack.

Geez, I did it again (deleted the original message - the one Derek
sent).

So from memory, I beleive that in the context in which Derek was
describing the "finding two messages" above, his statement about the
difficulty (2^128) is correct.

The birthday paradox is the situation when you are looking for *any*
two messages that hash to the same value.  In this case, 2^64 is the
expected work.

However, if you are given a particular hash and you are looking for
another message which has the same hash, then the difficulty is 2^128.

This is the situation which is (more) important since it corresponds
to forging MD5 hashes for a signed message.  Say you are given a
message and you want to find another which has the same hash.  2^128
applies.

The birthday paradox situation corresponds to just finding two
messages with the same hash.  In this case the expected work is 2^64,
but then the two messages that you discover with the same hash may be
random (and thus worthless).

Karl Barrus
klbarrus at owlnet.rice.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhnrj8SF/V8IjI8hAQGlmQP6AshYEwjoJGbN8cZZRiPAEdhZO9AAWG2Y
P08YcQ/wUWNEAOAvi4WISPobIWxO6oRk+fBRvUMWv7wyU4eRA/7yj95nlDaui5oW
rDaFrh+IBnC8Epce2hing6TqWdBxL5uKBCuq1CrKnUkDO2uESoZkN/aDpbnvueC9
05aqKfQ9P+U=
=Lscb
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Tue Jul  5 16:34:36 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 5 Jul 94 16:34:36 PDT
Subject: BoardWatch & DigiCash.
In-Reply-To: <940705162833U2zjgostin@eternal.pha.pa.us>
Message-ID: <199407052334.QAA16833@netcom7.netcom.com>



>      That says as much for BW as it does for NetCash. I've read a few
> issues of BW, and have found it to be about as useless as most of the
> Ziff-Davis publications. Anyone care to suggest a magazine (or other form
> of trade rag) that gives unbiased information (or at least as close as
> possible)? Z-D lost my subscription to both PC Mag and PC Computing, for
> different reasons. The one overriding factor in both, though, was the
> Party Line approach to reporting.
> 
>                                         --Jeff

* I like "Byte." Our own Peter Wayner has written good articles on
crypto.

* "Communications of the ACM" is also good.

The rest of the rags are nearly worhtless, except to hear gossip and
new product announcements.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From paul at hawksbill.sprintmrn.com  Tue Jul  5 17:13:42 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Tue, 5 Jul 94 17:13:42 PDT
Subject: BoardWatch & DigiCash.
In-Reply-To: <199407052334.QAA16833@netcom7.netcom.com>
Message-ID: <9407060115.AA10713@hawksbill.sprintmrn.com>



Tim May writes -
> 
> 
> * I like "Byte." Our own Peter Wayner has written good articles on
> crypto.
> 
> * "Communications of the ACM" is also good.
> 
> The rest of the rags are nearly worhtless, except to hear gossip and
> new product announcements.
>

Worthless is usually a good description, however there _is_ a very
informative article by Bruce Schneier (howdy) in the July/August
issue of _INFO_Security_News_, called "Encryption's Bright IDEA"
about the background of the IDEA cipher. 

Cheers.

 




From bryner at atlas.chem.utah.edu  Tue Jul  5 17:27:16 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Tue, 5 Jul 94 17:27:16 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <9407042142.AA28845@toxicwaste.media.mit.edu>
Message-ID: <Pine.3.89.9407051714.A13153-0100000@atlas.chem.utah.edu>


On Mon, 4 Jul 1994, Derek Atkins wrote:
> MD5, like all hash functions, are many-to-one functions.  This means
> that theoretically there are an infinite number of messages that will
> hash to the same value.  This also means that reverting from the hash
> back to your original message is nigh impossible.  The security of MD5
> is based upon the fact that *finding* two messages that hash to the
> same value is as difficult as a brute-force attack, which requires
> 2^128 trials (maybe it's 2^127, but I don't think that really
> matters).
Hmm, I read this as reverting is imossible, as it genrealy is when you 
start with 1MB and hash it to 128 bits(or compression would be neat!), 
then that finding two messages that hash to the same value is as 
difficult as brute force, which is not really true, if taken literally.

Perhaps my original question about cycles and entropy loss is beter in 
the context of a broken system such as MD4.  Are there 128 bit messages 
in MD4 which hash to the same value, and if so, what insight into the 
cycle leingth vs string leingth would it give us.

lets say each dot is a 128 bit number, a string could feed a cycle, such 
as shown below.  When this occurs, you loose entropy, as it ceases to 
be sequentially dependent on a 128 bit number, and instead a subset of 
the cycle.
==>
.......................
                  .   .
                  .....


Here is an example hash function, for two 64 bit words, a, b;

hash(a,b)=a+b,a-b;
now hash^2(a,b)=2a,2b.

so here you have lost 1 bit of information when  you start to itterate 
the hash function, and will be left with exactly 1  option after 128 
iterations of this function in every case.

This is why I won't use securedrive with the 1024 option, as I view it as 
a SERIOUS NEGITIVE THREAT TO SECURITY OF THE SYSTEM.  Changeing this to 
encrypting 1024 times with idea and a key generated by a PRNG has no such 
security hole possible, and is what I would view as a proper "buisy work 
function[TM]" althought nothing has been said about its ireducibility.

I would recomend replacing that option or discarding it, that is unless 
hash functions never throw away bits in sizes smaller than their output size.
(again, that was my question)

Roger.





From karn at qualcomm.com  Tue Jul  5 18:08:42 1994
From: karn at qualcomm.com (Phil Karn)
Date: Tue, 5 Jul 94 18:08:42 PDT
Subject: Password Difficulties
In-Reply-To: <199407021952.AA21913@world.std.com>
Message-ID: <199407060108.SAA12907@servo.qualcomm.com>


>What do we do about a population which thinks a 4-digit PIN is secure?
>If people use their current ATM PINs--and a lot of computer users *do*
>when they are allowed--there will be problems: if we want privacy we
>had better figure out how to give everyone privacy.

There's a difference: as far as I know, ATM PINs can't be cracked
offline (somebody correct me if I'm wrong). The big problem here is
that you have to assume the attacker can do his thing offline. Require
an online trial for every test key and it becomes much easier to
detect this sort of thing.

Phil





From roy at sendai.cybrspc.mn.org  Tue Jul  5 18:16:31 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 5 Jul 94 18:16:31 PDT
Subject: BoardWatch on digital cash
In-Reply-To: <199407051850.LAA20572@netcom4.netcom.com>
Message-ID: <940705.181112.7M4.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, tcmay at netcom.com writes:

> Indeed, there are many kinds of "digital cash" or "digital money"
> being floated. I suspect the term is about to join "Information
> Superhighway" and "infobahn" in the popular media.

I believe I'll just be cringing now.  Ugh!  I hate the cute metaphors.

> But all but a very few of them are polar opposites of what we as
> Cypherpunks want. Microsoft wants home banking, VISA wants it, and
> various cryptographically-incompetent schemes are being proposed.
> 
> As you on this list all know, these are Bad Ideas.

Widespread home banking would give the Con a real good window into not
only the spending habits, but the sum of resources of a lot of people.
When you add in debit-card transactions at the supermarket, you have
pretty much a microscopic picture of a person (including a fair estimate
of their cash transactions, albeit with no hard link to where the cash
goes).  I'm sure the electronic banking being done even now is harvested
for statistical data.  (And I'm having real second thoughts about the
bank-by-phone service where I've toned in my account number and ATM PIN.
I have no guarantee that my phone line is secure.)

> What we can do to head them off or to deploy the right kinds of
> systems is the challenge ahead of us.

Preemptive deployment has to be the answer.  Just like strong crypto
everywhere else, get the product out there.  What we need (and probably
don't have a chance in hell of getting) is a regional bank to step out
and make cryptographically secure home banking available.  If it were
me, I'd hit everywhere... telephone modem links, Internet connection
(yeah, I know... trendy, but an effective attention-getting device) and
some kind of interactive cable system.  If one bank does it, and sells
the crypto security hard, the others will have to follow suit for
marketing, if no other reason.

Now, if that bank also were to be a real Digi-Cash agent as well...

> (My greatest fear: legislation to support home/cable banking, with
> restriction on competitors.)

That's the historical method, though.  It's tough to deflect that kind
of inertia.
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhnrJBvikii9febJAQHHzgQAiH8uFXGCV32RAFIvimVUEEllUyjugurb
uT425aR6OPOGm+XWWA7ixDU5Dl9p3zaT2pqRVW7Gy/a6WxXerFxbNkCcHp9D0nJb
295q/fgxLh7RtwxQtpJLCp55elAjkE7k/pW11H5yR5en4VhlH3Ybn3nsko/vOpC/
zafkK4fuJvI=
=hjal
-----END PGP SIGNATURE-----






From warlord at MIT.EDU  Tue Jul  5 18:49:32 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 5 Jul 94 18:49:32 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <Pine.3.89.9407051714.A13153-0100000@atlas.chem.utah.edu>
Message-ID: <9407060145.AA10798@toxicwaste.media.mit.edu>


>     Are there 128 bit messages 
> in MD4 which hash to the same value, and if so, what insight into the 
> cycle leingth vs string leingth would it give us.

If there are, then you have broken MD4!  This is the definition of
breaking a Hash: finding two strings (of *any* size) that hash to the
same value.

Let me comment on something you wrote:

> hash(a,b)=a+b,a-b;
> now hash^2(a,b)=2a,2b.
> 
> so here you have lost 1 bit of information when  you start to itterate 
> the hash function, and will be left with exactly 1  option after 128 
> iterations of this function in every case.

If we make a small adjustment to the definition of this hash routine,
and define the hash to be:
	hash(a,b) = (a+b)mod 2^64, (a-b)mod 2^64

Then I argue that you will not lose that bit of information, since it
will just wrap around the 64-bit values instead of just doing a
bit-shift.

The point here is that if MD5 lost entropy, it would probably make it
easier to find two strings to hash to the same value, which, by
definition, breaks that hash.

> I would recomend replacing that option or discarding it, that is unless 
> hash functions never throw away bits in sizes smaller than their output size.
> (again, that was my question)

They shouldn't.  I refer back to my last statement, that if they did,
it would make breaking the hash much easier.

I hope this helps.

-derek






From bryner at atlas.chem.utah.edu  Tue Jul  5 19:19:33 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Tue, 5 Jul 94 19:19:33 PDT
Subject: MD5 is 1=>1?
In-Reply-To: <9407060145.AA10798@toxicwaste.media.mit.edu>
Message-ID: <Pine.3.89.9407052008.A14227-0100000@atlas.chem.utah.edu>


On Tue, 5 Jul 1994, Derek Atkins wrote:
>Roger:
> > I would recomend replacing that option or discarding it, that is unless 
> > hash functions never throw away bits in sizes smaller than their output size.
> > (again, that was my question)
> 
> They shouldn't.  I refer back to my last statement, that if they did,
> it would make breaking the hash much easier.

This refers to the secure drive 1024 iterations of MD5.  Without a proof 
that md5(128bit number) is a one to one transformation, my statement 
about looseing entropy is possibly.  I don't think that it has been 
demonstrated that md5^1024 is more secure than md5.

NOBODY HAS IMPLIED THAT SUCH A PROOF, or equivilent proof, exists.

Roger.





From kentborg at world.std.com  Tue Jul  5 19:24:22 1994
From: kentborg at world.std.com (Kent Borg)
Date: Tue, 5 Jul 94 19:24:22 PDT
Subject: Password Difficulties
Message-ID: <199407060221.AA14907@world.std.com>


karn at qualcomm.com writes:
>There's a difference: as far as I know, ATM PINs can't be cracked

That would make a difference, but how trustworthy is that fact?

Nostalgia time:

The first cash card I ever had was crackable.  When I opened the
account at Minnesota Federal the teller passed me this out-sized
calculator, I punched in my chosen (6-digit) PIN, she punched in their
(presumed) salt, and she recorded the 5 or 6 digit number the machine
produced (I forget that detail).

Boy was I intrigued!  I asked my math-major big sister how one could
figure out what someone's PIN was given the output it gave them.  She
didn't know enough about cryptography to give me an interesting
answer, she simply pointed out that it need not be a linear
function...

The encrypted number was embossed on my card.  I could walk up to the
various small terminals scattered in places like grocery stores, tell
it I wanted $5, get the chit it printed, bring it to a cashier, and
get the money.  

I am glad I am a pack-rat, someplace I have the old card and all the
receipts, I wonder where that number showed up, etc.  Will have to
poke around...


Ob-Password-Item: The PIN I chose?  The frail "266367"; amazing how
easily it came back to my fingers when I just now tried it on a
telephone-style keypad (as they used in that system).

Don't worry, that account (and system) is long dead...there is no
money in it any longer.  My PIN choice does date the system rather
closely, however.  (And with an appropriately cypherpunk-paranoid type
connection, I might add.)

And in retrospect, my choice of a PIN was not *so* bad considering how
thin the whole system was...well, OK, it was pretty weak.

Anyone know what obscurity was in that box?


-kb, the Kent who sometimes feels like an oldtimer


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From jthomas at access.digex.net  Tue Jul  5 20:18:10 1994
From: jthomas at access.digex.net (Joe Thomas)
Date: Tue, 5 Jul 94 20:18:10 PDT
Subject: Password entropy
In-Reply-To: <9407042147.AA17444@anchor.ho.att.com>
Message-ID: <Pine.3.89.9407052357.A3940-0100000@access1.digex.net>


On Mon, 4 Jul 1994 wcs at anchor.ho.att.com wrote:

> On the other hand, collisions are infrequent - the probability of a
> pair of numbers having the same MD5 value is presumed to be 2**-128,
> and the usual birthday paradox calculations apply, so you'll probably
> find one if you take 2**64 random samples.

Minor quibble:  It might be better to say that you'll probably *have* one 
if you take 2**64 random samples.  Finding the pair would be pretty hard, 
and you'd need a lot of storage in the meantime.

Joe





From tcmay at netcom.com  Tue Jul  5 20:58:10 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 5 Jul 94 20:58:10 PDT
Subject: Most People don't Think about Security
In-Reply-To: <199407060108.SAA12907@servo.qualcomm.com>
Message-ID: <199407060358.UAA08529@netcom11.netcom.com>



(I think Kent Borg wrote this)

> >What do we do about a population which thinks a 4-digit PIN is secure?
> >If people use their current ATM PINs--and a lot of computer users *do*
> >when they are allowed--there will be problems: if we want privacy we
> >had better figure out how to give everyone privacy.

Fact is, most people never think about real security.

Safe manufacturers have said that improvements in safes (the metal
kind) were driven by insurance rates. A direct incentive to spend more
money to improve security (cost of better safe < cost of higher
insurance rate).

Right now there is almost no economic incentive for people to worry
about PIN security, about protecting their files, etc. (Banks eat the
costs and pass them on...any bank which tried to save a few bucks in
losses by requiring 10-digit PINs--which people would *write down*
anyway!--would lose customers. Holograms and pictures on bank cards
are happening because the costs have dropped enough.)

Personally, my main interests is in ensuring the Feds don't tell me I
can't have as much security as I want to buy. I don't share the
concern quoted above that we have to find ways to give other people
security.

(And to think people call me an elitist!)

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From karn at qualcomm.com  Tue Jul  5 21:33:02 1994
From: karn at qualcomm.com (Phil Karn)
Date: Tue, 5 Jul 94 21:33:02 PDT
Subject: Dr. Dobbs Dev. Update 1/5 July 94 & Schneier
In-Reply-To: <199407030001.AA14425@laurel.ocs.mq.edu.au>
Message-ID: <199407060433.VAA13108@servo.qualcomm.com>


>An interesting thought hit me when reading this.  The "classic"
>Cray series (Cray-1, X-MP, Y-MP) all have a rather curious instruction
>generally known as population count.  All it does is to take a register
>and count the number of one bits in it, and return that count.  Originally
>I could never figure out a use for this, but later was told that it was the
>"canonical NSA instruction", and was consistently demanded by almost all
>military SIGINT operations.

>On reading this, I realised that one possible use was to implement a
>vectorized version of a LFSR.  Take a vector register (the shift register),
>AND it with a mask of the taps into another vector register, and then
>do a population count to determine the carry in.

>Just a thought.  It's the only plausable use that I have yet thought of
>for this instruction.  Has anyone else got any ideas?

This operation is ideal for computing the "hamming distance" between
two binary words, an important operation in the encoding and decoding
of forward error correcting codes. It's also used when correlating
binary streams, eg, searching for frame synchronization vectors or
despreading spread spectrum signals. All these operations are
fundamental to modern digital radio communications.

I've written software that implements a correlator, a convolutional
coder and a sequential decoder. All three make heavy use of this
operation, so I know first hand how useful it would be to have such an
instruction. The best I can do on the 386/486 when is to add the
results of table lookups on manageable pieces of the word (e.g., 8
bits at a time).

People keep assuming that NSA spends most (or even all) of its CPU
cycles on cryptanalysis. They forget that before you can attack a
cipher, you need some ciphertext. Usually this comes by radio. This
means analyzing, demodulating and decoding (as opposed to deciphering)
the digital RF modulation being used by your target. A Cray with a
library of signal analysis and demodulation programs would be ideal
for this purpose.

I would make an educated guess that this, and not cryptanalysis, is
NSA's biggest use for their Crays.  A Cray is not especially
cost-effective for cryptanalysis, at least compared with special
purpose hardware that could, say, attack DES far more cheaply.

And then there's this friend of mine who works for IDA/CRD, the NSA
think-tank in Princeton. His specialty is digital signal processing,
often using Crays. As a lark, he once demodulated some amateur packet
radio signals that were used in "Star Trek IV" as background sound
effects. Great fun.  Another time he helped the Russians demodulate
some telemetry signals from their "Vega" Venus balloon probe. Sucked
the bits right out of the noise.

Phil






From cort at ecn.purdue.edu  Tue Jul  5 21:51:14 1994
From: cort at ecn.purdue.edu (cort)
Date: Tue, 5 Jul 94 21:51:14 PDT
Subject: Passwords/Safes/PINs funny story
In-Reply-To: <199407060358.UAA08529@netcom11.netcom.com>
Message-ID: <199407060450.XAA19783@en.ecn.purdue.edu>


[etc.]

> > >What do we do about a population which thinks a 4-digit PIN is secure?

[etc.]

> Fact is, most people never think about real security.
> 
> Safe manufacturers have said that improvements in safes (the metal
> kind) were driven by insurance rates. A direct incentive to spend more

[etc.]

Speaking of safes and the psychology of passwords....

A very funny (and scientifically interesting) book is:

_Surely You're Joking, Mr. Feynman_

One of its chapters (entitled "Safecracker" if my memory serves)
discusses the locking file cabinets and safes used by the scientists
working on the Manhattan Project (_big_ bomb).

Richard P. Feynman took great joy picking, cracking and otherwise
bypassing these security measures.  He got no end of joy guessing
passwords (combinations) based on the personality of the safe owner.
The first digits of pi and e were common....

One very high military muckety-muck spent a great deal of money for
a walk-in safe with very thick, hardened steel walls.  (Since 
the importance of secrets is obviously proportional to rank!)
The high muckety-muck never took the time to change the default
combination....

The math is easy; its the cultural side of crypto that tough!

Cort.

P.S.  There is a compact disk recording available of the late 
Mr. Feynman actually telling this story (along with some of his
famous bongo music).  It is a treasure if you are interested in
that sort of thing.  I don't have the address of the publisher,
but it can be found somewhere in the second biography of RPF.
(Something like, _You Can Think for Yourself_...????)




From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Tue Jul  5 21:57:06 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Tue, 5 Jul 94 21:57:06 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
Message-ID: <773469778/vac@FURMINT.NECTAR.CS.CMU.EDU>



I like the label "cryptorebel" better than "cypherpunk".  The word
"punk" just does not seem right, while "rebel" does.   I do have a
certain attachment to "cypherpunk".  Comments?

  -- Vince

Word         punk[2] (puhngk)  n.
Definition   --n.  1. Slang.  a. An inexperienced or callow youth.  b. 
             A young tough.  c. A passive homosexual; catamite.  
             2. Slang. Punk rock.
             3. Slang. A punk rocker.  4. Archaic. A whore.  --adj.  
             1. Of poor quality; worthless.  2. Weak in spirits or health.
             3. Of or relating to a style of dress worn by punk rockers and
             characterized by bizarre make-up and outlandish, shocking
             clothing.
Usage        Slang.
Etymology    Orig. unknown.
Domain       Slang, Music, Art


Word         rebel (ri-BEL')  intr.v.
Definition   --intr.v. -belled, -belling, -bels.  1. To refuse allegiance to
             and oppose by force an established government or ruling authority.
             2. To resist or defy an authority or generally accepted
             convention.  3. To feel or express strong unwillingness or
             repugnance: She rebelled at the unwelcome suggestion. --n. rebel
             (rebuhl). A person who rebels or is in rebellion.
             modifier: rebel soldiers; a rebel movement.
Etymology    ME rebellen < OFr. rebeller < Lat. rebellare : re-, against +
             bellare, to make war < bellum, war.
Domain       Politics





From warlord at MIT.EDU  Tue Jul  5 22:37:19 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 5 Jul 94 22:37:19 PDT
Subject: Passwords/Safes/PINs funny story
In-Reply-To: <199407060450.XAA19783@en.ecn.purdue.edu>
Message-ID: <9407060537.AA12127@toxicwaste.media.mit.edu>


> (Something like, _You Can Think for Yourself_...????)

Actually, it's entitled "What Do I Care What Other People Think".  I'm
not sure which one I like better, however in the first book, when he
talks about hiding the door, and decribes where he put it, well, I
followed those directions and found the spot.  (Unfortunately the
house has since been renovated, so the exact room isn't the same)

-derek






From MIKEINGLE at delphi.com  Tue Jul  5 23:11:53 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Tue, 5 Jul 94 23:11:53 PDT
Subject: Secure Drive insecure? NOT
Message-ID: <01HEDB6B0KIQ8Y70EA@delphi.com>


bryner at atlas.chem.utah.edu "Roger Bryner" wrote:  

>Again, the only way that MD5 can keep the entropy of a string is for 
>every single 128 bit string to map itself onto a unique 128 bit string, 
>for if two 128 bit strings produce the same output, then you loose entropy.
>
>The question is, when md5 is restricted to 128 bit values, does it loose 
>entropy, and if so how much?  As much as a random mapping?  if so, the 
>1024 bit itteration in secure drive HARMS security.

BZZZT! Read the code...

MD5Init(&md5buf);
MD5Update(&md5buf,pass1,strlen(pass1));
MD5Final(key,&md5buf);

for(k=0;k<PASS_ITER;k++) {
  MD5Init(&md5buf);
  MD5Update(&md5buf,key,16);                           | Hmmm?!?
  MD5Update(&md5buf,pass1,strlen(pass1));   <----------| I wonder what
  MD5Final(key,&md5buf);                               | that line does?
  }

Notice that the passphrase is included in each of the hashings.
How can MD5(passphrase+16-byte hash) have lower entropy than
MD5(passphrase)? The iteration just makes it slower to crack pass-
phrases. Version 1.0, which used a single MD5, could be attacked
at the rate of 1000 per second on a PC.

--- Mike

1994: Wiretapping is privacy
      Secrecy is openness
      Obscurity is security





From wcs at anchor.ho.att.com  Wed Jul  6 00:04:01 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 6 Jul 94 00:04:01 PDT
Subject: MD5 is 1=>1?
Message-ID: <9407060702.AA04557@anchor.ho.att.com>


> >     Are there 128 bit messages 
> > in MD4 which hash to the same value, and if so, what insight into the 
> > cycle leingth vs string leingth would it give us.
> If there are, then you have broken MD4!  This is the definition of
> breaking a Hash: finding two strings (of *any* size) that hash to the
> same value.

There are different kinds of brokenness.
- There's being able to find the original input to match any output
  (not a problem here, though finding the shortest ASCII input would
  certainly be interesting...)
- There's being able to find at least one input to match any given output;
  that's pretty broken.  For MD5, it's assumed that the probability
  is 2**-128 of an input producing any given output.
  If you can do this, it's easy to abuse protocols using the hash.
- There's being able to find two input strings with the same output,
  excluding some easily identified set of "weak" inputs; 
  for MD5 this is presumed to take about 2**64 tries with the usual
  birthday problem math.  Occasionally this can be useful for
  abusing protocols that use the hash, though not too often.
  It might be one way to cheat at net.gambling, for instance....
- There's being able to find two input strings through careful
  analysis; I don't remember if MD4 has any, but MD5 has a few.
  A carefully designed protocol can avoid accepting these outputs
  if there's a small set of them.

			Bill
			





From rishab at dxm.ernet.in  Wed Jul  6 01:36:18 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 6 Jul 94 01:36:18 PDT
Subject: LAN Magazine article
Message-ID: <gate.TeL1oc1w165w@dxm.ernet.in>


Anonymous <vikram!nowhere at bsu-cs.bsu.edu>:
> LAN Magazine
> volume 9, number 8
> August 1994
>...
> Some crooks, spies, drug traffickers, terrorists and frauds already
> use the tools of the information age to outfox law enforcement

No pedophiles?

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From psee at sam.nask.com.pl  Wed Jul  6 02:49:33 1994
From: psee at sam.nask.com.pl (Andrzej Bursztynski)
Date: Wed, 6 Jul 94 02:49:33 PDT
Subject: Windows for Workgroups 3.11
Message-ID: <pge6kqGO$m5J068yn@sam.nask.com.pl>


Hi all!

Just wonder if anyone had a closer look at the "Advanced security" option
built in the Microsoft Windows for Workgroups 3.11. You can use a soft
of a public/private key when sending a mail via fax (Class 1) driver
Micrsoft Fax at Work. The key seems to be quite short and I wonder if that's
a real secure solution comparing eg. to PGP?

        (ab)





From smb at research.att.com  Wed Jul  6 04:16:16 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 6 Jul 94 04:16:16 PDT
Subject: Most People don't Think about Security
Message-ID: <9407061116.AA23110@toad.com>


	 Safe manufacturers have said that improvements in safes (the metal
	 kind) were driven by insurance rates. A direct incentive to spend more
	 money to improve security (cost of better safe < cost of higher
	 insurance rate).

Have a look at Ross Anderson's paper ``Why Cryptosystems Fail'' from
the Fairfax conference.  He points out that one reason U.S. banks use
better security for their ATM cards than do U.K. banks is a difference
in the law:  in the U.S., the banks are (generally) liable for disputed
charges.  Again -- if you pay for failures, you worry about the security.

	 Personally, my main interests is in ensuring the Feds don't tell me I
	 can't have as much security as I want to buy. I don't share the
	 concern quoted above that we have to find ways to give other people
	 security.

We have to find ways to make strong security usable.  As you pointed out in
the part of your note that I deleted, banks couldn't deploy 10-digit
PINs even if they wanted to.  And if a bank can't deploy a strong security
system, then we -- who care about it -- can't use it.





From warlord at MIT.EDU  Wed Jul  6 04:20:34 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Wed, 6 Jul 94 04:20:34 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <pge6kqGO$m5J068yn@sam.nask.com.pl>
Message-ID: <9407061119.AA13346@toxicwaste.media.mit.edu>


> Just wonder if anyone had a closer look at the "Advanced security" option
> built in the Microsoft Windows for Workgroups 3.11. You can use a soft
> of a public/private key when sending a mail via fax (Class 1) driver
> Micrsoft Fax at Work. The key seems to be quite short and I wonder if that's
> a real secure solution comparing eg. to PGP?

If it really is public key, and if the keys really are quite short,
then its probably really *not* secure.  Remember than a 129-digit
(~425 bit) RSA key was broken in 8 months!  A 384-bit RSA key is
therefore not secure!

-derek






From perry at imsi.com  Wed Jul  6 05:21:57 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 6 Jul 94 05:21:57 PDT
Subject: MD5: hashing, > 1->1
In-Reply-To: <9407052324.AA16560@flammulated.owlnet.rice.edu>
Message-ID: <9407061221.AA00280@snark.imsi.com>



Karl Lui Barrus says:
> The birthday paradox situation corresponds to just finding two
> messages with the same hash.  In this case the expected work is 2^64,
> but then the two messages that you discover with the same hash may be
> random (and thus worthless).

You can engineer them, actually.

Imagine that you had a 64 bit hash function, and the birthday paradox
thus provided you with a 2^32 difficulty in finding a collision.

Prepare two versions of the document you want to fake the signature
on. Adjust the documents over and over again (trivia like spacing will
do -- find 32 locations and either add or don't add a space) until you
get a colliding pair of hashes. 

This illustrates that hash collisions are actually quite a problem if
you have an insufficiently large hash.

Perry





From paul at hawksbill.sprintmrn.com  Wed Jul  6 05:56:08 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 6 Jul 94 05:56:08 PDT
Subject: (fwd) Going to a Computer Conference?  Don't use your real name!
Message-ID: <9407061358.AA12256@hawksbill.sprintmrn.com>




excerpted from:

RISKS-LIST: RISKS-FORUM Digest  Tuesday 5 July 1994  Volume 16 : Issue 19


---------------------------

Date: Wed, 4 May 1994 01:54:33 GMT
From: srhoades at netcom.com (Steve L. Rhoades)
Subject: Going to a Computer Conference?  Don't use your real name!

[Excerpted from MicroTimes  April 18, 1994  Issue #122]

At the fourth Computers, Freedom, & Privacy conference in Chicago last month,
the spotlight was on the growing conflict between the rights of individuals
and the role of government in the digital age.  A luckless Whitehouse House
representative and a lawyer for the NSA tried to convince a varied and
skeptical crowd that government control of cryptography was somehow a Good
Thing;

Meanwhile, in their search for fugitive criminals Kevin Mitnick and
wooden-legged "Agent Steal", the FBI erroneously arrested one unfortunate
attendee whose name happened to resemble one of Mitnick's aliases and
interrogated two others, including an ex-Marine and CIA veteran Robert David
Steele of Open Sources. ...

Steve L. Rhoades, :30 Second Street, Mt. Wilson, Calif 91023
(818) 794-6004  srhoades at netcom.com

  [An article by John Markoff on Mitnick appeared on the
  front page of The New York Times, July 4, 1994.  PGN]

------------------------------

- paul






From gtoal at an-teallach.com  Wed Jul  6 06:23:53 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 6 Jul 94 06:23:53 PDT
Subject: BoardWatch & DigiCash.
Message-ID: <199407061323.OAA03175@an-teallach.com>


: > Ziff-Davis publications. Anyone care to suggest a magazine (or other form
: > of trade rag) that gives unbiased information (or at least as close as
: > possible)? Z-D lost my subscription to both PC Mag and PC Computing, for

: * I like "Byte." Our own Peter Wayner has written good articles on
: crypto.

Good articles are few and far between.  Byte has gone downhill in a *big*
way, from the non-PC general computing/algorithm focus is had 10 years
ago - when we would have the annual Languages edition, and programs
you could actually do something new and useful with.  (I wrote an
image processing suite based on their 'Mona Lisa' article, and their
one of finding multi-word anagrams turned into my scrabble program)

Anyway all the blow-in cards suck.

: * "Communications of the ACM" is also good.

Maybe it got better recently, but last few years I was reading it, it
too had turned into a comic.  I was reasonable back around 76-80 but then
it turned into a joke.  I admit I haven't looked at it in the 90's.

G





From gtoal at an-teallach.com  Wed Jul  6 06:47:46 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 6 Jul 94 06:47:46 PDT
Subject: Most People don't Think about Security
Message-ID: <199407061347.OAA03604@an-teallach.com>


: Have a look at Ross Anderson's paper ``Why Cryptosystems Fail'' from
: the Fairfax conference.  He points out that one reason U.S. banks use
: better security for their ATM cards than do U.K. banks is a difference
: in the law:  in the U.S., the banks are (generally) liable for disputed
: charges.  Again -- if you pay for failures, you worry about the security.

I dunno where you got that idea.  We don't have better security at all,
we have banks that are better at covering up ATM abuse with the help of
our enlightened Government and the courts.  They've never once admitted
that ATM fraud can occur without the card owner voluntarily disclosing
his pin.  The last guy to try to take them to court on it got arrested
himself and found guilty of trying to defraud the bank for the return
of his lost money!

Theoretically UK banks may be liable - I've never heard that - but I
know that in practice for certain they do *not* pay out in cases of
ATM fraud.  They have a consistent policy of blaming it on the
customer.  And they get away with it.

G
PS What UK *does* do that the US is abysmal at is checking the 
signatures on VISA cards et al.  I'm staggered by how lax US shopkeepers
are about looking at the signature.  No wonder fraud is rampant.
Over here they not only *always* without exception check the
signature, they often query it online and occassionally *sniff*
the cards to see if an old signature has been removed with lighter
fluid...





From gtoal at an-teallach.com  Wed Jul  6 06:48:35 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 6 Jul 94 06:48:35 PDT
Subject: Windows for Workgroups 3.11
Message-ID: <199407061348.OAA03636@an-teallach.com>


	If it really is public key, and if the keys really are quite short,
	then its probably really *not* secure.  Remember than a 129-digit
	(~425 bit) RSA key was broken in 8 months!  A 384-bit RSA key is
	therefore not secure!

And if the NSA have a million-processor supercomputer, make that a couple
of hours.  Thank goodness it doesn't scale with bigger keylengths!

G





From jgostin at eternal.pha.pa.us  Wed Jul  6 06:50:27 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 6 Jul 94 06:50:27 PDT
Subject: TEMPEST attacks
Message-ID: <940706092821E3Yjgostin@eternal.pha.pa.us>


Mike Markley <mmarkley at microsoft.com> writes:

> How well does a Tempest attack work with multiple machines in the same 
> room? It seems to me that it would take additional equipment to filter 
> out the different machines that are being run. It also seems that it 
> should be trivial to create a noise generator that would make Tempest 
> useless. Kind of like using a spark plug to foil older radar guns.
     I agree. Don't all monitors generate slightly (italicized) different
frequencies of EM radiation, even on the scan freq? If they do, then it
shouldn't be TOO hard to filter it out. Wouldn't a noise generator, if on
the correct scan frequency, or, if on the right EM rad. frequency, cause
problems for the monitor? It's just conjecture, but does anyone more
knowledgeable know the answers?

                                   --Jeff





From rishab at dxm.ernet.in  Wed Jul  6 07:03:20 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 6 Jul 94 07:03:20 PDT
Subject: Counting bits
Message-ID: <gate.Pk12oc1w165w@dxm.ernet.in>


"Timothy L. Nali" <tn0s+ at andrew.cmu.edu>:
> > Eli Brandt at jarthur.cs.hm 
> > int byte_ones(int a)
> > // hope this is correct...
> > {
> >         a = (a & 0x55) + (a & 0xAA)/2;          // 0x55 == 01010101b
> [...]
> Note that some compilers might not be smart enough to use logical shift
> ops and instead use expensive division ops.  Just to be safe...
> 
> int byte_ones(int a)
>          a = (a & 0x55) + ((a & 0xAA) << 1);          // 0x55 == 01010101b
                                    ^^^^^^^^^
Let me guess: you're one of the lucky users of the RBO (Reverse Bit Order)
SuperDecryptor from the NSA, where the LSB is the one at the extreme left?

Or did you mean ((a & 0xAA) >> 1)   ;)

My personal preference for byte operands is unsigned char - this ensures
that right shifts are not sign-extended by the most brain dead compiler, and
might use only one byte for the parameter.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Wed Jul  6 07:03:26 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 6 Jul 94 07:03:26 PDT
Subject: Copying electronic articles
Message-ID: <gate.wR02oc1w165w@dxm.ernet.in>


To make it simpler for those compiling/distributing material, like
Ray did for PC Expo, I usually attach this copyright notice to my articles:

--====(C) Copyright 1994 Rishab Aiyer Ghosh. All rights reserved====--
 This article may be redistributed in electronic form only, provided 
 that the article and this notice remain intact. This article may not 
 under any circumstances be redistributed in any non-electronic form,
 or redistributed in any form for compensation of any kind, without 
prior written permission from Rishab Aiyer Ghosh (rishab at dxm.ernet.in)
--==================================================================--

As you can see, it makes it clear that you do _not_ have to ask my permission
to redistribute the articles as long as you follow the conditions. Of course,
I do like to know where it has appeared, and courtesy demands that you inform
me, but you don't _have_ to, and you can do it any time even after its usage.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From gtoal at an-teallach.com  Wed Jul  6 07:07:16 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 6 Jul 94 07:07:16 PDT
Subject: (fwd) Going to a Computer Conference?  Don't use your real name!
Message-ID: <199407061351.OAA03696@an-teallach.com>


	[Excerpted from MicroTimes  April 18, 1994  Issue #122]

I could forgive the crosspost but the story is over four months old!

Sheesh, comp.risks must have really gone downhill a lot.  You'd
expect the editor of something like that to try to keep up to date.
CuD is just the same.

G





From matsb at sos.sll.se  Wed Jul  6 07:11:36 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Wed, 6 Jul 94 07:11:36 PDT
Subject: Kevin Mitnik
Message-ID: <Pine.3.85.9407061409.A10162-0100000@cor.sos.sll.se>



>From Edupage:

*******************
FBI HUNT FOR HACKER
        Kevin Mitnick is wanted by the FBI for suspicion of software and
data theft from leading telecom manufacturers and service providers. Among
his victims have been MCI and Digital Equipment. An ex-convict, Mitnick was
described by one judge as having an "addiction problem" with computers,
similar to a drug or gambling addiction. During a six-month treatment
program he was prohibited from touching a computer or a modem, but the
treatment seems to have failed, and one detective says: "I've always
considered him dangerous. I had to go underground. If he targets you, he
can make your life miserable." (New York Times 7/4/94 A1)
**************************

Years ago I read a 'hacker-book' that had a long section about the
activities of Mr Mitnick in the 80's ('Zero' something?). I no nothing
of his present doings. Some questions:

Is Mr Mitnick a dangerous selfish criminal egomaniac whom every good guy
immediately should turn over to the FBI if identified?

Or/and is Mr Mitnick the closest live equivalent of the hero in
'Shockwave Rider'?


Mats Bergstrom










From rishab at dxm.ernet.in  Wed Jul  6 07:19:10 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 6 Jul 94 07:19:10 PDT
Subject: Wall Street e-mail
Message-ID: <gate.HqF3oc1w165w@dxm.ernet.in>


Dave Hart <davehart at eskimo.com>
> > > The drumbeat against all those anonymous pedophiles continues....
> > > _Wall Street Journal_, 6/30/94
> > > PERSONAL TECHNOLOGY by Walter S. Mossberg
> > > "Keeping Your Kids Away From Creeps As They Play Online"
> 
> Does anyone have Mossberg's email address?  I tried to guess a hostname, 
> but wsj.com, dowjones.com and dj.com all do not exist.

According to netfind, eng.dowjones.com and dowjones.com are DJ's sites,
and wsj.com is WSJ's. They aren't real hosts; they are registered domains,
so mail should reach.

IAC Walter Mossberg is at 360-2227 at mcimail.com, according to KIS.

I'd have thought that members of this list are more net-aware than most;
able at least to use netfind and the KnowBot...

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From perry at imsi.com  Wed Jul  6 07:46:18 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 6 Jul 94 07:46:18 PDT
Subject: Kevin Mitnik
In-Reply-To: <Pine.3.85.9407061409.A10162-0100000@cor.sos.sll.se>
Message-ID: <9407061446.AA00330@snark.imsi.com>



Mats Bergstrom says:
> Is Mr Mitnick a dangerous selfish criminal egomaniac whom every good guy
> immediately should turn over to the FBI if identified?
> 
> Or/and is Mr Mitnick the closest live equivalent of the hero in
> 'Shockwave Rider'?

Neither. He appears to be a fairly harmless individual who's major
crimes have been no real threat to the public. He hasn't done anything
heroic or useful, either.

Perry





From mmarkley at microsoft.com  Wed Jul  6 09:55:32 1994
From: mmarkley at microsoft.com (Mike Markley)
Date: Wed, 6 Jul 94 09:55:32 PDT
Subject: Windows for Workgroups 3.11
Message-ID: <9407061557.AA27737@netmail2.microsoft.com>


----------
| From: Derek Atkins  <warlord at MIT.EDU>
| To: Andrzej Bursztynski  <psee at sam.nask.com.pl>
| Cc:  <cypherpunks at toad.com>
| Subject: Re: Windows for Workgroups 3.11
| Date: Wednesday, July 06, 1994 7:19AM
|
| > Just wonder if anyone had a closer look at the "Advanced security" option
| > built in the Microsoft Windows for Workgroups 3.11. You can use a soft
| > of a public/private key when sending a mail via fax (Class 1) driver
| > Micrsoft Fax at Work. The key seems to be quite short and I wonder 
if that's
| > a real secure solution comparing eg. to PGP?
|
| If it really is public key, and if the keys really are quite short,
| then its probably really *not* secure.  Remember than a 129-digit
| (~425 bit) RSA key was broken in 8 months!  A 384-bit RSA key is
| therefore not secure!
|
| -derek
|

The 129 digit key was broken in 8 calendar months and not 8 CPU months, 
correct? If so then for most purposes a 129 digit key is more than 
adequate. If you are faxing a contract to someone then if the deal 
isn't signed in 8 months the odds are that information about it will 
leak from a different source than your fax. If I had information that I 
wanted to be secure for several years than I would consider using many 
more digits than 129.

As to Windows for Workgroups 3.11, I don't know anything about the 
security features that are included.

Mike.

=====================================================

Mike Markley <mmarkley at microsoft.com>

I'm not a Microsoft spokesperson. All opinions expressed here are mine.

=====================================================





From perry at imsi.com  Wed Jul  6 10:15:59 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 6 Jul 94 10:15:59 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <9407061557.AA27737@netmail2.microsoft.com>
Message-ID: <9407061715.AA00550@snark.imsi.com>



Mike Markley says:
> The 129 digit key was broken in 8 calendar months and not 8 CPU months, 
> correct? If so then for most purposes a 129 digit key is more than 
> adequate. If you are faxing a contract to someone then if the deal 
> isn't signed in 8 months the odds are that information about it will 
> leak from a different source than your fax.

This isn't true. If you are signing the contract digitally, for
instance, you would want to be sure that no one could forge your
signature to change the terms after the fact -- a few months isn't
enough for such purposes, only something that will last for fifteen or
twenty years is okay.

Perry





From tcmay at netcom.com  Wed Jul  6 10:16:09 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 6 Jul 94 10:16:09 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <pge6kqGO$m5J068yn@sam.nask.com.pl>
Message-ID: <199407061715.KAA16045@netcom7.netcom.com>


Andrzej Bursztynski wrote:

> Just wonder if anyone had a closer look at the "Advanced security" option
> built in the Microsoft Windows for Workgroups 3.11. You can use a soft
> of a public/private key when sending a mail via fax (Class 1) driver
> Micrsoft Fax at Work. The key seems to be quite short and I wonder if that's
> a real secure solution comparing eg. to PGP?
> 

Like the guy from Microsoft, I don't know specifically what's in
Microsoft Windows for Workgroups 3.11. 

But something to remember is that RSA Data Security Inc. has been
concentrating on signing deals with Microsoft, Apple, Lotus, IBM,
WordPerfect, Oracle, etc., to include strong crypto in their products.

I don't happen to know if Windows for Warehouses (er, Workgroups)
contains RSA, but it wouldn't surprise me at all. Anyone know?

That we are comparing commercial crypto to "a real secure solution"
like PGP, as in the question Andrzej asked, is an ironic twist.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jrochkin at cs.oberlin.edu  Wed Jul  6 10:21:46 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Wed, 6 Jul 94 10:21:46 PDT
Subject: stream ciphers and realtime communications?
Message-ID: <199407061721.NAA19360@cs.oberlin.edu>


Well, I finally did my duty and picked up a copy of Applied Cryptography. :)
I've only given it a cursory browing so far, but I have a question.
 
When I first saw reference to stream ciphers in the book, I imagined that they would be ideal for realtime encrypted communications, like voice (in cellular phones, perhaps).
But after reading further, it appears that stream ciphers aren't being used much
in this manner, or much at all.
Is this correct? I know that there are plenty of encryption protocols and methods for
realtime communications (clipper chip, for one), but do they just use block
ciphers with relatively small blocks? (Is the security of such things as RSA
and IDEA effected by size of block? There's got to be a minimum block that works;
you can't do IDEA on a single byte, or can you?)
 
Can anyone outline what kinds of methods are used for voice encryption and other realtime
methods, as contrasted with email and delayed transfer methods?





From mmarkley at microsoft.com  Wed Jul  6 10:39:52 1994
From: mmarkley at microsoft.com (Mike Markley)
Date: Wed, 6 Jul 94 10:39:52 PDT
Subject: Windows for Workgroups 3.11
Message-ID: <9407061641.AA00597@netmail2.microsoft.com>


Perry says:

|
| Mike Markley says:
| > The 129 digit key was broken in 8 calendar months and not 8 CPU months,
| > correct? If so then for most purposes a 129 digit key is more than
| > adequate. If you are faxing a contract to someone then if the deal
| > isn't signed in 8 months the odds are that information about it will
| > leak from a different source than your fax.
|
| This isn't true. If you are signing the contract digitally, for
| instance, you would want to be sure that no one could forge your
| signature to change the terms after the fact -- a few months isn't
| enough for such purposes, only something that will last for fifteen or
| twenty years is okay.
|
| Perry
|

I'll definitely agree that for something as binding as a signature that 
I would want to have a very large key. For daily communication it seems 
that fairly weak keys should be more than adequate as long as they 
can't be broken in a reasonable amount of time. I'm  interested in what 
most of the people on this list would consider a reasonable amount of 
time though. It seems that the average person doesn't have adversaries 
with the know-how and computing power to break even a 64 digit key let 
alone a 129 digit key. Consider the group of people that broke the RSA 
key, they would not fit the profile of the average person, let alone 
the average computer user. I doubt if the local police department here 
could convince the NSA that they need to crack my e-mail because I 
might be conspiring to commit some illegal act and I doubt that they 
could put my e-mail out on the net saying, "here's some encoded data, 
does anybody know what it says?" Right now that's the only two ways 
that I could think of for someone to get some encrypted data unencrypted.

Mike

=====================================================

Mike Markley <mmarkley at microsoft.com>

I'm not a Microsoft spokesperson. All opinions expressed here are mine.

=====================================================





From remailer-admin at chaos.bsu.edu  Wed Jul  6 10:41:41 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Wed, 6 Jul 94 10:41:41 PDT
Subject: Kevin Mitnick
Message-ID: <199407061733.MAA05254@chaos.bsu.edu>



: Years ago I read a 'hacker-book' that had a long section about the
: activities of Mr Mitnick in the 80's ('Zero' something?). I no nothing
: of his present doings. Some questions:

: Is Mr Mitnick a dangerous selfish criminal egomaniac whom every good guy
: immediately should turn over to the FBI if identified?

Basically, yes. Hes a petty and
vindictive hacker who does real
damage, and goes out of his way to
fuck over people he perceives
have done him wrong. If you do
turn him in, do it anonymously.
This guy is bad news. I say that
from first-hand experience.

By the way although hes on the
lam at the moment, hes still hacking
vaxen across the world.  And some
of these vaxen have spotted him and
called the FBI.  I wonder when he'll
find out :-)

<whos that knocking at my door???>





From bryner at atlas.chem.utah.edu  Wed Jul  6 10:42:32 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 6 Jul 94 10:42:32 PDT
Subject: Secure Drive insecure? NOT
In-Reply-To: <01HEDB6B0KIQ8Y70EA@delphi.com>
Message-ID: <Pine.3.89.9407061121.A17510-0100000@atlas.chem.utah.edu>


On Wed, 6 Jul 1994, Mike Ingle wrote:
> BZZZT! Read the code...
>   MD5Update(&md5buf,pass1,strlen(pass1));   <----------| I wonder what
Gee, thanks for leting me play, do I get a consolation prize?:-)

Let me think, I still don't see any proof that this does not loose 
entropy, and it could, as if the two parts are not independent of each other.

As soon as you start making a feedback machene, you have no guarentee 
that this is a maximal unless there is no state that is imediatly 
preceeded by two other states.

Simply throwing a lot of stuff at a password is no substitute for a proof 
that the transformation does not loose entropy, which is available if you 
use an encryption algorithim for the last 1023 transformations, and a 
hash function only for the first one.

Sorry to be a pain.

Roger.





From perry at imsi.com  Wed Jul  6 10:48:55 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 6 Jul 94 10:48:55 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <9407061641.AA00597@netmail2.microsoft.com>
Message-ID: <9407061748.AA00678@snark.imsi.com>



Mike Markley says:
> I'll definitely agree that for something as binding as a signature that 
> I would want to have a very large key. For daily communication it seems 
> that fairly weak keys should be more than adequate as long as they 
> can't be broken in a reasonable amount of time.

Historical traffic only a few months old is way too interesting for me
to accept that. One of the real advantages of Diffie-Hellman style
systems is, by the way, the protection they provide against breaking
historical traffic.

Perry





From bryner at atlas.chem.utah.edu  Wed Jul  6 11:28:50 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 6 Jul 94 11:28:50 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <9407061641.AA00597@netmail2.microsoft.com>
Message-ID: <Pine.3.89.9407061231.A18056-0100000@atlas.chem.utah.edu>


On Wed, 6 Jul 1994, Mike Markley wrote:
> can't be broken in a reasonable amount of time. I'm  interested in what 
> most of the people on this list would consider a reasonable amount of 
> time though. 
10^3 years.(minimum)

Roger.





From adam at bwh.harvard.edu  Wed Jul  6 11:34:40 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Wed, 6 Jul 94 11:34:40 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <199407061715.KAA16045@netcom7.netcom.com>
Message-ID: <199407061734.NAA01905@bwh.harvard.edu>


Tim May writes:

| But something to remember is that RSA Data Security Inc. has been
| concentrating on signing deals with Microsoft, Apple, Lotus, IBM,
| WordPerfect, Oracle, etc., to include strong crypto in their products.

	They also license Sun, who cut the modulus too low for 'secure
RPC.'  This allowed Brian LaMacchia and Andrew M. Odlyzko to
crytpanalyze secure RPC.

	Paying RSA money does not magically create a secure system for
you.  It merely licenses their patents, which can be a very solid base
on which to build.

Adam


>From: "Brian A. LaMacchia" <bal at martigny.ai.mit.edu>
>Cc: cypherpunks at toad.com
>In-Reply-To: Eric Hughes's message of Fri, 20 May 94 09:55:36 -0700,
>	<9405201655.AA11052 at ah.com>
>
>Right.  Basically, what we found was that you needed the same amount of
>computation to factor a (k+10)-digit composite as to compute discrete
>logarithms in a field with k-digit modulus p.  The discrete log problem
>is brittle---you do a lot of precomputation for a particular modulus p
>and then finding individual discrete logs in GF(p) is easy---so you
>need to think carefully about the lifetime of the information you're
>going to encrypt and choose the size of your modulus accordingly.
>
>					--bal

@article{nfscrack,
   author = {Brian A. LaMacchia and Andrew M. Odlyzko},
   journal = {Designs, Codes, and Cryptography},
   pages = {46--62},
   title = {Computation of Discrete Logarithms in Prime Fields},
   volume = {1},
   year = {1991},
}




-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From blancw at microsoft.com  Wed Jul  6 11:51:03 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 6 Jul 94 11:51:03 PDT
Subject: FW: Windows for Workgroups 3.11
Message-ID: <9407061752.AA05040@netmail2.microsoft.com>


Mike Ingle sent out an inquiry in May about public-key encryption in 
WinFax 4.0 in Microsoft at Work.  This is the reply which I received 
from someone here:

We don't use D-H (Diffie Hellman is what I assume you were referring 
to) at all.
We pick a 64 bit random number to RC4 with and send the number 
encrypted with an RSA key...

I have made an inquiry specifically about WfW 3.11, but it may be a few 
days before I get a reply.

Blanc






From blancw at microsoft.com  Wed Jul  6 12:01:02 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 6 Jul 94 12:01:02 PDT
Subject: FW: FW: A third voice re: science and spirit
Message-ID: <9407061802.AA05740@netmail2.microsoft.com>


From:  <nobody at shell.portal.com>

"Ingore"?  Is that anything like an "AlGore"?  Is that a verb to
describe the state of the country, as in "we've just been
INGOREd"?
........................................

Could be, if you want it to be.
But it could also be part of some shocking, nonsensical AlGoreYTHM.

Blanc





From trollins at debbie.telos.com  Wed Jul  6 12:14:30 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 6 Jul 94 12:14:30 PDT
Subject: No Subject
Message-ID: <9407061914.AA22158@debbie.telos.com>


On Wed, 6 Jul 1994, Mike Markley wrote:
> can't be broken in a reasonable amount of time. I'm  interested in what
> most of the people on this list would consider a reasonable amount of
> time though.

NEVER is what I consider a reasonable amount of time.
I don't want my secure thoughts broken for public display
in my lifetime. Or any of my children's lifetime. Or there
children's lifetime. ..........

					-tom






From schneier at chinet.chinet.com  Wed Jul  6 12:49:05 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Wed, 6 Jul 94 12:49:05 PDT
Subject: stream ciphers and realtime communications?
In-Reply-To: <199407061721.NAA19360@cs.oberlin.edu>
Message-ID: <m0qLce4-0002IqC@chinet.chinet.com>


Stream ciphers are very efficient in hardware encryption applications, but
suck eggs in software.  They have been the workhorse of military cryptography
for at least 40 years, but those are all hardware applications.  If you
are working in software, it is much easier to deal with data in 64-bit
blocks than in individual bits.  The Shrinking Generator, which has only
two LFSRs, is slower than DES in software.  You need to iterate the
Shrinking Generator 64 times to encrypt the data that DES handles in just
one iteration.

Bruce




From adam at bwh.harvard.edu  Wed Jul  6 12:54:17 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Wed, 6 Jul 94 12:54:17 PDT
Subject: Windows for Workgroups 3.11
In-Reply-To: <9407061641.AA00597@netmail2.microsoft.com>
Message-ID: <199407061951.PAA14548@miles.bwh.harvard.edu>


Mike Markley wrote:

| I'll definitely agree that for something as binding as a signature that 
| I would want to have a very large key. For daily communication it seems 
| that fairly weak keys should be more than adequate as long as they 
| can't be broken in a reasonable amount of time. I'm  interested in what 
| most of the people on this list would consider a reasonable amount of 
| time though. It seems that the average person doesn't have adversaries 

	Depends on whats going to be protected.  Medical records,
trade secrets, stuff like that, you want to stay private for at least
150-200 years, until all the participants are dead.  Most stuff I
encrypt?  50-100 years would cover it, but I expect the cost of
decrypting will drop durring that time due to algorithmic
improvements.

	I prefer to waste a few seconds encrypting well, rather than
encrypting poorly.  My time is not so valuable that I gain much from
the seconds saved in a 384 bit key.

Adam

-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From an104090 at anon.penet.fi  Wed Jul  6 12:59:49 1994
From: an104090 at anon.penet.fi (an104090 at anon.penet.fi)
Date: Wed, 6 Jul 94 12:59:49 PDT
Subject: MAIL: chained remailing strategy
Message-ID: <9407061926.AA04739@anon.penet.fi>



I was curious about the pros and cons of anonymous remailers holding and 
randomly sending outgoing mail.  It seems to me that the risk of a third 
party determining the original sender of an anonymous piece of mail through 
the use of timestamps is less pressing than the risk presented by the 
physical storage of that mail on someone's machine for extended periods of time.

Of course, with chained remailing, these risks dramatically decrease, but 
would I rather have the first remailer in a chain storing my mail until 
midnight or immediately bouncing it to another anonymous remailer?

Gedeon Edwards

-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From kentborg at world.std.com  Wed Jul  6 13:07:24 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 6 Jul 94 13:07:24 PDT
Subject: Kevin Mitnik
Message-ID: <199407062006.AA27930@world.std.com>


I am under the impression that I would not like Mitnik personally, but I
have never personaly met him...

Would I turn him in?  Well, put it this way: I would not harbor
him but neither would I work very hard to figure out where he is
or whether a particular "nobody" on this list be him.

I see two values in him being on the lam:

1) His activities point out the need for more secure computer
systems--the fact that he mostly relies on "Social Engineering" is 
lost on most people.

2) He is a romantic outlaw who is not a pedophile, nuclear terrorist,
or murderer--his existance distracts from those totems.  (Whether he
actually *fits* this romantic image is beside the point, I am talking
images here.)

Mr. Mitnik (if you are listening): keep your sense of humor, try to be
"mostly harmless", don't get caught molesting small boys--or anyone
else, try to confine your public exploits to "honorable
pranks"--things the man on the street will admire and not recoil from.
Be wise.


-kb, the Kent who keeps his nose clean

--

Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From sameer at c2.org  Wed Jul  6 13:09:54 1994
From: sameer at c2.org (sameer)
Date: Wed, 6 Jul 94 13:09:54 PDT
Subject: First Monthly Meeting July 10th
Message-ID: <199407062006.NAA03143@infinity.c2.org>


Community ConneXion: The NEXUS-Berkeley is having its first public
monthly meeting on July 10th, 12pm, the Sunday after the cypherpunks
meeting.

It will be upstairs at Kip's in Berkeley. It will be very
informal. We'll be able to snag a table to fit all of us, I think, and
from my experience at Kips on Sunday afternoons it should be quiet
enough. We'll probably have to get some food so they don't kick us
out. Shouldn't be a problem.

Items on the agenda: (not yet formalized/finalized.. suggestions welcomed)

	Privacy
		Privacy services
		Privacy emphasis
	Community
		building a local discussion group
		forum
		moo
	Organization
		Need to get more organized
		Find someone to help with that
		Issue of investors?
	NexusBucks
		Scheme
		goals

Directions:
	From I-80:
	Take the University Exit, go East on University until you
reach Shattuck. Turn right onto Shattuck. 3-4 blocks south turn left
onto Durant. Continue on Durant about 4-5 blocks, Kips is on the left
the block before Telegraph. Find parking. (It shouldn't be very
tough.. not like there will be an actual *lot*, but not tough..)

Summary:
	Nexus-Berkeley Meeting
	July 10th 12pm-? (maybe 4-5?)
	Kips in Berkeley
	
	I'd like to make this a regular thing, to have a meeting every
month the sunday after the cypherpunks meeting.

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From kentborg at world.std.com  Wed Jul  6 13:16:09 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 6 Jul 94 13:16:09 PDT
Subject: Tempest: It'll Receed
Message-ID: <199407062015.AA02676@world.std.com>


The trends are in our favor.  Micros are getting more complicated OS's
(a Tempest attack on world.std.com is going to be a mess, I guess)
making for more complicated emissions, wimpy batteries and Energy
Star stickers  will slowly drive down all emissions (why waste the
power?), and so many appliances are now emitting from their embedded
CPUs--which is another thing that will drive emissions, the FCC.

But let's not get cocky: mostly we are sitting ducks for anyone
who wants to build a fancy radio, it is only the trend which good.


-kb

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From eternal!jgostin at bts.com  Wed Jul  6 13:50:48 1994
From: eternal!jgostin at bts.com (eternal!jgostin at bts.com)
Date: Wed, 6 Jul 94 13:50:48 PDT
Subject: No Subject
Message-ID: <m0qLdUX-0001xYC@jabber.bts.com>


for cypherpunks at toad.com
From: Jeff Gostin<jgostin at eternal.pha.pa.us>
Reply-To: jgostin at eternal.pha.pa.us
Subject:Re: How long is reasonable?
To: cypherpunks at toad.com
Message-ID: <940706151140E9Djgostin at eternal.pha.pa.us>
Date: Wed, 6 Jul 1994 15:11:40 EST
X-Original-Article-From: Mike Markley <mmarkley at microsoft.com>
X-Mailer: winn v1.00a

Mike Markley <mmarkley at microsoft.com> writes:

> can't be broken in a reasonable amount of time. I'm  interested in what 
> most of the people on this list would consider a reasonable amount of 
> time though.
     For me, "reasonable amount of time" translates into "the minimum
amount of time neccessary to elapse before the information gained loses
its sensitive or critical value." In other words, if I encrypted some
rather embarrassing letters that I wanted to keep, but also wanted to keep
safe, the "reasonable amount of time" would be as long as it takes for me
to die, plus one day. If it's a "state secret", it might be 100 years.

                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From schneier at chinet.chinet.com  Wed Jul  6 14:48:31 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Wed, 6 Jul 94 14:48:31 PDT
Subject: Please post your article
In-Reply-To: <199407060933.CAA02628@netcom5.netcom.com>
Message-ID: <m0qLeVR-0002GdC@chinet.chinet.com>



                                                   Bruce Schneier
                                                730 Fair Oaks Ave
                                              Oak Park, IL  60302
                                                   (708) 524-9461
                                                        750 words


       IDEA - THE INTERNATIONAL DATA ENCRYPTION ALGORITHM

For the past fifteen years, most of us have relied on the Data
Encryption Standard, or DES, for encryption.  It's a good
algorithm, and very secure against the mid-1970s technology is
was designed for.  Advances in computing power and new
discoveries in cryptanalysis have made the algorithm vulnerable. 
DES is no longer secure against the world's most powerful
adversaries.  Cryptographers are looking for alternatives to
serve their needs well into the 21st century.  IDEA may be the
current best choice.

IDEA is the International Data Encryption Algorithm, and it was
invented in 1991 by James Massey and Xuejia Lai of ETH Zurich in
Switzerland.  An earlier variant of the algorithm was called PES:
Proposed Encryption Standard.  After strengthening the algorithm
against differential cryptanalysis, they changed its name to
IPES, for Improved Proposed Encryption Standard, and then to
IDEA.

The algorithm is structured along the same general lines of DES. 
It is an iterated block cipher, with a 64-bit block size and a
128-bit key size.  "Iterated" means that the algorithm uses a
simple encryption function multiple times.  "Block cipher" means
that the algorithm encrypts data in blocks: 64 bits of plaintext
go in one end, and 64 bits of ciphertext come out the other.  And
the algorithm accepts a 128-bit key.

This means that IDEA can be a plug-in replacement for DES, only
with a longer key length.  IDEA can be used in all the different
modes of operation--electronic codebook, cipher block chaining,
output feedback, and cipher feedback-- specified for DES in FIPS
PUB 81 or ANSI X3.106.

The design philosophy behind IDEA is one of "mixing operations
from different algebraic groups."  The operations are XOR,
modular addition, and modular multiplication.  All operations are
based on 16-bit words, and hence are efficiently implemented in
software.  (DES has numerous bit twiddling operations, making it
very inefficient in software.)  IDEA only has eight iterations,
compared with DES's 16, but each IDEA iteration can be thought of
as a double DES iteration.  IDEA is also faster than DES when
implemented in software.

IDEA's 128-bit key length over twice that of DES; its key length
is even longer than triple-DES.  And it is much faster than
triple-DES.  A brute-force attack against IDEA would have to try
2^128, or 3*10^38, possible keys.  Michael Wiener's brute-force
DES-cracking machine, which could find a DES key in an average of
3.5 hours would require 10^18 years to break IDEA.  A machine a
million times faster would still require 10^12, or one trillion,
years to break IDEA.

Does this mean that IDEA is secure?  Is there a more efficient
way to break IDEA than brute force?  No one knows.  IDEA is a
very new algorithm.  Remember that it took cryptographers fifteen
years of studying DES to invent differential cryptanalysis,
something that the NSA knew about all along.  Who knows what
tricks the NSA knows about now that allows them to break IDEA. 
Maybe they know none.  Maybe they know something that we will
discover for ourselves around the year 2006.

There are no assurances in the cryptography business.  Several
academic groups have tried to cryptanalyze IDEA with no success. 
Yet.  Several military intelligence agencies have tried to
cryptanalyze IDEA; they're not talking about what they found. 
IDEA is a good-looking algorithm, but it is also a new algorithm. 
Ten years from now we will all consider it an amazing feat of
security or an impressive failure.  I would bet on the former,
but recognize that it is a bet.

The most widespread product that uses IDEA is PGP: Pretty Good
Privacy.  PGP uses IDEA in cipher feedback mode for data
encryption.  Several other security companies offer the algorithm
as an optional alternative to DES.  It is available both in
software and as a custom ASIC.

Details of the algorithm (with source code) can be found in: 

     X. Lai, J. Massey, and S. Murphy, "Markov Ciphers and
     Differential Cryptanalysis," Advances in Cryptology--
     EUROCRYPT '91 Proceedings, Berlin: Springer-Verlag, 1991,
     pp. 17-38.

     B. Schneier, "The IDEA Encryption Algorithm." Dr. Dobbs
     Journal, Dec 93, pp. 50-56.

     B. Schneier, Applied Cryptography, New York: John Wiley &
     Sons, 1994.

IDEA is patented in the United States (J.L. Massey and X. Lai,
"Device for the Conversion of a Digital Block and the Use of
Same," U.S. Patent #5,214,703, 25 May 1993) and in Europe.  The
patents are held by Ascom-Tech AG.  There is no license fee
required for noncommercial use.  Commercial users interested in
licensing the algorithm should contact: Dr. Peter Profos, Ascom
Tech AG, Solothurn Lab, Postfach 151, 4502 Solothurn,
Switzerland; telephone +41 65 242 885; facsimile +41 65 235 761.



From Peterwheat at aol.com  Wed Jul  6 15:22:36 1994
From: Peterwheat at aol.com (Peterwheat at aol.com)
Date: Wed, 6 Jul 94 15:22:36 PDT
Subject: Detwiler's Crypto Mailing List
Message-ID: <9407041805.tn335555@aol.com>


I found this by doing a keyword search (cryptography) in America Online's
database of mailing lists.  I thought it might be of interest to the
cypherpunks mailing list:

CYPHERWONKS: The Development of Cyberspace

List Title: CYPHERWONKS: The Development of Cyberspace
List Owner or Contact: L. Detwiler, LD231782 at longs.lance.colostate.edu

To subscribe to this list, send e-mail to Majordomo at lists.eunet.fi; in the
body of the message, type SUBSCRIBE CYPHERWONKS.

To unsubscribe from this list, send e-mail to Majordomo at lists.eunet.fi; in
the body of the message, type UNSUBSCRIBE CYPHERWONKS.

Send all other list-related commands to Majordomo at lists.eunet.fi. For
assistance, send the command HELP.

Send all articles to CYPHERWONKS at lists.eunet.fi.

Keywords: cyberspace, technology

Description:
The brand new cypherwonks list on Majordomo at lists.eunet.fi is for ambitious,
energetic, can-do, hands-on individuals interested in general cutting-edge
`cyberspatial development' projects such as in cryptography, digital cash,
and `electronic democracy'. (A `wonk' is slang for a `meticulous detail
person'.) The list is both an informal gathering place for the technically
adept and also a focal point for branching off into serious project
coordination. We place a premium on membership by technical professionals and
try to hone our posts to accommodate the busy (who, according to the adage,
are those who get all the serious work done). We are inspired by the Internet
but don't see it as ideal yet and are particularly interested in cooperation,
building prototypes, forging standards, and `long-term incremental evolution'
in our designs and goals. We're also intensely interested in following and
influencing the technological and political developments of the emerging
`national cyberspatial infrastructure.'

The list is not for political diatribes in the `radical libertarian' agenda,
e.g. rants against all forms of government as oppressive, corrupt, or evil,
or promoting the use of cryptographic technologies for subversive activities
like tax evasion, black marketeering, or evading law enforcement. The list is
not for discussions of how to manipulate the honest through the use of
software technologies. The list is not for unconstructive negativism against
other's proposals.  Above all, we are interested in forging a `civilized
cyberspace' out of the current `Internet wilderness'.

Historical note: the list was formed as a less ornery, more moderate splinter
group from the Cypherpunks by J.Helsingius (creator of the popular
anon.penet.fi anonymizing service) and L.Detweiler (author of many FAQs
including `Privacy & Anonymity on the Internet).



Transmitted:  94-06-28 09:51:08 EDT






From Eric_Weaver at avtc.sel.sony.com  Wed Jul  6 15:42:24 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Wed, 6 Jul 94 15:42:24 PDT
Subject: Detwiler's Crypto Mailing List
In-Reply-To: <9407041805.tn335555@aol.com>
Message-ID: <9407062242.AA02049@sosfc.avtc.sel.sony.com>


Well, well.  The Detweiler vacuum cleaner is spooling up...





From remailer-admin at chaos.bsu.edu  Wed Jul  6 15:54:48 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Wed, 6 Jul 94 15:54:48 PDT
Subject: No Subject
Message-ID: <199407062246.RAA04008@chaos.bsu.edu>


Can anyone tell me if one can use PGP 2.6 with an online service [America
Online]. From what the FAQ says, I need an actual UNIX account rather than
just an E-Mail Gateway. Is this true?

If not, then how do I encrypt without attaching the pgp file [which goes only
to other AOL users] or without using BinHex and inserting THAT into my
message body? Not all of my peers use AOl or possess BinHex.






From lefty at apple.com  Wed Jul  6 16:00:16 1994
From: lefty at apple.com (Lefty)
Date: Wed, 6 Jul 94 16:00:16 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
Message-ID: <9407062259.AA20470@internal.apple.com>


>I like the label "cryptorebel" better than "cypherpunk".  The word
>"punk" just does not seem right, while "rebel" does.   I do have a
>certain attachment to "cypherpunk".  Comments?

If it weren't for nitpickers, we'd all be knee-deep in nits.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From claborne at microcosm.sandiegoca.NCR.COM  Wed Jul  6 16:49:55 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Wed, 6 Jul 94 16:49:55 PDT
Subject: entropy of data....?
Message-ID: <2E1B3A56@microcosm.SanDiegoCA.NCR.COM>




 ----------
From: Jeff Gostin<jgostin at eternal.pha.pa.us>
> can't be broken in a reasonable amount of time. I'm  interested in what
> most of the people on this list would consider a reasonable amount of
> time though.

Hasn't someone come up with a name for this like "Entropy of the data is 30 
days" or... "the half-life of the data is 15 days".  This is a critical 
value when looking at it from a military point of view.  If you can't decode 
enemy plan for attack before a certain date/time then the info is 
useless....

     2
 -- C  --
                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From cme at tis.com  Wed Jul  6 16:53:17 1994
From: cme at tis.com (Carl Ellison)
Date: Wed, 6 Jul 94 16:53:17 PDT
Subject: using PGP or RIPEM on AOL
Message-ID: <9407062352.AA14551@tis.com>


I've only used RIPEM on AOL -- but it should be the same.

I run on a Mac, generating the armored file, and then use AOL's "paste
from file" option in the File menu to include the encrypted file in the body
of my message.

In the other direction, I have to use Select All and Copy to get it out of
AOL mail, Paste to get it into an editor.  From there I can file it and
give that file to PGP or RIPEM.

BBEDIT on the Mac has good support for RIPEM.  I wish I knew how to write
BBEDIT extensions for Mac PGP as well.  Anyone know if it's hard?

 - Carl



--
 Carl M. Ellison					         cme at acm.org
 RIPEM MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A
 PGP 2.4 Key fingerprint =  E0 41 4C 79 B5 AF 36 75  02 17 BC 1A 57 38 64 78
 PGP 2.6 Key fingerprint =  61 E2 DE 7F CB 9D 79 84  E9 C8 04 8B A6 32 21 A2





From paul at hawksbill.sprintmrn.com  Wed Jul  6 16:54:01 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 6 Jul 94 16:54:01 PDT
Subject: Detwiler's Crypto Mailing List
In-Reply-To: <9407062242.AA02049@sosfc.avtc.sel.sony.com>
Message-ID: <9407070056.AA15512@hawksbill.sprintmrn.com>



> 
> Well, well.  The Detweiler vacuum cleaner is spooling up...
> 

Where have you guys been? Larry Detweiler's silly little "wonks"
list has been around, to the best of my recollection, for about
a year now. He couldn't take his medicine, so off he went...

- paul





From jya at pipeline.com  Wed Jul  6 17:45:59 1994
From: jya at pipeline.com (John Young)
Date: Wed, 6 Jul 94 17:45:59 PDT
Subject: Business Week on Crypto
Message-ID: <199407070045.UAA14273@p03.pipeline.com>


There is a brief article on commercial crypto in Business Week 
of July 4, p. 13, by Stephen H. Wildstrom <techandu at mgh.com>.

It sets out need for crypto; describes use of private and 
public keys; key management services by Northern Telecom Ltd. 
and National Semiconductor Corp.; future crypto by Lotus and 
Microsoft; war of RSA and NIST and resulting standoff.





From hayden at vorlon.mankato.msus.edu  Wed Jul  6 18:17:56 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Wed, 6 Jul 94 18:17:56 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
In-Reply-To: <9407062259.AA20470@internal.apple.com>
Message-ID: <Pine.3.89.9407062016.B5897-0100000@vorlon.mankato.msus.edu>


On Wed, 6 Jul 1994, Lefty wrote:

> >I like the label "cryptorebel" better than "cypherpunk".  The word
> >"punk" just does not seem right, while "rebel" does.   I do have a
> >certain attachment to "cypherpunk".  Comments?
> 
> If it weren't for nitpickers, we'd all be knee-deep in nits.

I agree.

Cypherpunk, as I always understood it, was derived from the term 
'cyberpunk', which is the name of a genre of fiction dealing with 
corporate and governmental oppressive societies, where the life and 
liberties of the normal lowlife doesn't mean jack shit and the laws are 
controlled not by the people, but by those with money or power (and often 
both).  

Cypher was an interesting play on words to describe this fight.

Somehow, it seems far more appropriate than 'cryptorebel', which sounds a 
whole lot like new-age PC crap designed to make us sound more appetizing 
to the popular media.

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From rarachel at prism.poly.edu  Wed Jul  6 18:22:42 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 6 Jul 94 18:22:42 PDT
Subject: PC Expo summary!!
In-Reply-To: <199407060001.RAA24072@netcom.netcom.com>
Message-ID: <9407070109.AA10483@prism.poly.edu>


> You wrote:
> 
> Lately, my reading of the list has been rather sporadic (too much work).
> What's on the disks?

PGP 2.6, PGS.99b, WinPGP1.0, SecureDevice 13b, White Noise 2.10, and tons of
articles on the cypherpunks (some from Wired, some from EFF, CFP, Epic,
Rishab's articles, the Cypherpunks Feb 17 Crypto-Anarchy speech transcript
and other assorted goodies.)

The .ZIP file also contains the DIM14A.ZIP program which is needed to restore
the disk and is useful for making many copies of the disk, a README file that
briefly describes how to use the disk at an expo such as PC Expo, and a
post-script file for printing labels for the disks.  It's basically a one stop
Expo duplication package. :-)

Incase you're just tuning in, I had this great idea (aren't all "my" ideas
great?) that we as cypherpunks should distribute diskettes at PC Expo and
other computer trade shows as an awareness raising campaign and a way to
spread PGP, weaken Clipper's impact, etc.





From paul at hawksbill.sprintmrn.com  Wed Jul  6 18:31:47 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 6 Jul 94 18:31:47 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
In-Reply-To: <Pine.3.89.9407062016.B5897-0100000@vorlon.mankato.msus.edu>
Message-ID: <9407070234.AA15708@hawksbill.sprintmrn.com>



> 
> Cypher was an interesting play on words to describe this fight.
> 
> Somehow, it seems far more appropriate than 'cryptorebel', which sounds a 
> whole lot like new-age PC crap designed to make us sound more appetizing 
> to the popular media.
>

I've been a "cypherpunks" list subscriber since (almost) the creation
of the list. We've (collectively) had this discussion more times
than I can count.

Please, let's drop this thread and move on to more productive 
pastures.   ,-)

Cheers.

- paul
 




From rah at shipwright.com  Wed Jul  6 18:35:48 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 6 Jul 94 18:35:48 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
Message-ID: <199407070135.VAA02634@zork.tiac.net>


At  8:26 PM 7/6/94 +0100, Robert A. Hayden wrote:

[snippeta, snippeta]

>Cypher was an interesting play on words to describe this fight.
>
>Somehow, it seems far more appropriate than 'cryptorebel', which sounds a
>whole lot like new-age PC crap designed to make us sound more appetizing
>to the popular media.

Yeah. What he said.  "Cryptorebel" reminds me of "cryptofascist", which
reminds me of "Myra Breckenridge", for some reason.   ":-o

Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From cactus at bb.com  Wed Jul  6 18:43:45 1994
From: cactus at bb.com (L. Todd Masco)
Date: Wed, 6 Jul 94 18:43:45 PDT
Subject: Electronic business
Message-ID: <199407070149.VAA07218@bb.com>



Pardon me if I sound a little excited, but: tonight, Bibliobytes
 made it's first customer transaction!

As far as I know, this makes us the first business in history (to
 be melodramatic about it) to conduct business *entirely* over the
 public networks -- the order w/ CC num was encrypted w/ RSA, we
 did the verification electronically on our node (true, through
 a modem to a third party -- we need infrastructure for e$!), and
 mailed the result back to the customer, all in about 15 minutes.
 (It'll get faster as I write the automation code.)

Am I correct?  Are we the first?

(And we issued a PGP-signed receipt, too!)

	-- Todd

[BTW, I acknowledge that I snagged the T. Jefferson quote from someone
 here on C'punks.  It's just too appropriate -- thanks!]
--
L. Todd Masco  | Bibliobytes books on computer, on any UNIX host with e-mail.
cactus at bb.com  |  info at bb.com  | "Information is the currency of democracy."





From claborne at microcosm.sandiegoca.NCR.COM  Wed Jul  6 18:48:32 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Wed, 6 Jul 94 18:48:32 PDT
Subject: PGP2.7 & RE: Where is SecureDevice?  & PGP 2.7 wuarchive directory missing..
Message-ID: <2E1B5DB6@microcosm.SanDiegoCA.NCR.COM>



PGP 2.7 from viacrypt is now shipping.  The main reason for the upgrade (in 
my opinion) is compatibility with 2.6.  They did add some extra stuff 
though.

   They are also working on a Windows version to be ready this summer 
(according to their letter) and I am using their WinCim/CSNav version at 
home when I use CI$.

> P.S. Does anybody have a FAQ or something about how to
> integrate PGP with Microsoft Mail? (Note the lack of
> a PGP signature while I'm getting my act together..)

   I asked the same thing of Viacrypt.  I lost the reply but it essentially 
said that they are working on a DLL toolkit to make it easy to integrate PGP 
into other Windows applications and are looking at MS Mail among others.

     2
 -- C  --
                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From claborne at microcosm.sandiegoca.NCR.COM  Wed Jul  6 18:54:40 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Wed, 6 Jul 94 18:54:40 PDT
Subject: PGP2.7 & RE: Where is SecureDevice?  & PGP 2.7 wuarchive directory missing..
Message-ID: <2E1B5F06@microcosm.SanDiegoCA.NCR.COM>




 ----------
>From: Claborne, Chris at SanDiegoCA
>To: cypherpunks
>Subject: PGP2.7 & RE: Where is SecureDevice?  & PGP 2.7 wuarchive directory 
>missing..
>Date: Wednesday, July 06, 1994 6:42PM

>> P.S. Does anybody have a FAQ or something about how to
>> integrate PGP with Microsoft Mail? (Note the lack of
>> a PGP signature while I'm getting my act together..)

<<   I asked the same thing of Viacrypt.  I lost the reply but it 
essentially said that they are working on a DLL toolkit to make it easy to 
integrate PGP into other Windows applications and are looking at MS Mail 
among others.
>>
OOPS... I found it.  They are adding a way to have PGP automatically add 
some cleartext on ciphered messages....

"...A version for MSMail..... We intend to have a windows toolkit
version available by September.  With this windows version, we
can then start work on integration into the various mail
programs.  MSMail is on the list.  Stay tuned... check back with
us as to our progress.

If you have any further questions or concerns, please feel free
to contact me.

Best Regards,
Paul E. Uhlhorn
Director of Marketing, ViaCrypt Products
Mail:          2104 W. Peoria Ave
               Phoenix AZ 85029
Phone:         (602) 944-0773
Fax:           (602) 943-2601
Internet:      viacrypt at acm.org
Compuserve:    70304.41"


     2
 -- C  --
                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From claborne at microcosm.sandiegoca.NCR.COM  Wed Jul  6 18:54:57 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Wed, 6 Jul 94 18:54:57 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
Message-ID: <2E1B5F85@microcosm.SanDiegoCA.NCR.COM>



On Wed, 6 Jul 1994, Lefty wrote:

> >I like the label "cryptorebel" better than "cypherpunk".  The word
> >"punk" just does not seem right, while "rebel" does.   I do have a
> >certain attachment to "cypherpunk".  Comments?
>
> If it weren't for nitpickers, we'd all be knee-deep in nits.

   There is too much "name recognition" in "cypherpunk" for it to be dropped 
now...IMHO.

                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From rarachel at prism.poly.edu  Wed Jul  6 18:59:57 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 6 Jul 94 18:59:57 PDT
Subject: Counting bits
In-Reply-To: <gate.Pk12oc1w165w@dxm.ernet.in>
Message-ID: <9407070147.AA11105@prism.poly.edu>


Why bother when you can simply do an eight line function?

int bitcount(char b)
{
register int retval=0;

 if (a & 1) retval++;
 if (a & 2) retval++;
 if (a & 4) retval++;
 if (a & 8) retval++;
 if (a & 16) retval++;
 if (a & 32) retval++;
 if (a & 64) retval++;
 if (a & 128) retval++; 

return retval;
}

This function, (if you have a decent compiler) will be turned into about 32
instructions at most.  IE:
  MOV BL,00
  MOV AL,value_of_a_wherever_that_may_be_in_the_stack
  AND AL,01
  JZ @+2_instructions
  INC BL
  AND AL,02
  JZ @+2_instructions...
  ad compiler nausea.

Simple, no shifting, no adding, no dividing, and best of all, it's straight
forward, and you don't have the possibility of sneaking in bugs.  Whereas
the previous example is a one liner, and may be shorter, it will be far
harder for humans to understand. :-)


Just my two bits. ;^)




From jgostin at eternal.pha.pa.us  Wed Jul  6 19:05:36 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 6 Jul 94 19:05:36 PDT
Subject: Misattribution
Message-ID: <940706210855D5ujgostin@eternal.pha.pa.us>


"Claborne, Chris at SanDiegoCA" <claborne at microcosm.sandiegoca.NCR.COM>
writes:

> From: Jeff Gostin<jgostin at eternal.pha.pa.us>
>> can't be broken in a reasonable amount of time. I'm  interested in what
>> most of the people on this list would consider a reasonable amount of
>> time though.
     This isn't from me... *sigh* Misattributed twice in one week. What's
this world coming to? :-) Folks, please watch your attributions. I'd like
to be quoted for what I do say, and to see that other people get credit
for what they say too... Please??

                                   --Jeff





From claborne at microcosm.sandiegoca.NCR.COM  Wed Jul  6 19:06:19 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Wed, 6 Jul 94 19:06:19 PDT
Subject: FW: Physical storage of key is the weakest link
Message-ID: <2E1B61AF@microcosm.SanDiegoCA.NCR.COM>



<< some suggestion to keep keys secure on floppy>>

<<Lance Cottrel writes:
If your passphrase is good (128+ bits of entropy), then your private key is
as secure as the messages that you send. Although it need be broken only
once, I see no real danger of IDEA being compromised in the near future.
Given a good passphrase, I would suggest that you want multiple copies of
your key to prevent loss or accidental destruction. My passphrase is > 30
characters. Fortunately Mac PGP remembers the key during any given session
so typing is kept down a bit.
>>

If you are really paranoid, keeping your private keys super secure is a good 
idea.  If a bad guy were come and steal them all she needs to do find out 
your passphrase (using all kinds of attacks.... camera over your desk....) 
and bingo, they can read all past and future message traffic to you...

                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From claborne at microcosm.sandiegoca.NCR.COM  Wed Jul  6 19:19:02 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Wed, 6 Jul 94 19:19:02 PDT
Subject: FW: Kevin Mitnik
Message-ID: <2E1B644E@microcosm.SanDiegoCA.NCR.COM>



<<
>From Edupage:

*******************
FBI HUNT FOR HACKER
        Kevin Mitnick is wanted by the FBI for suspicion of software and
data theft from leading telecom manufacturers and service providers. Among
his victims have been MCI and Digital Equipment. An ex-convict, Mitnick was
described by one judge as having an "addiction problem" with computers,
similar to a drug or gambling addiction. During a six-month treatment
program he was prohibited from touching a computer or a modem, but the
treatment seems to have failed, and one detective says: "I've always
considered him dangerous. I had to go underground. If he targets you, he
can make your life miserable." (New York Times 7/4/94 A1)
**************************
>>

   I also read an article in the Pheonix paper saying that he did a wire tap 
on the FBI guys that were trying to find him...  among other things.

QUESTION:
   How do they know it was him?  I get tired of the News dudes printing 
stuff as if it were fact.
                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From jim at acm.org  Wed Jul  6 19:30:41 1994
From: jim at acm.org (Jim Gillogly)
Date: Wed, 6 Jul 94 19:30:41 PDT
Subject: Electronic business
In-Reply-To: <199407070149.VAA07218@bb.com>
Message-ID: <9407070230.AA27503@mycroft.rand.org>



> "L. Todd Masco" <cactus at bibliob.slip.netcom.com> writes:
> As far as I know, this makes us the first business in history (to
> be melodramatic about it) to conduct business *entirely* over the
> public networks -- the order w/ CC num was encrypted w/ RSA, we
> did the verification electronically on our node (true, through
> a modem to a third party -- we need infrastructure for e$!), and
> mailed the result back to the customer, all in about 15 minutes.
> (It'll get faster as I write the automation code.)

> Am I correct?  Are we the first?

The first what?  On 8 June 94 I sent a PGP message to ACM.ORG requesting an
account and enclosing a signed authorization to use my VISA card to set up
an account; inside the signed text I specified that I authorized charges
for one year's worth of mail forwarding.  I received a (non-PGP) receipt
the next day, and my account was active.  My message and the product were
both on the net.

If the payment in your transaction was in e$, then I don't have a
counterexample to your claim...

	Jim Gillogly
	Sterday, 14 Afterlithe S.R. 1994, 02:29





From ebrandt at jarthur.cs.hmc.edu  Wed Jul  6 19:58:09 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Wed, 6 Jul 94 19:58:09 PDT
Subject: Counting bits
In-Reply-To: <9407070147.AA11105@prism.poly.edu>
Message-ID: <9407070258.AA12876@toad.com>


> Why bother when you can simply do an eight line function?
[ unrolled loop approach deleted ]

1. Speed.  For bytes it probably doesn't matter much, but it
will if you're operating on full words.

2. Why write straightforward code if you don't have to?  ;-)

   Eli   ebrandt at hmc.edu






From ifarqhar at laurel.ocs.mq.edu.au  Wed Jul  6 19:58:27 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Wed, 6 Jul 94 19:58:27 PDT
Subject: Bit counting
Message-ID: <199407070257.AA00900@laurel.ocs.mq.edu.au>


>Why bother when you can simply do an eight line function?

>int bitcount(char b)
>{
>register int retval=0;

> if (a & 1) retval++;
> if (a & 2) retval++;
> if (a & 4) retval++;
> if (a & 8) retval++;
> if (a & 16) retval++;
> if (a & 32) retval++;
> if (a & 64) retval++;
> if (a & 128) retval++; 

>return retval;
>}

[...]

Because on a lot of architectures this implementation may be hideously
inefficient.  All the world is not an Intel chip, thank god.

							Ian.




From kentborg at world.std.com  Wed Jul  6 22:17:09 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 6 Jul 94 22:17:09 PDT
Subject: More Mitnik
Message-ID: <199407070516.AA09329@world.std.com>


chris.claborne at sandiegoca.ncr.com wrote:
>   I also read an article in the Pheonix paper saying that he did a wire tap
>on the FBI guys that were trying to find him...  among other things.

YES, whether it is true or not that is exactly the sort of stuff we
need to get Joe Lunchbox saying "YES!"--and getting Joe Lunchbox on
our side* is more important that you know.  (Who do you think held down
the tax on the beer I am drinking right now?  That's right, it was
Joe, and I admire that.)

We need to watch our image, and Mitnik (if he is smart) is a great way
to distact from the pedophile scare.  How can people get indignant
when they are too busy laughing?  The idea of one social misfit wire
tapping the FBI (and they want to put wiretaps in the *design*?) is so
entertaining--and understandable by Joe Lunchbox--that I can't stand
it.


-kb

* Our side: strong crypto without backdoors for either Mitnik or Freeh
is good.  Agree?



--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From roy at sendai.cybrspc.mn.org  Wed Jul  6 22:18:22 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 6 Jul 94 22:18:22 PDT
Subject: Counting bits
In-Reply-To: <9407070147.AA11105@prism.poly.edu>
Message-ID: <940706.224045.2s5.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, rarachel at prism.poly.edu writes:

> 
> Why bother when you can simply do an eight line function?
> 
> int bitcount(char b)
> {
> register int retval=0;
> 
>  if (a & 1) retval++;
>  if (a & 2) retval++;
>  if (a & 4) retval++;
>  if (a & 8) retval++;
>  if (a & 16) retval++;
>  if (a & 32) retval++;
>  if (a & 64) retval++;
>  if (a & 128) retval++; 
> 
> return retval;
> }
> 
> This function, (if you have a decent compiler) will be turned into about 32
> instructions at most.

Just for entertainment value, I clipped your function and compiled it
with Turbo C++ 1.01 in default (ANSI C) mode.  Here's the .asm code
produced (comments and setup code edited for brevity)

_bitcount	proc	near
	push	bp
	mov	bp,sp
	push	si
	mov	dl,byte ptr [bp+4]
	xor	si,si
	test	dl,1
	je	short @1 at 74
	inc	si
@1 at 74:
	test	dl,2
	je	short @1 at 122
	inc	si
@1 at 122:
	test	dl,4
	je	short @1 at 170
	inc	si
@1 at 170:
	test	dl,8
	je	short @1 at 218
	inc	si
@1 at 218:
	test	dl,16
	je	short @1 at 266
	inc	si
@1 at 266:
	test	dl,32
	je	short @1 at 314
	inc	si
@1 at 314:
	test	dl,64
	je	short @1 at 362
	inc	si
@1 at 362:
	test	dl,128
	je	short @1 at 410
	inc	si
@1 at 410:
	mov	ax,si
	jmp	short @1 at 434
@1 at 434:
	pop	si
	pop	bp
	ret	
_bitcount	endp

Your estimate was a little short.  I count 35 instructions. :-)
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
        PGP 2.3a public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLht6nBvikii9febJAQELawP9GFgXQ8HMKoiIWgRDH6oLYxHfz8XMsKEN
I3BXCpqwe35ADBP6ah8vgEWfifOJMIlduR02u8RV/Zz4ROC0kRBrJPw/Gk7R3gd5
uoUlqUgjZQAmqNcBE84hTHqxnLmSKJJb3nygYVZ8fhA6Fhn0BJ/6hpRuAGazN3B0
SVznWIhxpmQ=
=tPEz
-----END PGP SIGNATURE-----






From kentborg at world.std.com  Wed Jul  6 22:32:14 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 6 Jul 94 22:32:14 PDT
Subject: Tim May and Security for The Millions
Message-ID: <199407070531.AA12295@world.std.com>


Tim (yes, it was me--Kent Borg--you quoted the most recent time you
said--roughly--that other people's security is no very important to
you), there is a very good reason why you want *everyone* to have good
security.
 
The fact that "everyone" will use up the snooping resources of the
TLAs, leaving less for them to throw at you, is not the main point,
for the TLAs might come up with clever secret approaches which allow
their resources do amazingly efficient things.
 
What you really want to know is what the state of the art is inside
the NSA, what efficient things they can do.  (You want to know the
*whole* story behind the S-boxes, what Skipjack is, etc.)
 
The best way to do this is to badly, I mean *BADLY*, tempt them to tip
their hand.  If pedophiles (the canonical/mythical threat) are the
threat they see then put the best security we (on the outside) have in
the hands of the world's pedophiles and watch the prosecutions.
 
Either the TLAs tip their hands by cracking the 1998 version of PGP
5.0.2 with IDEA^3 or they don't.
 
If they do, you know they cracked it.  If they don't you know one of
two things:
 
1) They didn't crack it.
 
2) They did crack it *but* are too afraid to say they cracked
it--which is nearly equal to not having cracked it.  (Preventing them
from acting on information is close to denying them the same
information--the Coventry Legend and all.)
 
A wonderful way for us to drive cryptological research out into the
light is to *temp* them into showing their hands, and giving good
security to *everybody* is the best way to do that.  Following this
argument, preventing trivial "quick brown fox"-attacks is part of the
job of giving good security to everyone, make them work at the
interesting problems.  Conclusion: my recent "passwords are hard"
tirade is not completely off-subject.  More general conclusion: user
interface issues ("My Mom" et al) are very important.
 
Certainly, working on the gaping hole of Tempest attacts is very
important (any ideas?), but don't forget that RF-snooping of moving
notebooks requires risky ~field work~ and bad take-out food, something
properly high-tech TLAs hate.  Tempest attacks are only worthwhile
against juicy targets, while some other attacks are useful in bulk.
(For examples of how poor passwords are useful in bulk, read RISKS,
use your imagination, and extrapolate to large populations.)
 
Tim, the best way for you to have good security is to put good
security in the hands of the millions.
 
 
-kb, the Kent who can sometimes get personal and use first names
 
--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Wed Jul  6 22:43:35 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 6 Jul 94 22:43:35 PDT
Subject: Schneier Claims on Multiple Encryption
Message-ID: <199407070543.AA14055@world.std.com>


In Applied Cryptography (at 8.2.5) Bruce Schneier says:
 
"What about encrypting a block once with algorithm A and key K-a, and
then again with algorythm B and key K-b?  Aside from being susceptable
to ... meet-in-the-middle attacks, there is no guarantee that the two
algorythms will work together to increase security.  There may be
subtle interactions between the two algorithms which actually
*decrease* security."
 
Wait.  If applying a different algorithm with an unrelated key might
decrease security, then the TLAs could themselves apply another
algorithm with their own unrelated key as an analysis technique, no?
 
Kent's Hypothosis: Superencrypting different algorithms with unrelated
keys can never weaken non-trivial algorithms.
 
Stacking DES on top of IDEA on top of Ceasar can be no worse than the
strongest of the the set--assuming the keys are unrelated and the
attempted security is not through obscurity and the algorithms are not
so confused as to be each other's analysis.

-kb

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From nobody at c2.org  Wed Jul  6 22:57:39 1994
From: nobody at c2.org (Random H0Z3R)
Date: Wed, 6 Jul 94 22:57:39 PDT
Subject: Kevin Mitnik
Message-ID: <199407070555.WAA05356@zero.c2.org>


Kent Borg wrote:

> I am under the impression that I would not like Mitnik personally, but I
> have never personaly met him...

> Would I turn him in?  Well, put it this way: I would not harbor him but 
> neither would I work very hard to figure out where he is or whether a 
> particular "nobody" on this list be him.

Somehow, I get the idea that the "nobody" you're referring to is yours 
truly.  Well, I'm not him, but your suspicion does bring up a valuable 
point, though:  if you're suspicious that a certain "chained remailer user" 
is the infamous Mr. Mitnik, then certain TLAs might also share that 
suspicion.  Therefore, anyone using such "underground" services as 
anonymous remailers should use exceeding care.  If they start to use 
traffic analysis, or any of the other "sigint" techniques discussed here, 
even though you aren't Mr. Mitnik, you may well get "caught" in their 
"dragnet".







From ifarqhar at laurel.ocs.mq.edu.au  Wed Jul  6 23:48:51 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Wed, 6 Jul 94 23:48:51 PDT
Subject: Counting bits
Message-ID: <199407070647.AA12059@laurel.ocs.mq.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

>Just for entertainment value, I clipped your function and compiled it
>with Turbo C++ 1.01 in default (ANSI C) mode.  Here's the .asm code
>produced (comments and setup code edited for brevity)

Both Sun C and GCC on a Sun SPARC system running 4.1.3 produced this code
for each bit-count line (-O4 optimization used):

L77042:
        andcc   %o0,2,%g0		; AND the bit
        bne,a   L77044			; branch/anull if zero
        inc     %o5			; increment bitcount
L77044:

This, I believe, is as optimized as it is possible to get on a uniprocessor
machine.

On both compilers, the routine size was 28 instructions total, and that
would also be the maximum path length for the execution of this routine
when passed an ASCII 255 value.

A MIPS-based DECserver running Ultrix 7.1 produced this (again, -O4):

$34:
        lb      $11, 0($sp)		; Load the byte off the stack
        and     $12, $11, 16		; AND the bit
        beq     $12, 0, $35		; branch/anull if zero
        addu    $3, $3, 1		; increment bitcount
$35:

Total instruction count was 28.  This is non-optimal, as there is no
need to reload off the top of the stack on every line, and if so 
modified it would be equivalently efficient to the SPARC implementation.

On a Cray Y-MP/EL running UNICOS 7.0.6 (-O3, which is equivalent to
- -hinline3,scalar3,task3,vector3):

L5          =               P.*
            S7              2		; Move 2 into S7
            S0              S2&S7	; S0 = S2 AND S7
            JSZ             L6		; Jump to L6 if the bit was zero
            S7              1		; Move 1 into S7
            S1              S1+S7	; Up the bitcount in S1
L6          =               P.*                             ;               9

Note that the Cray C compiler (or indeed any C compiler I know of) is not
yet capable of recognising the option of using the population count
instruction here, because it is nearly impossible to determine what this
particular routine is doing.  Even so, the total instruction count is
80, which is somewhat excessive.  The "Move 1 into S7" could probably
be eliminated by using another scalar register, and I suspect (but don't
have the manual here so I cannot confirm) that they'd be better not
to reload the mask every line, but instead to load it once and shift.
Additionally, you could probably vectorise this, but I doubt it would
buy you much.

Anyway, that's an analysis of three high end architectures on this
code fragment.  Personally I feel that a lookup table would be a MUCH
more efficient implementation for most systems which lack population
count, even for words up to 20 bits or so in size (depending on your storage
requirements and latency at accessing main memory, of course).

Enjoy.  One of these days I will get back to my project of implementing
crypto primatives in CAL, but I do not have the time right now.
BTW, folks, playing around with this is fun.  I still believe that either
the SKIPJACK interim reports Cray-implementation timing figures were
wrong, or the conditions under which the program was compiled was
incorrect (most likely), or that SKIPJACK contains no s-boxes.
Take your pick.

						Ian.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLhukvdCZASdT8NoBAQHe/wQAzW/zmoiiAz9vswLO5kQcs6TSoAhIK7SM
1hTrvbXTbNwrnK2FyhC4nZaUPIjnZufOeCoQPs1DJNsCZ1q6Gx1nlVj/hTyBUxYr
THQ9ZLOUFruSDa18enx4J1iSrliBeoGcV0CuGRxClNoFrDkYedzRS0nN+m/rq35W
Vcsk0HFxq0g=
=Wpri
-----END PGP SIGNATURE-----




From Robert at rmh.khabarovsk.su  Thu Jul  7 00:15:48 1994
From: Robert at rmh.khabarovsk.su (Robert M. Humphrey)
Date: Thu, 7 Jul 94 00:15:48 PDT
Subject: Need help in Russia...............
Message-ID: <AAoAy6kGh7@rmh.khabarovsk.su>


This is the first time I've been in this system, so I guess I just jump in.
I am an American Communications Engineer doing business in Russia. You
think you have problems with privacy! Anyhow, after having to eat the
contents of a few of my messages as served by the local Russian
Administration (who aren't on my mailing list!), I decided to try for a
little privacy. No joy in Mudville!! A friend in the US suggested that
I try PGP. Then I find out that I can't have someone send me a copy. Then
I find out that I can download something from CompuServe. Right! Have you
ever tried data on a Russian Telephone line? I was abl to get about 20KB
before Ma BellSkov decided to cut me off. Lots of times. I have access to
InterNet e-mail through some system in Moscow (about 5000 miles from here)
and I do have access to UUENCODE and DECODE plus the usual PkWare stuff.
Anyone with any ideas how I can get going on PGP or something else under
the circumstances would be more than welcome.
   By the way, a simple system probably won't do much good. When the climate
changed in Russia, a lot of very capable KGB people ended up with no jobs.
Since they had the skills needed, they either entered the Russian Mafia,
went into Industrial Espionage or (just to show how desparate they were and
how little self respect that had left) became lawyers! It's the second group
that I have to deal with. If it's not well encrypted, you can buy any
information that exists over here.
   If anyone has any ideas on how I can get going in this direction, let me
know at:
               Robert at rmh.khabarovsk.su

BTW...Khabarovsk is a city of about 700,000 located 20km from the Manchurian
border with china in Far Far Eastern Russia (less than 500 miles from the
Pacific coast. I do mostly Satellite communications and many types of
radio communications.
Thanks
Bob





From bart at netcom.com  Thu Jul  7 02:03:26 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Thu, 7 Jul 94 02:03:26 PDT
Subject: (fwd) Cryptologist needed
In-Reply-To: <9407051115.ZM2957@athena>
Message-ID: <199407070903.CAA27626@netcom6.netcom.com>



    I guess when I first forwarded this to the list, the header
    was not included.  What follows is the entire posting from
    the ba.jobs.contract Usenet group which includes the name of
    the person who posted it.  dberg at netcom.com is the person to
    answer all questions about the job.



From sinclai at ecf.toronto.edu  Thu Jul  7 01:20:21 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Thu, 7 Jul 1994 04:20:21 -0400
Subject: Counting Bits
Message-ID: <94Jul7.092031edt.11156@cannon.ecf.toronto.edu>

The only sane way to count the number of 1 bits in a byte is to use
a lookup table:

	return table[result];

On an intel chip this produces ONE opcode:

	XLAT


From werner at mc.ab.com  Thu Jul  7 04:53:19 1994
From: werner at mc.ab.com (tim werner)
Date: Thu, 7 Jul 94 04:53:19 PDT
Subject: Bit counting
In-Reply-To: <199407070257.AA00900@laurel.ocs.mq.edu.au>
Message-ID: <199407071152.HAA24431@sparcserver.mc.ab.com>


>From: Ian Farquhar <ifarqhar at laurel.ocs.mq.edu.au>
>Date: Thu, 7 Jul 1994 12:57:54 +1000 (EST)
>
>>Why bother when you can simply do an eight line function?
                                       ~~~~~
>>int bitcount(char b)
>>{
>>register int retval=0;
>
>> if (a & 1) retval++;
>> if (a & 2) retval++;
        etc.
>>return retval;
>>}
>
>Because on a lot of architectures this implementation may be hideously
>inefficient.  All the world is not an Intel chip, thank god.

Not to mention it's only good for 8-bit words.  In my case I am working
with 16-bit data.

tw





From pak at chaser.co.uk  Thu Jul  7 05:58:11 1994
From: pak at chaser.co.uk (Paul Kathro)
Date: Thu, 7 Jul 94 05:58:11 PDT
Subject: Most People don't Think about Security
In-Reply-To: <199407061347.OAA03604@an-teallach.com>
Message-ID: <20381.9407071045@fire.chaser.co.uk>



According to Graham Toal:

> PS What UK *does* do that the US is abysmal at is checking the 
> signatures on VISA cards et al.  I'm staggered by how lax US shopkeepers
> are about looking at the signature.  No wonder fraud is rampant.
> Over here they not only *always* without exception check the
> signature, they often query it online and occassionally *sniff*
> the cards to see if an old signature has been removed with lighter
> fluid...

Ah, but the UK is starting to catch up with the US even in this. Over the
last couple of years I've noticed an increasing number of merchants who
skip the signature check for small purchases; on a couple of occasions 
recently I've even had my card returned to me BEFORE I'd signed the sales 
voucher (exactly like the normal US practice). Each time I've been tempted 
to use an "alternative" signature just to see what the response was, but lost
my nerve at the last moment. It'd be interesting to find out who's liable
for a debt incurred by Mickey Mouse on my account...

Paul (who lurks no more).

-- 
pak at chaser.co.uk(Paul Kathro)   Chase Research PLC, Chase House, Cedarwood,
voice     : +44 256 52260       Chineham Business Park, Basingstoke,
facsimile : +44 256 810159	Hampshire, RG24 8WD, United Kingdom.





From gtoal at an-teallach.com  Thu Jul  7 06:04:50 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 06:04:50 PDT
Subject: Detwiler's Crypto Mailing List
Message-ID: <199407071303.OAA05319@an-teallach.com>


: From: Peterwheat at aol.com

: I found this by doing a keyword search (cryptography) in America Online's
: database of mailing lists.  I thought it might be of interest to the
: cypherpunks mailing list:

Oh God :-(  Either Detweiler has got himself an AOL account or all AOL
people are as clueless as they're reputed to be...

He follows it with this...

> From: Anonymous <remailer-admin at chaos.bsu.edu>

> Can anyone tell me if one can use PGP 2.6 with an online service [America
> Online]. From what the FAQ says, I need an actual UNIX account rather than
> just an E-Mail Gateway. Is this true?

> If not, then how do I encrypt without attaching the pgp file [which goes only
> to other AOL users] or without using BinHex and inserting THAT into my
> message body? Not all of my peers use AOl or possess BinHex.

Hmmm... I think theory #1 is the more likely one.  Is it time to shout
'He's baaaaack!' yet? - I'll know soon enough if I log on to cypherpunks
and find 50 articles all following up posts from AOL...

G





From gtoal at an-teallach.com  Thu Jul  7 06:08:00 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 06:08:00 PDT
Subject: entropy of data....?
Message-ID: <199407071307.OAA05452@an-teallach.com>


: Hasn't someone come up with a name for this like "Entropy of the data is 30 
: days" or... "the half-life of the data is 15 days".  This is a critical 
: value when looking at it from a military point of view.  If you can't decode 
: enemy plan for attack before a certain date/time then the info is 
: useless....

That betrays a bit of ignorance about the meaning of 'half-life'.

I think the word you're looking for is 'lifetime'.

G





From gtoal at an-teallach.com  Thu Jul  7 06:24:29 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 06:24:29 PDT
Subject: Counting bits
Message-ID: <199407071323.OAA05688@an-teallach.com>


	Why bother when you can simply do an eight line function?

	int bitcount(char b)
	{
	register int retval=0;

	 if (a & 1) retval++;
	 if (a & 2) retval++;
	 if (a & 4) retval++;
	 if (a & 8) retval++;
	 if (a & 16) retval++;
	 if (a & 32) retval++;
	 if (a & 64) retval++;
	 if (a & 128) retval++; 

	return retval;
	}

There's a man who has never had to code a critical inner-loop.

When you're exhaustively testing keyspaces, or getting hard crypto
to run at lan speeds, sometimes every cycle is critical.  If the function
above is in the main inner loop (say 80% of the CPU time as gleaned
from a profile utility), the optimisations people suggested will
speed your program up by a factor of 10.  This is the one time
that bit-twiddling optimisations are worthwhile.  (Mostly they're
irrelevant and just posturing by smart-ass kiddies...)

G





From gtoal at an-teallach.com  Thu Jul  7 06:30:33 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 06:30:33 PDT
Subject: Counting bits
Message-ID: <199407071330.OAA05787@an-teallach.com>


: Both Sun C and GCC on a Sun SPARC system running 4.1.3 produced this code
: for each bit-count line (-O4 optimization used):

: L77042:
:         andcc   %o0,2,%g0: : ; AND the bit
:         bne,a   L77044: : : ; branch/anull if zero
:         inc     %o5: : : ; increment bitcount
: L77044:

: This, I believe, is as optimized as it is possible to get on a uniprocessor
: machine.

Using branches is seriously bad news on some machines, especially
risk machines which are using a prefetched instruction pipeline.
Then of course you get machines with an on-chip cache, in which
case the looping variant becomes the best choice again.

And you have to figure architectures where every instruction is
conditional on the CC so you can have branches over (some) short
instruction sequences for free.

Serious optimization isn't a child's game.  When we did the 1's-counting
code for the Acorn RISC machine, every programmer in the office worked
on it for a week.  I think the best version in the end was a variation
of the trick shown earlier and some sneaky use of ARM conditionals and
address-loading instructions that could do arbitrary shifts on the fly
while adding.

I wish I'd kept it.  If anyone bumps into Paul Bond, I think he was
the guy who wrote the best one.  I'd like to see that one again for
nostalgia's sake :-)

G





From perry at imsi.com  Thu Jul  7 06:38:06 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 7 Jul 94 06:38:06 PDT
Subject: Counting bits
In-Reply-To: <199407071330.OAA05787@an-teallach.com>
Message-ID: <9407071337.AA03454@snark.imsi.com>



Graham Toal says:
> Serious optimization isn't a child's game.  When we did the 1's-counting
> code for the Acorn RISC machine, every programmer in the office worked
> on it for a week.  I think the best version in the end was a variation
> of the trick shown earlier and some sneaky use of ARM conditionals and
> address-loading instructions that could do arbitrary shifts on the fly
> while adding.

In my humble opinion, the right way to get code like this written is
to let a superoptimizer get a whack at the problem -- superopts
produce are guaranteed to produce optimal code, and its better to have
fifteen machines grinding for a week than fifteen humans and their
machines.

Perry





From uunet!alias.com!rmartin at uunet.uu.net  Thu Jul  7 07:34:06 1994
From: uunet!alias.com!rmartin at uunet.uu.net (Richard Martin)
Date: Thu, 7 Jul 94 07:34:06 PDT
Subject: Mastercard, Visa, Access, Barclaycard, Amex, JCB ...
In-Reply-To: <20381.9407071045@fire.chaser.co.uk>
Message-ID: <9407071324.AA12134@zen.alias.com>


> Over the
> last couple of years I've noticed an increasing number of merchants who
> skip the signature check for small purchases; on a couple of occasions 
> recently I've even had my card returned to me BEFORE I'd signed the sales 
> voucher (exactly like the normal US practice). 
> Paul (who lurks no more).

   I worked a few years in a pharmacy (credentials established) and so
noticed that most customers will take it as a personal affront if anything
more than this cursory attention is paid to their credit card. It's a
North American phenomenon I can attest to, though whether it's much
different from European attitudes I cannot judge until I work retail
on the other side of the pond. (Read, hopefully never. Retail, that is. I
would like to work in Europe at some point. But I'd rather not be selling
Aspirin.)
   We had a few incidents with credit cards at the pharmacy, and would
generally be very pedantic about calling in anything over $75CAN (which is
<weeping as he considers the current exchange rate> about $60US) for
certification. When I first got there (about five years ago, now) there
were large, thousand-page flyers from the companies listing numbers of
stolen cards. I'm not sure if we were actually expected to stand there in
front of a customer and check in the book -- the circulars didn't last
long and were soon replaced by the more commonly used 1-800 number.
   Out of some interest, what do the "swipe" card verification systems
do? How much information do they read from the card and pass down the
telephone line? How much information would a tap of such a transmission
reveal?

Richard Martin.
<climbing back down into the little hole I've been occupying>

--
rmartin at alias.com - a228mart at cdf.toronto.edu - martinrd at gpu.utcc.toronto.edu
University of Toronto ChemPhysCompSci 9T7, Shad Valley Waterloo 1992 [svp942]




From frissell at panix.com  Thu Jul  7 07:43:43 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 7 Jul 94 07:43:43 PDT
Subject: PGP Keys on a Floppy
Message-ID: <Pine.3.87.9407071042.A15556-0100000@panix.com>


	


C.><< some suggestion to keep keys secure on floppy>>

DOS users can always encrypt their keyfile on a floppy encrypted with 
SecureDrive.  <G>

DCF

                                                                                     







From nobody at c2.org  Thu Jul  7 07:53:31 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 07:53:31 PDT
Subject: Unknown
Message-ID: <199407071450.HAA06957@zero.c2.org>


============================================================================
SUBJECT:  METHOD FOR UPDATING ENCRYPTION KEY INFORMATION IN COMMUNICATION
          UNITS
SOURCE:   MicroPatent via Fulfillment by INDIVIDUAL, Inc.
DATE:     July 6, 1994
INDEX:    [2]
ORDER NO: 402693#
----------------------------------------------------------------------------

  MicroPatent via INDIVIDUAL, Inc. : Abstract: Within a communication
system, an encryption controller receives unit identification information
from a plurality of encrypting/decrypting communication units. For any
individual communication unit, the encryption controller uses the unit
identification associated with that transmitting communication unit to
determine if it contains updated encryption key information. If the
transmitting communication unit is not currently updated, a group call is
used to send the current encryption key information to all communication
units within the transmitting communication unit's group, thereby updating
all active, non-current communication units. After a first predetermined
period of time has elapsed, this process is allowed to repeat.

  Ex Claim Text: In a communication system that includes a plurality of
communication units, an encryption controller, wherein the plurality of
communication units includes a first set of communication units that are
currently active and a second set of communication units that are currently
inactive and wherein communication units of the plurality of communication
units readily change from the first set of communication units to the second
set of communication units and vice versa, a method for updating encryption
key information to the plurality of communication units, the method
comprises the steps of: a) transmitting, by a first communication unit in
the first set of communication units, unit identification information to the
encryption controller; b) when the unit identification information is
received, determining, by the encryption controller, that the first
communication unit does not have updated encryption key information; c)
transmitting, by the encryption controller, updated encryption key
information to the plurality of communication units, wherein only the first
set of communication units are updated with the updated encryption key
information; d) initiating, by the encryption controller, a predetermined
wait period; e) changing, by a second communication unit, from the second
set of communication units to the first set of communication units; f) after
expiration of the predetermined wait period, receiving, by the encryption
controller, unit identification information from the second communication
unit; and g) when the unit identification information from the second
communication unit is received, retransmitting, by the encryption
controller, the updated key information to the plurality of communication
units, wherein communication units that have changed from the second set of
communication units to the first set of communication units are updated with
the updated encryption key information.

  Patent Number: 5325432

  Issue Date: 1994 06 28

  Assignee: Motorola, Inc.

  Inventor(s): Gardeck, KevinCutts, Kevin M.

  If you require additional information on this patent, please call
PatentQuery at 800-984-9800.

[07-06-94 at 18:24 EDT, Copyright 1994, MicroPatent, File: m0701215.4pa]







From nobody at c2.org  Thu Jul  7 08:07:38 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 08:07:38 PDT
Subject: WHITE HOUSE TO RETHINK CLIPPER
Message-ID: <199407071505.IAA07086@zero.c2.org>


============================================================================
SUBJECT:  PRESSURE GROWING ON WHITE HOUSE TO RETHINK CLIPPER CHIP POLICY
SOURCE:   Inside Washington via Fulfillment by INDIVIDUAL, Inc.
DATE:     June 30, 1994
INDEX:    [5]
----------------------------------------------------------------------------

  WASHINGTON TELECOM WEEK via INDIVIDUAL, Inc. : The White House came under
increased pressure this week to withdraw its controversial Clipper Chip
encryption proposal when the policy arm of a major computing society
attacked the plan. The U.S. Public Policy Committee of the Association for
Computing Machinery (USACM) said in a position paper that "communications
security is too important to be left to secret processes and classified
algorithms."

  USACM said that Clipper would put U.S. manufacturers at a competitive
disadvantage in the global market and would adversely affect technological
development within the United States.

  A statement by USACM pointed out that the Clipper technology has been
championed by the Federal Bureau of Investigations and the National Security
Agency. These agencies maintain that "non-escrowed" encryption technology
threatens law enforcement and national security.

  "As a body concerned with the development of government technology policy,
USACM is troubled by the process that gave rise to the Clipper initiative,"
said Barbara Simons, a computer scientist with IBM, in a statement. Simons,
who chairs the ACM committee, added that it is "vitally important that
privacy protection for communications networks be developed openly and with
full public participation.

  The Clipper Chip, also known as the Escrowed Encryption Standard, raises
fundamental policy issues, according to the analysis. After reviewing a new
study by the ACM, the USACM makes the following recommendations:

  - The Administration should withdraw the Clipper Chip proposal and begin
an open and public review of encryption policy. The escrowed encryption
initiative raises vital issues of privacy, law enforcement, competitiveness
and scientific innovation that must be openly discussed.

  - The Administration should encourage the development of technologies and
institutional practices that will provide real privacy for future users of
the National Information Infrastructure.

  - Public policies and technical standards should be developed for
communications security in open forums in which all stakeholders --
government, industry and the public -- participate. Because the nation is
moving rapidly to open networks, a prerequisite for the success of those
networks must be standards for which there is widespread consensus,
including international acceptance. "The USACM believes that communications
security is too important to be left to secret processes and classified
algorithms. We support the principles underlying the Computer Security Act
of 1987, in which Congress expressed its preference for the development of
open and unclassified security standards."

  - Any encryption standard adopted by the U.S. government should not place
U.S. manufacturers at a disadvantage in the global market or adversely
affect technological development within the Untied States. Few other nations
are likely to adopt a standard that includes a classified algorithm and keys
escrowed with the U.S. government.

  - Change the process of developing Federal Information Processing
Standards (FIPS) employed by the National Institute of Standards &
Technology. This process is currently predicated on the use of such
standards solely to support federal procurement. Increasingly, the standards
set through the FIPS process directly affect non-federal organizations and
the public at large.

  The USACM said that the vast majority of comments solicited by the
National Institute for Standards and Technology opposed the standard but
were openly ignored. The standard therefore should be placed under the
Administrative Procedures Act so that citizens may have the same opportunity
to challenge government actions in the area of information processing as
they do in other important aspects of federal agency policymaking. -- Joe
Burey

[06-30-94 at 17:05 EDT, Copyright 1994, Inside Washington, File:
w0630041.6ip]







From nobody at c2.org  Thu Jul  7 08:08:02 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 08:08:02 PDT
Subject: Unknown
Message-ID: <199407071505.IAA07089@zero.c2.org>


============================================================================
SUBJECT:  HOUSE PANEL BACKS DIGITIZATION, JOINT TELECOM NETWORK
SOURCE:   Phillips Publishing via Fulfillment by INDIVIDUAL, Inc.
DATE:     July 5, 1994
INDEX:    [3]
----------------------------------------------------------------------------

  C4I NEWS via INDIVIDUAL, Inc. -- In a boost to two nascent C3 programs,
House appropriators are supporting the Pentagon's plans to merge defense and
civilian telecommunications traffic and the Army's digitization effort.

  The House Appropriations Committee, in a report on its FY '95 Defense
Appropriations Bill, calls DoD's plans to merge its information pipeline,
the Defense Information Systems Network (DISN), with the follow-on to the
federal telephone network, FTS 2000, "refreshing." But the panel does
caution that DISN and the Defense Messaging System, an E-mail application
that will run on the network, "must be carefully managed and security
measures strongly endorsed."

  The panel also voices its support for the Army's digitization efforts,
particularly the service's plans to "maximize the use of non-developmental
and commercial off-the- shelf equipment."

  In good news for the firms lining up to bid on pieces the digitization
work--including Science Applications International Corp., General Dynamics,
ITT and Loral--the appropriators boost the Army's FY '95 request of $75.86
million to $115.86 million. Both the House and Senate Armed Services
Committees also increased the digitization request: the House by $50
million; the Senate, by $3 million.

  But the panel agrees with the concerns HASC expresses in its report on the
FY '95 Defense Authorization Bill, saying that the Army has not defined "the
overall system architecture and digital interfaces, standards and
protocols." Other areas of concern include "insufficient emphasis on digital
integration with" aviation or Marine Corps' assets.

  The panel directs the Army to provide a report to the congressional
appropriations committees by March 1, 1995, identifying a master plan for
developing, testing and producing digitization hardware and software,
including an architecture for interfacing with C3I systems.

  The appropriators also look favorably on the new Alert, Locate and Report
Missiles (ALARM) effort, boosting the $150 million request to $330 million.
The additional funds must be used to accelerate launch of the first ALARM
bird, now slated for FY '04. In addition, due to the "national importance of
the program" the panel directs the secretary of defense to: ensure the
program is fully funded in the out-years; complete the engineering and
manufacturing development downselect by March 31, 1996; and work toward
first launch not later than 2000.

  ...Panel Hits SBIS, CHS

  Cutting the Army's operation and maintenance request for the Sustaining
Base Information System (SBIS) by $24 million, the panel expresses concerns
about "disturbing trends" in the program, for which Loral is the prime
contractor. Such concerns include an increase in the number of lines of
software code and the fact that the hardware has yet to pass a systems
acceptance test.

  SBIS is the Army's base system modernization plan.

  The committee also criticizes the Army for planning to field hardware
under the Common Hardware/Software II contract "prior to completion of all
pre-production testing and engineering." Because the CHS-I contract will
expire prior to the completion of all CHS-II qualification tests, "a serious
break in production will occur."

  To minimize fielding interruptions, the panel directs the Army to examine
the possibility of extending the CHS-I contract. Such an extension would be
a boost to the contractor, Miltope Corp.

[07-05-94 at 18:00 EDT, Copyright 1994, Phillips Publishing, Inc., File:
d0705024.4sd]








From nobody at c2.org  Thu Jul  7 08:08:08 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 08:08:08 PDT
Subject: INTERNET SECURITY VENTURE LAUNCHED
Message-ID: <199407071505.IAA07099@zero.c2.org>


============================================================================
SUBJECT:  INTERNET SECURITY VENTURE LAUNCHED
SOURCE:   CMP Publications via Fulfillment by INDIVIDUAL, Inc.
DATE:     July 5, 1994
INDEX:    [2]
----------------------------------------------------------------------------

  Information Week via INDIVIDUAL, Inc. : RSA Data Security in Redwood City,
Calif., and Enterprise Integration Technologies in Palo Alto, Calif., have
formed a joint venture to improve security for transactions on the Internet.
The unit, called Terisa Systems, will develop and supply online security
products to provide encryption, authentication, and other services. Improved
security could give Internet commercial ventures a big boost.

[07-05-94 at 17:42 EDT, Copyright 1994, CMP Publications, Inc., File:
c0705022.8mp]






From nobody at c2.org  Thu Jul  7 08:08:10 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 08:08:10 PDT
Subject: Unknown
Message-ID: <199407071505.IAA07095@zero.c2.org>


============================================================================
SUBJECT:  PRETTY GOOD PRIVACY 2.6
SOURCE:   ZiffWire via Fulfillment by INDIVIDUAL, Inc.
DATE:     July 5, 1994
INDEX:    [3]
----------------------------------------------------------------------------

  PC Week via INDIVIDUAL, Inc. : Those opposed to, or even just worried
about, the federal government's Clipper chip encryption proposal now have a
free, easy, and legal alternative.

  The Massachusetts Institute of Technology and RSA Laboratories have teamed
to produce a new version of Philip Zimmermann's PGP (Pretty Good Privacy),
Version 2.6. The software and source code is being distributed by MIT along
with a free license from RSA Laboratories for non- commercial use. The
software was released at the end of May.

  PGP uses the Public Key encryption method, which has been patented by RSA.
PGP has been distributed since 1990 as an implementation of the Public Key
encryption algorithm and has gone a long way in popularizing that method of
personal encryption and the use of what are called digital signatures.

  PGP has been the subject of controversy, however, since it used to use
public-key encryption without a license from RSA, and because it has been
distributed all over the world in source-code form, which some federal
authorities say is against international encryption-export bans imposed by
the United States. Version 2.6, however, is licensed through RSA, so there's
no question about its legality.

  MIT and RSA's distribution of PGP Version 2.6 is an attempt to short-
circuit PGP's popularity. After Sept. 1, 1994, PGP 2.6 will no longer work
with documents and keys generated and encrypted by older versions of PGP,
and it is licensed for use only in the United States.

  The release is already causing upheaval, since its public-key format is
different than in prior versions, and numerous public-key repositories will
have to be updated.

  An oversimplified explanation of public-key encryption is that users
choose (or generate using software) two large, random prime numbers (only
divisible by themselves or one), which remain private. They then distribute
the product of those two numbers freely, which is the public- key part of
the encryption. Anyone wishing to send an encrypted document to a user can
encrypt it using that user's public key. Only the intended recipient can
then decrypt the document.

  A related use of public-key encryption (and probably its more important
use in the future of the information highway) is for digital signatures. A
user wishing to "sign" a document uses a private key (the prime factors) and
combines it with a checksum of the document. Anyone can then use that
users's public key to verify the electronic signature and verify that the
document was not altered since the user signed it.

  Public-key encryption is especially strong because there is no known
"easy" method of breaking down extremely large numbers into their component
prime factors (other than brute force). The largest supercomputers today
would take centuries to break down a sufficiently large public key, but it
only takes a few seconds to generate such a key and use it to encrypt and
decrypt documents.

  The government's proposed Clipper chip uses a somewhat similar method of
encryption. At least, it seems to be similar: Its exact algorithm is
classified. With the Clipper chip, however, the federal government would
hold the "key" that would let law-enforcement personnel decrypt the chip to
be used when wiretapping is authorized by the courts.

  PGP comes with extensive documentation that clearly explains the public-
key algorithm and provides both a DOS executable and source code for
compiling the program on numerous other platforms. The program provides all
the normal public-key functions (such as signing and encrypting) through the
command line. Although command line is not the most intuitive method, it
lends itself well to automation.

  Obtaining PGP 2.6 is a somewhat complicated process. Users must use ftp to
get to net-dist.mit.edu and get a README file and various licenses in
/pub/PGP, then use telnet to get to the same address to answer a
questionnaire and get the address for the rest of the PGP files. Finally,
users must use ftp a second time to actually obtain the files. If the user's
IP address is not part of a Domain Name Service and can't be resolved to an
address in the United States, the user must contact MIT through E-mail.

  -- Eamonn Sullivan

[07-05-94 at 17:19 EDT, Copyright 1994, ZiffWire, File: c0705185.2zf]








From nobody at c2.org  Thu Jul  7 08:08:11 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 08:08:11 PDT
Subject: SUPPORT FOR ARMY DIGITIZATION...
Message-ID: <199407071505.IAA07092@zero.c2.org>


============================================================================
SUBJECT:  SUPPORT FOR ARMY DIGITIZATION EXTENSIVE BUT CONCERNS ARISE
SOURCE:   Phillips Publishing via Fulfillment by INDIVIDUAL, Inc.
DATE:     June 30, 1994
INDEX:    [6]
----------------------------------------------------------------------------

  DEFENSE DAILY via INDIVIDUAL, Inc. -- Despite widespread support for the
Army's multi-billion dollar digitization effort, concern is beginning to
mount in the Pentagon and Congress about aspects of the program, including
intraservice coordination, requirements, funding and interoperability.
  Officials in the Office of the Secretary of Defense and on Capitol Hill
realize digitization, the buzz word for the Army's plan to pass information
rapidly between disparate platforms, is a complex task and have thrown their
support behind the effort.

  Emmett Paige, Jr., assistant secretary of defense for command, control,
communications and intelligence, says the "Army is off to a good start."

  "I have no real concerns" about the service's plans, Paige told Defense
Daily in a telephone interview.

  While others in OSD also support digitization, some are beginning to focus
on a host of crucial issues they believe the Army must resolve.

  One such concern is that "different components of the Army perceive
[digitization] differently," a senior OSD official believes. Since
digitization involves various Army sectors, ranging from the Training and
Doctrine Command to the Communications-Electronics Command, the perspective
OSD receives "depends on who's doing the talking."

  In response, the Pentagon is counting on the Army Digitization Office to
bring things together.

  Requirements are also a source of concern. OSD believes they must be
developed prior to material solutions or architectures. A congressional
source agrees, saying the service is putting the "cart before the horse" by
developing an acquisition strategy without "definitized requirements."

  The massive digitization requirements process has proven slow-moving and
somewhat contentious, according to service sources (Defense Daily, June 20).

  Interoperability is also a central consideration. "There appears to be no
involvement of the Navy or Air Force at this point," although it may be a
little "early to worry about that," according to the senior OSD source.

  Paige, though, said he has no doubt the Army realizes the "other services
must be included as we digitize the battlefield." Specifically, he says, the
"C4I for the Warrior concept is recognized in everything the services are
doing today." Developed by the Joint Chiefs of Staff, C4I for the Warrior
stresses interoperability and joint operations.

  Interoperability is also on the minds of lawmakers. This year, they pushed
the Army to focus on interoperability with the Marines; next year they will
emphasize interoperability with the Navy and Air Force, a congressional
source says. Interoperability with the allies will be stressed the following
year.

  A Defense Science Board summer study on the information architecture for
the battlefield is dealing with such interoperability issues, according to
Paige. The board hopes its study, slated for completion in late-September,
will provide the Army with the "processes to evolve interoperability
issues," a source says.

  The task, however, is a difficult one, he concedes. "It's one thing to
have an architecture; another to control the builders."

  Indeed, development of an overall systems architecture is a primary
concern of Congress. The service at this point has "no standards, protocols
or interface requirements" but it is proceeding with billion-dollar digital
upgrades to the Bradley Fighting Vehicle and M1A2 tank, the congressional
source says.

  Turning to specific systems, OSD is interested in how the digitization
effort will affect a range of existing C4I equipment, including the Army
Battle Command System, Mobile Subscriber Equipment, the Single Channel
Ground and Airborne Radio System and the Enhanced Position Location
Reporting System, according to the senior OSD official.

  OSD plans to "force the Army to come up here and tell us how [the systems]
fit and not be duplicative," he notes.

  As expected, in tough budget times, money is also a central concern. The
service has probably underestimated the cost of digitization "200-400
percent," the congressional source argues. The Defense Science Board is also
concerned about the amount of funding the Army will need to execute its
strategy.

 The Army has placed the value of the portion of the digitization effort it
will compete to industry at over $1 billion. Army charts show the Army
Digitization Office will oversee over $8 billion in digitization funding
into the next century (Defense Daily, June 23).

  At this point, both OSD and Congress are willing to give the service more
time to work out the problems associated with digitization.

  "We'll give them a chance to get started," the senior OSD source notes,
but "we'll ultimately decide whether the acquisition strategy makes sense."
It "could get changed."

[06-30-94 at 18:00 EDT, Copyright 1994, Phillips Publishing, Inc., File:
d0630009.8sd]







From nobody at c2.org  Thu Jul  7 08:08:12 1994
From: nobody at c2.org (Random H0Z3R)
Date: Thu, 7 Jul 94 08:08:12 PDT
Subject: TROJAN HORSE CALLED CHINON
Message-ID: <199407071505.IAA07105@zero.c2.org>


============================================================================
SUBJECT:  ALERT RAISED ON TROJAN HORSE CALLED CHINON
SOURCE:   Newsbytes via Fulfillment by INDIVIDUAL, Inc.
DATE:     July 1, 1994
INDEX:    [1]
----------------------------------------------------------------------------

  PITTSBURGH, PENNSYLVANIA, U.S.A., 1994 JUL 1 (NB) via INDIVIDUAL, Inc. --
Newsbytes  has confirmed that a new "Trojan horse," named the "Chinon" or
"CD-IT" program, is being spread by "unknown hackers" on the  Internet.

  Newsbytes confirmed through the Computer Emergency Response Team  at
Carnegie-Mellon University in Pittsburgh that the program has  been
distributed by unknown persons on the Internet, from which  it can be
downloaded. Unlike a virus, a piece of code which hides  from users and then
causes destruction, a Trojan horse  masquerades as a helpful program, but
then causes damage when  downloaded.

  The program alleges to be a shareware utility for PCs that will  convert
an ordinary CD-ROM drive into a CD-Recordable device.  That is technically
impossible. Instead the program destroys  critical system files on a user's
hard drive and can crash the  CPU, forcing its user to reboot while
remaining in memory.

  According to a spokesman for CERT, the only remedy now known for  infected
computers is a regular back-up of the hard drive. Once  the Trojan horse is
activated, there's nothing that can be done  except to erase the hard drive
and re-load it from the back-up,  losing all work done since the last back-
up. The program is not  detected by most anti-viral programs in part because
it's not a  virus.

  Word of the program, and efforts to correct it, have spread  quickly.
Newsbytes got word through a bulk-mail from an OS/2  newsgroup, the message
originating at the University of Georgia.  UGA, meanwhile, apparently
learned of Chinon through Doug  Leonard, who spread an alert from the
Sacramento PC Users Group.  The original message, in turn, was written by
Mark F. Haven of  the US Department of Health & Human Services. The message
to  Newsbytes, sent around 4:30 PM Eastern Daylight Time, was  confirmed
through a phone call to Terry McGillan at Carnegie- Mellon, who checked with
CERT to make sure the alert was genuine.

  (Dana Blankenhorn/19940701/Press Contact: Terry McGillan,  Carnegie-Mellon
University, 412-268-7394)







From jim at bilbo.suite.com  Thu Jul  7 08:13:31 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 7 Jul 94 08:13:31 PDT
Subject: Any news on the crypto export bill?
Message-ID: <9407071511.AA15848@bilbo.suite.com>



The House Rules Committee was supposed to decide if the General Export  
Administration Act HR 3937 was going to be "open" or "closed".  They were  
going to do this last Thursday.  What did they decide?  Or was the meeting  
postponed?

Jim_Miller at suite.com






From cme at tis.com  Thu Jul  7 08:17:00 1994
From: cme at tis.com (Carl Ellison)
Date: Thu, 7 Jul 94 08:17:00 PDT
Subject: Unknown [Motorola patent for key update]
In-Reply-To: <199407071450.HAA06957@zero.c2.org>
Message-ID: <9407071516.AA11721@tis.com>


I must be too old.  When I was studying CS, nobody told me about the step
after design document and before coding called "put your design document
into a patent".  I grew up with the silly notion that something had to be
especially clever to be patented.  Ah well -- maybe it's time to change
fields....






From pstemari at bismark.cbis.com  Thu Jul  7 08:20:37 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Thu, 7 Jul 94 08:20:37 PDT
Subject: Mastercard, Visa, Access, Barclaycard, Amex, JCB ...
In-Reply-To: <9407071324.AA12134@zen.alias.com>
Message-ID: <9407071520.AA08022@focis.sda.cbis.COM>


The credit card swipers send the entire transaction in for both
approval and reporting.  I'd imagine that the account number, merchant
number, and transaction amount are all there, since that's all needed.
Whether or not they encrypt the data I don't know.





From sommerfeld at orchard.medford.ma.us  Thu Jul  7 08:33:17 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Thu, 7 Jul 94 08:33:17 PDT
Subject: Counting bits
In-Reply-To: <199407070647.AA12059@laurel.ocs.mq.edu.au>
Message-ID: <199407071518.LAA00484@orchard.medford.ma.us>


Since people are playing "my processor is better than your processor"...

This case (counting number of bits set in n-bit word) takes 2n+1
instructions on the HP PA-RISC processor.  (HP's compiler generates
2n+2 instructions, GCC takes 2n+1).  No branch instructions are
generated in either case.

HP's compiler uses the conditional skip feature of the PA
architecture, while GCC converts

	if (x&(1<<n)) y++;

into the equivalent branchless form:

	y += ((x>>n)&1);

( (x>>n)&1 being a single-instruction bitfield extract on the PA).

						- Bill





From blancw at microsoft.com  Thu Jul  7 08:47:23 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Thu, 7 Jul 94 08:47:23 PDT
Subject: FW: Windows for Workgroups 3.11
Message-ID: <9407071449.AA11623@netmail2.microsoft.com>


Below is the reply which I received internally on the question of 
whether WfW uses RSA:

----------
From: Michael Ginsberg
To: Blanc Weber
Cc: Cypherpunks Mailing List Redistribution
Subject: RE: Windows for Workgroups 3.11
Date: Thursday, July 07, 1994 8:22AM

[The following can be distributed outside of Microsoft, and 
redistributed thereafter, as long as it remains unaltered and is 
reproduced in it's entirety, including this header]

In the Windows for Workgroups 3.11 fax enhancement, we provide the 
ability to send "email format" messages over fax.  These are messages 
that do not lose their original format during faxing, so that they are 
still editable (ie: if you send a Microsoft Word document, the receiver 
gets an actual Microsoft Word document, not just printed pages).  One 
feature of this format is that we allow security enhancements to be 
applied to the message before transmission.  These enhancements are 
encryption (either secret key or public key) and signature (based on 
public key).  I will describe a bit about how we implement these features.

1> Secret key encryption
	This is exposed to the user as password encryption.  The user chooses 
a password (of as long a lenght as the user desires, composed of 
characters with ASCII values 1 through 255) and we hash it down to 64 
bits.  These 64 bits are used to encrypt the message (including all 
attachments, text, properties, etc) using RSA's RC4 algorithm.  A 
header is then placed on the message with sufficient information for 
routing (subject, sender, receiver, time stamps, as well as a marker 
identifying the encryption type).  The receiver enters the password to 
decrypt (the same as the encrypting password), and we verify that the 
password is correct by decrypting the message and seeing if it's valid 
(ie: has the right internal structure to be a mail message).

2> Public key encryption
	We allow the user to generate public/private key pairs.  These key 
pairs are 512-bit RSA key pairs.  The private part is stored encrypted 
(with the user's "fax security" password) on the user's hard drive, and 
the public part is stored in plain (binary form).  The user exchanges 
his public keys with other users in various ways.  If the user sends a 
fax with public key encryption, we first generate a random 64 bit 
number, and encrypt the message with RC4 using that number (similar to 
password encryption above).  We then scatter the 64 bits in a 64 byte 
(randomly initialized) buffer and encrypt that buffer using RSA's RSA 
encryption scheme, using both the sender's private key and the 
recipient's public key.  We then send the encrypted message and header 
containing routing information and the 64 byte block.  The recipient 
performs a similar operation, using his private and the sender's public 
key to obtain the 64 bit "secret key", and then decrypting the message.

3> Digital signature
	While the above encryption schemes are performed on entire messages, 
we provide a method for digitally signing attachments.  Microsoft Mail 
allows the entering of plain text into a message, as well as the 
embedding of entire files.  It is these files which we sign.  Signature 
is accomplished by computing a 128 bit hash of the file using RSA's MD5 
message digest algorithm.  This 128 bit hash is then embedded in a 64 
byte buffer, and it is encrypted using the sender's private key.  The 
buffer (along with some header information) is pre-pended to the 
document, and it's extension is changed to .aws, so that our applet to 
view signatures is called upon double clicking or "running" the signed 
document.  Anyone receiving the document can see the validity of the 
signatures (by hashing themselves, and then decrypting the stored 
hash).  If you sign a signed document, the signatures are cumulative, 
so multiple people can sign the same document.  Signatures are either 
valid (hashes match), invalid (hashes differ), or unverifyable (you 
don't have the sender's public key).

--Michael Ginsberg, Software Design Engineer, Microsoft Corporation.
mikegins at microsoft.com





From gtoal at an-teallach.com  Thu Jul  7 08:48:18 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 08:48:18 PDT
Subject: Counting Bits
Message-ID: <199407071547.QAA09077@an-teallach.com>


	From: SINCLAIR DOUGLAS N <sinclai at ecf.toronto.edu>
	The only sane way to count the number of 1 bits in a byte is to use
	a lookup table:

		return table[result];

	On an intel chip this produces ONE opcode:

		XLAT

Do you think we'd all be spending weeks on it if it were that easy?

Or are you suggesting that 32-bits of address space of RAM is reasonable
for this problem?  Even if it's a 16-bit table you still have to do the
add; worse, the non-local access shits all over the bus timings and
the cache.  Much better to avoid going off-chip and keep the CPU
running at full speed (which might be 100 times faster than memory).

Again, remember we're nottalking about PCs here but real computers.

G
PS I dunno what superoptimisizer Perry is talking about but I've
never heard of a real one that works.  You have to feed in a complete
machine description at register transfer level and i don't know if
those exist for real machines; also the problem is almost certainly
exponential time for a *guaranteed* solution as Perry claims is
possible.





From gtoal at an-teallach.com  Thu Jul  7 10:07:20 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 10:07:20 PDT
Subject: TROJAN HORSE CALLED CHINON
Message-ID: <199407071707.SAA10858@an-teallach.com>


	SUBJECT:  ALERT RAISED ON TROJAN HORSE CALLED CHINON
	SOURCE:   Newsbytes via Fulfillment by INDIVIDUAL, Inc.

Oh for fucks sake this is the last bloody straw.  This story IS TWO YEARS
OLD!!!  And it's wrong.  And like most of what you posted it's got
bugger all to do with cypherpunks.

If you want to be a one-man newsagency, Mr Nobody, set up your own
fucking mailing list and stop bombing us with this much shite every
day.  Or start your own news group on usenet.  It's not appropriate
here - most of the stories you posted we knew about already.

G
*plonk* - nobody at c2.org goes into my killfile, whether anyone more
interesting ever choses to post from there or not...





From gtoal at an-teallach.com  Thu Jul  7 10:17:41 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 10:17:41 PDT
Subject: Another detweiler testicle?
Message-ID: <199407071717.SAA11073@an-teallach.com>


Have a look at postings by 'berzerk at xmission.com' in several groups
including talk.politics.crypto - has every sign of being classic
Detweiler.  We'll know soon enough if he turns up here too, though
he seems to be enjoying his 10 minutes of fame on usenet more nowadays
since he discovered news.admin.policy et al.

G





From jamiel at sybase.com  Thu Jul  7 10:23:25 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 7 Jul 94 10:23:25 PDT
Subject: Counting Bits
Message-ID: <9407071722.AA05853@ralph.sybgate.sybase.com>


At  4:47 PM 07/07/94 +0100, Graham Toal wrote:

>PS I dunno what superoptimisizer Perry is talking about but I've
>never heard of a real one that works.  You have to feed in a complete
>machine description at register transfer level and i don't know if
>those exist for real machines; also the problem is almost certainly
>exponential time for a *guaranteed* solution as Perry claims is
>possible.

The only tool I have ever seen that created real results was a tool that
caused more headaches than solutions. (Inside, proprietary tool, can't
go into details) It only worked on its native platform  and one could
feed it up to about 4K of code to analyse.

In one test I fed it approx 60 lines of code. It built a database
of 1.2 gigabytes, crunched for about 20 days, and bombed. This repeated
for quite a while. Someone eventually got it to work, and it really
did provide a pretty optimal solution. I have to wonder if people could
have done it in less than 4 months...


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From jamiel at sybase.com  Thu Jul  7 10:23:38 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 7 Jul 94 10:23:38 PDT
Subject: Mastercard, Visa, Access, Barclaycard, Amex, JCB ...
Message-ID: <9407071723.AB05853@ralph.sybgate.sybase.com>


At  9:24 AM 07/07/94 -0400, Richard Martin wrote:

>   I worked a few years in a pharmacy (credentials established) and so
>noticed that most customers will take it as a personal affront if anything
>more than this cursory attention is paid to their credit card. It's a
>North American phenomenon I can attest to, though whether it's much
>different from European attitudes I cannot judge until I work retail
>on the other side of the pond. (Read, hopefully never. Retail, that is. I
>would like to work in Europe at some point. But I'd rather not be selling
>Aspirin.)

A lot of people can ger really bitchy about 'not being trusted'. In
the hotel I used to work in, if I even asked people to sign the back
of an unsigned card they'd fly off the handle. "Sir, I *am* the acting
manager..."

>   Out of some interest, what do the "swipe" card verification systems
>do? How much information do they read from the card and pass down the
>telephone line? How much information would a tap of such a transmission
>reveal?

At the least, they reveal card number, expiration date, transaction
location, amount of purchase and (obviously) time of purchase. I suppose
more could be on the card, but I am not sure what good that would be
(if you have card number, any credit card company is gonna have much
more data on you than will fit on a magnetic strip).

I do wonder how many newer cash registers track purchase -> card number
records, but I doubt this does to card issuers (well, at least not for
free). But this discussion has less and less to do with crypto...


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From jamiel at sybase.com  Thu Jul  7 10:24:32 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 7 Jul 94 10:24:32 PDT
Subject: Mastercard, Visa, Access, Barclaycard, Amex, JCB ...
Message-ID: <9407071722.AB05853@ralph.sybgate.sybase.com>


At 11:20 AM 07/07/94 -0400, Paul J. Ste. Marie wrote:
>The credit card swipers send the entire transaction in for both
>approval and reporting.  I'd imagine that the account number, merchant
>number, and transaction amount are all there, since that's all needed.
>Whether or not they encrypt the data I don't know.

I believe modern card readers for at least MC/Visa use some form of
encryption, but for backwards compatibility the central offices also
work unencrypted. In the hotel I used to work in, the card reader
certainly didn't encrypt.


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From bryner at atlas.chem.utah.edu  Thu Jul  7 10:37:39 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Thu, 7 Jul 94 10:37:39 PDT
Subject: Schneier Claims on Multiple Encryption
In-Reply-To: <199407070543.AA14055@world.std.com>
Message-ID: <Pine.3.89.9407071100.A25692-0100000@atlas.chem.utah.edu>


On Thu, 7 Jul 1994, Kent Borg wrote:
> Kent's Hypothosis: Superencrypting different algorithms with unrelated
> keys can never weaken non-trivial algorithms.
Well, it could, just posibly, once in the enrtopy of your adverage 
algorithim, but then, as you pointed out, you could just use DES as a 
magic IDEA decoder:-)

You can prove that there is no such interaction if you use two different 
algorithims on two halfs of a one time pad message, even with the SAME key.
 
Roger.





From jmdaluz at kquest.com  Thu Jul  7 10:41:22 1994
From: jmdaluz at kquest.com (Jose M. daLuz)
Date: Thu, 7 Jul 94 10:41:22 PDT
Subject: Any news on the crypto export bill?
Message-ID: <199407071739.NAA13389@zork.tiac.net>


Apologies if this appeared ealier on this list.

----- Begin Forwarded Message -----
From: "Shabbir J. Safdar" <shabbir at panix.com>
Subject: URGENT: House Rules committee postpones vote until week of 7/11/94
Date: Wed, 6 Jul 1994 08:43:58 -0400 (EDT)
Content-Length: 20437     
Precedence: list
To: eff-activists at eff.org (eff-activists mailing list)


[updated July 6, 1994 with Rules Committee information, shabbir]
[My apologies for the errors in the fax numbers.  I still am unable to
 get the GPO to sell me an electronic copy of the Congressional Directory,
 so I end up playing "catchup".  If you can help, let me know.  I'll
 pay for the directory, I just can't navigate the gpo's terrible
 interface.. -Shabbir]

[POTENTIAL ACTION SCHEDULED FOR THE WEEK OF JULY 11TH, 1994]
[PLEASE CHECK THE "WHAT YOU CAN DO RIGHT NOW" SECTION!]
*********************************************************************
 
                        DISTRIBUTE WIDELY
 
*********************************************************************

Table of contents:
	Introduction & Alert
	Status of the bill
	What you can do right now
	List of legislators supporting HR 3937 (formerly HR 3627)
	List of legislators wavering on HR 3937 (formerly HR 3627)
	List of legislators opposing HR 3937 (formerly HR 3627)
	What is the Cantwell bill?

-------------------------------------------------------------------------------
INTRODUCTION & ALERT

Voters Telecomm Watch keeps scorecards on legislators' positions on 
legislation that affects telecommunications and civil liberties.
If you have updates to a legislator's positions, from either:

	-public testimony,
	-reply letters from the legislator,
	-stated positions from their office,

please send them to vtw at panix.com so they can be added to this list.

General questions: 	vtw at panix.com
Mailing List Requests: 	vtw-list-request at panix.com
Press Contact: 		stc at panix.com
Gopher URL: 		gopher://gopher.panix.com:70/1/1/vtw
WWW URL:		Be patient; we're working on it. :-)
-------------------------------------------------------------------------------
STATUS OF THE BILL (updated 7/6/94)

The Cantwell bill, that allows for fewer restrictions exports of
cryptography, has an interesting history.  It was rolled into the 
General Export Administration Act HR 3937.  The House Foreign Affairs
Committee passed the full strength version out of committee after
open, public hearings.  The House Intelligence Committee took the
bill and gutted it after a day of closed, secret hearings.  The
gutted version is making its way to the House floor.

There is a crucial stop-off point, however.  The House Rules Committee
planned to hold a hearing on 6/30/94 to determine if the bill can be
amended on the House floor (an "open" bill) or not (a "closed" bill).

*** The vote was put off, because in one member's words, "all the legislators
*** went home early".  This gives us more time to lobby!

If they mark the bill as "open", then the Cantwell bill could be restored
to its previous version, removing the language put in by the House Select
Intelligence Committee which gutted it without a public hearing.

YOUR LOBBYING HAS ALREADY WORKED!  A constituent reported back to me
that their legislator (Rep. Quillen) had taken a position on marking
the bill as "open".  In a land where legislators are loathe to offend,
this is terrific!  Call and urge your legislator to take a position
in favor of "open"!

This may be the last thing you can do for the cryptographic export
legislation.  Take the time to make a call!

Chronology of the bill
Jul 11, 94  House Rules Comm. reconvenes; possibly votes again this week
Jun 30, 94  [*** vote postponed, perhaps till the week of 7/11/94]
	    House Rules Comm. decides whether to allow amendments
	    on the bill when it reaches the House floor 
Jun 14, 94  Gutted by the House Select Committee on Intelligence 
May 20, 94  Referred to the House Select Committee on Intelligence 
May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
	    attached to HR 3937, the General Export Administration Act
Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
Nov 22, 93  Referred to the House Committee on Foreign Affairs.

-------------------------------------------------------------------------------
WHAT YOU CAN DO RIGHT NOW

Estimated time to do this good deed: Two minutes

Show your support for HR 3937 (formerly HR 3627) by contacting a member
of the House Rules Committee and ask them to mark the bill as "open"
(allowing amendments) when it reaches the House floor.

The phone numbers of the members of the House Rules Committee are listed 
below.  Please pick one from your state and call them.  If your state
isn't listed please call the Chairman, Rep. Joe Moakley.
 
Feel free to use the following sample communique:

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

Please mark the General Export Administration Act (HR 3937) as 
"open" (allowing amendments on the House floor).

Recently the House Intelligence Committee removed several provisions
of the General Export Administration Act, HR 3937, dealing with
the export of cryptographic technology.

The House Intelligence Committee did this in a closed, secret hearing
which provided for no public input.  The House Foreign Affairs
Committee previously held an open hearing on the same issue and
received a flood of people testifying in favor of the bill, which the
committee then reported out in full.

I urge you to allow the democratic process to take its course
on the House floor and mark the bill as "open".

Sincerely,

_________________________________


Phone/Fax/Addresses of members of the House Rules Committee


103rd United States Congress, 1993-1994
 
All addresses are Washington, D.C. 20515
 
   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      9 MA Moakley, John Joseph (D)       1-202-225-8273   1-202-225-3984
             235 Cannon
	UNSPECIFIED POSITION

      3 SC Derrick, Butler (D)            1-202-225-5301   1-202-225-5383
             221 Cannon
	UNSPECIFIED POSITION

     24 CA Beilenson, Anthony (D)         1-202-225-5911   no reliable fax
             2465 RHOB					   
	UNSPECIFIED POSITION

     24 TX Frost, Martin (D)              1-202-225-3605   1-202-225-4951
             2459 RHOB
	UNSPECIFIED POSITION

     10 MI Bonior, David E. (D)           1-202-225-2106   1-202-226-1169
             2207 RHOB
	UNSPECIFIED POSITION

      3 OH Hall, Tony P. (D)              1-202-225-6465   1-202-225-9272
             2264 RHOB
	UNSPECIFIED POSITION

      5 MO Wheat, Alan (D)                1-202-225-4535   1-202-225-5990
             2334 RHOB
	UNSPECIFIED POSITION

      6 TN Gordon, Bart (R)               1-202-225-4231   1-202-225-6887
             103 Cannon
	UNSPECIFIED POSITION

     28 NY Slaughter, Louise M. (D)       1-202-225-3615   1-202-225-7822
             2421 RHOB
	UNSPECIFIED POSITION

     22 NY Solomon, Gerald B. (R)         1-202-225-5614   1-202-225-1168
             2265 RHOB
	UNSPECIFIED POSITION

      1 TN Quillen, James H. (R)          1-202-225-6356   1-202-225-7812
             102 Cannon
	WILL VOTE FOR "OPEN" - CALL AND THANK HIM

     28 CA Dreier, David (R)              1-202-225-2305   no reliable fax
             411 Cannon
	UNSPECIFIED POSITION

     14 FL Goss, Porter J. (R)            1-202-225-2536   1-202-225-6820
             330 Cannon
	UNSPECIFIED POSITION


-------------------------------------------------------------------------

LIST OF LEGISLATORS SUPPORTING CRYPTOGRAPHY EXPORT LEGISLATION

The following legislators have formally registered support for
cryptography export legislation.  Call them with your cheers.

All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      1 WA Cantwell, Maria (D)            1-202-225-6311   1-202-225-2286
             1520 LHOB
	HR 3627's sponsor; thank her for her work!

     16 IL Manzullo, Donald (R)           1-202-225-5676   1-202-225-5284
             506 Cannon
	Cosponsored HR 3627 on 11/22/93
 
      3 UT Orton, William H. (D)          1-202-225-7751   1-202-226-1223
             1122 LHOB
	Cosponsored HR 3627 on 03/22/94

      3 OR Wyden, Ronald (D)              1-202-225-4811   1-202-225-8941
             1111 LHOB
	Cosponsored HR 3627 on 03/22/94

     16 CA Edwards, Donald (D)            1-202-225-3072   1-202-225-9460
             2307 RHOB
	Cosponsored HR 3627 on 03/22/94

     19 OH Fingerhut, Eric D. (D)         1-202-225-5731   1-202-225-9114
             431 Cannon
	Cosponsored HR 3627 on 03/22/94

      4 MA Frank, Barney (D)              1-202-225-5931   1-202-225-0182
             2404 RHOB
	Cosponsored HR 3627 on 03/22/94

      2 UT Shepherd, Karen (D)            1-202-225-3011   1-202-226-0354
             414 Cannon
	Cosponsored HR 3627 on 03/22/94

      3 WA Unsoeld, Jolene (D)            1-202-225-3536   1-202-225-9095
             1527 LHOB
	Cosponsored HR 3627 on 03/22/94

     19 FL Johnston II, Harry (D)         1-202-225-3001   1-202-225-8791
             204 Cannon
	Cosponsored HR 3627 on 03/22/94

      9 WA Kreidler, Mike (D)             1-202-225-8901   1-202-226-2361
             1535 LHOB
	Cosponsored HR 3627 on 03/22/94

      4 WA Inslee, Jay (D)                1-202-225-5816   1-202-226-1137
             1431 LHOB
	Cosponsored HR 3627 on 03/22/94

      7 WA McDermott, James A. (D)        1-202-225-3106   1-202-225-9212
             1707 LHOB
	Cosponsored HR 3627 on 03/22/94

      8 IN McCloskey, Frank (D)           1-202-225-4636   1-202-225-4688
             306 Cannon
	Cosponsored HR 3627 on 03/22/94

     14 CA Eshoo, Anna G. (D)             1-202-225-8104   1-202-225-8890
             1505 LHOB
	Cosponsored HR 3627 on 03/22/94

     10 NC Ballenger, Thomas C. (R)       1-202-225-2576   1-202-225-0316
             2238 RHOB
	Cosponsored HR 3627 on 05/04/94

      2 WA Swift, Al (D)                  1-202-225-2605   1-202-225-2608
             1502 LHOB
	Cosponsored HR 3627 on 05/04/94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS WAVERING ON CRYPTOGRAPHY EXPORT LEGISLATION
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

     26 NY Hinchey, Maurice D. (D)        1-202-225-6335   1-202-226-0774
             1313 LHOB
	Recently told a constituent that he is taking the Cantwell bill
	under consideration, but has "national security concerns" about
	allowing encryption to be exported outside the United States.

      1 IA Leach, James (R)               1-202-225-6576   1-202-226-1278
             2186 RHOB
	Has yet to answer a constituent letter with a stated position.

     13 NY Molinari, Susan (D)            1-202-225-3371   1-202-226-1272
             123 Cannon
	Has yet to answer a constituent letter with a stated position.
	(has taken inordinately long)

      8 NY Nadler, Jerrold (D)            1-202-225-5635   1-202-225-6923
             424 Cannon
	Met with lobbying constituent in April '94; no position taken yet

     25 CA McKeon, Howard P. (R)          1-202-225-1956   1-202-226-0683 
             307 Cannon
	Responded to a constituent with a "non-position", May '94
	Had a favorable meeting with a constituent and a VTW volunteer
		in May '94.

-------------------------------------------------------------------------------
LIST OF LEGISLATORS OPPOSING CRYPTOGRAPHY EXPORT LEGISLATION
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      5 AL Cramer Jr, Robert E. (D)       1-202-225-4801   1-202-225-4392
             1318 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      8 CA Pelosi, Nancy (D)              1-202-225-4965   1-202-225-8259
             240 Cannon
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     32 CA Dixon, Julian C. (D)           1-202-225-7084   1-202-225-4091
             2400 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     40 CA Lewis, Jerry (R)               1-202-225-5861   1-202-225-6498
             2312 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     46 CA Dornan, Robert K. (R)          1-202-225-2965   no reliable fax
             2402 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      2 CO Skaggs, David E. (D)           1-202-225-2161   1-202-225-9127
             1124 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     10 FL Young, C. W. (R)               1-202-225-5961   1-202-225-9764 
             2407 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      4 KS Glickman, Daniel (D)           1-202-225-6216   1-202-225-5398
             2371 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 NE Bereuter, Douglas (R)          1-202-225-4806   1-202-226-1148 
             2348 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      3 NM Richardson, William (D)        1-202-225-6190   no reliable fax
             2349 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 NV Bilbray, James H. (D)          1-202-225-5965   1-202-225-8808
             2431 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     17 PA Gekas, George W. (R)           1-202-225-4315   1-202-225-8440
             2410 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      2 RI Reed, John F. (D)              1-202-225-2735   1-202-225-9580
             1510 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     14 TX Laughlin, Gregory H. (D)       1-202-225-2831   1-202-225-1108 
             236 Cannon 
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     16 TX Coleman, Ronald D. (D)         1-202-225-4831   None
             440 Cannon
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     19 TX Combest, Larry (R)             1-202-225-4005   1-202-225-9615
             1511 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 UT Hansen, James V. (R)           1-202-225-0453   1-202-225-5857
             2466 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      6 WA Dicks, Norman D. (D)           1-202-225-5916   1-202-226-1176
             2467 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

-------------------------------------------------------------------------------
What is the Cantwell bill?

The Cantwell bill would permit companies to export products with
encryption technology in them.  US companies are currently
not permitted to export products (hardware or software) with this
technology in them.


What is encryption technology?

Encryption technology, or cryptography, is the art of scrambling 
a conversation so that only the people communicating can decode
it.  Other people (such as eavesdroppers) cannot learn about
the conversation.


Where is cryptography being used?

Cryptography is used to encrypt electronic mail to protect its confidentiality
in transit.  It's used by bank automatic teller machines to protect
sensitive data (such as your account number, your Personal Identification
Number, and your bank balance).  It can be implemented into software
(such as electronic mail programs and word processors) as well as hardware
(such as telephones and "walkie-talkies") to ensure your privacy.


Why is there a restriction on exporting products with technology
in them?

For many years the United States was a leading researcher in
cryptography.  High quality cryptographic technology was available only
within the United States.  The US government thought that if they did
not let this technology be exported, foreign individuals would not be able
to obtain it and use it against us (by keeping US intelligence agencies
from eavesdropping on their communications)

Since then, cryptography research has been published in international
journals.  Companies have been created throughout the world who
export cryptographic technology from countries that do not have
these restrictions.  You can now buy the same, high-quality cryptographic
technology from many international firms.  Although the marketplace
has changed, the regulations have not.


Why should the regulations be changed?

US companies compete in a global marketplace.  Because of the export
regulations, they often compete alongside products with superior
cryptographic capabilities built into them.

The result is that US companies build their products with
an inferior encryption technology.  The result of this is that
you, as an American consumer, have great difficulty obtaining
products with strong encryption in them.

Because US products cannot compete against products with better 
privacy features, and because the laws are outdated, the regulations
should be changed.  The Cantwell bill fixes these regulations to more
accurately resemble the current situation of the world marketplace.


How can I help encourage more privacy-enhanced products and
pass the Cantwell bill?

Call or write your representative and ask them to support or cosponsor
Rep. Cantwell's export provisions (formerly HR 3627) in the General
Export Administration Act, HR 3937.  You can base your letter on the
sample communication below.


SAMPLE LETTER OR PHONE CALL

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

As a citizen concerned for my privacy, as well as a supporter of
American business, I urge you to cosponsor the Rep. Cantwell's
cryptographic export provisions (formerly HR 3627) in the General
Export Administration Act, HR 3937.

The bill would allow US companies to produce and export products with
cryptographic privacy-enhancing technology in them.  These products
are already available from firms throughout the world.  US companies
lose nearly $100 million per year in exports to them.

By encouraging this industry, ordinary citizens like you and me would
be able to purchase products with better privacy features.

Please support or co-sponsor HR 3937.

Sincerely,

___________________________________ 

-------------------------------------------------------------------------------



----- End Forwarded Message -----
Jose M. daLuz
KnowledgeQuest Online Research
jmdaluz at kquest.com
(508) 996-6101 (vox)
(508) 996-6215 (fax)






From bryner at atlas.chem.utah.edu  Thu Jul  7 10:56:31 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Thu, 7 Jul 94 10:56:31 PDT
Subject: Another detweiler testicle?
In-Reply-To: <199407071717.SAA11073@an-teallach.com>
Message-ID: <Pine.3.89.9407071154.A25692-0100000@atlas.chem.utah.edu>


On Thu, 7 Jul 1994, Graham Toal wrote:

> Have a look at postings by 'berzerk at xmission.com' in several groups
> including talk.politics.crypto - has every sign of being classic
> Detweiler.  We'll know soon enough if he turns up here too, though
> he seems to be enjoying his 10 minutes of fame on usenet more nowadays
> since he discovered news.admin.policy et al.
Ahhhhmmm.

This is me, I am switching to a private account, and will be changeing my 
subscription to this list soon to be under this, and did this as a small 
joke.  So unless I look like a detweiler clone, you might be mistaken.
I thought it was funny.(the groups were talk.politcs.guns, 
alt.politics.libertarian, etc, and I put in all the worst statist, 
non-freedom loving stuff I have ever seen)

Now isn't this detweiler a parinoid who finds "tenticles" everywhere?  Is 
that like testicle?  Is Graham Detweiler?  Is detweiler like that guy in 
1984 we all have the hate ins about?

All these tough questions, tell me a joke:-)

Roger/Berzerk(from saberhagens berzerker, a sci fi work with reference to 
strong QM random number generators.)





From sandfort at crl.com  Thu Jul  7 11:03:27 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 7 Jul 94 11:03:27 PDT
Subject: LAW STUDENTS?
Message-ID: <Pine.3.87.9407071040.A9354-0100000@crl.crl.com>


C'punks,

If anyone on the Cypherpunks Channel is *currently* a law student, please 
contact me via private e-mail.  I have an favor to ask of you.

Thanks,


 S a n d y








From perry at imsi.com  Thu Jul  7 11:09:46 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 7 Jul 94 11:09:46 PDT
Subject: Superoptimizers
In-Reply-To: <9407071722.AA05853@ralph.sybgate.sybase.com>
Message-ID: <9407071809.AA04050@snark.imsi.com>



The "superoptimizer" is an invention of Dr. Henry Massalin. Basically,
you take a real complete machine description at the register level (of
course they exist -- how do you think they do instruction set
simulations these days?) and exhaustively search for the shortest or
fastest (your pick) program that performs a given task. Henry invented
a number of smart tricks to speed up the search dramatically -- even
so, more than about a dozen or 15 instructions and you will find
yourself waiting an unacceptable period. However, for short sequences
that need to have the hell optimized out of them its great -- it does
wonders for inner loops in signal processing applications, for
example. It has some big limitations -- you can't do pointer stuff,
for example. However, its been of enormous help to Henry in real-world
problems.

I was under the impression that the technique was now well known (but
not widely implemented). I suppose I was wrong on that.

Henry's own implementations (all assembler and very fast) are
unavailable, but the FSF distributes something called "Gnu Superopt"
that performs a similar task -- since it does its work in C its a LOT
slower.


Jamie Lawrence says:
> At  4:47 PM 07/07/94 +0100, Graham Toal wrote:
> 
> >PS I dunno what superoptimisizer Perry is talking about but I've
> >never heard of a real one that works.  You have to feed in a complete
> >machine description at register transfer level and i don't know if
> >those exist for real machines; also the problem is almost certainly
> >exponential time for a *guaranteed* solution as Perry claims is
> >possible.
> 
> The only tool I have ever seen that created real results was a tool that
> caused more headaches than solutions. (Inside, proprietary tool, can't
> go into details) It only worked on its native platform  and one could
> feed it up to about 4K of code to analyse.





From capek at watson.ibm.com  Thu Jul  7 11:36:34 1994
From: capek at watson.ibm.com (Peter Capek (TL-863-6721))
Date: Thu, 7 Jul 94 11:36:34 PDT
Subject: No Subject
Message-ID: <9407071836.AA00705@toad.com>


Pardon me if this has already been mentioned here -- I haven't noticed it --
but an article of considerable interest to this group has just been published..

The May 1994 issue of the IBM Journal of Research and Development contains
"The Data Encryption Standard (DES) and its strength against attacks" by
Don Coppersmith of IBM Research, who participated in the design and testing
of DES, particularly in the design of the famous S-boxes.  Included in the
paper is a discussion of differential cryptanalysis and what was done to
thwart that kind of attack.


        Peter Capek





From ravage at bga.com  Thu Jul  7 13:10:38 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:10:38 PDT
Subject: (fwd) Random Numbers - Request for feedback
Message-ID: <199407072010.PAA29162@ivy.bga.com>


Newsgroups: sci.stat.math,sci.math,sci.math.num-analysis
Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!agate!library.ucla.edu!csulb.edu!csus.edu!netcom.com!deleyd
From: deleyd at netcom.com
Subject: Random Numbers - Request for feedback
Message-ID: <deleydCsIB28.KEI at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Wed, 6 Jul 1994 06:51:43 GMT
Lines: 43
Xref: bga.com sci.stat.math:1315 sci.math:15353 sci.math.num-analysis:3354

RE: Computer Generated Random Numbers

A few closing comments and requests for further information:

1.  All my tests on random number generators were performed on VAX/VMS
    computers.  VAX uses a 32-bit architecture, so the random number
    generators I tested were ones which used a word size of 32 bits or
    less.  I would be interested in anybody's test results of a random
    number generator utilizing a larger word size, such as xrand() using
    SIZE=63.

2.  Anyone know of some good references on primitive polynomials mod 2
    and their applications?  They're used in additive congruential
    random number generators like the xrand() one tested here.  They're
    also used by file transfer programs such as xmodem to insure error
    free transmission, and they're used in cryptography too.  Anyone
    know of a good book on Abstract Algebra?  (The ones I have just
    briefly touch the topic and then move on.)


3.  Resolution:  Usually the random number generator is set up to return
    a floating point value between 0 and 1.  A typical floating point
    variable R can only represent a finite number of different values
    between 0 and 1.  If you magnify the result too much the
    discreetness of the floating point datum will become obvious.  For
    example, in VAX architecture the F-floating datum has a precision of
    approximately one part in 2**23.  Multiplying R by a very large
    number N to create a random variable between 0 and N will fail if N
    is too large because some of the values between 0 and N have no
    corresponding R value which maps to them (i.e. the mapping is no
    longer a surjection or onto map).
    
    For an F_floating datum, N above 2**23 is obviously too large.  But
    even below 2**23 there's still a problem of some bins having 2 R
    values which map to them while other bins have only 1.  We need to
    get N small enough so that the number of R values which maps to any
    bin is about the same, close enough so that differences aren't
    noticed when we test the random number generator.

-David Deley
deleyd at netcom.com







From ravage at bga.com  Thu Jul  7 13:10:39 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:10:39 PDT
Subject: (fwd) Random Numbers - Results of testing BSD random()
Message-ID: <199407072010.PAA29157@ivy.bga.com>


Newsgroups: sci.stat.math,sci.math,sci.math.num-analysis
Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!library.ucla.edu!csulb.edu!csus.edu!netcom.com!deleyd
From: deleyd at netcom.com
Subject: Random Numbers - Results of testing BSD random()
Message-ID: <deleydCsIAyv.K6n at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Wed, 6 Jul 1994 06:49:42 GMT
Lines: 119
Xref: bga.com sci.stat.math:1314 sci.math:15352 sci.math.num-analysis:3353

BSD random()

Here are the partial results.  Further tests were not performed due to
lack of time.  So far the generator appears to be comparable to a
shuffled linear congruential generator.

          DEFINITION:
            Generating polynomial: x^31 + x^3 + 1 (primitive polynomial)
            Initialize circular queue of 31 elements using ANSI C linear
             congruential generator.
            Recursion formula: a[i] = a[i] + a[i-3]

          RATING:
             1-D FAILS above 800,000 bpd      (bins per dimension)
             2-D FAILS above 3000 bpd
             3-D FAILS above 210 bpd
             4-D PASSES at 50 bpd (highest tested so far)
             5-D not tested
             6-D not tested
             7-D not tested
             8-D not tested

This is an additive congruential type random number generator.  An array
table[31] is initially filled with random numbers using the ANSI C
linear congruential random number generator.  Random numbers are then
generated using the recursion formula:

     table[k] = (table[k-31] + table[k-3]) mod 32

(Note that x**31 + x**3 + 1 is a primitive polynomial mod 2, which is
being used here as a generator.)  Since we are using the array table[]
as a circular queue with 31 elements then table[k-31] is just table[k]
before it gets replaced with the new value.  The recursion formula
becomes:

     table[k] = table[k] + table[k-3]

The generator works well in practice.  Knuth claims the sequence will
have period 2**31 - 1.  Knuth also claims there is very little theory to
prove that this generator does or does not have desirable random
properties.  I would be interested if anyone knows of any recent
developments in this area.

-David Deley
deleyd at netcom.com

(So sorry, I lost the name of the original person who posted this code below
 which was used in the tests. -D.D.)

/***
   Code to implement random() & srandom() of BSD Unix. It was taken
   (though coded somewhat differently) from the Gnu BSD implementation.
 ***/

#include <stdio.h>
#include <stdlib.h>
#define LONG31

#ifdef LONG31  /* x^31 + x^3 + 1 */
#define SIZE  31
#define SIZE1 30
#define P1 3
#define P2 0
#else  /* LONG63: x^63 + x + 1 */
#define SIZE  63
#define SIZE1 62
#define P1 1
#define P2 0
#endif

#define LONG_MAX  0x7fffffff


int p1=P1, p2=P2;  
long table[SIZE];

/*** return a "random" number in range [0, LONG_MAX] */

long xrand ()
{
  int r;

  table[p1] = table[p1] + table[p2]; /* add two table elements */
  r = (table[p1] >> 1) & LONG_MAX;   /* throw least significant bit away */

  if (p1 == SIZE1) { /* increment the table indexes */
    p1 = 0; 
    p2 = p2 + 1; 
  }
  else if (p2 == SIZE1) {
    p1 = p1 + 1;    
    p2 = 0;
  }
  else {
    p1 = p1 + 1;    
    p2 = p2 + 1;
  }

  return (r);
}


/*** use a linear congruential type generator to seed the 
     state table & cycle the entire table 10 times */

void sxrand (seed)
long seed;
{
  int i;

  table[0] = seed;
  for (i=1; i<SIZE; ++i)
    table[i] = (table[i-1] * 1103515145) + 12345;  /* lousy */

  for (i=0; i<10*SIZE; ++i)
    (void) xrand();
}







From ravage at bga.com  Thu Jul  7 13:10:58 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:10:58 PDT
Subject: (fwd) Random Numbers - CHIKSN.FOR
Message-ID: <199407072010.PAA29167@ivy.bga.com>


Newsgroups: sci.stat.math,sci.math,sci.math.num-analysis
Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!library.ucla.edu!csulb.edu!csus.edu!netcom.com!deleyd
From: deleyd at netcom.com
Subject: Random Numbers - CHIKSN.FOR
Message-ID: <deleydCsIBAp.KuF at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Wed, 6 Jul 1994 06:56:49 GMT
Lines: 526
Xref: bga.com sci.stat.math:1316 sci.math:15354 sci.math.num-analysis:3355

{Approx. 520 lines}

C CHIKSN.FOR
C
C This is the program which impliments the chi-square test used to test
C random number generators.  Presented here if you would wish to play
C with it yourself, maybe do some testing of your own.  See the paper
C "Computer Generated Random Numbers" sections 4 and 6 for an explanation
C of what this program does.
C
C This is not polished code you put on a shelf and admire, this is code
C you dig your hands into and work with to make it do what you want it to.
C
C The main routine is the one to tinker with.  This code is meant to be
C modified to suit your needs.  The goal is to fill up the bins with
C balls.  Here's a brief outline:
C
C        1. ASK USER INPUT:
C           a.  Number of dimensions?  NDIM
C           b.  Number of bins per dimension?  NBINSPD
C           c.  Total number of balls to throw at bins?  NBALLS
C           d.  Number of tests to run?  NCHITESTS
C           e.  Random number generator to use (if more than one defined)
C           f.  SEED value to initialize generator with
C
C        2. CREATE ARRAY BINS and ZERO ARRAY
C
C        3. THROW THE BALLS AT THE BINS and CALCULATE PROBABILITY:
C
C              LOOP (do CHITEST=1 to NCHITESTS)
C                 zero BIN array
C                 LOOP (do J=1 to NBALLS)
C                    get random numbers r1,r2,...,rn)
C                    increment BIN(r1,r2,...,rn)
C                 ENDLOOP
C                 CALL CHSONE to calculate chi-square probability
C              ENDLOOP
C              CALL KSONE to calculate Kolmogorov-Smirnov probability
C
C The main routine here is where you put a call to your random number
C generator, or for speed you can attempt a direct implimentation of your
C random number generator to save the overhead of a call.  (It can make a
C difference when you call the random number generator 100 million times
C in one test).
C
C The main routine defines a large one-dimensional array called BINS, the
C maximum size of which would depend on your account quotas and machine
C specific limitations.  The array BINS keeps track of how many balls have
C fallen into each bin.  The size of array BINS determines the maximum
C number of bins a user may select for a test.  (10,000,000 bins is a
C typical number you may want to use if possible.)
C
C So steps are:
C
C     1.  Check definition of one-dimensional array NBINS
C         that it's not too large for your account quotas
C         or system limitations.
C
C     2.  Place your random number generator to be tested where it
C         bluntly says "PLACE YOUR RANDOM NUMBER GENERATOR HERE".
C         The output is an integer IRANDOM between 0 and NBINS-1
C         (NBINS is the number of bins chosen by the user).
C
C         Currently the program is set up to use subroutine RAN1, a portable
C         random number generator from the book "NUMERICAL RECIPES: The Art
C         of Scientific Computing".  I've had trouble on our UNIX system
C         not making array R(97) static even though the code says to.
C         Compiling with the -static qualifier works.
C
C The random number generator being tested is used to "randomly" select a
C bin for the ball to fall in, and the counter for that bin is
C incremented.  Note for a multi-dimensional test we calculate the
C appropriate index into the linear array BINS by hand.  After all the
C balls are thrown we call the subroutines to do the heavy math.
C
C All the subroutines should be fairly standard FORTRAN-77 modified
C versions of routines from the book "NUMERICAL RECIPES: The Art of
C Scientific Computing" by William H. Press, Brian P.  Flannery, Saul A.
C Teukolsky, and William T. Vetterling, and you should look there for
C further reference as to what the routines are doing.  (Note: the book
C comes in several programming language forms including C, PASCAL, BASIC,
C as well as FORTRAN, so you can take your pick and rewrite this code in
C any language you please.)
C
C Note:
C    CHIKSN.FOR is currently set up to be run by a process with a very
C    large page file quota (pgflquo).  If you get a 'exceed quota' error
C    attempting to run this then all you need to do is change the line
C    which reads:
C
C       	INTEGER*2 BINS(20 000 000)	!The bins.
C
C    to something smaller like:
C
C    	INTEGER*2 BINS(1 000 000)	!The bins.
C
C
C To compile:
C      $ FORTRAN CHIKSN
C      $ LINK CHIKSN
C or
C     % f77 chiksn.f      !(Some UNIX F77 compilers require -save option)
C
C Sample run:
C   Test MTH$RANDOM in 3-D with 10 bins per dimension and 10 balls per bin:
C
C      $ RUN CHIKSN
C      Input number of dimensions NDIM: 3
C      Input number of bins per dimension NBINSPD: 10
C      Total number of bins = NBINSPD**NDIM =         1000
C      Minimum number of balls = 5*NBINS =         5000
C      Input total number of balls NBALLS: 10000
C      Input number of Chi-Square tests NCHITESTS (min=2) : 2
C      Choose random number generator to test
C        (1) MTH$RANDOM,
C        (2) RANDU,
C        (3) ANSI C,
C        (4) Microsoft C
C        (5) Turbo Pascal
C        (6) DES
C        : 1
C      Input starting SEED value: 1
C
C      BALLS=       10000   CHISQ=    993.0002441   PROB=      0.4524292
C      BALLS=       10000   CHISQ=    974.0001831   PROB=      0.2915459
C      KS D=      0.5475708  PROB=      0.5863269
C
C-----------------------------------------------------------------------
	PROGRAM CHIKSN
C  Perform a CHI-SQUARE test on a sequence of sets of N random numbers
C  NDIM      = number of dimensions
C  NBINSPD   = number of bins per dimension
C  NBINS     = total number of bins.  NBINS = NBINSPD**NDIM
C  NBALLS    = total number of balls.  Should be at least 5*(NBINS**NDIM)
C  NCHITESTS = Number of chi-square tests to do.  Must be 2 or more.
C  EBINS     = Expected value for each bin.  EBINS = NBALLS/NBINS
C  SEED      = Initial seed value for random number generator
C
C Note 1:  The maximum size of array NBINS may be determined by the users
C          page file quota (pgflquo in AUTHORIZE).  Also, it is recommended
C          the user have a very large working set quota (wsquo,wsextent)
C          to reduce page faulting.  This can greatly improve speed.
C          We use INTEGER*2 array here to save space.
C
C Note 2:  The maximum number of Chi-Square tests that can be saved is
C          arbitrary (array SAVEPROB).  The user may choose any value.
C
C Note 3:  The user may choose any starting seed value.  Some restrictions
C          may apply depending upon the particular random number generator
C          being used.  For example, RANDU should always be started with
C          an odd value of SEED.  MTH$RANDOM may be started with any value
C          of SEED.
C
C Note 4:  The MTH$RANDOM generator is used by the VAX FORTRAN intrinsic
C          function RAN and the VAX BASIC function RND.  It is defined as:
C
C               SEED = 69069*SEED + 1 mod 2**32
C               X = SEED/2**32
C
C Note 5:  The RANDU generator is obsolite due to very strong correlation
C          in 3d space.  ( Prove to yourself using 65539 = 2**16 + 3 that
C          SEED[i+2] = 6*SEED[i+1] - 9*SEED[i] ).  It is defined as:
C
C               SEED = 65539*SEED mod 2**31
C               X = SEED/2**31
C
C          The RANDU generator should be started with an odd value of SEED.
C
C Note 6:  The C standard library function rand() is defined as:
C
C               SEED = 1103515245*SEED + 12345 mod 2**32
C	        IX = SEED mod 2**31
C
C          This standard random number generator is defined in the book:
C               The C Programming Language
C               Brian W. Kernighan and Dennis M. Ritchie
C               Prentice Hall, 1978
C
C          The same generator is defined in the ANSI C version by the same
C          authors above, and the same generator is used in VAX C.
C
C Note 7:  The Microsoft C version 4.0 library function rand() impliments
C          the following:
C
C               SEED = 214013*SEED + 2531011 mod 2**32
C               IX = bits 16-31 of SEED
C
C Note 8:  The Turbo Pascal version 6.0 function impliments the following:
C
C               SEED = 134775813*SEED + 1 mod 2**32
C               IX = bits 16-32 of SEED
C
	IMPLICIT NONE
	INTEGER NDIM			!Number of dimensions
	INTEGER NBINS			!Number of bins
	INTEGER NBINSPD			!Number of bins per dimension
	INTEGER NBALLS			!Number of random numbers per
					!chi-square test.
	INTEGER NCHITESTS		!Number of chi-square tests to do

C	INTEGER*2 BINS(20 000 000)	!The bins. (see note 1)
	INTEGER*2 BINS(200 000)		!Less bins. (see note 1)
	REAL EBINS			!Expected number of balls per bin

	REAL SAVEPROB(100)		!Array to save results of
					!chi-square tests (see note 2)
	INTEGER*4 SEED(2)		!Only SEED(1) result is ever used.
	INTEGER*2 W(4)			!Seeds for RANDU
	EQUIVALENCE(SEED,W)		!for RANDU
	COMMON / SEEDSTORE / SEED

	INTEGER I,J,K,MRANDO,NBYTES,CLEAR,CHITEST,INDEX,IRANDOM,NCLEAR
	REAL*4 FRANDOM, RRANDOM
	CHARACTER*8 TIMEBUF
	EQUIVALENCE (IRANDOM,FRANDOM)
	REAL FOR$IRAN			!The RANDU random number generator
	REAL RAND			!UNIX rand()
	INTEGER*4 xrand			!BSD random()
	REAL RAN1			!test generator supplied
	REAL D
	INTEGER JISHFT,IRANDOM2,COUNT
	REAL RANDES			!DES FUNCTION (not supplied)
	INTEGER KEY(2)
	REAL CHSQ,PROB			!Chi-square value,
					!chi-square probability
	REAL*4 FNBINSPD			!float(NBINSPD)
	REAL*4 TWO31F
	REAL*4 TWO16F
	REAL*4 TWO15F
	TWO31F = 2.0**31.0
	TWO16F = 2.0**16.0
	TWO15F = 2.0**15.0
C*DES	KEY(1) = 12345		!Choose any number you want
C*DES	KEY(2) = 678901		!to initialize DES with
C*DES	CALL DES_INIT(KEY)	!DES code not included.

104     FORMAT(' Input number of dimensions NDIM: ',$)
100	FORMAT(' Input number of bins per dimension NBINSPD: ',$)
105	FORMAT(' Total number of bins = NBINSPD**NDIM = ',I)
106	FORMAT(' Minimum number of balls = 5*NBINS = ',I)
101	FORMAT(' Input total number of balls NBALLS: ',$)
103	FORMAT(' Input number of Chi-Square tests NCHITESTS (min=2) : ',$)
102	FORMAT(' Choose random number generator to test'/,
	1	'       /*(1)*/ xrand(),'/
	1	'       /*(2)*/ UNIX rand(),'/
	1	'       /*(3)*/ MTH$RANDOM,'/
	2	'       /*(4)*/ RANDU,'/
	3	'       /*(5)*/ ANSI C,'/
	4	'       /*(6)*/ Microsoft C'/
	5	'       /*(7)*/ Turbo Pascal'/
	7	'       /*(8)*/ DES'/
	8	'  (9) another random number generator (choose this one)'/
	6	'   : ',$)
107	FORMAT(' Input starting SEED value: ',$)
200	FORMAT(BN,I)

C ***GET USER INPUT***
10	WRITE(6,104)			!Input number of dimensions
	READ(5,200) NDIM
	WRITE(6,100)			!Input number of bins per dimension
	READ(5,200) NBINSPD
	FNBINSPD = FLOAT(NBINSPD)
	NBINS = NBINSPD**NDIM		!Calculate total number of bins
	WRITE(6,105) NBINS		!Total number of bins is...
	WRITE(6,106) 5*NBINS		!Minimum number of balls is...
	WRITE(6,101)			!Input total number of balls
	READ(5,200) NBALLS
	WRITE(6,103)			!Input number of chi-square tests to do
	READ(5,200) NCHITESTS
	WRITE(6,102)			!Choose random number generator to test
	READ(5,200) MRANDO
	WRITE(6,107)			!Starting SEED value
	READ(5,200) SEED(1)
	SEED(2) = 1			!Used only if random number generator
					!uses bigger than 32 bits

C INITIALIZE GENERATOR IF NEEDED
C*XRAND	CALL sxrand(SEED(1))		!Initialize xrand()
	CALL RAN1(-SEED(1))		!Initialize RAN1 generator

C Calculate expected average number of balls for each bin
	EBINS = FLOAT(NBALLS)/FLOAT(NBINS)
C	CALL TIME(TIMEBUF)
C	WRITE(6,201) TIMEBUF
C201	FORMAT(1X,A8)

	DO CHITEST=1,NCHITESTS
C         *** ZERO BIN ARRAY ***
	      DO I=1,NBINS
	        BINS(I) = 0
	      ENDDO
C*VMS	  !Quickly set BINS(k) = 0, k=1,...NBINS
C*VMS	  !Does the equivalent of above
C*VMS	  !but a lot faster.
C*VMS	  K = 1
C*VMS	  NBYTES = NBINS*2		!total number of bytes to zero
C*VMS	  DO WHILE (NBYTES .GT. 0)
C*VMS	    IF (NBYTES .LE. 65534) THEN	!maximum number of bytes we can clear
C*VMS	      NCLEAR = NBYTES		!in one call to LIB$MOVC5 is 65535
C*VMS	    ELSE
C*VMS	      NCLEAR = 65534		!max that LIB$MOVC3 can do in one call
C*VMS	    ENDIF  !(make nclear an even number so we can divide evenly by 2)
C*VMS	    CALL LIB$MOVC5(0,0,0,NCLEAR,BINS(K))  !Clear a block of memory
C*VMS	    NBYTES = NBYTES - NCLEAR	!Number of bytes still left to clear
C*VMS	    K = K + NCLEAR/2		!Number of bytes cleared so far + 1
C*VMS	  ENDDO

C Main Loop
	  DO J=1,NBALLS
	    INDEX = 1
	    DO I=0,NDIM-1

C             ***PLACE YOUR RANDOM NUMBER GENERATOR HERE***
C             Set IRANDOM using whatever random number generator you choose
C	      IRANDOM = integer between 0 and NBINS-1
c	      IF     (MRANDO .EQ. 1) THEN
c	        IRANDOM = INT( ( float( xrand() ) /TWO31F ) *FNBINSPD)
c	      ELSEIF (MRANDO .EQ. 2) THEN
c	        IRANDOM = INT( RAND(SEED(1)) *FNBINSPD)	      !UNIX rand()
c	      ELSEIF (MRANDO .EQ. 3) THEN
c	        IRANDOM = INT( RAN(SEED(1)) *FNBINSPD)	      !VMS mth$random
c	      ELSEIF (MRANDO .EQ. 4) THEN
c	        IRANDOM = INT( FOR$IRAN(W(2),W(1)) *FNBINSPD) !Infamous randu
c	      ELSEIF (MRANDO .EQ. 5) THEN
c	        CALL LIB$EMUL(1103515245,SEED,12345,SEED)	!ANSI C
c	        IRANDOM = SEED(1) .AND. '7FFFFFFF'X
c	        IRANDOM = INT( FLOAT(IRANDOM)/(TWO31F) *FNBINSPD)
c	      ELSEIF (MRANDO .EQ. 6) THEN
c	        CALL LIB$EMUL(214013,SEED,2531011,SEED)	!Microsoft C 4.0
c	        IRANDOM = W(2) .AND. '7FFF'X
c	        IRANDOM = INT( FLOAT(IRANDOM)/(TWO15F) *FNBINSPD)
c	      ELSEIF (MRANDO .EQ. 7) THEN
c	        CALL LIB$EMUL(134775813,SEED,1,SEED)	!Turbo Pascal 6.0
c	        IRANDOM = SEED(1) .AND. 'FFFF0000'X
c	        IRANDOM = JISHFT(IRANDOM,-16)
c	        IRANDOM = INT( FLOAT(IRANDOM)/(TWO16F) * FNBINSPD)
c	      ELSEIF (MRANDO .EQ. 8) THEN
c	        IRANDOM = INT( RANDES() * FNBINSPD )	!DES (not supplied)
c	      ELSEIF (MRANDO .EQ. 9) THEN
	        IRANDOM = INT( RAN1(SEED(1)) * FNBINSPD )
c	      ENDIF

C	      Calculate index by hand.
	      INDEX = INDEX + IRANDOM*(NBINSPD**I)
	    ENDDO

	    BINS(INDEX) = BINS(INDEX) + 1	!ball fell in this bin
C	    IF ( MOD(J, 1 000 000) .EQ. 0 ) THEN
C	       CALL TIME(TIMEBUF)
C	       WRITE(6,302) J, TIMEBUF
302	       FORMAT(1X,'AT BALL:',I,3X,'TIME=',A8)
C	        WRITE(6,303) SEED(2), SEED(1)
303		FORMAT(1X,'HEX: SEED(2)= ',Z,' SEED(1)= ',Z)
C		WRITE(6,304) SEED(2), SEED(1)
304            FORMAT(1X,'DEC: SEED(2)= ',I,' SEED(1)= ',I)
C	    ENDIF


  	  ENDDO

400	  CALL CHSONE(BINS,EBINS,NBINS,CHSQ,PROB)
	  SAVEPROB(CHITEST) = PROB
	  WRITE(6,1) NBALLS,CHSQ,PROB
1	  FORMAT(' BALLS=',I,'   CHISQ=',F,'   PROB=',F)

	ENDDO

C Now see if all the chi-square values are chi-square distributed:
	IF (NCHITESTS .GT. 1) THEN
	CALL KSONE(SAVEPROB,NCHITESTS,D,PROB)
	WRITE(6,2) D,PROB
2	FORMAT(1X,'KS D=',F,'  PROB=',F)
	ENDIF
	END
C============================================================================
C  From book NUMERICAL RECIPES: The Art of Scientific Computing
C  Here for demonstration purposes
C  Replace this with whatever random number generator you want to test
C  Initialize with negative number
      FUNCTION RAN1(IDUM)
      REAL R(97)
      SAVE R	!(Some UNIX F77 compilers require -save option on compile)
      PARAMETER (M1=259200,IA1=7141,IC1=54773,RM1=3.8580247E-6)
      PARAMETER (M2=134456,IA2=8121,IC2=28411,RM2=7.4373773E-6)
      PARAMETER (M3=243000,IA3=4561,IC3=51349)
      DATA IFF /0/
      IF (IDUM.LT.0.OR.IFF.EQ.0) THEN
        IFF=1
        IX1=MOD(IC1-IDUM,M1)
        IX1=MOD(IA1*IX1+IC1,M1)
        IX2=MOD(IX1,M2)
        IX1=MOD(IA1*IX1+IC1,M1)
        IX3=MOD(IX1,M3)
        DO 11 J=1,97
          IX1=MOD(IA1*IX1+IC1,M1)
          IX2=MOD(IA2*IX2+IC2,M2)
          R(J)=(FLOAT(IX1)+FLOAT(IX2)*RM2)*RM1
11      CONTINUE
        IDUM=1
      ENDIF
      IX1=MOD(IA1*IX1+IC1,M1)
      IX2=MOD(IA2*IX2+IC2,M2)
      IX3=MOD(IA3*IX3+IC3,M3)
      J=1+(97*IX3)/M3
      IF(J.GT.97.OR.J.LT.1)PAUSE
      write(1,100) R
      write(1,102) R(J)
100   format(f)
102   format(1x,'RAN1 = ', F)
      RAN1=R(J)
      R(J)=(FLOAT(IX1)+FLOAT(IX2)*RM2)*RM1
      RETURN
      END
C----------------------------------------------------------------------------

C CALCULATE THE CHI-SQUARE PROBABILITY.  SINCE NBINS IS LARGE, IT IS JUST
C THE CUMULATIVE GAUSSIAN DISTRIBUTION AFTER WE NORMALIZE THE VARIABLES.
C OR ERROR FUNCTION.

	FUNCTION CHIPROB(NBINS,CHISQ)
C       Formula is the inverse of one given in Knuth for going the other way.
	INTEGER NBINS,DF
	REAL*4 CHISQ,Z
	DF = NBINS-1
        Z = ( SQRT(24.0*CHISQ - 6.0*DF + 16.0) - 3*SQRT(2.0*DF) ) / 4.0
	CHIPROB = ERF(Z)
	RETURN
	END

      FUNCTION ERF(X)
C     Return approximation to the complimentary error function erfc(X).
C     Return is not normalized err function.  See book for details.
C     Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C     Modified to return normalized error function erf(X)
C     (It's a polynomial approximation)
      REAL ERFCC,Z,T
      Z=ABS(X/1.414213)	!Normalize
      T=1./(1.+0.5*Z)
      ERFCC=T*EXP(-Z*Z-1.26551223+T*(1.00002368+T*(.37409196+
     *    T*(.09678418+T*(-.18628806+T*(.27886807+T*(-1.13520398+
     *    T*(1.48851587+T*(-.82215223+T*.17087277)))))))))
      IF (X.LT.0.) ERFCC=2.-ERFCC
      ERF = 1.0 - ERFCC/2.0	!Normalize and compliment
      RETURN
      END

C----------------------------------------------------------------------------
C THE FOLLOWING SUBROUTINES CALCULATE THE CHI-SQUARE VALUE:

      SUBROUTINE CHSONE(BINS,EBINS,NBINS,CHSQ,PROB)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
      INTEGER NBINS
      INTEGER*2 BINS(NBINS)
      REAL EBINS,CHSQ,PROB
      CHSQ=0.
      IF(EBINS.LE.0.) PAUSE 'CHSONE: EBINS must be > 0'
      DO 11 J=1,NBINS
        CHSQ=CHSQ+(BINS(J)-EBINS)**2/EBINS
11    CONTINUE
      PROB=CHIPROB(NBINS,CHSQ)
      RETURN
      END
C============================================================================
C  THE FOLLOWING SUBROUTINES CALCULATE THE KOLMOGOROV-SMIRNOV PROBABILITY

      SUBROUTINE KSONE(DATA,N,D,PROB)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C  DF - degrees of freedom.  Passsed to FUNC
      INTEGER N
      REAL DATA(N)
      REAL D,PROB
      CALL PIKSRT(N,DATA)
      EN=N
      D=0.
      FO=0.
      DO 11 J=1,N
        FN=J/EN
        FF=DATA(J)
        DT=AMAX1(ABS(FO-FF),ABS(FN-FF))
        IF(DT.GT.D)D=DT
        FO=FN
11    CONTINUE
      PROB=PROBKS(SQRT(EN)*D)
      RETURN
      END
C----------------------------------------------------------------------------
      FUNCTION PROBKS(ALAM)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C  Note the routine in the Numerical Recipes book erronously returns
C  1 instead of 0 for large values of ALAM.
      PARAMETER (EPS1=0.001, EPS2=1.E-8)
      A2=-2.*ALAM**2
      FAC=2.
      PROBKS=0.
      TERMBF=0.
      DO 11 J=1,100
        TERM=FAC*EXP(A2*J**2)
        PROBKS=PROBKS+TERM
C       Error in Numerical Recipes book.  Terminate if TERM underflows.
C**     IF(ABS(TERM).LT.EPS1*TERMBF.OR.ABS(TERM).LT.EPS2*PROBKS)RETURN
        IF(ABS(TERM).LE.EPS1*TERMBF.OR.ABS(TERM).LE.EPS2*PROBKS)RETURN
        FAC=-FAC
        TERMBF=ABS(TERM)
11    CONTINUE
      PROBKS=1.0
      RETURN
      END
C----------------------------------------------------------------------------
      SUBROUTINE PIKSRT(N,ARR)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C  See book for details.
      INTEGER N
      REAL ARR(N)
      DO 12 J=2,N
        A=ARR(J)
        DO 11 I=J-1,1,-1
          IF(ARR(I).LE.A)GO TO 10
          ARR(I+1)=ARR(I)
11      CONTINUE
        I=0
10      ARR(I+1)=A
12    CONTINUE
      RETURN
      END







From ravage at bga.com  Thu Jul  7 13:11:05 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:11:05 PDT
Subject: (fwd) Random Numbers - CORELA.FOR
Message-ID: <199407072010.PAA29176@ivy.bga.com>


Newsgroups: sci.stat.math,sci.math,sci.math.num-analysis
Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!agate!library.ucla.edu!csulb.edu!csus.edu!netcom.com!deleyd
From: deleyd at netcom.com
Subject: Random Numbers - CORELA.FOR
Message-ID: <deleydCsIBCu.KzB at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Wed, 6 Jul 1994 06:58:06 GMT
Lines: 211
Xref: bga.com sci.stat.math:1317 sci.math:15355 sci.math.num-analysis:3356

{Approx. 200 lines}

	PROGRAM CORELA
C  Perform a KS test comparing the first 100 elements of a random
C  number generator, starting with SEED values of 1..10
C
C This is not polished code you put on a shelf and admire, this is code
C you dig your hands into and work with to make it do what you want it to.
C
C     Place your random number generator to be tested where it
C     bluntly says "PLACE YOUR RANDOM NUMBER GENERATOR HERE".
C     The output is a floating point between 0 (inclusive) and 1 (exclusive).
C
C    Currently the program is set up to use subroutine RAN1, a portable
C    random number generator from the book "NUMERICAL RECIPES: The Art
C    of Scientific Computing".  I've had trouble on our UNIX system
C    not making array R(97) static even though the code says to.
C    Compiling with the -static qualifier works.
C
	IMPLICIT NONE
	INTEGER SINC,I,J
	REAL SEQ(100,10)
	REAL AR(10)
	REAL D,PROB
	INTEGER MRANDO, SEEDINIT, IRANDOM
	INTEGER*4 SEED(2)		!Only SEED(1) result is ever used.
	INTEGER*2 W(4)			!Seeds for RANDU
	EQUIVALENCE(SEED,W)		!for RANDU
	COMMON / SEEDSTORE / SEED

	REAL*4 FRANDOM
	REAL FOR$IRAN			!The RANDU random number generator
	REAL RAN1			!test generator supplied
	INTEGER JISHFT,IRANDOM2,COUNT
	REAL*4 FNBINSPD			!float(NBINSPD)
	REAL*4 TWO31F
	REAL*4 TWO16F
	REAL*4 TWO15F
	TWO31F = 2.0**31.0
	TWO16F = 2.0**16.0
	TWO15F = 2.0**15.0

102	FORMAT(' Choose random number generator to test'/,
	1	'     /*(1)*/ MTH$RANDOM,'/
	2	'     /*(2)*/ RANDU,'/
	3	'     /*(3)*/ ANSI C,'/
	4	'     /*(4)*/ Microsoft C'/
	5	'     /*(5)*/ Turbo Pascal'/
	8	'  (9) another random number generator (choose this one)'/
	6	'   : ',$)
107	FORMAT(' Input starting SEED value: ',$)
108	FORMAT(' Input increment between SEED values: ',$)
200	FORMAT(BN,I)

10	CONTINUE
	WRITE(6,102)			!Choose random number generator to test
	READ(5,200) MRANDO
	WRITE(6,107)			!Starting SEED value
	READ(5,200) SEED(1)
	SEEDINIT = SEED(1)
	SEED(2) = 1
	WRITE(6,108)			!INCREMENT VALUE
	READ(5,200) SINC

C Main Loop
	  DO J=1,10		!10 sequences
	    DO I=1,100		!sequence length of first 100 numbers

C             ***PLACE YOUR RANDOM NUMBER GENERATOR HERE***
C             Set FRANDOM using whatever random number generator you choose
C	      to a floating point value in the range [0,1)

	      FRANDOM = RAN1(SEED(1))

C	      IF (MRANDO .EQ. 1) THEN
C	        FRANDOM = RAN(SEED(1))		!mth$random
C	      ELSEIF (MRANDO .EQ. 2) THEN
C	        FRANDOM = FOR$IRAN(W(2),W(1))	!randu
C	      ELSEIF (MRANDO .EQ. 3) THEN
C	        CALL LIB$EMUL(1103515245,SEED,12345,SEED)	!VAX C
C	        IRANDOM = SEED(1) .AND. '7FFFFFFF'X
C	        FRANDOM = FLOAT(IRANDOM)/(TWO31F)
C	      ELSEIF (MRANDO .EQ. 4) THEN
C	        CALL LIB$EMUL(214013,SEED,2531011,SEED)	!Microsoft C 4.0
C	        IRANDOM = W(2) .AND. '7FFF'X
C	        FRANDOM = FLOAT(IRANDOM)/(TWO15F)
C	      ELSEIF (MRANDO .EQ. 5) THEN
C	        CALL LIB$EMUL(134775813,SEED,1,SEED)	!Turbo Pascal 6.0
C	        IRANDOM = SEED(1) .AND. 'FFFF0000'X
C	        IRANDOM = JISHFT(IRANDOM,-16)
C	        FRANDOM = FLOAT(IRANDOM)/(TWO16F)
C	      ENDIF

	      SEQ(I,J) = FRANDOM
	    ENDDO
            SEEDINIT = SEEDINIT + SINC	!calculate new initial seed
            SEED(1) = SEEDINIT          !set new initial seed
	  ENDDO
		  
C Do a KS test on each edlement comparing the 10 sequences
   	DO I=1,100
	  DO J=1,10
            AR(J) = SEQ(I,J)	!Transfer to short array
          ENDDO
	  CALL KSONE(AR,10,D,PROB)
	  WRITE(6,2) I,PROB
2	  FORMAT(1X,'I=',I4,' KS PROB=',F)
        ENDDO
	END

C============================================================================
C  From book NUMERICAL RECIPES: The Art of Scientific Computing
C  Here for demonstration purposes
C  Replace this with whatever random number generator you want to test
C  Initialize with negative number
      FUNCTION RAN1(IDUM)
      DIMENSION R(97)
      SAVE R	!(Some UNIX F77 compilers require -save option on compile)
      PARAMETER (M1=259200,IA1=7141,IC1=54773,RM1=3.8580247E-6)
      PARAMETER (M2=134456,IA2=8121,IC2=28411,RM2=7.4373773E-6)
      PARAMETER (M3=243000,IA3=4561,IC3=51349)
      DATA IFF /0/
      IF (IDUM.LT.0.OR.IFF.EQ.0) THEN
        IFF=1
        IX1=MOD(IC1-IDUM,M1)
        IX1=MOD(IA1*IX1+IC1,M1)
        IX2=MOD(IX1,M2)
        IX1=MOD(IA1*IX1+IC1,M1)
        IX3=MOD(IX1,M3)
        DO 11 J=1,97
          IX1=MOD(IA1*IX1+IC1,M1)
          IX2=MOD(IA2*IX2+IC2,M2)
          R(J)=(FLOAT(IX1)+FLOAT(IX2)*RM2)*RM1
11      CONTINUE
        IDUM=1
      ENDIF
      IX1=MOD(IA1*IX1+IC1,M1)
      IX2=MOD(IA2*IX2+IC2,M2)
      IX3=MOD(IA3*IX3+IC3,M3)
      J=1+(97*IX3)/M3
      IF(J.GT.97.OR.J.LT.1)PAUSE
      RAN1=R(J)
      R(J)=(FLOAT(IX1)+FLOAT(IX2)*RM2)*RM1
      RETURN
      END

C==============================================================================

C  THE FOLLOWING SUBROUTINES CALCULATE THE KOLMOGOROV-SMIRNOV PROBABILITY

      SUBROUTINE KSONE(DATA,N,D,PROB)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C  DF - degrees of freedom.  Passsed to FUNC
      INTEGER N
      REAL DATA(N)
      REAL D,PROB
      CALL PIKSRT(N,DATA)
      EN=N
      D=0.
      FO=0.
      DO 11 J=1,N
        FN=J/EN
        FF=DATA(J)
        DT=AMAX1(ABS(FO-FF),ABS(FN-FF))
        IF(DT.GT.D)D=DT
        FO=FN
11    CONTINUE
      PROB=PROBKS(SQRT(EN)*D)
      RETURN
      END
C------------------------------------------------------------------------------
      FUNCTION PROBKS(ALAM)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C  Note the routine in the Numerical Recipes book erronously returns
C  1 instead of 0 for large values of ALAM.
      PARAMETER (EPS1=0.001, EPS2=1.E-8)
      A2=-2.*ALAM**2
      FAC=2.
      PROBKS=0.
      TERMBF=0.
      DO 11 J=1,100
        TERM=FAC*EXP(A2*J**2)
        PROBKS=PROBKS+TERM
C       Error in Numerical Recipes book.  Terminate if TERM underflows.
C**     IF(ABS(TERM).LT.EPS1*TERMBF.OR.ABS(TERM).LT.EPS2*PROBKS)RETURN
        IF(ABS(TERM).LE.EPS1*TERMBF.OR.ABS(TERM).LE.EPS2*PROBKS)RETURN
        FAC=-FAC
        TERMBF=ABS(TERM)
11    CONTINUE
      PROBKS=1.0
      RETURN
      END
C------------------------------------------------------------------------------
      SUBROUTINE PIKSRT(N,ARR)
C  Adapted from book NUMERICAL RECIPES: The Art of Scientific Computing
C  See book for details.
      INTEGER N
      REAL ARR(N)
      DO 12 J=2,N
        A=ARR(J)
        DO 11 I=J-1,1,-1
          IF(ARR(I).LE.A)GO TO 10
          ARR(I+1)=ARR(I)
11      CONTINUE
        I=0
10      ARR(I+1)=A
12    CONTINUE
      RETURN
      END







From ravage at bga.com  Thu Jul  7 13:11:14 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:11:14 PDT
Subject: (fwd) Random Numbers - SPECTRAL.FOR
Message-ID: <199407072011.PAA29181@ivy.bga.com>


Newsgroups: sci.stat.math,sci.math,sci.math.num-analysis
Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!agate!library.ucla.edu!csulb.edu!csus.edu!netcom.com!deleyd
From: deleyd at netcom.com
Subject: Random Numbers - SPECTRAL.FOR
Message-ID: <deleydCsIBEG.L2B at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Wed, 6 Jul 1994 06:59:04 GMT
Lines: 426
Xref: bga.com sci.stat.math:1318 sci.math:15356 sci.math.num-analysis:3357

{Approx. 420 lines}

	PROGRAM SPECTRAL
! Performs the spectral test for a linear congruential random number generator.
! 
!  This program adapted from:
!
!     ALGORYTHM  AS 193 APPLIED STATISTICS, (1983) VOL. 32, NO.3 PG. 328-335
!     T. R. Hopkins
! Modified to run on VAX/VMS systems using REAL*16 (64 bit) variables.
! The original is FORTRAN-66 compliant.
!
! Consider linear congruential generators of the form:
!		SEED = (A*SEED + C) mod M
!
! Given A, and M, the spectral test calculates NUSQ (NU**2), LOGNU (base 2),
! and MU.  As a guide, Knuth suggests a multiplier A may be considered
! adequate if the values of MU returned by the spectral test are > 0.1 .
! For an exceptionally good multiplier, these values will all be greater
! than unity.
!
! The spectral test may be applied if:
!    1.  The sequence has maximal period, or
!    2.  M is prime and C = 0 and the period length is M-1, or
!    3.  M = 2**e and A mod 8 = 5 or A mod 8 = 3.
!        In this third case the spectral test is applied using
!        A = A and M = 2**(e-2).  For example, in analyzing RANDU,
!        use A = 65539 and M = 536870912 (2**29).
!
! Further information on the spectral test is in:
!
!   Knuth, Donald E.  "The Art of Computer Programming Vol. 2: Seminumerical
!     algorithms, 2nd edition.  Reading, Mass.: Addison-Wesley. 1981
!
! The value of parameter BIGT determines how many dimensions are calculated.
! Higher dimensions may be obtained by changing this parameter and recompiling.
! Note that 12 is about the highest feasible.  Above 12 the program may take
! days to complete.
C Example:
C    MTH$RANDOM is defined as
C 
C             SEED = (69069*SEED + 1) MOD 2**32
C 
C     Here A = 69069
C      and M = 2**32 = 4294967296
C 
C    $ RUN SPECTRAL
C    INPUT A: 69069
C    INPUT M: 4294967296
C 
C    A=                          69069.0
C    M=                     4294967296.0
C    BIGT=           6
C    NUSQ=
C      NUSQ (           2)=                4243209856.000000
C      NUSQ (           3)=                   2072544.000000
C      NUSQ (           4)=                     52804.000000
C      NUSQ (           5)=                      6990.000000
C      NUSQ (           6)=                       242.000000
C    LOGNU=
C      LOGNU(           2)=                        15.991254
C      LOGNU(           3)=                        10.491486
C      LOGNU(           4)=                         7.844180
C      LOGNU(           5)=                         6.385538
C      LOGNU(           6)=                         3.959432
C   MU=
C      MU=  (           2)=                         3.103734
C      MU=  (           3)=                         2.909942
C      MU=  (           4)=                         3.203639
C      MU=  (           5)=                         5.006469
C      MU=  (           6)=                         0.017052
C 
C Now examine the MU values.  All values are above 1 except the very last
C value MU(6) is 0.01, indicating MTH$RANDOM may not perform as well in a
C 6-D test.
C 
C 
C Run spectral again this time trying the values for the bad RANDU generator:
C 
C    MTH$RANDOM is defined as
C 
C             SEED = (65539*SEED) MOD 2**31
C 
C     Here A = 65539
C      and M = 2**31 but we use M = 2**29 for reasons discussed above
C 
C 
C    $ RUN SPECTRAL
C    INPUT A: 65539
C    INPUT M: 536870912   !(2**29)
C 
C    A=                          65539.0
C    M=                      536870912.0
C    BIGT=           6
C    NUSQ=
C      NUSQ (           2)=                 536936458.000000
C      NUSQ (           3)=                       118.000000
C      NUSQ (           4)=                       116.000000
C      NUSQ (           5)=                       116.000000
C      NUSQ (           6)=                       116.000000
C    LOGNU=
C      LOGNU(           2)=                        14.500088
C      LOGNU(           3)=                         3.441322
C      LOGNU(           4)=                         3.428990
C      LOGNU(           5)=                         3.428990
C      LOGNU(           6)=                         3.428990
C    MU=
C      MU=  (           2)=                         3.141976
C      MU=  (           3)=                         0.000010
C      MU=  (           4)=                         0.000124
C      MU=  (           5)=                         0.001421
C      MU=  (           6)=                         0.015025
C 
C Notice here the MU values for dimensions 2 through 6 are all extremely
C small.  This generator does horribly on these dimensions.  The spectral
C test noticed it right away.

	PARAMETER BIGT = 6	!Number of dimensions to go up to.  Max is 12.
	PARAMETER IU = BIGT	!(Beyond 12 program may take days to run.)
	PARAMETER IV = BIGT
	INTEGER*4 IFAULT
	REAL*16 A, M, MU(BIGT), NUSQ(BIGT), LOGNU(BIGT), U(IU,BIGT),
	2	V(IV,BIGT), Z(BIGT)

100	FORMAT(' INPUT A: ',$)
101	FORMAT(' INPUT M: ',$)
200	FORMAT(BN,G33.0)

201	WRITE(6,100)
	READ(5,200) A		!MTH$RANDOM example: A = 69069.0
	WRITE(6,101)
	READ(5,200) M		!MTH$RANDOM example: M = 4294967296.0  (2**32)

	CALL SPECT(A,M,BIGT,MU,NUSQ,LOGNU,U,IU,V,IV,Z,IFAULT)

	IF (IFAULT .GT. 0) THEN
	  IF (IFAULT .EQ. 1) THEN
	    PRINT*, ' BIGT < 2'
	  ELSEIF (IFAULT .EQ. 2) THEN
	    PRINT*, ' A .GE. M  .OR.  A .LE. 0  .OR.  M .LE. 0'
	  ELSEIF (IFAULT .EQ. 3) THEN
	    PRINT*, ' M > Mmax'
	  ELSEIF (IFAULT .EQ. 4) THEN
	    PRINT*, ' A and M not relatively prime'
	  ELSEIF (IFAULT .EQ. 5) THEN
	    PRINT*, ' Intermediate result > Mmax * Mmax'
	  ELSE
	    PRINT*, ' IFAULT .GT. 5'
	  ENDIF
	  STOP
	ENDIF

	WRITE(6,1) A
	WRITE(6,2) M
	WRITE(6,3) BIGT
	WRITE(6,41)
	DO I=2,BIGT
	  WRITE(6,4) I,NUSQ(I)
	ENDDO
	WRITE(6,51)
	DO I=2,BIGT
	  WRITE(6,5) I,LOGNU(I)
	ENDDO
	WRITE(6,61)
	DO I=2,BIGT
	  WRITE(6,6) I,MU(I)
	ENDDO

1	FORMAT(' A=',F33.1)
2	FORMAT(' M=',F33.1)
3	FORMAT(' BIGT=',I)
41	FORMAT(' NUSQ=')
4	FORMAT('   NUSQ (',I,')=',F33.6)
51	FORMAT(' LOGNU=')
5	FORMAT('   LOGNU(',I,')=',F33.6)
61	FORMAT(' MU=')
6	FORMAT('   MU=  (',I,')=',F33.6)
C	GOTO 201
	END

      SUBROUTINE SPECT(A, M, BIGT, MU, NUSQ, LOGNU, U, IU, V, IV, Z,
     *  IFAULT)
C
C     ALGORYTHM  AS 193 APPLIED STATISTICS, (1983) VOL. 32, NO.3 PG. 328-335
C     T. R. Hopkins
C
C     A REVISED ALGORITHM FOR THE SPECTRAL TEST
C     Modified to use REAL*16 variables for VAX/VMS
C
      IMPLICIT NONE
      INTEGER*4 I, I2, J, K
      INTEGER*4 BIGT, IU, IV, T, T1, IFAULT
      REAL*16 A, M, MU(BIGT), NUSQ(BIGT), LOGNU(BIGT),
     *  U(IU, BIGT), V(IV, BIGT), Z(BIGT),
     *  H, HPRIME, MMAX, MMAX2, MSQ, P, PI, PPRIME, Q,
     *  QTEMP, R, S, SIGN, UC, VC, VIJ, VJJ, W, ZERO, ONE, TWO, FOUR,
     *  DINT, DNINT, VPROD
      DATA ZERO /0.0Q0/, ONE /1.0Q0/, TWO /2.0Q0/, FOUR /4.0Q0/
C
C        SUITABLE VALUES FOR
C        1) IBM REAL*8
C        DATA MMAX/33554432.0D0/
C        2) IBM REAL*16
C        3) CDC 7600 DOUBLE PRECISION
C        DATA MMAX/35184372088832.0D0/
C        DATA MMAX /9007199254740992.0D0/
C
C     A VAX/VMS REAL*16 has precision approximately one part in 2**112
C     Knuth claims values rarely if ever exceed M**2
C     So Hopkins takes maxval = 8*m**2  and solves 2**112 = 8*m**2 for M
C     giving Mmax = 2**(112/2)/8
      DATA MMAX /9.0Q15/
C
C        TEST THE VALIDITY OF THE INPUT PARAMETERS
C
      MMAX2 = MMAX * MMAX
      IFAULT = 0
      IF (BIGT .LT. 2) IFAULT = 1
      IF (A .GE. M .OR. A .LE. ZERO .OR. M .LE. ZERO) IFAULT = 2
      IF (M .GT. MMAX) IFAULT = 3
      IF (IFAULT .GT. 0) RETURN
C
C        CHECK A AND M ARE RELATIVELY PRIME
C        NEED VALID A AND M
C        USE EUCLIDS ALGORITHM
C
      H = A
      HPRIME = M
   10 R = QMOD(HPRIME, H)

      IF (R .EQ. ZERO) GOTO 20
      HPRIME = H
      H = R
      GOTO 10
   20 IF (H .NE. ONE) IFAULT = 4	! A and M not relatively prime
      IF (IFAULT .NE. 0) RETURN
      MSQ = M * M
C
C        ALL STEPS REFER TO THOSE IN KNUTHS ALGORITHM
C        STEP 1 - INITIALIZATION
C
      H = A
      HPRIME = M
      P = ONE
      PPRIME = ZERO
      R = A
      S = ONE + A * A
C
C        STEP 2 - EUCLIDEAN STEP
C
   30 Q = QINT(HPRIME / H)
      UC = HPRIME - Q * H
      VC = PPRIME - Q * P
      W = UC * UC + VC * VC
      IF (W .GE. S) GOTO 40
      S = W
      HPRIME = H
      H = UC
      PPRIME = P
      P = VC
      GOTO 30
C
C        STEP 3 - COMPUTE NU(2)
C
   40 UC = UC - H
      VC = VC - P
      W = UC * UC + VC * VC
      IF (W .GE. S) GOTO 50
      S = W
      HPRIME = UC
      PPRIME = VC
   50 NUSQ(2) = S
C
C        INITIALIZE U AND V MATRICES
C        NOTE WE STORE BY COLUMNS WHEREAS KNUTH STORES BY ROWS
C
      T = 2
      U(1, 1) = -H
      U(1, 2) = -HPRIME
      U(2, 1) = P
      U(2, 2) = PPRIME
      SIGN = ONE
      IF (PPRIME .GT. ZERO) SIGN = -ONE
      V(1, 1) = SIGN * PPRIME
      V(1, 2) = -SIGN * P
      V(2, 1) = SIGN * HPRIME
      V(2, 2) = -SIGN * H
C
C        STEP 4 - ADVANCE T
C
   60 IF (T .EQ. BIGT) GOTO 200
      T1 = T
      T = T + 1
      R = QMOD(A * R, M)
      U(1, T) = -R
      U(T, T) = ONE
      U(T, 1) = ZERO
      V(1, T) = ZERO
      V(T, T) = M
      DO 70 I = 2, T1
        U(I, T) = ZERO
        U(T, I) = ZERO
        V(I, T) = ZERO
   70 CONTINUE
      DO 90 I = 1, T1
        QTEMP = V(1, I) * R
        Q = QNINT(QTEMP / M)
        V(T, I) = QTEMP - Q * M
        DO 80 I2 = 1, T
   80    U(I2, T) = U(I2, T) + Q * U(I2, I)
   90 CONTINUE
      S = QMIN1(S, VPROD(U(1, T), U(1, T), T))
      K = T
      J = 1
C
C        STEP 5 - TRANSFORM
C
  100 DO 120 I = 1, T
        IF (I .EQ. J) GOTO 120
        VIJ = VPROD(V(1, I), V(1, J), T)
        VJJ = VPROD(V(1, J), V(1, J), T)
        IF (TWO * QABS(VIJ) .LE. VJJ) GOTO 120
        Q = QNINT(VIJ / VJJ)
        DO 110 I2 = 1, T
          V(I2, I) = V(I2, I) - Q * V(I2, J)
          U(I2, J) = U(I2, J) + Q * U(I2, I)
  110   CONTINUE
      K = J
  120 CONTINUE
C
C        STEP 6 - EXAMINE NEW BOUND
C
      IF (K .EQ. J) S = QMIN1(S, VPROD(U(1, J), U(1, J), T))
C
C        STEP 7 - ADVANCE J
C
      J = J + 1
      IF (J .EQ. T + 1) J = 1
      IF (J .NE. K) GOTO 100
C
C        STEP 8 - PREPARE FOR SEARCH
C
C        MU AND LOGNU ARE USED TO STORE KNUTHS X AND Y RESPECTIVELY
C
      DO 130 I = 1, T
        MU(I) = ZERO
        LOGNU(I) = ZERO
        QTEMP = VPROD(V(1, I), V(1, I), T)
        IF (QTEMP .GT. MMAX2) GOTO 240	!Intermediate result > Mmax * Mmax
        QTEMP = QTEMP / MSQ
        Z(I) = QINT(QSQRT(QINT(QTEMP * S)))
  130 CONTINUE
      K = T
C
C        STEP 9 - ADVANCE XK
C
  140 IF (MU(K) .EQ. Z(K)) GOTO 190
      MU(K) = MU(K) + ONE
      DO 150 I = 1, T
  150  LOGNU(I) = LOGNU(I) + U(I, K)
C
C        STEP 10 - ADVANCE K
C
  160 K = K + 1
      IF (K .GT. T) GOTO 180
      MU(K) = -Z(K)
      DO 170 I = 1, T
  170  LOGNU(I) = LOGNU(I) - TWO * Z(K) * U(I, K)
      GOTO 160
  180 S = QMIN1(S, VPROD(LOGNU, LOGNU, T))
C
C        STEP 11 - DECREASE K
C
  190 K = K - 1
      IF (K .GE. 1) GOTO 140
      NUSQ(T) = S
      GOTO 60
C
C        CALCULATE NU AND LOG(NU)
C
  200 DO 210 I = 2, BIGT
        MU(I) = QSQRT(NUSQ(I))
        LOGNU(I) = QLOG(MU(I)) / QLOG(TWO)
  210 CONTINUE
C
C        CALCULATE TRANSFORMED MU VALUES
C
      PI = 3.14159 26535 89793 23846 26433 83279 50288 41971 69399 37511
      Q = ONE
      DO 220 T = 2, BIGT, 2
        Q = Q * PI * TWO / QEXT(T)
        MU(T) = Q * MU(T) ** T / M
  220 CONTINUE
      IF (BIGT .EQ. 2) RETURN
      Q = TWO
      DO 230 T = 3, BIGT, 2
        Q = Q * PI * TWO / QEXT(T)
        MU(T) = Q * MU(T) ** T / M
  230 CONTINUE
      RETURN

  240 IFAULT = 5	!Intermediate result > Mmax * Mmax
      RETURN
      END


      REAL*16 FUNCTION VPROD(U, V, T)
C
C     ALGORYTHM  AS 193 APPLIED STATISTICS, (1983) VOL. 32, NO.3 PG. 328-335
C
C     AUXILIARY FUNCTION TO CALCULATE THE INNER PRODUCT OF
C     THE TWO VECTORS U AND V OF LENGTH T.
C     Modified to REAL*16
C
      INTEGER T
      REAL*16 U(T), V(T), SUM, ZERO
      DATA ZERO /0.0Q0/
C
      SUM = ZERO
      DO 10 I = 1, T
   10 SUM = SUM + U(I) * V(I)
      VPROD = SUM
      RETURN
      END







From ravage at bga.com  Thu Jul  7 13:20:51 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:20:51 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <199407072020.PAA29383@ivy.bga.com>



Newsgroups: sci.math,sci.stat.math
Path: bga.com!news.sprintlink.net!hookup!europa.eng.gtefsd.com!howland.reston.ans.net!spool.mu.edu!agate!library.ucla.edu!csulb.edu!csus.edu!netcom.com!deleyd
From: deleyd at netcom.com
Subject: Re: BSD random() - any good (source included)?
Message-ID: <deleydCs1L9A.2L6 at netcom.com>
Followup-To: sci.math,sci.stat.math
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
X-Newsreader: TIN [version 1.2 PL1]
References: <2ua9ln$4lv at news.tamu.edu>
Date: Mon, 27 Jun 1994 06:12:45 GMT
Lines: 13
Xref: bga.com sci.math:14916 sci.stat.math:1219

I did a research paper on Computer Generated Random Number Sequences in
1991.  Included are the results of testing numerous popular generators.
The code used for testing the generators is also available if one
is so inclined to do some testing of a particular generator.  (The only
thing is a thorough test to determine the limits of the generator can
take many hours of CPU time).

Perhaps later this week I'll post the paper and see what the response
is.  I'm always a bit apprehensive to post.  Never sure what the
response will be.  Maybe someone will think it's interesting.

David Deley
deleyd at netcom.com





From ravage at bga.com  Thu Jul  7 13:20:54 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:20:54 PDT
Subject: (fwd) BSD random() - any good (source included)?
Message-ID: <199407072020.PAA29377@ivy.bga.com>


Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!bcm!news.tamu.edu!henrik
From: henrik at stat.tamu.edu (Henrik Schmiediche)
Newsgroups: sci.math,sci.stat.math
Subject: BSD random() - any good (source included)?
Date: 22 Jun 1994 21:15:35 GMT
Organization: Department of Statistics, Texas A&M University
Lines: 140
Message-ID: <2ua9ln$4lv at news.tamu.edu>
NNTP-Posting-Host: picard.tamu.edu
Xref: bga.com sci.math:14740 sci.stat.math:1193

     Hello,
the BSD random() function returns a pseudo random number. I would like
to know if anyone knows how good this random number generator is and
if it has been thouroughly tested. Below are two descriptions of the
generator for two different sources. Looking at the source code it is
obvious that this generator is seeded using a linear congruetial
generator that leaves much to be desired (low bits alternate). I
remember reading somewhere that the trinomials used by random() are
not optimal but I can't remember the source. The generator does have
some great advantages like being very fast and having a very long
period, but both these advantages are meaningless if the random
numbers it produces are not very good. Anyone know more about random()
and if it is any good?

I have include a source code implementation below (I wrote it
originally so I could inline the code into my own application which
spend a significant amount of time generating random numbers).

   - henrik


According to the SunOS doc's:

"random () uses a non-linear additive feedback random number
generator employing a default table of size 31 long integers
to return successive pseudo-random numbers in the range from
0  to (2**31)-1.  The period of this random number generator
is very large, approximately 16*((2**31)-1)."

The BSD source code (from glibc) says:

"The random number generation technique is a linear feedback shift
register approach, employing trinomials (since there are fewer terms
to sum up that way).  In this approach, the least significant bit of
all the numbers in the state table will act as a linear feedback shift
register, and will have period 2^deg - 1 (where deg is the degree of
the polynomial being used, assuming that the polynomial is irreducible
and primitive).  The higher order bits will have longer periods, since
their values are also influenced by pseudo-random carries out of the
lower bits.  The total period of the generator is approximately
deg*(2**deg - 1); thus doubling the amount of state information has a
vast influence on the period of the generator."

For table size of 31 long ints random() use the trinomial: x**31 +
x**3 + 1. For 63 long ints it uses the trinomial x**63 + x + 1.

*****************************************************************************

/***
   Code to implement random() & srandom() of BSD Unix. It was taken
   (though coded somewhat differently) from the Gnu BSD implementation.
 ***/

#include <stdio.h>
#include <stdlib.h>

#ifdef LONG31  /* x^31 + x^3 + 1 */
#define SIZE  31
#define SIZE1 30
#define P1 3
#define P2 0
#else  /* LONG63: x^63 + x + 1 */
#define SIZE  63
#define SIZE1 62
#define P1 1
#define P2 0
#endif

#define LONG_MAX  0x7fffffff


int p1=P1, p2=P2;  
long table[SIZE];

/*** return a "random" number in range [0, LONG_MAX] */

long xrand ()
{
  int r;

  table[p1] = table[p1] + table[p2]; /* add two table elements */
  r = (table[p1] >> 1) & LONG_MAX;   /* throw least significant bit away */

  if (p1 == SIZE1) { /* increment the table indexes */
    p1 = 0; 
    p2 = p2 + 1; 
  }
  else if (p2 == SIZE1) {
    p1 = p1 + 1;    
    p2 = 0;
  }
  else {
    p1 = p1 + 1;    
    p2 = p2 + 1;
  }

  return (r);
}


/*** use a linear congruential type generator to seed the 
     state table & cycle the entire table 10 times */

void sxrand (seed)
long seed;
{
  int i;

  table[0] = seed;
  for (i=1; i<SIZE; ++i)
    table[i] = (table[i-1] * 1103515145) + 12345;  /* lousy */

  for (i=0; i<10*SIZE; ++i)
    (void) xrand();
}


/*** a small test program */

void main ()
{
  int i;

  sxrand (1);  /* BSD default */

  for (i=1; i<=40; ++i)
    printf ("%ld", xrand() % 10 ); /* least random bits ? */

  /* 6714066113586447326208220248220881760069 (cc -DLONG63) */
  /* 9418752338157675324663485137890734831064 (cc -DLONG31) */

  printf ("\n");
}



--
Henrik Schmiediche, Dept. of Statistics, Texas A&M, College Station, TX 77843
E-mail: henrik at stat.tamu.edu  |  Tel: (409) 862-1764   |  Fax: (409) 845-3144
Finger for pgp 2.5 key, fingerprint: CE8F BD6C 59FC DA85  376A BB96 2E83 FF5E





From ravage at bga.com  Thu Jul  7 13:20:58 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:20:58 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <199407072020.PAA29387@ivy.bga.com>


Path: bga.com!news.sprintlink.net!hookup!europa.eng.gtefsd.com!newsxfer.itd.umich.edu!nntp.cs.ubc.ca!mala.bc.ca!hakatac!rbursey
Newsgroups: sci.math,sci.stat.math
Subject: Re: BSD random() - any good (source included)?
Message-ID: <iFwLoc3w165w at hakatac.almanac.bc.ca>
From: rbursey at hakatac.almanac.bc.ca (robert bursey)
Date: Mon, 27 Jun 94 18:24:29 PDT
References: <deleydCs1L9A.2L6 at netcom.com>
Distribution: na
Organization: Sir HackAlot's UNIX BBS, Port Alberni, B.C.
Lines: 18
Xref: bga.com sci.math:14978 sci.stat.math:1239

deleyd at netcom.com writes:

> I did a research paper on Computer Generated Random Number Sequences in
> 1991.  Included are the results of testing numerous popular generators.
> The code used for testing the generators is also available if one
> is so inclined to do some testing of a particular generator.  (The only
> thing is a thorough test to determine the limits of the generator can
> take many hours of CPU time).
>
> Perhaps later this week I'll post the paper and see what the response
> is.  I'm always a bit apprehensive to post.  Never sure what the
> response will be.  Maybe someone will think it's interesting.
>
> David Deley
> deleyd at netcom.com

Does anybody know of a good test for randomness? I would definitely like to 
know how good computer RNG's are. Post away!





From ravage at bga.com  Thu Jul  7 13:21:03 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:21:03 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <199407072020.PAA29392@ivy.bga.com>


Newsgroups: sci.math,sci.stat.math
Path: bga.com!news.sprintlink.net!hookup!ames!lll-winken.llnl.gov!overload.lbl.gov!dog.ee.lbl.gov!ihnp4.ucsd.edu!usc!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!news.kei.com!ssd.intel.com!carr
From: carr at ssd.intel.com (George Carr)
Subject: Re: BSD random() - any good (source included)?
Message-ID: <Cs4B6w.IqE at SSD.intel.com>
Sender: usenet at SSD.intel.com
Nntp-Posting-Host: shiva
Organization: Supercomputer Systems Divison, Intel Corp.
References: <deleydCs1L9A.2L6 at netcom.com> <iFwLoc3w165w at hakatac.almanac.bc.ca>
Distribution: na
Date: Tue, 28 Jun 1994 17:28:08 GMT
Lines: 34
Xref: bga.com sci.math:14998 sci.stat.math:1241

In article <iFwLoc3w165w at hakatac.almanac.bc.ca>, rbursey at hakatac.almanac.bc.ca (robert bursey) writes:
|> deleyd at netcom.com writes:
|> 
|> > I did a research paper on Computer Generated Random Number Sequences in
|> > 1991.  Included are the results of testing numerous popular generators.
|> > The code used for testing the generators is also available if one
|> > is so inclined to do some testing of a particular generator.  (The only
|> > thing is a thorough test to determine the limits of the generator can
|> > take many hours of CPU time).
|> >
|> > Perhaps later this week I'll post the paper and see what the response
|> > is.  I'm always a bit apprehensive to post.  Never sure what the
|> > response will be.  Maybe someone will think it's interesting.
|> >
|> > David Deley
|> > deleyd at netcom.com
|> 
|> Does anybody know of a good test for randomness? I would definitely like to 
|> know how good computer RNG's are. Post away!

The classic reference is Volume 2 of Donald Knuth's The Art of Computer
Programming, Second Edition, Seminumerical Algorithms. I highly recommend
it to anyone wanting to know what "random" is all about.

If you really need to know whether your generator is random-enough for
your application you should expect to do your own testing and yes it will
require many hours of your time in addition to that of your computer.
-- 
George R. Carr, Jr.
Intel Supercomputer Systems Division    Parallel Systems Engineer
NOAA Forecast Systems Laboratory        carr at ssd.intel.com
Research Lab 3, Rm A227                 carr at neko.fsl.noaa.gov
3100 Marine St, R/E/FS5                 voice: 303-497-6130
Boulder, CO 80303                       fax:   303-497-6821





From ravage at bga.com  Thu Jul  7 13:21:04 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 7 Jul 94 13:21:04 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <199407072020.PAA29397@ivy.bga.com>


Path: bga.com!news.sprintlink.net!hookup!ames!lll-winken.llnl.gov!noc.near.net!pad-thai.aktis.com!la-jiao.aktis.com!not-for-mail
From: don at cam.ov.com (Donald T. Davis)
Newsgroups: sci.math,sci.stat.math
Subject: Re: BSD random() - any good (source included)?
Date: 28 Jun 1994 17:52:48 -0400
Organization: OpenVision Technologies, Inc.
Lines: 65
Distribution: na
Message-ID: <2uq63g$g5c at la-jiao.aktis.com>
References: <deleydCs1L9A.2L6 at netcom.com> <iFwLoc3w165w at hakatac.almanac.bc.ca> <Cs4B6w.IqE at SSD.intel.com>
NNTP-Posting-Host: la-jiao.aktis.com
Xref: bga.com sci.math:15008 sci.stat.math:1243

(George Carr) writes:
>(robert bursey) writes:
>|> deleyd at netcom.com writes:
>|> 
>|> > I did a research paper on Computer Generated Random Number Sequences in
>|> > 1991.  Included are the results of testing numerous popular generators.
>|> > The code used for testing the generators is also available if one
>|> > is so inclined to do some testing of a particular generator.  (The only
>|> > thing is a thorough test to determine the limits of the generator can
>|> > take many hours of CPU time).
>|> >
>|> > Perhaps later this week I'll post the paper and see what the response
>|> > is.  I'm always a bit apprehensive to post.  Never sure what the
>|> > response will be.  Maybe someone will think it's interesting.
>|> >
>|> > David Deley
>|> > deleyd at netcom.com
>|> 
>|> Does anybody know of a good test for randomness? I would definitely like to 
>|> know how good computer RNG's are. Post away!
>
>The classic reference is Volume 2 of Donald Knuth's The Art of Computer
>Programming, Second Edition, Seminumerical Algorithms. I highly recommend
>it to anyone wanting to know what "random" is all about.
>
>If you really need to know whether your generator is random-enough for
>your application you should expect to do your own testing and yes it will
>require many hours of your time in addition to that of your computer.
>-- 
knuth's chapter's practical results are about linear-congruential
rngs, their optimization and testing. though these rngs are still
distressingly common, nonlinear rngs are the way to go for two
burgeoning areas that consume random numbers: graphics and cryptography.
both areas are concerned with getting extremely long periods, but
cryptography is also concerned with proving unpredictability of
secure rngs. that is, knowing some outputs of an rng as applied to a
given seed, it should be impossible to deduce or predict other
outputs' values.

so, you see, the "good test for randomness" depends strongly on which
features of a random variable you want to use. if you're careful,
knuth's approach will work fine for some statistical applications,
like monte-carlo techniques. but knuth's is by no means the last
word on the subject. btw, for cryptographic purposes, the received
wisdom is that there is NO adequate test for randomness; if an rng
passes lots of tests, that's very nice, but the presumption is that
the variable's deterministic structure is simply hidden, and that
the clever-enough test was not yet applied or devised.

nevertheless, in the cryptographic field, the list of tests used
is long. typically, you design the test to probe the weaknesses of
a specific rng algorithm.  period tests, runs tests, and
substring-interarrival tests are common, and some people like
entropy estimates. one of the trusted names in the crypto-rng
literature is marsaglia; he has published extensively on the
subject of rng-testing. i don't know what the graphics literature
on rngs is like; i only know that if you want to simulate textured
surfaces, like grass, a bad rng makes a striped texture.

be forwarned: the rng literature is amazingly vast, with a low signal-
to-noise ratio. it seems that everyone thinks he can design a "good"
rng. btw, i favor hardware rngs.
					-don davis
					 openvision technologies
					 cambridge, ma





From jamiel at sybase.com  Thu Jul  7 13:41:38 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 7 Jul 94 13:41:38 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <9407072040.AA07826@ralph.sybgate.sybase.com>


At  3:20 PM 07/07/94 -0500, Jim choate wrote 69K of forwards
(so far) that I would much rather look at in sci.math or
sci.stat.math than in my mailbox, unrequested. Didn't we have
a little forwarding talk recently enough for your avarage
televangelist viewer to remember it?

Kindly cut it out.


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From jamiel at sybase.com  Thu Jul  7 13:47:00 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 7 Jul 94 13:47:00 PDT
Subject: real live Detweiler messages- anyone?
Message-ID: <9407072046.AA11437@ralph.sybgate.sybase.com>


I have a writing assignment coming up (nothing to do
with much that is talked about on this list), and some
example posts by Detweiler could be really handy as
references. I have one from a long time ago, but could
use some others- anybody save any for posterity? If so,
could you forward me a couple of juicy ones?

thanks-


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From paul at hawksbill.sprintmrn.com  Thu Jul  7 14:00:44 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Thu, 7 Jul 94 14:00:44 PDT
Subject: Damnit!
In-Reply-To: <9407072040.AA07826@ralph.sybgate.sybase.com>
Message-ID: <9407072203.AA19804@hawksbill.sprintmrn.com>



> 
> At  3:20 PM 07/07/94 -0500, Jim choate wrote 69K of forwards
> (so far) that I would much rather look at in sci.math or
> sci.stat.math than in my mailbox, unrequested. Didn't we have
> a little forwarding talk recently enough for your avarage
> televangelist viewer to remember it?
> 
> Kindly cut it out.
>

No shit. 

*plonk*

Choat receives the prestiged kill-file award for 7 July 1994.

- paul
 




From ktk at anemone.corp.sgi.com  Thu Jul  7 14:14:05 1994
From: ktk at anemone.corp.sgi.com (Katy Kislitzin)
Date: Thu, 7 Jul 94 14:14:05 PDT
Subject: cypherpunks mbone this sat.
Message-ID: <9407072112.AA20037@anemone.corp.sgi.com>


The monthly meeting of cypherpunks will be broadcast on the mbone this
saturday, july 9, from noon to 6.  The ports and ID's are as follows:

audio:  64264	51421
video:  43185	51863

This is being advertised using sd as well.

The main topic will be discussion of Phil Karn's swIPe package, which
was announced at Usenix last month.  It allows one to set up encrypted
IP tunnels over the exisiting IP network.  

For those of you interested in attending in person, the meeting will
be held at Silicon Graphics in Cafe Iris, building 5.  To get there,
get off 101 at Shorline, and head towards the ampetheater.  Turn right
into the SGI parking lot after Charlston, and continue down to just
before the circle.  Building 5 will be on your right.

NOTE:  THE SGI PARKING LOTS ARE BEING RE-SURFACED THIS WEEKEND.  SO
YOU WILL HAVE TO PARK ON THE MAIN CAMPUS DRIVE OR ON THE CONCRETE
PARKING AREAS.  

--kt
Katy Kislitzin
Silicon Graphics
I/S Network Software
ktk at corp.sgi.com







From gtoal at an-teallach.com  Thu Jul  7 16:24:49 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 7 Jul 94 16:24:49 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <199407072324.AAA18575@an-teallach.com>


	From: Jim choate <ravage at bga.com>
	Subject: (fwd) Re: BSD random() - any good (source included)?

Jeezus fucking christ, you're just doing this to wind me up, aren't
you?

Any more of these turn up in my mailbox and they get bounced
straight back to you.  I have to pay by the minute for this
connection.  Keep it up and you'll pay too, believe me.

G





From jpb at gate.net  Thu Jul  7 16:45:38 1994
From: jpb at gate.net (Joseph Block)
Date: Thu, 7 Jul 94 16:45:38 PDT
Subject: (fwd) Junk
In-Reply-To: <199407072010.PAA29167@ivy.bga.com>
Message-ID: <199407072345.TAA94056@inca.gate.net>




AAAAAAAAAAAAARRRRRRRRRRRRRRRRRRRRRGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHH!!!!!!!!!

Didn't we just bitch up a storm about forwarded crap?

Paying by the minute,

jpb at gate.net




From an65 at vox.hacktic.nl  Thu Jul  7 16:45:39 1994
From: an65 at vox.hacktic.nl (an65 at vox.hacktic.nl)
Date: Thu, 7 Jul 94 16:45:39 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <199407072345.AA05844@xs4all.hacktic.nl>


> At  3:20 PM 07/07/94 -0500, Jim choate wrote 69K of forwards
> (so far) that I would much rather look at in sci.math or
> sci.stat.math than in my mailbox, unrequested. Didn't we have
> a little forwarding talk recently enough for your avarage
> televangelist viewer to remember it?
 
> Kindly cut it out.

I guess cypherpunks would rather not write or even read code, but
simply gossip about usenet kooks and pedophiles.

> ___________________________________________________________________
> Jamie Lawrence                                  <jamiel at sybase.com>
> 

c at lib@n


--------------------------------------------------------------------------
To find out more about the anon service, send mail to  help at vox.hacktic.nl
Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl
Direct replies to the sender of this message are -not- anonymised..<YuK>..





From grendel at netaxs.com  Thu Jul  7 17:15:35 1994
From: grendel at netaxs.com (Michael Handler)
Date: Thu, 7 Jul 94 17:15:35 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407072345.AA05844@xs4all.hacktic.nl>
Message-ID: <Pine.3.89.9407072058.B9405-0100000@unix2.netaxs.com>


On Sat, 8 Jul 1994 an65 at vox.hacktic.nl wrote:

> > At  3:20 PM 07/07/94 -0500, Jim choate wrote 69K of forwards
> > (so far) that I would much rather look at in sci.math or
> > sci.stat.math than in my mailbox, unrequested. Didn't we have
> > a little forwarding talk recently enough for your avarage
> > televangelist viewer to remember it?
>  
> > Kindly cut it out.
> 
> I guess cypherpunks would rather not write or even read code, but
> simply gossip about usenet kooks and pedophiles.

	[1] Simply because you don't read new software announcements 
every day doesn't mean people aren't writing code. I am, for one, but 
people have other jobs and responsities to take care of.

	[2] Less than a week after a small flame war about forwarding, 
and a suggestion that it be restricted to posting pointers to relevant 
info, Jim forwards over 65K of relevant, though specialized information 
that no-one had requested. Simply saying "There's some real informative 
posts about RNGs in sci.math, thread name "XXX"" have been helpful, 
faster, saved bandwidth and people's mailboxes, and not started up this 
flame war.

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule






From jamiel at sybase.com  Thu Jul  7 17:19:31 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 7 Jul 94 17:19:31 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <9407080018.AA21680@ralph.sybgate.sybase.com>


At  1:11 AM 07/08/94 +0200, Nobody wrote:

>I guess cypherpunks would rather not write or even read code, but
>simply gossip about usenet kooks and pedophiles.


Nobody either

 - Is baiting for fun
or
 -   Actually thinks mailbombing 700+ people with easily
     accessible information on a subject tangental to
     this list is a Good Idea,
 and
 -   doesn't have the slightest clue what proper conduct
     in a public forum is.

For Nobody's sake, I hope it is the former. But if it
happens to be the latter- Nobody, write me with an address
I can reach you at and I'll send you lots and lots of code
for you to read, every day, if you choose. That will help
your productivity *immensely*.

>c at lib@n


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From frissell at panix.com  Thu Jul  7 17:30:12 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 7 Jul 94 17:30:12 PDT
Subject: cypherpunks mbone this sa
Message-ID: <199407080029.AA12827@panix.com>


To: cypherpunks at toad.com


K>The monthly meeting of cypherpunks will be broadcast on the mbone this
K>saturday, july 9, from noon to 6.  The ports and ID's are as follows:
K>
K>audio:  64264	51421
K>video:  43185	51863
K>
K>This is being advertised using sd as well.

Anyone in the New York area with a workstation?  I'd love to listen (or 
watch).  I'd bring beer!

DCF

--- WinQwk 2.0b#1165
                                                                                                                       





From hayden at vorlon.mankato.msus.edu  Thu Jul  7 17:50:32 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 7 Jul 94 17:50:32 PDT
Subject: cypherpunks mbone this sa
In-Reply-To: <199407080029.AA12827@panix.com>
Message-ID: <Pine.3.89.9407071929.A452-0100000@vorlon.mankato.msus.edu>


On Thu, 7 Jul 1994, Duncan Frissell wrote:

> Anyone in the New York area with a workstation?  I'd love to listen (or 
> watch).  I'd bring beer!

Uh, I hate to be stupid, but can anyone explain what exactly this Mbone 
thing is and how to access it?  

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From ifarqhar at laurel.ocs.mq.edu.au  Thu Jul  7 18:03:10 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Thu, 7 Jul 94 18:03:10 PDT
Subject: Mastercard, Visa, Access, Barclaycard, Amex, JCB ...
In-Reply-To: <9407071722.AB05853@ralph.sybgate.sybase.com>
Message-ID: <199407080101.AA07281@laurel.ocs.mq.edu.au>


>I believe modern card readers for at least MC/Visa use some form of
>encryption, but for backwards compatibility the central offices also
>work unencrypted. In the hotel I used to work in, the card reader
>certainly didn't encrypt.

My fiance regularly configures remote EFTPOS (Electronic Financial Transcation
at Point Of Sale) terminals from her job in the 24 hour answer centre of a
major bank in this state, and when she is doing so she reads a "public key" 
off the screen to for the vendor to key into the unit.  Sounds very much like 
some sort of assymetric session key exchange to me, and I'd lay money on the 
symmetric cipher behind that being DES.  Apparently there is also an 
Australian Standard for the ecryptographic exchange of pin numbers, and I 
know that DES is also sanctified in an AS (and recommended by DSD, who even 
now still consider DES "appropriate" for the banking industry).

						Ian.




From jrochkin at cs.oberlin.edu  Thu Jul  7 18:32:45 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 7 Jul 94 18:32:45 PDT
Subject: Question: Key Distr. in realtimeo applications?
Message-ID: <199407080132.VAA14746@cs.oberlin.edu>


Well, I've gotten a few hundred pages into Applied Crypoto, and am now
educated enough to realize what the things are that I don't know.

One question I have is regarding how protocols for realtime
communications work, like say a encrypted voice conversation.

I know there are such things,such as Clipper, but I assume
Clipper/skipjack is atypical in many ways. But maybe I'm wrong. 

Anyhow, I'd guess that in such applications, a random one-time session
key is generated for a symmetric encryption method. Is this correct?
If so, how is this key distributed to both participants? You could use
public-key cryptography in some way to distribute the session key,
similar to what DES does, but then how do you distribute the public
keys so as to avoid a man in the middle attack?

Ideally, you want to pick up your crypto-phone, initiate a call to
another crypto-phone which you've never called before, and which was
possibly manufactured yesterday, and be able to exchange keys with it
in a secure fashion.  But I can't think of any way to do this, without
opening yourself up to a man in the middle attack.

How does clipper solve this problem? How do other potential realtime
protocols? Or do they just ignore it, and assume that it's going to be
too hard to do a succesful man-in-the-middle attack quickly enough for
a realtime conversation? That would seem to me to be a dangerous
assumption. 

I'd appreciate it if anyone could help me out.





From ifarqhar at laurel.ocs.mq.edu.au  Thu Jul  7 19:03:08 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Thu, 7 Jul 94 19:03:08 PDT
Subject: Question: Key Distr. in realtimeo applications?
In-Reply-To: <199407080132.VAA14746@cs.oberlin.edu>
Message-ID: <199407080200.AA10330@laurel.ocs.mq.edu.au>


>How does clipper solve this problem? 

It does not.  The Clipper initative (FIPS-185) deals solely with the
specification of a symmetric cipher with escrowed keys.  Key exchange
and authentication is outside the scope of the protocol, but most
implementations would probably use something like a D-H key exchange
to do it (remember that a Clipperphone guarantees privacy between yourself
and the person on the other end, but does NOT authenticate them to you
or you to them.  Man in the middle attacks are obviously possible,
depending on the key exchange protocol that your Clipperphones employ.)

						Ian.




From cort at ecn.purdue.edu  Thu Jul  7 19:55:45 1994
From: cort at ecn.purdue.edu (cort)
Date: Thu, 7 Jul 94 19:55:45 PDT
Subject: Question: Key Distr. in realtimeo applications?
In-Reply-To: <199407080132.VAA14746@cs.oberlin.edu>
Message-ID: <199407080255.VAA24461@en.ecn.purdue.edu>


> If so, how is this key distributed to both participants?

Find Diffie-Hellman in your Schneier.

D-H is a fundamental (in the sense of foundations) protocol which
transmits information "invisibly" (mathematically speaking).

For related invisibility, read about the Dining Cryptographers.

Cort.




From adam at bwh.harvard.edu  Thu Jul  7 20:43:12 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Thu, 7 Jul 94 20:43:12 PDT
Subject: Question: Key Distr. in realtimeo applications?
In-Reply-To: <199407080132.VAA14746@cs.oberlin.edu>
Message-ID: <199407080339.XAA20138@duke.bwh.harvard.edu>



Jonathan Rochkind wrote:

| How does clipper solve this problem? How do other potential realtime

Capstone implements Diffie Hillman key exchange, as well as providing
some form of RNG on chip.  As others have pointed out, Clipper does
not do key exchange.

Adam




-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From tcmay at netcom.com  Thu Jul  7 21:12:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 7 Jul 94 21:12:08 PDT
Subject: The Dining Cryptographers Protocol
Message-ID: <199407080411.VAA12599@netcom.netcom.com>



Cort mentioned the Dining Cryptographers, and since many of you have joined
the list since I last posted this, I thought I'd post it again. This
article is an informal introduction, written originally for the Extropians
list.

The full version of David Chaum's paper on the Dining Cryptographers is at
the ftp.csua.berkeley.edu site in pub/cypherpunks.

--Tim May



>From: tcmay at netcom.com (Timothy C. May)
>Subject: The Dining Cryptographers Protocol
>To: cypherpunks at toad.com
>Date: Mon, 16 Nov 92 1:10:10 PST
>Cc: tcmay at netcom.com (Timothy C. May)
>X-Mailer: ELM [version 2.3 PL11]
>Status: OR
>
>Fellow Dining Cryptographers (and Cypherpunks),
>
>Hal Finney has been suggesting I forward to this list some articles I
>wrote for another list of like-minded folks, the "Extropians" list. We
>had some fascinating discussions of digital money, DC-nets, digital
>pseudonyms (a la Vernor Vinge's "True Names," as Hal has noted), etc.
>Basically the stuff I put in my .signature, and so on.
>
>These topics are, in my opinion, at the core of what we are doing on
>this list. It is highly gratifying to see the pieces falling into
>place. And at our crypto session  at the Hackers Conference, it became
>clear to many people just how close we are.
>
>So since Hal just forwarded me one of my old postings, how can I
>resist? (I still _have_ my old posts, but no longer on my NETCOM
>system, so reposting them takes a bit of effort. So I'll just forward
>to you the posting Hal just forwarded to me!)
>
>Hal Finney writes:
>
>I was looking through some old Extropians messages and found this
>one which you wrote about DC nets.  I don't know if you archive your
>old messages, but I thought this had some good stuff, especially at the
>end where you talk about the applications of crypto anonymity.  You
>would probably want to change the use of Extropians to Cypherpunks or
>some such, if you wanted to re-post it there.
>
>Hal
>
>
>Return-Path: <uunet!gnu.ai.mit.edu!extropians-request>
>To: Extropians at gnu.ai.mit.edu
>From: uunet!netcom.com!tcmay (Timothy C. May)
>Subject: Dining Cryptographers
>X-Original-To: Extropians at gnu.ai.mit.edu
>Date: Tue, 18 Aug 92 15:45:34 PDT
>X-Extropian-Date: Remailed on August 18, 372 P.N.O. [22:46:47 UTC]
>Reply-To: uunet!gnu.ai.mit.edu!Extropians
>
>Marc R. has opened the door for me to get into some really exciting
>stuff:
>>
>> Tim May mentioned a new method from Chaum for defeating traffic analysis:
>>
>> > Chaum has since improved the tamper-responding "mix" by going to a pure
>> > software scheme which he calls "the Dining Cryptographers Protocol." It's
>> > described in Vol. 1, Number 1 of "Journal of Cryptology," 1988. If there's
>> > interest, I'll summarize it.
>>
>> Yes, please, Tim!
>>
>>
>> M.
>
>Complexity Warning: This stuff (I'm being informal) is easy once you
>get the basic idea. But getting the basic idea usually involves reading
>several articles on what RSA, digital signatures, etc., are all about,
>working out some examples, thinking about it, drawing pictures with
>other folks, and finally having an "Aha!" experience (in Werner Erhard's
>terms, you "get it"). The ASCII nature of the Net is not conducive to learning
>this stuff, despite the excellent summaries of crypto by Marc R. and Perry M.
>
>The almost-latest "Scientific American," August, has an article by David Chaum
>on digital money, and the latest "Spectrum," available at selected newstands,
>has several articles on security and cryptography. Also, there are lots of
>books. Look 'em up in a university library or flip through them at a large
>technical bookstore and pick the one you like the most. (I like a slim
>Springer-Verlag paperback, "Modern Cryptology," by Gilles Brassard, 1988, as
>a good intro to "modern"--as opposed to "classical"--crypto.)
>
>If the stuff in this posting, and on crypto in general, is beyond your
>current understanding, either ignore it, skim it and try to get the gist,
>or dig into the articles and books.
>
>Anyway, back to "The Dining Cryptographers Problem: Unconditional Sender and
>Recipient Untraceability," David Chaum, Journal of Cryptology, I, 1, 1988.
>Since this journal is hard to get, I'll discuss the article in some detail.
>(The techniques have major implications for anarchocapitalism and for
>Extropian ideas.)
>
>Abstract: "Keeping confidential who sends which messages, in a world where any
>physical transmission can be traced to its origin, seems impossible.
>The solution presented here is unconditionally or cryptographically secure,
>depending on whether it is based on one-time-use keys or on public keys.
>respectively. It can be adapted to address efficiently a wide variety of
>practical considerations."
>
>A word on terminology: "Unconditionally secure" means what it says: no
>computer will ever crack it. One-time pads are unconditionally secure...no
>code or cipher is involved, except the one-time pad, so the message is
>secure as long as the pad has not been compromised. "Cryptographically
>secure" means secure so long as various crypto ciphers are secure, which
>may be for a very, very long time (e.g., with very large primes, in RSA).
>
>Chaum describes some "dining cryptographers," which I will playfully change
>to "dining Extropians." (The term is of course a variant of the seminal
>"dining logicians problem" in computer science)
>
>Three Extropians are having dinner, perhaps in New York City. Their waiter
>tells them that their bill has already been paid, either by the NSA
>or by one of them. The waiter won't say more.
>
>The Extropians wish to know whether one of them paid, or the NSA paid. But
>they don't want to be impolite and force the Extropina payer to 'fess up,
>so they carry out this protocol (or procedure):
>
>Each Extropian flips a fair coin behind a menu placed upright between himself
>and the Extropian on his right. The coin is visible to himself AND to the
>Extropian on his left. Each Extropian can see his own coin and the coin to his
>right.
>
>STOP RIGHT HERE! Please take the time to make a sketch of the situation I've
>described. If you lost it here, all that follows will be a blur. I'm sparing
>you folks my attempt at an ASCII drawing!
>
>Each Extropians then states out loud whether the two coins he can see are the
>SAME or are DIFFERENT, e.g., "Heads-Tails" means DIFFERENT, and so forth. For
>now, assume the Extropians are truthful.
>
>A little bit of thinking shows that the total number of "DIFFERENCES" must
>be either 0 (the coins all came up the same), or 2. Odd parity is impossible.
>
>Now the Extropians agree that if one of them paid, he or she will SAY THE
>OPPOSITE of what they actually see. Remember, they don't announce what their
>coin turned up as, only whether it was the same or different as their neighbor.
>
>Suppose none of them paid, i.e., the NSA paid. Then they all report the truth
>and the parity is even (either 0 or 2 differences). They then know the NSA
>paid.
>
>Suppose one of them paid the bill. He reports the opposite of what he actually
>sees, and the parity is suddenly odd. That is, there is 1 difference reported.
>The Extropians now know that one of them paid. But can they determine which
>one?
>
>Suppose you are one of the Extropians and you know you didn't pay. One of the
>other two did. You either reported SAME or DIFFERENT, based on what your
>neighbor to the right (whose coin you can see) had. But you can't tell which
>of the other two is lying! (You can see you right-hand neighbor's coin, but
>you can't see the coin he sees to his right!)
>
>This all generalizes to any number of people. If none of them paid, the parity
>is even. If one of them paid, the parity is odd. But which one of them paid
>cannot be deduced. And it should be clear that each round can transmit a bit,
>e.g., "I paid" is a "1". The message "Attack at dawn" could thus be "sent"
>untraceably with multiple rounds of the protocol.
>
>The Crypto Ouija Board: I explain this to people as a kind of ouija board.
>A message, like "I paid" or a more interesting "Transfer funds from.....,"
>just "emerges" out of the group, with no means of knowing where it came
>from. Truly astounding.
>
>Now there are many interesting wrinkles and elaborations to this protocol. I'll
>note just a few.
>
>1. Collusion. Obviously the Extropians can collude to deduce the payer.
>This is best dealt with by creating multiple subcircuits (groups doing the
>protocol amongst themselves). Lots more stuff here. Chaum devotes most of the
>paper to these kind of issues and their solutions.
>
>2. With each round of this protocol, a single bit is transmitted. Sending
>a long message means many coin flips. Instead of coins and menus, the
>neighbors would exchange lists of random numbers (with the right partners,
>as per the protocol above, of course. Details are easy to figure out.)
>
>3. Since the lists are essentially one-time pads, the protocol is
>unconditionally secure, i.e., no assumptions are made about the difficulty
>of factoring large numbers or any other crypto assumptions.
>
>4. Participants in such a "DC-Net" (and here we are coming to the heart
>of the "crypto anarchy" I have mentioned several times, and which is
>perhaps foolishly advertised in my .sig) could exchange CD-ROMs or DATs,
>giving them enough "coin flips" for zillions of messages, all untraceable!
>The logistics are not simple, but one can imagine personal devices, like
>smart card or Apple "Newtons," that can handle these protocols (early
>applications may be for untraceable brainstorming comments, secure
>voting in corportate settings, etc.)
>
>5. The lists of random numbers (coin flips) can be generated with standard
>cryptographic methods, requiring only a key to be exchanged between the
>appropriate participants. This eliminates the need for the one-time pad,
>but means the method is now only cryptographically secure, which is
>often sufficient. (Don't think "only cryptographically secure" means
>insecure....the messages may remain encrypted for the next billion years)
>
>6. Collisions occur when multiple messages are sent at the same time. Various
>schemes can be devised to handle this, like backing off when you detect
>another sender (when even parity is seen instead of odd parity). In large
>systems this is likely to be a problem. Solutions are left as an exercise.
>
>7. Noise. Some participants may try to flood the circuit with spurious
>messages, to defeat the system or for whatever other reasons. This is
>still an issue. (If there's anything to take away from crypto, it's that
>nothing is as simple as it looks, that there are always devious ways to
>spoof, jam, and forge. I expect you've seen this from some of the debate
>on digital voting schemes.)
>
>What Can "DC-Net" Be Used For?:
>
>* Untraceable mail. Useful for avoiding censorship, for avoiding lawsuits,
>and for all kinds of crypto anarchy things.
>
>* Fully anonymous bulletin boards, with no traceability of postings or
>responses. Illegal materials can be offered for sale (my 1987 canonical
>example, which freaked out a few people: "Stealth bomber blueprints for
>sale. Post highest offer and include public key."). Think for a few minutes
>about this and you'll see the profound implications.
>
>* Decentralized nexus of activity. Since messages "emerge" (a la the ouija
>board metaphor), there is no central posting area. Nothing for the government
>to shut down, complete deniability by the participants.
>
>* Only you know who your a partners are....in any given circuit. And you can
>be in as many circuits as you wish. (Payments can be made to others,
>to create a profit motive. I won't deal with this issue, or with the issue
>of how reputations are handled, in this posting.)
>
>* The tamper-responding "digital mixes" can still be useful, and may supplement
>this purely software-based approach.
>
>* Digital money gets involved, too, both for payments in this system, and in
>terms of "alternative currencies." I'm not an economist, so I'll leave this
>for others to go into in more detail.
>
>Enough for now. Chaum's work is just the start. These systems can initially be
>set up for "innocuous" purposes like research into crypto techniques (not yet
>banned in the U.S.), role-playing games, religions, and the like. Once
>they get going, it'll be too late to stop the other things.
>
>Hope you liked this summary. Please read the articles...there's just no way
>my posting can do justice to them (though I admit I've concentrated my efforts
>on the political aspects, which "respectable" crypto researchers rarely
>mention, so perhaps the flavor here is a bit more Extropian than you'll
>find elsewhere.)
>
>--Tim (part of the "Too Many Tims!" Conspiracy)
>
>--
>..........................................................................
>Timothy C. May         | Crypto Anarchy: encryption, digital money,
>tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
>408-688-5409           | knowledge, reputations, information markets,
>W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
>Higher Power: 2^756839 | PGP Public Key: awaiting Macintosh version.
>
>

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From nobody at kaiwan.com  Thu Jul  7 21:23:15 1994
From: nobody at kaiwan.com (Anonymous)
Date: Thu, 7 Jul 94 21:23:15 PDT
Subject: PGP Keys on a Floppy
Message-ID: <199407080422.VAA03006@kaiwan.kaiwan.com>


frissell at panix.com "Duncan Frissell" wrote

>> C.><< some suggestion to keep keys secure on floppy>>

>> DOS users can always encrypt their keyfile on a floppy encrypted with 
>> SecureDrive.  <G>

Someone suggested keeping both the keyring as well as the PGP.EXE itself on
a WRITE PROTECTED floppy.  Doesn't RANSEED.BIN need to be in the same
directory, and doesn't it need to be WRITEABLE?

-





From hkhenson at cup.portal.com  Thu Jul  7 22:16:21 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Thu, 7 Jul 94 22:16:21 PDT
Subject: AA BBS case/update
Message-ID: <9407072217.2.2741@cup.portal.com>


[I wrote this for CuD, but decided the issue is urgent enough to post 
it other places before the next issue comes out.  Apologies to Jim T.] 
************* 

Re File 9 of the 5 July issue of CuD,--Some thoughts on the AA BBS, 
the Advocate writes:

>Stuff about the AA BBS case.  This case is essentially a war of ideas.
>Can a backwards, pigheaded state like Tennessee set the moral and
>cultural standard of a sophisticated state like California?

So far they are making a serious attempt.

>I say not,  and like minded individuals agree with us.

I would guess that 90+ percent of the people on the net agree, but 
they don't control the federal legal and police forces. 

>These "Reagan-Jungians" need to be beaten back.  The best light is that
>of the First Amendment.  Bring the press in, point out the vital issues.

While the press has been somewhat supportive, they don't get the 
connection between *their* presses and what an adult BBS provides.  
They don't understand the need to defend on the margins *before* you 
get your heart ripped out.  ("First they came for the Pornographers . 
. .) 

>The judge will be embarrassed if the AP or Court TV is televising
>what this action is about.

Federal courts don't admit TV.  The original bust with its obvious 
frame up of the sysop was reported on local (Bay area) TV.  None of 
those involved seem to be embarrassed in the slightest.  (Though Judge 
Brazil did remove himself from the case after being accused of serious 
breaches of conduct.) 

As a follow on what I posted mid January, it turns out that 
possessing kiddy porn is not a crime in the 9th district.  The 
Excitement Video case in California ruled the law unconstitutional on 
appeal.  Newsom (the TN prosecutor) specializes in porn and must have 
been up on this landmark case.  The case was local to California, so 
the local prosecutors would have known about it as well.  It has 
always been a mystery as to why postal inspector Dirmeyer did not have 
warrant for the kiddy porn he mailed to the sysop just before he came 
in. 

We now figure they left it off on purpose because even a corrupt judge 
who knew about the EV case would not issue a warrant for something he 
knew was legal!  However, until the Supreme court rules on a case and 
unifies the law, possession of kiddy porn *is* a crime in the 6th 
district (where Tennessee is located).  So, the sysop was indicted 
*there* after being framed for possession in California!  Aside from 
the frame up, this raises the issue of:  Can someone be charged with a 
crime in a different district of the country when what they did would 
not be a crime where it was done?  The feds in Tennessee seem to think 
they can do it.  (Ah, well.  California has some odd notions of how 
far they can reach on things like sales and income taxes.)                 
                                  
>Has anyone tried contacting the Playboy Foundation or the Guccione 
>Foundation.  Contact people like Spider Robinson  or William Gibson. 
>Publicity can only help. 

Yes Playboy Foundation, no Guccione.  Playboy was marginally helpful.  
Does anyone have an address or number for any of those mentioned? 

>Especially given the candy ass tricks the prosecutors are trying out.

Right you are!  This is clearly political/religious persecution. (Does 
anyone know anything about the Conservative Caucus??)  But what the 
hell can you do when the courts ignore their own rules and cater to 
the prosecutors?  The court should dismiss this one on the speedy 
trial issue alone (40 days over the limit), but the judge has not 
ruled on several of the defendant's motions to dismiss, such as the 
NAFTA issue.  The judge and prosecutor seem determined to break the 
defendant financially.  

For example, the last time Richard Williams (the AA BBS lawyer) went 
to Memphis for a hearing, neither the judge (Gibbons) nor the 
prosecutor (Newsom) assigned to the case showed up.  All Richard could 
do was to turn around and come home with $2000 in plane fare and 
expenses down the drain.  

There is a hearing Friday, (July 8, 1994) at which the judge will ask 
Richard a single question--"are you ready for trial July 18" and to 
which he will answer "yes."  This could be accomplished by telephone, 
but the judge said "show up or else."  (Fortunately Richard was able 
to get a local lawyer to show up in his place and say "yes.")  I very 
much doubt *they* will be ready for trial, since the judge has not 
ruled on the motions in anything approaching the time allowed by court 
rules.  

My bet based on watching this business since January is that the judge 
will stall till the trial starts, rule against all motions, and start 
a trial which will be overturned on appeal just to break the AA BBS 
sysop financially.  There seems to be no rules against this vile 
misuse of judicial power--nor any forum in which you can complain. 
(Except the media--which is rather reluctant to support anyone whom 
the government has smeared with the "hot button" of child porn.) 

>Bring heat to Reno and Clinton.

I haven't got a clue as to how to do this.  I can't (and neither can 
anyone else who has tried) even reach Veronica Coleman, the local US 
Attorney, much less her boss Janet Reno.  Actually, I feel for Clinton 
because there are likely people who *do* know how to hold his feet to 
the fire.  My bet is that the NSA/CIA/FIB/XYZ knows (as someone put it 
on eff.talk) something Hillery does not. I am beginning to think that 
top politicians should fuck sheep and abuse children on live TV.  
Otherwise, those who know about their minor sins have an arm lock on 
them.  J. Edgar Hoover abused the US Presidents this way for all of 
his long career. 

>If this case is to be tried, it should be in california.

Judge Gibbons *did* rule on this one--denied.  There wouldn't *be* a 
case in California.  You can buy everything the AA BBS sysop was 
accused of selling within 10 blocks of the Federal Courthouse in San 
Francisco. 

>The Advocate.

Keith Henson  (who finds that the government disobeying the rules 
makes him itch!)





From sico at hacktic.nl  Thu Jul  7 22:16:27 1994
From: sico at hacktic.nl (Sico)
Date: Thu, 7 Jul 94 22:16:27 PDT
Subject: Detwiler's Crypto Mailing List
Message-ID: <487_9407072347@apsf.hacktic.nl>



Hello Graham,

Thursday July 07 1994 15:07, Graham Toal wrote:

 GT> : From: Peterwheat at aol.com

 GT> : I found this by doing a keyword search (cryptography) in America
 GT> Online's : database of mailing lists.  I thought it might be of interest
 GT> to the : cypherpunks mailing list:

 GT> Oh God :-(  Either Detweiler has got himself an AOL account or all AOL
 GT> people are as clueless as they're reputed to be...

Honestly, I wouldn't know. However, if you read FAQ's carefully as they are
posted to (amongst others) news.answers, there are some which mention CRAM, an
acronym used by Detweiler referring to a service he has for folks who don't
wish to be bothered to handle anything except the content of their FAQ.

In the blur with which those FAQ's end he always mentions his current email
address, and lately that has been tmp at netcom.com.

[rest deleted]

CU,  Sico (sico at hacktic.nl).





From kentborg at world.std.com  Thu Jul  7 22:52:10 1994
From: kentborg at world.std.com (Kent Borg)
Date: Thu, 7 Jul 94 22:52:10 PDT
Subject: Question: Key Distr. in realtimeo applications?
Message-ID: <199407080551.AA04892@world.std.com>


There are two ways around the problem of a faked public key.

1) spread it widely enough that it is hard to fake the several lookups
you might do before first using it (you gonna doctor every cypherpunk
posting I see which includes a key?  gotta have a good middle to not
get caught sitting there)

2) have a single well known key sign a copy of the key you want to be
accepted as legit--and if that is too busy a task for the very
important single key holder, just sign a few keys (one for Oberlin,
for example) and have *them* sign further keys (including a copy of
their signed credentials).  This signing of credentials can be
extended indefinitely.  (Apple uses this scheme with RSA coding in
their forthcoming mail support for the Mac--or at least did, I have
not played with the recent betas.)

And these two approaches work together.  If my keyring has dozens of
keys from the same organization, all signed with the same organization
key, it becomes very difficult to get me to accept a fake.  (Assuming
there is software support for easily doing this kind of checking,
something I don't think is in PGP, etc.)

Encryption of voice: same problems as other key authorization
situations, but often easier.  If I call my mother, I don't care what
key she uses, I will recognize her voice, how she speaks, and what she
appears to know--things that are not yet fakeable except by very good
actors with lots of time to study their roles.

One-time key, how to distribute to both participants: don't.  Let each
pick a random key and sent it to the other using the other's public
key--no need to use the same key in both directions, in fact seems a
bad idea.

-kb, the Kent


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From ponder at freenet.scri.fsu.edu  Thu Jul  7 22:56:20 1994
From: ponder at freenet.scri.fsu.edu (P. J. Ponder)
Date: Thu, 7 Jul 94 22:56:20 PDT
Subject: Fortune magazine
Message-ID: <Pine.3.89.9407080103.A27236-0100000@freenet3.scri.fsu.edu>



>From the July 11 _Fortune_ magazine, in an article about "25 cool companies":

     The battle over how to ensure the privacy and security of
     communication in cyberspace pits the spy masters at the National
     Security Agency, with thousands of people and a budget said to be in
     excess of $10 billion a year, against a small, privately held
     California company.  Nearly everyone in Silicon Valley seems to be
     rooting for the little guy.  RSA is a darling of libertarian hackers
     because it sells a way to keep digital exchanges indecipherable by
     unwanted eyes, including those of Big Brother.
                              . . .

Multiple authors, the RSA piece was by Alan Deutschman (deutschman at aol.com).
Interesting blurb, two quotes from Jim at RSA.  The article also covers Mosaic
Communications, Enterprise Integration Technologies, McAfee Assoc., Cisco
Systems, Infosafe, Scientific Computing Assoc., Security Dynamics, & others.

On another subject, does RIPEM interoperate with PGP or other public key 
software?  I have version 1.0.5 for DOS.  Thanks for any replies.
ponder at freenet.scri.fsu.edu  





From thumper at kaiwan.com  Thu Jul  7 23:07:11 1994
From: thumper at kaiwan.com (thumper)
Date: Thu, 7 Jul 94 23:07:11 PDT
Subject: PGP Keys on a Floppy
In-Reply-To: <Pine.3.87.9407071042.A15556-0100000@panix.com>
Message-ID: <Pine.3.89.9407072226.C12619-0100000@kaiwan.kaiwan.com>


On Thu, 7 Jul 1994, Duncan Frissell wrote:

> C.><< some suggestion to keep keys secure on floppy>>
> 
> DOS users can always encrypt their keyfile on a floppy encrypted with 
> SecureDrive.  <G>
> 

What I do is I zipped up my pubring.pgp and secring.pgp files into an 
encrypted zip file, then used PGP's conventional encryption to encrypt 
the zipfile.

Then to use pgp, I run a batch file that copies the encrypted zip files to a 
ramdrive, decrypt the conventional encryption by prompting for the password, 
then having pkunzip decompress the zipfile and prompting for it's password, 
and then presto.


Thumper (yeah, just Thumper) =-=-=-=-=-=-=-=-=- GREP THIS NSA! =-=-=-=-=-=-=-
thumper at kaiwan.com           - PGP NSA ViaCrypt 2600 Phrack EFF #hack LOD/H =
Finger for PGP 2.6 Pub Key   = 950 FBI MindVox ESN KC NUA QSD Hacker DEFCON -
Big Brother *IS* watching!   - SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS =






From nobody at rebma.rebma.mn.org  Thu Jul  7 23:35:50 1994
From: nobody at rebma.rebma.mn.org (nobody at rebma.rebma.mn.org)
Date: Thu, 7 Jul 94 23:35:50 PDT
Subject: No Subject
Message-ID: <199407080536.AAA00475@rebma.rebma.mn.org>


with all this talk about bank card transactions, you remind me that i
did a software project for remote credit card verification a while back.
my part was the interface to the auth network.

anybody curious what's in those transaction messages?






From lcottrell at popmail.ucsd.edu  Thu Jul  7 23:39:04 1994
From: lcottrell at popmail.ucsd.edu (Lance Cottrell)
Date: Thu, 7 Jul 94 23:39:04 PDT
Subject: FW: Physical storage of key is the weakest link
Message-ID: <199407080638.XAA11815@ucsd.edu>


-----BEGIN PGP SIGNED MESSAGE-----

chris.claborne at sandiegoca.ncr.com writes:
><< some suggestion to keep keys secure on floppy>>
>
><<Lance Cottrel writes:
>If your passphrase is good (128+ bits of entropy), then your private key is
>as secure as the messages that you send. Although it need be broken only
>once, I see no real danger of IDEA being compromised in the near future.
>Given a good passphrase, I would suggest that you want multiple copies of
>your key to prevent loss or accidental destruction. My passphrase is > 30
>characters. Fortunately Mac PGP remembers the key during any given session
>so typing is kept down a bit.
>>>
>
>If you are really paranoid, keeping your private keys super secure is a good 
>idea.  If a bad guy were come and steal them all she needs to do find out 
>your passphrase (using all kinds of attacks.... camera over your desk....) 
>and bingo, they can read all past and future message traffic to you...

There are two things to be paranoid about. One is that other people could
get access to your information. The other is that you might loose access to
your information and the ability to autheniticate yourself.

My personal comfort level is currently: having a few coppies of the secret
key which I keep physical control over,  only using PGP on my personal
computer, and protecting it with a very inconvinient passphrase. Should I
also mention that I keep the key, PGP, and all my other crypto stuff on an
encrypted partition?

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhz1+FVkk3dax7hlAQGNlgP9EYV7YWcLCeoNqGYJjZ46KcCglhB3zcpC
mu/e1Jr26GPDyKNQySEvVuGNAKKQs0Ep9K1HIUmTt5jaalMh+SE4eeNwfuTV3RtT
bsy32E0n7AwTMgOLNeA1jhkBFTxpCnT0lSTO/oKQecnukkkgtxlcl+7gzrs1yhn8
R+V4bZoukCc=
=W255
-----END PGP SIGNATURE-----

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







From warlord at MIT.EDU  Fri Jul  8 00:39:01 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 8 Jul 94 00:39:01 PDT
Subject: Fortune magazine
In-Reply-To: <Pine.3.89.9407080103.A27236-0100000@freenet3.scri.fsu.edu>
Message-ID: <9407080738.AA05269@toxicwaste.media.mit.edu>


> On another subject, does RIPEM interoperate with PGP or other public key 
> software?  I have version 1.0.5 for DOS.  Thanks for any replies.
> ponder at freenet.scri.fsu.edu  

RIPEM does not interoperate with PGP, but it may interoperate with
other programs, like TIS/PEM, which attempt to implement the RFC 1421
message-format spec.

It turns out that the signature algorithms are similar, so it may be
possible in a future version of PGP (3.0?) to get the signatures to be
equivalent, so you could, theoretically, convert a signed PGP document
into a signed RIPEM document (and vice-versa).

Since RIPEM uses DES (or triple-DES), and PGP uses IDEA, encrypted
documents are not cryptographically equivalent.

Hope this helps..

-derek





From werner at mc.ab.com  Fri Jul  8 03:56:21 1994
From: werner at mc.ab.com (tim werner)
Date: Fri, 8 Jul 94 03:56:21 PDT
Subject: AA BBS case/update
In-Reply-To: <9407072217.2.2741@cup.portal.com>
Message-ID: <199407081057.GAA04155@sparcserver.mc.ab.com>


>From: hkhenson at cup.portal.com
>Date: Thu,  7 Jul 94 22:17:22 PDT

> ... Aside from 
>the frame up, this raises the issue of:  Can someone be charged with a 
>crime in a different district of the country when what they did would 
>not be a crime where it was done?

Ask Noriega.


>>Bring heat to Reno and Clinton.
>
>I haven't got a clue as to how to do this.

Not necessary.  Reno has already accepted full responsibility for what
happened at Waco.  She'll be stepping down soon.  Or at least saying
she's sorry it happened.

tw





From perry at imsi.com  Fri Jul  8 05:38:12 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 8 Jul 94 05:38:12 PDT
Subject: cypherpunks mbone this sat.
In-Reply-To: <9407072112.AA20037@anemone.corp.sgi.com>
Message-ID: <9407081237.AA05379@snark.imsi.com>



Katy Kislitzin says:
> This is being advertised using sd as well.
> 
> The main topic will be discussion of Phil Karn's swIPe package, which
> was announced at Usenix last month.  It allows one to set up encrypted
> IP tunnels over the exisiting IP network.  

It was John Ioannidis' swIPe package, and it was not merely announce
but released. Phil has done a similar package for KA9Q and was one of
the designers of the protocol, but please give John credit for his
hard work.

Perry





From sdw at lig.net  Fri Jul  8 05:54:23 1994
From: sdw at lig.net (Stephen D. Williams)
Date: Fri, 8 Jul 94 05:54:23 PDT
Subject: your mail
In-Reply-To: <199407080536.AAA00475@rebma.rebma.mn.org>
Message-ID: <m0qMBc9-0009ycC@sdwsys>



> 
> with all this talk about bank card transactions, you remind me that i
> did a software project for remote credit card verification a while back.
> my part was the interface to the auth network.
> 
> anybody curious what's in those transaction messages?
> 

YES!  Any and all information regarding those standards would be very
helpful.  I'm a merchant and have their PC software, but want to connect
my Unix system directly...  (and automatically).

I was planning on reverse engineering the datastream.

This is not a complete announcement, but I'm working with someone who is
going to do the equivalent of credit card factoring, but with checks.
(You send a transaction, he prints the check, with validation.)
He's also working on EFT.

This will be a new Internet service.

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together
Newbie Notice:                          (Surfer's know the score...)
     I speak for LIGCo., CCI, myself, and no one else, regardless of
     where it is convenient to post from or thru.




From perry at imsi.com  Fri Jul  8 06:16:28 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 8 Jul 94 06:16:28 PDT
Subject: Counting Bits
In-Reply-To: <199407071547.QAA09077@an-teallach.com>
Message-ID: <9407081316.AA05465@snark.imsi.com>



Graham Toal says:
> PS I dunno what superoptimisizer Perry is talking about but I've
> never heard of a real one that works.  You have to feed in a complete
> machine description at register transfer level and i don't know if
> those exist for real machines; also the problem is almost certainly
> exponential time for a *guaranteed* solution as Perry claims is
> possible.

As I've noted, Henry Massalin invented the superoptimizer -- and it
works -- a much slower but publically available implementation that
Henry had nothing to do with is available from the FSF as "Gnu
Superopt".

Perry






From mpj at csn.org  Fri Jul  8 06:21:33 1994
From: mpj at csn.org (Michael Johnson)
Date: Fri, 8 Jul 94 06:21:33 PDT
Subject: ZiffWire article on PGP 2.6 (fwd)
Message-ID: <Pine.3.89.9407080719.A6400-0100000@teal.csn.org>



I asked Philip Zimmermann what he thought of the ZiffWire article on PGP, 
and this is what he said:

---------- Forwarded message ----------
Date: Thu, 7 Jul 1994 22:29:24 -0700 (MDT)
From: Philip Zimmermann <prz at acm.org>
To: Michael Johnson <mpj at csn.org>
Subject: ZiffWire article on PGP 2.6 (fwd)

Forwarded message:
>From columbine!prz Thu Jul  7 20:58:25 1994
Date: Thu, 07 Jul 1994 20:55:20 -0700 (MDT)
From: Philip Zimmermann <prz at acm.org>
Subject: ZiffWire article on PGP 2.6
To: cypherpunks at toad.com (Cypherpunks)
Cc: prz at pascal.acm.org
Reply-To: Philip Zimmermann <prz at pascal.acm.org>
Message-Id: <m0qM65x-0002vqC at maalox.ppgs.com>
X-Mailer: ELM [version 2.4 PL22]
Content-Type: text
Content-Transfer-Encoding: 7BIT
Content-Length: 2943

I would like to correct a misleading assertion that appeared in 
an article dated 5 July, attributed to "PC Week via INDIVIDUAL, Inc"
that came from ZiffWire.  The apparent author of the article is Eamonn
Sullivan.  I think it was posted on the Cypherpunks mailing list.  The
article concerns Pretty Good Privacy, version 2.6, distributed by MIT.

The misleading and damaging paragraphs follow:

  >  MIT and RSA's distribution of PGP Version 2.6 is an attempt to short-
  >circuit PGP's popularity. After Sept. 1, 1994, PGP 2.6 will no longer work
  >with documents and keys generated and encrypted by older versions of PGP,
  >and it is licensed for use only in the United States.
  >
  >  The release is already causing upheaval, since its public-key format is
  >different than in prior versions, and numerous public-key repositories will
  >have to be updated.
  >
  >[07-05-94 at 17:19 EDT, Copyright 1994, ZiffWire, File: c0705185.2zf]

This assertion is erroneous and damaging to PGP's reputation.  PGP 2.6
will always be able to read messages, signatures, and keys from older
versions, even after September 1st.  The older versions will not be able
to read messages, signatures and keys produced by PGP 2.6 after September
1st.  This is an entirely different situation.  There is every reason for
people to switch to PGP 2.6, because it will be able to handle both data
formats, while the older versions will not.  Until September, the new PGP
will continue to produce the old format that can be read by older versions,
but will start producing the new format after that date.  This delay allows
time for everyone to obtain the new version of PGP, so that they will not
be affected by the change.  Key servers will still be able to carry the
keys made in the old format, because PGP 2.6 will still read them with no
problems.  The assertion made in the article has it backwards, which
would indeed be bad if PGP were to start behaving that way.  If it did,
I wouldn't use it myself.

I call upon ZiffWire and PC Week to issue a correction to this error.

Also, note that any export restrictions on PGP 2.6 are imposed by the US
government.  This does not imply that MIT or myself agree with these
restrictions.  We just comply with them.  We do not impose additional
licensing restrictions of our own on the use of PGP outside of the US,
other than those restrictions that already apply inside the US.  PGP
may be subject to export controls.  Anyone wishing to export it should
first consult the State Department's Office of Defense Trade Controls.

I developed PGP 2.6 to be released by MIT, and I think this new
arrangement is a breakthrough in the legal status of PGP, of benefit to
all PGP users.  I urge all PGP users to switch to PGP 2.6, and abandon
earlier versions.  The widespread replacement of the old versions with
this new version of PGP fits in with future plans for the creation of a
PGP standard.

Philip Zimmermann








From ravage at bga.com  Fri Jul  8 06:33:18 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 8 Jul 94 06:33:18 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <Pine.3.89.9407072058.B9405-0100000@unix2.netaxs.com>
Message-ID: <199407081333.IAA16281@zoom.bga.com>


> 
> 	[2] Less than a week after a small flame war about forwarding, 
> and a suggestion that it be restricted to posting pointers to relevant 
> info, Jim forwards over 65K of relevant, though specialized information 
> that no-one had requested. Simply saying "There's some real informative 
> posts about RNGs in sci.math, thread name "XXX"" have been helpful, 
> faster, saved bandwidth and people's mailboxes, and not started up this 
> flame war.
>
The forwards were crypto related and relevant to some of the members who
don't have anything other than e-mail accounts. How do you propose these
folks get this info?

Also how about those folks who have a low latency system and the posts
in various medium to high traffic systems gets flushed regularly. These
posts were several days old and I suspect in many systems were ready to
flush (they were on mine, I 'tripped' over them doing maintenance for
something else) to the bit bucket.

And do you seriously propose that I or any other member ask prior to 
submissions? It is really funny that in general I get a few more thanks
for such posts than self-interested rebuttals like this.

While it is true that some of my questions are off the wall, I will 
continue to ask them. If they bother then .kill me. As an aside to this
I will continue to remail articles of technical interest (what c-punks
is about last I heard anything) that I feel have a good case of being
lost. 

I would also like to ask a question on a personal (no flame intended) 
nature. Were you going to post said message about these usenet submissions?
Other than myself I see very few such re-posts from anything other than
a newsgroup w/ 'crypt' in it somehow.

The flame ware, as I understand it anyway, had to do with forwarding 
multiple copies of EFF and similar material which is minimaly related
to cyrypto and most users actively look for it. I doubt a lot of the 
users here check out sci.math, sci.chaos, sci.neural-nets, etc. 

If we are really going to continue this thread then a serious discussion
relating to c-punks and some form of submission standard needs to be agreed
upon. 





From ravage at bga.com  Fri Jul  8 06:37:52 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 8 Jul 94 06:37:52 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
In-Reply-To: <199407072324.AAA18575@an-teallach.com>
Message-ID: <199407081337.IAA16451@zoom.bga.com>


> 
> Jeezus fucking christ, you're just doing this to wind me up, aren't
> you?
>
Actually, no. I couldn't care less about what pushes your buttons.
I came across a couple of crypto related usenet messages that were 
going in the bit bucket, no reference to them had been made. Yes
I could have typed and typed and typed various messages about them
but it was easier to forward them. 

> Any more of these turn up in my mailbox and they get bounced
> straight back to you.  I have to pay by the minute for this
> connection.  Keep it up and you'll pay too, believe me.

I also pay for my accounts out of my own pocket. If you expect to be 
active in a field you can expect to have to pay a minimum price to become
competant. 

Bounce away, my 'd' key works just fine. I personaly feel such attitudes
are childish but hey, it is a semi-free country - do what you feel is right.

As to making me pay, is this the c-punks mailing list or a shool-yard?






From adam at bwh.harvard.edu  Fri Jul  8 06:58:09 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 8 Jul 94 06:58:09 PDT
Subject: Question: Key Distr. in realtimeo applications?
In-Reply-To: <199407080551.AA04892@world.std.com>
Message-ID: <199407081353.JAA20694@duke.bwh.harvard.edu>


Kent writes:

| One-time key, how to distribute to both participants: don't.  Let each
| pick a random key and sent it to the other using the other's public
| key--no need to use the same key in both directions, in fact seems a
| bad idea.

	Sending your otp by RSA reduces the security of your OTP to
that of RSA, since if your RSA key can be broken, the otp can be
obtained.  Since the problem is barely more difficult than factoring
your rsa key (or craking the one time idea password in use), there is
no security gain to the otp.

	otp's require that they be securely distributed.  Usually,
this means a courier with a briefcase full of cd-roms handcuffed to
his wrist, or some other similarly paranoid means.


Adam

-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From ravage at bga.com  Fri Jul  8 07:10:08 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 8 Jul 94 07:10:08 PDT
Subject: C-punks in print...
Message-ID: <199407081409.JAA17451@zoom.bga.com>


Hi all,

For those interested there is an article in the July 94 issue of Circuit     
Cellar Ink: The Computer Applications Journal on pp. 36.

It specificaly mentions the c-punks and their position (ala Gilmore) on 
various issues of crypto and constitutional rights. Is a good article but
shallow on technical details. It is intended more as a pump primer for those
poor souls doing real-time control apps.

I would say it is worth the time to read.

Take care.






From crame001 at hio.tem.nhl.nl  Fri Jul  8 08:20:48 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Fri, 8 Jul 94 08:20:48 PDT
Subject: Announcement: PGS v0.99c
Message-ID: <9407081319.AA00362@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----

PGS v0.99c is out there!

This new version of PGS supports 8 bytes keyid's. 
This version will be able to run in a OS/2 DOS box.

PGS v0.99c is available on the following site:
wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099c.zip

I hope that at the end of next week PGS v0.99c will be available
at SimTel too...
(oak.oakland.com:/SimTel/security/pgs099c.zip)

Do not throw away 0.99b yet because we did the bugfix a bit fast because
we want to have it ready before the hollidays...

- -- 

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
- --------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLh1SOYDAdPKe9hHLAQFkXAP/UTodjE7HqCGVZAazLAxdYrWcrVgMsYBa
kPjn2litqpxZWusMjqTIS3+vHYHrEhXCzBexl69CEo1XQ46PNe1kbrbpwPxGCwzc
uCryNVeZ+sOdpJOTAWmPmEYM151X2w7KEjI7vPMmgShQGjQlOBWR0PvQ3VOEd61U
mUP6FCfW5HQ=
=aEkc
-----END PGP SIGNATURE-----




From nobody at soda.berkeley.edu  Fri Jul  8 08:47:25 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Fri, 8 Jul 94 08:47:25 PDT
Subject: (fwd) New ITAR Indictment
Message-ID: <199407081547.IAA25671@soda.berkeley.edu>




Are you serious?


(fwd)

From: chuckles at MCS.COM (Jason Skiles)
Newsgroups: alt.security.pgp,comp.org.eff.talk,comp.org.cpsr.talk
Subject: New ITAR Indictment
Date: 8 Jul 1994 01:02:56 -0500
 


Reprinted with permission from the Chicago Sun-Tribune, 5 July 1994:

>From Sun-Tribune Wires

Washington, D.C.-
        In a Rose Garden press conference early this morning, Justice
Department spokesmen announced the indictment of a Washington, DC.
computer bulletin board system (BBS) operator, one Mr. Gil Bates, for
violation of ITAR munitions export laws in connection with the operation
of the infamous 'We got yer nudes here' BBS.

        According to federal authorities, many of the graphics files, or
'gif' files, named for their storage format, contained, when examined with
a common hex editor, the value 0xAAAA, which can be used to encrypt data
in such a way as to make it extremely difficult for intelligence and law
enforcement agencies to recover the encrypted data.

        "0xAAAA first came to our attention a few weeks ago," explained
Deputncrypted] file, by
using a complicated algorithm known as 'exclusive or' and a 'mask' or
encryption key, of, for example, "0xAAAA."

        Agents were stunned.  "It's an entirely new and sinister turn of
events in the field," said Miller.  "We'd be helpless against such an attack."
Miller went on to explain just how secure such a scheme would be.  "When
we need to crack some encrypted data, for example, email someone sends to
his lawyer that we think may contain incriminating evidence," we usually
just hand it to thenstitutional issues
involved there, but we're working on it."  He refused to elaborate.

        Once the technique was known, news spread quickly throughout the
law-enforcement community.  "This was a shot across the bow, a real
wake-up call for us," said one Justice Department source.  "We moved
immediately, meeting with the vice-president and a professor from Georgetown.
They were reluctant at first, but we mentioned organized crime and terrorists
and they came around to our point of view."


        But why forbid the 'mask' or 'key' instead of the algorithm itself,
the 'exclusive-or' technique?  "That's sort of a funny story," explained
Miller.  "We were going to at first, but it turns out that the Clipper
and Capstone chips [part of a government-designed key escrow system] make
use of the algorithm in places.  Of course, there were a few 0xAAAA's too,
but the NSA assures us they've got a workaround."

        Bates loudly proclaims his innocence.  "This is stupid, really stupid.
It's just a 16-bit value, like any other.  They can't restrict it.  I'm...
I'm at a loss.  This is just too stupid to comment on."

        The case got weaker late this afternoon when it was revealed that the
file in question didn't actually leave the country, but was retrieved by
an FBI agent in Virginia.

        "Obviously this compromises our case somewhat," admitted Miller,
"since Virginia isn't a foreign country.  But someone in another country
could have done the same thing, easily.  That should count for something."
Schneider noted that "Even though we'll probably have to drop the ITAR case,
we did come up with something.  He had a copy of PGP [a 'guerilla freeware'
encryption package popular with subversives and criminals] and some files
he'd protected with it."  "We think they were maybe lists of children he
an FBI agent in Virginia.

        "Obviously this compromises our case somewhat," admitted Miller,
"since Virginia isn't a foreign country.  But someone in another country
could have done the same thing, easily.  That should count for something."
Schneider noted that "Even though we'll probably have to drop the ITAR case,
we did come up with something.  He had a copy of PGP [a 'guerilla freeware'
encryption package popular with subversives and criminals] and some files
he'd protected with it."  "We think they were maybe lists of children he
abused, or something," says Schneider.  "Yeah, or something," added Miller.

[Pre-flame apologies go out to those who object to the inclusion of 'serious'
groups in the newsgroups list.  If you know any silly ones where this would
be more welcome, feel free to send it along.]

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Jason "Chuckles" Skiles |  <Insert a clever quotation here.>             |
| chuckles at mcs.com        |                 - <misattribute it here>       |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Any opinions I express are also those of every single school, company,   |
| and organization I've ever been in any way associated with.  Honest.     |
++++++++++++++++++++++++++finger for PGP public key+++++++++++++++++++++++++


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%ES^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%.A'J%;"Y7E2J[QT=&)]L
M0`F:L=MI*O?R!?N6/E3TTZ6WF^B=ZP9][Y)B)J)4PF/%M3XOVYT^Y;!E*9Y9
$\U3XF@``
====Encrypted-Sender-End====





From lefty at apple.com  Fri Jul  8 09:17:15 1994
From: lefty at apple.com (Lefty)
Date: Fri, 8 Jul 94 09:17:15 PDT
Subject: 
Message-ID: <9407081616.AA29958@internal.apple.com>


>On Wed, 6 Jul 1994, Mike Markley wrote:
>> can't be broken in a reasonable amount of time. I'm  interested in what
>> most of the people on this list would consider a reasonable amount of
>> time though.
>
>NEVER is what I consider a reasonable amount of time.
>I don't want my secure thoughts broken for public display
>in my lifetime. Or any of my children's lifetime. Or there
>children's lifetime. ..........

You had better not have any "secure thoughts" then.  "Forever" is enough
time to break _any_ cipher.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From lefty at apple.com  Fri Jul  8 09:17:17 1994
From: lefty at apple.com (Lefty)
Date: Fri, 8 Jul 94 09:17:17 PDT
Subject: "Cypherpunk" vs. "Cryptorebel"
Message-ID: <9407081615.AA29953@internal.apple.com>


>On Wed, 6 Jul 1994, Lefty wrote:
>
>> >I like the label "cryptorebel" better than "cypherpunk".  The word
>> >"punk" just does not seem right, while "rebel" does.   I do have a
>> >certain attachment to "cypherpunk".  Comments?
>>
>> If it weren't for nitpickers, we'd all be knee-deep in nits.
>
>   There is too much "name recognition" in "cypherpunk" for it to be dropped 
>now...IMHO.

A more serious problem with the name "cryptorebel", which did not
immediately occur to me, is that crypto-whatever generally means "someone
who denies being a 'whatever' but, in fact, is one".

In the words of Inigo Montoya, "You keep using that word, but I don't think
it means what _you_ think it does".

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From kinney at bogart.Colorado.EDU  Fri Jul  8 09:18:52 1994
From: kinney at bogart.Colorado.EDU (W. Kinney)
Date: Fri, 8 Jul 94 09:18:52 PDT
Subject: Curve Encrypt 1.1 Release
Message-ID: <9407081618.AA06189@bogart.Colorado.EDU>



-----BEGIN PGP SIGNED MESSAGE-----


Curve Encrypt 1.1, IDEA encryption for the Macintosh is now available.

Curve Encrypt is a freeware drag-and-drop encryption application for the 
Macintosh. It uses IDEA cipher-feedback mode with a 255 character pass 
phrase, encrypts both the data and resource forks of files, and will
encrypt the contents of a folder or volume in a single operation. Source
code is provided, natch. CE is System 7 only.

(Note that this program has nothing whatsoever to do with elliptic curve
encryption methods, just so nobody gets confused...)


NEW FOR 1.1

The following changes have been made for the 1.1 release:

o Faster encryption and decryption.

o Faster file wipes.

o Department of Defense standard file wiping is now an option.

o The "Use as default pass phrase" selection is no longer present. Instead, 
Curve Encrypt 1.1 uses keyfiles, a more reliable way to reuse pass phrases. 

oJCurve Encrypt now saves the creation and modification dates of files when 
they're encrypted, and restores them to their original values when a file is 
decrypted. 

o An incompatibility with the Super Boomerang utility has been fixed.



Ftp Sites:

ripem.msu.edu:pub/crypt/other/curve-encrypt-idea-for-mac/
This is an export controlled ftp site: read pub/crypt/GETTING_ACCESS for
information.

ftp.csn.org:/mpj/I_will_not_export/crypto_???????/curve_encrypt/
csn.org is also export-controlled: read /mpj/README for the characters 
to replace ???????.



Address for support:

Curve Software <kinney at bogart.colorado.edu>



Copyright and Distribution:

Curve Encrypt (c)1994 Curve Software. Permission is granted for distribution 
within the United States only, including products containing Curve
Software copyrighted source. Export of this software is a Federal crime.
Don't do it. 

Curve Encrypt is free.



All releases are verified with PGP signatures. Public key:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCPAiz+bEEAAAEEAMUbtdwYC1vY+s5559ERIvC1MT+Yaw3ozheaHcUciJe7cSAk
k9TpAQd7iKukKnQe5kK1YtvYm0JP6fmNrcO8AmG5ukvcOlyuri618sjpXncpQ1cL
5xeV80f3JtmheGMnqAzTK8OyfJ7zRh1PhAZcT/vVzf+JGuCuVcJkEfxTVMrJABEB
AAG0K0N1cnZlIFNvZnR3YXJlIDxraW5uZXlAYm9nYXJ0LmNvbG9yYWRvLmVkdT6J
AJUCBRAuDZ3RwmQR/FNUyskBAd4wA/90tc6Fp0T3kSrmz0Vsbn+M7eND3fNp/XVy
CW4xM6xzQK3ooRAjWBbnZbixTyhzlK33X2+EQGGYB5jWA5A+hgGOk3xYhApgBn+K
rivF0xKJxNhR4CnsummIyXLn7UPXl0HrPvKszvSCVDhtky2Sy6jNKQcmN7vkFfY+
aAe8ox8944kAlQIFEC4CAaNLsloC2TxExQEBq2gD/2KeXbfrOC3i6FsTNNrODRI1
7i23XTMiquBWmRNheVIQV1dbNKB7DWawUNaykSZiGCEooW+HRKSv3iEGvQiBu1v1
1JB/7Id10a+bIpzCzzfGQ+RvbCCTt9+gACv3JpuXtBmcvIoHKAUpbuQhUd/vR17x
6U9tNhyEa4fdefHgmUsjiQCVAgUQLQSyUSA78To+806NAQECxQP/X5rfktz8h3Je
DqX0c9IhobWL36vYGVvzqr8ViYkARMYI7Q4cKupHgDunO+Q+zKiSSsSFBlzlPe4f
dg5hJ+eDOUircFRgz5Bu/CN1jAwPdElAHc4W12yiirTvq4HggR7j37aCPz1xsUmg
zbKbiM6FI6SKTWK0faOoXoCCbGzA4v0=
=IGUN
- -----END PGP PUBLIC KEY BLOCK-----

This key is also available from the key servers.



Curve Software <kinney at bogart.colorado.edu>
Cypherpunks write code!



-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhsNVMJkEfxTVMrJAQEFfgP+K7NRta8HUqhlegb1d0r9K/DD2mHqy7tv
vKF50VVZordlKxLDryv7O5kpXIQK9iGKSZIyu42WL/L25qNJw5DpmSruNPk80ChK
n1vOwzJLSXg4qOmPcVU9ejbxzrUy+j7FUOWC3+mBeOBB/oHYBiAISx3o+UHlLDYC
52leB7ozW8U=
=B0E/
-----END PGP SIGNATURE-----





From dmarner at mis.nu.edu  Fri Jul  8 09:55:56 1994
From: dmarner at mis.nu.edu (Dan Marner)
Date: Fri, 8 Jul 94 09:55:56 PDT
Subject: Request: tamper-proofing executables
Message-ID: <9407081655.AA29629@mis.nu.edu>


   I would appreciate any pointers to documents, source code or
programs that deal with using cryptographic techniques to detect
or prevent modification of executable code. I am looking for 
something that uses either a signature or a one-way hash to detect
modifications at run time. 
   Of particular interest is information on signing a file that
includes the signature as part of the file. Is this possible with
any of the common algorithms?
                                       Thanks! Dan
-- 
Dan Marner                             dmarner at mis.nu.edu
Network Weasel
National University                    "Not on MY network!"




From grendel at netaxs.com  Fri Jul  8 10:21:07 1994
From: grendel at netaxs.com (Michael Handler)
Date: Fri, 8 Jul 94 10:21:07 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <Pine.3.89.9407081353.B13677-0100000@unix2.netaxs.com>


On Fri, 8 Jul 1994, Dan Marner wrote:

>    I would appreciate any pointers to documents, source code or
> programs that deal with using cryptographic techniques to detect
> or prevent modification of executable code. I am looking for 
> something that uses either a signature or a one-way hash to detect
> modifications at run time. 
>    Of particular interest is information on signing a file that
> includes the signature as part of the file. Is this possible with
> any of the common algorithms?

	Hoom. Last year, I was working on an idea I head, of making 
self-encrypting executables. It used a simple XOR with a hardcoded value. 
Not very secure, but that wasn't the point. The XOR was meant to deter 
decompilers and stupid k00l /<-Rad hackerz from hex-editing the strings 
in the program. It as, of course, vulnerable to debuggers, but I did run 
into code later meant to deter them as well...
	My ramblings here do have a point, and it's this: It's VERY 
difficult to get an executable protection or encryption scheme to be 
undefeatable. If they have a debugger, a decompiler, and various other 
crypto-verification tools, they can defeat your scheme. Put a CRC of the 
MD5 hash in the file to make sure they don't replace the hash? They can 
generate the CRC of their hash and replace it in the file.
	I have yet to devise or find a foolproof [ ;) ] or unbreakable 
protection scheme. I'mm starting to think there's no such animal. What 
you CAN do is protect your executables against file corruption, viruses, 
and lame-0 hacker dudez. But, getting any secure PGP-level security is 
very difficult.
	OTOH, if anyone else has come up with a scheme that is hard to 
break / unbreakable, *please* come formward and correct me. I have a few 
applications that I'd like to apply this to. :)

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule






From grendel at netaxs.com  Fri Jul  8 10:36:12 1994
From: grendel at netaxs.com (Michael Handler)
Date: Fri, 8 Jul 94 10:36:12 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407081333.IAA16281@zoom.bga.com>
Message-ID: <Pine.3.89.9407081354.C13677-0100000@unix2.netaxs.com>


On Fri, 8 Jul 1994, Jim choate wrote:

> > 	[2] Less than a week after a small flame war about forwarding, 
> > and a suggestion that it be restricted to posting pointers to relevant 
> > info, Jim forwards over 65K of relevant, though specialized information 
> > that no-one had requested. Simply saying "There's some real informative 
> > posts about RNGs in sci.math, thread name "XXX"" have been helpful, 
> > faster, saved bandwidth and people's mailboxes, and not started up this 
> > flame war.
> >
> The forwards were crypto related and relevant to some of the members who
> don't have anything other than e-mail accounts. How do you propose these
> folks get this info?

From: Jim choate <ravage at bga.com>
Subject: Good RNG generator information available.

	Hey, cpunks! For those of you who are interested in random number 
generation, there's a great deal of discussion going on over in sci.math, 
thread name "XXX". If the articles have expired on your site, or if you 
don't have news access, mail me, and I'll send them out to everyone who 
wants one later on.

-- Just an idea... This is what I was doing with the  2600 Cellular 
Telephone article, except that my list of address get scragged along with 
my mail dir.

> While it is true that some of my questions are off the wall, I will 
> continue to ask them. If they bother then .kill me. As an aside to this
> I will continue to remail articles of technical interest (what c-punks
> is about last I heard anything) that I feel have a good case of being
> lost. 

	[1] Your questions (off-the-wall or not) don't bother me.
	[2] I very rarely killfile people.
 
> I would also like to ask a question on a personal (no flame intended) 
> nature. Were you going to post said message about these usenet submissions?
> Other than myself I see very few such re-posts from anything other than
> a newsgroup w/ 'crypt' in it somehow.

	No. I don't have the time or mathematical knowledge to read 
sci.math and determine whahould be forwarded to cypherpunks or not. 

> The flame ware, as I understand it anyway, had to do with forwarding 
> multiple copies of EFF and similar material which is minimaly related
> to cyrypto and most users actively look for it. I doubt a lot of the 
> users here check out sci.math, sci.chaos, sci.neural-nets, etc. 

	[1] THe EFF forads were VERY crypto related (HR 3627), we just 
got sick of seeing 4 copies of the same article pop up.
	[2] DO you know that no-one here reads those groups? I don't, but 
considering the number of intelligent and varied people here, that's a 
dangerous assumption.

> If we are really going to continue this thread then a serious discussion
> relating to c-punks and some form of submission standard needs to be agreed
> upon. 

	Agreed.
--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule






From tcmay at netcom.com  Fri Jul  8 10:44:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 8 Jul 94 10:44:30 PDT
Subject: All the free energy in the universe...
In-Reply-To: <9407081616.AA29958@internal.apple.com>
Message-ID: <199407081723.KAA25917@netcom5.netcom.com>



> You had better not have any "secure thoughts" then.  "Forever" is enough
> time to break _any_ cipher.
> 
> --
> Lefty (lefty at apple.com)

Not to split universes here, but it is interesting to consider that
some ciphers may not be breakable in _our_ universe, in any amount of
time.

Our universe presumably has some finite number of particles (currently
estimated to be 10^73 particles). This leads to the "even if every
particle were a Cray Y-MP it would take..." sorts of thought
experiments.

But I am considering _energy_ here. Ignoring reversible computation
for the moment, computations dissipate energy (some disagree with this
point). There is some uppper limit on how many basic computations
could ever be done with the amount of free energy in the universe. (A
rough calculation could be done by calculating the energy output of
stars, stuff falling into black holes, etc., and then assuming about
kT per logical operation. This should be accurate to within a few
orders of magnitude.)

I haven't done this calculation, and won't today, but the result would
likely be something along the lines of X joules of energy that could
be harnessed for computation, resulting in Y basic primitive
computational steps.

I can then find a modulus of 3000 digits or 5000 digits, or whatever,
that takes more than this number of steps to factor.

Caveats:

1. Maybe there are really shortcuts to factoring. Certainly
improvements in factoring methods will continue. (But of course these
improvements are not things that convert factoring into a less than
exponential-in-length problem...that is, factoring appears to remain
"hard.")

2. Maybe reversible computations (a la Landauer, Bennett, et. al.)
actually work. Maybe this means a "factoring machine" can be built
which takes a fixed, or very slowly growing, amount of energy. In this
case, "forever" means Lefty is probably right.

3. Maybe the quantum-mechanical idea of Shore is possible. (I doubt
it, for various reasons.)

Anyway, this post is of no practical importance.

However, I continue to find it useful to think of very large numbers
as creating "force fields" or "bobbles" (a la Vinge) around data. A
5000-decimal-digit modulus is as close to being unbreakable as
anything we'll see in this universe.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From gtoal at an-teallach.com  Fri Jul  8 10:54:43 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 8 Jul 94 10:54:43 PDT
Subject: Question: Key Distr. in realtimeo applications?
Message-ID: <199407081753.SAA16383@an-teallach.com>


: Ideally, you want to pick up your crypto-phone, initiate a call to
: another crypto-phone which you've never called before, and which was
: possibly manufactured yesterday, and be able to exchange keys with it
: in a secure fashion.  But I can't think of any way to do this, without
: opening yourself up to a man in the middle attack.

The physical key exchange can be done by Diffie-Helman, but as you note it
can be man-in-the-middled.  I think what the STU sets do is to print the 
other guy's keyprint that was actually used on an LCD on the phone, and you
read it back out to each other in voice mode.  Of course, that can be
m-i-t-m'd too but it's a damn sight harder...

G





From adam at bwh.harvard.edu  Fri Jul  8 11:03:20 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 8 Jul 94 11:03:20 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <199407081759.NAA00751@bwface.bwh.harvard.edu>


Dan Marner:

|    I would appreciate any pointers to documents, source code or
| programs that deal with using cryptographic techniques to detect
| or prevent modification of executable code. I am looking for 
| something that uses either a signature or a one-way hash to detect
| modifications at run time. 
|    Of particular interest is information on signing a file that
| includes the signature as part of the file. Is this possible with
| any of the common algorithms?

	Tripwire will run as a seperate UNIX process to detect changes
to things that you define.  Most people who use it use it to watch
systems security.  We also use it to watch some software thats being
run through an FDA trial period; we have to document that it has not
changed at any point during the trial.

	Tripwire can be found in cert.org:pub/tools/tripwire.


Adam

-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From talon57 at well.sf.ca.us  Fri Jul  8 11:06:01 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Fri, 8 Jul 94 11:06:01 PDT
Subject: ITAR violation?
Message-ID: <199407081805.LAA27723@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----


Someone anonymously posted;


>Reprinted with permission from the Chicago Sun-Tribune, 5 July
>1994:

>From Sun-Tribune Wires

>Washington, D.C.-
>        In a Rose Garden press conference early this morning,
>Justice Department spokesmen announced the indictment of a
>Washington, DC. computer bulletin board system (BBS) operator, one
>Mr. Gil Bates, for violation of ITAR munitions export laws in
>connection with the operation of the infamous 'We got yer nudes
>here' BBS.


 I would like to point out that the two major Chicago Papers are
the Chicago Sun Times, and the Chicago Tribune. There is no Sun-
Tribune. I liked the references to "A Georgetown Professor" and the
obvious reference to Steganography, but otherwise this story reeks.

 Why the Hell post it anonymously? Larry are you out there?


 A lifelong Chicago resident

Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLh2UVtCcBnAsu2t1AQGI8QP/d60uwuAHiGxwPTImsTZDNlfJmemX53Nn
mT3JQIiK6GsEpl/xKQsG2Y9sitcyRMbq0e++R9PGocp/muBCPqEKFPUqfroSesKU
1SmoEPboaV64soltmCAPykp8PNWAIHCJGbRjigmHJdDZsv2C1NH4vWUV0At9OAVQ
e3LZVkwzxYQ=
=REcP
-----END PGP SIGNATURE-----





From jamiel at sybase.com  Fri Jul  8 11:13:56 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 8 Jul 94 11:13:56 PDT
Subject: Request: tamper-proofing executables
Message-ID: <9407081812.AB07971@ralph.sybgate.sybase.com>


At  1:19 PM 07/08/94 -0400, Michael Handler wrote:

>        OTOH, if anyone else has come up with a scheme that is hard to 
>break / unbreakable, *please* come formward and correct me. I have a few 
>applications that I'd like to apply this to. :)

The only method I have heard (and this is merely hard to break) is to put
the hash value in a dongle. Then everyone will hate your program.

Another method that could provide interesting results is to throw
code in that will cause the program to function *differently* if
hacked. I'm thinking of (I think- correcttions wecome) AutoCad,
which was dongled and hacked, but the hack caused some math funciton
or another to return erroneous results. This is just obfusification,
but could give a hacker some major headaches.


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From kentborg at world.std.com  Fri Jul  8 11:34:18 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 8 Jul 94 11:34:18 PDT
Subject: Question: Key Distr. in realtimeo applications?
Message-ID: <199407081833.AA19143@world.std.com>


adam at bwh.harvard.edu writes:
>Sending your otp by RSA reduces the security of your OTP to that of RSA

Who said anything about sending a one time pad under RSA?  I was
talking about a session key.  Sorry not to use the buzz word "session
key", but neither did I use the buzz word "otp", I just said
"random"...

-kb

--

Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





From sandfort at crl.com  Fri Jul  8 11:42:30 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 8 Jul 94 11:42:30 PDT
Subject: ON-LINE SOURCES
Message-ID: <Pine.3.87.9407081112.A5946-0100000@crl2.crl.com>


C'punks,

I'm editing a special report on privacy.  The publisher wants a chapter on
how to use our computer to access on-line, privacy information.  What I'd
like are the names and address of privacy-related newsgroups, mailing
lists, BBSes, on-line services, etc.  Please send me your candidates 
(plus descriptions and contact information) to me via private e-mail.  
I'll collate the information and post the final version to Cypherpunks.

Thanks in advance,


 S a n d y

P.S.  Of course, Cypherpunks will be prominently mentioned in the report.









From patrick at CS.MsState.Edu  Fri Jul  8 11:49:53 1994
From: patrick at CS.MsState.Edu (Patrick G. Bridges)
Date: Fri, 8 Jul 94 11:49:53 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <9407081849.AA02710@Walt.CS.MsState.Edu>


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "MH" == Michael Handler <grendel at netaxs.com> writes:

    MH> On Fri, 8 Jul 1994, Dan Marner wrote:
    >> I would appreciate any pointers to documents, source code or
    >> programs that deal with using cryptographic techniques to
    >> detect or prevent modification of executable code. I am looking
    >> for something that uses either a signature or a one-way hash to
    >> detect modifications at run time.  Of particular interest is
    >> information on signing a file that includes the signature as
    >> part of the file. Is this possible with any of the common
    >> algorithms?

I wrote some code about six months ago to embed digital signatures
of each section of an executable in to the data section of a program
(a.out format executables). 

The program had several limitations that I know how to get around, 
but never did:
1. I only got as far signing the text section of the program
2. The signature didn't contain several important pieces of information
3. It used LUC for its algorithm, and I'd prefer to use PGP and RSAREF

Anyway, it some provides minimal security:
 If the signature is intact and verifies, you know exactly as much as
with a signed e-mail message: the author of the program (assuming you have
his public key) and that certain portions of the program haven't been 
tampered with. This is, of course useful information. I never got around
to writing the code that did verification at runtime, although it shouldn't 
be to bad: I embedded a symbol in the symbol table pointing to the signature.
I plan to try to clean it up this fall and make many changes...

    MH> I have yet to devise
    MH> or find a foolproof [ ;) ] or unbreakable protection
    MH> scheme. I'mm starting to think there's no such animal. What
    MH> you CAN do is protect your executables against file
    MH> corruption, viruses, and lame-0 hacker dudez.  

Well, it depends on what kind of protection you want. I think
foolproof runtime verification would be quite difficult, although I
still need to think about it... Any reasonable hacker would just
change most programs to jump around the verification routines. On the
other hand, I think that pre-runtime verification would be doable by a
separate program. Of course, then you have to trust that program, and
how do you verify that it hasn't been tampered with? A chicken and the egg 
problem, clearly... Let me think about it some more...

- -- 
*** Patrick G. Bridges  		patrick at CS.MsState.Edu ***
***      PGP 2.6 public key available via finger or server     ***
***             PGP 2.6 Public Key Fingerprint:		       ***
***      D6 09 C7 1F 4C 18 D5 18  7E 02 50 E6 B1 AB A5 2C      ***
***                #include <std/disclaimer.h>		       ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLh2ffEoL7Aaetl5pAQEmgwP+LD90HEpuSJm2meXT1p1oTw4Y+7B4kyrj
+huFWDnnPycLmcAf8viLjP8TE5akZKydf+ZRT3Mh+YieoiVRlDgNNydPcN7me9FQ
745PLWsv9KbcvB2AbZrQLzjlCxSToCzJP2O5Vk2QAhYnuiEODc50ACF3Ek5tIDSU
k5ev1lpXUzY=
=nSUY
-----END PGP SIGNATURE-----





From ebrandt at jarthur.cs.hmc.edu  Fri Jul  8 11:54:58 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Fri, 8 Jul 94 11:54:58 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407081333.IAA16281@zoom.bga.com>
Message-ID: <9407081854.AA23741@toad.com>


> From: Jim choate <ravage at bga.com>

> The forwards were crypto related and relevant to some of the members who
> don't have anything other than e-mail accounts. How do you propose these
> folks get this info?

First, how were they crypto-related?  They dealt with statistical tests
for distinguishing good crypto-weak RNGs from bad ones.  Anything that
even hopes to be a strong RNG will pass this sort of tests.

Second, if people don't have Usenet, telnet, or ftp access (any of which
could have been used to retrieve these articles), they can get accounts
that do what they want.  If you want to tide them over in the interim,
you could post a pointer to sci.math, with the comment that you would be
happy to mail a copy to anyone who can't get the articles by other means.

   Eli   ebrandt at hmc.edu






From ravage at bga.com  Fri Jul  8 13:05:57 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 8 Jul 94 13:05:57 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <9407081854.AA23741@toad.com>
Message-ID: <199407082005.PAA05361@zoom.bga.com>


> 
> First, how were they crypto-related?  They dealt with statistical tests
> for distinguishing good crypto-weak RNGs from bad ones.  Anything that
> even hopes to be a strong RNG will pass this sort of tests.
>
Even in your rebuttal you use 'crypto-weak' implying they are crpypto
related. I would appreciate a clarification on exactly what c-punks
means by 'crypto related'....

Seems perfectly clear to me, but obviously there is a major difference of
opinion here.

> Second, if people don't have Usenet, telnet, or ftp access (any of which
> could have been used to retrieve these articles), they can get accounts
> that do what they want.  If you want to tide them over in the interim,
> you could post a pointer to sci.math, with the comment that you would be
> happy to mail a copy to anyone who can't get the articles by other means.
>
Yes, I could do that if I were so inclined. I am not. Seems to me that just
forwarding it and letting that be that is a much better way than filling up
the mailing list with bitches about what you think somebody else should do.
Bottem line is that at this point there is no clear cut 'standard' that I 
have seen agreed on. Hell, I haven't even seen any discussion over it beyond
a bunch of polemics over what people like and don't like, which are not 
in any way necessarily related to what people need or want. One of the 
biggest problems w/ the list at this point is the range of expertise that
is present. With such a broad experience base almost any post is going to
piss somebody off. The real question is whether it is worth the time to 
reply to them (in general I hold it isn't) rather than just hitting 'd'
(which I recommend if you don't like it) and forgetting (even forgoing the
obviously popular habit of acidic replies). 

If you look at this rationaly all the discussion about pedophilia, eff,
nsa policy, etc. is really not directly related to crypto and coding. If
the main theme of this list is really 'c-punks write code' then my 
forwarding of the rng discussion (w/ code) is more appropriate to the topics
at hand than any of this other stuff. A very good analogy of how this type
of logic inversion is prevelant is the move to ban guns (no, I do NOT
want any replies to this particular topic, it is for example only!!!!)
by looking at the 2nd Amendment. If taken logicaly the reason for the 
amendment is to allow individuals to protect themselves against all
threats including the government. If followed through then any move to 
ban military weapons is un-constitutional and moves to ban non-military 
weapons are constitution - obviously not the tact taken.

The bottem line is it was crypto related, was in reference to source code,
and therefore fit the charter of this group.


>    Eli   ebrandt at hmc.edu
> 
> 





From jamiel at sybase.com  Fri Jul  8 13:26:41 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 8 Jul 94 13:26:41 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <9407082025.AB01065@ralph.sybgate.sybase.com>


At  3:05 PM 07/08/94 -0500, Jim choate wrote:

>Yes, I could do that if I were so inclined. I am not. Seems to me that just

>Bottem line is that at this point there is no clear cut 'standard' that I 

>biggest problems w/ the list at this point is the range of expertise that

>piss somebody off. The real question is whether it is worth the time to 
>reply to them (in general I hold it isn't) rather than just hitting 'd'

>The bottem line is it was crypto related, was in reference to source code,

Seeing how he is so fit for the job, and knows not only what we
all need to see, but also what the bottem line is, I hereby nominate
Jim for CypherGod, and urge him to, as his first action in that
role, to pipe all of usenet through cypherpunks, because you Just
Never Know when you might miss something that is crypto related,
and after all, if you want to be crypto-savvy, you have to pay a
little.


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From jya at pipeline.com  Fri Jul  8 13:52:32 1994
From: jya at pipeline.com (John Young)
Date: Fri, 8 Jul 94 13:52:32 PDT
Subject: BSD random() - any good (source included)
Message-ID: <199407082051.QAA14837@pipe1.pipeline.com>


Jim:

This seems not to have made it through c'punks system.

Keep up your clear and reasonable responses.

Cheers, John



Forwarding mail by: cypherpunks at toad.com () on 7/8/94 10:06:32 
AM
-------------------

Responding to msg by ravage at bga.com (Jim choate) on Fri, 8 Jul  

8:33 AM

>While it is true that some of my questions are off the 
>wall, I will continue to ask them. If they bother then 
>.kill me. As an aside to this  I will continue to 
>remail articles of technical interest (what c-punks  is 
>about last I heard anything) that I feel have a good 
>case of being  lost. 

[Stuff deleted]

>If we are really going to continue this thread then a 
>serious discussion  relating to c-punks and some form 
>of submission standard needs to be agreed  upon. 


Good points.  I appreciate Jim's dauntless rejoinder.

John






From wmo at digibd.com  Fri Jul  8 14:00:41 1994
From: wmo at digibd.com (Bill O'Hanlon)
Date: Fri, 8 Jul 94 14:00:41 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407082005.PAA05361@zoom.bga.com>
Message-ID: <9407082100.AA24516@poe.digibd.com>


On Fri, 8 Jul 1994 15:05:22 -0500 (CDT)  Jim choate wrote:
--------

> Bottem line is that at this point there is no clear cut 'standard' that I 
> have seen agreed on. Hell, I haven't even seen any discussion over it beyond
> a bunch of polemics over what people like and don't like, which are not 
> in any way necessarily related to what people need or want.

The reason for this is that people can usually get a hint; there's been no
need for a formal standard, because when someone does something irritating
several people shout, and the person has (with a couple of wild exceptions)
quit the irritating behavior.

You don't seem as far around the bend as either of the wild exceptions that
come to mind (Detweiler and that weird fellow that raved for about two weeks
two months ago) so I'm guessing you wouldn't want to be lumped in with them.
But by continuing to defend what obviously irritated a half dozen people,
with plenty more like me agreeing but unwilling to join in the fray to 
compound the problem, that's what you're courting.




From doug at OpenMind.com  Fri Jul  8 14:18:47 1994
From: doug at OpenMind.com (Doug Cutrell)
Date: Fri, 8 Jul 94 14:18:47 PDT
Subject: All the free energy in the universe
Message-ID: <13DD5626070@BlueSky.OpenMind.com>


Tim May writes:

>Not to split universes here, but it is interesting to consider that
>some ciphers may not be breakable in _our_ universe, in any amount of
>time.
>
>Our universe presumably has some finite number of particles (currently
>estimated to be 10^73 particles). This leads to the "even if every
>particle were a Cray Y-MP it would take..." sorts of thought
>experiments.
>
>But I am considering _energy_ here. Ignoring reversible computation
>for the moment, computations dissipate energy (some disagree with this
>point). There is some uppper limit on how many basic computations
>could ever be done with the amount of free energy in the universe. (A
>rough calculation could be done by calculating the energy output of
>stars, stuff falling into black holes, etc., and then assuming about
>kT per logical operation. This should be accurate to within a few
>orders of magnitude.)

The above analysis may be incorrect... there may be no limit to the amount
of computation that can be done with a given finite amount of energy.

The late Nobel laureate Richard Feynman became very interested in the
subject of computation and physics towards the end of his life.  My
understanding is that he concluded that there was no apparent limitation to
the amount of computation that could be completed with a given amount of
free energy.  Computation may indeed always dissipate energy, but Feyman's
conclusion was that this dissipated energy can be made arbitrarily small --
that there is no fundamental quantum limitation on the amount of
computation that can be performed at any given mass-energy scale.  The kT
per logical operation can always be reduced to finer and finer scales.
Presumably, this would require advances to ever new technologies, based on
new physical forces that are relevant at finer scales (down to computation
based on the interactions of quarks as in QCD, gravitons, etc.)  Of course,
since I can't give you references, you have to take this with a brick of
salt... can anyone else comment on whether they have heard this about
Feynman's conclusions?

This is distinct from the issue of "quantum computers" and Shor's recent
results... that issue has to do with whether quantum mechanics can be used
to produce *qualitatively* different types of computation.  In the above, I
am simply discussing the use of quantum mechanical principles to produce
fully "classical" computers, but with every greater computational powers
using a given amount of energy, based on physics of the ultra-small.  In
fact, classical computers today rely on quantum mechanics, as the
transistor cannot be described without it (electron tunneling, etc.)


                       __   __   __                             __
Doug Cutrell          /  ) /__) /_  /\  /    /| /|   /  /\  /  /  )
doug at OpenMind.com     \_/ /    (_  /  \/    / |/ |  /  /  \/  /__/
===================================================================







From patrick at CS.MsState.Edu  Fri Jul  8 14:32:18 1994
From: patrick at CS.MsState.Edu (Patrick G. Bridges)
Date: Fri, 8 Jul 94 14:32:18 PDT
Subject: Request: tamper-proofing executables
Message-ID: <9407082132.AA06109@Walt.CS.MsState.Edu>


-----BEGIN PGP SIGNED MESSAGE-----


The best I can think of (right now) is embedding digital signatures in
the file.  One way or another, the program is going to have be
decrypted to run (unless you're using NSA`s patented EES4400 2500 MHz
0.1 micron run-encrypted CPU :-) ).  Anyone with a debugger and a
disassembler could then derive a version of the program as it decrypts
and make a hacked up version. At least if a digital signature is in
the program and it verifies _with a program you trust_ (a very
important point), then you know who last signed it. (and who to blame
if it does something wrong or vindictive) 

Doing verification inside the program is just too messy, since a good
cracker could set up your program to always act like verified
correctly even if it was modified. It may be more difficult if the
program is encrypted, but it is still doable...

Since you almost always trust the kernel (you sort of have to on most
machines, since it can f*ck with you in so many ways, by stealing your
PGP passphrase, for example), the kernel loader might be a good place
to do this verification for important programs. (It would slow the
machine down to much to do this for _every_ program, IMHO) If a user
wants to verify his program, make the external verification program be
checked by the kernel...

In the end, you have to trust someone. Just choose very carefully
who you trust.

I guess I sort of got off on a tangent, but, oh well... I guess I need
to go revise (perhaps rewrite) my signature-embedding program,
since "cypherpunks write code." :-)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLh3FtkoL7Aaetl5pAQF2awP/WANyuh8Ivdyn226/qo2ndzRW30VA5SuO
0x5/CsSHXWYvk1VrFYzBtZtYLcADuqJdwF0dI76+yROJ7S8kKvky5ALoWudh0sSq
IT+0L0ufaL40gklSp2SulqHrNrhfoVNiVb3xImCVCUIW68nsAgwHWyRVCmcjMHJ+
zjS9KhsYo20=
=QPfM
-----END PGP SIGNATURE-----

-- 
*** Patrick G. Bridges  		patrick at CS.MsState.Edu ***
***      PGP 2.6 public key available via finger or server     ***
***             PGP 2.6 Public Key Fingerprint:		       ***
***      D6 09 C7 1F 4C 18 D5 18  7E 02 50 E6 B1 AB A5 2C      ***
***                #include <std/disclaimer.h>		       ***





From ravage at bga.com  Fri Jul  8 14:37:51 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 8 Jul 94 14:37:51 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <9407082100.AA24516@poe.digibd.com>
Message-ID: <199407082136.QAA09350@zoom.bga.com>


> 
> The reason for this is that people can usually get a hint; there's been no
> need for a formal standard, because when someone does something irritating
> several people shout, and the person has (with a couple of wild exceptions)
> quit the irritating behavior.
> 
> You don't seem as far around the bend as either of the wild exceptions that
> come to mind (Detweiler and that weird fellow that raved for about two weeks
> two months ago) so I'm guessing you wouldn't want to be lumped in with them.
> But by continuing to defend what obviously irritated a half dozen people,
> with plenty more like me agreeing but unwilling to join in the fray to 
> compound the problem, that's what you're courting.
> 
Why should a couple of dozen people who scream because they don't get 
exactly what they want dictate to a list that is 700 long?

Lump me in where you feel justified. That classification and a dollar will
by you a cheap cup of coffee.                

If there was a vociferous return on this I would be much more responsive, but
what I see is the same small group of a dozen or so bitching and bitching and
bitching and bitching....(you get the point)

What is really funny is that they bitch about crypto stuff but seem completely
happy to blather on endlessly about pedophiles, off-shore banking, and a whole
host of other topics that are completely and uterly unrelated to "c-punks
write code".

So far I have recieved no reasoned responces to these issue, a lot of opinion
and emotionaly driven wailing has shown up in my box...






From lefty at apple.com  Fri Jul  8 15:08:39 1994
From: lefty at apple.com (Lefty)
Date: Fri, 8 Jul 94 15:08:39 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <9407082157.AA06848@internal.apple.com>


Jim Choate favors us with
> 
>Why should a couple of dozen people who scream because they don't get 
>exactly what they want dictate to a list that is 700 long?
>
>Lump me in where you feel justified. That classification and a dollar will
>by you a cheap cup of coffee.                
>
>If there was a vociferous return on this I would be much more responsive, but
>what I see is the same small group of a dozen or so bitching and bitching and
>bitching and bitching....(you get the point)
>
>What is really funny is that they bitch about crypto stuff but seem completely
>happy to blather on endlessly about pedophiles, off-shore banking, and a whole
>host of other topics that are completely and uterly unrelated to "c-punks
>write code".
>
>So far I have recieved no reasoned responces to these issue, a lot of opinion
>and emotionaly driven wailing has shown up in my box...

I wasn't going to contribute to this, but Jim is apparently impervious to
reason unless _everyone_ on the list screams at him.

Don't forward reams of stuff available elsewhere to the list.  If you like,
mention where it is; offer to send copies to those who specifically request
it.

Don't post it to the list.

Add me to your "couple of dozen who scream".

On a more personal note, digging your heels in and sobbing "I won't, I
_won't_, I WON'T!" at the perfectly reasonable suggestions that have been
made to you make you seem like a puerile and self-centered preadolescent. 
Grow up.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From mech at eff.org  Fri Jul  8 15:11:47 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 8 Jul 94 15:11:47 PDT
Subject: EFF Privacy Principles commentary available
Message-ID: <199407082210.SAA19072@eff.org>


Thought this might be of immediate interest:

[from ftp.eff.org, /pub/README.changes; path refers to ftp.eff.org]

07/08/94 - Added EFF's comments on the IITF draft Privacy Principles document
           (in short: "Needs work!") - there are serious flaws in the
           document, which could lead to policies that would compromise
           privacy and security on the NII. - /pub/EFF/Policy/Privacy/
           Email_NII/iitf_principles_comments.eff

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From sandfort at crl.com  Fri Jul  8 15:22:35 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 8 Jul 94 15:22:35 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407082136.QAA09350@zoom.bga.com>
Message-ID: <Pine.3.87.9407081504.A9182-0100000@crl.crl.com>


C'punks,

On Fri, 8 Jul 1994, Jim choate wrote:

> . . .
> What is really funny is that they bitch about crypto stuff but seem completely
> happy to blather on endlessly about pedophiles, off-shore banking, and a whole
> host of other topics that are completely and uterly unrelated to "c-punks
> write code".

Not a flame here, but a slight difference of opinion.  The admonition,
"Cypherpunks write code," should be taken metaphorically.  I think "to
write code" means to take unilateral effective action as an individual. 
That may mean writing actual code, but it could also mean dumpster diving
at Mycrotronx and anonymously releasing the recovered information.  It
could also mean creating an offshore digital bank.  Don't get too literal
on us here.  What is important is that Cypherpunks take personal
responsibility for empowering themselves against threats to privacy. 


 S a n d y






From jya at pipeline.com  Fri Jul  8 15:44:50 1994
From: jya at pipeline.com (John Young)
Date: Fri, 8 Jul 94 15:44:50 PDT
Subject: BSD random() - any good (source included)
Message-ID: <199407082244.SAA06687@pipe1.pipeline.com>



Responding to msg by sandfort at crl.com (Sandy Sandfort) on Fri, 
8 Jul  3:0  PM

>Not a flame here, but a slight difference of opinion.  
>The admonition,  "Cypherpunks write code," should be 
>taken metaphorically.  I think "to  write code" means 
>to take unilateral effective action as an individual. 
>That may mean writing actual code, but it could also 
>mean dumpster diving  at Mycrotronx and anonymously 
>releasing the recovered information.  It  could also 
>mean creating an offshore digital bank.  Don't get too 
>literal  on us here.  What is important is that 
>Cypherpunks take personal  responsibility for 
>empowering themselves against threats to privacy. 


Well said.

John





From sidney at taurus.apple.com  Fri Jul  8 15:55:18 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 8 Jul 94 15:55:18 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <9407082252.AA21993@federal-excess.apple.com>


Jim Choate wants to hear from the silent majority before he'll believe that
a significant number of people were not interested in 65k of fortran code
and seeing the same message quoted 0, 1, 2, and 3 levels deep. (I thought
that was a really nice touch, even better than the Fortran code).

I'll add my two cents, and we'll see if we can get all 698 other people on
the list to respond. I won't be elitist and try to use statistics to prove
the point (As in, if 11 people bother to respond, 10 against and 1
supportive of the mailings, and there are 700 people subscribed to the
list, than what is the probability that there are at least 600 people who
not only aren't interested in having the stuff dropped in their mailbox,
but don't even want to waste time writing about it or waste other people's
time by have them read stuff about it.) After all, we saw how useless
simplified explanations of the relationship between breaking RSA and
factoring of large numbers were at convincing certain people in other
discussions, or reasoning about the uselessness of making keys that take
trillions of universe lifetimes to break instead of mere millions of years.

This discussion has been very useful to me. It got me to finally read up on
Eudora Mail's filtering facility, so now I know how to kill e-mail
automagically based on various specified criteria. Thank you, Jim. It's
always good to learn new things.

By the way, referring to a random number generator as "cryptoweak" does not
mean that it is somehow relevant to cryptography. A cryptoweak something is
a thing that is *not* useful for cryptography. Well, I suppose an article
on how cryptoweak RNGs could be used in a cryptographically strong system
would be of interest to this list, but so would an article on how Twinkies
and taco sauce could be used to create strong cryptography. But please
don't forward any usenet articles about Zippy's diet on the theory that
cypherpunks should be interested in it because of its strong
non-relationship to the purpose of this list.

 -- sidney <sidney at apple.com>








From ebrandt at jarthur.cs.hmc.edu  Fri Jul  8 16:01:10 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Fri, 8 Jul 94 16:01:10 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407082005.PAA05361@zoom.bga.com>
Message-ID: <9407082300.AA28350@toad.com>


> Even in your rebuttal you use 'crypto-weak' implying they are crpypto
> related. I would appreciate a clarification on exactly what c-punks
> means by 'crypto related'....

"Crypto-weak" as opposed to "crypto-strong", cryptographically strong.
The guy was testing BSD random(), which I think is Yet Another Linear
Congruential Generator.  If you think an LC PRNG has cryptographic
relevance, you are gravely mistaken.

What's so hard about "crypto-related"?  If you can't think of any
relationship between the articles and cryptography (technical,
social, political, whatever), don't forward them.  If they had been
about cryptoanalysis of random(), that might be relevant, though
hardly ground-breaking.

> > you could post a pointer to sci.math, with the comment that you would be
> > happy to mail a copy to anyone who can't get the articles by other means.
>
> Yes, I could do that if I were so inclined. I am not.

So I see.  You're not willing to take it upon youself to mail copies
to people who can't otherwise get them, but you're happy to inflict
irrelevant material straight out of Knuth on people who could easily
get it themselves.  What *is* your rationale here?

> The bottem line is it was crypto related, was in reference to source code,
> and therefore fit the charter of this group.

Source code, yes.  Would you like to explain its relationship to crypto?

   Eli   ebrandt at hmc.edu






From hughes at ah.com  Fri Jul  8 16:26:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 8 Jul 94 16:26:22 PDT
Subject: ANNOUNCE: Bay Area physical meeting tomorrow
Message-ID: <9407082251.AA06302@ah.com>


ANNOUNCEMENT
============

What: Bay Area cypherpunks physical meeting
Where: Silicon Graphics, Cafe Iris, Bldg 5 (directions below)
When: Saturday, July 9, 1994
      12:00 noon - 6:00 p.m. PDT

The theme for this month's meeting is swIPe, an encrypted IP package.
A Unix implementation is on soda.berkeley.edu:pub/cypherpunks/swIPe.
Please grab a copy and look at the docs before the meeting; it will
help focus the meeting.

swIPe may well be the PGP for the internet protocols.  The use of
encrypted IP channels can make remailers more secure, can help provide
real-time packet mixes.  Encrypted IP is an enabling element for full
crypto deployment.

Eric

-----------------------------------------------------------------------------
DIRECTIONS:

  Silicon Graphics, Inc.
  Building 5 (SGI Cafeteria)
  2025 North Shoreline Boulevard
  Mountain View, CA

>From 101 take Shoreline East.  This is towards Shoreline Amphitheatre.
It's also "logical east", and points more north that east.  (That is,
it's east with respect to 101 North, which points west near the exit.)
If you're coming in on 101 South, you'll cross over the bridge.

Continue on Shoreline and go past a whole bunch of other SGI
buildings.  Turn right onto Steirlin Court at the big red metal
sculpture.  There will be even more SGI buildings surrounding
you--take note of the building numbers.  Go almost to the end of this
street.  Building 5 is on the right.






From hughes at ah.com  Fri Jul  8 16:30:56 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 8 Jul 94 16:30:56 PDT
Subject: ANNOUNCE: Last minute Crypto '94 registrations
Message-ID: <9407082252.AA06306@ah.com>


Today is the official last day to register for Crypto '94.

Eric
-----------------------------------------------------------------------------
			     CRYPTO '94

			General  Information

			 August 21-25, 1994



The program: Crypto '94 is the fourteenth in a series of workshops
on cryptology held at Santa Barbara, California and is sponsored
by the International Association for Cryptologic Research, in
cooperation with the IEEE Computer Society Technical Committee on
Security and Privacy and the Computer Science Department of the
University of California, Santa Barbara. The program for the
workshop will cover all aspects of cryptology.  Formal proceedings
will be provided at the conference.

In addition to the regular program of papers selected or invited
by the program committee, there will be a poster session on Monday
evening.  There will also be a rump session on Tuesday evening for
informal presentations.  Facilities will also be provided for
attendees to demonstrate hardware, software and other items of
cryptological interest.  If you wish to demonstrate such items,
you are urged to contact the General Chair so that your needs will
be attended to.  The social program will include hosted cocktail
parties and dinners on Sunday, Monday and the Beach Barbecue on
Wednesday.  These events are included with the cost of
registration.  No evening meals will be provided at the dining
hall.

About the conference facilities:  The workshop will be held on the
campus of the University of California, Santa Barbara.  The campus
is located adjacent to the Santa Barbara airport and the Pacific
Ocean.  Accommodations are available in the university dormitories
at relatively low cost for  conference participants.  Children
under the age of 13 are not allowed to stay in the dormitories, so
those bringing small children will need to make separate
arrangements in one of several nearby hotels.  More information on
hotels is enclosed.  Parking on campus is available at no cost to
participants.

Travel information:  The campus is located approximately 2 miles
>from the Santa Barbara airport, which is served by several
airlines, including American, America West, Delta, United and US
Air.  Free shuttle bus service will be provided between the Santa
Barbara airport and the campus on Sunday and Thursday afternoons.
All major rental car agencies are also represented in Santa
Barbara, and AMTRAK has rail connections to San Francisco from the
north and Los Angeles from the south.  Santa Barbara is
approximately 100 miles north of the Los Angeles airport, and 350
miles south of San Francisco.

Registration:  Participation is invited by interested parties, but
attendance at the workshop is limited, and pre-registration is
strongly advised. To register, fill out the attached registration
form and return to the address on the form along with payment in
full before July 8, 1994.  Campus accommodations will be available
on a first come, first serve basis for attendees who register by
July 8, 1994. Late registrations, subject to a late registration
fee, may be accepted if space is available, but there are no
guarantees.  The conference fees include participation in the
program and all social functions, as well as membership to the
IACR and a subscription to the Journal of Cryptology.  The room
and board charges include dormitory lodging Sunday night through
Wednesday night and breakfast and lunch Monday through Thursday.
Technical sessions will run from Monday morning to Thursday at
noon.  A very limited number of stipends are available to those
unable to obtain funding.  Students whose papers are accepted and
who will present the paper themselves are invited to apply if such
assistance is needed.  Requests for stipends should be sent to the
General Chair before June 3, 1994.

==================================================================

				Hotels


For those who choose not to stay in the dormitories, the following
is a partial list of hotels in the area.  Those who choose to stay
off campus are responsible for making their own reservations, and
early reservations are advised since August is a popular season in
Santa Barbara.  Note that Goleta is closer to UCSB than Santa
Barbara, but a car will probably be required to travel between any
hotel and the campus.  All prices are subject to change; prices
should be confirmed by calling the individual hotels directly.
However, mention CRYPTO '94 when you are making your reservation
and in several of the hotels you will be eligible for the
university rate which can be significantly less than the normal
rates.  We are not able to block rooms in these hotels, so please
make reservations as early as possible.  The quality of the hotels
range from rather expensive beach-front resorts to basic
inexpensive accommodations.  For further information, try
contacting the Santa Barbara Convention and Visitors Center, (805)
966-9222.

South Coast Inn:  5620 Calle Real, Goleta, CA  93117.  Single is
$89; Double is $94. Call to see if they have University rates.
Contact person is Ms. Murrill Forrester (805) 967-3200, Fax (805)
683-4466.

Cathedral Oaks Lodge:  4770 Calle Real, Santa Barbara, CA 93110.
Single rates start at $75; double rates start at $85.  No
University rates available.  Prices include breakfast.  Contact
Doug Smoot or Tom Patton at (805) 964-3511.  Fax (805) 964-0075

Motel 6: 5897 Calle Real , Goleta, CA  93117.  Single rate is
$36.99 + tax.. Double rate is 42.99 + tax. (Rates are subject to
change.)  (805)  964-3596.

The Sandman Inn:  3714 State Street, Santa Barbara, CA  93105.
Single rate: $71  Double rate: $81. (805) 687-2468.  Fax (805)
687-6581.

Miramar Hotel (Beachfront): 3 miles south of Santa Barbara on U.S.
101 at San Ysidro turnoff. No  specific single or double rate.
Rooms begin at $75.  Call  Laura at (805) 969-2203.  Fax (805)
969-3163.

Pepper Tree Inn:  3850 State Street, Santa Barbara, CA  93105.
Single rate: $112  Double rate: $120.
(805) 687-5511.  Fax (805) 682-2410

Encina Lodge:  2220 Bath Street, Santa Barbara, CA  93105.  Single
rate: $112  Double rate: $118.
(805) 682-7277.  Fax (805) 563-9319.

Pacifica Suites (formerly Quality Suites):  5500 Hollister Avenue,
Santa Barbara, CA  93111 (close to campus).  Normal rates begin at
$120 for a suite.  Includes full-cooked breakfast.  Contact
Michael Ensign at (805) 683-6722.   Fax (805) 683-4121.

Upham Hotel: (bed-and-breakfast) 1404 De La Vina Road, Santa
Barbara, CA  93101.  Beginning rate: $105 per night.  (You must
mention you are attending the Crypto conference.)  Contact:
Shirley Fagardo  or reservations at  (805) 962-0058.  Fax (805)
963-2825.

The El Encanto Hotel:  1900 Lasuen Road, Santa Barbara, CA 93105.
Beginning rate: $90.  Contact: Elizabeth Spencer, (805) 687-5000.
Fax (805) 687-3903.

==================================================================

		    CRYPTO '94 Registration Form

		 Registration deadline: July 8, 1994

Last Name:________________________________________________________

First Name:__________________________________  Sex: (M)___  (F)___

Affiliation:______________________________________________________

Mailing Address:__________________________________________________

		__________________________________________________

		__________________________________________________

		__________________________________________________

Phone: _________________________   Fax: __________________________

Electronic Mail: _________________________________________________

Payment of the conference fee entitles you to membership in the
International Association for Cryptologic Research for 1995 at no
extra charge, including a subscription to the Journal of
Cryptology, published by Springer-Verlag, at no extra charge.  Do
you wish to be an IACR member?   YES_____  NO ______

Conference fee:
	Regular ($300)                            US $    ________

	Attended Eurocrypt '94, Perugia ($250)            ________

	Full Time Student ($150)                          ________

	deduct $50 if you do not wish the proceedings     ________
	(There will be NO pre-proceedings; the
	proceedings will be provided at the conference)

	Total Conference fee:                             ________

Room and Board (4 nights):    Smoking ______ Non-Smoking _____
(Prices include breakfast and lunch on Monday through Thursday)

	Single room ($250 per person)                     ________

	Double room ($200 per person)                     ________
		Roommate's name: ___________________

	Saturday Night                                    ________
		($50 per person single / $40 per person double)

	$50 late fee for registration after July 8;       ________
	(registration not guaranteed after July 8)

	Total Guest Fees (from back of form)              ________

Total funds enclosed (U.S. Dollars)               US$     ________

Payment must be by check payable in U.S. funds, by money order in
U.S. funds or by U.S. bank draft, PAYABLE  TO: CRYPTO '94.



Payment should be mailed to
the General Chair:                  Additional Contact Information:

	Jimmy Upton, Crypto '94     Email:  crypto94 at uptronics.com
	1590 Oakland Road           Phone:  (408)451-8900
	Suite B203                  Fax:    (408)451-8901
	San Jose, CA  95131

==================================================================

		      CRYPTO '94 Guest Form

	       Registration deadline: July 8, 1994

Please fill out this form for anyone who is coming with a
conference attendee but not registering for the conference and
wishes to either stay on campus or attend the social functions
Sunday, Monday and Wednesday.  Guests are not entitled to attend
the talks and must be attending with someone registering for the
conference.

Last Name:________________________________________________________

First Name:__________________________________  Sex: (M)___ (F)____

Affiliation:______________________________________________________

Mailing Address:__________________________________________________

		__________________________________________________

		__________________________________________________

		__________________________________________________

Phone: _________________________   Fax: __________________________

Electronic Mail: _________________________________________________

Social Program Attendance ($50)                          _________
	(Sunday, Monday and Wednesday Night
	Dinners - No admittance to talks)

Room and Board (4 nights):  Smoking ______   Non-Smoking _____

(Prices include breakfast and lunch on Monday through Thursday)
	Single room ($250 per person)                     ________

	Double room ($200 per person)                     ________
		Roommate's name: ___________________

	Saturday Night                                    ________
		($50 per person single / $40 per person double)


Total Guest Fees                                  US$     ________
(Show here and on the other side of this form)








From blancw at microsoft.com  Fri Jul  8 16:35:03 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 8 Jul 94 16:35:03 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <9407082236.AA14983@netmail2.microsoft.com>


.02 cents from one of the 700:

From: Jim choate

If you look at this rationaly all the discussion about pedophilia, eff,
nsa policy, etc. is really not directly related to crypto and coding.
............................................

.  The NSA thinks so.
.  You said:  coding is not done in a vaccuum.
.  Eric Hughes did say he prefers the list to be cultured (inclusive of 
related topics).
.  I must sympathize with those who don't have filtering agents and 
must pay for extensive messages in their mailboxes.

Blanc





From bart at netcom.com  Fri Jul  8 18:04:42 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Fri, 8 Jul 94 18:04:42 PDT
Subject: How many cypherpunks?
Message-ID: <199407090104.SAA02055@netcom6.netcom.com>



    After the two list meltdowns, there are now only 508 of us left.





From tcmay at netcom.com  Fri Jul  8 18:36:38 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 8 Jul 94 18:36:38 PDT
Subject: Whew! The dangers of posting to Usenet
Message-ID: <199407090136.SAA28308@netcom9.netcom.com>


Wowie zowie, as we used to say.

There's an odd new group called "alt.gathering.rainbow" which has had
many highly-personal messages posted to "the Family." I'm not sure who
the Rainbower are, but I gather (pun intended) that they are some sort
of international band of hippies, gypsies, and newage flower power
people. I'm sure one or more of you will correct me if I'm wrong.

What's of ObList relevance is that many of them seem oblivous to the
fact that their posts are readable by the world....see the one below
and you'll see why I don't think Ms. Yamada knows her post to her
"sisters and brothers" is actually readable by us all. My hunch is
that a lot of newcomers have just gotten on the Net and are unclear on
the concepts.

I could be wrong. Maybe her account at Mindvox is a cut-out. Maybe she
knows but doesn't care. Judge for yourself:


Path: netcom.com!csus.edu!wupost!cs.utexas.edu!howland.reston.ans.net!europa.eng.gtefsd.com!news.umbc.edu!eff!news.duke.edu!convex!cnn.exu.ericsson.se!erinews.ericsson.se!sunic!trane.uninett.no!eunet.no!nuug!EU.net!uunet!dockmaster.phantom.com!rosaphil
From: rosaphil at mindvox.phantom.com (anna yamada)
Newsgroups: alt.gathering.rainbow
Subject: Jimmy The Greek's Dogs are Broiling
Date: Thu, 07 Jul 94 18:58:59 EDT
Organization: [MindVox] / Phantom Access Technologies / (+1 800-MindVox)
Lines: 39
Message-ID: <1c94oc1w165w at mindvox.phantom.com>
NNTP-Posting-Host: mindvox.phantom.com
Originator: rosaphil at mindvox


	If anyone in Wyoming can get in touch with Jimmy the Greek
	who drives a ford F100 blue pickup truck with a large dent in it
	with vt. plates, please tell him Jenny Jump-up miscarried, the
	place smells like a charnel house, they are dehydrating, and by the
	time he returns, he might come home to a bunch of dead dogs--bubba
	included.

	It is 103 fahrenheit, and worse in that place and kurt is being his
	usually irresponsible self.

	also, Jerry Wade has turned La Plaza into a cesspool and the 
	11th street squat burned down completely and the flotsam are
	now living in La Plaza. It is noisy, dirty, hard-drug ridden,
	and Jerry is dealing dust outta there with abandon.

	There have been fights almost every day--very bloody--and we need
	Jimmy's *voice of reason*

	also, girlfriends, don't, if asked come bac to NYC to be Jimmy's
	sex-slave. The last one we had to rescue, and you may not be so lucky
	next time.

	Turtle, hi. pick me some flower seed-pods, okay? Look for the spent
	flower heads. Wildflowers and shrubs and rose-hips.

	PS: Jodi is moving in one of the crackheads from 11th street-a black
	guy named leanord or something. Talk about a fire-hazard. Bleah.

	This post is not a joke. Forward please to the appropriate parties.



          Gabrielli's ASCENZA White-Wine-Blend (Mendocino,CA): YUMMY!

        Send me rose-hips/bushes/perennial seeds if you liked this post.
	        Finger rosaphil at phantom.com to find out how.
 
               	* BETTER LIVING THROUGH BETTER LIVING *






From bdolan at well.sf.ca.us  Fri Jul  8 19:12:20 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Fri, 8 Jul 94 19:12:20 PDT
Subject: .rainbow.folks
Message-ID: <199407090212.TAA19855@well.sf.ca.us>


A group of these folks gathers every summer not so far from here in
The Cherokee National Forest, just south of the Great Smoky Mountains
National Park.  They're known to be pretty ...um... eccentric.

I may have to drop in and check things out for myself.

Brad  bdolan at well.sf.ca.us





From dwomack at runner.utsa.edu  Fri Jul  8 19:12:32 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Fri, 8 Jul 94 19:12:32 PDT
Subject: Whew! The dangers of posting to Usenet
In-Reply-To: <199407090136.SAA28308@netcom9.netcom.com>
Message-ID: <9407090213.AA21731@runner.utsa.edu>


> 
> Wowie zowie, as we used to say.
> 
> There's an odd new group called "alt.gathering.rainbow" which has had
> many highly-personal messages posted to "the Family." I'm not sure who
> the Rainbower are, but I gather (pun intended) that they are some sort
> of international band of hippies, gypsies, and newage flower power
> people. I'm sure one or more of you will correct me if I'm wrong.
> 
> What's of ObList relevance is that many of them seem oblivous to the
> fact that their posts are readable by the world....see the one below
> and you'll see why I don't think Ms. Yamada knows her post to her
> "sisters and brothers" is actually readable by us all. My hunch is
> that a lot of newcomers have just gotten on the Net and are unclear on
> the concepts.
> 
> I could be wrong. Maybe her account at Mindvox is a cut-out. Maybe she
> knows but doesn't care. Judge for yourself:
> 
  [Snip]

I did a telnet to the full address (less her name), and logged in
as guest.  She appears to be legit, so one could conclude she
doesn't care...although, truth be told, her message strikes me as
a reasonable example of 'obscurity'.

I was rather impressed by the services Mindvox offers...you might
want to take a tour...

Regards,

Dave




From werner at mc.ab.com  Fri Jul  8 19:25:24 1994
From: werner at mc.ab.com (tim werner)
Date: Fri, 8 Jul 94 19:25:24 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <199407090225.WAA12649@sparcserver.mc.ab.com>


>Date: Fri, 08 Jul 1994 16:00:23 -0500
>From: "Bill O'Hanlon" <wmo at digibd.com>
>
>> Bottem line is that at this point there is no clear cut 'standard' that I 
>> have seen agreed on. Hell, I haven't even seen any discussion over it beyond
>> a bunch of polemics over what people like and don't like, which are not 
>> in any way necessarily related to what people need or want.
>
>The reason for this is that people can usually get a hint; there's been no
>need for a formal standard, because when someone does something irritating
>several people shout, and the person has (with a couple of wild exceptions)
>quit the irritating behavior.

I agree with this.


>You don't seem as far around the bend as either of the wild exceptions that
>come to mind (Detweiler and that weird fellow that raved for about two weeks
                             ~~~~~~~~~~~~~~~~~
                    "Thinking and Speaking for Himself!"
>two months ago) so I'm guessing you wouldn't want to be lumped in with them.
>But by continuing to defend what obviously irritated a half dozen people,
>with plenty more like me agreeing but unwilling to join in the fray to 
>compound the problem, that's what you're courting.

This is not the first time Choate has refused to let go of an argument.  I
smelled this coming.  Wonder how long this one will last?

tw





From paul at hawksbill.sprintmrn.com  Fri Jul  8 19:33:40 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Fri, 8 Jul 94 19:33:40 PDT
Subject: .rainbow.folks
In-Reply-To: <199407090212.TAA19855@well.sf.ca.us>
Message-ID: <9407090335.AA25216@hawksbill.sprintmrn.com>




> 
> A group of these folks gathers every summer not so far from here in
> The Cherokee National Forest, just south of the Great Smoky Mountains
> National Park.  They're known to be pretty ...um... eccentric.
> 
> I may have to drop in and check things out for myself.
>

Sorry -- I couldn't resist the urge to ask:

Aren't these the Smokey Mountain Nudists?

- paul
 




From gtoal at an-teallach.com  Fri Jul  8 19:46:25 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 8 Jul 94 19:46:25 PDT
Subject: (fwd) New ITAR Indictment
Message-ID: <199407090246.DAA26983@an-teallach.com>


	From: Anonymous User <nobody at soda.berkeley.edu>
	Subject: (fwd) New ITAR Indictment



	Are you serious?


	(fwd)

	From: chuckles at MCS.COM (Jason Skiles)
	Newsgroups: alt.security.pgp,comp.org.eff.talk,comp.org.cpsr.talk
	Subject: New ITAR Indictment

No he's not you cretin, it was an obvious joke and it was only
funny the first time I read it.  (If then.)

Glad you used a mailer with a return address.  Let's see where I
left that list of 1000 Skoda jokes I can send you...

G





From gtoal at an-teallach.com  Fri Jul  8 19:55:45 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 8 Jul 94 19:55:45 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <199407090255.DAA27338@an-teallach.com>


	.  I must sympathize with those who don't have filtering agents and 
	must pay for extensive messages in their mailboxes.

	Blanc


Actually I have very good filtering agents, and I don't mind hitting
the 'n' key much either, but by the time it gets to my mailbox it's
already spent 5 minutes going down my phone line and I've paid
British Telecom 20 pence for it.

G





From gtoal at an-teallach.com  Fri Jul  8 19:57:13 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 8 Jul 94 19:57:13 PDT
Subject: Whew! The dangers of posting to Usenet
Message-ID: <199407090257.DAA27405@an-teallach.com>


That may not have been a legit post.  That group is currently
under attack by the alt.syntax.tactical morons.  Ha ha big laugh :-(

(They don't even have detweiler's intelligence as a redeeming grace)

G





From sico at hacktic.nl  Fri Jul  8 21:23:26 1994
From: sico at hacktic.nl (Sico)
Date: Fri, 8 Jul 94 21:23:26 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
Message-ID: <4a0_9407090045@apsf.hacktic.nl>



Friday July 08 1994 13:33, Jim choate wrote:

[stuff deleted]

 Jc> The forwards were crypto related and relevant to some of the members who
 Jc> don't have anything other than e-mail accounts. How do you propose these
 Jc> folks get this info?

How about Stanford's Netnews Filtering Service? Admittedly, I read about that
in alt.internet.services, but I'm sure there's a FAQ (like Scott Yanoff's)
which mentions it and which can be retrieved via email through e.g.
rtfm.mit.edu's mailserver or ftpmail at decwrl.dec.com.

[rest also deleted]

CU,  Sico (sico at hacktic.nl).





From koontzd at lrcs.loral.com  Fri Jul  8 21:37:41 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Fri, 8 Jul 94 21:37:41 PDT
Subject: NII, NSA and Computer Security Act of 1987
Message-ID: <9407090437.AA16516@io.lrcs.loral.com>


Newsgroups: alt.poltics.org.nsa,alt.politics.datahighway,comp.org.eff.talk
In SIGNAL July 1994, on page 88 there is an ad for the Ninth Mid-Altantic
Intelligence Symposium, 20-21 September at the Applied Physics Laboratory,
Johns Jopkins University, Laurel, Maryland.

The title is 'Security Issues of the National Information Infrastructure (NII)
Initiative'.

In fine print "Co-sponsored by AFCEA Central Maryland Chapter and The National
Security Agency".

"The program will begin by outlining in detail the vision of the NII."

[Who's vision?]

"..followed by a series of presentations addressing the security infrastructure
and its relationship to privacy law and policy, requirements for security,
and available technology in the marketplace."

[CAPSTONE, and why requiring it isn't forbidden by the Constitution.]

"The finale will offer a detailed and informative examination of emerging
federal programs and how industry is participating."

"U.S.Citizens Only.  Classified SECRET"
-----

Who the hell co-opted NII for National Security?  Every discussion to date
(at least on the internet) has shown no link to National Security, which
should be the only way NSA is involved.

(ref the Computer Security Act of 1987 assigning NIST responsibility for
development and promulgation of cost-effective computer security standards
and guidelines for the federal unclassified systems community, and their
letter of agreement with NSA.)

Is our friendly TLA breaking CSA 1987 or has Congress been sold a bill of
goods?  (This is analagous to making the phone system a matter of National
Security, something more in tune with an Evil Empire.)

One wonders if this implies Escrow Encryption Standard compliant cryptographic
hardware before one is allowed to participate in what is being billed as a
public accessible service?






From tcmay at netcom.com  Fri Jul  8 22:25:26 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 8 Jul 94 22:25:26 PDT
Subject: NII, NSA and Computer Security Act of 1987
In-Reply-To: <9407090437.AA16516@io.lrcs.loral.com>
Message-ID: <199407090519.WAA22555@netcom12.netcom.com>


My last post, Rainbow Gathering, generated more responses--on the list
and in my mailbox--than I've gotten in a long while. By contrast, my
post last night on Dining Cryptographers generated no reponses. I will
try to learn from this curious situation. (You have been warned.)

But on another matter:

David Koontz wrote:

> The title is 'Security Issues of the National Information Infrastructure (NII)
> "U.S.Citizens Only.  Classified SECRET"

> Who the hell co-opted NII for National Security?  Every discussion to date
> (at least on the internet) has shown no link to National Security, which
> should be the only way NSA is involved.

National Security is to the National Information Infrastructur as the
National Defense Highway Act was to the building of the American
Interstate Highways in the 1950s and into the 60s.

As you all probably have heard, the glorious interstate highways were
built--in the single largest engineering project in the history of the
U.S. (probably not the world, as the Great Wall was pretty
big)--mainly as a part of the Cold War, as a means of transporting
tanks, troops, supplies, and manufactured goods quickly and
efficiently. (Eisenhower had once led an Army group across the back
roads of America in the 1920s or 30s, and was later mightily impressed
by the German autobahns; he pushed for the Defense Highway Act as
President.)

And don't forget it was ARPA (Advanced Research Projects Agency), a
Department of Defense agency, that funded/developed the ARPANet. (My
first exposure was as a physics student, with an account on the nascent
ARPANet, in 1973.)

I'm not one bit surprised that the NII is being effectively hijacked
by the national security state. That was always the agenda.

> Is our friendly TLA breaking CSA 1987 or has Congress been sold a bill of
> goods?  (This is analagous to making the phone system a matter of National
> Security, something more in tune with an Evil Empire.)

The NCSA was always a bit of a sham. Remember that it was supposed to
replace DES with a new secure standard, and was supposed to ensure the NSA
had no role in setting civilian policy. The "leash" on the NSA, and
the new role of the National Computer Security Center, have not
exactly turned out as announced, have they?

A few Executive Orders and National Security Decision Directives got
in the way.

--Tim May




-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From koontzd at lrcs.loral.com  Fri Jul  8 22:27:57 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Fri, 8 Jul 94 22:27:57 PDT
Subject: NII, NSA and Computer Security Act of 1987
Message-ID: <9407090527.AA16747@io.lrcs.loral.com>



Newsgroups: alt.poltics.org.nsa,alt.politics.datahighway,comp.org.eff.talk

>Who the hell co-opted NII for National Security?  Every discussion to date
>(at least on the internet) has shown no link to National Security, which
>should be the only way NSA is involved.

For A contrast see the July/August issue of INFO SECURITY NEWS there are
several articles on security of the NII.

The only person appearing to be aware of any implied EES type protection
is Rep. Edward Markey, (D-MA) who is quoted in Info Highway Security
VIEWPOINTS:
---
On securing NII: "We need to conduct a full debate on the Clipper chip and
encryption issues so that people can protect their data and their privacy."
---
[He is in favor of applying the Bill of Rights to cyberspace]

No one else supports Clipper/Capstone as a serious contender, and a
good number of interviewees see the role of government in the NII as
limited.

There are several applicable articles.







From ebrandt at jarthur.cs.hmc.edu  Fri Jul  8 23:56:19 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Fri, 8 Jul 94 23:56:19 PDT
Subject: Whew! The dangers of posting to Usenet
In-Reply-To: <199407090136.SAA28308@netcom9.netcom.com>
Message-ID: <9407090656.AA04000@toad.com>


The alt.gathering.rainbow group is presently under attack by twits 
from alt.bigfoot / alt.syntax.tactical.  Or at least it was, the 
last time a cross-post hit a group I read.  The post you quoted looks
like flame-bait to me... I wouldn't take it seriously.

   Eli   ebrandt at hmc.edu






From 0005514706 at mcimail.com  Sat Jul  9 00:49:19 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sat, 9 Jul 94 00:49:19 PDT
Subject: National Highways to National Information Infrastructure
Message-ID: <41940709074814/0005514706NA3EM@mcimail.com>


Cypherpunks:

Mr. May brought up the interesting correlation between the two project;
many of you may not be old enough to note that the first project mentioned,
that of the national highway system in the United States, was sponsored
by your current Vice President Gore's father, the OTHER Senator Gore.  It
was what is politely termed 'pork' then, just as NII is pork now.  Just how
much money do you think companies are making off the new export liberalization
and stand to make from the NII?  Who profits, or as came from the Watergate
era, follow the money.  No wonder the politically active players seem to
be rolling over on some issues; they are being given an annuity for the next
twenty years.





From eagle at deeptht.armory.com  Sat Jul  9 01:22:03 1994
From: eagle at deeptht.armory.com (Jeff Davis)
Date: Sat, 9 Jul 1994 01:22:03 -0700 (PDT)
Subject: read this (fwd)
Message-ID: <9407090122.aa19112@deeptht.armory.com>

Forwarded message:
> From: "Mike Tindall" <jackstrw at deeptht>
 
Header deleted, Just thought y'all might find this interesting...
 
> Hello all,
> 
> As many members of this group make use of the anon server, I
> suspect this may be of interest.  I sent two test messages to a
> friend to test the anonymous server (as it is my first time using it
> in this manner)
> 
> ****************************************************************************
> 
> From:   MX%"an109803 at anon.penet.fi"
> To:     STORA
> CC:
> Subj:   Re: none
> 
> Return-Path: <daemon at anon.penet.fi>
> Received: from anon.penet.fi by maple.circa.ufl.edu (MX V3.3 VAX) with SMTP;
>           Wed, 29 Jun 1994 23:24:51 EDT
> Received: by anon.penet.fi (5.67/1.35) id AA15321; Thu, 30 Jun 94 05:34:54 +0300
> Message-ID: <9406300234.AA15321 at anon.penet.fi>
> To: stora at maple.circa.ufl.edu
> From: an109803 at anon.penet.fi
> X-Anonymously-To: an42743
> Organization: Anonymous contact service
> Reply-To: an109803 at anon.penet.fi
> Date: Thu, 30 Jun 1994 02:34:49 UTC
> References: <9406280803.AA25478 at anon.penet.fi>
> Subject: Re: none
> 
> MAIL>
>     #54         29-JUN-1994 23:32:19.59                                     MAIL
> I am a pro-privacy political sabatour within the NSA.  I am warning all new
> users of anonymous mailers about NSA traffic watching.  We listen to all
> messages passing through certain intermediate nodes and compare them with
> messsages leaving anonymous services. We are able to trace 70% of all
> messages.  I suggest that you be careful and not send any illegal material via
> anonymous mailers.  You endanger both yourself and the recipient.
> 
> The following mail was traced back to you:
> 
> mx%"########%##########@anon.penet.fi"
> mx%"@anon.penet.fi:########@##########"
> 
> (I BLANKED OUT HIS ADDRESS)
> 
> -------------------------------------------------------------------------
> To find out more about the anon service, send mail to help at anon.penet.fi.
> Due to the double-blind, any mail replies to this message will be anonymized,
> and an anonymous id will be allocated automatically. You have been warned.
> Please report any problems, inappropriate use etc. to admin at anon.penet.fi.
> 
> **********************************************************************************
> 
> Mike
-- 
PGP PUBLIC KEY via finger!  JAFEFFM  Speaking & Thinking For Myself!
 
* eagle at deeptht.armory.com	              email <info at eff.org> *
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
***** Committed to Free Public Internet Access for World Peace *****
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!" JPB 


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From perry at imsi.com  Sat Jul  9 07:17:59 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sat, 9 Jul 94 07:17:59 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407082136.QAA09350@zoom.bga.com>
Message-ID: <9407091416.AA07034@snark.imsi.com>



Jim choate says:
> Why should a couple of dozen people who scream because they don't get 
> exactly what they want dictate to a list that is 700 long?

Maybe its the lack of people begging you to repost dozens of articles
on a list with several hundred members that should send you a signal.

Personally, I find the reposts irritating but not devistating.
However, I suspect that when you repost things, you are doing so with
the hope that it will be of use to people. If no one finds it of use,
you should consider whether or not you are actually doing anyone a
service.

Perry





From bryner at atlas.chem.utah.edu  Sat Jul  9 07:34:22 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Sat, 9 Jul 94 07:34:22 PDT
Subject: DC nets.
In-Reply-To: <199407090519.WAA22555@netcom12.netcom.com>
Message-ID: <Pine.3.89.9407090843.A6975-0100000@atlas.chem.utah.edu>



One problem I see with DC nets is that the government *WILL* hold all 
people involved guilty of conspiricy, then make them prove they are 
inocent.  It would be sufficient, however, to have everyone provide this 
proof of inocence, based upon the sort of thing being discussed in 
sci.crypt under hiding ciphertext in ciphertext.

Roger.






From s009amf at discover.wright.edu  Sat Jul  9 07:34:29 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Sat, 9 Jul 94 07:34:29 PDT
Subject: Clipper vs. PGP
Message-ID: <Pine.3.89.9407091030.A11417-0100000@discover>



Since I consider myself new to this whole topic, even though I have read 
several articles about PGP and CLIPPER, I wanted to get some more info 
and understanding for my senior seminar next May....  

Does anyone have any opinions on what would happen if the Clipper Chip 
and its associates were all implemented and the general public swallowed 
on it?? Would we as knowledgeable computer people become outlaws??? Would 
be it like 1984?? Would our computer illiterate neighbors try and catch 
us??? 

And going the complete opposite direction (a full 180). If the public was 
able to obtain PGP as easily as we are and they would use it for 
everything, would that lead to the overthrowing of the government and 
therefore cause anarchy, due to the fact the governmnet would be helpless 
in knowing what everyone is doing contrary to the CIA, FBI, etc. being 
able to read everything we write and say through their current illegal 
wiretaps???
 
I'm just looking to get a complete picture. At this moment I would go 
with PGP, but I still see a lot of problems with being on either side. 
They seem so extreme...
 
Aaron

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=







From anonymous at extropia.wimsey.com  Sat Jul  9 07:55:19 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Sat, 9 Jul 94 07:55:19 PDT
Subject: Whew! The dangers of posting to Usenet
Message-ID: <199407091436.AA17853@xtropia>


tcmay at netcom.com (Timothy C. May) wrote:

> What's of ObList relevance is that many of them seem oblivous to the
> fact that their posts are readable by the world....see the one below
> and you'll see why I don't think Ms. Yamada knows her post to her
> "sisters and brothers" is actually readable by us all. My hunch is
> that a lot of newcomers have just gotten on the Net and are unclear on
> the concepts.

> I could be wrong. Maybe her account at Mindvox is a cut-out. Maybe she
> knows but doesn't care. Judge for yourself:

[most of quoted message edited out]

>       also, Jerry Wade has turned La Plaza into a cesspool and the 
>       11th street squat burned down completely and the flotsam are
>       now living in La Plaza. It is noisy, dirty, hard-drug ridden,
>       and Jerry is dealing dust outta there with abandon.

Naive posting ... or .... maybe, just maybe, a clever use of steganography?

BTW, what's a "cut-out"?  I could probably guess at the meaning, but that's
the first time I've heard that term used.






From huntting at glarp.com  Sat Jul  9 08:31:12 1994
From: huntting at glarp.com (Brad Huntting)
Date: Sat, 9 Jul 94 08:31:12 PDT
Subject: Detwiler's Crypto Mailing List
In-Reply-To: <9407070056.AA15512@hawksbill.sprintmrn.com>
Message-ID: <199407091530.JAA08802@misc.glarp.com>



> Where have you guys been? Larry Detweiler's silly little "wonks"
> list has been around, to the best of my recollection, for about
> a year now. He couldn't take his medicine, so off he went...

I believe he lost his ucd account several months ago.


brad





From ravage at bga.com  Sat Jul  9 08:35:58 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 9 Jul 94 08:35:58 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <9407082300.AA28350@toad.com>
Message-ID: <199407091535.KAA04155@zoom.bga.com>


> 
> "Crypto-weak" as opposed to "crypto-strong", cryptographically strong.
> The guy was testing BSD random(), which I think is Yet Another Linear
> Congruential Generator.  If you think an LC PRNG has cryptographic
> relevance, you are gravely mistaken.
>
For top of the line crypto, you are absolutely correct. For a learning
resource, I disagree.

> What's so hard about "crypto-related"?  If you can't think of any
> relationship between the articles and cryptography (technical,
> social, political, whatever), don't forward them.  If they had been
> about cryptoanalysis of random(), that might be relevant, though
> hardly ground-breaking.
>
The concept of testing a RNG's stabilty and operating characteristics
is something which is directly crypto related. Much more so than pedophilia
or alt.whatever.rainbow.......

> > Yes, I could do that if I were so inclined. I am not.
> 
> So I see.  You're not willing to take it upon youself to mail copies
> to people who can't otherwise get them, but you're happy to inflict
> irrelevant material straight out of Knuth on people who could easily
> get it themselves.  What *is* your rationale here?
> 
To help those who don't have access to this material other than through
e-mail. And no I am not going to create a list of people and manualy
setup some form of sub-list to filter this stuff according to each 
individuals interest. I don't have the interest, time, or the information
on each and every  member of c-punks to carry this out. 
> > The bottem line is it was crypto related, was in reference to source code,
> > and therefore fit the charter of this group.
> 
> Source code, yes.  Would you like to explain its relationship to crypto?
> 
RNG's are commenly used in crypto, to understand the more compicated techniques
one must learn the more mundane basics.

My main rationale is that while I see lots of people making suggestions I dont
see any of them actually carrying it out. In the whole time I have been on 
this list I have *never* seen referals to the newsgroups. I have seen a 
general trend to repost this material so that people simply have it right 
then and there instead of having to send a sub-group  roaming around looking
for it. Seems a much more labor saving system.

>    Eli   ebrandt at hmc.edu
> 
> 





From ravage at bga.com  Sat Jul  9 08:38:30 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 9 Jul 94 08:38:30 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <9407082157.AA06848@internal.apple.com>
Message-ID: <199407091538.KAA04226@zoom.bga.com>


> 
> I wasn't going to contribute to this, but Jim is apparently impervious to
> reason unless _everyone_ on the list screams at him.
>
I am completely open to reasoned input. I won't be badgered into doiong 
something I feel is a contribution because a small group complains about
it. That would be counter productive to the anarchist tendencies of this
group.

> 
> Don't post it to the list.
> 
> Add me to your "couple of dozen who scream".
>
Ok, make it 13.  

> On a more personal note, digging your heels in and sobbing "I won't, I
> _won't_, I WON'T!" at the perfectly reasonable suggestions that have been
> made to you make you seem like a puerile and self-centered preadolescent. 
> Grow up.
> 
>
I am not digging anything in. I am responding to  your opinions and questions.
As to name calling....oh well.

--
> Lefty (lefty at apple.com)
> C:.M:.C:., D:.O:.D:.
> 
> 
> 





From ravage at bga.com  Sat Jul  9 08:48:32 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 9 Jul 94 08:48:32 PDT
Subject: All the free energy in the universe
In-Reply-To: <13DD5626070@BlueSky.OpenMind.com>
Message-ID: <199407091548.KAA04389@zoom.bga.com>


> 
> The above analysis may be incorrect... there may be no limit to the amount
> of computation that can be done with a given finite amount of energy.
> 
> The late Nobel laureate Richard Feynman became very interested in the
> subject of computation and physics towards the end of his life.  My
> understanding is that he concluded that there was no apparent limitation to
> the amount of computation that could be completed with a given amount of
> free energy.  Computation may indeed always dissipate energy, but Feyman's
> conclusion was that this dissipated energy can be made arbitrarily small --
> that there is no fundamental quantum limitation on the amount of
> computation that can be performed at any given mass-energy scale.  The kT
> per logical operation can always be reduced to finer and finer scales.
> Presumably, this would require advances to ever new technologies, based on
> new physical forces that are relevant at finer scales (down to computation
> based on the interactions of quarks as in QCD, gravitons, etc.)  Of course,
> since I can't give you references, you have to take this with a brick of
> salt... can anyone else comment on whether they have heard this about
> Feynman's conclusions?
> 
Hi Doug,

If you will check in the cumulative index for SciAm you will find several
articles on this  topic (which include references to headier stuff).

Take care.






From ravage at bga.com  Sat Jul  9 09:00:17 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 9 Jul 94 09:00:17 PDT
Subject: Video cyphers and RNG's...
Message-ID: <199407091600.LAA04723@zoom.bga.com>


Hi all,

Just a referal:

Video Scrambling & Descrambling for Satellite & Cable TV
Graf & Sheets
ISBN 0-672-22499-2


Data sheet-

AT&T T7000A Digital Encryption Processor
AT&T T7001  Random Number Generator

Patents-

US # 4,336,553
     4,405,942
     4,479,142


Take care.






From tcmay at netcom.com  Sat Jul  9 10:26:29 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 9 Jul 94 10:26:29 PDT
Subject: Trashing the list? What motivates people?
In-Reply-To: <199407091535.KAA04155@zoom.bga.com>
Message-ID: <199407091726.KAA12977@netcom5.netcom.com>



This list is a community. I've avoided commenting on Jim Choate's
flames and "never let go of an argument" style, but he is increasing
his denunciation of the list, so I will comment.

Jim Choate writes:


> My main rationale is that while I see lots of people making suggestions I dont
> see any of them actually carrying it out. In the whole time I have been on 
> this list I have *never* seen referals to the newsgroups. I have seen a 
> general trend to repost this material so that people simply have it right 
> then and there instead of having to send a sub-group  roaming around looking
> for it. Seems a much more labor saving system.

If you have "*never*" seen referrals to the newsgroups, then you must
be not reading much of what gets posted here. I, for one, have many
dozens of time (maybe hundreds of times, since 1992) referred to
articles in sci.crypt, talk.politics.crypto, alt.security.pgp, etc.

(Including some that I wrote for those groups.)

Anyone who claims that the newsgroups never get discussed, and then
decides that all 500 subscribers simply must see a bunch of articles
on random number generators--a topic we have discussed a dozen
times--is clearly grinding an axe. Lashing out at the list as being
full of good-for-nothings simply because of complaints about these
articles is absurd.

As for the first point, that many suggestions are made but then not
carried out, this is the nature of all discussion groups I've ever
seen. After all, we're not being *paid* to do all this. We're not
organized into teams, and so on.

And despite this, impressive progress has been made:

* Remailers. Cypherpunks remailers with new features, more sites. This
is clearly the cutting edge of remailers, more so even than Julf's
site. (Cyphepunks remailers are distributed, instantiable by almost
anyone, are adding new features, etc. Julf's site remains singular,
and has not added major features in a long time.)

* Several list members are central to the development of PGP. 

* SecureDrive, CurveEncrypt, and other crypto programs are tied to
various list members.

* Experiments with digital money have been underway...the lack of
concrete progress owes more to general problems with such things than
on lack of effort. (Pr0duct Cypher, Matt Thomlinson, others.)

* Although we can't always claim everyone as a member, such people as
Whit Diffie, Phil Zimmermann, Bruce Schneier, Matt Blaze, Phiber
Optik, and Jim Bidzos have attended our meetings. Some of them are
list subscribers, etc. The 500+ subscribers included some of the
best-known cryptologists outside the NSA. (And maybe inside?)

* The role of Cypherpunks has been manifold: practical work on
remailers, tools, digital money....education and
discussion....analysis of new protocols, etc. (For example, at today's
meeting the focus is on "swIPe," an important new system written by
John Ionannaddis (sp?), Phil Karn, etc.--I hope I got the credit right.)


I could go on, but I won't. Given that I can't recall Jim Choate being
involved in any of these projects, or giving us insightful analyses of
trends, developments, and technical details, I don't think he's in a
position to condemn the rest of the list.

People who lash out at the list, calling the list a place for people
who never do anything, are revealing their own failures of
imagination.

I can't see why they choose to remain on the list if they despise it
that much.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ebrandt at jarthur.cs.hmc.edu  Sat Jul  9 11:22:57 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sat, 9 Jul 94 11:22:57 PDT
Subject: (fwd) Re: BSD random() - any good (source included)
In-Reply-To: <199407091535.KAA04155@zoom.bga.com>
Message-ID: <9407091822.AA15802@toad.com>


> From: Jim choate <ravage at bga.com>
> The concept of testing a RNG's stabilty and operating characteristics
> is something which is directly crypto related.

This discussion is going nowhere, so I'll drop it.  I suggest that those
individuals who have only e-mail access use it to tell Jim how much they
appreciate this sort of forward.  If you get less than 12 or 13 positive
responses, perhaps you could give matters a little thought.

   Eli   ebrandt at hmc.edu






From roy at sendai.cybrspc.mn.org  Sat Jul  9 11:34:12 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sat, 9 Jul 94 11:34:12 PDT
Subject: Remailer chaining helper program.
Message-ID: <cPqoscvcwapi@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

Was it here that I saw mention of a program to generate chained remailer
traffic automatically>  Pointers appreciated, and thanks!
- -- 
    Roy M. Silvernail       |  #include <stdio.h>            | PGP 2.3 public
roy at sendai.cybrspc.mn.org   |  main(){                       | key available
                            |  int x=486;                    | upon request
                            |  printf("Just my '%d.\n",x);}  | (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLh7pgBvikii9febJAQFRxwP+MJwg7+HZAHkmxe/yOpOiXnHhdrcDTh2j
vWpZDr9w6O3gyVqT/Pn7AkGuNLHNvTKX1HirCSsu8dKYqUwEgn8iGqhhflbG/Vj7
4AjxxxALIh6bjpbJXWs2oBe75pcfZuGh2eplbLxYsNL08+LjjCIRi7PYHUCU+v1K
C013N3+H6n0=
=c65q
-----END PGP SIGNATURE-----






From sico at hacktic.nl  Sat Jul  9 12:18:25 1994
From: sico at hacktic.nl (Sico)
Date: Sat, 9 Jul 94 12:18:25 PDT
Subject: How many cypherpunks?
Message-ID: <4b7_9407091928@apsf.hacktic.nl>



Saturday July 09 1994 01:04, Harry Bartholomew wrote to All:

 HB>     After the two list meltdowns, there are now only 508 of us left.

That count may not be accurate. There are sites with an abundance of
cypherpunks that turn the list into news, which makes transport (often over
UUCP links) more efficient.

CU,  Sico.





From greg at ideath.goldenbear.com  Sat Jul  9 12:38:35 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Sat, 9 Jul 94 12:38:35 PDT
Subject: Forwarding or pointers + attorney use of PGP
Message-ID: <m0qMiAL-0005GwC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


Count this as a vote in favor of pointers to information instead of 
reposts, at least where the original is easily accessed by most folks.
The only time I find reproductions in toto useful is where the information
comes from private mail, obscure mailing lists, or other sources I can't
get.

Also, I thought some C-punks might be pleased to hear that PGP and
discussions of encryption/confidentiality are making their way into
the legal community - a law/computers list I'm on has recently had a
spurt of messages re confidentiality and attorney/client privilege, 
and every response so far has mentioned PGP in a positive light.


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLh77nX3YhjZY3fMNAQHlFAP7Bv9WvNrzmwj83YeznlObs7tsEDViVAtH
oa2J+mVcLsSbXQGc8/lIsSKHsQarPdXn3nalo3fuG8lcRNPWKXDKlwnoagkCo5D8
DQrWfOr6toM4bYUNr7PfL9Q+Ou4faCX/5Yl7cTWlzM1cGmiETGpjkd4tSUNJ8DkD
KfN0n0X+wgk=
=W461
-----END PGP SIGNATURE-----




From jrochkin at cs.oberlin.edu  Sat Jul  9 13:28:18 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 9 Jul 94 13:28:18 PDT
Subject: All the free energy in the universe
Message-ID: <199407092028.QAA25498@cs.oberlin.edu>


> The late Nobel laureate Richard Feynman became very interested in the
> subject of computation and physics towards the end of his life.  My
> understanding is that he concluded that there was no apparent
> limitation to the amount of computation that could be completed with a
> given amount of free energy.  Computation may indeed always dissipate
> energy, but Feyman's conclusion was that this dissipated energy can be
> made arbitrarily small -- that there is no fundamental quantum
> limitation on the amount of computation that can be performed at any
> given mass-energy scale. 
 
Actually, I _think_ I've read an article in a pop-science magazine about 
some work of Hawking's that indicated there was a minimum amount of energy 
neccesary to do some sort of quanta of computation. (is there such a thing
? I don't know enough about the math, I'm afraid. INformation theory?)
If my memory serves, he used this to hint at a solution to the 
"why does time only flow in one direction, when the mathematics are perfectly
symmetrical both ways?" question. 
 
But I could be wrong. Sorry I don't have any better info then you.





From jgostin at eternal.pha.pa.us  Sat Jul  9 14:50:20 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sat, 9 Jul 94 14:50:20 PDT
Subject: (None)
Message-ID: <940709165959C5cjgostin@eternal.pha.pa.us>


greg at ideath.goldenbear.com (Greg Broiles) writes:

> Count this as a vote in favor of pointers to information instead of 
     Count this as a second, plus some kind of summary of the article
referenced. :-)


                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From dcwill at ee.unr.edu  Sat Jul  9 15:22:14 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Sat, 9 Jul 94 15:22:14 PDT
Subject: As long as we're voting,
Message-ID: <9407092221.AA27573@solstice>


> 
> > Count this as a vote in favor of pointers to information instead of 
>      Count this as a second, plus some kind of summary of the article
> referenced. :-)

 . . . I concur. Pointers are preferable. 

=D.C. Williams






From michael.shiplett at umich.edu  Sat Jul  9 15:22:56 1994
From: michael.shiplett at umich.edu (michael shiplett)
Date: Sat, 9 Jul 94 15:22:56 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <199407092222.SAA12365@totalrecall.rs.itd.umich.edu>


"dm" == Dan Marner <dmarner at mis.nu.edu> writes:

dm>    I would appreciate any pointers to documents, source code or
dm> programs that deal with using cryptographic techniques to detect
dm> or prevent modification of executable code. I am looking for 
dm> something that uses either a signature or a one-way hash to detect
dm> modifications at run time. 
dm>    Of particular interest is information on signing a file that
dm> includes the signature as part of the file. Is this possible with
dm> any of the common algorithms?
  Claris has or had some checks in their software to attempt to
recognize that the application had been modified. I think this even
detected a (previously unknown?) Macintosh virus.

  Regardless, this scheme seems rather susceptible to attack. More
useful is something like tripwire--a regularly run program which keeps
checksums of various files on disk; stores the checksums on apart from
the data; and compares the previous checksum with the current
checksum.

michael





From paul at hawksbill.sprintmrn.com  Sat Jul  9 15:32:07 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Sat, 9 Jul 94 15:32:07 PDT
Subject: As long as we're voting,
In-Reply-To: <9407092221.AA27573@solstice>
Message-ID: <9407092334.AA26879@hawksbill.sprintmrn.com>



> 
> > 
> > > Count this as a vote in favor of pointers to information instead of 
> >      Count this as a second, plus some kind of summary of the article
> > referenced. :-)
> 
>  . . . I concur. Pointers are preferable. 
>

Ditto, with regards to on-line, electronic sources. However, if you 
want to take the time to type-in an article related to crypto by
hand, I'll certainly take the time to read it.

Just my $.02, as usual.

- paul
 




From nowhere at chaos.bsu.edu  Sat Jul  9 15:39:36 1994
From: nowhere at chaos.bsu.edu (Chael Hall)
Date: Sat, 9 Jul 94 15:39:36 PDT
Subject: Cypherpunks Gopher Server Modifications
Message-ID: <199407092232.RAA07132@chaos.bsu.edu>


     The Cypherpunks gopher server at chaos has been migrated from 
gopherd to GN version 2.09.  All of the data should be intact.  Although 
many of the filenames have been changed so that they could be stored in 
compressed format, they should be served exactly the same way as before.

     If you experience any problems with the system, please write 
gopher-admin at chaos.bsu.edu.  This entire gopher hierarchy will probably 
be moving in the near future after I install the new hard drive for 
chaos, but there should be no interruption in service.

Chael

-- 
Chael Hall, nowhere at chaos.bsu.edu




From dcwill at ee.unr.edu  Sat Jul  9 16:03:12 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Sat, 9 Jul 94 16:03:12 PDT
Subject: As long as we're voting,
Message-ID: <9407092302.AA27635@solstice>



> > > > Count this as a vote in favor of pointers to information instead of 
> > >      Count this as a second, plus some kind of summary of the article
> > > referenced. :-)
> > 
> >  . . . I concur. Pointers are preferable. 
> >
> 
> Ditto, with regards to on-line, electronic sources. However, if you 
> want to take the time to type-in an article related to crypto by
> hand, I'll certainly take the time to read it.

Agreed. Let's not be too quick to condemn those who offer material of
interest in any form. We're quibbling over format, but provided that
it's not C&S e-spam and is crypto related, the sentiment is good. My
thanks to those who take the time and effort to alert others to material
of interest. My only request is that they be as judicious as possible
and forward or post only those tidbits that can't be readily obtained
elsewhere. If someone else can't get it for themselves, other c'punks
are usually very helpful w/ email forwards (I've done this for others 
a few times myself). 

=D.C. Williams
 







From dwomack at runner.utsa.edu  Sat Jul  9 16:35:36 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Sat, 9 Jul 94 16:35:36 PDT
Subject: As long as we're voting, Me Too!
In-Reply-To: <9407092302.AA27635@solstice>
Message-ID: <9407092336.AA07942@runner.utsa.edu>


> 
> 
> > > > > Count this as a vote in favor of pointers to information instead of 

      [snip]
> > 
> > Ditto, with regards to on-line, electronic sources. However, if you 
> > want to take the time to type-in an article related to crypto by
> > hand, I'll certainly take the time to read it.
> 
> Agreed. Let's not be too quick to condemn those who offer material of
> interest in any form. We're quibbling over format, but provided that
> it's not C&S e-spam and is crypto related, the sentiment is good. My
> thanks to those who take the time and effort to alert others to material
> of interest. My only request is that they be as judicious as possible
> and forward or post only those tidbits that can't be readily obtained
> elsewhere. If someone else can't get it for themselves, other c'punks
> are usually very helpful w/ email forwards (I've done this for others 
> a few times myself). 
> 
> =D.C. Williams
>  
At the risk of 'me-too-ism'....I cannot improve on
Mr. Williams position!  So...Me too.

Regards,

Dave




From an65 at vox.hacktic.nl  Sat Jul  9 18:17:17 1994
From: an65 at vox.hacktic.nl (an65 at vox.hacktic.nl)
Date: Sat, 9 Jul 94 18:17:17 PDT
Subject: As long as we're voting,
Message-ID: <199407100117.AA01679@xs4all.hacktic.nl>


>> 
>> > Count this as a vote in favor of pointers to information instead of 
>>      Count this as a second, plus some kind of summary of the article
>> referenced. :-)

> . . . I concur. Pointers are preferable. 

>=D.C. Williams

I agree. I'm especially interested in references to alt.usenet.kooks,
alt.pedophiles, and reviews of any TV shows with babes in them.

c at lib@n


--------------------------------------------------------------------------
To find out more about the anon service, send mail to  help at vox.hacktic.nl
Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl
Direct replies to the sender of this message are -not- anonymised..<YuK>..





From jya at pipeline.com  Sat Jul  9 18:31:09 1994
From: jya at pipeline.com (John Young)
Date: Sat, 9 Jul 94 18:31:09 PDT
Subject: As long as we're voting,
Message-ID: <199407100130.VAA06993@pipe1.pipeline.com>



Responding to D.C. Williams on Sat, 9 Jul  4:2  PM:


>My thanks to those who take the time and effort to alert 
others to material  of interest.


Seconded.


John





From norm at netcom.com  Sat Jul  9 20:52:33 1994
From: norm at netcom.com (Norman Hardy)
Date: Sat, 9 Jul 94 20:52:33 PDT
Subject: (fwd) Re: BSD random() - any good (source included)?
Message-ID: <199407100352.UAA15973@netcom.netcom.com>


At 15:20 1994/07/07 -0500, Jim choate wrote:
...
>Does anybody know of a good test for randomness? I would definitely like to 
>know how good computer RNG's are. Post away!

A good RNG must pass all such tests. The idea of just one test is itself
dangerous. It would be a generous person who would collect such tests and
organize them to a common interface. Only then would you begin to have "one
test": the collection of these tests.

I coded a blum filter a few years ago which requires about 16,000 random
bits. I tried several prngs in various libraries, then implemented several
from literature including Knuth. All of these caused the filter to work at
about half efficiency. I could find no bugs in the filter code. Then I
recalled that there was a DES routine available. I used DES to generate the
random bits. The filter then worked close to the theoritical maximum!







From doug at OpenMind.com  Sat Jul  9 20:56:31 1994
From: doug at OpenMind.com (Doug Cutrell)
Date: Sat, 9 Jul 94 20:56:31 PDT
Subject: A proposal for handling "forwards"
Message-ID: <15C73CF374B@BlueSky.OpenMind.com>



How about setting up a second e-mail list on majordomo, called
"cypherpunks-fwds" or "cypherxtra" or some such thing.  I, for one, am
quite appreciative of receiving such posts as Jim Choate's forwards... but
my disk space is abundant and my connection is permanent and not metered.
I can understand why many people would prefer not to receive such things.
This way people can choose whether they want to receive these types of
longish, possible repeats (including the EFF announcements) or not.

I guess I can think of reasons this might not be such a good idea (the new
list might be completely empty, or it might be flooded with garbage, etc).
But there it is...

Doug

                       __   __   __                             __
Doug Cutrell          /  ) /__) /_  /\  /    /| /|   /  /\  /  /  )
doug at OpenMind.com     \_/ /    (_  /  \/    / |/ |  /  /  \/  /__/
===================================================================







From johncla at freenet.scri.fsu.edu  Sat Jul  9 21:50:25 1994
From: johncla at freenet.scri.fsu.edu (John Clark)
Date: Sat, 9 Jul 94 21:50:25 PDT
Subject: DC nets
Message-ID: <Pine.3.89.9407100021.A17042-0100000@freenet3.scri.fsu.edu>


I want to thank Tim May for his posting on DC nets, you packed a lot of 
information into a short post and I have NEVER seen it explained more
clearly.

           John K Clark  johncla at freenet.scri.fsu.edu





From rarachel at photon.poly.edu  Sat Jul  9 22:56:05 1994
From: rarachel at photon.poly.edu (Arsen Ray Arachelian)
Date: Sat, 9 Jul 94 22:56:05 PDT
Subject: Escrow Officer Trading Cards <fwd>
Message-ID: <9407100557.AA10729@photon.poly.edu>


Forwarded message:


From nobody at rebma.rebma.mn.org  Sat Jul  9 23:15:15 1994
From: nobody at rebma.rebma.mn.org (nobody at rebma.rebma.mn.org)
Date: Sat, 9 Jul 94 23:15:15 PDT
Subject: No Subject
Message-ID: <199407100512.AAA01344@rebma.rebma.mn.org>


about the credit card transactions.  i was stupid and lost the one reply
that showed interest.  but the data i have is for one network only.
it's TeleMoney, run by Ceridian (used to be Control Data), and there's
no encryption on the transaction at all.

the information would end up pretty long, and i don't want to bomb this
list.  interested people should send me mail instead.  include a pgp
public key.

to get mail to me, use remailer at rebma.mn.org and include the following
at the beginning of your message:

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6

hIwC15oMrSC6gKkBBACF5WvZBz0336fvlIJslMD02PCVJM/5hZeC85Uwd88Z9u8k
9Cbs979V6N/JqqOQmC/88u58sFyYqqsRGrxxjhjZGEeE0wDHRniS4ALjts/22dry
NYr7ep9O4nzYtHU4ac1BeYm1AbSyk4jbjSIw8a6D0l6SI3L72alKSQxCzyZvkqYA
AABQoCjtMyZ8kngK9ZCf3vR9l1yltdp/QoiWBXLhZ43VMi/GIV8VWcVsL5KD9lTW
QRC5Kxpq0RqOazjdrdxPOaN9/43IIVPAj50KnKpSyFyWnf0=
=bdsK
-----END PGP MESSAGE-----







From eileen  Sat Jul  9 20:42:14 1994
From: eileen (Eileen Tronolone)
Date: Sat, 9 Jul 1994 23:42:14 -0400 (EDT)
Subject: hee
Message-ID: <9407100342.AA29487@photon.poly.edu>


Article 185 of alt.humor.best-of-usenet:

From: tjbryce at unix.amherst.edu (Tom Bryce)
Newsgroups: talk.politics.crypto
Subject: Escrow Officer Trading Cards

Escrow Officer Trading Cards


I noticed I'm a little behind on the cryptographic Newspeak 
being promoted by the clipper chip people when I recently read 
some information on key escrow posted to the net, that is, in 
article <CrK9At.E7z at ulysses.homer.att.com> by Steven Bellovin 
<smb at research.att.com>. He mentions that he asked some questions 
of "people on the committee" which seemed to imply they were on 
the inside of the clipper thing, and their answers seemed pretty 
authoritative. I noticed a heck of a lot of Shit In Capital 
Letters that seems to imply Everyone Should Know What the Fuck 
This Is and that This Shit Will Be A Permanent Part Of Our 
Future Vocabularies. Words like Unique Keys, Key Components, 
Escrow Officer, Escrow Agent, Family Key and Escrowed Encrytion 
Standard. It all sounded so OFFICIAL. It also mentioned that a 
hell of a lot of shit about these chips they just wouldn't tell 
us because it was CLASSIFIED INFORMATION. Stuff like how to 
generate psuedo-random numbers for cryptographic purposes. Now I 
thought shit like this was pretty commonly known anyway, but I 
suppose as it's time for us all to up and FORGET this shit 'cuz 
the government tell us it's TOP SECRET and we don't really know 
it anyway. 

As part of our mental reorganization, it seems we are going to 
have to rig up an Escrow Officer category in our minds and 
Capitalize Escrow Officer Every Time We Write This Fucking Word 
because Escrow Officers Will Be Very Important People like the 
President of the United States and the Secretary General of the 
United Nations. Just like the friendly police officer or 
religious leader or boy scout leader or army general or so on of 
the past, I predict Escrow Officers will be the big heroes and 
public leaders of the future. They will burn the midnight oil 
thinking of ways to protect our secret keys from enemy 
intrusion, as well as protect us from Terrorists, Drug Dealers, 
Pedophiles, Communists, Right-wingers, Leftists, and all other 
kind of folk who seek to trample on the flag of the U.S.A. They 
will be the sentinels keeping watch over our secret keys in the 
night. All information about us - our birthdays, height, weight, 
last visit to the doctor, last porno magazine purchased on a 
credit card, sexual orientation, jobs we applied for in the 
past, HIV status, debts we are late in paying, all this secret 
information will be guarded by these silent and sure men and 
women - dare I say God-like sentinels? If Escrow Officers will 
become a big part of our future lives, I'd like to be one of the 
first to capitalize on this phenomenon. I will soon introduce 
Escrow Officer Trading Cards, so we can all have fun trading 
pictures of our favorite Escrow Officers and perhaps even 
following in the fashion trends they promote. Children can also 
learn at a young age who the men and women are who will be 
protecting their secret information for the rest of their lives.

On the front should be a photograph of the Escrow Officer. The 
Escrow Officer should be shown smiling broadly, perhaps while 
embracing or holding a small child or baby. The Escrow Officer 
will be wearing a conservative but comfortable-looking suit, to 
convey that the Escrow Officer is a Real Important Person but 
also Down To Earth and Friendly. Behind the Escrow Officer 
should be bookshelves with impressive titles clearly readable by 
the Escrow Officer Trading Card Owner. Good titles would include 
math books with real real complicated sounding titles, Profiles 
of Courage by John F. Kennedy (another Real Important, Real 
Smart, just plain Real Great Heroic Dude), legal books with Real 
Complicated Sounding Titles, ominous sounding books from the FBI 
and CIA and other Real Tough Sounding American Organizations on 
things like International Terrorist Operations and Their Impact 
on the Crazy World We Will Leave Our Children and Babies 
Tomorrow, and things like that. Books by Richard Nixon should be 
absent from the bookshelves.

On the back will be the Escrow Officer's Name, Address, Phone 
Number, Social Security Number, Sexual Orientation, Blood Type, 
Name Of Last Three Sexual Contacts, Best Friend's Name, and so 
on. (Hey, who the fuck needs privacy anyway? The Escrow Officers 
should set an example for all of us. After all, why would they 
need to hide these things anyway? Unless they're doing something 
they're not supposed to be doing! Like having gay sex in some 
states of America, and things like that.) (PSST. Top secret: It 
won't be their real phone number and stuff anyway. After all, 
who would know any better. And we can even hire some actors to 
pose for the picture instead of the Escrow Officer since it will 
give a more accurate impression of what Escrow Officers are 
supposed to represent. Some real Good-Looking Actors and 
Actresses who fit the current cultural norms of beauty and 
handsomeness and power. Then, since we might not have enough 
black and other minority Escrow Officers, we can hire some 
minority actors to pose for the pictures. Then we could even 
change the names of all the Escrow Officers on the Cards to 
names that sound more impressive and trustworthy.)

Then we can have a Fun Facts section under the personal 
information. For example, we could have a picture of the Escrow 
Officer smiling while holding the Official Random Number 
Generation Keyboard used for a production run of Clipper Chips. 
It will describe the make of the keyboard, color, and so on, and 
might even mention some Fun Facts like the fact that the Escrow 
Officer likes to stick Gumby or Snoopy stickers onto the side of 
the keyboard, and even generated the numbers without using the 
left half of the keyboard one day when she poured her morning 
coffee onto the left half of the keyboard because she was up 
late the night before catching up on the latest newsbriefs on 
the International Traffic in Crack-Addicted Pedophile 
Terrorists. (We won't mention that she was also reading about 
how to stop tax evasion once and for all with electronic money 
encrypted by Escrowed Keys, since everyone cheats on their taxes 
anyway and it would scare the shit out of everyone and eliminate 
support for the Official Key Escrow Standard. We need to pretend 
it's only these fucking ridiculous categories of Super Duper 
Arch Enemies we're after.) 

Another Fun Fact section might involve a picture of an Escrow 
Officer whose dedication and hard work helped catch a Super 
Duper Evil Communist who was actively advocating the violent 
overthrow of the Government of the United States of America. The 
Escrow Officers can be shown bonking the Communist over the head 
with the Official Random Number Generating Keyboard, while 
another escrow agent slaps a pair of handcuffs on the Communist. 
Then the fun fact section can mention the Humorous Incident that 
took place when the photograph was being taken. Of course, the 
photograph is only a simulation, and the Communist will be an 
actor, though the Escrow Officers might be real. The Fun Facts 
section will mention how everyone had a Real Good Laugh after 
the picture taking session was over and they were about to 
uncuff the communist when... THE ESCROW OFFICERS FORGOT WHERE 
THEY PUT THE KEY! From then on, they were subjected to good-
natured ribbing every time they got to the office in the 
morning. In fact, a few months later one of the Escrow Officers 
came to work in the morning and found two of his desk drawers 
locked together with a chain and combination lock. A post-it 
note attached to his desk said SORRY BUT I FORGOT THE 
COMBINATION! While everyone was roaring at the Silly Prank, the 
quick-witted Escrow Officer got his other Escrow Officer buddy 
to give him his half of the Key Component to operate the Decrypt 
Processor and they busted the Secret Key of the lock company and 
got the lock off without any extra help. That way, people will 
know what Silly Pranksters our Escrow Officers are. Ever 
diligent in protecting our privacy, but still one of the guys. 
Perhaps the following quip can be ascribed to the Escrow Officer 
in a cartoon-style bubble coming out of his mouth:

"Hey guys, sure I'm into encryption and all, but really, I'm 
just a fella!!"

His buddies will be slapping their knees and ribbing each other 
at his tales of Escrow Officer Pranks and buying each other 
drinks.

Anyway, this is about all I've formulated so far of the Trading 
Card Plan. If anyone cares to invest in my plan (and has access 
to Government Restricted Encryption Technology) please send me 
contact information encrypted on the following key.

--
Postings to alt.humor.best-of-usenet reflect what the submittor considers to be
the best in usenet humor, and the poster is responsible for the content.  The
moderator removes duplicates, copyrighted material, posts without headers, but
does not drop articles based on content.  See the group charter for more info.
Sigs may be truncated.  Moderator address: best at cc.ysu.edu


-- 
Eileen Tronolone      | internet: eileen at photon.poly.edu  | Just Another Ozric
System Administrator  | usenet: redsonja at olias.linet.org  | Tentacle Of The
Polytechnic University| voice: (718) 260-3846             | Medusa On The 
Brooklyn, NY 11201    | Self possession is 9/10 of the law| Infobahn Of Love??





From rarachel at prism.poly.edu  Sat Jul  9 23:48:34 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sat, 9 Jul 94 23:48:34 PDT
Subject: Bit counting
In-Reply-To: <199407070257.AA00900@laurel.ocs.mq.edu.au>
Message-ID: <9407100636.AA21021@prism.poly.edu>


> 
> >Why bother when you can simply do an eight line function?
> 
> >int bitcount(char b)
> >{
> >register int retval=0;
> 
> > if (a & 1) retval++;
> > if (a & 2) retval++;
> [...]
> 
> Because on a lot of architectures this implementation may be hideously
> inefficient.  All the world is not an Intel chip, thank god.

Okay, I'll bite this one again.

6502:
LDX #$00
LDA b
BIT #$01
BEQ +2
INX
BIT #$02
BEQ +2
INX
/\/\/\/\//\
TXA
STA returnvalue
RTS

There.  On a 6502, this too would take about 5 bytes per test * 8 tests, that's
40 bytes.  So that's about 60 bytes or so maximum for this function.  Now for
68000:

MOVE.B 0,D1
LEA A0,[address_of_parameter_b_from_stack]
MOVE.B [A0],D0
MOVE.B D0,D2
ANDI #01,D0
BEQ [skip three instructions]
ADDI #1,D1
MOVE.B D2,D0
ANDI #02,D0 
BEQ [skip three instructions]
/\/\/\/\/\/
MOV D1,[return_value_on_stack]
RET

Same commands, but on the 68K, it'll take up a bit more space, though the 68K
will run faster.

Now granted on certain machines the XOR method is faster, but is it more
obvious?  I've seen lots of "cool" code in my time.  The verdict on it is
that while it's neato whiz bang cool, it's hard to debug or update if it
needs fixing, and tends to be very non obvious.  If you use a good compiler
which has register optimization, the function done the long way will be
as fast as the XOR method, and cleaner, and in some cases actually faster.






From wcs at anchor.ho.att.com  Sun Jul 10 00:08:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 10 Jul 94 00:08:36 PDT
Subject: Request: tamper-proofing executables
Message-ID: <9407100707.AA29634@anchor.ho.att.com>


Tamperproofing things that aren't hardware is difficult.
If your code is sufficiently non-obfuscated to be worth tampering with,
Bad Guys can tamper with the tamper-checking code just as easily as they
can with the useful-stuff code.  One way around this is to leave
digital-signature-checking to exterior programs, e.g. include a PGP signature
(probably in a separate file to avoid mushing it into your binaries)
and let them check the signature from their own copy of PGP.
(Or for cheapness without patent problems, distribute a RIPEM-sig instead.)

Some people have suggested code that does things like encrypt some 
critical parts of the code and decode them on the fly at runtime,
using a key that's generated by checksumming the file and XORing
with the last 8 bytes or some variant.  Sufficiently persistent Bad Guys
can respond to this by grabbing the code from memory as they run it,
and you can play games with them about decoding stuff a piece at a time, etc.
(All of this is of coure easier in LISP or interpreted languages.....)
How much work you want to put into this depends on how much effort
you think the Bad Guys are willing to spend cracking your code.

I've heard people talk about doing totally encrypted computation,
but I'm not sure whether anything practical hs been implemented.

		Bill
		
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From rarachel at prism.poly.edu  Sun Jul 10 00:31:22 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 10 Jul 94 00:31:22 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <Pine.3.89.9407081353.B13677-0100000@unix2.netaxs.com>
Message-ID: <9407100718.AA21416@prism.poly.edu>


> 	I have yet to devise or find a foolproof [ ;) ] or unbreakable 
> protection scheme. I'mm starting to think there's no such animal. What 
> you CAN do is protect your executables against file corruption, viruses, 
> and lame-0 hacker dudez. But, getting any secure PGP-level security is 
> very difficult.
> 	OTOH, if anyone else has come up with a scheme that is hard to 
> break / unbreakable, *please* come formward and correct me. I have a few 
> applications that I'd like to apply this to. :)

There isn't any foolproof way.  The reason is that if you protect a program
through software, the hacker, if determined and of exceptionally high caliber
will turn to hardware.

I have a friend of mine who was in Russia a few years back while they were
trying to clone their own PC's.  One great method of debugging such home
made Russian brand machines was to use one computer to debug another computer.
How?  Somple.  You shut down the clock on one machine, let it execute one
instruction, then use the other computer to look at the memory of the
machine being debugged.  The debugger can modify memory or read memory.  It
would then execute one or many instructions on the debugged CPU by strobing
the clock.  I believe they even had a way of grabbing the current registers
on the target CPU via interrupts.  (ie: a hardware interrupt that points to
a ROM routine which then stores the current registers to some memory which is
not normally available to the program running on the debugged CPU except
when it is activated by the debugger CPU.)

Simpler schemes if I may point them out include the ISEPIK cartrige and its
ilk on Commodore 64 machines.  Infact I may point out that the Commodore128
which could emulate a C64 had a built in debugger which when the machine was
reset would let you look at most of the memory from a running C64 program! Now
some memory would be lost, granted, but a determined hacker could find a way
to get at it and create an image which could be restored later.

(Infact the C128 debugger was so good that GEOS 1.2 could be hacked with it!)
A lot of the earlier Activision games could be restarted by a simple SYS
call to one of the usual locations.  Usually restarting the computer and loading
a debugger did the trick.  With the C128, this was even easier.


Some UPS cards have the feature of saving the RAM of the currently running
machine to the drive because of a power failure.  This is evident in
notebook computers though they keep it in RAM.
(Infact the C128 debugger was so good that GEOS 1.2 could be hacked with it!)





From jya at pipeline.com  Sun Jul 10 07:50:22 1994
From: jya at pipeline.com (John Young)
Date: Sun, 10 Jul 94 07:50:22 PDT
Subject: Xerox glyphs
Message-ID: <199407101450.KAA11458@pipe1.pipeline.com>


Pointer:  Xerox glyphs encoding process.

Publication:  The New York Times, July 10, 1994; Section 3; 
Business; p. 9.

Title:  Smart Paper Documents for the Electronic Age.

Subhead:  A new coding method hides computer data in plain 
view,

By:  John Holusha.

A quote from an illustration:

A Xerox technology, known as glyphs, would enable paper 
business documents to carry thousands of characters of 
information hidden in unobtrusive gray patterns that can appear 
as backgrounds or shading patterns.  Glyphs could be used for 
encoding machine-readable data onto paper documents.  





From ravage at bga.com  Sun Jul 10 08:44:04 1994
From: ravage at bga.com (Jim choate)
Date: Sun, 10 Jul 94 08:44:04 PDT
Subject: Trashing the list? What motivates people?
In-Reply-To: <199407091726.KAA12977@netcom5.netcom.com>
Message-ID: <199407101543.KAA01486@zoom.bga.com>


> be not reading much of what gets posted here. I, for one, have many
> dozens of time (maybe hundreds of times, since 1992) referred to
> articles in sci.crypt, talk.politics.crypto, alt.security.pgp, etc.
>
Go back in your archives and notice that this responce reitterates one
I had made earlier about not seeing such references unless they  came
from a newsgroup with crypt  in it somehow. 

> times--is clearly grinding an axe. Lashing out at the list as being
> full of good-for-nothings simply because of complaints about these
> articles is absurd.
>
I didn't lash out at anyone. I posted a set of materials I thought some
might find interesting. If folks like you had left it alone that would
have been the end of it. I would not have made any further communications
on it. However, a certain clique of c-punks seem compelled to reply to
every damn post that gets sent on there, and do it ad nauseum. If the 
traffic is too high try not replying unless it is a positive contribution.
But, because you folks apparently have nothing  better to do  we have 
managed to generate a set of list traffic that vastly exceeds the original
forwards. 

> As for the first point, that many suggestions are made but then not
> carried out, this is the nature of all discussion groups I've ever
> seen. After all, we're not being *paid* to do all this. We're not
> organized into teams, and so on.
>
Reminds me of the years I worked in a science museum and people were always
coming around with new projects for me to  do. My general responce became   to
point them to the shop and tell them to have at. I have little respect for
people who have nothing better to do than tell others how to spend their time.
If the suggestion is that great, carry it out yourself.

> involved in any of these projects, or giving us insightful analyses of
> trends, developments, and technical details, I don't think he's in a
> position to condemn the rest of the list.
>
I didn't condem the list or anyone else for that matter. 

> People who lash out at the list, calling the list a place for people
> who never do anything, are revealing their own failures of
> imagination.
>
I *NEVER* said that or anything like it. Geesh, speaking of imagination.

> I can't see why they choose to remain on the list if they despise it
> that much.
>
see the line above.
> 
> --Tim May
> 
> -- 
Tim,   

you really should  quite drinking or whatever, you are seeing things.






From ghio at kaiwan.com  Sun Jul 10 10:01:17 1994
From: ghio at kaiwan.com (Remailer Guru)
Date: Sun, 10 Jul 94 10:01:17 PDT
Subject: Remailer usage statistics
Message-ID: <2vp997$ea8@kaiwan.kaiwan.com>


I added a new feature to my remailer.  Send mail to ghio at kaiwan.com with
Subject: remailer-stats for a list of statistics on remailer usage for the
last 24 hours.  It will report the number of messages remailed in the last
24 hours, how many of them were encrypted with PGP, and how many of them
were delayed with latency (regardless of whether or not the message has
been sent out yet).  It also shows a graph of how many messages were
received each hour.  This should help people time their latent messages to
arrive or depart at particularily 'busy' times in order to confuse someone
who is attempting traffic analysis.

Also, by popular demand, I have added a help file.  Send mail to
ghio at kaiwan.com with Subject: remailer-help and it will send you a help file.





From jimn8 at netcom.com  Sun Jul 10 10:04:41 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Sun, 10 Jul 94 10:04:41 PDT
Subject: Faster bit count on 680x0
Message-ID: <199407101704.KAA13679@netcom14.netcom.com>


A few ways of counting bits without a lookup table were proposed.

Here's a method that should be faster:
; (preamble)
     move.w (source)+,d0
     clr.w  d1
     clr.w  d2   ; bit count

; body of code that counts bits
     repeat 16   ; repeat the following section of code 16 times:
     add.w d0,d0 ; shift most significant bit into carry
     addx.w d1,d2 ; add zero in d1 plus carry bit to bitcount in d2
     rpe         ; end of repeated section

The result in d2 is the number of 1 bits in (source).  The repeated
section of code is 64 bytes long, well under the cache size of an '020,
so it can be repeatedly executed to count multiple source words without
having to reload the instruction cache.

My duties at Apple have constrained how much I can do for speech
compression at modem rates (a project I want to do for secure phone
applications, Cypherpunk style) but if anyone has some 68K code they'd
like optimized, drop me email.  Freeware type efforts preferred-- I
already have a job :)

- Jim Nitchals
QuickTime engineering team
Apple Computer, Inc.





From jthomas at access.digex.net  Sun Jul 10 10:08:09 1994
From: jthomas at access.digex.net (Joe Thomas)
Date: Sun, 10 Jul 94 10:08:09 PDT
Subject: META: A proposal for handling "forwards"
In-Reply-To: <15C73CF374B@BlueSky.OpenMind.com>
Message-ID: <Pine.3.89.9407101359.A25122-0100000@access1.digex.net>


On Sat, 9 Jul 1994, Doug Cutrell wrote:

> How about setting up a second e-mail list on majordomo, called
> "cypherpunks-fwds" or "cypherxtra" or some such thing.  I, for one, am
> quite appreciative of receiving such posts as Jim Choate's forwards... but
> my disk space is abundant and my connection is permanent and not metered.
> I can understand why many people would prefer not to receive such things.

This seems like an appropriate time to give a plug to the Extropians list 
software.  If I remember correctly, there was a ::nosend command that 
people could use when forwarding long messages.  The ::nosend command
would cause the list processor to file the whole message in the archives, 
and only send out a pointer to it (a title in the index?).  Those who 
wanted to retrieve the message could send a command to the list 
processor, requesting it.

I don't know if Majordomo has anything similar...

Joe





From ghio at cmu.edu  Sun Jul 10 13:20:44 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Sun, 10 Jul 94 13:20:44 PDT
Subject: Remailer chaining helper program.
Message-ID: <9407102018.AA14810@toad.com>


roy at sendai.cybrspc.mn.org (Roy M. Silvernail) wrote:

> Was it here that I saw mention of a program to generate chained remailer
> traffic automatically>  Pointers appreciated, and thanks!

Well, I've had this file in my ftp dir for awhile...
but I don't think anyone knew where to find it.  Since it's short, I hope
nobody will flame me for posting this.

It's a csh script...  I'm sure you can follow the general format and adapt
it.  You may need to replace 'queuemail' with 'sendmail' in the last line,
depending on your system.


cd ~/pgp
~/pgp/pgp -feat hfinney <~/private/anonmsg >~/pgp/remailers/temp
echo "::" >~/pgp/remailers/message
echo "Request-Remailing-To: hfinney at shell.portal.com" >>~/pgp/remailers/message
echo "" >>~/pgp/remailers/message
echo "::" >>~/pgp/remailers/message
echo "Encrypted: PGP" >>~/pgp/remailers/message
echo "" >>~/pgp/remailers/message
cat ~/pgp/remailers/temp >>~/pgp/remailers/message
rm ~/pgp/remailers/temp

~/pgp/pgp -feat catalyst <~/pgp/remailers/message >~/pgp/remailers/temp
echo "::" >~/pgp/remailers/message
echo "Request-Remailing-To: catalyst at netcom.com" >>~/pgp/remailers/message
echo "" >>~/pgp/remailers/message
echo "::" >>~/pgp/remailers/message
echo "Encrypted: PGP" >>~/pgp/remailers/message
echo "" >>~/pgp/remailers/message
cat ~/pgp/remailers/temp >>~/pgp/remailers/message
rm ~/pgp/remailers/temp

echo "To: remailer at chaos.bsu.edu" >~/pgp/remailers/outgoing
echo "From: mg5n at andrew.cmu.edu" >>~/pgp/remailers/outgoing
echo "" >>~/pgp/remailers/outgoing
cat ~/pgp/remailers/message >>~/pgp/remailers/outgoing
rm ~/pgp/remailers/message
/usr/andrew/etc/queuemail -f ~/pgp/remailers/outgoing -a remailer at chaos.bsu.edu






From jrochkin at cs.oberlin.edu  Sun Jul 10 14:13:26 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sun, 10 Jul 94 14:13:26 PDT
Subject: Anon Mailing List
Message-ID: <199407102113.RAA06084@cs.oberlin.edu>


I'm in the process of working on some perl scripts to implement a fully anonmous
 mailing list. I mentioned interest in this a month or so ago on cypherpunks, 
but i think it might have been during some of the list troubles, so many might 
have missed it. 

At any rate, I have very little unix programming experience, but since no one 
else seemed to be working on an anon mailing list, although sev eral people said 
they had given it some thought, I figured I might as well give it a try.

The basic idea is simply that anon-remailers will be used, so that the mailing 
list doesn't need anyone's real address; it can send list mail to them through 
the anon remailers using encrypted re-send to blocks. Additionally, the list 
would send out all mail pgp-encrypted with the individual keys of list members. 
(yes, this could be proccesor-time-consuming). And incoming mail would be 
required to be encrypted to the list, and signed by a list member.  And 
PGP-signature-checking would be used for authentication of unsubcribe commands, 
and such. Possibly, remote list maintanance with  signature-checking for 
authentication might be coded. 

Anyhow, I'm not sure whether I should attempt to modify some existing mailing 
list code, or just write my own from scratch (which seems like it actually might
 be easier). But I could try to modify majordomo, or more likely SmartList. 
SmartList is some scripts and recipe files for procmail to implement a mailing 
list. procmail is a incoming mail proccessing program. I want to make sure this 
stuff can be run from inside a normal user account, if neccesary, which is easy 
to do with SmartList. I'm not familiar with the inner workings of majordomo. The
 reason I'd modify preexisting stuff is because they are already set up to deal 
with rather obscure possible errors in rather complicated ways that I might not 
want to duplicate myself. But I'm not sure how significant this is, and I'd 
really rather write it from scratch myself, and not have to deal with puzzling 
through someone elses code. (Yeah, I'm lazy).  What do you all think?

I've put in a little bit of meta-level effort in writing it from scratch.  I've 
come accross DMB databases as a way of keeping the records of members 
pseudonyms, anon-remailer address blocks, and anon-remailer addresses.  Is this 
a good idea? The documentation I saw on DBM databases suggested that there might
 be a unpredicable size limitaton of 1000 bytes or so, which could conceivably 
become prohibitive with especially long encrypted remailer address blocks. But I
 don't know of any other easy way to maintain such a database. I'm _not_ going 
to write my own database maintanance code; I wouldn't know where to begin. Any 
suggestions?

I'd appreciate any input people have for me.





From jgostin at eternal.pha.pa.us  Sun Jul 10 14:50:48 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sun, 10 Jul 94 14:50:48 PDT
Subject: Jim Choate says we have nothing better to do!
Message-ID: <940710170634R8sjgostin@eternal.pha.pa.us>


Jim choate <ravage at bga.com> writes:

> But, because you folks apparently have nothing  better to do  we have 
> managed to generate a set of list traffic that vastly exceeds the original
> forwards. 
     You claim to not be incidiary, but this is definately just that. I've
pretty much stayed out of this, but once it becomes personal ("...you
folks..."), I get involved. I _do_ have better things to do than listen to
you insult people you don't even know. One of the better things I have to
do is to listen to well-informed, INFORMATIONAL posts, not the rantings of
someone who claims to know exactly what I do with my time.

> Reminds me of the years I worked in a science museum and people were
> always coming around with new projects for me to  do. My general
> responce became to point them to the shop and tell them to have at. I
> have little respect for people who have nothing better to do than tell
> others how to spend their time.  If the suggestion is that great, carry
> it out yourself.
     Your attitude stinks. Have you ever heard of a term called
BRAINSTORMING? In case you haven't, or have forgotten the meaning,
Webster's New World Dictionary cites the following:

brain.storm.ing n.  the unrestrained offering of ideas or suggestions by
                    all members of a conference to seek solutions to
                    problems.

     I don't know about you, but this sounds EXACTLY like what's going on
here: The unrestrained offering of ideas or suggestions by all [READERS] of
a [MAILING LIST] to seek SOLUTIONS to [SITUATIONS WARRANTING ATTENTION].

     In reference to your job at the science museum, evidently, you were
the person who was the "doer." The people who wanted something done went
to the person who was responsible for doing -- you. I'm glad you no longer
have to job. It seems that your disposition, and attitude, are wrong for
the job.

> I didn't condem the list or anyone else for that matter. 
     You didn't? Hmmm.... who said "But, because you folks apparently have
nothing better to do we have managed to generate a set of list traffic
that vastly exceeds the original forwards" just a few paragraphs ago? I'll
give you a hint, it wasn't me....

>> People who lash out at the list, calling the list a place for people
>> who never do anything, are revealing their own failures of
>> imagination.
> I *NEVER* said that or anything like it. Geesh, speaking of imagination.
     True. You said it was a place for "[People who] apparently have
nothing better to do..." Your words, not mine.

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From ifarqhar at laurel.ocs.mq.edu.au  Sun Jul 10 16:09:27 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Sun, 10 Jul 94 16:09:27 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <9407100707.AA29634@anchor.ho.att.com>
Message-ID: <199407102309.AA17740@laurel.ocs.mq.edu.au>


>Some people have suggested code that does things like encrypt some 
>critical parts of the code and decode them on the fly at runtime,
>using a key that's generated by checksumming the file and XORing
>with the last 8 bytes or some variant.  

The neatest trick I heard of was to use the 68000's single step mode
to decrypt each word of the program on the fly, run it, then write it back
reencrypted under another key, so that a decrypted copy never existed in 
memory, and what was there was a moving target.  Unfortunately, the decrypting 
software did sit in memory, and so you could eventually hack that right out,
and decode the core image.

>I've heard people talk about doing totally encrypted computation,
>but I'm not sure whether anything practical hs been implemented.

There was a CMU (I think) paper on the subject, but it assumed fully
protected hardware (CPU's wrapped in huge quantities of wire all sealed in
epoxy etc.)  Such hardware tricks - as I think the NSA learned with
ViaLink - are never completely satisfactory. :)

							Ian.




From rarachel at prism.poly.edu  Sun Jul 10 17:46:17 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 10 Jul 94 17:46:17 PDT
Subject: Bit counting
In-Reply-To: <9407100845.AA22188@prism.poly.edu>
Message-ID: <9407110033.AA04336@prism.poly.edu>


Again, if its speed you want, you can't beat look up tables no matter how
hard you try.

A 256 byte table will work just fine, and it's four add statements with
possibly a shift, but the shift too can be bypassed.  Observe:

int bitcount(long *value)
{
 char *c;

 c=(char *) value; // convert long pointer to a char pointer.
 
 return table[c[0]]+table[c[1]]+table[c[2]]+table[c[3]];
}

The above may be slightly less efficient than a XOR, ADD and SHIFT operation
that the original function showed, however this is CPU dependant.

For a 16 bit:

int bitcount(int *value)
{
 char *c;
 c=(char *) value;

 return table[c[0]]+table[c[1]];
}

This will kick the ass of that call, because there's a single add and only
two memory fetches.

Further, for a single byte, you can implement this as a macro function which
gets rid of all the overhead:

#define bitcount(value) table[value]

Granted, this wastes memory, but it depends on whether you're willing to trade
clarity for speed.  The three above functions assume lots of things about the
bit size and such, yes, but that's not the point.  They are CLEAR in their
functionality, and FAST.  The eight line function I showed is also clear in
functionality, but is slower.

Personally I'd rather have clarity than speed.  I'm not interested in breaking
cyphers as much as I am in writing them, so brute force isn't something I'd
look to using.

I've seen far too much weird code in my time to want to use that "simple"
ADD/XOR/SHIFT function.  As "simple" as it seems, there are alternatives.  IF
you want a really high speed method of counting bits, do it in hardware with
a dedicated chip and shove it up the parallel port or directly on the machine's
bus.  If you're trying to break cyphers, you will undoubtedly do this.  If you
are not, it's far safer to write clean, clear, precise understandable code
which won't require a second or thrid glance even with comments.

(That of course is how this got started in the first place... the Cray
Opcode that did this. :-)

}




From michael.shiplett at umich.edu  Sun Jul 10 17:55:06 1994
From: michael.shiplett at umich.edu (michael shiplett)
Date: Sun, 10 Jul 94 17:55:06 PDT
Subject: Xerox glyphs
In-Reply-To: <199407101450.KAA11458@pipe1.pipeline.com>
Message-ID: <199407110055.UAA21959@totalrecall.rs.itd.umich.edu>


"jy" == John Young <jya at pipeline.com> writes [with some deletions]:

jy> Pointer:  Xerox glyphs encoding process.
jy> Publication:  The New York Times, July 10, 1994; Section 3; 

jy> A Xerox technology, known as glyphs, would enable paper
...[rest deleted]

  An half-page article on this also appeared in Scientific American,
April '94, I think (that's the only recent one I can't find at the
moment). It was in ``Science and the Citizen'' or ``Science and
Business.''

michael





From rarachel at prism.poly.edu  Sun Jul 10 18:01:08 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 10 Jul 94 18:01:08 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <199407102309.AA17740@laurel.ocs.mq.edu.au>
Message-ID: <9407110048.AA04494@prism.poly.edu>


> The neatest trick I heard of was to use the 68000's single step mode
> to decrypt each word of the program on the fly, run it, then write it back
> reencrypted under another key, so that a decrypted copy never existed in 
> memory, and what was there was a moving target.  Unfortunately, the decrypting 
> software did sit in memory, and so you could eventually hack that right out,
> and decode the core image.

This is as useful as writing your own PCode interpreter and encrypting the
PCode as it runs.  Whoop de doo. :-)  You can still get at the actual
interpreter and copy it along with the key and along with the code it is
executing it.  It's a simple thing.  Capture it in memory, save the memory
image to the disk, write some code to reload it, and restart it again.

There's no way to do this securely without hardware.  Optionally if you had
smart drives, that is disk drives with their own CPU and RAM, you could
make it very hard to defeat this by loading a program in the drive's CPU
which would run in sync with the actual program and spit out consecutive
encrypted sequences or issue challenge numbers and check them against the
previous number.  This makes it hard because now you have to hack two
devices.  Offers more protection than a single program doing this, but it
is still not foolproof.

The best thing to do is to build a custom CPU with custom RAM and seal it in
some epoxy with self destructive materials in it.  This is excruciatingly
cumbersome, and you have to deal with the problem of heat dissipation. (Since
the CPU is a custom made one, you can't simulate it or break it.  Since you
have no access to RAM, you can get RAM images, etc.)

Another alternative is to use a hardware key generator dongle.  But if the
hacker finds the algorithm and the key for this device, and it can be done
by probing it, he can simulate it in software.  Fer instance, if the program
accesses it via the operating system instead of direct I/O on the CPU, a
routine can be written to emulate this box in software.  For protected mode
CPU's with virtual ports, even doing direct I/O will fail....

There's always a way around everything but the most excruciatingly painful
schemes...

At best you can devfeat mediocre hackers and viruses attempting to screw with
your code...
At worst you can have lots of headaches trying to implement an overly secure
system when it isn't always called for.

Unless your program is some super duper new tech thing and you don't want
people to disassemble and reverse engineer it, don't bother with anything
more than a simple CRC and a bit of encryption...





From bryner at atlas.chem.utah.edu  Sun Jul 10 18:06:19 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Sun, 10 Jul 94 18:06:19 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <199407102309.AA17740@laurel.ocs.mq.edu.au>
Message-ID: <Pine.3.89.9407101928.A14068-0100000@atlas.chem.utah.edu>


How about a different tack, having all branch instructions feed in some 
number from the program, generated from the state of the program, to a 
lookup hard-key.  The program then branches to the appropriate site.

If the number of branches/states of program  was great enough, this might be 
secure(of cource, they can just watch it and recode, but they could 
probably re-write the code for this ammount.)

Roger.





From rarachel at prism.poly.edu  Sun Jul 10 18:16:22 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 10 Jul 94 18:16:22 PDT
Subject: Trashing the list? What motivates people?
In-Reply-To: <199407101543.KAA01486@zoom.bga.com>
Message-ID: <9407110103.AA04665@prism.poly.edu>


Jim, I agree with you.  The complaints are from those who are too lazy t
simply not read a message, who feel the urge to read anything and everything,
and seeing something they've seen elsewhere feel cheated somehow.

Yes, there are several arguements:

1. "It wastes bandwidth"

A: If I didn't think that someone on this list would enjoy it, find it of
   use or interest, I wouldn't have posted it.  While I realize that not
   everyone is like me, I also realize that it is likely that others share
   the same interests as I do, or else we wouldn't be on this list.

2. "I've seen it before"
A: Great, then you don't have to read it.

3. "You should just put pointers up to the original article"
A: The original article may be on usenet.  Not everyone has access to usenet
   though they have access to internet mail.  Not everyone who has access to
   usenet has access to the particular newsgroup the message/article was posted
   in.  Not everyone who has access to the particular newsgroup will get to
   see the particular article because some systems will have a short delete
   time and by the time they find out about the article, it will be gone.
   At this point, if they're only mildly interested, they'll give up, if they're
   really interested, they will ask for the message to be sent to them out
   of someones benevolance.  Not everyone will have copies of it, not everyone
   will bother to send the message.

   Forwarding messages to the list has the advantage that anyone who might be
   interested will be able to receive it.

4. "I dislike forwarded messages so much I'm going to bitch about them until
    you stop posting them."
A:  You're an asshole with nothing better on your hands.  If you dislike wasting
    time and bandwidth why do you post complaints about it?  Why do you waste
    your time and the time of those who want to see the article, or the time
    of those who do not wish to see your rantings?  Experience tells me that
    the bitching replies to an "offending" message usually will last for a
    long time, generating far more bandwidth waste, not contain anything
    remotely on topic, and annoy the fuck out of the whole list.  So just
    because you are annoyed and like to bitch doesn't mean you should force
    the whole list to listen to your rantings.

    Besides, even if you do botch, 99.99999% of the readers will simply ignore
    your rants, or delete them on sight without reading more than the subject.

I like the idea of having a cypherpunks-fwd subgroup.  This way the assholes
on this list who only complain won't have to subscribe to it.. I will tolerate
off topic messages and I don't have a problem with hitting the delete key.
I will tolerate seeing things I've seen before and won't bitch about them
either.  But when someone calls my messages off topic be they mine or be they
forwards, all I need to is look at all the messages on the list to find the
same ones that I'd ignore and stick the nose of the accuser in them.  This
will usually shut them up quickly and silence their ridiculous rantings.

Post and let post.  If you don't like it, don't read it.  Thems by two
electrons. :-D





From ifarqhar at laurel.ocs.mq.edu.au  Sun Jul 10 18:35:31 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Sun, 10 Jul 94 18:35:31 PDT
Subject: Request: tamper-proofing executables
Message-ID: <199407110135.AA23576@laurel.ocs.mq.edu.au>


>This is as useful as writing your own PCode interpreter and encrypting the
>PCode as it runs.  Whoop de doo. :-)  

Somewhat easier, though.  And utilizing single-step defeats a lot of
debuggers too, who don't expect programs to use it.  The tool of choice
for killing such systems is an ICE, although most hackers do not have
access to these.

>Capture it in memory, save the memory
>image to the disk, write some code to reload it, and restart it again.

Exactly the point I made in the original article: the code to do the
decryption is vulnerable.

>There's no way to do this securely without hardware.  

Ditto in my original article.

>The best thing to do is to build a custom CPU with custom RAM and seal it in
>some epoxy with self destructive materials in it.  This is excruciatingly
>cumbersome, and you have to deal with the problem of heat dissipation. (Since
>the CPU is a custom made one, you can't simulate it or break it.  Since you
>have no access to RAM, you can get RAM images, etc.)

And it's not particularly secure, either.  There are well-known techniques
for defeating such approaches.  These are discussed in the CMU paper
I referred to.

							Ian.




From dfloyd at runner.utsa.edu  Sun Jul 10 18:41:53 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Sun, 10 Jul 94 18:41:53 PDT
Subject: "uncrackable" executables
Message-ID: <9407110142.AA29832@runner.utsa.edu>



As to altering MS-DOS executables, the only option that I see
that someone cannot go through is a dongle with the MD5
image signed by your public key burned on the ROM.  The
dongle will be optional, and for user verification that
the program works.  I wonder if one can boot off the dongle...
have it do its tests in rom on applications....?





From hkhenson at cup.portal.com  Sun Jul 10 18:45:42 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Sun, 10 Jul 94 18:45:42 PDT
Subject: Framed by another state for a non-crime
Message-ID: <9407101847.1.24728@cup.portal.com>


If anyone has a good contact with the ACLU, this is a time to use it!
 
 



Date: Sun, 10 Jul 94 16:49:03 PD
Lines: 83

DRAFT MOTION

(Note this is not a motion, but an early draft by a non-lawyer --
-me- about one aspect of the AA BBS case.  I have been very
concerned with what I have found about the performance of the
courts.  It has turned out to be a lot worse than I thought. 
Keith Henson)

On July 8, 1994 Judge Julia Smith-Gibbons, United States District
Court for the Western District of Tennessee in Memphis TN,
verbally ruled that defendant's motion to dismiss (improper venue
based on the North American Free Trade Agreement and others) was
denied.  Her words were that her order denying the motion was "in
the typewriter."  Defendants and defendant's attorney expect (on
the basis of her previous judicial conduct) to be handed the
written order at the time of trial, precluding any interlocutory
appellate remedies.

Defendants Robert and Carleen Thomas are therefore forced to
appeal Judge Gibbon's ruling without an order reduced to writing
and signed by the court.   However, her verbal ruling is "final"
with respect to this issue.

If this interlocutory appeal were delayed until after trial the
Thomases' would be irreparably harmed, even if acquitted.  Not
only would they lose the cost of trial, which could not be
recovered civilly, but they would have to shutdown their business
as it requires part time physical presence.  (Trial in this area
would not be as onerous in that the business could continue to be
operated with a few hours attention each night.)

These motions are being filed in both the Sixth and Ninth Cir-
cuits because the underlying case involves an *assault* on the
authority of the Circuit Courts, and therefore upon the entire
court system.  When the Courts lose their capacity to function
normally it is termed insurrection.  The case at hand may be
close to this state.

As is made clear by attached documents, a *district* court in the
Sixth Circuit is attempting to enforce authority over persons and
property in the Ninth Circuit on the basis of a manufactured
"crime".

The gross inequity performed by law enforcement agents in
manufacturing the child pornography charge could be proved at
trial, but the *law* on which the "crime" is based (Title 18,
Section 2252 of the Federal Code) has been ruled "unconstitutio-
nal on its face" in the Ninth Circuit (US vs X-citement Video,
Inc., 982 Federal Reporter Second Edition, page 1285, Dec. 16,
1992).  At the time of the search of the Thomas's home and
business, (January 10, 1994) this statute *could not* be used to
prosecute *any* person in the Ninth Circuit because it is an
unconstitutional law, and unenforceable.  (Judge Gibbons was
notified on June 22, 1994 of these facts.)

On January 26, 1994 a Federal Grand Jury in Memphis Tennessee
returned an indictment against Robert Thomas citing section 2252,
a section which *could not be applied* by any Ninth Circuit
District Court to a citizen in that circuit or any other Circuit. 
(There were other sections cited including section 2256 calling
for forfeiture of tens of thousands of dollars of computer hardware to 
the Tennessee authorities, and possibly the sysops home, car, etc.) 

The effect--if a district court in one section of the country is
allowed to charge citizens on laws ruled unconstitutional in the
Circuit where they live--is to completely undermine the authority
of all the Circuit courts in the country.  This case is about
liberty and property, but taken to the extreme, a person could be
removed from his home by a District Court operating in another
part of the country and executed.

This appeal is about nothing less than the authority of *any*
Federal court to protect the life, liberty and property of any
citizen of the United States.

If this appeal is not granted, it will show that the District
courts can ignore another Circuit's laws and do anything they
want with a citizen's life, liberty and property.  It will show
that the Circuit courts do not have the authority to protect
life, liberty, or property for the people within their circuit,
and ultimately will undermine the courts ability to protect any
inhabitant of the United States.
(Net.folks--please comment!)





From jis at mit.edu  Sun Jul 10 19:47:45 1994
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Sun, 10 Jul 94 19:47:45 PDT
Subject: Bug in PGP2.6 when editing your key
Message-ID: <9407110247.AA28940@big-screw>


-----BEGIN PGP SIGNED MESSAGE-----

We have found an important bug in PGP 2.6 (and 2.5).

Problem:

If you store  your pass phrase   in the PGPPASS environment  variable or
supply it via the PGPPASSFD hack and you edit your key (pgp -ke) you may
lose.

Specifically if you edit your key and do *not*  change your pass phrase,
then it gets clobbered and you lose access to your private key.

What to do if this happens to you:

You will know that this has happened because you  will edit your key and
then not be  able to use  your  private key.  *IMMEDIATELY* restore your
secring.pgp and    pubring.pgp   from the   ".bak"  versions  that   PGP
automatically creates. This will put things back the way they were.


Work Around:

You can avoid this problem when editing your key by doing one of the two
things below.

1) Remove the PGPPASS environment variable (or don't use PGPPASSFD) when
editing  your key. You   will then have   to manually type in your  pass
phrase when editing your key, but the pass phrase will not get clobbered
this way.

2) If you still use the PGPPASS environment  variable, then when the key
editing process asks you  if you wish to  change your pass phrase answer
"y" (i.e., tell it  that you wish to   change your pass phrase)  it will
then prompt you twice for your new pass phrase. Note: You  can set it to
what it was, effectively not really  changing it. PGP  will not know the
difference and your pass phrase will not get clobbered.

Status:

This problem has   a known fix and  it   will be  included in  the  next
release.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAgUBLiCWkVUFZvpNDE7hAQF/GQIAoWi86mx1TylR5CUWInJrYy/L5kNB0qqB
Uo/gA+u4M7YYeFEVF+voeBBRW686j2ksWaMA3ERTN8o6HWc5hrcf+A==
=fXWk
-----END PGP SIGNATURE-----





From jef at ee.lbl.gov  Sun Jul 10 20:08:10 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Sun, 10 Jul 94 20:08:10 PDT
Subject: using RSA-the-cryptosystem to secure RSA-the-company's patent?
Message-ID: <199407110308.UAA29942@hot.ee.lbl.gov>


Apropos the recent thread on tamper-proof programs...

Can anyone think of a way that RSA-the-company could include some sort
of RSA-cryptosystem-secured check in a release of PGP so that it would
only interoperate with other versions that have the same check?  I don't
see how it could be done, but it's sure an intriguing idea.
---
Jef





From warlord at MIT.EDU  Sun Jul 10 21:36:28 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Sun, 10 Jul 94 21:36:28 PDT
Subject: using RSA-the-cryptosystem to secure RSA-the-company's patent?
In-Reply-To: <199407110308.UAA29942@hot.ee.lbl.gov>
Message-ID: <9407110436.AA28540@toxicwaste.media.mit.edu>


> Can anyone think of a way that RSA-the-company could include some sort
> of RSA-cryptosystem-secured check in a release of PGP so that it would
> only interoperate with other versions that have the same check?  I don't
> see how it could be done, but it's sure an intriguing idea.

PGP is released in source code, therefore anything that gets put into
the code could always be taken out or matched in another version.  For
example, PGP 2.6 contains the hack to change the version number of
packets on September 1.  This was necessary to please RSA, the
company.  And look what happened, 2.6ui was created which matches the
functionality (in that it can read the packets that 2.6 will generate
after 1-September).

The point of this is, why would *you* care?  I can understand why RSA
_might_ care, but I don't see Phil Zimmermann agreeing to it, and I
don't see how anyone could force it into PGP at this point.

-derek






From jef at ee.lbl.gov  Sun Jul 10 21:44:20 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Sun, 10 Jul 94 21:44:20 PDT
Subject: using RSA-the-cryptosystem to secure RSA-the-company's patent?
Message-ID: <199407110444.VAA00229@hot.ee.lbl.gov>


>The point of this is, why would *you* care?  I can understand why RSA
>_might_ care, but I don't see Phil Zimmermann agreeing to it, and I
>don't see how anyone could force it into PGP at this point.

They got the stupid version number thing in; if they had thought of
a better trap, they could probably have gotten that in instead.

The point is, the secret key would not be in the source code.  I can't
think of a way to use that; you can't; RSA couldn't; but I'm not
convinced it's impossible.
---
Jef





From warlord at MIT.EDU  Sun Jul 10 21:53:21 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Sun, 10 Jul 94 21:53:21 PDT
Subject: using RSA-the-cryptosystem to secure RSA-the-company's patent?
In-Reply-To: <199407110444.VAA00229@hot.ee.lbl.gov>
Message-ID: <9407110452.AA28839@toxicwaste.media.mit.edu>


> They got the stupid version number thing in; if they had thought of
> a better trap, they could probably have gotten that in instead.

The version number thing, actually, was a compromise.  Bidzos wanted
complete incompatibility with the existing codebase!  So, to please
his want of incompatibility, we made the version number change;
something that would force people to upgrade to new versions (which
people should be doing, anyways!)

> The point is, the secret key would not be in the source code.  I can't
> think of a way to use that; you can't; RSA couldn't; but I'm not
> convinced it's impossible.

If the secret key is not in source code, then where would it be?  Any
hooks that require the secret key can then be removed from the source
code!  The point of releasing source is so that people *CANT* put in
dain-bramaged back doors like you propose; the point is that having
the source code lets anyone see what's been done, and people can
actually change their version to ignore it, if they wish!

As for the version number hack; maybe some people think of it this
way.  I don't know, I'm not a mind reader.  But from my vantage point,
giving that little bit of rope has given us a US-legal PGP!

-derek





From rishab at dxm.ernet.in  Sun Jul 10 22:19:58 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sun, 10 Jul 94 22:19:58 PDT
Subject: LD's Cypherwonks list
Message-ID: <gate.R2y8oc1w165w@dxm.ernet.in>


Peterwheat at aol.com:
> found this by doing a keyword search (cryptography) in America Online's
> database of mailing lists.  I thought it might be of interest to the
> cypherpunks mailing list:
> 
> CYPHERWONKS: The Development of Cyberspace

I subscribed to this when LD first announced it early last December. I never
received any mail. At that time I do believe Julf had said something supporting
this list. Incidentally the address for LD in your database on AOL is ancient.
And the description message seems watered down. The original post was full of
LD's paranoid gems -- here's an excerpt for your entertainment:

> anonymity. However, we do not necessarily believe that others are
> required to read anonymous postings. To the contrary, we believe that
> the individual should have the tools and freedom to filter his or her
> own mail based on real identities. In particular, we condemn the
> practice of `pseudospoofing,' the dangerous deception where a person
> builds up a pseudonym and misrepresents it as being that of a real
> person's identity. We police each other on the list to prevent it, and
> require a promise that our members refrain from it. While our trust can
> be betrayed, only those that are honest are true cypherwonks, and
> anyone who betrays our trust we consider a dishonist hypocrite, or worse, 
> a *traitor*

Note the Detweilerese: pseudospoofing, honest and true, hypocrite, *traitor*.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Sun Jul 10 22:20:06 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sun, 10 Jul 94 22:20:06 PDT
Subject: PGP for Russia...
Message-ID: <gate.D5Z8oc1w165w@dxm.ernet.in>


"Robert M. Humphrey" <Robert at rmh.khabarovsk.su>:
> Anyone with any ideas how I can get going on PGP or something else under
> the circumstances would be more than welcome.

Do you have telnet/ftp access? I believe the .su domain does have full Internet
connectivity... If you do, you should pick up PGP version 2.6ui from
ftp.dsi.unimi.it /pub/security/crypt/PGP/pgp26uix.zip

Even if you're a US citizen you can't export PGP from the US under US law, so 
don't try it from CompuServe.

If you don't have net access, the only way is to have someone split PGP into
dozens of UUENCODED parts and mail it to you. If no one else volunteers to
do this from outside the US, ask me. (Yes, I am lazy, and maybe someone's
already got a split UUENCODED PGP ;-)

Rishab



-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From ifarqhar at laurel.ocs.mq.edu.au  Sun Jul 10 22:39:25 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Sun, 10 Jul 94 22:39:25 PDT
Subject: "uncrackable" executables
In-Reply-To: <9407110142.AA29832@runner.utsa.edu>
Message-ID: <199407110538.AA04889@laurel.ocs.mq.edu.au>


>As to altering MS-DOS executables, the only option that I see

>that someone cannot go through is a dongle with the MD5
>image signed by your public key burned on the ROM.  

And what code is checking that the program which is fed through the dongle
actually verifies?  Why, code in the file itself, which can be fairly
easily removed from the program, thus removing the need for the dongle.

>The
>dongle will be optional, and for user verification that
>the program works.  

That's the problem: the dongle IS always optional.  It plays no part in
how the program runs, and thus removing it from the protection "protocol"
(to use that word's widest definition) is comparitively trivial.  What
you need to do is to make sure that the dongle plays some major role
in the way in which the program runs, and as I have said on this list
recently, the commonest way this is done is to have the dongle server
constants to the program.  Even this is reverse engineerable, but at
a much greater cost.

The ultimate dongle would be one which contains additional computing
resources (say, a coprocessor), the duplication of which would render
reverse engineering at the same level of difficulty as building one
from scratch.  Thus the program is dependent on the dongle, which
enforces your protection protocol in hardware.

>I wonder if one can boot off the dongle...

Not on PC boxes (with the possible expection of the cartridge port on the
PC Jr.  Am I showing my age or what? :)

Actually, if by dongle you meant a plug-in-card, yes it is possible.  But
most people would not accept the loss of a card slot for a dongle unless
it did actively assist in running the program, and it is still a major
on-cost for the program.

							Ian.




From exabyte!gedora!mikej2 at uunet.uu.net  Sun Jul 10 23:17:37 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Sun, 10 Jul 94 23:17:37 PDT
Subject: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <Pine.3.89.9407081454.C13416-0100000@gedora>



On Fri, 8 Jul 1994, Dan Marner wrote:
>    I would appreciate any pointers to documents, source code or
> programs that deal with using cryptographic techniques to detect
> or prevent modification of executable code. I am looking for 
> something that uses either a signature or a one-way hash to detect
> modifications at run time. 
>    Of particular interest is information on signing a file that
> includes the signature as part of the file. Is this possible with
> any of the common algorithms?

There are lots of ways to detect modification of executable code, and 
possibly take some action based on the outcome.  The hard part comes when 
you consider that the code doing the checking may itself be hacked.  A 
determined hacker would just patch the code to jump around the test.  I 
suggest three things to make it harder:`

1.  Make more than one test in more than one place in the code, making it 
harder to find all of them.

2.  If you use any embeded keys, create them at run time from pieces 
stored in different places in the code and/or data.

3.  Store the code in compressed format.  One nice way to do this is with 
PKLite Professional with the -e option.

The choice of algorithms used to sign the files (i. e. DSA vs RSA vs 
salted hash vs simple CRC) is probably less important than the details 
mentioned above.  The only way to substantially increase the security of 
the check is to add a hardware device (i. e. dongle or custom hardware 
card), but people generally hate those since they are usually used just 
for copy protection.  On the other hand, clever application of the above 
software techniques is probably good enough to avoid common virii, 
unintentional damage to files, and the average hacker.

Peace to you.
Mike Johnson






From collins at newton.apple.com  Mon Jul 11 01:57:19 1994
From: collins at newton.apple.com (Scott Collins)
Date: Mon, 11 Jul 94 01:57:19 PDT
Subject: Tamper-Proof Software? No!
Message-ID: <9407110856.AA26386@newton.apple.com>


Hello,

Software only products cannot be made unconditionally tamper-proof, for the
following definition of `tamper-proof':

  "An attacker, on their own machine (over which they have complete
control), given a copy of the software that `runs' on that machine but
includes mechanisms so that it won't run under certain conditions (the
`tamper-proofing'), cannot produce a piece of software that lacks the
tamper-proofing."

By this definition, I am not addressing, e.g., pirates attempting to unlock
a software distribution without the key, nor getting a bogus agent to run
in a protected environment like Telescript, nor programs where a
significant part of its functionality happens inside a physically
tamper-proof `dongle'.

Tamper-proofing is a fundamentally different problem from secret
communication.  The latter is `How can two parties exchange information
such that no third party can learn it?'  The former is `How can one party
tell a secret to a second party, and at a later time, take it back?'  You
can't `un-tell' a secret.  The functionality of your program is the secret.
If that secret is revealed (and when you run the program, it will be)
there's nothing left to protect; the secret is out.

Tamper-proofing mechanisms amount to questions, answers, and actions.  Each
can be supplied by either the software itself or some outside entity (e.g.,
the OS, a `dongle', a network key-server, etc.).  They come in many forms,
but they can be reduced to "Is this the original software?", "yes" or "no",
and `continue' or `quit'.  In the case where it is the software itself that
decides whether to run or quit (and since the attacker has complete control
over the environment, it must be), the attacker is not constrained to
defeating an arbitrarily hard authentication scheme.  It is sufficient to
avoid the test or refuse to quit.  Replace each call to a tamper-detection
routine with a call to a routine that has the same side-effects as the
original would when no tampering has occurred (which can be observed).

Thus, if the software checksums itself---remove the code that asks for the
checksum, or remove the code that quits if the checksum doesn't match.  If
the checksum is required to decrypt some part of the program---build a copy
of the software that is already decrypted, or use the saved checksum from
an original run.  If the program uses the value returned by a dongle to
decrypt part of itself---watch it happen once, then keep the decrypted
part.  If a network server won't give you an open socket until the software
answers an unpredictable question about itself that the modified program
cannot answer---relay the question to an unmodified instance of the
program.

Sooner or later, in the course of execution, the `useful' part of your
software will be presented, unencrypted and ready to run (if not without
strings) to the CPU.  Even if this happens only a little bit at a time, the
attacker can record those hunks and assemble them into a new, unencumbered
package.  The attack might not be cheap!  But people will do it if the
reward exceeds the cost.  If there is functionality you want to protect
unconditionally, don't give it away!  Sell a service instead.

Hope this helps,


Scott Collins   | "That's not fair!"                         -- Sarah
                | "You say that so often.  I wonder what your basis
   408.862.0540 |  for comparison is."                 -- Goblin King
................|....................................................
BUSINESS.    fax:974.6094    R254(IL5-2N)    collins at newton.apple.com
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
.....................................................................
PERSONAL.    408.257.1746       1024:669687       catalyst at netcom.com







From stu at nemesis.wimsey.com  Mon Jul 11 04:45:24 1994
From: stu at nemesis.wimsey.com (Stuart Smith)
Date: Mon, 11 Jul 94 04:45:24 PDT
Subject: Forwarding & Reference Pointers
Message-ID: <2e200818.nemesis@nemesis.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

>greg at ideath.goldenbear.com (Greg Broiles) writes:
>> Count this as a vote in favor of pointers to information instead of 
>jgostin at eternal.pha.pa.us writes:
>     Count this as a second, plus some kind of summary of the article
>referenced. :-)

This is a silly way to prove a point, but count this as a
third.. <sigh>

- -- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiAWI6i5iP4JtEWBAQHfEwQAjBsf3djmjC+x6iCGZQVfQTbLqic+CgBy
pM/TFLVZWd7GxmsQSG8oOXpyo4WnAVDDsj2p/o7jNArUSFotbB5ZNEWJgrQV7c0Y
MVj08Tj4YtnPzfZaa9y3qN0R01smLp/q6RwiM2c2THRXkA7egqO0MXwUHyN2+wIN
ua3UJz8nhww=
=rNRk
-----END PGP SIGNATURE-----





From gtoal at an-teallach.com  Mon Jul 11 05:29:23 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 11 Jul 94 05:29:23 PDT
Subject: Bit counting
Message-ID: <199407111228.NAA21528@an-teallach.com>


	Again, if its speed you want, you can't beat look up tables no matter how
	hard you try.

Ray, you've missed the point of some of the explanations; VERY FAST cpu's
as unbelievably fast as long as they are executing *on-chip* - as soon as
they have to go to RAM for a table lookup, they suffer a performance hit
equivalent to executing large amounts of in-line instructions - one array
lookup might be worth 200 straight opcodes.  Hence why an in-line scheme
has to be found for critical inner-loop stuff.  The precise details vary
according to the pipelining and the amount of on-cpu instruction cache.

G
PS We'd seen the Escrow Officer Trading Card skit on t.p.c when it first
was posted a couple of months ago ;-)





From m5 at vail.tivoli.com  Mon Jul 11 05:34:54 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 11 Jul 94 05:34:54 PDT
Subject: Cross-posting problems
Message-ID: <9407111234.AA27237@vail.tivoli.com>



I don't know much about how the majordomo software works, so this
suggestion may be impossible.

A solution to the decision point Mr. Choate and others find themselves
in opposition over might be to add functionality to the list software
that would allow articles to be cross-posted in a more sophisticated
way.  The article could be routed to a special majordomo sub-address
which would file the article under some supplied title and then post
to the list a brief announcement that the article had been deposited
there.  There'd be another "ftp" server port for retrieving the
articles.

Clearly, some provisions would have to bee made for sweeping out the
repository, but with some discipline this seems like it might make
everybody happy: those who dislike the volume of the direct crossposts
would be able to skip by based on subject header alone.  Those who
appreciate the opportunity to read something they otherwise missed
would have a pretty easy time fetching the articles.

[ If this is already possible, or if it has been suggested and even
beaten into the ground, I apologize; I haven't had much caffeine yet
this morning :-]

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From m5 at vail.tivoli.com  Mon Jul 11 06:05:16 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 11 Jul 94 06:05:16 PDT
Subject: Bit counting
In-Reply-To: <199407111228.NAA21528@an-teallach.com>
Message-ID: <9407111305.AA27261@vail.tivoli.com>



Graham Toal writes:
 > Ray, you've missed the point of some of the explanations; VERY FAST cpu's
 > as unbelievably fast as long as they are executing *on-chip* - as soon as
 > they have to go to RAM for a table lookup, they suffer a performance hit
 > equivalent to executing large amounts of in-line instructions - one array
 > lookup might be worth 200 straight opcodes.

I think you might be able to do a lookup scheme more cheaply on CPUs
that really have such an extreme CPU/memory speed ratio.

You can encode the lookup table as an array of 4-bit values (you
*could* do 3-bits, but that'd make the table lookup a lot
messier). You can also add the trick of checking one bit of each byte
explicitly, and thus you could fit the entire table in 64 bytes.
That's probably just two-four cache lines, so access to the table
would become much less bad than 1/200th the register access time.

It'd be something like this:

	bits = 0;
	For each byte:
		if (byte != 0)
			index = byte >> 1;
			shift = (index & 1) << 2;
			bits = ((tbl[index] >> shift) & 0x0f) +
					(byte & 1) +
					1;

Hmm...  That's probably about a dozen instructions per byte, or about
50 instructions for a 32-bit word.  The per-bit loops seem to be
around 100 instructions long.  If we've got a better than 12-1 speed
ration (CPU vs. memory), which is quite possible on a CPU with a
decent cache design, then I'd say the table lookup wins.

(Does this count towards my "cypherpunks write code" merit badge?)	

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From pstemari at bismark.cbis.com  Mon Jul 11 06:27:53 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Mon, 11 Jul 94 06:27:53 PDT
Subject: NII, NSA and Computer Security Act of 1987
In-Reply-To: <199407090519.WAA22555@netcom12.netcom.com>
Message-ID: <9407111327.AA02799@focis.sda.cbis.COM>


> My last post, Rainbow Gathering, generated more responses--on the list
> and in my mailbox--than I've gotten in a long while. By contrast, my
> post last night on Dining Cryptographers generated no reponses. I will
> try to learn from this curious situation. (You have been warned.)

Not surprising.  While Dining Cryptographers was vastly more relevant,
I still haven't digested it.  The Rainbow Gathering was good for an
instant response and didn't require anything resembling thought.  I'll
leave it to you to guess which one I saved.

Oh yes, and I at least felt that the Fortran code was on-topic and
saved it for study.

	--Paul





From cme at tis.com  Mon Jul 11 06:29:59 1994
From: cme at tis.com (Carl Ellison)
Date: Mon, 11 Jul 94 06:29:59 PDT
Subject: Whew! The dangers of posting to Usenet
In-Reply-To: <199407090136.SAA28308@netcom9.netcom.com>
Message-ID: <9407111329.AA02512@tis.com>


Tim,

	sounds normal for the Rainbow Family.  (bunch of hippies, wandering
the country, gathering in nudist fests every summer, ...)

	This seems tame compared to alt.recovery -- a relatively normal
use of a newsgroup -- getting the word out about situations which need
general attention from the readership of the group.

 - Carl

P.S.  I ran into a likely Rainbow list reader (or so I assume -- a woman
who lives in a hippie communue in Oregon) last Spring in Boston and
happened to tell her about Cypherpunks and what the fight is.  She sounded
very interested in the cause and wanted a PGP disk sent to her buddy with
the PC (whose name I forget).







From cme at tis.com  Mon Jul 11 06:38:38 1994
From: cme at tis.com (Carl Ellison)
Date: Mon, 11 Jul 94 06:38:38 PDT
Subject: NII, NSA and Computer Security Act of 1987
In-Reply-To: <9407090437.AA16516@io.lrcs.loral.com>
Message-ID: <9407111338.AA03381@tis.com>


>Date: Fri, 8 Jul 94 21:37:00 PDT
>From: koontzd at lrcs.loral.com (David Koontz )
>To: cypherpunks at toad.com
>Subject:  NII, NSA and Computer Security Act of 1987



>Is our friendly TLA breaking CSA 1987 or has Congress been sold a bill of
>goods?  (This is analagous to making the phone system a matter of National
>Security, something more in tune with an Evil Empire.)

Our friendly TLA had a severe budget cut a few years ago.  Nothing like
that to wake you up to the need to find ways to be useful/needed.

>One wonders if this implies Escrow Encryption Standard compliant cryptographic
>hardware before one is allowed to participate in what is being billed as a
>public accessible service?

Of course.

 - Carl






From rjc at gnu.ai.mit.edu  Mon Jul 11 08:18:36 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Mon, 11 Jul 94 08:18:36 PDT
Subject: Tamper-Proof Software? No!
Message-ID: <9407111518.AA02589@geech.gnu.ai.mit.edu>


 
     In your essay, you overlook the use of pseudo-code interpreters
 and cryptographic code mangling. It is not possible to make software
 unconditionally tamper proof, but it is possible to make it hard,
 perhaps as hard as finding a hamiltonian of a graph. I speak as a
 person with a 3 year cracking/tampering background. Let me pass on an
 experience I once had:
 
     I was trying to crack this game with a dongle. The code had dongle
 checks spread throughout it. I thought I could merely search for the
 signature of the dongle check and fix all of them, but the check was
 different each time, disguised by indirect addressing, illegal
 instructions, interrupt tricks, and stack tricks.  The only solution
 was a tedious process of tracing the execution of the program and
 backtracing the failure routine. That wasn't the only problem though.
 On top of the dongle checks, checks for the dongle check routine and
 various checksum routines were spread throughout the code. In fact,
 there were so many of these checks that trying to separate the "useful
 part" of the program, and the dongle checks was hard because they were
 virtually everywhere.  yes, it cost the game speed, but the game
 wasn't one that was particulary synced wih the display. Anyway, it
 took about a week of hacking on and off to find them all. There were
 about 30. What if there had been 1000? What if the code wasn't pure
 assembly, but a p-code interpreter which executed not a straight
 byte-code, but an actual recursive encryption algorithm in the
 interpreter? In other words, 0x80 might stand for "add a to b" in one
 instance, but in the next instance, "suicide mode" Perhaps the library
 i/o for the p-code itself also changes/gets mangled through the
 process. Furthermore, let us assume that this mangling is in some
 sense, cryptographically strong.  A few things become very hard:
 
 1) writing a decompiler for the general case 
 2) separating the "application" from the "protection" Why? Because in some 
 sense, you'd have to rewrite the interpreter, or the application to remove 
 all the "suicide" instructions. The p-code could be set up so in fact, most
 instructions are suicide unless decrypted properly.  Thus, if you were
 to remove one suicide instruction, all of a sudden, a perfectly
 legimate section of code would become riddled with them.  Removing
 protection would no longer be as simple as "NOPing out" the
 instruction. The code would be, by the nature of the interpreter,
 interdependent in a way far deeper than "checking for the presence of
 the dongle check routine"
 
 (note: this scenario is not isomorphic to the usual protection trick
 of having an interrupt decrypt the next instruction to be executed
 and encrypting the previously executed instruction. In that
 scenario, the re-encrypter can be disabled, so that after a
 complete execution, the code is plaintext for the debugger to save to 
 disk. Here, the problem is that the code is never "decrypted"
 in the first place. What changes, is the meaning of the instruction
 set itself.)
 
 I suppose, one could attempt to isolate the suicide routine and just
 make it do nothing. That still doesn't solve the problem that a
 section of code has been mangled and probably not doing what it is
 supposed to.
 
   While a determined hacker could still break through this, I'd say
 that it would make the effort not worth it in most cases. Currently,
 most software protection is so simple that an hour of so in a debugger
 can isolate a manual check, and remove it. Most of the time, code is
 only skimmed.  My cryptographic p-code proposal forces the hacker to
 virtually disassemble and understand the function of the entire
 interpreter, write a decompiler, remove any protection algorithms from
 the code, and then somehow, fix the interpreter so that the code still
 works.
 
   Imagine the task of having to create a plaintext which will generate
 a certain MD5 hash. Here, you'd have to remove the protection, but
 make sure the cryptographic execution flow of the interpreter matched
 the original. i.e. coming up with *different* code (sans protection)
 that causes the interpreter to decode the stream in the same manner.
 
 (if you want to know how code is p-compiled, I can explain later
 after I flesh it out more. I suspect I am probably reinventing the
 wheel for the Nth time, but I haven't read anything on it, so I may
 as well make a fool of myself.)
 
    Instead of picturing my p-code proposal, picture a much simpler
 idea. A seething morass of code, most of it garbage, protection
 decoys, all of it interdependent with other checks (chained in various
 ways), and somewhere in the middle of it all, is the application.  I
 don't care what romantic vision of teenage hackers you have, it is
 possible to make removing the protection require the effort of
 rewriting a large chunk of the application. One of the other things I
 used to do was "NTSC fixing", taking PAL frequency games and fixing
 them for US computers. In some cases, it was simple (chop off the
 bottom of the screen, adjust rasters and timing) But sometimes, it
 required rewriting a portion of the graphics engine.  This was no joy
 and sometimes I just gave up. If crackers had to alter just 10% of an
 application to get it to work unprotected, I think that would be a
 sufficient deterrent to most of them. Depending on how much speed
 you wanted to trade off, you could probably make the code arbitrarily
 "deep" (or, as Tim likes to talk about, imagine a hacker that has to
 crack a program encoded as DNA!)
 
 digression:
 
     Now grant me something more powerful. Imagine in the future that
 most software is in the form of distributed objects and that many of
 those objects reside and execute on remote systems. If these remote
 systems require cryptographic authentication before they allow a
 remote execution (e.g. Telescript), copy protection can be
 conditionally secure as RSA. Cracking would require writing a
 replacement object or buying one, presuming of course, major objects
 weren't trade secrets and you only had the API to work with. (once
 again, the function arguments could be permuted crytographically, so
 that even if you had the API, you still couldn't write a replacement)
 The result, is that you'd have to pay for software because software
 would consist of a client + object services, and the objects would
 require cryptographic cash/authentication to use, and replacements
 would be hard to write. However, unlike dongles, the system would be
 totally automatic and convenient, so there would be none of the problems
 associated with traditional protection (pain of look-up-in-the-manual or 
 dongle).  The same system could be extended to hypertext publishing where
 documents are distributed all over the net in different databases.
 One could pirate a "snapshot" of a document, but what makes the
 documents valuable is the dynamic quality of hypertext, being able to
 lay it out however you choose, and follow links. This means you need
 constant access to the databases, and therefore you pay for the
 service.
 
   My point in writing all this, is to disagree with Tim's implication
 in the cryptoanarchist manifesto, that cryptographic technology will
 eliminate intellectual property. Cryptography doesn't eliminate barbed
 wire, it is the ultimate fence. While it could provide untracable
 networks for "information laundering", it can also provide
 authenticated networks for unpiratable software, or teach us how to
 compile code in a manner that is "expensive" or as Tim might say
 "logically deep".  (too deep to unravel its full meaning.)
 
(I agree if Tim meant that it would make *legal* protection of iprop
impossible, but I consider legal protection irrelevent anyway. If I need
something protected, I'll do it myself, not depend on government)

   Well, I've said my peace. Now Tim can tear my argument to pieces. ;-)
 
 -Ray
Any and all mistakes the result of lack of sleep...ZzzzT. 
 
"Information wants to be free..."

"Not if Mathematics has anything to say about it."






From pdn at msmail.dr.att.com  Mon Jul 11 08:50:49 1994
From: pdn at msmail.dr.att.com (Philippe Nave)
Date: Mon, 11 Jul 94 08:50:49 PDT
Subject: Mass forwards vs. pointers
Message-ID: <2E2167B7@mspost.dr.att.com>



On the off chance that someone is actually keeping score, I'll cast a vote
for pointers instead of forwards. I don't pay for access (look closely at
my address to see why), but my mail setup lumps all my mail in the inbox
indiscriminately; to find critical messages from co-workers and automated
software processes, I've got to wade through all the mail from the lists
I subscribe to. This morning, there were 80+ messages from cypherpunks
alone. If this list becomes, in effect, Usenet without Usenet newsgroup
mechanisms, I'll have to bail out in order to get anything done for my
Real Job (TM).

I used to get Cypherpunks mail on a Unix box, and there I had a slick
little Perl script sitting in my mail pipe to route Cypherpunks mail
into a secondary Elm folder. This was nice, since it routed mailing
list traffic away from my standard inbox. Now, though, I'm running through
Microsoft Mail - until I figure out a way to separate list traffic
from other mail, I'm really touchy about high-volume list traffic.

Does anyone have a FAQ (or a brainstorm) on how to route Microsoft Mail
messages to appropriate folders based on message content?

    -Philippe

(No .sig, no PGP sig either - damn PC WinDoze mail software .........   )





From rjc at gnu.ai.mit.edu  Mon Jul 11 09:01:25 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Mon, 11 Jul 94 09:01:25 PDT
Subject: Request: Tamper-proof executables
Message-ID: <9407111600.AA02708@geech.gnu.ai.mit.edu>




re: C128's monitor was soo good...

  That's nothing! ;-)

  As early as 1987, you could purchase an "action replay cartridge"
or "final cartridge" for the C64. This cartridge could freeze
the execution of any progam, save *all* of memory, the state
of every hardware register, and the cpu registers and flags,
allow you to make changes,. and restart the program where it left
off!

  Even more amazing, it knew the values of *write only registers*
and the CIA/Raster latches! 

  Furthermore, you could disassemble sectors directly from disk,
capture sprites/graphics, and automatically save the compacted
frozen state of the computer in "nova load format", which could be
given to anybody (who doesn't have the cartridge), and they could load
the frozen game (200+ block file) in less than 3 seconds from the 1541!

   Anybody could crack games! Simply enter the manual-word, freeze
the game after it had been entered, and viola!

   The best part of the monitor was the ability to run basic
programs from the frozen state without corrupting anything. Sort
of a primitive cooperative multitasking.

   The cartridge also had a nibble mode copier in it.

   
  The cartridge later came out for the Amiga with even more amazing
capabilities (like the ability to know what was in the write
only blitter/copper registers)


  Ahh, the good ole days of 6502, VIC chip tricks, and 1541
programming. ;-)


-Ray






From mech at eff.org  Mon Jul 11 09:21:53 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 11 Jul 94 09:21:53 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
Message-ID: <199407111621.MAA14136@eff.org>


I believe this to be a forgery of course, but it might be of interest anyway.

Forwarded message:


From blancw at microsoft.com  Mon Jul 11 09:36:17 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 11 Jul 94 09:36:17 PDT
Subject: Mass forwards vs. pointers
Message-ID: <9407111538.AA27019@netmail2.microsoft.com>


From: Philippe Nave

Does anyone have a FAQ (or a brainstorm) on how to route Microsoft Mail
messages to appropriate folders based on message content?
...............................................

1.  You can use the Message Finder feature in MS Mail to collect all of 
the messages, say To: "cypherpunks" and then move all of these to a 
folder.  You can also select all the email sent directly to your name 
or to a specific alias, read these, and continue searching the inbox 
this way for messages groups.

2.  There's a software program from Beyond Incorported called WinRules 
1.0, which will filter incoming messages according to who the message 
is From, To, CC, words in content, attachments, etc. and route them to 
folders, optionally popping up a message or a sound as a folder 
receives email throughout the day.  It also has some other neat 
features which you can set to deal with email traffic.

Blanc





From mpd at netcom.com  Mon Jul 11 09:48:52 1994
From: mpd at netcom.com (Mike Duvos)
Date: Mon, 11 Jul 94 09:48:52 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <199407111621.MAA14136@eff.org>
Message-ID: <199407111649.JAA12304@netcom13.netcom.com>


Stanton McCandlish <mech at eff.org> writes:

 > I believe this to be a forgery of course, but it might be
 > of interest anyway.

 >> I am a pro-privacy political sabatour within the NSA.  I am
 >> warning all new users of anonymous mailers about NSA traffic
 >> watching.  We listen to all messages passing through certain
 >> intermediate nodes and compare them with messsages leaving
 >> anonymous services. We are able to trace 70% of all
 >> messages.

This doesn't seem too unreasonable even if the writer only
imagines he is working for the NSA.  The Anonymous Posting
Service at Penet is vulnerable to a number of tricks which might
be used to disclose the identity of posters.  I have always
regarded it as a handy tool for people wishing to maintain a
small degree of privacy while posting on sensitive or
embarrassing topics.  I certainly wouldn't use it to threaten the
President or trade plutonium futures.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From s009amf at discover.wright.edu  Mon Jul 11 10:38:25 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Mon, 11 Jul 94 10:38:25 PDT
Subject: Clipper vs. PGP (fwd)
Message-ID: <Pine.3.89.9407111308.A1880-0100000@discover>



Since I consider myself new to this whole topic, even though I have read 
several articles about PGP and CLIPPER, I wanted to get some more info 
and understanding for my senior seminar next May....  

Does anyone have any opinions on what would happen if the Clipper Chip 
and its associates were all implemented and the general public swallowed 
on it?? Would we as knowledgeable computer people become outlaws??? Would 
be it like 1984?? Would our computer illiterate neighbors try and catch 
us??? 

And going the complete opposite direction (a full 180). If the public was 
able to obtain PGP as easily as we are and they would use it for 
everything, would that lead to the overthrowing of the government and 
therefore cause anarchy, due to the fact the governmnet would be helpless 
in knowing what everyone is doing contrary to the CIA, FBI, etc. being 
able to read everything we write and say through their current illegal 
wiretaps???
 
I'm just looking to get a complete picture. At this moment I would go 
with PGP, but I still see a lot of problems with being on either side. 
They seem so extreme...
 
Aaron

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=








From cme at tis.com  Mon Jul 11 11:09:20 1994
From: cme at tis.com (Carl Ellison)
Date: Mon, 11 Jul 94 11:09:20 PDT
Subject: Clipper vs. PGP (fwd)
In-Reply-To: <Pine.3.89.9407111308.A1880-0100000@discover>
Message-ID: <9407111808.AA11814@tis.com>


   Date: Mon, 11 Jul 1994 13:37:42 -0400 (EDT)
   From: Aron Freed <s009amf at discover.wright.edu>

   And going the complete opposite direction (a full 180). If the public was 
   able to obtain PGP as easily as we are and they would use it for 
   everything, would that lead to the overthrowing of the government and 
   therefore cause anarchy, due to the fact the governmnet would be helpless 
   in knowing what everyone is doing contrary to the CIA, FBI, etc. being 
   able to read everything we write and say through their current illegal 
   wiretaps???

   I'm just looking to get a complete picture. At this moment I would go 
   with PGP, but I still see a lot of problems with being on either side. 
   They seem so extreme...

You've painted an extreme picture -- so of course it looks extreme.

If the world swallows Clipper, it'll still be possible to keep secrets from
the FBI....just harder.

You're forgetting the danger from organized crime, however.  A key database
becomes an inviting target for org crime and I'd expect it to be
compromised immediately.

There's a special danger if even just the banks swallow Clipper/Capstone.
Do you want your bank accounts protected by keys that organized crime can
access?

--------------------

If the world goes with PGP, the FBI can still get info the way it does
today -- with informers.  It's not a world of all bad guys with only the
FBI a good guy.  When I communicate with you, I don't know what you do
with this message.  Chances are you're a good guy (since almost everyone
is) and if I'm suggesting something criminal, you're likely to send this
message to your local police or FBI (assuming they haven't totally alienated
you by trying to pry your crypto keys out of your cold dead fingers :-).

 - Carl






From tcmay at netcom.com  Mon Jul 11 11:52:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 11 Jul 94 11:52:08 PDT
Subject: Clipper vs. PGP (fwd)
In-Reply-To: <Pine.3.89.9407111308.A1880-0100000@discover>
Message-ID: <199407111851.LAA18370@netcom2.netcom.com>


Aron Freed writes:

> Since I consider myself new to this whole topic, even though I have read 
> several articles about PGP and CLIPPER, I wanted to get some more info 
> and understanding for my senior seminar next May....  

I think you'll have more than enough time to prepare for a seminar
next May! 

> Does anyone have any opinions on what would happen if the Clipper Chip 
> and its associates were all implemented and the general public swallowed 
> on it?? Would we as knowledgeable computer people become outlaws??? Would 
> be it like 1984?? Would our computer illiterate neighbors try and catch 
> us??? 

Keep reading the list and you'll be able to draw inferences from the
topics discussed here. You posted this question a few days ago, as I
recall, and I assume that the lack of responses then is why you're
posting again.

Understand that people rarely write essays in response to questions
like "Why is Clipper bad?" For most of us, mandatory key escrow is
axiomatically bad; no debate is needed.

> And going the complete opposite direction (a full 180). If the public was 
> able to obtain PGP as easily as we are and they would use it for 
> everything, would that lead to the overthrowing of the government and 
> therefore cause anarchy, due to the fact the governmnet would be helpless 
> in knowing what everyone is doing contrary to the CIA, FBI, etc. being 
> able to read everything we write and say through their current illegal 
> wiretaps???

Yes, strong crypto means all of this. And cats will move in with dogs,
Snapple will rain from the sky, and P will be shown unequal to NP.

Seriously, keep reading the list and you will see many discussions of
this issue. You can't expect to see them within days of joining the
list, for obvious rate reasons, but over the next few months the topic
will come up. More to the point, your growing sophistication with the
issues will allow you to draw your own conclusions, always more
valuable than asking for an opinion poll. (Only political science
people think opinion polls are useful, and I suspect even _they_ know
that polls of the Net are statistically meaningless. But they need to
keep their grant money flowing.)

You'll have plenty of time before next May to learn this stuff. Hell,
between now and next May you may have time to implement a few
remailers, write the code for a data haven, and implement Pretty Good
Quantum Cryptography.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ebrandt at jarthur.cs.hmc.edu  Mon Jul 11 11:56:05 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Mon, 11 Jul 94 11:56:05 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <199407111621.MAA14136@eff.org>
Message-ID: <9407111855.AA08055@toad.com>


> > From: an109803 at anon.penet.fi

> > I am a pro-privacy political sabatour within the NSA.
> > [ . . . ] We are able to trace 70% of all messages.

A saboteur within the NSA is going to send a message that he just
said has a 70% chance of being traced?  Yeah, righto.  I'm sure they
do monitor overseas data comm (that's their job), but this looks
more like a friend pulling a prank on the guy.

   Eli   ebrandt at hmc.edu






From gtoal at an-teallach.com  Mon Jul 11 12:33:35 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 11 Jul 94 12:33:35 PDT
Subject: remailer@remba.mn.org offline.
Message-ID: <199407111932.UAA29810@an-teallach.com>


Where does one find a list of actively running remailers coupled
with what runes each one needs if non-standard?  (I don't use
these things often enough to have kept up with any pointers
I'm afraid, sorry.  Been watching for a couple of days but haven't
seen any recently)

G
	From MAILER-DAEMON  Mon Jul 11 19:59:48 1994
	Date: Mon, 11 Jul 94 13:53 CDT
	From: <MAILER-DAEMON at kksys.com>
	To: <@demon-du.an-teallach.com:gtoal at an-teallach.com>
	Cc: postmaster at kksys.com
	Subject: mail failed, returning to sender
	Reference: <m0qNQOJ-0006anC at kksys.skypoint.net>

	|------------------------- Message log follows: -------------------------|
	 no valid recipients were found for this message
	|------------------------- Failed addresses follow: ---------------------|
	 <remailer at remba.mn.org> ... unknown host
	|------------------------- Message text follows: ------------------------|
	Received: from uum1.mn.org by kksys.skypoint.net with bsmtp
		(Smail3.1.28.1 #15) id m0qNQOJ-0006anC; Mon, 11 Jul 94 13:47 CDT
	Received: from gate.demon.co.uk by uum1.mn.org with smtp
		(Smail3.1.28.1 #3) id m0qNQ81-0000FdC; Mon, 11 Jul 94 13:30 CDT
	Received: from demon-du.an-teallach.com by gate.demon.co.uk id aa29094;
	          11 Jul 94 19:30 GMT-60:00
	Received: from an-teallach.com by demon-du.an-teallach.com with SMTP
		id AA129436 ; Mon, 11 Jul 94 19:25:43 GMT
	Received: from gtoal at localhost by an-teallach.com (8.6.4/1.37)
		id TAA28615; Mon, 11 Jul 1994 19:26:11 +0100
	Date: Mon, 11 Jul 1994 19:26:11 +0100
	From: Graham Toal <gtoal at an-teallach.com>
	Message-Id: <199407111826.TAA28615 at an-teallach.com>
	To: remailer at remba.mn.org
	X-Phone: +44 31 662 0366
	X-Fax: +44 31 662 4678
	X-Organisation: An Teallach Limited

	::
	Request-Remailing-To: ... deleted ...





From rittle at comm.mot.com  Mon Jul 11 13:13:55 1994
From: rittle at comm.mot.com (Loren James Rittle)
Date: Mon, 11 Jul 94 13:13:55 PDT
Subject: Clipper vs. PGP
In-Reply-To: <Pine.3.89.9407091030.A11417-0100000@discover>
Message-ID: <9407112013.AA13678@supra.comm.mot.com>


>Date: Sat, 09 Jul 1994 10:30:25 -0400 (EDT)
>From: Aron Freed <s009amf at discover.wright.edu>

>Does anyone have any opinions on what would happen if the Clipper Chip 
>and its associates were all implemented and the general public swallowed 
>on it?? Would we as knowledgeable computer people become outlaws??? Would 
>be it like 1984?? Would our computer illiterate neighbors try and catch 
>us??? 

If computer knowledgeable people all became outlaws just because of
their knowledge, we would be living in a rather awful place and time,
now wouldn't we... :-)

>And going the complete opposite direction (a full 180). If the public was 
>able to obtain PGP as easily as we are and they would use it for 
>everything, would that lead to the overthrowing of the government and 
>therefore cause anarchy, due to the fact the governmnet would be helpless 
>in knowing what everyone is doing contrary to the CIA, FBI, etc. being 
>able to read everything we write and say through their current illegal 
>wiretaps???

The government would not be overthrown, unless unjust laws were "in
force".  I believe that there are many unjust laws and arbitrary regulations
on the books, but I believe widespread encryption being used by everyone
would result in many of them being taken off the books as unenforcable
"moral judgement"-type laws, as opposed to armed revolution occurring.
Of course, this does imply that the citizens of the US still have their
guns to back up a threat to the government...

Even with encryption being used by everyone, the important laws (anything
that effects two or more people in an adverse manner) would be totally
enforcable.  I.e. things like the OJ case would still be solvable (DNA
and fingerprint analysis would still be able to solve crime, the inside man
and post-crime eyewitness accounts will still have great impact in court).
Given the coming digital information age, people will most likely be able to
keep much better personal records: record everything the say and do
with video and audio recorders.  Any crime that effects them would
be solvable with the help of this information.

Geez, given the number of wiretaps current used to solve crimes (very
small in my opinion: under 10000/year for the whole country), I don't
see what the big deal is.

A reference to history (yes, one can lie with history, but since I bought
guns into the equation, I'd like a chance to show why they are important
in the hand of "the common folks"):
Hitler rose to power in Germany after the *previous* government in Germany
collected all the guns from private individuals.  With no guns in the
"common man's" house, no one could stop the madman's facist rule and his
war making.

I believe the following with all my heart:
Guns in the hands of the people is the only thing that keeps government
(ours or any other one in the world) in check.

[BTW, I don't own a gun and was brought up by parents that would never
 own one. :-]

I fear a government out of control far more than I fear a few criminals
out of control.

>I'm just looking to get a complete picture. At this moment I would go 
>with PGP, but I still see a lot of problems with being on either side. 
>They seem so extreme...

There is nothing wrong with using PGP or Ripem or TIS/PEM or Mailsafe
[RSA's own product] or ...  Assuming that you are being labeled
as an extreme element just because you use some totally legal software
doesn't make any sense to me at least.

--
Loren J. Rittle (rittle at comm.mot.com)          Ripem-1.2 MD5OfPublicKey:
Systems Technology Research (IL02/2240)        D2CE4A0F2BABF33AEF10C8C669DD782D
Motorola, Inc.                                 PGP-2.6 Key fingerprint:
(708) 576-7794                                 6810D8AB3029874DD7065BC52067EAFD





From usura at vox.hacktic.nl  Mon Jul 11 13:14:50 1994
From: usura at vox.hacktic.nl (Alex de Joode)
Date: Mon, 11 Jul 94 13:14:50 PDT
Subject: Request for some C'punx write code.
Message-ID: <7wiaPc1w165w@vox.hacktic.nl>



Hi C'punks,

Some one intressted in improving my remailer ?
[the author of remailer 2.00 is currently unavailable]

I have some options I want to have added: 

 _01    ->  support for Anon-To:
 _02    ->  support for ## header pasting tokens
 _03    ->  support for Anon-passwords
 _04    ->  support for Anon-Alternate-ID's (Nobody) -> (Random H0Z3R)
 _05    ->  support for Memory Swapping
 _06    ->  support for a "fuzzy" header pasting token search
 _07    ->  support for Cutmarks:
 
The current source is in C/C++, the system runs on MSDos, 
and the program has to accept Waffle file in/out put, since it is
a Waffle based remailer.

Send applications and information request to: usura at vox.hacktic.nl

Thanx.
--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From wmo at digibd.com  Mon Jul 11 13:20:19 1994
From: wmo at digibd.com (Bill O'Hanlon)
Date: Mon, 11 Jul 94 13:20:19 PDT
Subject: remailer@remba.mn.org offline.
In-Reply-To: <199407111932.UAA29810@an-teallach.com>
Message-ID: <9407112020.AA06809@poe.digibd.com>


On Mon, 11 Jul 1994 20:32:38 +0100  Graham Toal wrote:
--------
> (question and SMTP failure log deleted)

Graham, you mispelled the name of the remailer, in this case.  The
correct address is remailer at rebma.mn.org, not remailer at remba.mn.org.

(Sorry about the poor name for the machine; this is a pretty common error
for people sending mail to my home machine.  I originally named it back when
there wasn't any such thing as domain naming, and I needed a world-unique name
for the UUCP project.  "Rebma" was the only placename from Zelazny's "Amber"
series that wasn't already in-use at the time.  It SEEMED like a good idea, 
then.)

-Bill





From ifarqhar at laurel.ocs.mq.edu.au  Mon Jul 11 13:52:14 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Mon, 11 Jul 94 13:52:14 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <9407111855.AA08055@toad.com>
Message-ID: <199407112051.AA28356@laurel.ocs.mq.edu.au>


>> > From: an109803 at anon.penet.fi
>> > I am a pro-privacy political sabatour within the NSA.
>> > [ . . . ] We are able to trace 70% of all messages.

>A saboteur within the NSA is going to send a message that he just
>said has a 70% chance of being traced?  Yeah, righto.  I'm sure they
>do monitor overseas data comm (that's their job), but this looks
>more like a friend pulling a prank on the guy.

Of course, there is an amusing side to this.  As a matter of course,
they'd probably have the originator investigated (just to make sure
he had no contacts or association with the NSA outside of his imagination),
which might be rather unpleasant for him now or if he ever needs a
security clearance.

In reality, tracking the use of anonymous remailers should be fairly
trivial for the NSA if the traffic passes through an US/International
gateway (and can thus be legally observed under the NSA's charter).  
The majority of remailers do not encipher the output in
any way, and even those which do would leave enough traces (eg.
comparable sized messages being seen shortly afterwards, simple
patterns emerging using traffic analysis) that would reveal the
mapping fairly quickly.

On the subject of network monitoring, Bruce posted a copy of an NSA
technology transfer which described a database searching algorithm
that looked fairly sophisticated (I don't have the actual posting
handy.)  Did anyone (Bruce?) obtain a copy of the algorithm, and if
so, were there any distribution limitations on it?  It looked like
just the thing that the NSA would use as their "watchword" scanner,
and even if not, it looked like a very useful design all the same.

							Ian.




From lefty at apple.com  Mon Jul 11 14:49:52 1994
From: lefty at apple.com (Lefty)
Date: Mon, 11 Jul 94 14:49:52 PDT
Subject: Whew! The dangers of posting to Usenet
Message-ID: <9407111527.AA15736@internal.apple.com>


>That may not have been a legit post.  That group is currently
>under attack by the alt.syntax.tactical morons.  Ha ha big laugh :-(
>
>(They don't even have detweiler's intelligence as a redeeming grace)

No, I've encountered Ms. Yamada before.  She posts occasional non sequiturs
to the Buddhist Studies list.  The, for-lack-of-a-better-word, contribution
quoted by Tim is entirely consistent with previous emanations from that
direction.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From cme at tis.com  Mon Jul 11 15:05:23 1994
From: cme at tis.com (Carl Ellison)
Date: Mon, 11 Jul 94 15:05:23 PDT
Subject: USACM report, Ch 4
Message-ID: <9407112204.AA29910@tis.com>


Has anyone read the USACM report on crypto

	ftp://Info.acm.org/reports/acm_crypto_study

especially Chapter 4?

Could it be that I missed the discussion of it?






From merriman at metronet.com  Mon Jul 11 15:06:37 1994
From: merriman at metronet.com (David K. Merriman)
Date: Mon, 11 Jul 94 15:06:37 PDT
Subject: using RSA-the-cryptosystem to secure RSA-the-company's patent?
Message-ID: <merriman.15.0010EB0E@metronet.com>


In article  Jef Poskanzer <jef at ee.lbl.gov> writes:
>Subject: using RSA-the-cryptosystem to secure RSA-the-company's patent?
>Date: Sun, 10 Jul 94 20:07:58 PDT
>From: Jef Poskanzer <jef at ee.lbl.gov>

>Apropos the recent thread on tamper-proof programs...

>Can anyone think of a way that RSA-the-company could include some sort
>of RSA-cryptosystem-secured check in a release of PGP so that it would
>only interoperate with other versions that have the same check?  I don't
>see how it could be done, but it's sure an intriguing idea.
>---

Why in the world would we want to give them any kind of solution to something 
like that - particularly on an 'open line' like this? :-)

Dave Merriman








From fnerd at smds.com  Mon Jul 11 15:49:21 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Mon, 11 Jul 94 15:49:21 PDT
Subject: Why to Care about Others' Security
Message-ID: <9407112110.AA21908@smds.com>


Tim May says-

> Personally, my main interests is in ensuring the Feds don't tell me I
> can't have as much security as I want to buy. I don't share the
> concern quoted above that we have to find ways to give other people
> security.

I can think of a couple reasons to want other people to be more secure.

1) The more people protect their privacy, the less profit there is in
privacy invasion, so that there will be fewer people doing it and
the techniques and infrastructure of spying might develop more 
slowly.

2) The more people protect their privacy, the less privacy afficionados
will stand out from the crowd.

3) The more people buy privacy, the more developed the market for
privacy techniques and services, and the more private ways of doing
things will be available and easy to use.

-fnerd

- - - - - - - - - - - - - - -
spam is in the eye of the beholder (splat)
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From mech at eff.org  Mon Jul 11 16:23:52 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 11 Jul 94 16:23:52 PDT
Subject: ****Customs Goes For Encryption -- And It's Not Clipper 07/11/94 (fwd)
Message-ID: <199407112323.TAA27386@eff.org>


[Copyright 1994 by Newsbytes.  Reposted WITH permission from the ClariNet
Electronic Newspaper newsgroups clari.nb.govt, clari.nb.top.  For more info on
ClariNet, write to info at clarinet.com or phone 1-800-USE-NETS. May 18, 1994]

Posted-Date: Mon, 11 Jul 1994 16:44:31 -0400
Path: netnews.upenn.edu!crabapple.srv.cs.cmu.edu!bb3.andrew.cmu.edu!lll-winken.llnl.gov!looking!newsbytes
From: newsbytes at clarinet.com (NB-WAS)
Newsgroups: clari.nb.govt,clari.nb.top
Subject:  ****Customs Goes For Encryption -- And It's Not Clipper 07/11/94
Keywords: Bureau-WAS, NEWS
Date: 11 Jul 94 19:19:57 GMT
Approved: cn at clarinet.com
Xref: netnews.upenn.edu clari.nb.govt:1073 clari.nb.top:1974

WASHINGTON, D.C., U.S.A., 1994 JUL 11 (NB) -- The US Customs Service
has picked Information Resource Engineering (IRE) of Baltimore, Md.,
to supply encryption technology to protect Drug Enforcement
Agency information traveling on telephone and computer networks in the
Pacific Rim.

But Customs won't be using the Clipper encryption technology the
Clinton Administration and the National Security Agency is pushing.
"Clipper simply is not available," Anthony Caputo, chief executive
officer of IRE told Newsbytes. "Clipper has been approved for
government agencies, but there just isn't much equipment out there
yet."

So the US Customs will be using IRE's technology, which uses its
proprietary Atlas encryption algorithm and meets the National
Institute of Standards and Technology's Digital Encryption Standard
or DES for short.

"DES products are the only thing you can buy today," said Caputo. "We
expect to see Clipper become fairly widely used and we will have
Clipper versions of our systems available when that happens."

IRE was founded in 1983 by former crytologists at the National
Security Agency who wanted to develop technology to make encryption
easy and inexpensive. The company has focused on the banking industry,
providing security for corporate wire transfers.

Caputo says that Citibank, J.P. Morgan & Co., Chase Manhattan, Bankers
Trust and Banc One are using IRE systems, as are AT&T and the US
Treasury Department.

"The government is far ahead of private industry on electronic
commerce," Caputo said. "Banks are just getting around to it. One way
people will use the information superhighway is for electronic
commerce, and we are the best positioned company in the world for this
development."

(Kennedy Maize/19940711/Contact: Anthony Caputo 410-931-7500)





From mmarkley at microsoft.com  Mon Jul 11 16:28:18 1994
From: mmarkley at microsoft.com (Mike Markley)
Date: Mon, 11 Jul 94 16:28:18 PDT
Subject: Why to Care about Others' Security
Message-ID: <9407112328.AA25554@netmail2.microsoft.com>


FutureNerd writes
----------
| From: FutureNerd Steve Witham  <fnerd at smds.com>
| To:  <cypherpunks at toad.com>
| Subject: Why to Care about Others' Security
| Date: Monday, July 11, 1994 5:10PM
|
| Tim May says-
|
| > Personally, my main interests is in ensuring the Feds don't tell me I
| > can't have as much security as I want to buy. I don't share the
| > concern quoted above that we have to find ways to give other people
| > security.
|
| I can think of a couple reasons to want other people to be more secure.
|
| 1) The more people protect their privacy, the less profit there is in
| privacy invasion, so that there will be fewer people doing it and
| the techniques and infrastructure of spying might develop more
| slowly.

It seems that the more people protect their privacy the greater the 
profit will be in finding ways to invade that privacy. When all kinds 
of information is available in more or less public places there is 
little, if any, reason to pay people to get this information. On the 
other hand if your information is closely guarded then it costs a lot 
more to get that information.

|
| 2) The more people protect their privacy, the less privacy afficionados
| will stand out from the crowd.
|
| 3) The more people buy privacy, the more developed the market for
| privacy techniques and services, and the more private ways of doing
| things will be available and easy to use.
|


Definitely agree with you on these two points.


=====================================================

Mike Markley <mmarkley at microsoft.com>

I'm not a Microsoft spokesperson. All opinions expressed here are mine.

=====================================================





From rittle at comm.mot.com  Mon Jul 11 16:59:30 1994
From: rittle at comm.mot.com (Loren James Rittle)
Date: Mon, 11 Jul 94 16:59:30 PDT
Subject: Clipper vs. PGP
In-Reply-To: <9407112013.AA13678@supra.comm.mot.com>
Message-ID: <9407112359.AA16316@supra.comm.mot.com>



I just noticed that my semi-off-topic mail hit the Cypherpunks list.
Sorry about that --- I was aiming for Aron only.

Please take all of it as opinion.  Had I meant to send it to cypherpunks
or any other public place, it would have been written with more "facts"
to back up the assertions.

Damn, so much for trying to be inconspicuous on the list. :-)

Regards,
Loren
--
Loren J. Rittle (rittle at comm.mot.com)          Ripem-1.2 MD5OfPublicKey:
Systems Technology Research (IL02/2240)        D2CE4A0F2BABF33AEF10C8C669DD782D
Motorola, Inc.                                 PGP-2.6 Key fingerprint:
(708) 576-7794                                 6810D8AB3029874DD7065BC52067EAFD





From jim at rand.org  Mon Jul 11 17:00:52 1994
From: jim at rand.org (Jim Gillogly)
Date: Mon, 11 Jul 94 17:00:52 PDT
Subject: NIST and Micali settle Clipper patent dispute
Message-ID: <9407120000.AA06049@mycroft.rand.org>


NIST has agreed to license Micali's key escrow patents.  I posted their
press release in talk.politics.crypto and alt.privacy.clipper.  The
settlement is evidently open-ended; there's an article in Cyberwire
Dispatch (whatever that is -- a copy was forwarded to me) that discusses
the ramifications in some detail.

	Jim Gillogly
	Mersday, 19 Afterlithe S.R. 1994, 00:00





From ifarqhar at laurel.ocs.mq.edu.au  Mon Jul 11 17:29:37 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Mon, 11 Jul 94 17:29:37 PDT
Subject: Idle question...
Message-ID: <199407120029.AA07365@laurel.ocs.mq.edu.au>


I was compiling a list of crypto algorithms the other night, trying to
produce a library of description documents for the algorithms, and an
interesting but idle question hit me: what ever happened to RC1, RC3,
MD1, MD3, A1, A2, A4, A6, and A7?

Just wondering if anyone knows...

							Ian.




From blancw at microsoft.com  Mon Jul 11 17:53:16 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 11 Jul 94 17:53:16 PDT
Subject: Why to Care about Others' Security
Message-ID: <9407120053.AA29974@netmail2.microsoft.com>


Advocating allowance for personal methods of achieving security 
establishes acceptance of the idea intellectually, and there can be 
many philosophical conflicts on that point with the Feds (and others).  
Because although you may have the tools,  if the Feds have their way, 
no one would be allowed to use them (except surreptitiously).

If there is available a good product, which works well, which can be 
used for the purpose of obtaining personal security (apart from what a 
government can offer) then individuals will want to use it when they 
see/feel the need for it.  They will seek it because it's there.

Making useful products which work will contribute to the end of finding 
ways to "give" other people security;  they can't get it if there is 
not a way or a means to implement it.

Blanc





From rarachel at prism.poly.edu  Mon Jul 11 19:13:54 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 11 Jul 94 19:13:54 PDT
Subject: ****Customs Goes For Encryption -- And It's Not Clipper 07/11/94 (fwd)
In-Reply-To: <199407112323.TAA27386@eff.org>
Message-ID: <9407120200.AA03322@prism.poly.edu>


I thank you for forwarding this bit of information.  I find it very useful and
enlightening.  Thank you. :-)

It's obvious that the government is trying to suppress all knowledge that
fully featured strong crypto systems exists on the market and DO NOT USE DES.
It's also obvious that they're using this IRE system, not because Clipper isn't
available, but because it's probably stronger than clipper anyway.





From s009amf at discover.wright.edu  Mon Jul 11 19:23:26 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Mon, 11 Jul 94 19:23:26 PDT
Subject: Modems that variate speed
Message-ID: <Pine.3.89.9407112259.B5511-0100000@discover>



I want a pose something for everyone as a new technology. I have no idea 
if it has been dreamed up before or if it's possible to do...  Here goes:
Most people communicate by modems if they're accessing the internet from 
home unless they're rich or just have the right connections (no pun 
intended). Anyway, could one create a new line of modems that could 
effectively and efficiently variate modem speeds to disuade people from 
trying to pick up any modem transmissions by say a local telephone 
company inorder to keep them from synchronzing data speeds. I know modems 
sometimes lose some speed, but for the most part they transmit at stable 
rates.. Am I completely paranoid about this or am I just going off the 
wall???    I was just reading this article about Telco Snooping that my 
friend forwarded to me off the NirvanNet...
 
I'll put it up here if no one has seen it...

Aaron


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=







From roy at sendai.cybrspc.mn.org  Mon Jul 11 20:45:21 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Mon, 11 Jul 94 20:45:21 PDT
Subject: Why to Care about Others' Security
In-Reply-To: <9407112328.AA25554@netmail2.microsoft.com>
Message-ID: <940711.212638.1J4.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, mmarkley at microsoft.com writes:

> FutureNerd writes

> | 1) The more people protect their privacy, the less profit there is in
> | privacy invasion, so that there will be fewer people doing it and
> | the techniques and infrastructure of spying might develop more
> | slowly.
> 
> It seems that the more people protect their privacy the greater the
> profit will be in finding ways to invade that privacy.

I don't think that's necessarily true. There may be a greater
incentive to penetrate privacy, but the penetration comes at greater
cost. When costs go up, profits go down (assuming the value received
remains the same).

> On the other hand if your information is closely guarded then it
> costs a lot more to get that information.

Exactly. The idea is to make it cost more to get the information than
the information is worth.
- -- 
       Roy M. Silvernail         [ ]  roy at sendai.cybrspc.mn.org
                 Freinds don't let friends spam Usenet.
          Member, Anti Spam Committee Internet, International
            "Hey, at least everyone knows our acronym!"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLiIAgRvikii9febJAQHvpAQAmWksvr39kh6VIQDS/DcJ1ShWRnfFBCyI
npeKRDhDkSuEltIoCrG3MsMqNEEM/jHyV40r7qs4hM89qXp+40Ffk/u0ZNjD0GwK
Vv9CMxwswnQ3pXTAYha5HpE8mBchDECngelORWuDtJUUx4zuN/MLBNk2o/kfNjZR
EmJgBLXFG7A=
=kJph
-----END PGP SIGNATURE-----






From jamesh at netcom.com  Mon Jul 11 20:58:33 1994
From: jamesh at netcom.com (James Hightower)
Date: Mon, 11 Jul 94 20:58:33 PDT
Subject: ****Customs Goes For Encryption -- And It's Not Clipper 07/11/94 (fwd)
In-Reply-To: <9407120200.AA03322@prism.poly.edu>
Message-ID: <199407120328.UAA07945@netcom12.netcom.com>


> It's obvious that the government is trying to suppress all knowledge that
> fully featured strong crypto systems exists on the market and DO NOT USE DES.
> It's also obvious that they're using this IRE system, not because Clipper isn't
> available, but because it's probably stronger than clipper anyway.
> 
This brings to mind the fact that govornment agencies, as well as
private citizens, can be the victims of wiretap abuse. I would find it
hard to beleve that the TLA's aren't keeping tabs on each other. 

Is there other evidence of non-acceptance of clipper by U.S. Gov. agencies?

JJH
--
My loathings are simple: 
stupidity, oppression, crime, cruelty, soft music.      -Vladimir Nabokov




From ben at Tux.Music.ASU.Edu  Mon Jul 11 21:09:48 1994
From: ben at Tux.Music.ASU.Edu (Ben Goren)
Date: Mon, 11 Jul 94 21:09:48 PDT
Subject: Security for under a buck fifty
Message-ID: <Pine.3.89.9407112119.A22909-0100000@Tux.Music.ASU.Edu>


The dilemma with the pass phrase issue seems to boil down to the
balance between entropy and memorability.

The "shocking nonsense" guidelines sound like about the best
suggestions I've heard for humans to generate pass phrases, but I
would suggest that even shocking nonsense can be broken by
somebody--or something--that thinks like Charles Dodgson. If it came
from a process that includes any logic at all, that logic will be
discovered if economical to an attacker.

But who can remember a 132-bit true random number? Take, for example:

0X997D6C32FC8F99104FDCC8BF4B24C7031

I got that number by grabbing handfuls of pennies out of a pile of
132--a true random number generator that cots less than
breakfast--though, I will admit that it's somewhat cumbersome.

But a number can be represented in many different ways. Create a
six-bit character set, filling from 000000 to 111111 with a-z, A-Z,
0-9, . [period], and - [hyphen]. Now, the key becomes:

Mx1SmVYpMrbp3mI-sYthaX

Not impressed yet? Try using the human brain's wonderful talent for
seeing patterns in randomness. If your mind just happened to work
exactly like mine, you would get:

Mx1 misSiles moVe Yp; Mr. bop of 3m I-s Yt haX. [Yt as in the
element.]

I would suggest that it would only take the average person a minute
or two to memorize such a phrase, especially if she were the one to
do the pattern-matching in the first place.

So, the end result is a ten-word pass phrase that isn't hard to
learn, is only vulnerable to a brute-force attack, and would take
about a sextillion years to brute-force at a trillion encrypts per
second--and the universe is "only" a hundred billion years old.

Can anybody suggest how to implement this? Can a computer program
suggest mnemonics that would mean anything to a person? Even if the
computer gives the user a screenful of such? Or, how about giving a
screenful of "words," and letting the user mix-n-match?

Obviously, you would need a real random number generator and a
secure terminal for all this.

Maybe it's time for me to write some code....

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.





From nobody at soda.berkeley.edu  Mon Jul 11 21:22:46 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Mon, 11 Jul 94 21:22:46 PDT
Subject: Gov't eyes public-key infrastructure
Message-ID: <199407120422.VAA07596@soda.berkeley.edu>



 
extracted from:
 
Network World
volume 11, number 28
July 11, 1994
 
page 8, page 63
 
 
Gov't eyes plans for a public-key infrastructure
 
by Ellen Messmer
 
 
Federal agencies are mulling how to set up procedures and policy
guidelines for linking a user's identity to that person's public-key
digital signature, but costs and liability issues in certifying users
are presenting obstacles.
 
The U.S. government intends to operate a public-key certification
system for government users that will also serve the private sector,
as well. But a report just completed by Mitre Corp. for the National
Institute of Standards and Technology (NIST) puts the price tag at
$1 billion for the start-up of the government alone, with a possible
$2 billion annual operational cost for managing certificate-revocation
lists.
 
Users can sign and verify electronic documents using unique digital
signatures based on a secret cryptography key, but security experts
have long recognized that a certification system is needed so keys can
be revoked if the key is stolen or a person changes jobs.
 
According to Mitre's report, "The Public Key Infrastructure Study,"
the role of the Policy Certification Authority (PCA) could be assumed
by either the U.S. Postal Service, the Federal Reserve Board, General
Services Administration or even private-sector organizations such as
telecommunications providers and banks (see sidebar).
 
The Postal Service is eager to step into the role, said sources at
NIST, but the high price tag for operating the X.500 directory listing
public keys and revocation lists is causing some alarm. The Postal
Service declined to comment.
 
For years, the Internet Society has contemplated setting up the same
sort of trusted certificate authority. But it got bogged down almost
exclusively because of liability concerns, said Steve Kent, chief
scientist at Bolt Beranek and Newman, Inc.
 
PCAs nevertheless spring up. Trusted Information Systems, Inc., the
Massachusetts Institute of Technology and RSA Data Security, Inc. have
all set themselves up as PCAs with different policies. Apple Computer,
Inc., which now ships RSA digital signatures as part of its operating
system, offers a computerized certification request to register public
keys with RSA.
 
But while this type of certification may be fine for use in some
commercial purchases, it would not be sufficient at Northen Telecom,
Inc. (NTI), which intends to use digital signatures in multimillion-
dollar transactions, noted Brian O'Higgins, director of security
networks at NTI.
 
O'Higgens said NTI is testing its own system for issuing digital
signature certificates to all employees. "It's easy to do within one
enterprise," O'Higgins said. "But the interenterprise applications
hasn't started to happen, and that's where a government public-key
infrastructure would help."
 
A new study on legal issues faced by the government in the effort
warns that a federal certificate authority must establish strict
equipment and personnel requirements for the certificate-issuance
process and accept some liability for improper actions.
 
The study, "Federal Certification Authority Liability and Policy,"
authored by Michael Baum, principal at Independent Monitoring in
Cambridge, Mass., points out that the federal government can claim
sovereign status protecting it from lawsuits.
 
But in his report, Baum notes that the commercial sector will not be
ready to accept public-key certificates issued by the government for
use in electronic commerce unless the government accepts some
liability for its actions.
 
"This is the foundation on which electronic commerce will be built,"
he said.
 
Setting clear security for both the equipment and personnel involved
is issuing public-key certificates make sense, added O'Higgins.
 
"We absolutely have to have a security policy in this," he said.
 
 
 
(side bar)
 
    PKI pyramid lexicon
 
Policy Approving Authority (PAA)
 Creates overall guidelines for the Public
 Key Infrastructure and may also certify
 PCA public keys.
 
Policy Certification Authority (PCA)
 Establishes policy for all certification
 authorities and users within its domain,
 and approves CA public keys.
 
Certification Authority (CA)
 Certifies public keys for users in a manner
 consistent with PCA and PAA policies.
 
Organizational Registration Authority
 Acts as an intermediary between a CA and a
 user to vouch for the identity and affiliation
 of the user.
 


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%ES^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%2MQ&K,"#9W2V4M]H[VQ^
MB5V0!,$C6Y;FGL-L!")=HM/1UHHCI^%&V6:;UA,A]6>#S_D/01M'@Q/1-:(\
$ET'N,P``
====Encrypted-Sender-End====





From tcmay at netcom.com  Mon Jul 11 21:56:09 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 11 Jul 94 21:56:09 PDT
Subject: ****Customs Goes For Encryption -- And It's Not Clipper 07/11/94 (fwd)
In-Reply-To: <199407120328.UAA07945@netcom12.netcom.com>
Message-ID: <199407120425.VAA00763@netcom10.netcom.com>



> This brings to mind the fact that govornment agencies, as well as
> private citizens, can be the victims of wiretap abuse. I would find it
> hard to beleve that the TLA's aren't keeping tabs on each other. 
> 
> Is there other evidence of non-acceptance of clipper by U.S. Gov. agencies?
> 
> JJH

EES is not approved for any classified use, as I understand. TRhat
covers a lot of government communication.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From karn at qualcomm.com  Tue Jul 12 02:03:57 1994
From: karn at qualcomm.com (Phil Karn)
Date: Tue, 12 Jul 94 02:03:57 PDT
Subject: Gov't eyes public-key infrastructure
In-Reply-To: <199407120422.VAA07596@soda.berkeley.edu>
Message-ID: <199407120904.CAA04325@servo.qualcomm.com>


>The U.S. government intends to operate a public-key certification
>system for government users that will also serve the private sector,
>as well. But a report just completed by Mitre Corp. for the National
>Institute of Standards and Technology (NIST) puts the price tag at
>$1 billion for the start-up of the government alone, with a possible
>$2 billion annual operational cost for managing certificate-revocation
>lists.

All in all, I'd say this is a pretty good argument for PGP's web of trust
model...

Phil





From cdodhner at PrimeNet.Com  Tue Jul 12 02:31:55 1994
From: cdodhner at PrimeNet.Com (Christian Odhner)
Date: Tue, 12 Jul 94 02:31:55 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <199407112051.AA28356@laurel.ocs.mq.edu.au>
Message-ID: <Pine.3.89.9407111450.B1433-0100000@usr1.primenet.com>


On Tue, 12 Jul 1994, Ian Farquhar wrote:

> On the subject of network monitoring, Bruce posted a copy of an NSA
> technology transfer which described a database searching algorithm
> that looked fairly sophisticated (I don't have the actual posting
> handy.)  Did anyone (Bruce?) obtain a copy of the algorithm, and if
> so, were there any distribution limitations on it?  It looked like
> just the thing that the NSA would use as their "watchword" scanner,
> and even if not, it looked like a very useful design all the same.

The NSA algorithm involved didn't use keywords. It was way more powerfull 
than that, able to sort text samples into arbitrary catagories based on 
examples of text that you give it. It doesn't use any keywords or grammer 
recognition, it doesn't even matter what language you feed it.

They refused to give me a copy, they are trying to make a buck by 
licensing it commercialy. I tried to ask about what it costs to get a 
license, and they asked what company I was representing, and I told them 
I was representing myself, and they stonewalled me. Looks like they don't 
think I have the money they want. (they're probably right about that btw...)

Happy Hunting, -Chris.

____________________Please note the change of address.________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner at primenet.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
--------------------Please note the change of address.------------------------






From gtoal at an-teallach.com  Tue Jul 12 05:08:40 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 12 Jul 94 05:08:40 PDT
Subject: ****Customs Goes For Encryption -- And It's Not Clipper 07/11/94 (fwd)
Message-ID: <199407121207.NAA23548@an-teallach.com>


Isn't that the same information 'Random Hoser' posted last week from
some 'PR Newswire' thing?  Not like clarinet to be so behind with the
news...  (I believe the Customs announcement was July 6th)

Still, it's nice to hear it again with copyright permission this time.
Maybe I'll just run over to my newsspool and delete the other article now
that I don't need it any more.

G





From gtoal at an-teallach.com  Tue Jul 12 05:16:09 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 12 Jul 94 05:16:09 PDT
Subject: Idle question...
Message-ID: <199407121215.NAA23719@an-teallach.com>


	From: Ian Farquhar <ifarqhar at laurel.ocs.mq.edu.au>

	I was compiling a list of crypto algorithms the other night, trying to
	produce a library of description documents for the algorithms, and an
	interesting but idle question hit me: what ever happened to RC1, RC3,
	MD1, MD3, A1, A2, A4, A6, and A7?

	Just wondering if anyone knows...

								Ian.

Any reason why you left out A5 above? :-) ...

>From gtoal Mon Jun 20 14:35:50 1994
To: cypherpunks at toad.com
Subject: Didn't anyone note the A5 posting?
X-Phone: +44 31 662 0366
X-Fax: +44 31 662 4678
X-Organisation: An Teallach Limited
Status: RO

Didn't anyone notice that someone posted a putative source code for
the secret A5 algorithm as used in GSM phones?  (It was on sci.crypt
xposted to uk.telecom, on Friday).  Seems someone was going to give
a talk on ways of hacking the algorithm, at some university, and he
got stomped on by CGHQ.  So another guy has come out in sympathy and
posted his reconstruction of the algorithm in C as reverse engineered
from a hardware description he received in a plain brown envelope!

This is *significantly* more of a coup on the net that the NSA handbook.

Now, all I need is for you guys to explain coherently *why* it's a
good coup and what the political implications are, and I'll feed the
story to the UK press.  (I don't think anyone here has it yet...)

G





From adam at bwh.harvard.edu  Tue Jul 12 06:58:53 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Tue, 12 Jul 94 06:58:53 PDT
Subject: Idle question...
In-Reply-To: <199407121215.NAA23719@an-teallach.com>
Message-ID: <199407121357.JAA24521@duke.bwh.harvard.edu>




| Now, all I need is for you guys to explain coherently *why* it's a
| good coup and what the political implications are, and I'll feed the
| story to the UK press.  (I don't think anyone here has it yet...)

	It is a coup because it means that codes released to the
public do get reverse engineered.  The release of A5 bodes poorly for
Skipjack.  If the NSA wants Skipjack to remain secret, they can not
release it, in hardware or software.

	Cyphers to be used by the public will be studied and
understood.  The public no longer trusts governments to be honest.  In
the USA, this is a result of our free press printing things like the
Pentagon papers, where the government documented the fact that it lied
to us, systematically, for years.

	We do not trust the NSA, the ATF, or the DEA with our privacy.
They have repeatedly shown they will try to push the boundaries of
what is acceptable to get at people they don't like.  Just ask CISPES,
the Branch Dividians, or Rev. Aceyne (sp?) Williams widow.

Adam


(CISPES is the Committee in Solidarity with the People of El Salvador,
a left wing group working in support of the revolutionaries of El
salvador.  The FBI monitored, infiltrated, and harrassed them for 5
years with no evidence that they were breaking any law.  The Davidians
everyone knows.  Rev. Williams (age 77) was killed by Boston drug
police who burst into the wrong apartment, threw him to the floor, and
gave him a heart attack.  (In the newspapers Thanksgiving Day, 1993))

-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From paul at poboy.b17c.ingr.com  Tue Jul 12 07:33:16 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Tue, 12 Jul 94 07:33:16 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <199407112051.AA28356@laurel.ocs.mq.edu.au>
Message-ID: <199407121432.AA10892@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> On the subject of network monitoring, Bruce posted a copy of an NSA
> technology transfer which described a database searching algorithm
> that looked fairly sophisticated (I don't have the actual posting
> handy.)  Did anyone (Bruce?) obtain a copy of the algorithm, and if
> so, were there any distribution limitations on it?  It looked like
> just the thing that the NSA would use as their "watchword" scanner,
> and even if not, it looked like a very useful design all the same.

I took the time to contact the "office symbol" listed in the NSA
announcement. The NSAoid's name was Dennis Sysko. He was a little
nonplussed that Bruce had posted the announcement.

I was required to write a letter to them, on Intergraph letterhead,
requesting further information; after receiving it, Sysko promised to
send me an NDA that I could sign and return to get further
information.

Someone else posted in t.p.c that they'd sent in a letter and been
told that NSA would not license this technology to individuals. That
sort of echoes the argument that there are some munitions appropriate
for government but not for individuals.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | "Information is the currency of democracy."
perobich at ingr.com           |     - some old guy named Thomas Jefferson
	       Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiKphqfb4pLe9tolAQG8lgP8CjSOkoIppXrMie5kLJqH4HiMIFS/jPbH
woj8Lb0yPVAaf2qMDuVx/wKpgYjXToaeeEBk7rzQshqeL4SrqQKgXEl2tyn0B2Nk
fuM0dI3onmyEldDk3zQnCLNGZiDMRKS7REwAgpN5fqzEuvc1HIV/kwE4FEddP9W9
5d5GXBC8OxA=
=/syA
-----END PGP SIGNATURE-----





From pdn at msmail.dr.att.com  Tue Jul 12 07:39:30 1994
From: pdn at msmail.dr.att.com (Philippe Nave)
Date: Tue, 12 Jul 94 07:39:30 PDT
Subject: Modems that variate speed
Message-ID: <2E22A8EF@mspost.dr.att.com>



Sorry I can't attribute the quote properly; Microsloth Mail strikes
again...

> [modems that change speed in mid-transmission proposed as a
>  defense against wiretap]
>
> Aaron

This would probably thwart someone trying to tap the data stream
in real time, assuming that the speed changes caught the snooper
by surprise, but I don't think that real-time data traps are the
real problem. Someone who went to the effort of listening in on
your transmission would probably record the whole session on
tape; then, they could map the speed changes and pick up all the
data at their leisure later on. I would speculate that a really
good DAT deck could record the modem session well enough to give
your opponent all the time he needs to figure out the speed shifts
and pick up the data.

   -Philippe









From patrick at CS.MsState.Edu  Tue Jul 12 08:35:42 1994
From: patrick at CS.MsState.Edu (Patrick G. Bridges)
Date: Tue, 12 Jul 94 08:35:42 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <199407121432.AA10892@poboy.b17c.ingr.com>
Message-ID: <9407121535.AA16695@Walt.CS.MsState.Edu>


So, what about FOIA requests? Is the algorithm 
classified SECRET or some such nonsense? If you can
get hold of it (as a company) without a clearance,
couldn't someone just file a Freedom of Information 
Act request for the document?


*** Patrick G. Bridges  		patrick at CS.MsState.Edu ***
***      PGP 2.6 public key available via finger or server     ***
***             PGP 2.6 Public Key Fingerprint:		       ***
***      D6 09 C7 1F 4C 18 D5 18  7E 02 50 E6 B1 AB A5 2C      ***
***                #include <std/disclaimer.h>		       ***





From B858JT at UTARLVM1.UTA.EDU  Tue Jul 12 08:41:46 1994
From: B858JT at UTARLVM1.UTA.EDU (John Thomas)
Date: Tue, 12 Jul 94 08:41:46 PDT
Subject: Validating IDEA
Message-ID: <9407121541.AA29010@toad.com>


Does anyone know if there is a validation suite for the IDEA
cipher?  I want to be able to verify an implementation on
the TMS320 digital-signal processor.

The NIST has such a test suite for the DES, but I haven't heard
anything about IDEA.

John A. Thomas
b858jt at utarlvm1.uta.edu
75236.3536 at compuserve.com
PGP public key fingerprint:
80 21 D7 35 65 74 C8 9D 23 DB 29 78 8E 31 05 4D





From perry at imsi.com  Tue Jul 12 08:49:46 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 12 Jul 94 08:49:46 PDT
Subject: Validating IDEA
In-Reply-To: <9407121541.AA29010@toad.com>
Message-ID: <9407121549.AA11358@snark.imsi.com>



John Thomas says:
> Does anyone know if there is a validation suite for the IDEA
> cipher?  I want to be able to verify an implementation on
> the TMS320 digital-signal processor.
> 
> The NIST has such a test suite for the DES, but I haven't heard
> anything about IDEA.

Take the PGP IDEA code and produce some test cases for yourself...

Perry





From berzerk at xmission.xmission.com  Tue Jul 12 09:10:19 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 12 Jul 94 09:10:19 PDT
Subject: Idle question...
In-Reply-To: <199407121215.NAA23719@an-teallach.com>
Message-ID: <Pine.3.89.9407121004.A16378-0100000@xmission>




On Tue, 12 Jul 1994, Graham Toal wrote:
> Subject: Didn't anyone note the A5 posting?
Does anyone have a copy of this posting?







From exabyte!gedora!mikej2 at uunet.uu.net  Tue Jul 12 09:46:14 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Tue, 12 Jul 94 09:46:14 PDT
Subject: Security for under a buck fifty
In-Reply-To: <Pine.3.89.9407112119.A22909-0100000@Tux.Music.ASU.Edu>
Message-ID: <Pine.3.89.9407121039.A10838-0100000@gedora>




>... 
> I got that number by grabbing handfuls of pennies out of a pile of
> 132--a true random number generator that cots less than
> breakfast--though, I will admit that it's somewhat cumbersome.
> 
> But a number can be represented in many different ways. Create a
> six-bit character set, filling from 000000 to 111111 with a-z, A-Z,
> 0-9, . [period], and - [hyphen]. Now, the key becomes:
> 
> Mx1SmVYpMrbp3mI-sYthaX
> 
> Not impressed yet? Try using the human brain's wonderful talent for
> seeing patterns in randomness. If your mind just happened to work
> exactly like mine, you would get:
> 
> Mx1 misSiles moVe Yp; Mr. bop of 3m I-s Yt haX. [Yt as in the
> element.]
> 
> I would suggest that it would only take the average person a minute
> or two to memorize such a phrase, especially if she were the one to
> do the pattern-matching in the first place.
>... 
> Can anybody suggest how to implement this? Can a computer program
> suggest mnemonics that would mean anything to a person? Even if the
> computer gives the user a screenful of such? Or, how about giving a
> screenful of "words," and letting the user mix-n-match?

I already do this -- except that I use a keystroke- timing program for 
the true random source, and I do the mnomonic generation with my brain 
instead of the program.  My program just converts the random numbers to 
uniformly distributed printable ASCII (values between space and del), for 
a little more entropy than 6 bits per character.

A more automated way to generate a pass phrase might be to convert every 
16 bits of random numbers to one of 65536 words and names in your 
favorite languages.  That way, you would have real words to memorize, but 
in a strange order.  For example, a 128 bit key might be:
tree elephant action roof xymurgy eight top slash.

You could try to think of some story to link the 8 originally unrelated 
words together and help you to remember it.







From exabyte!gedora!mikej2 at uunet.uu.net  Tue Jul 12 10:11:27 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Tue, 12 Jul 94 10:11:27 PDT
Subject: Gov't eyes public-key infrastructure
In-Reply-To: <199407120904.CAA04325@servo.qualcomm.com>
Message-ID: <Pine.3.89.9407121050.B10838-0100000@gedora>



> >The U.S. government intends to operate a public-key certification
> >system for government users that will also serve the private sector,
> >as well. But a report just completed by Mitre Corp. for the National
> >Institute of Standards and Technology (NIST) puts the price tag at
> >$1 billion for the start-up of the government alone, with a possible
> >$2 billion annual operational cost for managing certificate-revocation
> >lists.
> 
> All in all, I'd say this is a pretty good argument for PGP's web of trust
> model...

I agree.  The web of trust still allows for key certification by some 
central authority -- but I get to choose which central authorities I wish 
to believe (and pay for).





From gtoal at an-teallach.com  Tue Jul 12 10:12:13 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 12 Jul 94 10:12:13 PDT
Subject: Who was offering to run mailing lists?
Message-ID: <199407121708.SAA29653@an-teallach.com>


Someone offered recently to host mailing lists... the guys below have
hit a real problem and desparately need a new home.  I know it's not
directly a cypherpunk list (though they might in the future be persuaded
to work encryption into their system ;-) ) but it's a good cause and
damn good free software.

If you're the person who offered, could you mail the guy below 
directly, or mail me by reply if that's easier.

Thanks

G
PS There are several hundred people on the list, and traffic is heavier
than on cypherpunks!
PPS It's for a public-domain server that lets you mount lanmanager (DOS,
Windows) filing systems on unix - a free alternative to buying a commercial
NFS package for DOS.

Reply-To: netbios at arvidsjaur.anu.edu.au
Date: Mon, 11 Jul 94 17:59:55 EST
From: Karl Auer <Karl.Auer at anu.edu.au>
Subject: Mailing list being suspended!

I have just spoken with the system administrator for the Samba mailing list.
We currently have load problems on the machine hosting the list. Samba mail
appears to be dominating all other list processing in terms of volume.

The mail systems are needed for real work, so Samba at anu.edu.au is being
suspended as of 17:00 AEST today, 11/8/94.

We may be able to rehost the list, but I'm not counting on it. If there is a
site out there that would like to host this list, we would be happy to
forward the subscriber list.

Regards, K.

==================================================================
Karl Auer                          Microcomputer Support Group
Karl.Auer at anu.edu.au               Computer Services Centre
+61-6-2494627                      Australian National University





From gtoal at an-teallach.com  Tue Jul 12 11:14:39 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 12 Jul 94 11:14:39 PDT
Subject: Idle question...
Message-ID: <199407121813.TAA01976@an-teallach.com>


Roger Bryner wrote:
	On Tue, 12 Jul 1994, Graham Toal wrote:
	> Subject: Didn't anyone note the A5 posting?
	Does anyone have a copy of this posting?

Before I get many more requests for this - I'm sorry, I don't seem
to have a copy.  I could have sworn I saved it but I've spent all
morning grepping my disk and it just ain't there.  Coincidence or
Conspiracy - you make the call ;-)

G
PS If anyone has a *big* newsspool, look in uk.telecom or sci.crypt
somewhere between 17th and 21st June.






From s009amf at discover.wright.edu  Tue Jul 12 11:29:08 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Tue, 12 Jul 94 11:29:08 PDT
Subject: Modems that variate speed
In-Reply-To: <2E22A8EF@mspost.dr.att.com>
Message-ID: <Pine.3.89.9407121344.A1015-0100000@discover>


On Tue, 12 Jul 1994, Philippe Nave wrote:

> This would probably thwart someone trying to tap the data stream
> in real time, assuming that the speed changes caught the snooper
> by surprise, but I don't think that real-time data traps are the
> real problem. Someone who went to the effort of listening in on
> your transmission would probably record the whole session on
> tape; then, they could map the speed changes and pick up all the
> data at their leisure later on. I would speculate that a really
> good DAT deck could record the modem session well enough to give
> your opponent all the time he needs to figure out the speed shifts
> and pick up the data.
> 
>    -Philippe

Then the efforts would be wasted. Hmmm... There has to be a way to keep 
people from snooping on our lines. I guess PGP and other methods like it 
will be the only way...

Aaron



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=








From tcmay at netcom.com  Tue Jul 12 12:13:57 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 12:13:57 PDT
Subject: Idle question...
In-Reply-To: <199407121813.TAA01976@an-teallach.com>
Message-ID: <199407121914.MAA02955@netcom12.netcom.com>


(By the way, I typed "r" to reply, and was pleased to see
cypherpunks at toad.com as the recipient, not Graham Toal. Looks like
some welcome changes have occurred.)


> G
> PS If anyone has a *big* newsspool, look in uk.telecom or sci.crypt
> somewhere between 17th and 21st June.

I used to know the ftp site that had archives of all sci.crypt
articles. If it's still active, anybody know what it is?

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From harmon at tenet.edu  Tue Jul 12 12:35:58 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Tue, 12 Jul 94 12:35:58 PDT
Subject: NSA technology transfer (fwd)
Message-ID: <Pine.3.89.9407121441.B1198-0100000@Joyce-Perkins.tenet.edu>



I'm reposting this in response to a few recent posts inquiring about the 
NSA flyer.

---------- Forwarded message ----------
Date: Tue, 14 Jun 1994 00:21:30 -0500 (CDT)
From: Dan Harmon <harmon at tenet.edu>
To: cypherpunks at toad.com
Subject: NSA technology transfer


The following was posted on the list in the middle of May.  Being 
curious I called the number list at Ft. Meade. The person on who answered
was real shaken, for lack of a better term, that I called, it seems that 
this was the second inquiry that day.  He wanted to know various things, like
where did I get the information, was my name Bruce....  After a few minutes
he finally took my name and said, to call him in a week to 10 days if I 
did not here from him.  A few day later he called and said I needed to 
send a letter to expressing my interest in the technology.  About 10 ten days
after that I called to inquire if he received my letter and what was the 
next step.  It seems that there had been quite a few requests and that they were
trying to determine whether or not they were going to allow the 
technology to be transferred to individuals. The person said to call back  
in 4 or 5 days.  I called today and they said in essence that they 
were not going to let individuals have a shot at it.  They said that they 
were going to charge stiff license fees, that you would need to show a 
plan of how you were going to develop the product.....  You get the 
point.

It is obvious that they really don't want to transfer the technology.  And if
they do it will be to someone with deep pockets and who they like.

I wonder where the fees that they want to charge will go, to the 
general treasury or to their own budget? 

More later.

Dan Harmon

On Thu, 19 May 1994, Anonymous wrote:

> 
> 
> Newsgroups: sci.crypt,alt.security,alt.privacy
> From: schneier at chinet.chinet.com (Bruce Schneier)
> Subject: "Interesting Stuff" Checkers at the NSA
> Message-ID: <Cq2934.q0 at chinet.chinet.com>
> Organization: Chinet - Public Access UNIX
> Date: Thu, 19 May 1994 17:40:15 GMT
> 
> This is from a flyer that NSA people have been distributing:
> 
>      NATIONAL SECURITY AGENCY --  TECHNOLOGY TRANSFER
> 
>      Information Sorting and Retrieval by Language or Topic
> 

rest elided






From tcmay at netcom.com  Tue Jul 12 13:04:11 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 13:04:11 PDT
Subject: Modems that variate speed
In-Reply-To: <Pine.3.89.9407121344.A1015-0100000@discover>
Message-ID: <199407121925.MAA04505@netcom12.netcom.com>



> Then the efforts would be wasted. Hmmm... There has to be a way to keep 
> people from snooping on our lines. I guess PGP and other methods like it 
> will be the only way...
> 
> Aaron


End-to-end security, such as with ciphers, is infinitely preferable to
kludges and half-hearted attempts at security through obscurity such
as making modem tapping every so slightly harder than it is now.

Tricks like modem speed varying would be cumbersome to implement,
would require pre-arrangement of the pattern to be used, etc. Just not
very strong. (A bit like frequency-hopping/spread-spectrum, which has
aspects of crypto systems, as I'm sure Phil Karn can tell us about.
But at best a one-time pad and at worst a weak cipher.)

End-to-end encryption is much cleaner, stronger, and allows the public
key methods of incalculable importance. 

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From collins at newton.apple.com  Tue Jul 12 13:10:26 1994
From: collins at newton.apple.com (Scott Collins)
Date: Tue, 12 Jul 94 13:10:26 PDT
Subject: tamper-proof p-code
Message-ID: <9407122009.AA05453@newton.apple.com>


Ray,

  Ray->In your essay, you overlook the use of pseudo-code interpreters
  > and cryptographic code mangling.

No I don't.  In fact, I specifically mention the latter.

  Ray->It is not possible to make software
  > unconditionally tamper proof, but it is possible to make it hard [...]

  Ray->If crackers had to alter just 10% of an
  > application to get it to work unprotected, I think that would be a
  > sufficient deterrent to most of them.

I agree!  I even said this in the final paragraph:

  Scott->The attack might not be cheap!  But people will do it if the
  >reward exceeds the cost.


Some of the things you mention would make a program very expensive to
`crack'.  However, as we both said: just expensive, not impossible.  It
certainly might be expensive enough to stop the particular class of attacks
you have in mind.

Your notes about remote trusted systems (e.g., Telescript) are accurate.
The difference they introduce into the scenario is that execution is no
longer under control of the attacker, and in fact the attacker can have a
piece of software that `runs', but may only run after being unlocked on the
trusted system, with the private key of the trusted system.  I specifically
mentioned and excluded this class of problems from my argument.

However, you also say:

  Ray->Here, the problem is that the code is never "decrypted" in
  >the first place.

  Ray->Imagine the task of having to create a plaintext which will generate
  > a certain MD5 hash.

No.  The code is decrypted.  It does get to the CPU.  The CPU does execute
instructions belonging to the `actual functionality' of the software.
Comparing this to finding a text with a given hash is not accurate.  (Maybe
it is accurate if the attacker tries to get between the interpreter and the
byte-codes; but not if the attacker just stands behind the CPU.)

Either the CPU gets to see the final instructions or it doesn't.  If it
never sees them it is because the program doesn't or won't run in the first
place.  I exempted this situation from my argument.  The attacker must have
at least one working copy of the software.  If the CPU _does_ see the
instructions, then the secret is out, no matter how difficult it is to
capture it ... it's still only difficult, not impossible.  My argment is
about communication, not about programming.  Like the old joke:

  A: "Would you sleep with me for a million dollars?"
  B: "...uh, sure.  Yeah, I'll sleep with you for a million bucks."
  A: "Would you sleep with me for twenty dollars?"
  B: "What do you think I am?!"
  A: "I know what you are!  Now we're just haggling for a price."

The quality and effectiveness of `protection code' (under the conditions I
gave) can never amount to anything more than `haggling for a price'.  I
think you already understand and agree with this.  The price might actually
be as much as $1,000,000.00; which could be sufficient deterrent.  To that
end, the tamper-proofing will have succeeded.

Your p-code (maybe `protected-code') proposal could be a viable product.
Don't stop.  After all, none of DES, IDEA, and RSA, are unconditionally
secure, and they serve us well.

Cheers,

Scott Collins     | "Invention, my dear friends, is 93% perspiration,
                  |  6% electricity, 4% evaporation, and 2% butter-
  collins at acm.org |  scotch ripple."                   -- Willy Wonka
..................|..................................................
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
408.862.0540   fax:974.6094   R254(IL5-2N)   collins at newton.apple.com
.....................................................................
408.257.1746  1024:669687                         catalyst at netcom.com







From jim at bilbo.suite.com  Tue Jul 12 13:10:28 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 12 Jul 94 13:10:28 PDT
Subject: sci.crypt archive ftp site
Message-ID: <9407122006.AA09247@bilbo.suite.com>




There's one at 


       ftp://rpub.cl.msu.edu/pub/crypt/sci.crypt

But I just looked and it only has up to April 94.

By the way, everybody should check out

     http://www.quadralay.com/www/Crypt/Crypt.html
     ftp://furmint.nectar.cs.cmu.edu/security/README.html


These are two budding cypherpunks WWW sites.  Somebody's been busy.

"Cypherpunks weave Webs!"


Jim_Miller at suite.com





From Ben.Goren at asu.edu  Tue Jul 12 13:23:06 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Tue, 12 Jul 94 13:23:06 PDT
Subject: Security for under a buck fifty
Message-ID: <aa489e5f0202101e958d@[129.219.97.131]>


At 9:42 AM 7/12/94, Mike Johnson second login wrote:
>>[Ben.Goren at asu.edu [me] wrote about generating pass phrases from
>>true random numbers, mapping into a character set, creating mnemonics.]
>
>I already do this -- except that I use a keystroke- timing program for
>the true random source, and I do the mnomonic generation with my brain
>instead of the program.  My program just converts the random numbers to
>uniformly distributed printable ASCII (values between space and del), for
>a little more entropy than 6 bits per character.

The tradeoff is between number of characters needed (length of passphrase)
and diversity of character set. I'd probably have better luck with the
mnemonic if I didn't have to fit in a whole string of %*$@!, but that
should probably be a user setting.

>A more automated way to generate a pass phrase might be to convert every
>16 bits of random numbers to one of 65536 words and names in your
>favorite languages.  That way, you would have real words to memorize, but
>in a strange order.  For example, a 128 bit key might be:
>tree elephant action roof xymurgy eight top slash.
>
>You could try to think of some story to link the 8 originally unrelated
>words together and help you to remember it.

Another possibility: have a dictionary of different parts of speech and
assemble them in order. For a short example, each passphrase could be in an
order such as:

Article adjective modifier noun verb article adjective modifier noun.

Our favorite would fit: The quick brown fox jumps over the very lazy dog.

This looses entropy (Mallet knows the order, and probably the dictionaries)
and so you would want either a longer sentence or some other modification,
like random--not decided by the person--capitalization or character
substitution. Or have two sentences: The quick brown fox jumps over the
very lazy dog; a lovely ermine glove fits into the hazy slumping bucket.

Figure thirteen bits each with dictionaries of ten thousand each
adjectives, modifiers, nouns, and verbs--your final dictionary would be 40
thousand words, total; you'd need about ten words to get 128 bits. Make
that two shorter--eight word--sentences, restricted to easy-to-remember
orderings, and you've more than made up for whatever entropy was lost in
having a known structure.

Umph. I think I need to start making time to write code, if I want to see
this work.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From pcw at access.digex.net  Tue Jul 12 13:29:29 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Tue, 12 Jul 94 13:29:29 PDT
Subject: Gov't eyes public-key infrastructure
Message-ID: <199407122029.AA13106@access2.digex.net>


>>The U.S. government intends to operate a public-key certification
>>system for government users that will also serve the private sector,
>>as well. But a report just completed by Mitre Corp. for the National
>>Institute of Standards and Technology (NIST) puts the price tag at
>>$1 billion for the start-up of the government alone, with a possible
>>$2 billion annual operational cost for managing certificate-revocation
>>lists.
>
>All in all, I'd say this is a pretty good argument for PGP's web of trust
>model...

Especially given that urban folklore about everyone being only 5 hops away
on the network of life. I.e. Everyone is a friend of a friend of a friend of
a friend of a friend of anyone else. This was sort of troped upon in "6 degrees
of Separation", the John Guare movie/play. 

If anyone had any concrete data about this, then it might be interesting to 
calculate the optimum number of people you should get to cosign your public
key. 
Anyone remember enough about Ramsey numbers and Graph Theory? 

-Peter

>
>Phil







From ebrandt at jarthur.cs.hmc.edu  Tue Jul 12 13:57:03 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Tue, 12 Jul 94 13:57:03 PDT
Subject: Gov't eyes public-key infrastructure
In-Reply-To: <199407122029.AA13106@access2.digex.net>
Message-ID: <9407122056.AA04388@toad.com>


> From: pcw at access.digex.net (Peter Wayner)

> Especially given that urban folklore about everyone being only 5 hops away
> on the network of life. I.e. Everyone is a friend of a friend of a friend of
> a friend of a friend of anyone else.

The factoid I heard was that if we're randomly chosen people, there
a ~99% chance that I have a friend who has a friend who's your friend.
Dropping one hop, to require us to have a friend in common, reduces
the probability to something very small.

   Eli   ebrandt at hmc.edu

But I probably heard this from a FOAF.






From mech at eff.org  Tue Jul 12 14:10:17 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 12 Jul 94 14:10:17 PDT
Subject: space contractors must use only "approved" encryption devices?
Message-ID: <199407122109.RAA28866@eff.org>


[The person that forwarded to us noted: "It is relevant to the
current efforts regarding encryption systems, specifically, it is the
first instance that I have seen where the Federal Government will
require non-government entities to use only government approved
encryption...So much for the contention that no one would be forced to use
Clipper."]

Please note that the included article was NOT written by the person
who actually posted it to the network.  The author currently does not
have Internet access, and has had to have a friend-of-a-friend post it
for him.  See the note from Bill Higgins just after the headers below.

 From: higgins at fnalv.fnal.gov (Bill Higgins-- Beam Jockey)
 Newsgroups: sci.space.policy
 Date: 28 Jun 94 19:49:02 -0600
 Organization: Fermi National Accelerator Laboratory
 
 [Wales Larrison has been off the Net for a while and still can't post.
 But, through a friend's account, he has managed to send me a fresh
 installment of his  commercial-space newsletter.  Glad to help post
 it. This is part 1 of three parts.  --Bill Higgins]
 
 SPACE TECHNOLOGY INVESTOR/COMMERCIAL SPACE NEWS -- No. 24
 
[edited for brevity]
 3- US COMMERCIAL REMOTE SENSING POLICY FINALLY SET
    On 9 March, the Clinton administration finally released the official
 administration policy on commercial collection and sale of high-
 resolution satellite images.  This policy allows the US Department of
 Commerce to license U.S. companies to operate private remote sensing
 space systems and sell images from those systems to domestic and foreign
 customers.  Notably, it sets no limits on the resolution of imagery that
 can be sold.
    Under this policy, US firms desiring to operate such space systems
 must apply for a license from the Department of Commerce, in accordance
 with the Land Remote Sensing Policy Act of 1992.  To get a license, each
 firm must:
    - maintain a record of all satellite tasking for the previous year
 and to allow the US government access to this record.
    - operate the satellite in accord with the characteristics submitted
 in the license application (although changes can be submitted for
 approval)
    - obtain appropriate export licenses for foreign sales of data or
 hardware.  This specifically includes transfer of export sensitive
 components, subsystems, and information concerning remote sensing space
 capabilities which are on the US Munitions Control List.  Transfer of
 such sensitive technology can be made available to foreign entities only
 on the basis of a government-to-government agreement.
[*****************************************************************]
    - use only approved encryption devices, since the US government
 retains the right to deny unauthorized access to this data to others
 during periods when national security, international      obligations
 and/or foreign policies may be compromised (as provided for under the
 LRS Policy Act).
[*****************************************************************]
    - use a data downlink format that allows the US Government access and
 use of the data during periods when national security, international
 obligations and/or foreign policies may be      compromised (also as as
 provided for in the Act).
    - allow the US government to limit data collection and/or
 distribution when national security or international obligations and/or
 foreign policies may be compromised.  Such a limitation may only be
 imposed when the Secretary of Defense or the Secretary of State, and the
 Secretary of Commerce agree to this.  Any such decision can be appealed
 directly to the President.
    - Pursuant to the Land Remote Sensing Policy Act of 1992, licensees
 must notify the government of intentions to enter to significant
 agreements with foreign customers.
    Under these policy guidelines, a license to Lockheed for a high-
 resolution space remote sensing satellite was granted on 22 March.
    [Commentary:  I was starting to wonder if any more of the commercial
 remote sensing licenses would make it through the licensing system.
 Lockheed originally submitted their license application back in June of
 1993, and under the statues which govern the licensing process, they
 were supposed to have had a ruling on their license within 120 days.
    The policy apparently hung up until the National Security Council (in
 particular the State Department, DoD, and CIA) could come to an
 agreement about how to handle such data in times of crisis.  The concern
 expressed was legitimate -- similar data could have compromised US and
 allied forces during another situation like Saddam's War in Kuwait/Iraq.
 During that crisis, SPOT and Landsat voluntarily limited access to data
 from the Middle East -- but everyone involved recognized some procedure
 needed to be agreed upon and put in place rather having to work the
 situation on an ad-hoc basis.
    The commercial firms planning for high-resolution commercial remote
 sensing systems seem to fairly pleased with the new policy, and other
 announcements of license filings are rumored to be in the works.  (See
 below.)]






From mech at eff.org  Tue Jul 12 14:53:07 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 12 Jul 94 14:53:07 PDT
Subject: Administration Buys Off EES Patent Holder (fwd)
Message-ID: <199407122152.RAA00151@eff.org>


Date: Mon, 11 Jul 1994 14:53:56 -0700
From: "Brock N. Meeks" <brock at well.sf.ca.us
To: com-priv at psi.com
Subject: White House Pays
 
CyberWire Dispatch // Copyright (c) 1994 // July 11 //
 
Jacking in from the "Blank Check" Port:
 
 
Washington, DC -- The Administration will today announce it has
sidestepped the threat of patent infringement lawsuit involving its Escrow
Encryption System, commonly known as Clipper.  The solution: Toss the
original patent holder a blank check and buy him off.
 
The National Institute of Standards and Technology (NIST), the agency
walking point for the White House on its proposed encryption Clipper
encryption standard, has agreed in principle to license two key patents
relating to the technical workings of the key escrow system from patent
holder Silvio Macali, an MIT professor.
 
The government's key escrow system depends on the capturing of digital
"keys" that allow authorized law enforcement officials to unscramble
Clipper encoded speech or Capstone encoded data, including electronic mail.
Macali, as it now turns out, thought up the idea and had the moxy to patent
his scheme.   Macali's inventions detail the process whereby a digital key
is divided into pieces.  Those pieces are then held by separate "key escrow
agents" which now turn out to be hand picked government agencies;  one is
NIST the other a division of the Treasury Department.  Those keys must be
combined to successfully unlock the code that allows law enforcement
officials to listen in.
 
The license agreement effectively eliminates "concerns Macali raised about
possible infringement of his patents," said NIST spokeswoman, Anne Enright
Shepherd.  It also sidesteps a potentially ugly lawsuit in which Macali
lawyers could have uncovered all sorts of currently  unknown information
about the Clipper program.
 
According to sources familiar with the negotiations, the government's
agreement with Macali grants the Administration a nonexclusive license to
the patents for use in current implementations of Clipper and Capstone and
for future implementations, Shepherd said.
 
It's not known whether the government will make a single payment to Macali
or pay royalties.  "The procurement phase of the agreement is still
continuing," Shepherd said.  Disclosure of the amount paid to Macali and
details of the license agreement are expected to be made public sometime
early next month, she said.  That agreement, however, wont result in any
user fees, Shepherd said.
 
Questions Raised
================
 
Although the government's action today nullifies a pesky problem, it also
continues to raise serious questions about the Administration's --  and
more pointedly -- about the National Security Agency's ability to ramrod an
encryption policy that has been elevated to the status of a national
security issue.
 
Surely the NSA or NIST can dial up the U.S. Patent Office and query its
database, looking for patent conflicts.  Apparently the clock and dagger
crowd was too busy with other matters.  Arrogance or oversight?
 
"Macali made the existence of his patents known during the public comment
period," Shepherd said. "He let the government know he had some patents
that he felt were similar to some technology used by the key escrow system.
So the discussions kind of began at that point," she said.
 
Unfortunately, the "public comment" period was launched only after the
White House trotted out its Clipper policy as set in stone.  Nobody
expected Macali to piss the parade.
 
Privacy and civil liberties groups have roundly criticized the government
for developing Clipper in secrecy, not allowing public debate on the issue.
If that debate had taken place, Macali would have come forward years ago.
 
Despite the Administration's continued efforts to push Clipper into the
deep waters of the mass market, there are rumblings that it may not be
christened after all.  At very least, it may not be the only encryption
standard blessed by the government.
 
Several groups are now floating their own alternatives to the Clipper
program.  And although the National Security Agency is working behind the
scenes to sink such efforts, NIST, at least, is making the appearance of
listening.
 
Earlier this year, NIST put out a call for the Cooperative Research and
Development Agreement (CREDA), which was an effort to draw publicly
interested parties into a cooperative venture to develop a key escrow
alternative.
 
Those that came forward have now thrown off working formally with CREDA,
but have instead formed their own working group, government sources said.
Those efforts are being heard and taken seriously, according to several
government sources familiar with the discussions.  "Encryption isn't a
front page issue, but those [inside the Administration] working on this
issue are tired of being beat up over it," said a White House official.
 
Discussions on Clipper alternatives "are continuing," Shepherd said.  "And
we're still open to other alternative ideas and we're working with the
people who have presented their own ideas at this point."
 
Meeks out...




From jya at pipeline.com  Tue Jul 12 15:01:12 1994
From: jya at pipeline.com (John Young)
Date: Tue, 12 Jul 94 15:01:12 PDT
Subject: Idle question...
Message-ID: <199407122200.SAA20891@pipe1.pipeline.com>



Responding to msg by berzerk at xmission.xmission.com (Berzerk) on 
Tue, 12 Jul 10:8  AM


>On Tue, 12 Jul 1994, Graham Toal wrote:
>> Subject: Didn't anyone note the A5 posting?

>  Does anyone have a copy of this posting?


I would appreciate getting a copy of this posting also.

John Young





From adam at bwh.harvard.edu  Tue Jul 12 15:07:05 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Tue, 12 Jul 94 15:07:05 PDT
Subject: Gov't eyes public-key infrastructure
In-Reply-To: <9407122056.AA04388@toad.com>
Message-ID: <199407122206.SAA04632@bwface.bwh.harvard.edu>



| The factoid I heard was that if we're randomly chosen people, there
| a ~99% chance that I have a friend who has a friend who's your friend.
| Dropping one hop, to require us to have a friend in common, reduces
| the probability to something very small.

	The research was done by Stanley Milgram in the late 60's.
(Milgram was the guy who did the 'authority experiments' where a man
in a white coat urged subjects to deliver what they thought was a high
voltage shock to a victim.)

	He handed out books of postcards, and asked that they be
delivered to someone wiht whom he was cooperating.  (An example would
be "Reverend Joe Smith in Phoenix, Arizona).  People were asked to
pass the book on to someone they felt would be able to hand it to Rev
Smith.  At each pass, people were asked to mail in a post card.  The
average for the US was 6 post cards.

	I might be able to dig out references to this if folks really
want.

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From jya at pipeline.com  Tue Jul 12 15:13:59 1994
From: jya at pipeline.com (John Young)
Date: Tue, 12 Jul 94 15:13:59 PDT
Subject: Idle question...
Message-ID: <199407122213.SAA24370@pipe1.pipeline.com>



Responding to msg by tcmay at netcom.com (Timothy C. May) on Tue, 
12 Jul 12:14 PM

>I used to know the ftp site that had archives of all 
>sci.crypt  articles. If it's still active, anybody know 
>what it is?


>From Cyptography FAQ of July 7, quote:

Sci.crypt has been archived since October, 1991 on:

ripem.msu.edu:pub/crypt/sci.crypt/ (available only to US and 
Canadian users)

Another site is rpub.cl.msu.edu:/pub/crypt/sci.crypt/ from Jan 
1992.  End quote.





From ifarqhar at laurel.ocs.mq.edu.au  Tue Jul 12 15:19:45 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Tue, 12 Jul 94 15:19:45 PDT
Subject: NSA technology transfer (fwd)
In-Reply-To: <Pine.3.89.9407121441.B1198-0100000@Joyce-Perkins.tenet.edu>
Message-ID: <199407122219.AA28875@laurel.ocs.mq.edu.au>


>It is obvious that they really don't want to transfer the technology.  And if
>they do it will be to someone with deep pockets and who they like.

Which rather gives one the impression that the technology transfer program
was forced from above, rather than being their own initiative.

Two suggestions:

1. See your local Congress-critter, and explain that the NSA's Technology
   Transfer program is being subverted.  After all, you guys in the US PAID 
   for the development of this algorithm, and it strikes me as being a bit 
   offensive that you should pay again to see it.

2. FOI it.

I'm rather glad that _I_ didn't ring the number up and ask for the details
("Hello, I am a foreign national.  Can I have this algorithm please?")
I must admit that I was sorely tempted after reading Bruce's post, though!

							Ian.




From ifarqhar at laurel.ocs.mq.edu.au  Tue Jul 12 16:14:47 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Tue, 12 Jul 94 16:14:47 PDT
Subject: Idle question...
In-Reply-To: <199407121215.NAA23719@an-teallach.com>
Message-ID: <199407122312.AA00555@laurel.ocs.mq.edu.au>


>	interesting but idle question hit me: what ever happened to RC1, RC3,
>	MD1, MD3, A1, A2, A4, A6, and A7?

>Any reason why you left out A5 above? :-) ...

I left it out simple because it is a known cipher.  All of the ciphers mentioned
above are parts of series, but I have never seen published mention of them
(eg. we know MD2, MD4 and MD5, but those very numbers imply the existance of
MD1 and MD3, which I have never seen any reference to.)  I left A3 and A8
out as well.

>This is *significantly* more of a coup on the net that the NSA handbook.

Definitely, although the algorithm description posted was not complete.
What is clear, though, is that the French-designed A5 cipher is hideously
insecure (unless there is some amazing subtlty to it's design, and I
very much doubt it).

Some implications:

1. The French - with their well-known and legislated hatred of civilian
   crypto - won the battle of the GSM crypto algorithm, and managed to
   corrupt any chance of the incorporation of decent security in this
   mobile protocol.  The French position has had wide reaching implications
   globally, which I suspect that a lot of people would not be too happy
   about.

2. That our governments lied to us about the security of the algorithm.
   I note with some disgust that Australian organisations like ASIO and the
   AFP pushed HARD for A5X over A5 on the grounds that A5 was too hard
   to break.  This position was a fabrication, that much is clear.

3. That GSM phones are NOT in any way secure.  Sure, it's better than AMPS,
   but that is not saying much.  I also wonder if the embargo on the
   release of the A5 algorithm was simply to enforce the monopoly of
   the government SIGINT operations.

Anyway, let's throw this discussion open.  Here is the algorithm description,
and don't forget that A3 and A8 probably came from the same guys, and they're
part of GSM's key exchange protocol.  If they're as good as A5, GSM is in deep,
deep trouble security-wise.

BTW, the algorithm leaked, it was not reverse engineered.  I do not expect
SKIPJACK to leak, as it's distribution would be VERY limited, even within
the NSA and chip houses.  Even A5 was reputed to be known to only 2 or 3
people within Motorola.

I do not have a description of A5X, but I have heard rumors that A5 generates
a single 114 bit key, and then continues to use it over and over again.
As all of you would realise, this would be utterly trivial to break.

						Ian.

>From: rja14 at cl.cam.ac.uk (Ross Anderson)
>Newsgroups: sci.crypt,alt.security,uk.telecom
>Subject: A5 (Was: HACKING DIGITAL PHONES)
>Date: 17 Jun 1994 13:43:28 GMT
>Organization: U of Cambridge Computer Lab, UK
>Message-ID: <2ts9a0$95r at lyra.csx.cam.ac.uk>

The GSM encryption algorithm, A5, is not much good. Its effective key length is
at most five bytes; and anyone with the time and energy to look for faster attacks
can find source code for it at the bottom of this post.

The politics of all this is bizarre. Readers may recall that there was a fuss 
last year about whether GSM phones could be exported to the Middle East; the 
official line then was that A5 was too good for the likes of Saddam Hussein.

However, a couple of weeks ago, they switched from saying that A5 was too strong 
to disclose, to saying that it was too weak to disclose! The government line now 
pleads that discussing it might harm export sales. 

Maybe all the fuss was just a ploy to get Saddam to buy A5 chips on the black 
market; but Occam's razor suggests that we are really seeing the results of 
the usual blundering, infighting and incompetence of bloated government 
departments. 

Indeed, my spies inform me that there was a terrific row between the NATO signals 
agencies in the mid 1980's over whether GSM encryption should be strong or not. 
The Germans said it should be, as they shared a long border with the Evil Empire; 
but the other countries didn't feel this way. and the algorithm as now fielded is 
a French design.

A5 is a stream cipher, and the keystream is the xor of three clock controlled
registers. The clock control of each register is that register's own middle bit, 
xor'ed with a threshold function of the middle bits of all three registers (ie if
two or more of the middle bits are 1, then invert each of these bits; otherwise 
just use them as they are). The register lengths are 19, 22 and 23, and all the 
feedback polynomials are sparse.

Readers will note that there is a trivial 2^40 attack (guess the contents of
registers 1 and 2, work out register 3 from the keystream, and then step on to
check whether the guess was right). 2^40 trial encryptions could take weeks on a 
workstation, but the low gate count of the algorithm means that a Xilinx chip can 
easily be programmed to do keysearch, and an A5 cracker might have a few dozen of 
these running at maybe 2 keys per microsecond each. Of course, if all you want to 
do is break the Royal Family's keys for sale to News International, then software 
would do fine.

It is thus clear that A5 should be free of all export controls, just like CDMF 
and the 40-bit versions of RC2 and RC4.

Indeed, there seems to be an even faster attack. As the clock control is stop-go 
rather than 1-2, one would expect some kind of correlation attack to be possible, 
and on June 3rd, Dr Simon Shepherd of Bradford University was due to present an 
attack on A5 to an IEE colloquium in London. However, his talk was spiked at the 
last minute by GCHQ, and all we know about his attack is:

(a) that sparse matrix techniques are used to reconstruct the initial state
    (this was published as a `trailer' in the April 93 `Mobile Europe');

(b) that he used some of the tricks from my paper `Solving a class of stream 
    ciphers' (Cryptologia XIV no 3 [July 90] pp 285 - 288) and from the follow-up 
    paper `Divide and conquer attacks on certain classes of stream ciphers' by 
    Ed Dawson and Andy Clark (Cryptologia XVIII no 1 [Jan 94] pp 25 - 40) (he
    mentioned this to me on the phone).

I believe that we have to stand up for academic freedom, and I hope that placing 
A5 in the public domain will lead to the embargo on Simon's paper being lifted.


Ross Anderson


APPENDIX - AN IMPLEMENTATION OF A5

The documentation we have, which arrived anonymously in two brown envelopes, is 
incomplete; we do not know the feedback taps of registers 2 and 3, but we do know 
from the chip's gate count that they have at most 6 feedback taps between them.

The following implementation of A5 is due to Mike Roe <mrr at cl.cam.ac.uk>, and
all comments and queries should be sent to him.



/*
 * In writing this program, I've had to guess a few pices of information:
 *
 * 1. Which bits of the key are loaded into which bits of the shift register
 * 2. Which order the frame sequence number is shifted into the SR (MSB
 *    first or LSB first)
 * 3. The position of the feedback taps on R2 and R3 (R1 is known).
 * 4. The position of the clock control taps. These are on the `middle' one, 
 *    I've assumed to be 9 on R1, 11 on R2, 11 on R3.
 */

/*
 * Look at the `middle' stage of each of the 3 shift registers.
 * Either 0, 1, 2 or 3 of these 3 taps will be set high.
 * If 0 or 1 or one of them are high, return true. This will cause each of the
 * middle taps to be inverted before being used as a clock control. In all
 * cases either 2 or 3 of the clock enable lines will be active. Thus, at least
 * two shift registers change on every clock-tick and the system never becomes
 * stuck.
 */

static int threshold(r1, r2, r3)
unsigned int r1;
unsigned int r2;
unsigned int r3;
{
int total;

  total = (((r1 >>  9) & 0x1) == 1) +
          (((r2 >> 11) & 0x1) == 1) +
          (((r3 >> 11) & 0x1) == 1);

  if (total > 1)
    return (0);
  else
    return (1);
}

unsigned long clock_r1(ctl, r1)
int ctl;
unsigned long r1;
{
unsigned long feedback;

 /*
  * Primitive polynomial x**19 + x**5 + x**2 + x + 1
  */

  ctl ^= ((r1 >> 9) & 0x1);
  if (ctl)
  {
    feedback = (r1 >> 18) ^ (r1 >> 17) ^ (r1 >> 16) ^ (r1 >> 13);
    r1 = (r1 << 1) & 0x7ffff;
    if (feedback & 0x01)
      r1 ^= 0x01;
  }
  return (r1);
}

unsigned long clock_r2(ctl, r2)
int ctl;
unsigned long r2;
{
unsigned long feedback;

  
 /*
  * Primitive polynomial x**22 + x**9 + x**5 + x + 1
  */   

  ctl ^= ((r2 >> 11) & 0x1);
  if (ctl)
  {
    feedback = (r2 >> 21) ^ (r2 >> 20) ^ (r2 >> 16) ^ (r2 >> 12);
    r2 = (r2 << 1) & 0x3fffff;
    if (feedback & 0x01)
      r2 ^= 0x01;
  }
  return (r2);
}

unsigned long clock_r3(ctl, r3)
int ctl;
unsigned long r3;
{
unsigned long feedback;

 /*
  * Primitive polynomial x**23 + x**5 + x**4 + x + 1
  */

  ctl ^= ((r3 >> 11) & 0x1);
  if (ctl)
  {
    feedback = (r3 >> 22) ^ (r3 >> 21) ^ (r3 >> 18) ^ (r3 >> 17);
    r3 = (r3 << 1) & 0x7fffff;
    if (feedback & 0x01)
      r3 ^= 0x01;
  }
  return (r3);
}

int keystream(key, frame, alice, bob)
unsigned char *key;   /* 64 bit session key              */
unsigned long frame;  /* 22 bit frame sequence number    */
unsigned char *alice; /* 114 bit Alice to Bob key stream */
unsigned char *bob;   /* 114 bit Bob to Alice key stream */
{
unsigned long r1;   /* 19 bit shift register */
unsigned long r2;   /* 22 bit shift register */
unsigned long r3;   /* 23 bit shift register */
int i;              /* counter for loops     */
int clock_ctl;      /* xored with clock enable on each shift register */
unsigned char *ptr; /* current position in keystream */
unsigned char byte; /* byte of keystream being assembled */
unsigned int bits;  /* number of bits of keystream in byte */
unsigned int bit;   /* bit output from keystream generator */

  /* Initialise shift registers from session key */

  r1 = (key[0] | (key[1] << 8) | (key[2] << 16) ) & 0x7ffff;
  r2 = ((key[2] >> 3) | (key[3] << 5) | (key[4] << 13) | (key[5] << 21)) & 0x3fffff;
  r3 = ((key[5] >> 1) | (key[6] << 7) | (key[7] << 15) ) & 0x7fffff;


  /* Merge frame sequence number into shift register state, by xor'ing it
   * into the feedback path
   */

  for (i=0;i<22;i++)
  {
    clock_ctl = threshold(r1, r2, r2);
    r1 = clock_r1(clock_ctl, r1);
    r2 = clock_r2(clock_ctl, r2);
    r3 = clock_r3(clock_ctl, r3);
    if (frame & 1)
    {
      r1 ^= 1;
      r2 ^= 1;
      r3 ^= 1;
    }
    frame = frame >> 1;
  }

  /* Run shift registers for 100 clock ticks to allow frame number to
   * be diffused into all the bits of the shift registers
   */

  for (i=0;i<100;i++)
  {
    clock_ctl = threshold(r1, r2, r2);
    r1 = clock_r1(clock_ctl, r1);
    r2 = clock_r2(clock_ctl, r2);
    r3 = clock_r3(clock_ctl, r3);
  }

  /* Produce 114 bits of Alice->Bob key stream */

  ptr = alice;
  bits = 0;
  byte = 0;
  for (i=0;i<114;i++)
  {
    clock_ctl = threshold(r1, r2, r2);
    r1 = clock_r1(clock_ctl, r1);
    r2 = clock_r2(clock_ctl, r2);
    r3 = clock_r3(clock_ctl, r3);

    bit = ((r1 >> 18) ^ (r2 >> 21) ^ (r3 >> 22)) & 0x01;
    byte = (byte << 1) | bit;
    bits++;
    if (bits == 8)
    {
      *ptr = byte;
      ptr++;
      bits = 0;
      byte = 0;
    }
  }
  if (bits)
    *ptr = byte;

  /* Run shift registers for another 100 bits to hide relationship between
   * Alice->Bob key stream and Bob->Alice key stream.
   */

  for (i=0;i<100;i++)
  {
    clock_ctl = threshold(r1, r2, r2);
    r1 = clock_r1(clock_ctl, r1);
    r2 = clock_r2(clock_ctl, r2);
    r3 = clock_r3(clock_ctl, r3);
  }

  /* Produce 114 bits of Bob->Alice key stream */

  ptr = bob;
  bits = 0;
  byte = 0;
  for (i=0;i<114;i++)
  {
    clock_ctl = threshold(r1, r2, r2);
    r1 = clock_r1(clock_ctl, r1);
    r2 = clock_r2(clock_ctl, r2);
    r3 = clock_r3(clock_ctl, r3);

    bit = ((r1 >> 18) ^ (r2 >> 21) ^ (r3 >> 22)) & 0x01;
    byte = (byte << 1) | bit;
    bits++;
    if (bits == 8)
    {
      *ptr = byte;
      ptr++;
      bits = 0;
      byte = 0;
    }
  }
  if (bits)
    *ptr = byte;
 
  return (0);

}

End of post...




From mgream at acacia.itd.uts.edu.au  Tue Jul 12 16:14:48 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Tue, 12 Jul 94 16:14:48 PDT
Subject: NSA technology transfer (fwd)
In-Reply-To: <Pine.3.89.9407121441.B1198-0100000@Joyce-Perkins.tenet.edu>
Message-ID: <9407122316.AA07845@acacia.itd.uts.EDU.AU>


"Dan Harmon" wrote:
> 
> I'm reposting this in response to a few recent posts inquiring about the 
> NSA flyer.
[..]
> > This is from a flyer that NSA people have been distributing:
> > 
> >      NATIONAL SECURITY AGENCY --  TECHNOLOGY TRANSFER
> > 
> >      Information Sorting and Retrieval by Language or Topic
> > 

Related note: I was doing some research at the National Library of
Australia the other day and came across a publication (a 12 page
pamphlet or thereabouts) titled "Careers for Mathematicians and
Engineers at the National Security Agency". It's dated about 1976, and
describes what engineers, physicists, mathematicians and computer
scientists can engage in at NSA. 

The people in the pictures look like they had been rescued from a 70's
low budget CIA or Police TV flick. As for equipment, there were
pictures of oscilloscopes, `computers' with LEDs and switches on the
front and other stuff as well (and neat labels on the switches too).

Much was given to the potential types of work you can do, and
descriptions of the facilities at Ft. Meade (though, it didn't
explicitly name the place, but named campuses where you can study at
while working at NSA -- the target audience is high school students it
seems), most either in Maryland or Washington DC (if my US geography
serves me the best), Georgetown University was one of them. IMHO a
security risk in itself, knowing the exact places and courses that NSA
personel are located, almost as bad as our DSD advertising for job
placements in the Government Gazette ` .. for the collection and
interpretation of foreign signals intelligence ..'.

Some of the claims are down right funny. For instance, it is stated
that "To assure maximum opportunity for achievement, the Agency
provides a high degree of personal freedom to pursue individual
interests in an atmosphere conducive to scholary achievement". Sure!
You just have to suffer the indignation of not being able to publish it
to your respected peers (well, at least those outside the agency).

I made a photocopy of two pages, one with a guy standing in front of
the NSA emblem, smiling of course [would you by a cryptosystem from
this man ...]. The other, my favourite, is of a woman standing at a
blackboard with another guy, she's obviously teaching him about
something. Chalked on the board is a picture of a 7 bit LFSR with a
single tap, and then next to it (partly obscured by the man) are a few
equations. It lost a bit in the color -> b/w photocopy, but I plan to
scan in the two photocopied papers when next I see my friend and his
flatbed.

It was a good giggle!

Matthew.

-- 
Matthew Gream <M.Gream at uts.edu.au> -- Consent Technologies, (02) 821-2043
Disclaimer: I'm only a student at UTS, and don't represent them.





From rishab at dxm.ernet.in  Tue Jul 12 16:55:50 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Tue, 12 Jul 94 16:55:50 PDT
Subject: The Detweiler Files
Message-ID: <gate.H8y0oc1w165w@dxm.ernet.in>


jamiel at sybase.com (Jamie Lawrence):
> I have a writing assignment coming up (nothing to do
> with much that is talked about on this list), and some
> example posts by Detweiler could be really handy as
> references. I have one from a long time ago, but could
> use some others- anybody save any for posterity? If so,
> could you forward me a couple of juicy ones?

I have about 580k of 'Detweiler files'. These are sorted by mail from his
presumed identities, mail to them and relevant mail about him. Separately
stored are some of his gems, including his roman torture piece and S Boxx's
poetry.

You can't ftp _in_ to my SLIP node, but I can ftp it to some place convenient.
Compressed, it should be about 200k (ZIP).




-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From ifarqhar at laurel.ocs.mq.edu.au  Tue Jul 12 17:14:31 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Tue, 12 Jul 94 17:14:31 PDT
Subject: NSA technology transfer (fwd)
In-Reply-To: <9407122316.AA07845@acacia.itd.uts.EDU.AU>
Message-ID: <199407130013.AA03801@laurel.ocs.mq.edu.au>


>Related note: I was doing some research at the National Library of
>Australia the other day and came across a publication (a 12 page
>pamphlet or thereabouts) titled "Careers for Mathematicians and
>Engineers at the National Security Agency". It's dated about 1976, and
>describes what engineers, physicists, mathematicians and computer
>scientists can engage in at NSA. 

There is a similar information brochure for the DSD, available at most
career advisory services in Australian Universities.

>The people in the pictures look like they had been rescued from a 70's
>low budget CIA or Police TV flick. As for equipment, there were
>pictures of oscilloscopes, `computers' with LEDs and switches on the
>front and other stuff as well (and neat labels on the switches too).

The DSD brochure is interestingly sanitized too.  The surprise was
their acknowledgement that they own a Cray, although the pictured model
is an X-MP (which I know has been subsequently decommissioned, cut in half,
and now graces the CRI foyer in Melbourne and, it is rumored, the DSD
foyer in their HQ at Russell, ACT).  DSD have a more recent model now.
Amusingly, it was not up until recently that they were admitting that they
HAD a Cray, and the current model is still confidential.

The picture also shows some fairly hackerish looking people pointing
logic probes into circuitry, and viewing the output of programs on what
look like 3270 terminals!  On closer inspection, these boards appear to
be domestic modems (Dataplex models, by the look of them).  There is one
fairly interesting looking board, which appears to be covered in ceramic-
packaged custom chips, but it looks circa 1975 or so and ancient.

I went through the document as closely, but could not get much out of it.
The sanitisation was quite competent, which is no surprise for that
organisation.

>Some of the claims are down right funny. For instance, it is stated
>that "To assure maximum opportunity for achievement, the Agency
>provides a high degree of personal freedom to pursue individual
>interests in an atmosphere conducive to scholary achievement". Sure!

*ROTFL!!!!*

Does this include left-wing political interests?!

							Ian.




From Banisar at epic.org  Tue Jul 12 17:15:12 1994
From: Banisar at epic.org (David Banisar)
Date: Tue, 12 Jul 94 17:15:12 PDT
Subject: New National ID Card Proposal
Message-ID: <9407122011.AA46671@Hacker2.cpsr.digex.net>


CBS Evening News just reported that Clinton has "tenatively signed off"
on a National ID card recommended to him by a commission on immigration 
reform. The obstensive reason for the card is for employment and immigration. 
Each card will contain a name, photo, mag stripe with info and a "verified 
SSN." It was supported by Senator Alan Simpson of Wyoming, a long-time 
supporter of id cards. Gov. Pete Wilson of California has apparently offered 
to make California a test-bed for the proposal.  The proposal was opposed by 
Xavier Beccera, a Congressman from California.  A previous effort to impose a 
national id card was rejected by Congress in 1986.

EPIC is working with Privacy International to investigate this report. PI has 
led successful campaigns aginst national id cards in Australia, New Zealand, 
and the Phillipines. 
  
In Australia, the PI-led campaign led to the dissolution of both houses of 
the federal Parliament in 1987 after hundrends of thousands marched in 
protest. The Australian campaign brought together groups from all parts of 
the political spectrum from the Communist Party to the Libertarian Alliance, 
farmers and conservation groups, rock stars, academics, large businesses such 
as banks and mining corporations, but the overwhelming support came from the 
public who created the biggest civil protest in Australian history.


David Banisar (banisar at epic.org)
Electronic Privacy Information Center
666 Penn. Ave, SE #301, Washington, DC 20003
202-544-9240 (v) 202-547-5482 (f)







From ifarqhar at laurel.ocs.mq.edu.au  Tue Jul 12 17:33:45 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Tue, 12 Jul 94 17:33:45 PDT
Subject: Validating IDEA
In-Reply-To: <9407121541.AA29010@toad.com>
Message-ID: <199407130031.AA04745@laurel.ocs.mq.edu.au>


>Does anyone know if there is a validation suite for the IDEA
>cipher?  I want to be able to verify an implementation on
>the TMS320 digital-signal processor.

>The NIST has such a test suite for the DES, but I haven't heard
>anything about IDEA.

There is some sample data included in the appendix to the IDEA
description (chapter 3 or someone's thesis) which is floating around
the network.  This sample data should allow at least a partial
validation of your cipher implementation, and arbitrary amounts of
it can furthermore be generated by using the sample C implementation
contained in the same appendix.

This document is widely available, but until the end of the week I have
stored it in:

	ftp.mq.edu.au:/home/ifarqhar/idea-eurocrypt90.zip

I do not know how much longer it will remain after Friday, as I will be
leaving my position here on that day and moving accounts.

							Ian.




From sandfort at crl.com  Tue Jul 12 17:34:50 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 12 Jul 94 17:34:50 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <Pine.3.87.9407121754.A9926-0100000@crl5.crl.com>


C'punks,

Does anyone on the Cypherpunks Channel have any inside information about 
the "computer porn ring" that was busted at Lawrence Livermore Labs?  Is 
there a crypto tie-in?


 S a n d y








From kevin at beach.com  Tue Jul 12 17:59:11 1994
From: kevin at beach.com (kevin at beach.com)
Date: Tue, 12 Jul 94 17:59:11 PDT
Subject: Mailing List
Message-ID: <940712174832.4479AAC7F.kevin@beach>


Please put me on your mailing list.

Thanks

Sincerely,

Kevin T. Smith, President


TeleSource
A Division of SonRise Corp.
(408) 247-4782 voice
(408) 247-1070 fax
ksmith at beach.com

*************************************NeXTMail
Preferred***********************************





From bdolan at well.sf.ca.us  Tue Jul 12 18:10:50 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Tue, 12 Jul 94 18:10:50 PDT
Subject: ID card from hell
Message-ID: <199407130110.SAA15087@well.sf.ca.us>


Yeah, I know it's not about crypto but it sure is about privacy ...


1984 COMES ONE DECADE LATE
July 12, 1994

On CBS News tonight, the lead story announced a government plan
to require all of us to carry a national identity card.  This 
card will contain your picture, a fingerprint, your social 
security number, and other "electronically encoded" information.
You will be required to present this card to obtain employment
or "receive government services."

CA Governor Pete Wilson and Sen. Alan Simpson were featured 
explaining how this was a really great idea, necessary to
"stop illegal immigration."


Prediction

If Americans accept this, as I expect they will, we will
see the following:

Cops doing card-scan roadblocks, ostensibly to find drunks and
immigrants.

A requirement to present your card and have a computer record kept
after every financial transaction over, say, $100.

A requirement to present your card to get medical care.

Adoption of these cards as drivers' licenses.  Just a magnetic / 
electronic data entry to indicate if you are authorized to drive.
Same thing for professional licenses.

Card-scan to buy guns or ammunition - if you are allowed to buy
them at all.

Card-scan to buy potentially subversive tools, chemicals, books.

Card-scan on entry to or exit from the U.S.  Instant database 
check to see if you are authorized to enter or leave the U.S. 

Card-scan on entry to or exit from "special" areas:  an extra
little security check before  you enter places the government
is taking an extra interest in. 

Mandatory presentation of card to get access to an internet-
attached computer account.

Card-scan at your kids' school.

Linked databases of parents and kids, to correlate child support
payments, vaccination histories, academic performance, truancy, 
antisocial attitudes, you name it.

I could go on, but why bother?  As an exercise for the reader:
The federal government currently is encouraging states to revoke 
drivers licenses and professional licenses of "bad" people who 
use drugs, drive drunk, don't pay child support, etc.  What will 
happen to you in the future if you displease the state?

Brad  bdolan at well.sf.ca.us







From tcmay at netcom.com  Tue Jul 12 18:18:01 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 18:18:01 PDT
Subject: NATIONAL SECURITY PORN RISK
In-Reply-To: <Pine.3.87.9407121754.A9926-0100000@crl5.crl.com>
Message-ID: <199407130117.SAA06097@netcom5.netcom.com>



> C'punks,
> 
> Does anyone on the Cypherpunks Channel have any inside information about 
> the "computer porn ring" that was busted at Lawrence Livermore Labs?  Is 
> there a crypto tie-in?
> 
> 
>  S a n d y

I've read the "Mercury News" front-page article...does that count?
(It's in today's paper--Tuesday, 1994-07-12.)

The issue, for those who haven't read the article, is that LLL
computers and disks were used (apparently) for storage of GIFs and the
like, for anonymous ftp access. Apparently this site was not
advertised...it was not "ftp.porn.bomb-labs.gov" or anything else.

The crypto tie-in is interesting: steganography. Apparently the
investigators have read about steganography--perhaps in "Wired"?--and
are worried that password sniffers, and the like, are collecting
secrets and then packing them into the porno images.

Very implausible, that someone would go to this trouble. Too many
other ways. No doubt the images are just the usual two-bit use of
someone else's facilities.

My joke, "Debbie Does Fort Meade," turns out be more prophetic than I
thought.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From grendel at netaxs.com  Tue Jul 12 18:31:42 1994
From: grendel at netaxs.com (Michael Handler)
Date: Tue, 12 Jul 94 18:31:42 PDT
Subject: NATIONAL SECURITY PORN RISK
In-Reply-To: <Pine.3.87.9407121754.A9926-0100000@crl5.crl.com>
Message-ID: <Pine.3.89.9407122123.C5677-0100000@unix1.netaxs.com>


On Tue, 12 Jul 1994, Sandy Sandfort wrote:

> Does anyone on the Cypherpunks Channel have any inside information about 
> the "computer porn ring" that was busted at Lawrence Livermore Labs?  Is 
> there a crypto tie-in?

From: paulp at nic.cerf.net (Paul Phillips)
Newsgroups: alt.current-events.net-abuse,alt.security,alt.news-media,news.admin.misc
Subject: LA Times Yellow Journalism
Date: 12 Jul 1994 18:43:23 GMT

This on page A1 of the July 12 1994 LA Times:

 "Computer at Nuclear Lab Used for Access to Porn"
[ snip ]
-- Excerpt --
One computer expert, who requested anonymity, said there might be more
to the incident than meets the eye.  The expert suggested that the hard-core
pornography may be a cover for an ultra-sophisticated espionage program,
in which a "sniffer" program combs through other Livermore computers,
encodes the passwords and accounts it finds, and then hides them within
the pornographic images, perhaps to be downloaded by foreign agents.
-- End excerpt --

	It's a Steganography reference. This sets off my warning bells -- 
why would they explicitly mention the Stego technique, unless possibly it 
was used in the porn ring there? Granted, Stego makes good journalism 
fodder ("Hide your encrypted nuclear bomb plans in porn GIFs from the 
Internet!"), but it's definitely not as sexy [sic] as "Taxpayer-funded 
computers used in secret porn ring!" Anybody know exactly what was going 
on at LLL? We can't get papers easily up here. :(

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule






From bdolan at well.sf.ca.us  Tue Jul 12 18:40:42 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Tue, 12 Jul 94 18:40:42 PDT
Subject: SPA & FBI after Pornographic traitors
Message-ID: <199407130140.SAA24501@well.sf.ca.us>


Sandy asked....



Associated Press reports today:  

Officials at one the nation's three nuclear weapons laboratories 
discovered their computers were used to store pornography, the Los 
Angeles Times reported Tuesday. Computers at the Lawrence Livermore 
National Laboratory contained more than 1,000 pornographic images, 
said Chuck Cole, deputy associate director of computing at the lab.
[...]

The computers were shut down after an investigation uncovered software 
piracy on the Internet, a network of thousands of computer networks 
originally designed to connect computers at universities and government 
research labs. It is now used by millions of people.  "We are currently 
tracking over 1,600 pirate sites on the Internet in a joint 
investigation with the FBI," said Peter Beruk of the Software 
Publishers Association, which represents major software manufacturers. 
"It is a very serious and costly problem."  [...]
-----------------------------------------------------------------

Some people might consider the second paragraph a nonsequitur to 
the first. However, if one doesn't think too clearly about things, one
might get the general message that we need Daddy to help protect us 
from the pornographers and pirates lurking out there on that internet
thing.

Brad  bdolan at well.sf.ca.us










From jdwilson at gold.chem.hawaii.edu  Tue Jul 12 18:48:08 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Tue, 12 Jul 94 18:48:08 PDT
Subject: Tempest in our Teapot
In-Reply-To: <940703160818T8mjgostin@eternal.pha.pa.us>
Message-ID: <9407130147.AA11494@gold.chem.hawaii.edu>



And that is why they don't let you take radios anywhere near their
equipment either...

-NS






From tcmay at netcom.com  Tue Jul 12 19:20:55 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 19:20:55 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
Message-ID: <199407130221.TAA17224@netcom5.netcom.com>


Some random comments that may interest some of you.

Someone asked me for some novels he could read that might cover some
cypherpunkish topics. These are some titles I gave him:

* Brunner, The Shockwave Rider
* Vinge, True Names
* Card, Ender's Game
* Gibson, Neuromancer

(He's currently reading Orwell's "1984," which is of Required Reading
to remain on our list! I read '1984" when I was in the 7th grade, in
1966, probably before many of you were born.)

Vernor Vinge's "True Names" comes up in another context: I spent all
of Sunday talking to Vernor and several other bright folks in the
aftermath of a great party in the hills of Marin County, right next to
Skywalker Ranch.

My mad scientist/entrepreneur friends Bob Fleming and Cherie Kushner,
in whose startup company I've invested some money, had a party to
celebrate something or other. As it turned out, noted author--and
winner of the Hugo Award fpr Best Novel last summer for "A Fire Upon
the Deep"--Vernor Vinger was giving a talk on cyberspace and whatnot
at Interval Research on Friday, so they invited him to stay at their
place. (Interval is doing futuristic work in a lot of areas, and is
funded by billionaire Paul Allen, co-founder of Microsoft.)

I don't plan to recap the party; that's just a party.

But the discussions on Sunday (some of stayed over, due to the long
distances back to our homes, or as with Vernor, in lieu of a night in
a hotel) touched on point of interest to our list.

Also there were Eric Hughes, who you all know, and Alan Huang, who
built one of the world's first optical computers for Bell Labs.
(Alan's project, which included work on optical switchers, terabit per
second Sagnac fibers, optical cellular automata, and even crypto, was
cancelled by AT&T because they decided to concentrate on other
things....Alan chose to leave AT&T and is now planning a move to the
Bay Area to set up something here.)

In my years of being able to worm my way into high-power discussions,
at universities, at Intel, and at too many conferences to remember, I
can't recall being in such a conversation as this, with everyone of
the highest possible caliber. (I'm just calling it as I see it.)

Wormholes, reversible computation, the 7,000-Cray NSA computer, the
problems with nanotech, the problems with AI, the Tines and the
Powers, the Extropians group (Vernor was curious), the Singularity,
and the implications of the OJ Simpson case were a few of the
topics. (Yes, several of us had "wasted" our time watching this
case. Me, I think it's drama of truly Shakespearean proportions, and
should not be "dissed" just becuase it's getting more attention than
the Rhwandans and Haitians are getting...not to mention the boring
Bosnians.)

I'd met Vinge a few times before, notably at the 1989 Hackers
Conference, but this time I got to spend enough time to really get
some information exchanged. We all left Bob and Cherie's place at 7
p.m., as they took Vernor down to the SF airport, and as the rest of
us scattered.

With all the telecommunications we have, nothing beats an intensive
face-to-face session. Which is why I still live within driving
distance of the Silicon Valley and the Bay Area in general.

Sorry if this message seems too personal, but I felt the urge to
"share."

And at least it's not a forward.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From blancw at microsoft.com  Tue Jul 12 19:39:54 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 12 Jul 94 19:39:54 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <9407130239.AA18356@netmail2.microsoft.com>



-- Excerpt --
One computer expert, who requested anonymity, said there might be more
to the incident than meets the eye.  The expert suggested that the hard-core
pornography may be a cover for an ultra-sophisticated espionage program,
in which a "sniffer" program combs through other Livermore computers,
encodes the passwords and accounts it finds, and then hides them within
the pornographic images, perhaps to be downloaded by foreign agents.
-- End excerpt --

Maybe this is all just an excuse to examine the evidence (1,000 GIFs).

Blanc

	





From blancw at microsoft.com  Tue Jul 12 19:40:30 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 12 Jul 94 19:40:30 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
Message-ID: <9407130240.AA18365@netmail2.microsoft.com>


From: Timothy C. May

Sorry if this message seems too personal, but I felt the urge to
"share."
............................................

Oh, that's okay    -    I wasn't doing anything, anyway.

Blanc





From nobody at ds1.wu-wien.ac.at  Tue Jul 12 19:48:32 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Tue, 12 Jul 94 19:48:32 PDT
Subject: Encrypted, Chained Reply Blocks
Message-ID: <9407130247.AA08901@ds1.wu-wien.ac.at>


I noticed a message posted here, anonymously, with an "encrypted
reply block" (ERB) attached to the end of it.  Instructions were 
given that to reply to the message, the block was to be pasted at 
the very beginning of the reply, which was then to be sent to a 
certain remailer.  The block started with the usual "::", 
followed by and "Encrypted: PGP" line typically used with chained 
remailers.

While I don't know the specifics of that particular ERB, would it 
be possible to chain a REPLY through several remailers, such that 
the body of the reply was sent along in the clear through each 
link of the chain, but the final destination address was only 
visible to the operator of the final link in the chain?  This 
would require that after the "Encrypted: PGP" block, any appended 
plaintext would also be sent along by each remailer and not 
discarded.  Which remailers allow that?

Hypothetically, it would seem that one could take an "empty 
message", using the "CHAIN" utility to chain the "message" 
through remailers A,B,C,D, encrypting it at each step, placing 
the resulting block in the message body with instructions that 
the resultant block must precede any replies, which must then be 
sent to remailer "A".  Alternatively, instead of an empty 
message, a single, unique, identifying line could be used as the 
message.  This would allow a person to generate multiple ERBs and 
know which one had been used for any given reply.

One weakness I can see in such a scheme is that traffic analysis 
would be a bit easier, since the plaintext of the reply would be 
visible at each step.  Also, there would be a potential for "hand 
tracing" the reply to its destination, assuming each remailer 
operator cooperated, by sending a personal message to operator 
"A", with the ERB attached, asking him/her to decrypt the next 
link destination, then forward the message to the operator of the 
next link with a similar request, and so on, requesting that the 
last operator in the link report the ultimate recipient's email 
address to the requestor.  This would potentially be easier than 
tracing a message the other direction, since by the time the 
message arrived, information necessary to trace it backwards 
might have been already deleted at one or more of the chained 
remailer sites.

Any thoughts or suggestions?  Are there any further obvious 
weaknesses in this scheme that I may have missed?





From analyst at Onramp.NET  Tue Jul 12 19:54:10 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Tue, 12 Jul 94 19:54:10 PDT
Subject: Pseudonymous ID cards?
Message-ID: <199407130255.VAA02121@ns.onramp.net>


On the bright side, at least the Clinton administration is trying to stir
up interest in privacy issues amongst the general public.

Between the administration's support of Clipper, National ID cards,
National Health cards and Digital Telephony (have they supported this
yet?), there should start to be a lot of public interest in these issues.

Personally, rather than _just_ naysay everything that is being proposed
(which I will do, strongly), I would like more concrete recommendations and
proposals to make on the positive side that use technologies like digital
signatures and reputations to *protect* privacy while still allowing many
of the familiar sorts of social/economic interactions that we take for
granted. Perhaps we can pull an Aikido maneuver on this sudden gov power
grab (ok,ok, pretty far-fetched).

But, short of tracking down the Scientific American article from a couple
of years ago and re-reading it (and I'm sure it's out of date), I'm not
really sure what we can do with pseudonymous reputations and whatnot given
the current state-of-the-art.

So, I'd like suggestions, comments about alternative ways of establishing
digital IDs, insurance cards, credit cards, etc. that protect privacy
instead of divulge it, while still providing some of the societal controls
that we have come to expect (e.g. that drunk drivers will be deprived of a
license to drive).

Do we have alternative suggestions to make in this dark hour so that we can
actually win back some of our privacy? Can these sorts of technologies be
implemented in a way that is understandable by the average citizen-unit?

--
Benjamin McLemore
analyst at onramp,net

PS
I wonder what exactly Justice and/or the spooks have on Clinton that's so
effective? Or are he and Gore actually as stupid as they act?







From analyst at Onramp.NET  Tue Jul 12 20:11:34 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Tue, 12 Jul 94 20:11:34 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
Message-ID: <199407130312.WAA02360@ns.onramp.net>


Any newer Vinge estimates of arrival time for the Singularity? I saw an
article a while back by Vinge and I think he was estimating 2013-2030
timeframe.

I've been thinking of starting a Singularity Watch type Web-page/email
list, as I am often struck by technological newsbits that seem enough
out-of-the-ordinary and potentially status quo shattering that they seem to
indicate some sort of potential for breakthrough.



Some recent examples:

*human genome project

*quantum mechanical teleportation

*high energy ion bombardment of nuclei in Germany yields something besides
quarks, gluons in protons (potential challenge to QCD, is this our
photoelectric effect finally?)

*quantum computing

*etc

Despite the romantic appeal of the idea, though, I think it is a bit
farther off than Vinge imagines--maybe 2050.

--
Benjamin McLemore
analyst at onramp.net







From Gerald.R.Martinez at att.com  Tue Jul 12 20:31:53 1994
From: Gerald.R.Martinez at att.com (Gerald.R.Martinez at att.com)
Date: Tue, 12 Jul 94 20:31:53 PDT
Subject: cypherpunks email list help?
Message-ID: <9407122129.ZM1265@dr.att.com>


Anyone know the phone number of the cypherpunks list owner?

I have tried for weeks to remove my duplicate email address
entries from the list - probably placed there as a result
of the email list scroggings of late... so far I
have not gotten any response from:

  majordomo at toad.com (reply indicates request forwarded to
		cypherpunks-approval at toad.com)
  hughes at toad.com
  hughes at ah.com

Any advice would be appreciated... thank you.

-- 
 gerald.r.martinez at att.com  /  grmartinez at attmail.att.com  /  att!drmail!grm
 @ AT&T GBCS Bell Labs, Denver  (303) 538-1338
 @ WWW: http://info.dr.att.com/hypertext/people/grm.html
 & life is a cabernet						...o&o )))





From pcw at access.digex.net  Tue Jul 12 20:36:06 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Tue, 12 Jul 94 20:36:06 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <199407130335.AA29451@access2.digex.net>



> "Computer at Nuclear Lab Used for Access to Porn"
>[ snip ]
>-- Excerpt --
>One computer expert, who requested anonymity, said there might be more
>to the incident than meets the eye.  The expert suggested that the hard-core
>pornography may be a cover for an ultra-sophisticated espionage program,
>in which a "sniffer" program combs through other Livermore computers,
>encodes the passwords and accounts it finds, and then hides them within
>the pornographic images, perhaps to be downloaded by foreign agents.
>-- End excerpt --
>
>        It's a Steganography reference. This sets off my warning bells -- 
>why would they explicitly mention the Stego technique, unless possibly it 
>was used in the porn ring there? Granted, Stego makes good journalism 
>fodder ("Hide your encrypted nuclear bomb plans in porn GIFs from the 
>Internet!"), but it's definitely not as sexy [sic] as "Taxpayer-funded 
>computers used in secret porn ring!" Anybody know exactly what was going 
>on at LLL? We can't get papers easily up here. :(
>
>--------------------------------------------------------------------------
>Michael Brandt Handler                                <grendel at netaxs.com> 
>Philadelphia, PA                                    <mh7p+ at andrew.cmu.edu>
>Currently at CMU, Pittsburgh, PA            PGP v2.6 public key on request
>Boycott Canter & Siegel                <<NSA>> 1984: We're Behind Schedule

I think that the Steganography is just an excuse to close down the place. 
It _could_ happen, therefore we should defend against it. Of course, every
spy knows that blending in is the most important trick. It would be better
to hide the information in something bland.

On the other hand, a gif-station is one of the few types of ftp sites that
attract enough attention to drown out the one transfer from the spies.








From tcmay at netcom.com  Tue Jul 12 20:58:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 20:58:34 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
In-Reply-To: <199407130312.WAA02360@ns.onramp.net>
Message-ID: <199407130358.UAA05216@netcom9.netcom.com>


Benjamin McLemore writes:

> Any newer Vinge estimates of arrival time for the Singularity? I saw an
> article a while back by Vinge and I think he was estimating 2013-2030
> timeframe.

We discussed the Singularity at length (thus delaying the arrival by
some number of seconds). 

Vinge is not at all strident in his estimates. In fact, I am more
strident in my _deep doubts_ that anything like his timetable is at
all reasonable.

(I look at the progress needed, the current slow rate, and the
conceptual issues which are not yet solved. And the all-important
issue of economic incentives, and the difficulty of "crossing the
desert." I've written about his before, and won't here.)

> I've been thinking of starting a Singularity Watch type Web-page/email
> list, as I am often struck by technological newsbits that seem enough
> out-of-the-ordinary and potentially status quo shattering that they seem to
> indicate some sort of potential for breakthrough.

This is actually counter-productive, in my odd opinion. Many bright
folks I know here are affected by Toffler's "overchoice" dilemma: too
many exciting areas to study...and, after all, if the Singularity is
coming on Feb 13, 2016, why design boring things like 10-million
transistor chips?

The focus on the mythical "Singularity" is not very useful.

Also, most of the "tidbits" of technology that get reported are
marketing hype. I won't recapitulate points I used to make at length
on another list (Extropians), but most discoveries cited are not at
all steps toward "the Singularity." 


> Some recent examples:

> *human genome project

Of interest, but not even as interesting as other things.

> *quantum mechanical teleportation

Aharonov-Bohm may exist, but it ain't teleportation! I don't want to
sound rude here, but it does a disservice to even call it this.

> *high energy ion bombardment of nuclei in Germany yields something besides
> quarks, gluons in protons (potential challenge to QCD, is this our
> photoelectric effect finally?)

I don't know anything about this (references?), but it seems pretty
clear that the Singularity will or will not arrive based on fairly
standard technologies, certainly no technologies involving gluons and
whatnot are going to be of engineering importance anytime soon. Maybe
I'm wrong, but I don't seen any connections.

> *quantum computing
> 

Like quantum teleportation, probably not real.

In any case, I support Vinge's point that the main enabling technology
he was thinking of was the truly powerful, artificially intelligent
computer, able to design an even better successor, etc. (The
long-awaited, and much-delayed "runaway" situation, a la "The Forbin
Project.)

Vinge assumes no oddball physics. As an ex-physicist, I concur.


> Despite the romantic appeal of the idea, though, I think it is a bit
> farther off than Vinge imagines--maybe 2050.

Maybe. But only maybe.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From sidney at taurus.apple.com  Tue Jul 12 21:04:22 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Tue, 12 Jul 94 21:04:22 PDT
Subject: Pseudonymous ID cards?
Message-ID: <9407130403.AA13396@federal-excess.apple.com>


analyst at Onramp.NET (Benjamin McLemore) wrote:
> digital IDs, insurance cards, credit cards, etc. that protect privacy

I've seen articles about that here and/or sci.crypt and places like that.
If you think in terms of cryptographic authentication of smaller pieces of
information instead of a card that can reveal all about someone, it isn't
too difficult. If a traffic cop wants proof that you have a valid driver's
license, all they really need access to is the key to verify the
authenticity of something that certifies that you have a valid driver's
license. Your card can provide that certificate without revealing any other
information about you than the fact that you are licensed to drive. The
good thing about this kind of setup is that information can be partitioned
so that only people with a reason to be authorized to get that information
would have access to it. The bad thing about this is that it still makes it
easy for the government to require that we all carry around a card that
tells everything about us and makes access to all that only a matter of
legal authorization. I don't want a society where my cryptographically
secured private information is required to be shown at every police
seatbelt/alcohol/immigrant/drug/pedophilia/sedition checkpoint.

 -- sidney <sidney at apple.com>








From hayden at vorlon.mankato.msus.edu  Tue Jul 12 21:38:19 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Tue, 12 Jul 94 21:38:19 PDT
Subject: The Detweiler Files
In-Reply-To: <gate.H8y0oc1w165w@dxm.ernet.in>
Message-ID: <Pine.3.89.9407122349.B579-0100000@vorlon.mankato.msus.edu>


On Sun, 10 Jul 1994 rishab at dxm.ernet.in wrote:

> You can't ftp _in_ to my SLIP node, but I can ftp it to some place convenient.
> Compressed, it should be about 200k (ZIP).

If you want, slam them into /incoming on my site (vorlon.mankato.msus.edu)
and I'll move it to /pub/cypherpunks (drop me a line when you do). 

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From tcmay at netcom.com  Tue Jul 12 21:55:53 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 21:55:53 PDT
Subject: Pseudonymous ID cards?
In-Reply-To: <9407130403.AA13396@federal-excess.apple.com>
Message-ID: <199407130455.VAA16210@netcom9.netcom.com>



> I've seen articles about that here and/or sci.crypt and places like that.
> If you think in terms of cryptographic authentication of smaller pieces of
> information instead of a card that can reveal all about someone, it isn't

This is mostly David Chaum's work on "blinded credentials." His paper
in the Proceedings of the First Computers, Freedom and Privacy
Conference summarizes this stuff well.

Virtually no practical progress has been made. Nor have Cypherpunks
worked on this. (That I know of.)

> would have access to it. The bad thing about this is that it still makes it
> easy for the government to require that we all carry around a card that
> tells everything about us and makes access to all that only a matter of
> legal authorization. I don't want a society where my cryptographically
> secured private information is required to be shown at every police
> seatbelt/alcohol/immigrant/drug/pedophilia/sedition checkpoint.
> 
>  -- sidney <sidney at apple.com>

Good points. Personally, I see no need for any credentials at all.
Too young to watch R-rated movies? Not _my_ problem. Too young to
drink? Not _my_ problem.

About the only thing I support is a law regarding dangerous driving
(whether due to senility, alcohol, or stupidity). If an accident is
caused this way, jail the perps right on the spot and, in severe cases
of stupidity, give them a trial within a few days and execute or
imprison them if they're guilty.

Sounds harsh, but if shifts things away from having to carry
meaningless "proofs of permission," in the form of various licenses,
permits, etc., and toward the direction of deterring and punishing.

Ditto for "tax compliance cards," "permitted to see violent movies
cards," and so on. No need. And no need to worry about letting
immigrants in *if* there are no public programs, no subsidized
programs, no handouts (except those individuals and groups want to
have).

Sure, some lazy slobs will starve. Good riddance.

This is why I'm interested in crypto: a technological hammer to smash
the State.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mimir at io.com  Tue Jul 12 22:40:31 1994
From: mimir at io.com (Al Billings)
Date: Tue, 12 Jul 94 22:40:31 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
In-Reply-To: <199407130221.TAA17224@netcom5.netcom.com>
Message-ID: <Pine.3.89.9407130041.D4417-0100000@pentagon.io.com>


On Tue, 12 Jul 1994, Timothy C. May wrote:

> But the discussions on Sunday (some of stayed over, due to the long
> distances back to our homes, or as with Vernor, in lieu of a night in
> a hotel) touched on point of interest to our list.

[ ... some deleted ... ]

> Wormholes, reversible computation, the 7,000-Cray NSA computer, the
> problems with nanotech, the problems with AI, the Tines and the
> Powers, the Extropians group (Vernor was curious), the Singularity,
> and the implications of the OJ Simpson case were a few of the
> topics. (Yes, several of us had "wasted" our time watching this
> case. Me, I think it's drama of truly Shakespearean proportions, and
> should not be "dissed" just becuase it's getting more attention than
> the Rhwandans and Haitians are getting...not to mention the boring
> Bosnians.)

Did Vinge have anything of interest to the list to say that you could 
pass on?

Wes thu hal,
Al Billings






From tcmay at netcom.com  Tue Jul 12 23:30:14 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 12 Jul 94 23:30:14 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
In-Reply-To: <Pine.3.89.9407130041.D4417-0100000@pentagon.io.com>
Message-ID: <199407130630.XAA00700@netcom9.netcom.com>



> > Wormholes, reversible computation, the 7,000-Cray NSA computer, the
> > problems with nanotech, the problems with AI, the Tines and the
> > Powers, the Extropians group (Vernor was curious), the Singularity,
> > and the implications of the OJ Simpson case were a few of the
> > topics. (Yes, several of us had "wasted" our time watching this
> > case. Me, I think it's drama of truly Shakespearean proportions, and
> > should not be "dissed" just becuase it's getting more attention than
> > the Rhwandans and Haitians are getting...not to mention the boring
> > Bosnians.)
> 
> Did Vinge have anything of interest to the list to say that you could 
> pass on?
> 
> Wes thu hal,
> Al Billings

Al is not the only person to ask.

I mentioned the topics we talked about. But he did not speak in
Zarathustra-like aphorisms. Nothing specific to quote, as he wasn't
giving a lecture and we weren't taking notes.

He's working on a sequel to "A Fire Upon the Deep," is writing a story
set deep in the Slow Zone (the Oprah Zone?), and is getting a lot of
publisher attention. 

He had some funny things to say about San Diego State, where he
teaches in the CS department. Ironically, there was a "cyberpunk"
conference held there, and VV was not invited (or was overlooked) So
Bear and Brin, friends of his, kept asking pointedly, "Where's
Vernor?"

On the Singularity, I've already said a fair amount.

He was very interested to hear about the Cypherpunks--he said he'd
gotten some articles forwarded to him. He may attend the September
meeting by M-BONE...Eric Hughes plans to contact Phil Karn to see if a
San Diego hookup is possible for that meeting. (The September meeting,
as we discussed at the CP meeting on Saturday, will be a special recap
of progress, the Second Anniversary meeting.)

This is all I can write for now. Oh, I made it clear to him on several
occasions just how important "True Names" was to the formation of my
own ideas about crypto anarchy (I first discovered it in a
passed-around Xerox samizdat in 1986).

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From harmon at tenet.edu  Tue Jul 12 23:51:55 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Tue, 12 Jul 94 23:51:55 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
In-Reply-To: <199407130630.XAA00700@netcom9.netcom.com>
Message-ID: <Pine.3.89.9407130102.C12390-0100000@Joyce-Perkins.tenet.edu>



Where is Mecca?

On Tue, 12 Jul 1994, Timothy C. May wrote:

> 
> > > Wormholes, reversible computation, the 7,000-Cray NSA computer, the
> > > problems with nanotech, the problems with AI, the Tines and the
> > > Powers, the Extropians group (Vernor was curious), the Singularity,
> > > and the implications of the OJ Simpson case were a few of the
> > > topics. (Yes, several of us had "wasted" our time watching this
> > > case. Me, I think it's drama of truly Shakespearean proportions, and
> > > should not be "dissed" just becuase it's getting more attention than
> > > the Rhwandans and Haitians are getting...not to mention the boring
> > > Bosnians.)
> > 
> > Did Vinge have anything of interest to the list to say that you could 
> > pass on?
> > 
> > Wes thu hal,
> > Al Billings
> 
> Al is not the only person to ask.
> 
> I mentioned the topics we talked about. But he did not speak in
> Zarathustra-like aphorisms. Nothing specific to quote, as he wasn't
> giving a lecture and we weren't taking notes.
> 
> He's working on a sequel to "A Fire Upon the Deep," is writing a story
> set deep in the Slow Zone (the Oprah Zone?), and is getting a lot of
> publisher attention. 
> 
> He had some funny things to say about San Diego State, where he
> teaches in the CS department. Ironically, there was a "cyberpunk"
> conference held there, and VV was not invited (or was overlooked) So
> Bear and Brin, friends of his, kept asking pointedly, "Where's
> Vernor?"
> 
> On the Singularity, I've already said a fair amount.
> 
> He was very interested to hear about the Cypherpunks--he said he'd
> gotten some articles forwarded to him. He may attend the September
> meeting by M-BONE...Eric Hughes plans to contact Phil Karn to see if a
> San Diego hookup is possible for that meeting. (The September meeting,
> as we discussed at the CP meeting on Saturday, will be a special recap
> of progress, the Second Anniversary meeting.)
> 
> This is all I can write for now. Oh, I made it clear to him on several
> occasions just how important "True Names" was to the formation of my
> own ideas about crypto anarchy (I first discovered it in a
> passed-around Xerox samizdat in 1986).
> 
> --Tim May
> 
> 
> -- 
> ..........................................................................
> Timothy C. May         | Crypto Anarchy: encryption, digital money,  
> tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
> 408-688-5409           | knowledge, reputations, information markets, 
> W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
> Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
> "National borders are just speed bumps on the information superhighway."
> 





From MIKEINGLE at delphi.com  Wed Jul 13 00:10:19 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Wed, 13 Jul 94 00:10:19 PDT
Subject: MAKE.MONEY.FAST
Message-ID: <01HEN3NDGJU08X1236@delphi.com>


It looks like Micali struck it rich with Clipper and his key-escrow
patents. Want to get rich? Read up on digicash, then design a digicash
system with "escrowed identity", meaning you are untraceable until the
government uses an escrowed key to identify you. The bank acting on
its own cannot identify you, nor can the stores. Patent your system.
When the government and the banks try to introduce such a system,
threaten to sue them. They will pay you off just like they did Micali.

--- Mike
  





From bart at netcom.com  Wed Jul 13 01:00:09 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Wed, 13 Jul 94 01:00:09 PDT
Subject: Wasting bandwidth
In-Reply-To: <Pine.3.89.9407130102.C12390-0100000@Joyce-Perkins.tenet.edu>
Message-ID: <199407130800.BAA23160@netcom2.netcom.com>



    83 lines of quotation for one line of sarcasm ?  
    




From rjc at gnu.ai.mit.edu  Wed Jul 13 01:53:56 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Wed, 13 Jul 94 01:53:56 PDT
Subject: FWD: Netbank
In-Reply-To: <199407130659.AA07666@eris.cs.umb.edu>
Message-ID: <9407130853.AA09338@geech.gnu.ai.mit.edu>



  When I read the first few paragraphs, I thought it was interesting,
but as I got to the details, I was quickly disappointed. Serial
number based cash with *no* authentication? I could have hacked
this protocol up with perl in less than 24 hours. The mailing list
already has a sort of "e-cash" built in keyed by e-mail address and
password instead of serial number. 

  No encryption ready yet? They should have waited. If this system
were to go into large scale use, I'd be tempted to try and forge
their ecash and eavesdrop on other people's mail.  This system is
an accident waiting to happen and if it got subverted, it would
just provide evidence to bureaucrats that we need laws protecting
us in cyberspace and the government should start its own ecash on
the net.

  Somebody point these guys to the IMP list.

-Ray







From werner at mc.ab.com  Wed Jul 13 04:30:30 1994
From: werner at mc.ab.com (tim werner)
Date: Wed, 13 Jul 94 04:30:30 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
Message-ID: <199407131130.HAA12610@sparcserver.mc.ab.com>


>From: tcmay at netcom.com (Timothy C. May)
>Date: Tue, 12 Jul 1994 19:21:04 -0700 (PDT)
>
>Some random comments that may interest some of you.
>
> I read '1984" when I was in the 7th grade, in
>1966, probably before many of you were born.)

I read it in 1965, I think.  When I was in the 9th grade.


>Sorry if this message seems too personal, but I felt the urge to
>"share."
>
>And at least it's not a forward.

Yes, but you did have a double signature. :)

tw





From perry at imsi.com  Wed Jul 13 05:35:20 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 13 Jul 94 05:35:20 PDT
Subject: NATIONAL SECURITY PORN RISK
In-Reply-To: <Pine.3.87.9407121754.A9926-0100000@crl5.crl.com>
Message-ID: <9407131234.AA12940@snark.imsi.com>



Sandy Sandfort says:
> C'punks,
> 
> Does anyone on the Cypherpunks Channel have any inside information about 
> the "computer porn ring" that was busted at Lawrence Livermore Labs?  Is 
> there a crypto tie-in?

The information superhighway, and the freedom of America, is
threatened by a couple of government employees looking at dirty
pictures. PRI's (formerly APRs) oh-so-statist "business" news radio
program "Marketplace" had a story on this last night. Naturally, they
had on the LA reporter who uncovered the shocking fact that some
American's like looking at pictures of naked people having sex, and
that the internet can be used for this purpose as well as paper
magazines. Naturally, said reporter was shocked and just HAD to tell
the bosses of the perpetrators of this horrible crime against
humanity.  Naturally, the word "pedophilia" arose in the discussion.

Perry






From perry at imsi.com  Wed Jul 13 06:33:34 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 13 Jul 94 06:33:34 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
In-Reply-To: <199407130630.XAA00700@netcom9.netcom.com>
Message-ID: <9407131332.AA13124@snark.imsi.com>



Timothy C. May says:
> He was very interested to hear about the Cypherpunks--he said he'd
> gotten some articles forwarded to him. He may attend the September
> meeting by M-BONE...Eric Hughes plans to contact Phil Karn to see if a
> San Diego hookup is possible for that meeting.

Considering that we couldn't manage to get JI and Matt Blaze on for
the swIPe session, if anyone really wants to do this it should be
worked on several days in advance of the meeting...

Perry





From pstemari at bismark.cbis.com  Wed Jul 13 06:44:18 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Wed, 13 Jul 94 06:44:18 PDT
Subject: NATIONAL SECURITY PORN RISK
In-Reply-To: <Pine.3.89.9407122123.C5677-0100000@unix1.netaxs.com>
Message-ID: <9407131343.AA24076@focis.sda.cbis.COM>


>  "Computer at Nuclear Lab Used for Access to Porn"
> [ snip ]
> -- Excerpt --
> One computer expert, who requested anonymity, said there might be more
> to the incident than meets the eye.  The expert suggested that the hard-core
> pornography may be a cover for an ultra-sophisticated espionage program,
> in which a "sniffer" program combs through other Livermore computers,
> encodes the passwords and accounts it finds, and then hides them within
> the pornographic images, perhaps to be downloaded by foreign agents.
> -- End excerpt --
> 
> 	It's a Steganography reference. This sets off my warning bells -- 
> why would they explicitly mention the Stego technique, unless possibly it 
> was used in the porn ring there? Granted, Stego makes good journalism 
> fodder ("Hide your encrypted nuclear bomb plans in porn GIFs from the 
> Internet!"), but it's definitely not as sexy [sic] as "Taxpayer-funded 
> computers used in secret porn ring!" Anybody know exactly what was going 
> on at LLL? We can't get papers easily up here. :(

Of course, any machine with classified info on it would neither be on
the net nor would it be connected to one that was.

	--Paul





From jgostin at eternal.pha.pa.us  Wed Jul 13 07:08:29 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 13 Jul 94 07:08:29 PDT
Subject: Singularity... what is it?
Message-ID: <940713092920G7Yjgostin@eternal.pha.pa.us>


tcmay at netcom.com (Timothy C. May) writes:

> On the Singularity, I've already said a fair amount.
What _is_ Singularity? It's not a term I'm familiar with.

                                             --Jeff





From perry at imsi.com  Wed Jul 13 07:25:17 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 13 Jul 94 07:25:17 PDT
Subject: MAKE.MONEY.FAST
In-Reply-To: <01HEN3NDGJU08X1236@delphi.com>
Message-ID: <9407131424.AA13455@snark.imsi.com>



Mike Ingle says:
> It looks like Micali struck it rich with Clipper and his key-escrow
> patents. Want to get rich? Read up on digicash, then design a digicash
> system with "escrowed identity", meaning you are untraceable until the
> government uses an escrowed key to identify you. The bank acting on
> its own cannot identify you, nor can the stores. Patent your system.
> When the government and the banks try to introduce such a system,
> threaten to sue them. They will pay you off just like they did Micali.

I'm afraid that you just published the idea, Mike, so only you can
patent it in the US during the next 12 months. Outside the US, its now
unpatentable.

Perry





From sidney at taurus.apple.com  Wed Jul 13 07:38:50 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Wed, 13 Jul 94 07:38:50 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <9407131437.AA21298@federal-excess.apple.com>


> Does anyone on the Cypherpunks Channel have any inside information about
> the "computer porn ring" that was busted at Lawrence Livermore Labs?  Is
> there a crypto tie-in?

>From the meager facts in the front page article in the San Jose Mercury
News, this whole thing could be as simple as an employee archiving two
gigabytes of alt.binaries.pictures.erotica on an unused disk volume and
setting up a passworded account for people who knew about it to ftp them.
Nobody can put that kind of stuff on an anonymous ftp site because the
traffic volume grows too high, and I would expect that such stuff is
against LLL policy, so anyone who wanted to provide an archive site would
have to only tell a few people who would tell a few people who ... and
eventually a reporter for the LA Times thought that he had discovered a
scoop.

The real news here is that the major daily newspaper in Silicon Valley
could print a front page story which goes from talking about an LLL
employee who was archiving erotic pictures to talking about software piracy
on BBS's and the internet to referring to the people who ftp'd the pictures
as "pirates" and lumping the pictures and the software together as
"illegal" material and then raising some vague issues of national security
by quoting an "anonymous computer expert" as saying that people could have
used the pictures to transmit secret information (with nothing to indicate
that there was any reason to think that anyone did). If the article had
been printed in the National Enquirer it would be funny. In the mainstream
press I find it frightening. Especially coming at the same time as reports
of Clinton's support of a national data/id card and our governor's
volunteering of my privacy to beta test it.

Is it time to move out of here? Does anyone have any suggestions of
countries where things are better, not likely to get much worse as the U.S.
decides to spread its brand of "democracy" even more universally, and which
have not closed their doors to refugees from America?

 -- sidney markowitz <sidney at apple.com>
    [In a pretty down mood at the moment]









From perry at imsi.com  Wed Jul 13 07:49:20 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 13 Jul 94 07:49:20 PDT
Subject: Singularity... what is it?
In-Reply-To: <940713092920G7Yjgostin@eternal.pha.pa.us>
Message-ID: <9407131449.AA13570@snark.imsi.com>



Jeff Gostin says:
> tcmay at netcom.com (Timothy C. May) writes:
> 
> > On the Singularity, I've already said a fair amount.
> What _is_ Singularity? It's not a term I'm familiar with.

The notion that the rate of progress is increasing, and the increase
in the rate is also increasing, so at some point in the next century
more change will occur per hour than occurred in all of human history
to, say, now. "The Singularity" is the point at which the world
becomes not merely odd but incomprehensable TO US. Presumably those
alive at the time will not really notice.

Perry





From mpj at netcom.com  Wed Jul 13 09:06:56 1994
From: mpj at netcom.com (Michael Paul Johnson)
Date: Wed, 13 Jul 94 09:06:56 PDT
Subject: Where to get the latest Pretty Good Privacy (PGP) FAQ
Message-ID: <Pine.3.89.9407130903.A16372-0100000@netcom4>


-----BEGIN PGP SIGNED MESSAGE-----


WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 13 June 1994 by Mike Johnson)

WHAT IS THE LATEST VERSION?

There is more than one latest version.  Pick one or more of the following
that best suits your computer, patent restrictions, and export restrictions.
Some countries (like France) may also restrict import or even use of strong
cryptography like PGP.

 |-----------------|--------------|-------------|---------------------|
 | Platform(s)     | Countries    | Allowed Use | Latest Version      |
 |-----------------|--------------|-------------|---------------------|
 | DOS, Unix,      | USA & Canada | Commercial  | Viacrypt PGP 2.7    |
 | or WinCIM/CSNav |              | Personal    |                     |
 |                 |              | Research    |                     |
 |-----------------|--------------|-------------|---------------------|
 | DOS, Unix, Mac, | USA & Canada | Personal    | MIT PGP 2.6         |
 | OS/2, others    |              | Research    |                     |
 |-----------------|--------------|-------------|---------------------|
 | DOS, Unix, Mac, | Most of the  | Personal    | PGP 2.6ui           |
 | OS/2, others    | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Mac Applescript | Most of the  | Personal    | MacPGP 2.6ui v 1.2  |
 |                 | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Mac Applescript | USA          | Research    | MacPGP 2.6ui v 1.2  |
 |-----------------|--------------|-------------|---------------------|
 | Amiga           | Most of the  | Personal    | Amiga PGP 2.6 b0.6  |
 |                 | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Amiga           | USA          | Personal    | Amiga PGP 2.6 0b0.6 |
 |                 |              | Research    |                     |
 |-----------------|--------------|-------------|---------------------|
 | Atari           | Most of the  | Personal    | Atari PGP 2.3a      |
 |                 | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Atari           | USA          | Research    | Atari PGP 2.3a      |
 |-----------------|--------------|-------------|---------------------|
 | Any of the      | Countries    | Commercial  | Any of the above    |
 | above           | where IDEA   | Personal    |                     |
 |                 | is not       | Research    |                     |
 |                 | patented and |             |                     |
 |                 | cryptography |             |                     |
 |                 | is not       |             |                     |
 |                 | restricted.  |             |                     |
 |-----------------|--------------|-------------|---------------------|

Note:  there are other versions available, but these are either old, or
outside of the mainstream PGP project.  Look for new versions from one of
three sources:  Viacrypt (Commercial), MIT (North American freeware), or
mathew at mantis.co.uk (the unofficially non-designated holder of the unofficial
international version that parallels what Philip Zimmermann and the rest of
the PGP development team is doing in the USA.


WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS?

For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip

The practical meaning, until the law is corrected to make sense, is that you
are requested to get PGP from sites outside of the USA and Canada if you are
outside of the USA and Canada.  If you are in France, I understand that you
aren't even supposed import it.  Other countries may be worse.


WHERE CAN I GET VIACRYPT PGP?

Versions are available for DOS, Unix, or WinCIM/CSNav
Commercial software.  Call 800-536-2664 to order.

If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA.  The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate environments in the USA and Canada.  It is fully
compatible with, functionally the same as, and just as strong as the freeware
version of PGP. Due to limitations on ViaCrypt's RSA distribution license,
ViaCrypt only distributes executable code and documentation for it, but they
are working on making PGP available for a variety of platforms.  Call or
write to them for the latest information.  The latest version number for
their version of PGP is 2.7.

Upgrade from Viacrypt PGP 2.4 to 2.7 is free if you bought version 2.4 after
May 27, 1994, otherwise the upgrade is US$10.

Viacrypt's licensing and price information is as follows:

ViaCrypt PGP for MS-DOS             1 user        $  99.98
ViaCrypt PGP for MS-DOS             5 users       $ 299.98
ViaCrypt PGP for MS-DOS       20 users or more, call ViaCrypt


ViaCrypt PGP for UNIX               1 user        $ 149.98
ViaCrypt PGP for UNIX               5 users       $ 449.98
ViaCrypt PGP for UNIX         20 users or more, call ViaCrypt

ViaCrypt PGP for WinCIM/CSNav       1 user        $ 119.98
ViaCrypt PGP for WinCIM/CSNav       5 user        $ 359.98
ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt

If you wish to place an order please call 800-536-2664 during the
hours of 8:30am to 5:00pm MST, Monday - Friday.  They accept VISA,
MasterCard, AMEX and Discover credit cards.

If you have further questions, please feel free to contact:
 Paul E. Uhlhorn
 Director of Marketing, ViaCrypt Products
 Mail:          2104 W. Peoria Ave
                Phoenix AZ 85029
 Phone:         (602) 944-0773
 Fax:           (602) 943-2601
 Internet:      viacrypt at acm.org
 Compuserve:    70304.41


WHERE CAN I GET MIT PGP?

MIT PGP is Copyrighted freeware.
Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp
to net-dist.mit.edu and change to the hidden directory named in the telnet
session to get your own copy.

MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws).

1.  Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2.  Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3.  Telnet to net-dist.mit.edu and log in as getpgp.
4.  Answer the questions and write down the directory name listed.
5.  QUICKLY end the telnet session with ^C and ftp to the indicated directory
    on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
    the distribution files (pgp26.zip, pgp26doc.zip, pgp26src.tar.gz,
    MacPGP2.6.sea.hqx, and MacPGP2.6.src.sea.hqx).
    If the hidden directory name is invalid, start over at step 3, above.

File names (shortened file names are for DOS BBS distribution):
pgp26doc.zip - documentation only
pgp26.zip    - includes DOS executable & documentation
pgp26src.zip - source code
pgp26src.tar or pgp26src.tar.gz - source code release for Unix and others
macpgp26.hqx or MacPGP2.6.sea.hqx - Macintosh executable & documentation
macpgp26.src or MacPGP2.6.src.sea.hqx - Macintosh source code
mcpgp268.hqx or MacPGP2.6-68000.sea.hqx - Macintosh executable for 68000
pgp26os2.zip - OS/2 executable (may not be on the MIT archive)


RSA and IDEA algorithms licenced for personal and noncommercial use.
Uses RSAREF, which may not be modified without RSADSI permission.
Contains "time bomb" to start generating messages incompatible with PGP 2.3
and 2.4 on 1 September 1994 as an incentive for people to not use PGP 2.3a in
the USA, which RSADSI claims infringes on their patents.  Mac versions are
not yet Applescriptable.  This version is not intended for export from the
USA and Canada due to the USA's International Traffic in Arms Regulations and
Canada's corresponding regulations.

You can also get MIT PGP 2.6 from:

ftp.csn.net/mpj
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar.gz
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/mac
        MacPGP2.6.sea.hqx
        MacPGP2.6.src.sea.hqx
        MacPGP2.6-68000.sea.hqx
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/amiga/
        pgp26-amiga0b0.6-000.lha
        pgp26-amiga0b0.6-020.lha
        pgp26-amiga0b0.6-src.lha
        amiga.txt
    See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
    See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
    export control methods.

ftp.netcom.com/pub/mpj
    ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip
ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar.gz
    ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/
        MacPGP2.6.sea.hqx
    ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/
        MacPGP2.6.src.sea.hqx
        MacPGP2.6-68000.sea.hqx
    See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ???????
    See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this
    site's export control methods.
    TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com
    containing the word HELP in the body of the message for instructions.
    You will have to work quickly to get README.MPJ then the files before
    the ??????? part of the path name changes again (several times a day).

ftp.eff.org
    Follow the instructions found in README.Dist that you get from one of:
    ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
    gopher.eff.org, 1/Net_info/Tools/Crypto
    gopher://gopher.eff.org/11/Net_info/Tools/Crypto
    http://www.eff.org/pub/Net_info/Tools/Crypto/

COMPUSERVE

The NCSA Forum sysops have a library that is available only to people who
send them a message asserting that they are within the U. S. A.  This library
contains PGP.  I have also seen PGP 2.6 in some other places on Compuserve.
Try searching for PGP26.ZIP in the IBMFF forum for up-to-date information on
PGP in selected other areas.  The last time I tried a search like this, PGP
2.6 was found in the PC World Online forum (GO PWOFORUM) new uploads area,
along with several PGP shells and accessories.  I've also heard that
EUROFORUM caries PGP 2.6ui, but have not confirmed this.

Compuserve file names are even more limited than DOS, so the file names to
look for are PGP26.ZIP, PGP26S.ZIP (source code), and PGP26D.ZIP
(documentation only).


Colorado Catacombs BBS
    Mike Johnson, sysop
    Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
    Also the home of some good Bible search files and some shareware written
    by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR,
    DELETE, PROVERB, SPLIT, ONEPAD, etc.
    v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
    8 data bits, 1 stop, no parity, as fast as your modem will go.
    Use ANSI terminal emulation, of if you can't, try VT-100.
    Free access to PGP.  If busy or no answer, try again later.
    Log in with your own name, or if someone else already used that, try
    a variation on your name or pseudonym.  You can request access to
    crypto software on line, and if you qualify legally under the ITAR,
    you can download on the first call.
    Download file names:  pgp26.zip (DOS version with documentation)
                          pgp26src.tar (Unix version and source code)
                          pgp26doc.zip (Documentation only -- exportable)
                          macpgp26.hqx (MacPGP executables, binhexed .sea)
                          macpgp26.src (MacPGP source, binhexed .sea)
                          mcpgp268.hqx (MacPGP executables, binhexed .sea for
                                        68000 processor).
    (303) 772-1062  Longmont, Colorado number - 2 lines.
    (303) 938-9654  Boulder, Colorado number forwarded to Longmont number
                    intended for use by people in the Denver, Colorado area.
    Verified: This morning.

    Hieroglyphics Voodoo Machine (Colorado)
    Jim Still (aka Johannes Keppler), sysop.
    DOS, OS2, and Mac versions.
    (303) 443-2457
    For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
    with the password "NEW" (good for 30 minutes access to free files).

Other BBS and ftp sites do have these files, as well.  I noticed that
PGP26.ZIP is being distributed on FIDONET.


WHERE CAN I GET PGP FOR USE OUTSIDE OF THE USA?

The latest for outside the USA is the "Unofficial International" PGP 2.6 for
most platforms, MacPGP 2.3aV1.2 for the Mac (although 2.6ui is under
development and should appear very soon), and 2.3a3 for the Amiga.  The
latest amiga version is fully compatible with MIT's PGP 2.6.

Copyrighted freeware.
Version 2.6ui released by mathew at mantis.co.uk.
Amiga version 2.3a3 released by Peter Simons <simons at peti.gun.de>

These versions do NOT use RSAREF.  No RSA patent problems outside the USA, but
this version is not legal for commercial or extensive personal use in the
USA.  IDEA licensed for presonal use only in countries where the IDEA patent
holds.

The freeware version of PGP is intended for noncommercial, experimental, and
scholarly use.  It is available on thousands of BBSes, commercial information
services, and Internet anonymous-ftp archive sites on the planet called
Earth.  This list cannot be comprehensive, but it should give you plenty of
pointers to places to find PGP.  Although the latest freeware version of PGP
was released from outside the USA (England), it is not supposed to be
exported from the USA under a strange law called the International Traffic in
Arms Regulations (ITAR).  Because of this, please get PGP from a site outside
the USA if you are outside of the USA and Canada.  Even though the RSAREF
license associated with PGP 2.6 from MIT no longer prohibits use outside the
USA, it still carries the not-for-profit restriction that the original RSA
code in PGP 2.6ui doesn't have.  On the other hand, patents on the IDEA
cipher may limit PGP use in your country to nonprofit applications, anyway.
Indeed, I understand that there are some countries where private electronic
mail is not legal, anyway.

These listings are subject to change without notice.  If you find that PGP has
been removed from any of these sites, please let me know so that I can update
this list.  Likewise, if you find PGP on a good site elsewhere (especially on
any BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list.

Source code (gzipped tar format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz
     * _IT:_
      ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz.sig.gz
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz.sig.gz

Source code (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.sig
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.zip
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26uis.zip

Executable for DOS (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.sig
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.zip

MacIntosh:
     * _DE:_
         ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/mac
               /MacPGP2.6ui_beta.sit.hqx
     * _IT:_
ftp://ftp.dsi.unimi.it/pub/security/PGP/MacPGP2.6ui_V1.2sources.cpt.hqx

Other sites to look for the above mentioned files at:

    ftp.informatik.uni-hamburg.de
      /pub/virus/crypt/pgp
      This site has most, if not all, of the current PGP files.

    ftp.wimsey.bc.ca
        /pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP
        (U. S. and Canadian users only)
        See /pub/crypto/software/README for the characters for XXXXXXXX
        This site has all public releases of the freeware PGP from 1.0 through 2.6 and
        2.6ui.

    black.ox.ac.uk  (129.67.1.165)
        /src/security/pgp26uix.zip    (MS-DOS executables & docs)
        /src/security/pgp26uis.zip    (Unix, MS-DOS, VMS, Amiga sources,
                                      docs, info on building PGP into
                                      mailers, editors, etc.)
                                      There are several other versions of PGP
                                      here, including the MIT release.

    ftp.csn.net
      /mpj/public/pgp/ contains PGP shells, faq documentation, language kits.

    ftp.netcom.com
      /pub/dcosenza -- Some crypto stuff, sometimes includes PGP.
      /pub/gbe/pgpfaq.asc -- frequently asked questions answered.
      /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
                     well.  PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
                     Steganograpy software list. MacUtilites for use with
                     MacPGP.  Stealth1.1 + other steganography programs.
                     Send mail to qwerty at netcom.com with the subject
                     "Bomb me!" to get the PGP FAQ and MacPGP guide if you
                     don't have ftp access.

    ftp.ee.und.ac.za
      /pub/crypto/pgp
    soda.berkeley.edu
      /pub/cypherpunks/pgp (DOS, MAC)
    ftp.demon.co.uk
      /pub/amiga/pgp
      /pub/archimedes
      /pub/pgp
      /pub/mac/MacPGP
    ftp.informatik.tu-muenchen.de
    ftp.funet.fi
    ftp.dsi.unimi.it
      /pub/security/crypt/PGP
    ftp.tu-clausthal.de (139.174.2.10)
    wuarchive.wustl.edu
      /pub/aminet/util/crypt
    src.doc.ic.ac.uk (Amiga)
      /aminet
      /amiga-boing
    ftp.informatik.tu-muenchen.de
      /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
    iswuarchive.wustl.edu
      pub/aminet/util/crypt (Amiga)
    nic.funet.fi  (128.214.6.100)
        /pub/crypt/pgp23A.zip
        /pub/crypt/pgp23srcA.zip
        /pub/crypt/pgp23A.tar.Z
    ftp.uni-kl.de (131.246.9.95)
    qiclab.scn.rain.com (147.28.0.97)
    pc.usl.edu (130.70.40.3)
    leif.thep.lu.se (130.235.92.55)
    goya.dit.upm.es (138.4.2.2)
    tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
    ftp.etsu.edu (192.43.199.20)
    princeton.edu (128.112.228.1)
    pencil.cs.missouri.edu (128.206.100.207)

StealthPGP:

    The Amiga version can be FTP'ed from the Aminet in
    /pub/aminet/util/crypt/ as StealthPGP1_0.lha.

Also, try an archie search for PGP using the command:

    archie -s pgp26  (DOS & Unix Versions)
    archie -s pgp2.6 (MAC Versions)

ftpmail:

For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you.  For information on
this service, send a message saying "Help" to ftpmail at decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.

Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv at nic.funet.fi:

    ENCODER uuencode
    SEND pub/crypt/pgp23srcA.zip
    SEND pub/crypt/pgp23A.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours.  Save and uudecode.

For the ftp sites on netcom, send mail to ftp-request at netcom.com containing
the word HELP in the body of the message.


World Wide Web URLs:

(Thanks to mathew at mantis.co.uk)

     _________________________________________________________________

  MACPGP 2.3

    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx
     * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3.cpt.hqx
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx
     * _US:_
       ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz

    Source code

   Requires Think C.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx --
       version 2.2 only
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3src.sea.hqx.pgp
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h
       qx.pgp

    Documentation

   PGP is rather counter-intuitive to a Mac user. Luckily, there's a
   guide to using MacPGP in
   ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
     _________________________________________________________________

  OS/2 PGP

   You can, of course, run the DOS version of PGP under OS/2.

     * _DE:_
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/2.6ui/pgp26ui-os2.zip

     * _US:_
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip
ftp://ftp.csn.net/mpj/README.MPJ for the ???????


     _________________________________________________________________

  AMIGA PGP 2.3
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_3.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_3.lha

    Source
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a3_src.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a3_src.lha


     _________________________________________________________________

  ARCHIMEDES PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a


     _________________________________________________________________

  DOCUMENTATION ONLY

     * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip


     _________________________________________________________________

  LANGUAGE MODULES

   These are suitable for most PGP versions.  I am not aware of any
   export/import restrictions on these files.

    German
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha

    Italian
     * _IT:_
     ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz
     * _FI:_
     ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz

    Japanese
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz

    Lithuanian
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip

    Russian
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version)
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version)
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip

    Spanish
     * _IT:_
     ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz

    Swedish
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt


     _________________________________________________________________

  OTHER SITES

   Some cryptographic software is available from
   ftp://van-bc.wimsey.bc.ca/pub/crypto/software/.
   Read the README file and proceed from there.


BBS sites:

    Colorado Catacombs BBS
    (See also the entry above for PGP 2.6)
    (303) 772-1062 Longmont, Colorado (2 lines)
    (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line)
    For free access: log in with your own name, answer the questions, then
    select [Q]uestionaire 3 from the [M]ain menu.
    Verified: This morning.

    Hieroglyphics Voodoo Machine (Colorado)
    Jim Still (aka Johannes Keppler), sysop.
    DOS, OS2, and Mac versions.
    (303) 443-2457
    Verified: 5-2-94
    For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
    with the password "NEW" (good for 30 minutes access to free files).

    Exec-Net (New York)
    Host BBS for the ILink net.
    (914) 667-4567

    The Ferret BBS (North Little Rock, Arkansas)
    (501) 791-0124   also   (501) 791-0125
    Special PGP users account:
    login name: PGP USER
    password:   PGP
    This information from: Jim Wenzel <jim.wenzel at grapevine.lrk.ar.us>

If you find a version of the PGP package on a BBS or FTP site and it does not
include the PGP User's Guide, something is wrong.  The manual should always
be included in the package.  If it isn't, the package is suspect and should
not be used or distributed.  The site you found it on should remove it so
that it does no further harm to others.


ARCHIE WHO?

There are many more sites.  You can use archie and/or other "net-surfing"
tools to find a more up-to-date listing, if desired.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei
jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe
ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR
tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu
G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU
1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc
37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk
LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8
bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk
gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV
sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm
paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N
SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0
5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o
bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+
tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo
YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg
dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4=
=rR4q
- -----END PGP PUBLIC KEY BLOCK-----

                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiQM2fX0zg8FAL9FAQEW9AQAxs3nPZ8LDGMtvzHCbIZ43fWWdeRUyzBE
/2MJJk/UBsKFGxUxtjXd5BCKhb1kCUaYvoixvn2WTMpDrVOw1bmok0p8olOcREb8
MFlM1hgrWY3pvn6xVLwKOaBjpuDLMfnm9jxyeA6LGozpDZGbUGTByHP+v/usb+tG
trf3UTg8kbg=
=eth8
-----END PGP SIGNATURE-----





From exabyte!gedora!mikej2 at uunet.uu.net  Wed Jul 13 09:50:14 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Wed, 13 Jul 94 09:50:14 PDT
Subject: Security for under a buck fifty
In-Reply-To: <aa489e5f0202101e958d@[129.219.97.131]>
Message-ID: <Pine.3.89.9407131001.A11584-0100000@gedora>



On Tue, 12 Jul 1994 uunet!asu.edu!Ben.Goren at gedora wrote:

> ... 
> The tradeoff is between number of characters needed (length of passphrase)
> and diversity of character set. I'd probably have better luck with the
> mnemonic if I didn't have to fit in a whole string of %*$@!, but that
> should probably be a user setting.

Good point.  I prefer the )*&^$!(~ stuff in there, but some may not.

> ... 
> Another possibility: have a dictionary of different parts of speech and
> assemble them in order. For a short example, each passphrase could be in an
> order such as:
> 
> Article adjective modifier noun verb article adjective modifier noun.

Good idea.

> Umph. I think I need to start making time to write code, if I want to see
> this work.

Go for it!





From tcmay at netcom.com  Wed Jul 13 09:54:43 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 13 Jul 94 09:54:43 PDT
Subject: The Glorious 1000-Year Kryptoreich
In-Reply-To: <9407131437.AA21298@federal-excess.apple.com>
Message-ID: <199407131654.JAA14944@netcom9.netcom.com>


Citizen-Unit Markowitz wrote this without permission:

> Is it time to move out of here? Does anyone have any suggestions of
> countries where things are better, not likely to get much worse as the U.S.
> decides to spread its brand of "democracy" even more universally, and which
> have not closed their doors to refugees from America?
> 
>  -- sidney markowitz <sidney at apple.com>
>     [In a pretty down mood at the moment]

Citizen-Unit Markowitz is hereby advised that his permission to exit
is being revoked. The New World Order mandates the widespread
deployment of DigiCash (TM--U.S. Department of Justice); your digital
account can then be cancelled upon receipt of Identity Revocation
Orders.

We shall triumph. It shall be a shining era of golden harmony and
meticulous order, mediated by the glistening bits of the digiverse.
All things in their places, and all actions for the good of the State.


--Kryptoreichkanzler Klaus! von Future Prime


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From gnu  Wed Jul 13 10:00:48 1994
From: gnu (gnu)
Date: Wed, 13 Jul 94 10:00:48 PDT
Subject: Workshop on privacy in computer supported cooperative work
Message-ID: <9407131700.AA17582@toad.com>


At least one person who understands crypto should go -- the other 
participants may not know what our technology makes possible.

Forwarded-by: Stanton McCandlish <mech at eff.org>
Forwarded-by: Phil Agre <pagre at weber.ucsd.edu>
Date: Fri, 24 Jun 1994 19:02:39 PDT
From: Lucy Suchman <suchman at parc.xerox.com>

                >>> Workshop Announcement <<<

     CRITICAL CONSIDERATIONS IN THE CREATION AND CONTROL OF
            PERSONAL/COLLECTIVE COMMUNICATIONS SPACES

             to be held in conjunction with the

   ACM 1994 Conference on Computer Supported Cooperative Work
                         (CSCW'94)

                Chapel Hill, North Carolina
                 Saturday, October 22, 1994

 sponsored by IFIP WG9.1 (Computers and Work) (pending approval)

                          organized by

                         Andrew Clement
                 Faculty of Information Studies
                      University of Toronto

                          Lucy Suchman
                    Systems and Practices Lab
                           Xerox PARC

                           Ina Wagner
                        Centre for CSCW
                 Technical University of Vienna


Themes and Goals:

The development of CSCW applications generally implies new ways of
recording and transmitting detailed information about individual users'
behaviour.  Frequently,this is associated with new forms of interpersonal
access.  This is the case for those working in settings as diverse as team
based manufacturing environments and the "media spaces" of corporate
research labs.  Even routine use of email poses still unresolved questions
about who has access to messages and under what conditions. Such new
communications capabilities pose the possibility of unwelcome intrusion and
exposure.  More generally, they can undermine the ability of individuals
and groups to negotiate control of information about themselves.  Personal
privacy may be threatened and the potential for CSCW technologies to support
collaboration impaired.

This workshop builds upon the experiences with the privacy workshop and
panel sessions held at CSCW'92 (see reports in SIGCHI Bulletin, October
1993, and especially, SIGOIS Bulletin, August 1993).   Whereas the former
workshop focused on identifying privacy issues, this one will emphasise
remedial responses.  In particular, it will explore theoretical and
practical considerations in developing various forms of communications
spaces under the control of the individuals and groups concerned.

The specific goals of this one day workshop are:
   - to further develop a network of researchers and practitioners who have
     an ongoing interest in the privacy and related implications of
     CSCW technologies
   - to explore the theoretical and practical aspects of defining
     manageable personal and group information spaces
     within CSCW applications
   - to consider possibilities for diverse forms of participation (and non-
     participation) in the use of communications media and technologically
     mediated workspaces
   - to elaborate a general framework to guide CSCW developers and
     implementors in creating applications that are sensitive to
     personal/collectiveinformation control concerns.

Planned Activities:

In the morning session, participants will explore in detail several
realistic scenarios involving privacy/accessibility issues.  These will
reflect a range of common/plausible situations by drawing upon prior
research and participants' written submissions. Discussions of each
scenario will focus on identifying the sources of concern, their basis in
technologies and/or social relations, and the ways in which potential
privacy violations may be avoided or diminished.  Design options
will be highlighted.

The afternoon session will identify and elaborate the general principles
that underlie the scenarios analysed earlier.  These will cover
recommendations and appropriate rationales that can guide the design of
technologies and inform working practices. The main product will be a set
of key ideas to incorporate in a report suitable for publication in
SIGCHI/SIGOIS Bulletins.


Organizer Backgrounds:

Andrew Clement's research has been on the social and organizational
implications of workplace computerization.  A central theme of this work
has been the ways in which users exercise control and are controlled
through computing technology.  He has written several papers on the subject
of electronic workplace surveillance and, as a participant in the Ontario
Telepresence project, is currently researching the privacy aspects of
media spaces.  He organized the privacy workshop at CSCW'92.  He is vice
chair of IFIP WG9.1 (Computers and Work).

Lucy Suchman's research concerns the social relations of computer systems
design and use, including studies of cooperative working practices in
technology-intensive workplaces.  Through her involvement in the CSCW and
Participatory Design communities, she has worked to develop more
use-oriented practices of systems design.  She was Program Chair for the
Second Conference on Computer-Supported Cooperative Work, and is engaged in
ongoing dialogues with the PARC/EuroPARC media space and ubiquitous
computing projects.

Ina Wagner is the Director of the Centre for CSCW at the Technical
University of Vienna.  Her recent research has focused on the political and
cultural aspects of software development practices and on time management
issues in medical teams. She was the principal organizer of the recent
IFIP WG9.1 NetWORKing Conference ("Connecting Workers In and Between
Organizations") and serves as the Working Group's chair.


Participant Selection:

Prospective participants are asked to submit a short position statement
(2-5 pages) describing their background, nature of interest in the workshop
themes (e.g. privacy, CSCW application development, what they consider to
be the primary issues and promising remedial approaches).  As part of this,
prospective participants are also encouraged to submit a brief scenario
description (2-3 pages), suitable for discussion in the workshop.  These
should describe a situation, preferably based on experience, which explores
a privacy concern in connection with the use of CSCW technologies. The
richer and more detailed the better.  Identities of individuals and
organizations should be suitably disguised.  Position statements and
scenarios will be distributed to participants in advance of the session.
Participants, to a maximum of 20, will be selected to promote a stimulating
mix of researchers, developers, implementors and users of CSCW
technologies.

Four copies of the position paper/scenario should be sent by August 15,
1994 to the contact person, Andrew Clement.  Please also email an ASCII
version. Invitations will be sent by August 29, 1994.  Be sure to include
your name, address, telephone number, email address and fax  number in your
submission.

The workshop will start at 8:30AM Saturday morning and last until 5PM.
The workshop fee is $50, which includes continental breakfast, lunch and
refreshment breaks.  The fee is payable at the conference.

Contact:

     Andrew Clement
     Faculty of Information Studies
     University of Toronto
     140 St George Street
     Toronto, Ontario
     Canada M5S 1A1
     clement at fis.utoronto.ca
     (416) 978-3111 (Office)
     (416) 971-1399 (Fax)





From jdwilson at gold.chem.hawaii.edu  Wed Jul 13 10:15:36 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Wed, 13 Jul 94 10:15:36 PDT
Subject: Kevin Mitnik
In-Reply-To: <Pine.3.85.9407061409.A10162-0100000@cor.sos.sll.se>
Message-ID: <9407131715.AA13353@gold.chem.hawaii.edu>



> 
> Years ago I read a 'hacker-book' that had a long section about the
> activities of Mr Mitnick in the 80's ('Zero' something?). I no nothing
> of his present doings. Some questions:

Read CyBerpunks - first story is about KM





From shabbir at panix.com  Wed Jul 13 10:32:15 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Wed, 13 Jul 94 10:32:15 PDT
Subject: House Rules Committee marks encryption bill as "open" (fwd)
Message-ID: <199407131719.AA10993@panix3.panix.com>


I phoned the House Rules comm. this morning.  They informed me that
the committee voted 5-4 earlier this week to allow amendments to the
General Export Administration Act on the House Floor.

This should allow a contingent to restore the strength to the act
on the House floor, should Rep. Maria Cantwell and her cosponsors
be able to muster the required votes.

It was obviously a close vote.  If you wrote in, know that your letter
probably helped to tip the scales.

-Shabbir




From doug at OpenMind.com  Wed Jul 13 10:41:38 1994
From: doug at OpenMind.com (Doug Cutrell)
Date: Wed, 13 Jul 94 10:41:38 PDT
Subject: Singularity... what is it?
Message-ID: <1B22E296546@BlueSky.OpenMind.com>


>Jeff Gostin says:

> What _is_ Singularity? It's not a term I'm familiar with.

Perry Metzger replies:

>The notion that the rate of progress is increasing, and the increase
>in the rate is also increasing, so at some point in the next century
>more change will occur per hour than occurred in all of human history
>to, say, now. "The Singularity" is the point at which the world
>becomes not merely odd but incomprehensable TO US. Presumably those
>alive at the time will not really notice.

This is not the only possible definition -- I wrote a paper in '84 defining
it as a singular event or change beyond which "all bets are off".  No
future events after that point can really be reasonably predicted on this
side of it.  For example, the sudden development of a "god-like" AI.  Or
the discovery of some medical treatment which increases human intelligence
two-fold... which is cheap and is widely distributed to everyone.

Not all of the possible singularities are good... I would call global
thermonuclear war a singularity, or the rise of a virus like AIDS, that
spreads like the common cold.

Sorry, this is getting pretty far away from subjects relevant to
cypherpunks.  The Extropian's list has been having a discussion recently
about the "singularity" of runaway AI development acceleration.  That list
is probably the appropriate place to look for more info...

Doug


___________________________________________________________________
Doug Cutrell                    General Partner
doug at OpenMind.com               Open Mind
===================================================================







From mech at eff.org  Wed Jul 13 10:54:32 1994
From: mech at eff.org (Stanton McCandlish)
Date: Wed, 13 Jul 94 10:54:32 PDT
Subject: House Rules Committee marks encryption bill as "open" (fwd)
Message-ID: <199407131754.NAA26888@eff.org>


Forwarded message:


From gnu at cygnus.com  Wed Jul 13 11:11:01 1994
From: gnu at cygnus.com (John Gilmore)
Date: Wed, 13 Jul 94 11:11:01 PDT
Subject: Final Call: USENIX Winter 1995 Technical Conference
Message-ID: <199407131810.LAA03957@cygnus.com>


This would be a good conference to submit a paper for.  Our own Peter
Honeyman chairs the program committee, and David Chaum is also on the
committee.  All that's needed on Monday is an extended abstract, not a
real paper (yet).

	John

To: kerberos at MIT.EDU
Date: 13 Jul 1994 13:42:38 GMT
From: honey at citi.umich.edu (peter honeyman)
Subject: Final Call: USENIX Winter 1995 Technical Conference

the deadline is monday.  at the sound of the bell, please put your pens
down and submit your paper.

see http://www.citi.umich.edu/u/honey/usenix.html for further info.

	peter

                    Announcement and Call for Submissions

                    USENIX Winter 1995 Technical Conference
                              January 16-20, 1995
                            New Orleans, Louisiana

CALL FOR SUBMISSIONS 

The USENIX Winter 1995 Technical Conference in New Orleans will be the only
broad-theme USENIX conference in 1995.  The emphasis for the USENIX Winter
1995 Conference is on state-of-the-art practice and research in personal,
distributed, and enterprise computing.

We seek original and innovative papers about the architecture and performance
of modern computing systems.  We are especially interested to hear reports on
practical experiences with such systems.  Of particular interest are such
topics as:

*  privacy and cryptography
*  personal digital assistant applications
*  enterprise-scale computing
*  kernelized operating systems
*  user interface toolkits
*  standards-based computing environments
*  file systems and mass storage
*  nomadic and wireless computing
*  shared address spaces

DATE FOR REFEREED PAPER SUBMISSIONS

  Manuscripts or Extended Abstracts Due:              July 18, 1994
  Notification to Authors:                          August 31, 1994
  Camera-ready Papers Due:                        November 14, 1994

The USENIX conference, like most conferences and journals, requires that papers
not be submitted simultaneously to more than one conference or publication and
that submitted papers not be previously or subsequently  published elsewhere.
Papers accompanied by so-called "non-disclosure  agreement" forms are not
acceptable and will be returned to the author(s) unread.  All submissions are
held in the highest confidentiality prior to publication in the Proceedings,
both as a matter of policy and in accord with the U.S. Copyright Act of 1976
(Title 17, U.S. Code, Section 102).

HOW TO SUBMIT A REFEREED PAPER

It is important that you contact the USENIX Association office to receive
detailed guidelines for submitting a paper to the refereed track of the
technical sessions; please telephone to +1-510-528-8649 or E-mail to
winter95authors at usenix.org

In addition, specific questions about submissions to the USENIX Winter 1995
Conference may be made to the program chair via E-mail at honey at citi.umich.edu.

The program committee will review full papers or extended abstracts.  An
extended abstract should be 5 manuscript pages (single-sided) or fewer in
length.  It should represent the paper in "short form."  Please include the
abstract as it will appear in the final paper.  If the full paper has been
completed, it may be submitted instead of an extended abstract.  Full papers
should be limited to 12 single-spaced pages.

Include references to establish that you are familiar with related work, and,
where possible, provide detailed performance data to establish that you have a
working implementation and measurement tools.

Every submission should include one additional page or separate E-mail message
containing:
*  the name of one of the authors, who will act as the contact for the program
   committee
*  contact's surface mail address, daytime and evening telephone numbers,
   E-mail address, and FAX number
*  an indication of which, if any, of the authors are full-time students

WHERE TO SEND SUBMISSIONS

Submit one copy of an extended abstract or full paper by July 18, 1994 via AT
LEAST TWO of the following methods
*  E-mail to winter95papers at usenix.org
*  FAX to +1 313 763 4434
*  Mail to:

        Winter 1995 USENIX
        CITI
        University of Michigan
        519 W. William
        Ann Arbor, MI  48103-4943
        U.S.A.

CASH PRIZES

Cash prizes will be awarded for the best paper at the conference and the best
paper by a full-time student.

CONFERENCE PROGRAM COMMITTEE

  Charles J. Antonelli        CITI, University of Michigan
  David Bachmann              IBM Austin
  David Chaum                 DigiCash b.v.
  Cecelia D'Oliviera          Information Systems, MIT
  Richard Draves              Microsoft Research
  Lori Grob                   Chorus Systemes
  Peter Honeyman (Chair)      CITI, University of Michigan
  John T. Kohl                Atria Software
  Greg Minshall               Novell, Inc.
  Douglas Orr                 Itinerant Hacker
  Noemi Paciorek              Horizon Research
  Phil Winterbottom           AT&T Bell Laboratories

CONFERENCE PROGRAM AND REGISTRATION INFORMATION

Materials containing all details of the technical sessions and tutorial
program, conference registration, hotel discounts, and airfare discount and
reservation information will be available at the end of September 1994.  If 
you wish to receive the registration materials, please contact:

     USENIX Conference Office
     22672 Lambert St., Suite 613
     Lake Forest, CA  USA  92630
     +1-714-588-8649, FAX: +1-714-588-9706
     E-mail: conference at usenix.org

------- End of Forwarded Message






From s009amf at discover.wright.edu  Wed Jul 13 11:54:34 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Wed, 13 Jul 94 11:54:34 PDT
Subject: (none) (fwd)
Message-ID: <Pine.3.89.9407131445.B28157-0100000@discover>



Sorry about forwarding this long message but I thought it would be 
something interesting to read. I have no idea if anyone has seen this 
before.. But this so you know what is currently happening now.
FYI, who ever made this post is not known at this time. Jeremy Cooper 
sent it to me and he must have found it on a mailing list for his class. 
The person who found it got it off the NirvanaNet. I e-mailed him and he 
thought it was joke. I then looked a bit closer and found that the earliest 
forwarder of this Chuck Zeps, who posted it on the USENET... Anyway the 
message he sent me is at the end of this message. If anyone has any ideas 
or comments about it, please send them. There are BBS numbers from the 
mailer taglines used by local BBSes. I'm sure if I give one of them a 
call I can figure out who wrote it originally....
Happy reading!!!

________________________________________
     To: /mail/ac/ac859                    Msg #: 1757      Size: 4757/100
   From: jeremy at crl.com (Jeremy Cooper)       On: 06/15/94  22:07
Subject: a post about Electronic security (fwd)

oh oh

                   _  .  _ ___ _  .  _
===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-===
===-|)||| | |\/\/  mud.crl.com 8888 (_) Virtual Bay Area!                -===

---------- Forwarded message ----------
Date: Tue, 14 Jun 94 14:26:43 PDT
From: The Great Googly-Moogly <johansen at sfsuvax1.sfsu.edu>
To: cyberspace/Humanities class list <cyberspace/Humanities at sfsu.edu>
Subject: a post about Electronic security

the following was found on NirvanaNet:



D Area: ENCRYPT 
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
  Msg#: 350                                          Date: 06-13-94  11:57
  From: Black Knight                                 Read: Yes    
Replied: No
    To: All                                          Mark:
  Subj: Telco Spying !
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Thought y'all might find this of intrest.

From: chuck.zeps at dt-can.com (Chuck Zeps)
Newsgroups: alt.cyberpunk
Subject: Telco Spying !
Date: Sun, 12 Jun 94 09:20:00 -0500
Message-ID: <fe.966.2106.0NCAB9D8 at dt-can.com>
Organization: Data Tech Canada - (519) 473-7685

                  *** Telco Snooping ? ***

========================================================================
As someone involved in the telephone industry on the level of security
and data integrity... I would like to inform everyone that uses modems
and/or are bbs operators of some information.

The first thing that everyone that uses a modem should know is that
every time you fire up your modem your activating monitoring equipment
somewhere in the U.S.  I have worked for several large telephone
networks that routinely monitor and reroute modem and fax transmissions
through devices that allow them to view what is being transmitted and
even decodes encrypted data and fax packets used by major corporations
and governmental agencies.  This is allowed under the heading of
"Maintenance Monitoring" and may be continued for up to 6 months without
the need of any legal paperwork being generated.  Under an obscure
pre-WWII ruling by the agency that is now the FCC... "No information may
be encoded or transmitted over PUBLIC or PRIVATE forms of telephony or
radio with the exception of those agencies involved in the National
Security" a further designation goes on to say "with the exception of
the MORSE system of 'transmittal', any communication that is not
interpretable by the human ear is forbidden and unlawful."  The
information gathered goes to 3 seperate database facilities...1 is
codenamed Diana and is located in Brussels, the 2nd is named Fredrick
and is located somewhere in Malaysia, the 3rd is named Elizabeth and is
located in Boulder, Colorado.  The information stored in these systems
is accessable by the US Government, Interpol, Scotland Yard and various
other such agencies.  Your credit rating is also affected by your modem
usage... if you ever get a copy of your credit history and find a
listing that has HN06443 <--= this is a negative risk rating. or a code
87AT4 <---= an even more negative risk rating.... these will usually
have no description on them... and if you inquire about them they will
tell you that it just comes from the system that way. I am currently
working for another major carrier as a consultant and have been able to
watch these systems operate...at one unnamed long distance carrier here
in Columbus Ohio in their NCC, Network Control Center, you can see
several rows of computer terminals which have approximately 30 to 40
separate windows in each... these windows have data transmissions that
are being monitored... banks of 9 track tapes are going constantly to
record everything.  Everyone should realize that even if a sysop posts a
disclaimer at the beginning of his bbs about no access to governmental
agencies or law enforcement...that it isn't worth the time it takes to
type it in... looking forward to hearing reactions to this.
-!- * SLMR 2.0 * * My Castle BBS 614-236-4015 10pm to 10am M-F 6pm-6pm S
-!-
   QMPro 1.52   Clinton - All hope abandon, ye who voted for a Communist
-
chuck.zeps at dt-can.com
                                 =END=
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::c.zeps at genie.geis.com:::NsAc4sEmTeXpEtNbOmBcLiNtOnSsDeAbAtF:::
:::CDN.Assn.Rocketry S155::kGbGrUcSiSrCmPdOdsPeTzNaZiJeWmOsSaD:::
:::VE3SMN:::NRA Member:::::@8F at CoCaMeXcArTeLgOvDoPeBuShMeNaGuN:::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 ---
 ~ TNet 3.90 w USENET| The Obelisk BBS | London, Ont.| 519.6790021


-!-
 * Freddie 1.2.5 * "It's art, things have to die"-Nora Maki, what a woman


-!- WM v3.10/93-0082
 ! Origin: Burn This Flag BBS - San Jose, CA - 408/363-9766  (9:900/6)

---------- Forwarded message ----------
Date: Wed, 13 Jul 1994 06:12:00 -0400
From: Chuck Zeps <chuck.zeps at dt-can.com>
To: s009amf at discover.wright.edu
Subject: (none)

Aaron, the "telco" post was a repost of data I got from an import of
stuff from the Atlanta area. I regretfuly removed the header data and
most people thought *I* wrote it when I reposted it. It was posted to
another bbs down there ( data for that one is just above my .sig if you
look ).

The post was interesting as the methods used are substancially correct
and this type of thing does occur up here. I dunno about banks of
monitors for *everything* in real-time, but much targeted traffic can be
viewed that way ( HP data monitors hooked to archival taping decks).

You might call the BBS listed and enquire further if curious ...




                                     Regards, Chuck






From kentborg at world.std.com  Wed Jul 13 12:01:55 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 13 Jul 94 12:01:55 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <199407131901.AA12318@world.std.com>


We need another TLA?  

I propose: TPD: Terrorists, Pedophiles, and Drug-dealers.

It seems everytime one of this canonical-trio arises the person who
thought it up thinks it was an original thought.  If "TDP" got into
circulation as term of ridicule, it might help our cause.

Think about it, by reducing These Horrors to just another TLA we can
then maybe talk about how TDPs are also thought to sometimes use
telephones, cars, the post office, money, electricity, and shoes, and
what are we gonna *do* about it?


-kb, the Kent who wants to make people recognize how silly this all is


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From gtoal at an-teallach.com  Wed Jul 13 12:02:16 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 13 Jul 94 12:02:16 PDT
Subject: House Rules Committee marks encryption bill as "open" (fwd)
Message-ID: <199407131900.UAA10789@an-teallach.com>


Snap!  I win!

G





From sandfort at crl.com  Wed Jul 13 12:53:38 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 13 Jul 94 12:53:38 PDT
Subject: WHITEHOUSE FTP?
Message-ID: <Pine.3.87.9407131246.A22749-0100000@crl.crl.com>


C'punks,

Is there an FTP site for Whitehouse press releases?  Does anyone have 
that address?  A friend who edits a privacy newsletter wants to use it to 
keep track of press releases about privacy related issues.

Thanks, 


 S a n d y








From kentborg at world.std.com  Wed Jul 13 13:01:45 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 13 Jul 94 13:01:45 PDT
Subject: House Rules Committee marks encryption bill as "open"
Message-ID: <199407131954.AA09602@world.std.com>


"Shabbir J. Safdar" <shabbir at panix.com> wrote:
>I phoned the House Rules comm. this morning.  They informed me that
>the committee voted 5-4 earlier this week to allow amendments to the
>General Export Administration Act on the House Floor.

Stanton McCandlish <mech at eff.org> then copied it out to a zillion
destinations.

Aren't we looking a bit amateurish?
 
A loud call is put out in an attempt to lobby this committee, and it
took someone (apparently) in New York City to call the committee to
find out that, oh yes, a few days ago they had the vote and it went
our way.
 
Why was it again that EFF needed to open a Washington, D.C., office?
 
Come on folks!  We are playing the *big* time here.  Real Lobbiests
*know* how important votes go.  We are up against real lobbiests on
these issues.

If EFF is going to make official requests for faxes and phone calls it
should also make prompt official reports of the results.  I want us to
be organized, I want us to look organized, I want the Congress to know
we are organized.  

I also want the folks who sent the faxes and made the phone calls to
know when they accomplish something.  I would like to know how
individual Congressmen voted, so I can follow up my fax with a "thank
you" if appropriate.  Where is this info??

Is EFF on summer vacation?  If matters we care about are up for votes
we should be paying close attention *and* making it clear to everyone
that we are paying close attention.

Crypto export is extremely important, we should not mess this up.


-kb, the Kent who is feeling a bit embarrassed


--

Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From shabbir at panix.com  Wed Jul 13 10:19:55 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Wed, 13 Jul 1994 13:19:55 -0400 (EDT)
Subject: House Rules Committee marks encryption bill as "open" (fwd)
Message-ID: <199407131719.AA10993@panix3.panix.com>

I phoned the House Rules comm. this morning.  They informed me that
the committee voted 5-4 earlier this week to allow amendments to the
General Export Administration Act on the House Floor.

This should allow a contingent to restore the strength to the act
on the House floor, should Rep. Maria Cantwell and her cosponsors
be able to muster the required votes.

It was obviously a close vote.  If you wrote in, know that your letter
probably helped to tip the scales.

-Shabbir


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From jgostin at eternal.pha.pa.us  Wed Jul 13 13:20:34 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 13 Jul 94 13:20:34 PDT
Subject: (None)
Message-ID: <940713145422p5yjgostin@eternal.pha.pa.us>


"Perry E. Metzger" <perry at imsi.com> writes:

> Jeff Gostin says:
>> What _is_ Singularity? It's not a term I'm familiar with.
>
> The notion that the rate of progress is increasing, and the increase
> in the rate is also increasing, so at some point in the next century
> more change will occur per hour than occurred in all of human history
> to, say, now. "The Singularity" is the point at which the world
> becomes not merely odd but incomprehensable TO US. Presumably those
> alive at the time will not really notice.

     So, to borrow a Calculus term, and to bastardize the concept
somewhat, Singularity is the point at which the derivative of Progress is
undefined? Visually, it'd look like this (only MUCH steeper), if I see it
correctly:

     -    .|
P    -     |
r    -     |
o    -     |
g    -   . |
r    -     |
e    -     |<---- Singularity
s    -  .  |
s    -     |
     - .   |
     -.    |
     ------|---------
      12345
         Time 

1= 1970   2= 1990   3= 2010   4= 2030   5= 2050


     Right??


                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From rah at shipwright.com  Wed Jul 13 13:23:59 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Jul 94 13:23:59 PDT
Subject: The Glorious 1000-Year Kryptoreich
Message-ID: <199407132018.QAA12581@zork.tiac.net>


At  9:54 AM 7/13/94 -0700, Timothy C. May wrote:
>--Kryptoreichkanzler Klaus! von Future Prime

Tim, don't you know you're only supposed to only *sip the punch* not chew
the little cactus buttons floating in it??

Heil!

;-)

Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From blancw at microsoft.com  Wed Jul 13 13:34:39 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 13 Jul 94 13:34:39 PDT
Subject: FW: Ordering White House docs via email
Message-ID: <9407132034.AA15444@netmail2.microsoft.com>


------------   TEXT ATTACHMENT   --------
SENT 04-16-94 FROM EBERWEIN_BILL @CASG


    From the White House (President at whitehouse.gov)

     Our electronic communications project has been structured in
three phases.  Phase One established the Internet address, so
that we could begin receiving electronic mail.  Phase Two now
provides a means for interested parties to receive White House
publications.  The goal of Phase Three, which we hope to achieve
soon, is to respond electronically to the substance of incoming
messages.

     Now that Phase Two of our project is complete, we are proud
to announce the Internet address for obtaining White House
documents and publications.  The address is:

               publications at whitehouse.gov

To receive instructions, please send a message to
publications at whitehouse.gov (**do not "reply" to the memo you are
now reading**).  In the body of your message, type "Send Info"
(without quotes); no other text is necessary.  The instructions
will be sent to you automatically.

--- END ---






From nobody at soda.berkeley.edu  Wed Jul 13 13:45:10 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Wed, 13 Jul 94 13:45:10 PDT
Subject: Jacking in from the "Blank Check" Port
Message-ID: <199407132044.NAA03234@soda.berkeley.edu>





Date: Mon, 11 Jul 1994 14:53:56 -0700
From: "Brock N. Meeks" <brock at well.sf.ca.us
To: com-priv at psi.com
Subject: White House Pays
 
CyberWire Dispatch // Copyright (c) 1994 // July 11 //
 
Jacking in from the "Blank Check" Port:
 
 
Washington, DC -- The Administration will today announce it has
sidestepped the threat of patent infringement lawsuit involving its Escrow
Encryption System, commonly known as Clipper.  The solution: Toss the
original patent holder a blank check and buy him off.
 
The National Institute of Standards and Technology (NIST), the agency
walking point for the White House on its proposed encryption Clipper
encryption standard, has agreed in principle to license two key patents
relating to the technical workings of the key escrow system from patent
holder Silvio Macali, an MIT professor.
 
The government's key escrow system depends on the capturing of digital
"keys" that allow authorized law enforcement officials to unscramble
Clipper encoded speech or Capstone encoded data, including electronic mail.
Macali, as it now turns out, thought up the idea and had the moxy to patent
his scheme.   Macali's inventions detail the process whereby a digital key
is divided into pieces.  Those pieces are then held by separate "key escrow
agents" which now turn out to be hand picked government agencies;  one is
NIST the other a division of the Treasury Department.  Those keys must be
combined to successfully unlock the code that allows law enforcement
officials to listen in.
 
The license agreement effectively eliminates "concerns Macali raised about
possible infringement of his patents," said NIST spokeswoman, Anne Enright
Shepherd.  It also sidesteps a potentially ugly lawsuit in which Macali
lawyers could have uncovered all sorts of currently  unknown information
about the Clipper program.
 
According to sources familiar with the negotiations, the government's
agreement with Macali grants the Administration a nonexclusive license to
the patents for use in current implementations of Clipper and Capstone and
for future implementations, Shepherd said.
 
It's not known whether the government will make a single payment to Macali
or pay royalties.  "The procurement phase of the agreement is still
continuing," Shepherd said.  Disclosure of the amount paid to Macali and
details of the license agreement are expected to be made public sometime
early next month, she said.  That agreement, however, wont result in any
user fees, Shepherd said.
 
Questions Raised
================
 
Although the government's action today nullifies a pesky problem, it also
continues to raise serious questions about the Administration's --  and
more pointedly -- about the National Security Agency's ability to ramrod an
encryption policy that has been elevated to the status of a national
security issue.
 
Surely the NSA or NIST can dial up the U.S. Patent Office and query its
database, looking for patent conflicts.  Apparently the clock and dagger
crowd was too busy with other matters.  Arrogance or oversight?
 
"Macali made the existence of his patents known during the public comment
period," Shepherd said. "He let the government know he had some patents
that he felt were similar to some technology used by the key escrow system.
So the discussions kind of began at that point," she said.
 
Unfortunately, the "public comment" period was launched only after the
White House trotted out its Clipper policy as set in stone.  Nobody
expected Macali to piss the parade.
 
Privacy and civil liberties groups have roundly criticized the government
for developing Clipper in secrecy, not allowing public debate on the issue.
If that debate had taken place, Macali would have come forward years ago.
 
Despite the Administration's continued efforts to push Clipper into the
deep waters of the mass market, there are rumblings that it may not be
christened after all.  At very least, it may not be the only encryption
standard blessed by the government.
 
Several groups are now floating their own alternatives to the Clipper
program.  And although the National Security Agency is working behind the
scenes to sink such efforts, NIST, at least, is making the appearance of
listening.
 
Earlier this year, NIST put out a call for the Cooperative Research and
Development Agreement (CREDA), which was an effort to draw publicly
interested parties into a cooperative venture to develop a key escrow
alternative.
 
Those that came forward have now thrown off working formally with CREDA,
but have instead formed their own working group, government sources said.
Those efforts are being heard and taken seriously, according to several
government sources familiar with the discussions.  "Encryption isn't a
front page issue, but those [inside the Administration] working on this
issue are tired of being beat up over it," said a White House official.
 
Discussions on Clipper alternatives "are continuing," Shepherd said.  "And
we're still open to other alternative ideas and we're working with the
people who have presented their own ideas at this point."
 
Meeks out...


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%ES^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%FK*L"O>1F!<$@^,V#^W4
MH?]:O&T29&FHL2&1V!G^K5/R-M;;Q>IU_:IFGK/X6%?TSC]B"J#S(+_=#@S.
$$#LL7```
====Encrypted-Sender-End====





From sidney at taurus.apple.com  Wed Jul 13 13:50:24 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Wed, 13 Jul 94 13:50:24 PDT
Subject: WHITEHOUSE FTP?
Message-ID: <9407132049.AA02283@federal-excess.apple.com>


The info from whitehouse.gov claims that all of the publications are
accessible via anonymous ftp to whitehouse.gov.

 -- sidney








From gtoal at an-teallach.com  Wed Jul 13 13:51:15 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 13 Jul 94 13:51:15 PDT
Subject: (none) (fwd) [the 'telco spying' thread again...]
Message-ID: <199407132051.VAA13034@an-teallach.com>


This mindless and erroneous drivel was published on alt.2600 and
several other groups about a month ago and has been refuted at
length.  It's just some idiot trying to wind people up.  Yes,
there's a tiny teensy grain of truth behind it, but just about
every detail is verifiably wrong.

Believe me, I'm one of the people here who is actively looking
out for this sort of stuff and I know what's True Dope and what's
bullshit, and this is bullshit.

G





From fnerd at smds.com  Wed Jul 13 13:51:27 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Wed, 13 Jul 94 13:51:27 PDT
Subject: Why to Care about Others' Security
Message-ID: <9407132048.AA01869@smds.com>


i wrote-

> | 1) The more people protect their privacy, the less profit there is in
> | privacy invasion, so that there will be fewer people doing it and
> | the techniques and infrastructure of spying might develop more
> | slowly.

& Mike Markley replied-

> It seems that the more people protect their privacy the greater the 
> profit will be in finding ways to invade that privacy. When all kinds 
> of information is available in more or less public places there is 
> little, if any, reason to pay people to get this information. On the 
> other hand if your information is closely guarded then it costs a lot 
> more to get that information.

I think you're effectively looking at the profit in an individual act
of spying instead of the profit in the whole spying "industry."
(I'm using the word "spying" only because it's short.)

Another thing to remember is that we're talking about information
*collecting* technologies, like merging mailing lists, rather than 
code breaking.  Most "spying" is really cheap & easy nowadays.

There's always a distribution of valuable information at various 
levels of difficulty of access.  Privacy technology in common use 
would push masses of information from the easy-to-get category to
harder-to-get categories.

That means there's much more valuable information in the hard-to-get
category.  But that information *costs* much more to get, too.
The total information that can be collected at a given total cost
is less.

So less info would be espied, but I think we're discussing whether
spying technology would be stimulated or depressed overall.

Certainly there will be demand for info even after it becomes
expensive.  Sometimes people will be willing to pay higher costs.
That means good news for middlemen who specialize in hard spying.
But what about the spy industry overall?

There are two reasons I think it would be depressed.  One is
that espionage is synergystic.  You can make information more
useful by combining it with other information.  If less total
information is available then the average chunk of information
is less valuable--and so less worth collecting.

The other reason is that although some information will fetch
higher prices as it becomes more costly, much more information
will simply become not worth fetching.  So even though there
will be more high-priced spying going on, there will be less
money flowing in the spying industry overall.

This is my theory.  Which is mine.  (Actually I probably stole it
from Eric Hughes, but what do you expect from a punk.)

-fnerd
- - - - - - - - - - - - - - -
nutritional information per serving:
   less than one (1) bit
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Wed Jul 13 14:00:40 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 13 Jul 94 14:00:40 PDT
Subject: A Plea for Meaningful Message Titles
Message-ID: <199407132100.OAA16354@netcom5.netcom.com>



I don't often make requests for netiquette changes here on this list,
but I will now. I have no power to enforce anything, so these are only
suggestions.

1. Could we people make an effort to pick reasonably meaningful thread
titles? A lot of "Re: your mail" and "(None)" titles are cluttering up
the list.

Not to mention the overly broad titles like "PGP" and "Question." In
sorting through my list archives recently I found several hundred
messages that contained variations on the simple phrase "PGP," most
discussing points only loosely related to PGP.

2. People should feel free to edit the subject line to better reflect
the topic of their post. This may "destroy the continuity of the
thread," a concern raised by some, but that's a small price to pay for
having new threads more accurately labelled.

3. Forwards are really getting out of hand. It seems that the "Four
Letter Acronyms" of CPSR, EPIC, ACLU, and EFF (an honorary FLA)
routinely copy us on everything they put out, even though their stuff
is widely distributed in other forums available to us all, and none of
them seems to be reading Cypherpunks and actually participating in
followup discussions. (If Banisar, Godwin, Kapor, McLandish, et. al.
are actually reading this, I invite them to prove me wrong.)

4. While I'm at it, could newcomers to the world of crypto please take
the time to read up on some of the basic crypto isues? The lateness of
my FAQ is not the issue, as the needed knowledge is contained in any
of the basic FAQs that are already out there, such as the
oft-republished sci.crypt FAQ and the RSA FAQ. And basic articles and
books are readily available. 

This list is not a place to ask 500-600 people "What's so bad about
Clipper?" or "Can't the NSA break any cipher with enough effort?"

Thank you for your time.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hayden at vorlon.mankato.msus.edu  Wed Jul 13 14:16:27 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Wed, 13 Jul 94 14:16:27 PDT
Subject: A Plea for Meaningful Message Titles
In-Reply-To: <199407132100.OAA16354@netcom5.netcom.com>
Message-ID: <Pine.3.89.9407131654.A2086-0100000@vorlon.mankato.msus.edu>


Tim, you make a lot of good points, but I just want to add one comment.

Tim sez:

> 1. Could we people make an effort to pick reasonably meaningful thread
> titles? A lot of "Re: your mail" and "(None)" titles are cluttering up
> the list.

Often these are caused by responding to a message with no subject.  Many 
people tend not to notice the lack of subject and then produce a 'RE: 
your mail".  Just a pointer to how these originate.  Everything else you 
said is echoing my own sentiments. :-)

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From jim at bilbo.suite.com  Wed Jul 13 14:35:56 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 13 Jul 94 14:35:56 PDT
Subject: New version of Digital Telephony Bill?
Message-ID: <9407132131.AA05989@bilbo.suite.com>




In the latest Wired issue (2.08) there is a small blurb about a new  
version of the Digital Telephony Bill that the FBI has presented.   
According to the blurb, a couple of Senators has expressed a willingness  
to sponsor this new version.  Anybody have any more info on this?

Jim_Miller at suite.com





From jim at bilbo.suite.com  Wed Jul 13 15:02:59 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 13 Jul 94 15:02:59 PDT
Subject: INFOBAHN PANEL SEES WORLD THROUGH [..] BLINDERS
Message-ID: <9407132157.AA06537@bilbo.suite.com>




A recent fax from The Center for Strategic and International Studies'  
International Communications Studies and Political-Military
Programs:

topic: encryption wars on the global information highway:  beyond the  
clipper chip battle.  This introductory discussion will take place on July  
14th, 1994, at CSIS, 4th floor conference room, 1800 K St., N.W., DC from  
9:30am-12noon.  Dr. Michael Nelson, Special Assistant, White House Office  
of Science and Technology, and Mr. Kent Walter, Counsel to the Deputy  
Attorney General, will lead off the morning, followed by diverse industry  
and expert views.  Since this by invitation only, please RSVP to Craig  
Johnson by Monday, July 11 at either Fax: (202) 775-0898, or e-mail:  
csis-ics at clark.net.

[Included with the fax was the following ILA report reproduced here with  
permission from the author.  Is anyone on this list invited to the above  
mentioned meeting? - jm]

--------------------------

What's Left Unsaid And Undone
INFOBAHN PANEL SEES WORLD THROUGH NARROW COPYRIGHT BLINDERS
Lehman Panel Leaves Later How To Deal With Other Issues

     The best way to understand the recently released
government report on protecting intellectual property is
to look at the credentials of its primary author: Bruce
Lehman, patent commissioner.

     Don't be misled by his title. Lehman is a copyright
lawyer and legislative aide by training. His report
reflects these points of view:

     If there is an emerging problem, as the economy
enters the digital age, when information can be quickly,
easily, and secretly copied, then the solution is to
tinker with the law. A patch here, and a new subsection
there, and Humpty Dumpty will be put back together again.

     "We tried to fine tune the dials of public policy,"
says Lehman, who emphasizes that the report benefited
from hundreds of sets of eyes, not his alone.

     The draft report was issued by a working group
underneath the Clinton Administration's National
Information Infrastructure Task Force.

     And while its recommendations on changes to
copyright law received wide attention earlier this week,
the report is only one arrow in a quiver to deal with the
theft of intellectual property.

     Faith in the rule of law is a good thing, in other
words, but it won't be enough. Just ask anyone who has
watched his or her copyrighted work flung through the
Internet in a seamless chain of infringement. Or a
software company that discovers 300 copies of a program
at a corporation and only one sale.

     The working group's recommendations by themselves
won't break the chain any more than stiffer laws and
penalties have cured the drug crisis.

     But there are other arrows to shoot. Next week, for
example, a different wing of the NII task force will hold
a public hearing on the "security, integrity, and
reliability" of information that travels through digital
networks. Yet another wing, headed by Arati Prabhakar,
director of the National Institute of Standards and
Technology, is at work on applications and technology.

GOTTA START SOMEPLACE

     Nearly everyone (except those who don't believe in
intellectual property) seems to think the law is a good
place to start. "Lehman has done an excellent job
bringing focus to this issue," says Henry Perritt, Jr., a
professor at Villanova Law School, who nonetheless has
concerns about some of the specific proposals.

     Among the major recommendations, which are all
subject to change (Possible objections mentioned by
critics are in parenthesis):

      It would be illegal to tamper with devices or
methods used to protect copyrighted material. (What
happens when the work is no longer subject to copyright?
If it is held in a technological envelope that is
unlawful to break, the work cannot enter the public
domain, as other works do upon copyright expiration.)

      Transmissions that may be considered both a
performance and a distribution, such as when a recipient
listens to a recording as it is being downloaded, would
be considered a distribution, if that was the
transmission's primary purpose. (Would this give more
protection to the creator than the consumer than now
exists in the law?)

      Recipients of digital transmissions of copyrighted
works would not have the freedom to redistribute the
material. Normally, under the so-called "first sale
doctrine," if Ted sells a book to Alice, she can then
turn around and sell or rent that book to Fred. This
recommendation would prohibit Alice from reselling that
book, if it is in digital form. The theory is that in a
digital environment Alice can keep the book and
distribute it, thereby destroying Ted's market. (The
first sale doctrine was meant to limit the copyright
monopoly so that the holder of the copyright gives up
control once he or she has obtained economic benefit. The
proposal may unhinge that balance. If the prior proposal
is a "look but don't touch" rule, this would be a "touch
but don't sell" rule, says Perritt.)

      Recording artists and record companies would
receive royalties on sound recordings that are
transmitted digitally. It is an anomaly of existing law
that sound recordings don't have a so-called "public
performance" right, as do plays, dances, and movies.
Without this change, consumers could simply download
top-quality recordings from specialized digital services,
bypassing the retail purchase. (The broadcasting industry
will put its full lobbying force behind blocking this
measure, arguing that airplay is a form of free
publicity.)

      A conference will be held on how to preserve the
"fair use" concept of copyright law under which consumers
are allow to use small portions of copyrighted work
without fear of infringement. As more information becomes
available on line, the ability to browse through material
in libraries and schools for free will be curtailed. It
will be possible to meter every usage of a work, even
those that heretofore were protected by fair use
doctrine. (Some copyright holders feel that fair use
developed only because the transactional costs of
charging for small uses outweighed any remunerative
benefit. If advanced metering systems reduce
transactional costs, then why not charge for all uses?)

BALANCING ACT

     Lehman calls these changes "very modest" and built
upon practices proven in other areas. For example, it is
already unlawful to tamper with the encryption devices
that scramble cable signals. And computer software has an
exemption from the first-sale doctrine. Otherwise, to use
the prior analogy, Alice could rent out the software to
Fred and his 15 best buddies, who would then produce
perfect copies for their own use.

     At the same time, the working group tried to balance
the interests of creators, by suggesting modifications in
first-sale and distribution language, and consumers, by
holding the fair use conference. After all, copyright law
is meant to protect the works of creators for the overall
benefit of society.

     Prior to becoming patent commissioner, Lehman was at
Swidler & Berlin. He cut his teeth on the Hill as the
chief legal advisor during the drafting of the 1976
Copyright Act and 1980 Computer Software Amendments.

     That experience, he says, shaped his belief in being
responsive to all sides of a debate. "If I was the
general counsel of McGraw Hill, I might be less inclined
to hold a conference on fair use," Lehman said.

     Still, he recognizes that the law can only do so
much.  "The most you can expect out of the copyright
system is to prevent hemorrhaging," Lehman said. "It
cannot prevent leakage," such as casual pirating of
software for home use.

     That function falls to the marketplace to develop
technologies that can envelop copyrighted material so it
can only be opened by rightful recipients and to
educators, according to Lehman.

     While the working group did not delve seriously into
technological solutions, it will sponsor a second
conference on education. The conference will explore
course work that can be used in schools and libraries.
Just imagine: Intellectual Property Education 101. It's
hard to envision the course being as popular as driver's
ed.

      Agencies Participating In Intellectual Property
                  Rights Working Group

Advanced Research Projects Agency
Commerce Department
Council of Economic Advisors
Energy Department
General Services Administration
Justice Department
National Institute of Science and Technology
National Library of Medicine
National Science Foundation
National Security Agency
National Telecommunications and Information
Administration
Office of Consumer Affairs
Office of Management and Budget
Office of Science and Technology Policy
Office of the U.S. Trade Representative
Patent and Trademark Office
State Department
Treasury Department

---

***********************************************************
                                      Information Law Alert
     |||||||||    ||           ||||   * a voorhees report *
        ||       ||         ||     || *                   *
       ||       ||         ||     ||  *    718-369-0906   *
      ||       ||         |||||||||   *        voice      *
     ||       ||         ||     ||    *    718-369-3250   *
    ||       ||         ||     ||     *         fax       *
|||||||||   ||||||||   ||     ||      markvoor at phantom.com*
***********************************************************
411 First St., Brooklyn, NY 11215-2507         July 8, 1994

******************************************************
*     PLEASE KEEP THIS BOX ATTACHED TO NEWSLETTER    *
******************************************************
Information Law Alert (ISSN-1068-8129) is published 20
times a year by Voorhees Reports, 411 First Street,
Brooklyn, NY 11215-2507.

Subscription rates: E-mail subscriptions are available for
$195 a year. $550 a year for print newsletter. For
information, call 718-369-0906 or 800-369-4840, or fax
718-369-3250. E-mail address: markvoor at phantom.com.

On line: Information Law Alert is available
electronically to subscribers of NewsNet (800-952-0122);
Dialog (800-334-2564); and Dow Jones News Retrieval
(800-522-3567).

E-mail subscriptions are also available through Counsel
Connect (800-952-0122) under the Resources section. Back
issues and bundles of stories are available at
Marketplace.Com. Gopher to Marketplace.Com or use the URL
http://marketplace.com.

Copyright 1993 Mark Voorhees. Unauthorized duplication
prohibited by law.
*********************************************************

Anybody know where I can get a copy of the Lehman Panel report?

Jim_Miller at suite.com





From trollins at debbie.telos.com  Wed Jul 13 15:29:19 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 13 Jul 94 15:29:19 PDT
Subject: Source Code
Message-ID: <9407132229.AA26004@debbie.telos.com>


Hello,
I created a stand alone utility for DOS to do a multiple
cipher IDEA-TRAN-IDEA-TRAN-IDEA and call this 3DEA.
"usage: 3dea e|d [infile [outfile]]"
Without files, will use standard in and out.
Will prompt for (5) Pass Phrases. MD5 on each phrase to get
128*5 bits of key.

I also made some changes to my copy of the PGP source code
to use this 3DEA cipher as an optional extension to the
single IDEA cipher that comes with PGP.
Will communicate with current versions of PGP (2.3a, 2.6, 2.6ui).

1 - Can process 4096 bit RSA keys.

2 - Optional 3DEA message encryption for more security.
    3DEA is a multiple cipher IDEA-TRAN-IDEA-TRAN-IDEA.

    Include the command line option '3' when encrypting with 3DEA.
    Example "pgp -3seat message".
    Uses a 640 bit session key as specified.
        128 bit key for first IDEA round.
	 64 bit IV for first IDEA round.
	 32 bit key for Transpose of bytes within a 4096 byte
	    buffer block between first and second IDEA rounds.
        128 bit key for second IDEA round.
	 64 bit IV for second IDEA round.
	 32 bit key for Transpose of bytes within a 4096 byte
	    buffer block between second and third IDEA rounds.
        128 bit key for third IDEA round.
	 64 bit IV for third IDEA round.

3 - Automatic detection of IDEA or 3DEA session keys for
    decryption of messages.

Would anyone in the USA or Canada like a copy of these programs
(Source and Object) ?
I would appreciate any feedback on bugs, ect...
So, if you want a copy, send me an E-mail.

Thanks,
Tom Rollins <trollins at debbie.telos.com>






From jgostin at eternal.pha.pa.us  Wed Jul 13 16:20:44 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 13 Jul 94 16:20:44 PDT
Subject: TC May's policy change proposal
Message-ID: <940713182417q8qjgostin@eternal.pha.pa.us>


tcmay at netcom.com (Timothy C. May) writes:

> 1. Could we people make an effort to pick reasonably meaningful thread
> titles?
     Agreed. A few people on this list have mailed me privately (thanx for
the discretion, guys!) and told me my Subject: headers were coming up as
(None). All mailing lists are gated to local newsgroups here at Eternal.
As a result, my newsreader doesn't seem to like maintaining subject
headers on mailing list mail. It's a known bug... *sigh*

     "Ok," you ask,"...what's the point?" The point is this: If I can take
the time to manually change the subject, working around an annoying bug in
my software (it'll be fixed literally RSN, BTW), everyone else can take
the time to do it right. :-)

> 2. People should feel free to edit the subject line to better reflect
> the topic of their post.
     Agreed. Since I can't preserve the subject heading as a result of
aforementioned cyber-roach (hey, I _like_ that term!), I _have_ to make up
creative titles. So can all of you. You've shown you're smart, and by
being a 'punk, you've shown you care about privacy, crypto, and all that
other good stuff. Don't skimp on subjects. :-)

> 3. Forwards are really getting out of hand. It seems that the "Four
> Letter Acronyms" of CPSR, EPIC, ACLU, and EFF (an honorary FLA)
     Agreed, again. Perhaps we should change "policy" to dictate that only
members of the organization in question should forward "infograms" to the
list. Forwarded Usenet posts should be pointered and perhaps summarized.
Beyond that is wasted traffic, IMHO.

> This list is not a place to ask 500-600 people "What's so bad about
> Clipper?" or "Can't the NSA break any cipher with enough effort?"
     Do you mean to imply that "Everything" and "Yes" aren't good enough
answers from 500-600 people? :-)

                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From prz at acm.org  Wed Jul 13 16:44:44 1994
From: prz at acm.org (Philip Zimmermann)
Date: Wed, 13 Jul 94 16:44:44 PDT
Subject: PGP bastardization (fwd)
Message-ID: <m0qODxq-000305C@maalox.ppgs.com>


Forwarded message:


From harmon at tenet.edu  Wed Jul 13 16:56:31 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Wed, 13 Jul 94 16:56:31 PDT
Subject: No Subject
Message-ID: <Pine.3.89.9407131817.A27320-0100000@Joyce-Perkins.tenet.edu>


who cypherpunks






From prz at acm.org  Wed Jul 13 17:36:38 1994
From: prz at acm.org (Philip Zimmermann)
Date: Wed, 13 Jul 1994 17:36:38 -0700 (MDT)
Subject: PGP bastardization
Message-ID: <m0qODqw-000305C@maalox.ppgs.com>

Tom, I hear that you are distributing a modified version of PGP that 
uses a different customized encryption algorithm of your own design.

If you read the "Snake Oil" section of the PGP User's Guide, then you
know how I feel about amateur cryptographer's encryption algorithms
that have not been subjected to extensive peer review.

PGP's reputation, and my repuitation (which is tied to PGP), depends
of people trusting the quality of encryption algorithms and protocols
that I have carefully selected for PGP, using all of my knowledge and
experience.  If someone were to put a new encryption algorithm into
PGP without my permission, it could serve to tarnish the reputation
that PGP has earned over the years.

Accordingly, I do not approve of anyone modifying the cryptographic
characteristics of PGP.  PGP and Pretty Good Privacy are my trademarks,
and their good name is trusted the world over because of the care that 
I have exercised in selecting its algorithms.

If you'd like to write your own cryptographic utility, using your own
algorithms and protocols, I have no problem with that.  But I do not 
want my program, my documentation, my name, and my trademarks, to be
used for products that may have flawed algorithms.

I also have no problem with you modifying PGP for your own private
use, if you like to experiment with new algorithms of your own design.
But I do not want you to distribute such a program to others, if it uses
my code, my manuals, my name, and my trademarks.  It could hurt my
reputation and PGP's reputation.

If I am misinformed on this subject, please let me know and accept
my apology for assuming too much.  Otherwise, I'd like you to remedy
the situation.  Please let me know what has happened and what we can
do about it.

Sincerely,
Philip Zimmermann
prz at acm.org

cc:  Curtis Karnow
     Landels, Ripley, and Diamond






From jrochkin at cs.oberlin.edu  Wed Jul 13 18:02:57 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Wed, 13 Jul 94 18:02:57 PDT
Subject: FW: Ordering White House docs via email
Message-ID: <199407140102.VAA01230@cs.oberlin.edu>


> The goal of Phase Three, which we hope to achieve soon, is to respond
> electronically to the substance of incoming messages.
 
Speaking of which, does anyone doubt that the point of this is to completely
eliminate human beings from the loop? You'll write a letter to 
president at whitehouse.com, and some kind of AI will process it and
determine the proper form letter to be sent back to you. Heck, they'll
probably borrow that groovy semantic-parsing spy thingamobob software
from the NSA.  
 
Actually, even though my knee jerk reaction is to be bothered by this,
I'm not sure there's cause. It's not as if the president actually sees
the letter you write to him snaimail anyhow. What difference does it make
if some minimum-wage secretary picks the proper form letter to send back to
you, or if a computer program does?





From roy at sendai.cybrspc.mn.org  Wed Jul 13 18:05:06 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 13 Jul 94 18:05:06 PDT
Subject: The Glorious 1000-Year Kryptoreich
In-Reply-To: <199407131654.JAA14944@netcom9.netcom.com>
Message-ID: <940713.183735.9r5.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

Kryptoreichkanzler Klaus despairs of a Citizen-Unit's lament:

> We shall triumph. It shall be a shining era of golden harmony and
> meticulous order, mediated by the glistening bits of the digiverse.
> All things in their places, and all actions for the good of the State.

If we wait long enough, things will be at least entertaining.

"Failure to be properly sedated may result in prosecution for criminal
drug avoidance."
        -- The omnipresent public address system in THX-1138, a movie
           which has been sadly overlooked in the modern Search for
           Dystopia.

(bonus quatloo to the person who can remind me what the Freud-in-a-box
was called... the one that said "Could you be more... specific?")

{now back to your regularly scheduled list; sorry for the digression}
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLiR8Wxvikii9febJAQHCkAP/Q48e3Tz+EO86Jh3V4zxQqSnyxYxXOPCZ
GfuoOIE3BCWRaIihLWDpvogcI8edztY2ZBHDzTX1nuXy+4F/cBr3kMzHrQFr5ds0
BCgDWDZ8OWb/kiAk8GpWbKd99Y/fP9VlJOgLTW7UAYB3SNYeuIygonrHpjSnqcEo
7BLW/hqlg2A=
=6F4D
-----END PGP SIGNATURE-----






From paul at hawksbill.sprintmrn.com  Wed Jul 13 18:14:13 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 13 Jul 94 18:14:13 PDT
Subject: FW: Ordering White House docs via email
In-Reply-To: <199407140102.VAA01230@cs.oberlin.edu>
Message-ID: <9407140216.AA12459@hawksbill.sprintmrn.com>




> 
> > The goal of Phase Three, which we hope to achieve soon, is to respond
> > electronically to the substance of incoming messages.
>  
> Speaking of which, does anyone doubt that the point of this is to completely
> eliminate human beings from the loop? You'll write a letter to 
> president at whitehouse.com, and some kind of AI will process it and
> determine the proper form letter to be sent back to you. Heck, they'll
> probably borrow that groovy semantic-parsing spy thingamobob software
> from the NSA.  
>

Make no mistake; its president at whithouse.gov, not .com.

Send him an e-mail.

- paul
  




From berzerk at xmission.xmission.com  Wed Jul 13 18:51:36 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Wed, 13 Jul 94 18:51:36 PDT
Subject: PGP bastardization (fwd)
In-Reply-To: <m0qODxq-000305C@maalox.ppgs.com>
Message-ID: <Pine.3.89.9407131949.A15724-0100000@xmission>




On Wed, 13 Jul 1994, Philip Zimmermann wrote:
> Accordingly, I do not approve of anyone modifying the cryptographic
> characteristics of PGP.  PGP and Pretty Good Privacy are my trademarks,
> and their good name is trusted the world over because of the care that 
> I have exercised in selecting its algorithms.

Do you think you might supply a version in the future supporting
1) more session key bits, for user suplied algorithims.
2) larger public keys, with no arbitrary limits.

I would be likely to *BUY* such a program, but will not buy the current 
version of pgp especially with the restriction on key size.

Don't follow this up with "but it would take a gazilion universes twenty 
gogelplex years to solve this" as I am fully aware of the numbers, and 
disagree with 1024 as a reasonable number.

If you don't plan to relax this restriction, then you can expect people 
in areas where patents are not enforced to hack your algorithim.  Not a 
threat, or saying it is right, just a fact of life.

Also, as a legal issue, anyone could legaly and without fear of any 
sanction produce a "modification kit" in printed form that detailed the 
changes to be made to your code to become "snake oil" and such a 
modification kit would be protected under the 1st amendment, and totally 
outside the reach of you or any law enforcement agency.  This might not 
be "respectfull" to you, but it is totally acceptable, as long as they 
don't distribute the code for pgp2.6 with it.  Use could be another 
thing.

I would say the only way to accomidate this is to make a biger mousetrap 
for the parinoid.

Perhaps it should be called MGPD for Mega Good Privacy Dudez.:-).

Roger.





From gtoal at an-teallach.com  Wed Jul 13 18:58:52 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 13 Jul 94 18:58:52 PDT
Subject: PGP bastardization (fwd)
Message-ID: <199407140158.CAA19389@an-teallach.com>


While I sympathise 100% with prz's annoyance at this hack, I should
remind him that he *did* put pgp out under the GPL and anyone is free
to modify it in any way they chose as long as they too release it
under the GPL.

He has no legal comeback (ha, there's an interesting irony about the
author of the world's leading piece of guerilla software...) and the
most he can do is apply peer pressure to get the guy to back down.

(Personally I'd never release anything under the GPL for precisely
that reason and others...)

G





From nelson at crynwr.com  Wed Jul 13 20:01:06 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Wed, 13 Jul 94 20:01:06 PDT
Subject: PGP bastardization (fwd)
In-Reply-To: <199407140158.CAA19389@an-teallach.com>
Message-ID: <m0qOEGQ-000I7YC@crynwr.com>


   Date: Thu, 14 Jul 1994 02:58:44 +0100
   From: gtoal at an-teallach.com (Graham Toal)

   While I sympathise 100% with prz's annoyance at this hack, I should
   remind him that he *did* put pgp out under the GPL and anyone is free
   to modify it in any way they chose as long as they too release it
   under the GPL.

   He has no legal comeback (ha, there's an interesting irony about the
   author of the world's leading piece of guerilla software...) and the
   most he can do is apply peer pressure to get the guy to back down.

The GPL says nothing about what you can call a program.  Phil can
certainly require someone to call it something other than PGP.  The GPL
also requires, in section 2a, that changes be prominently marked.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From merriman at metronet.com  Wed Jul 13 20:04:49 1994
From: merriman at metronet.com (David Merriman)
Date: Wed, 13 Jul 94 20:04:49 PDT
Subject: FW: Ordering White House docs via email
Message-ID: <199407140307.AA06097@metronet.com>


> 
>Actually, even though my knee jerk reaction is to be bothered by this,
>I'm not sure there's cause. It's not as if the president actually sees
>the letter you write to him snaimail anyhow. What difference does it make
>if some minimum-wage secretary picks the proper form letter to send back to
>you, or if a computer program does?
>

*I* got a "real answer" type card from them when I faxed Billary about what I
thought of that U.S. Card <expletive deleted>.  Granted that the card may have
been signed by a robo-arm, but what the hell......

Dave Merriman






From trollins at debbie.telos.com  Wed Jul 13 20:09:40 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 13 Jul 94 20:09:40 PDT
Subject: Re, PGP bastardization (fwd)
Message-ID: <9407140309.AA28617@debbie.telos.com>


I was shocked to receive an E-mail from Phill Zimmermann.
Here is my reply to his E-mail.

From: Philip Zimmermann <prz at acm.org>
>Tom, I hear that you are distributing a modified version of PGP that 
>uses a different customized encryption algorithm of your own design.
 
I have pieced together a multiple cipher that consists of the chain
IDEA-TRAN-IDEA-TRAN-IDEA. Where IDEA is the same IDEA (128 bit key +
64 bit IV) algorithm that pgp uses and TRAN is a byte transposition
across the 4K buffer block (each tran uses 32 bit key). Thus giving
this multiple cipher a keyspace of 640 bits.
 
I have made modifications to pgp that will let a user _optionally_
use this alogrithem instead of the single IDEA cipher. This change
was made to show pgp versitility and usefullness in transporting
an unweildly large conventional key with ease. On decrypting, the
modification detects which type of key is in the RSA packet and then
invokes the proper algorithm. Please note that the origional cipher
algorithems are intact and are used as the default method.
 
>If you read the "Snake Oil" section of the PGP User's Guide, then you
>know how I feel about amateur cryptographer's encryption algorithms
>that have not been subjected to extensive peer review.
 
Well, It is true that I am _not_ being paid for this software. It
is my hobby. And I don't care how you feel about my hobby.
Please feel free to make any constructive comments about the
algorithm.
 
>PGP's reputation, and my repuitation (which is tied to PGP), depends
>of people trusting the quality of encryption algorithms and protocols
>that I have carefully selected for PGP, using all of my knowledge and
>experience.  If someone were to put a new encryption algorithm into
>PGP without my permission, it could serve to tarnish the reputation
>that PGP has earned over the years.
 
I am a little confused about this statement. The following (2)
paragraphs came from the a pgp.c source file.  So, I don't see
that my small changes can damage your reputation.
 
    (c) Copyright 1990 by Philip Zimmermann.  All rights reserved.
    The author assumes no liability for damages resulting from the use 
    of this software, even if the damage results from defects in this 
    software.  No warranty is expressed or implied.  
 
    All the source code I wrote for PGP is available for free under 
    the "Copyleft" General Public License from the Free Software 
    Foundation.  A copy of that license agreement is included in the 
    source release package of PGP.
 
>Accordingly, I do not approve of anyone modifying the cryptographic
>characteristics of PGP.  PGP and Pretty Good Privacy are my trademarks,
>and their good name is trusted the world over because of the care that 
>I have exercised in selecting its algorithms.
 
I believe that you have released the pgp software under the Free
Software Foundation "Copyleft" License.
 
>If you'd like to write your own cryptographic utility, using your own
>algorithms and protocols, I have no problem with that.  But I do not 
>want my program, my documentation, my name, and my trademarks, to be
>used for products that may have flawed algorithms.
 
Let me show you a paragraph from the "Copyleft" License that you
released the pgp program under.
 
    The license agreements of most software companies try to keep users
    at the mercy of those companies.  By contrast, our General Public
    License is intended to guarantee your freedom to share and change free
    software--to make sure the software is free for all its users.  The
    General Public License applies to the Free Software Foundation's
    software and to any other program whose authors commit to using it.
 
>I also have no problem with you modifying PGP for your own private
>use, if you like to experiment with new algorithms of your own design.
>But I do not want you to distribute such a program to others, if it uses
>my code, my manuals, my name, and my trademarks.  It could hurt my
>reputation and PGP's reputation.
 
I guess that I will have to quote (2) more paragraphs from the
"Copyleft" License that you released the pgp program under.
 
    When we speak of free software, we are referring to freedom, not
    price.  Specifically, the General Public License is designed to make
    sure that you have the freedom to give away or sell copies of free
    software, that you receive source code or can get it if you want it,
    that you can change the software or use pieces of it in new free
    programs; and that you know you can do these things.
 
    To protect your rights, we need to make restrictions that forbid
    anyone to deny you these rights or to ask you to surrender the rights.
    These restrictions translate to certain responsibilities for you if you
    distribute copies of the software, or if you modify it.
 
>If I am misinformed on this subject, please let me know and accept
>my apology for assuming too much.  Otherwise, I'd like you to remedy
>the situation.  Please let me know what has happened and what we can
>do about it.
 
I believe that you may by misinformed.  I hope that I have made my
position clear. You relesased the pgp program under the "Copyleft"
License. I have the right to change the software or use pieced of it.
I am protected from you trying to deny me those rights.
 
>Sincerely,
>Philip Zimmermann
>prz at acm.org
 
Sincerely,
Tom Rollins
<trollins at debbie.telos.com>






From nobody at shell.portal.com  Wed Jul 13 20:32:33 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Wed, 13 Jul 94 20:32:33 PDT
Subject: PGP bastardization
Message-ID: <199407140333.UAA22254@jobe.shell.portal.com>


Philip Zimmermann <prz at acm.org> wrote:

> Accordingly, I do not approve of anyone modifying the cryptographic
> characteristics of PGP.  PGP and Pretty Good Privacy are my trademarks,
> and their good name is trusted the world over because of the care that 
> I have exercised in selecting its algorithms.

[comments deleted]

> cc:  Curtis Karnow
>      Landels, Ripley, and Diamond

My copy of PGP (v2.3a) came with the following notice:

>	   Pretty Good Privacy version 2.3a - READ ME FIRST
>			Notes by Perry Metzger
>		    Edited for 2.3a by Colin Plumb

[intervening material deleted]

> PGP is distributed under the terms of the GNU General Public 
> Licence, a copy of which is included.  In brief, this states that 
> PGP is freely distributable, subject only to the condition that 
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> if you make a modified version and choose to distribute it, you 
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> must make it freely distributable as well.  See the file COPYING 
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> for details.

What are your LEGAL grounds for attempting to retain "editorial 
control" over PGP, as commendable as your desire to maintain its 
integrity undoubtedly is?  The notice distributed with PGP itself 
seems to say otherwise -- only that modifications must also be 
freely distributable.  So why CC: your letter to what appears to 
be a legal firm?  Does the legal term "in terrorem" apply here? <g>






From snyderra at dunx1.ocs.drexel.edu  Wed Jul 13 20:49:48 1994
From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
Date: Wed, 13 Jul 94 20:49:48 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <aa4a62d00902101ede3a@DialupEudora>


At 9:43 AM 7/13/94, Paul J. Ste. Marie wrote:

>Of course, any machine with classified info on it would neither be on
>the net nor would it be connected to one that was.

In theory, anyway.  I do know of classified data having been on
unclassified machines before, generally by accident.  Comes from the fun
fact that unclassified datum A + unclassified datum B  can = classified
data C.

Bob

--
Bob Snyder N2KGO                                     MIME, RIPEM mail accepted
snyderra at dunx1.ocs.drexel.edu                       finger for RIPEM public key
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.







From snyderra at dunx1.ocs.drexel.edu  Wed Jul 13 20:49:50 1994
From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
Date: Wed, 13 Jul 94 20:49:50 PDT
Subject: House Rules Committee marks encryption bill as "open"
Message-ID: <aa4a63bf0a02101e1663@DialupEudora>


At 3:54 PM 7/13/94, Kent Borg wrote:
>"Shabbir J. Safdar" <shabbir at panix.com> wrote:
>>I phoned the House Rules comm. this morning.  They informed me that
>>the committee voted 5-4 earlier this week to allow amendments to the
>>General Export Administration Act on the House Floor.
>
>Stanton McCandlish <mech at eff.org> then copied it out to a zillion
>destinations.
>
>Aren't we looking a bit amateurish?

I'd called it "grassroots," myself.

>If EFF is going to make official requests for faxes and phone calls it
>should also make prompt official reports of the results.  I want us to
>be organized, I want us to look organized, I want the Congress to know
>we are organized.

Did the EFF actually make this call (for the House Rules lobbying)?  I
thought it was a different organization.  Stanton McCandlish has a tendancy
to forward anything vaguely EFF'ish to many, many places.  He also
forwarded that idiocy called "Telco Snooping" a while back.  Does that mean
the EFF supports/believes that?  I hope not, or my membership dollars (and
AT&T, and whoever else's) are being wasted.

If the EFF did make this call, I agree they need to be reacting a bit
quicker.  The ability to get information out quickly and fairly cheaply is
what the net/InfoBahn/Information Superhighway is all about.

Bob

--
Bob Snyder N2KGO                                     MIME, RIPEM mail accepted
snyderra at dunx1.ocs.drexel.edu                       finger for RIPEM public key
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.







From dcwill at ee.unr.edu  Wed Jul 13 20:57:38 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Wed, 13 Jul 94 20:57:38 PDT
Subject: PGP bastardization (fwd)
Message-ID: <9407140356.AA17966@solstice>



> 
> He has no legal comeback (ha, there's an interesting irony about the
> author of the world's leading piece of guerilla software...) and the
> most he can do is apply peer pressure to get the guy to back down.

The way I read it, he was concerned about including the hacked versions
under the "PGP" banner. With this, I agree. PGP and prz will always
be inseparable, and I sure wouldn't want someone to take something of
mine, change it into something I didn't like, and keep my name on it.
As a matter of respect and decency for anyone's work (and especially
prz's), a separate and distinct identity should accompany the changes.

=D.C. Williams








From mpd at netcom.com  Wed Jul 13 23:20:44 1994
From: mpd at netcom.com (Mike Duvos)
Date: Wed, 13 Jul 94 23:20:44 PDT
Subject: PGP bastardization (fwd)
In-Reply-To: <9407140356.AA17966@solstice>
Message-ID: <199407140620.XAA01600@netcom11.netcom.com>


Tom Rollins expresses his astonishment:

 > I was shocked to receive an E-mail from Phill Zimmermann.

 > I have pieced together a multiple cipher that consists of the
 > chain IDEA-TRAN-IDEA-TRAN-IDEA. Where IDEA is the same IDEA (128
 > bit key + 64 bit IV) algorithm that pgp uses and TRAN is a byte
 > transposition across the 4K buffer block (each tran uses 32 bit
 > key). Thus giving this multiple cipher a keyspace of 640 bits.

Can you spell O-V-E-R-K-I-L-L?  This might be an interesting
homework exercise but even 128 bits of keyspace is nowhere near
being exhausted by the set of passphrases contemplatable by the
average human.  Bigger is not always better or more useful.

Phil comments as follows:

 > PGP's reputation, and my repuitation (which is tied to
 > PGP), depends of people trusting the quality of encryption
 > algorithms and protocols that I have carefully selected for
 > PGP, using all of my knowledge and experience.  If someone
 > were to put a new encryption algorithm into PGP without my
 > permission, it could serve to tarnish the reputation that
 > PGP has earned over the years.

I have to agree with Phil here.  While the guts of PGP are
extremely useful for building other crypto applications, we
should avoid using the name PGP for anything other than the
products given that name by Phil and his assignees.

Otherwise, PGP's reputation will almost certainly be diluted by
association with large numbers of derivative applications, which
although useful, have not already proven themselves over time in
the same way that PGP has.

A good example of this is the popular disk encryption utility
which uses an MD5 passphrase hash and IDEA/CFB encryption similar
to PGP's conventional encryption mode.  As "Secure Drive", it is
a valuable addition to our privacy arsenal.  Calling it
"PGPDrive", on the other hand, would not have been a good idea.

We do not need a zillion other products with names like PGPPhone,
PGPTerm, PGPmail, and numerous hacked versions of PGP itself
floating around if we are to keep PGP synonymous in the public
mind with a single unambiguous gold standard for privacy and strong 
crypto.  

What Tom has done may or may not be a good idea, but he should call
it something that doesn't have PGP in the name.

TomCrypt perhaps? :)

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From mod at netcom.com  Wed Jul 13 23:32:12 1994
From: mod at netcom.com (Messenger)
Date: Wed, 13 Jul 94 23:32:12 PDT
Subject: Remailers and chain!
Message-ID: <199407140632.XAA03643@netcom3.netcom.com>


I need a list of all applicable Cypherpunk remailers to use in 
conjunction with Chain... I've been out of the loop for a while now and 
need to get my info updated!




From mpd at netcom.com  Wed Jul 13 23:36:24 1994
From: mpd at netcom.com (Mike Duvos)
Date: Wed, 13 Jul 94 23:36:24 PDT
Subject: PGP bastardization (fwd)
In-Reply-To: <199407140158.CAA19389@an-teallach.com>
Message-ID: <199407140628.XAA02433@netcom11.netcom.com>


Graham Toal writes:

> While I sympathise 100% with prz's annoyance at this hack, I should
> remind him that he *did* put pgp out under the GPL and anyone is free
> to modify it in any way they chose as long as they too release it
> under the GPL.

> He has no legal comeback

I'm not so sure.  The code was released under the GPL.  The names PGP, 
Pretty Good Privacy, and Phil's Pretty Good Software were not.  

People can make anything they want out of the code, as long as they 
also release it under the GPL and call it something else.

Doesn't seem like a major artistic limitation.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From kentborg at world.std.com  Wed Jul 13 23:49:49 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 13 Jul 94 23:49:49 PDT
Subject: House Rules Committee marks encryption bill as "open"
Message-ID: <199407140649.AA00716@world.std.com>


snyderra at dunx1.ocs.drexel.edu writes:
>Did the EFF actually make this call (for the House Rules lobbying)?
>I thought it was a different organization.

It appeared to me that some individual phoned up the committee.
That's cool, I thank him.  My gripe is that it was EFF* that made the
big stink to get us to send faxes in the first place.  The people who
started the stink should follow up.


-kb

* Possible "the Kent who can't keep his FLAs straight" retraction: If
it was really CPSR that publicized the need for faxes and phone calls
I will take back all the nasty things I said about EFF in this and my
last message and apply them to CPSR--or EPIC (sp?) or whomever it was.
All I know is it was not some guy on Panix who sent out the Big Call.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From jgostin at eternal.pha.pa.us  Wed Jul 13 23:52:32 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 13 Jul 94 23:52:32 PDT
Subject: (None)
Message-ID: <940713233138W2Wjgostin@eternal.pha.pa.us>


gtoal at an-teallach.com (Graham Toal) writes:

> He has no legal comeback (ha, there's an interesting irony about the
> author of the world's leading piece of guerilla software...) and the
> most he can do is apply peer pressure to get the guy to back down.
     OTOH, we owe it to him to respect his opinion. If he didn't have the
guts to create the tool, this conversation would be moot. I say that we
should respect his wishes, and not bastardize PGP, if only not to
discourage other people to write "risky" software


                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From norm at netcom.com  Thu Jul 14 00:29:34 1994
From: norm at netcom.com (Norman Hardy)
Date: Thu, 14 Jul 94 00:29:34 PDT
Subject: Idle question...
Message-ID: <199407140729.AAA13105@netcom.netcom.com>


At 09:12 1994/07/13 +1000, Ian Farquhar wrote:
... Quoting someone else
>
>BTW, the algorithm leaked, it was not reverse engineered.  I do not expect
>SKIPJACK to leak, as it's distribution would be VERY limited, even within
>the NSA and chip houses.  Even A5 was reputed to be known to only 2 or 3
>people within Motorola.
...
How many have access to the masks?







From tcmay at netcom.com  Thu Jul 14 01:04:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 14 Jul 94 01:04:37 PDT
Subject: TC May's policy change proposal
In-Reply-To: <940713182417q8qjgostin@eternal.pha.pa.us>
Message-ID: <199407140804.BAA13576@netcom3.netcom.com>



> > This list is not a place to ask 500-600 people "What's so bad about
> > Clipper?" or "Can't the NSA break any cipher with enough effort?"
>      Do you mean to imply that "Everything" and "Yes" aren't good enough
> answers from 500-600 people? :-)
> 
>                                    --Jeff

No, because the correct answer to the second question is not "Yes,"
but is clearly "No."

I refer readers to the sci.crypt FAQ, the RSA FAQ, or books such as
"Applied Cryptography." (Hint for those who don't want to: one time
pads (Vernam ciphers) and things like RSA with 1000-digit moduli.)

("Enough effort" can be interpreted in a circular way to ensure the
answer is 'Yes," as a truism. This is meaningless, if "enough effort"
is impossible to achieve, as with OTPs, or is beyond the energy in the
universe. If "enough effort" is interpreted to mean theft or rubber
hose crytanalysis, all bets are off. But most people who ask the
question I cited don't mean these loopholes.)


--Tim


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From karn at qualcomm.com  Thu Jul 14 02:39:30 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 14 Jul 94 02:39:30 PDT
Subject: "True Names," chat with Vinge, and Cypherpunks
In-Reply-To: <9407131332.AA13124@snark.imsi.com>
Message-ID: <199407140938.CAA25784@servo.qualcomm.com>


>Considering that we couldn't manage to get JI and Matt Blaze on for
>the swIPe session, if anyone really wants to do this it should be
>worked on several days in advance of the meeting...

Yeah, sounds like a clean sweep. I spent Saturday afternoon trying to
get the mbone working on my workstation. I was unsuccessful. (It
hasn't worked ince I upgraded to a Sparc 10, not that I spent much
time on it before). I strongly suspect that our $#@!! firewall was to
blame.

Puncturing fascist firewalls was one of the reasons I suggested swIPe
in the first place...

Phil





From karn at qualcomm.com  Thu Jul 14 02:42:58 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 14 Jul 94 02:42:58 PDT
Subject: MAKE.MONEY.FAST
In-Reply-To: <9407131424.AA13455@snark.imsi.com>
Message-ID: <199407140942.CAA25788@servo.qualcomm.com>


>I'm afraid that you just published the idea, Mike, so only you can
>patent it in the US during the next 12 months. Outside the US, its now
>unpatentable.

When has that ever stopped the Patent Office? I have had the bitter
experience of openly publishing an idea (a protocol for wireless LANs)
with the intent that it pass into the public domain. With much
surprise did I learn that Proxim, Inc, had filed for and was granted a
patent on the same exact thing, despite their filing date being more
than a year after the publication of my paper.

By the way, I notice that the Patent Office is taking comments until
August on whether their standards for nonobviousness should be
tightened. (Is the Pope Polish?) Here's your chance, although after
the way NIST totally ignored our comments on clipper, I don't know
what good it will do...

Phil





From bart at netcom.com  Thu Jul 14 03:38:21 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Thu, 14 Jul 94 03:38:21 PDT
Subject: ecash-info (fwd)
Message-ID: <199407141038.DAA11356@netcom4.netcom.com>


Forwarded message:


From gtoal at an-teallach.com  Thu Jul 14 04:36:09 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 14 Jul 94 04:36:09 PDT
Subject: PGP bastardization (fwd)
Message-ID: <199407141135.MAA07467@an-teallach.com>


	From: Mike Duvos <mpd at netcom.com>

	> He has no legal comeback

	I'm not so sure.  The code was released under the GPL.  The names PGP, 
	Pretty Good Privacy, and Phil's Pretty Good Software were not.  

	People can make anything they want out of the code, as long as they 
	also release it under the GPL and call it something else.

	Doesn't seem like a major artistic limitation.

Yes, I agree with everyone who says prz has the right to insist that tr
changes the name of the program.  But prz's mail was *much* stronger than
that and he was demanding editorial control of the code and the manner
in which it was used.  (Reread his letter if you missed that bit).  That's
what I'm saying he has lost by issuing the code under the GPV.

(I'm not gloating - I wish he *could* have the right to do what he likes
with his code, I'm just pointing out the facts - it's too late.)

G





From mab at crypto.com  Thu Jul 14 05:08:20 1994
From: mab at crypto.com (Matt Blaze)
Date: Thu, 14 Jul 94 05:08:20 PDT
Subject: Idle question...
In-Reply-To: <199407140729.AAA13105@netcom.netcom.com>
Message-ID: <199407141208.IAA09141@crypto.com>



>At 09:12 1994/07/13 +1000, Ian Farquhar wrote:
>... Quoting someone else
>>
>>BTW, the algorithm leaked, it was not reverse engineered.  I do not expect
>>SKIPJACK to leak, as it's distribution would be VERY limited, even within
>>the NSA and chip houses.  Even A5 was reputed to be known to only 2 or 3
>>people within Motorola.
>...
>How many have access to the masks?
>
>

Assuming you're asking about the masks for the chips that implement
Skipjack (Clipper and Capstone), probably lots of people.  The
masks themeselves aren't classified (but are covered by standard
trade secret law).  But the masks alone won't help much.  According
to NSA, "part of the algorithm", probably including the configuration
tables for the S-boxes, is burned in to the chips in the secure
vault during the classified escrow programming session.  See my
February comp.risks post, "Notes on Key Escrow Meeting with NSA",
for more details.  (I think it's available somewhere in the
ftp.eff.org archive.)

If you're asking about A5 then I have no idea.

-matt





From solman at MIT.EDU  Thu Jul 14 05:22:17 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 14 Jul 94 05:22:17 PDT
Subject: How broad are PKP's patents?
Message-ID: <9407141221.AA06311@ua.MIT.EDU>


Or more specifically, I'm interested in how broad PKP thinks they
are. I understand that they claim all public-key systems, but am
I correct that that claim is based entirely on the Diffie-Hellman
patent expiring in April, 1997?

Is Shamir's three-pass protocol as presented on page 376 in
applied cryptography covered?

If you you used his protocol with the RSA-like symetric algorithm
suggested, is it covered under the RSA patent? Would an elliptic
analog of this be secure?

Are there other cryptographically secure communtative symetric
ciphers that could be used in Shamir's three pass protocol?
Being able to use this without infringing on any patents would
effectively obviate the need for public key cryptography outside
of authentication.

What about probabilistic encryption using a BBS generator? Does
RSADSI claim that because it too depends on the computational
hardness of factoring?

Thanks in advance,

Jason W. Solinsky





From solman at MIT.EDU  Thu Jul 14 05:22:19 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 14 Jul 94 05:22:19 PDT
Subject: Probabilistic Encryption
Message-ID: <9407141221.AA06316@ua.MIT.EDU>


How secure do you guys think Probabilistic encryption using a BBS generator
is? It looks like its every bit as good for key exchanges as RSA and somewhat
better because of its speed.

Would I compromise the security of the algorithm if I modified it to take
the maximum number of random bits from each itteration of the BBS RNG
and made the corrosponding changes in the encryption algorithm this
making it faster?

How dangerous is it (looking at system wide security) to generate the
random bits ahead of time? Is it overkill to disable swaping from the
location the random bits are held in? (keeping in mind that disabling
swapping is a major pain since it is system specific).

Thanks,

JWS







From solman at MIT.EDU  Thu Jul 14 05:22:20 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 14 Jul 94 05:22:20 PDT
Subject: Why triple encryption instead of split+encrypt?
Message-ID: <9407141221.AA06307@ua.MIT.EDU>


Why do people do tripple DES and *shudder* tripple IDEA
instead of doing some form of non-redundant secret splitting
and then encrypting with multiple keys.

For example, instead of triple DES, why not

A) divide the compressed plaintext into blocks of n*64 (where n=2 in the
   simple example, higher in the overkill examples)

B) Split each block into n parts such that:

     i)   The splitting can be reversed.
     ii)  During the inverse of the splitting each bit in the plaintext is
          dependent on several bits from each of the parts of the splittext.
     iii) The total number of bits in the splittext is the same as in the
          plaintext.
    
   The last point will make this form of secret spliting relatively
   insecure, but that's OK for this application (I think, this is
   really what I'm asking you.)

C) Now, for each n*64 bit block you have n blocks of 64 bits. Hook these
   together in n chains and encrypt with DES with different keys in CBC,
   CFB or OFB mode.

D) Unencrypt on the other end.

You can make the key size arbitrarily large and it takes much less time
than triple DES and its immune to meet in the middle attacks. So why do
we use triple DES?

If I am wrong about the security of point B-iii, am I correct that by
switching to a secure secret splitting algorithm and setting n=2, we
still get faster performance for the same cryptanalytical hardness as
triple DES?

Cheers,

JWS





From m5 at vail.tivoli.com  Thu Jul 14 05:26:34 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 14 Jul 94 05:26:34 PDT
Subject: INFOBAHN PANEL SEES WORLD THROUGH [..] BLINDERS
In-Reply-To: <9407132157.AA06537@bilbo.suite.com>
Message-ID: <9407141226.AA07305@vail.tivoli.com>



Jim Miller writes:
 >                             And computer software has an
 > exemption from the first-sale doctrine. Otherwise, to use
 > the prior analogy, Alice could rent out the software to
 > Fred and his 15 best buddies, who would then produce
 > perfect copies for their own use.

Uhh...  Why is it that I see Sega & Nintendo cartridges on the shelves
of all my local video rental outlets?  Is it the case that only
software on certain media is "protected"?

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From stu at nemesis.wimsey.com  Thu Jul 14 06:00:32 1994
From: stu at nemesis.wimsey.com (Stuart Smith)
Date: Thu, 14 Jul 94 06:00:32 PDT
Subject: PGP Bastardization
Message-ID: <2e253102.nemesis@nemesis.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

>>If you read the "Snake Oil" section of the PGP User's Guide, then you
>>know how I feel about amateur cryptographer's encryption algorithms
>>that have not been subjected to extensive peer review.
 
>Well, It is true that I am _not_ being paid for this software. It
>is my hobby. And I don't care how you feel about my hobby.
>Please feel free to make any constructive comments about the
>algorithm.
 
The time for constructive comments about a new algorithm such as
yours is *before* you release code.  IDEA and RSA were already
well respected ciphers before PGP was released.

>I believe that you may by misinformed.  I hope that I have made my
>position clear. You relesased the pgp program under the "Copyleft"
>License. I have the right to change the software or use pieced of it.
>I am protected from you trying to deny me those rights.
 
You may be correct in that Phil Zimmermann has no legal
recourse, but I counldn't say for sure.  I am more concerned
with the ethical issues.  What have you called your new
super-duper pgp?  If you make it abundantly clear that it is
*your* hack of pgp, and not supported in any way by RSA, MIT, or
prz, I personally wouldn't have a problem with it.

It is my feeling that cryptographic software is an entirely
different beast from other software released under such free
licenses.  If I improve or port some one's mail reader for
instance, out of *common courtesy*, the first thing I would do
is contact the author to let him know.  Any bugs in such a
program would make themselves readily apparent and users would
quickly learn whether or not my version was really an
improvement.  How is a user to know that his data has less of a
chance of being compromised using super-kool-pgp than prz's own
version?  The people reading his compromised mail certainly
aren't going to tell him that his cryptographic software has a
bug in it.

I think a lot of this issue has less to do with the law and more
to do with courtesy to fellow software authors.

- -- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiU/DKi5iP4JtEWBAQGpYAP+MD+AcoHHcfpOA+SFzWmOCZ1U1KVXt1zP
js1vq6v3tmbA5tXBJzHptnSDIIdPWwuiNL/4rgD8eXVVdaeCVloqz38U1Gk5KWnZ
N4C8X2opaiOG6azU58upqzeEnmHJXvD2K0Mr3nZZMMhvu+ANdAxdVxSNuj5WaJoH
dJq596n4gpk=
=716m
-----END PGP SIGNATURE-----





From aims at ext.jussieu.fr  Thu Jul 14 06:08:56 1994
From: aims at ext.jussieu.fr (karl VAN METER)
Date: Thu, 14 Jul 94 06:08:56 PDT
Subject: New National ID Card Proposal
Message-ID: <199407141307.PAA06915@idf.ext.jussieu.fr>


Received here in Germany. Many thanks,
Olivier





From jims at Central.KeyWest.MPGN.COM  Thu Jul 14 06:43:37 1994
From: jims at Central.KeyWest.MPGN.COM (Jim Sewell)
Date: Thu, 14 Jul 94 06:43:37 PDT
Subject: PGP bastardization
In-Reply-To: <199407140333.UAA22254@jobe.shell.portal.com>
Message-ID: <9407141343.AA02457@Central.KeyWest.MPGN.COM>


<In mail nobody at shell.portal.com said:>
> 
> What are [prz's] LEGAL grounds for attempting to retain "editorial 
> control" over PGP, as commendable as your desire to maintain its 
> integrity undoubtedly is?  The notice distributed with PGP itself 
> seems to say otherwise -- only that modifications must also be 
> freely distributable.  So why CC: your letter to what appears to 
> be a legal firm?  Does the legal term "in terrorem" apply here? <g>

	The issue is not one of copyrights as much as of reputation.  If
	people believe that prz is a lousy security consultant as a result
	of irresponsible hacks made on PGP then his reputation has been
	damaged and therefore he is entitled to restitution.  

	Note:  I'm not implying that Tom's hacks are irresponsible since 
		   I've not seen them.  Simply that if they are then prz has
		   right to 'make a case'

	Jim
-- 
 Tantalus Inc.          Jim Sewell      Amateur Radio: KD4CKQ
 P.O. Box 2310          Programmer           Internet: jims at mpgn.com
 Key West, FL 33045     C-Unix-PC          Compu$erve: 71061,1027
 (305)293-8100                            PGP via email on request. 
 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3  C4 CF CD 9A 3E F9 4A 73




From perry at imsi.com  Thu Jul 14 06:44:20 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 14 Jul 94 06:44:20 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407141221.AA06307@ua.MIT.EDU>
Message-ID: <9407141343.AA17589@snark.imsi.com>



solman at mit.edu says:
> Why do people do tripple DES and *shudder* tripple IDEA
                   ^^^^^^^triple.

> instead of doing some form of non-redundant secret splitting
> and then encrypting with multiple keys.

Because people like algorithms that work quickly and don't expand
their data by a factor of two or three. As I've noted before, in spite
of protestations, the evidence is good that splitting and encryption
doesn't by you much over simple superencipherment.

Perry





From perry at imsi.com  Thu Jul 14 06:44:47 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 14 Jul 94 06:44:47 PDT
Subject: Probabilistic Encryption
In-Reply-To: <9407141221.AA06316@ua.MIT.EDU>
Message-ID: <9407141344.AA17598@snark.imsi.com>



solman at mit.edu says:
> How secure do you guys think Probabilistic encryption using a BBS generator
> is? It looks like its every bit as good for key exchanges as RSA and somewhat
> better because of its speed.

The technique you mention is not one I've heard of. What is a BBS
generator? Could you please explain?

Perry





From frissell at panix.com  Thu Jul 14 06:57:49 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 14 Jul 94 06:57:49 PDT
Subject: NATIONAL SECURITY PORN RISK
Message-ID: <199407141357.AA22955@panix.com>


>Is it time to move out of here? Does anyone have any suggestions of
>countries where things are better, not likely to get much worse as the U.S.
>decides to spread its brand of "democracy" even more universally, and which
>have not closed their doors to refugees from America?
>
> -- sidney markowitz <sidney at apple.com>
>    [In a pretty down mood at the moment]

Heinlein said it was time to move when some place instituted mandatory IDs.
This month's Money mag has an article on the increase in expatriation by
native-born US citizens as well as increasing interest in same.

Some places are more bureaucratic than here and some are less.  The best
place to move to in "nowhere".  That is, don't spend too much time in any
one country.  Local rules bite less on those who are just passing through.

Slick Willy will need congressional action on a mandatory ID although he may
be able to deploy a "US Card" for "Federal Benefits" administratively.  The
risk is that Congress is currently debating mandatory ID legislation without
mentioning it.  The Health Security Act (and some of the current variations)
includes a mandatory "Worker's ID" card that you will need to work for
someone else.  Slick Willy even proudly held it up on TV.  So we may get
mandatory ID without any Congressional debate.

The largest group of US citizens who will not be covered by any proposed
health plan: non-resident US citizens.  A word to the wise.

DCF

Desperately seeking libertarian New Hampshire resident for commercial
transaction.

Desperately seeking HTML expert for (paid) consulting and handholding.






From aba at dcs.exeter.ac.uk  Thu Jul 14 07:03:04 1994
From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk)
Date: Thu, 14 Jul 94 07:03:04 PDT
Subject: Source Code
Message-ID: <11761.9407141359@sirius.dcs.exeter.ac.uk>


I have myself speculatively created a PGP with 4096 bit keys, but not
distributed it, I just wanted to investigate the speeds of RSA
operations on 4096 bit keys.  I personally think that it is time for
PGP to move on to larger keys, the arbitrary limit of 1024 or 1264 or
whatever seems restrictive.  You should be able to use as much
security as you need without having to resort to hacked versions.

I have heard the figure of 3000 bits RSA being as hard to break as 128
bit IDEA, however I understand that IDEA is a relatively new algorithm
and has not seen nearly as much exposure to analysis as DES.  For this
reason I think that the proposed 3DEA code is probably in line with
going to 4096 bit keys.

If you were one of the people using DES under the impression that it
was good for many years you should be worried now as the cost of
breaking DES has been estimated at $1m.  No doubt in 10 years time
this figure will be achievable for much less cost.  How would you feel
when it gets to the stage that your messages could be cracked
overnight on a bit of spare workstation time?

For this reason I think that the next version of PGP should have the
ability to specify n IDEA rounds, and arbitrary RSA key sizes.  That
should get the problem overwith once and for all.  The attitude that
1024 bits should be good for the hundreds of years seems nieve and
similar to IBMs 640k limit on DOS at the time 640k no doubt seemed
like a *huge* ammount of memory, I'm now typing in a text editor which
has a binary of 1.8Mb, on a m/c with 80Mb main memory.

One more thing, I think that it should be developed *outside* of the
US, at least until that ITAR thing gets thrown out.

The argument that it would take a googol years to break PGP with
current hardware doesnt hold either as RSA is not proven to be
equivalent to factoring, and better factoring algorithms are
presumably still possible.

However for the people in the US there are still problems with sorting
out a license from PKP which allows unlimited key lengths, and for
these reasons it may be worth waiting to see if this can be achieved.

Adam






From nelson at crynwr.com  Thu Jul 14 07:42:04 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 14 Jul 94 07:42:04 PDT
Subject: Security is not free
Message-ID: <m0qOPCa-000I8LC@crynwr.com>


I think that a lot of people have forgotten that security is not free.
Sometimes the cost is economic, sometimes it is mental.  Even using
encryption with GNU Emacs's mailcrypt package is not free, because it
takes time to verify that you're using signatures and encryption and
keys correctly.  And, without a certain amount of paranoia, you're
going to do something stupid.

I think the NSA is forgetting that security is not free.  They're
restricting American companies from exporting encryption.  Yes, this
increases America's security by some amount.  However, the cost of
doing this means that overseas encryption is going to overseas
companies, not US companies.  And this amounts to several billion
dollars per year.  I think we need to make sure that Congress knows it
is spending several billion dollars of someone else's money, in return
for the very small amount of security gained by keeping American
encryption products out of the worldwide market.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What art thou doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From cme at tis.com  Thu Jul 14 07:50:05 1994
From: cme at tis.com (Carl Ellison)
Date: Thu, 14 Jul 94 07:50:05 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407141221.AA06307@ua.MIT.EDU>
Message-ID: <9407141449.AA19157@tis.com>


have you considered

	des | tran | des | tran | des ?





From gtoal at an-teallach.com  Thu Jul 14 09:21:20 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 14 Jul 94 09:21:20 PDT
Subject: Probabilistic Encryption
Message-ID: <199407141619.RAA13236@an-teallach.com>


: > How secure do you guys think Probabilistic encryption using a BBS generator
: > is? It looks like its every bit as good for key exchanges as RSA and somewhat
: > better because of its speed.

: The technique you mention is not one I've heard of. What is a BBS
: generator? Could you please explain?

BBS is Blum-Blum-Shub, a cryptographically strong RNG I believe.  (Haven't
looked at it personally).  How he plans using this in some way to get the
effect of an RSA public key system I have no idea.  I hope we're not about
to get the usual kiddy PRNG exor encryption lecture.  Some of the things the
guy said suggested maybe he does know what he's talking about, but his writing
style isn't inspiring.  Clue for the guy: other people haven't the foggiest
idea about what has been going round in your head for the last year.  Try
to give some context and set the scene in more general terms before you
dive into conjectures.  Otherwise you risk sounding slightly detached
from reality, as in the expression "So what color's the sky in _your_
world, then?"...  It may well be you've something useful to say, but
if you don't say it in the text one or two postings, you're in danger
of slipping into my mental kill-file mode where I gloss over your postings
without reading them properly.  I suspect others read cpunks mail in a
similar fashion.

G





From frissell at panix.com  Thu Jul 14 09:22:49 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 14 Jul 94 09:22:49 PDT
Subject: ID card from hell
Message-ID: <199407141622.AA29745@panix.com>


At 06:10 PM 7/12/94 -0700, Brad Dolan wrote:

>Prediction
>
>If Americans accept this, as I expect they will, we will
>see the following:
>
>Cops doing card-scan roadblocks, ostensibly to find drunks and
>immigrants.

Mandatory carry not (yet) proposed.  Also Ontario Driver's License should
suffice.

>A requirement to present your card and have a computer record kept
>after every financial transaction over, say, $100.

How to handle tourists/Canadians/etc.

>A requirement to present your card to get medical care.

Already in the Health Security Act.  Doesn't *prevent* treatment just
records it.  You can claim to be an illegal alien, etc. 

>Adoption of these cards as drivers' licenses.  Just a magnetic / 
>electronic data entry to indicate if you are authorized to drive.

Doesn't cover driver's licenses issued by any other nations which are also
legal for domestic driving (even by US citizens who are 'non-residents').

>Same thing for professional licenses.

Net competition for professional services will soon end licensure in any case.

>Card-scan to buy guns or ammunition - if you are allowed to buy
>them at all.

Perhaps true.

>Card-scan to buy potentially subversive tools, chemicals, books.

Books?  Doubtfull.  Again what about tourists.

>Card-scan on entry to or exit from the U.S.  Instant database 
>check to see if you are authorized to enter or leave the U.S. 

Possible although departure controls are unlikely (and may violate treaties
to which the US is signatory), entry controls will dissolve over time as
travel volume and economic integration swamps any control regime.  The US
currently has 40 million border crossings per year and has 'lost control'.
400 million will be even harder to control.

>Card-scan on entry to or exit from "special" areas:  an extra
>little security check before  you enter places the government
>is taking an extra interest in. 

Possible.  

>Mandatory presentation of card to get access to an internet-
>attached computer account.

Not a chance.

>Card-scan at your kids' school.

My kids school was outside the jurisdiction.  Home schools would be exempt
in any case.  When Purdy shot up the school in Stockton California I
wondered - perversely - why parents worried about the small risk of their
kids being shot at school when those same kids were guarranteed to be brain
damaged at that same school.

>Linked databases of parents and kids, to correlate child support
>payments, vaccination histories, academic performance, truancy, 
>antisocial attitudes, you name it.

When in doubt, deny your enemies a key field.  Make sure to display multiple
addresses, names, numbers.  

DCF

"If you already comply with other's demands for personal information about
you, how can you complain when they ask for more?" 






From perry at imsi.com  Thu Jul 14 09:31:41 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 14 Jul 94 09:31:41 PDT
Subject: Probabilistic Encryption
In-Reply-To: <199407141619.RAA13236@an-teallach.com>
Message-ID: <9407141627.AA17963@snark.imsi.com>



Graham Toal says:
>>> How secure do you guys think Probabilistic encryption using a BBS
>>> generator is? It looks like its every bit as good for key
>>> exchanges as RSA and somewhat better because of its speed.
> 
>> The technique you mention is not one I've heard of. What is a BBS
>> generator? Could you please explain?
> 
> BBS is Blum-Blum-Shub, a cryptographically strong RNG I believe.

Ah, the Blum-Blum-Shub generator is familiar to me. However, how can
you possibly use this for key exchange?

> How he plans using this in some way to get the effect of an RSA
> public key system I have no idea.  I hope we're not about to get the
> usual kiddy PRNG exor encryption lecture.

Ditto.

Perry





From info at DigiCash.nl  Thu Jul 14 10:09:46 1994
From: info at DigiCash.nl (DigiCash Information)
Date: Thu, 14 Jul 1994 10:09:46 CET
Subject: ecash-info
Message-ID: <2e2500db.herman@DigiCash.nl>

DigiCash update:

We plan to start an ecash trial on the Internet this summer. If you
are interested in participating in the trial, please contact us at
ecash-beta at digicash.support.nl, and include in your message whether
you want to 'buy' services on the net or whether you want to 'sell'
services (this will only be possible in the second phase of the
trial). Please note that some of the information on the Web server is
currently data protected and will become available to the people
participating in the trial.

If you don't want to participate in the trial, but do want to be kept
informed of the latest developments, and haven't already done so,
please let us know more about the nature of your interest, and at
least which of the following categories fits best:

   (a) potential acceptor of electronic cash for services offered
       over the network, 

   (b) potential provider of electronic cash service itself to other
       network service providers, 

   (c) member of the press, or

   (d) interested in the technology for other purposes.

Very kind regards,


David Chaum
Managing Director

----------------------------------------------------------------------
DigiCash bv               info at digicash.nl
Kruislaan 419             tel +31 20 665 2611
1098 VA  Amsterdam        fax +31 20 668 5486
The Netherlands           http://digicash.support.nl
----------------------------------------------------------------------






From rfb at lehman.com  Thu Jul 14 10:35:02 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 14 Jul 94 10:35:02 PDT
Subject: PGP bastardization (fwd)
In-Reply-To: <199407140628.XAA02433@netcom11.netcom.com>
Message-ID: <9407141730.AA11498@fnord.lehman.com>


-----BEGIN PGP SIGNED MESSAGE-----

    From: mpd at netcom.com (Mike Duvos)
    Date: Wed, 13 Jul 1994 23:28:08 -0700 (PDT)
    
    The code was released under the GPL.  The names PGP, Pretty Good
    Privacy, and Phil's Pretty Good Software were not.
    
    People can make anything they want out of the code, as long as they 
    also release it under the GPL and call it something else.
    
- From readme.doc:

  PGP is distributed under the terms of the GNU General Public Licence

How is it that you come to the conclusion that only the part of PGP
which is the code is covered by GPL and not the part of PGP which is
the name?  Gee, maybe we should refer to all that GPL case law
precedent to resolve this :-)

			Rick

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiV2MpNR+/jb2ZlNAQG1awQAoxC5lpKVwIfuj0YXBg7RdeT4lMYSyTrg
EFeKBKumiXmpSEqVQQzf1UqRJ5o7azuLhctWrYWkXBzj9c18T1azU5nZKKnhAAGn
FaCs/iFq1hBSAqxSEUkIJVDhgDSrf7WkMh7gh4tm5zfU51uw8goS8aPpay8iCPIL
fYyEd5ViLxM=
=WG2n
-----END PGP SIGNATURE-----





From rfb at lehman.com  Thu Jul 14 10:35:46 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 14 Jul 94 10:35:46 PDT
Subject: (None)
In-Reply-To: <940713233138W2Wjgostin@eternal.pha.pa.us>
Message-ID: <9407141735.AA11602@fnord.lehman.com>


    From: Jeff Gostin <jgostin at eternal.pha.pa.us>
    Date: Wed, 13 Jul 1994 23:31:38 EST

         OTOH, we owe it to him to respect his opinion. If he didn't have the
    guts to create the tool, this conversation would be moot. I say that we
    should respect his wishes, and not bastardize PGP, if only not to
    discourage other people to write "risky" software

Definitely.  While I don't believe that Phil has legal grounds to make
Tom stop bastardizing PGP, I think that he has every right to protect
his reputation and proclaim loudly that he considers Tom's
modifications snake oil, etc.

I suspect that most people would respect Phil's wishes in this area,
but the cat's out of the bag as far as legally enforcing those wishes.

			Rick





From doug at OpenMind.com  Thu Jul 14 10:40:18 1994
From: doug at OpenMind.com (Doug Cutrell)
Date: Thu, 14 Jul 94 10:40:18 PDT
Subject: Key length security (calculations!)
Message-ID: <1CA23B34695@BlueSky.OpenMind.com>


Tim Mays writes:

>I refer readers to the sci.crypt FAQ, the RSA FAQ, or books such as
>"Applied Cryptography." (Hint for those who don't want to: one time
>pads (Vernam ciphers) and things like RSA with 1000-digit moduli.)
>
>("Enough effort" can be interpreted in a circular way to ensure the
>answer is 'Yes," as a truism. This is meaningless, if "enough effort"
>is impossible to achieve, as with OTPs, or is beyond the energy in the
>universe. If "enough effort" is interpreted to mean theft or rubber
>hose crytanalysis, all bets are off. But most people who ask the
>question I cited don't mean these loopholes.)

I have seen Tim posting statements to this effect many times, and because
he is one of the more well respected and listened to voices on the list, I
feel it important to examine this in some detail.  While I agree that 1000
bit moduli in RSA is adequate protection *in all probability*, for even
national security secrets, I think it is far from clear that this will
definitely be true 10, or even 5 years from now.  Instead of just waving
vague generalities around, though, let's do some nitty gritty calculations:

The people who cracked RSA-129 themselves have stated that they believe a
1024 bit modulus is at most 20,000 to 2,000,000 times more difficult to
crack than RSA-129.  For example, I recall Derek Atkins posting that he
estimated a 1024 bit key to be 40,000 times harder than a 512 bit key,
although I didn't save the posting.  And Paul Leyland of Oxford posted:

>RSA-129 is 425 bits; rather harder than 384-bit numbers.  We estimate
>that 512-bit keys are about 20 times harder than RSA-129, if a more
>efficient but available algorithm is used.  No-one knows how much
>harder 1024-bit numbers are, but they will be no where near a trillion
>times harder than 384-bit keys.  Best estimates suggest that 1024-bit
>numbers are about 10^4 to 10^5 times harder than 512-bit numbers.

OK, so the people in the civilian world working on this today say it is
possible that a 1024 bit key is only 20,000 times harder than RSA-129
*using known algorithms*.  Now let's really get our hands dirty:  cracking
RSA-129 was estimated to take 5000 mips years.  The  NAL NWT 2/140 computer
installed at the National Aerospace lab in Tokyo is estimated at 357 Cray
YMP equivalents.  I estimate this to be equivalent to 200 Gips for the
purposes of this computation (this is possibly where I am most off).  5000
mips years = 1.58 X 10^17 instructions.  This comes out to 9.13 days on the
NAL NWT 2/140.  If my estimates above are correct, scaling up to the 7400
Cray equivalent computer due to be installed 4Q95, from the 357 Cray
equivalent above, we go down to 10.5 hours.  This is all for the RSA-129,
of course.

Still sounds pretty safe so far... if it really takes at least 20,000 times
as long to crack a 1024 bit modulus, then it would still take the 7400 C.E.
(Cray Equivalent) computer 24 years to crack a 1024 bit number.  BUT, the
biggest worry is that no one knows how good the NSA's factoring algorithms
are.  I read recently that the NSA is the world's largest employer of
mathematicians.  The relative improvement in factoring algorithms since the
introduction of the RSA-129 problem, to its factoring almost 20 years
later, far exceed even the exponential increase in computer speed over that
same period of time.  (5 orders of magnitude?  more?)  We have no way of
knowing how many orders of magnitude leeway we have, because as the moduli
get larger, the factoring algorithm gets more and more important.  Suppose
the NSA has four orders of magnitude on us in the efficiency of their
factoring algorithms.  In that case, they might be able to crack a 1024 bit
key as early as the end of 1995.  (20,000 X 10.5)/10^4 hours = 21 hours
required).  Granted, this may not be likely, but I think we have to take
the possibility seriously.  At this point, 1024 bit keys cease to be secure
for matters of critical national security (but still good for everything
else).  Now let's continue with our worst case scenario... suppose that
computer speed doubles every 3.3 years over the next decade, and that
further algorithmic breakthroughs continue to at least match this rate of
doubling (not likely, perhaps, but *possible*).  Then just one decade
later, in 2005, the computer power of the NSA is 8 times greater, and the
algorithms are 8 times faster, for a total speed increase of 64.  At this
point, they could crack a 1024 bit key in just 20 minutes (using all their
resources), or 72 keys per day.  At this point, I start to be uncomfortable
trusting my security to a 1024 bit key length.

So, it seems *possible*, even if by no means probable, that a 1024 bit key
length is only good for the next decade or so.  My intent is not to foster
paranoia, but cypherpunks, of all people, should take as critical a view of
key length security as possible.

I suggest that people who state that the want 1200 bit or even 2000 bit key
sizes in PGP be no longer ridiculed... the issue is subjective, as we have
no way of knowing what the NSA's factoring algorithms are like.

Doug

___________________________________________________________________
Doug Cutrell                    General Partner
doug at OpenMind.com               Open Mind, Santa Cruz
===================================================================







From tcmay at netcom.com  Thu Jul 14 10:58:02 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 14 Jul 94 10:58:02 PDT
Subject: Probabilistic Encryption
In-Reply-To: <9407141344.AA17598@snark.imsi.com>
Message-ID: <199407141758.KAA18418@netcom9.netcom.com>



> solman at mit.edu says:
> > How secure do you guys think Probabilistic encryption using a BBS generator
> > is? It looks like its every bit as good for key exchanges as RSA and somewhat
> > better because of its speed.
> 
> The technique you mention is not one I've heard of. What is a BBS
> generator? Could you please explain?
> 
> Perry

Blum-Blum-Shub, a very strong random number generator, where guessing
the next bit is basically as hard as factoring some very large number.

It's main problem is that it's slow. 

Schneier has some actual code for implementing it in C.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Thu Jul 14 11:36:46 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 14 Jul 94 11:36:46 PDT
Subject: ID card from hell
In-Reply-To: <199407141622.AA29745@panix.com>
Message-ID: <199407141835.LAA25403@netcom9.netcom.com>


The ID card issue that has been brewing, and recently is showing signs
of coming to a boil, is one of the most important issues we face. Far
more insidious than Clipper, if a universal "smart card" is injected
into all sorts of transactions and interactions. You all know what I
mean: one's cash/ATM card is issued by the government (with a
countersign by the bank), health card, passport, etc.

But here I want to refute Duncan's refutation, so I will quote highly selectively:

...
> Mandatory carry not (yet) proposed.  Also Ontario Driver's License should
> suffice.
...
> How to handle tourists/Canadians/etc.
...
> Already in the Health Security Act.  Doesn't *prevent* treatment just
> records it.  You can claim to be an illegal alien, etc. 
...
> Doesn't cover driver's licenses issued by any other nations which are also
> legal for domestic driving (even by US citizens who are 'non-residents').
...
> Books?  Doubtfull.  Again what about tourists.

Etc.

Many of Duncan's refutations boil down to "What about tourists?"

The answer for the Feds is simple: temporary ID cards for tourists.

This has several aspects, and solves (for them) several pressing
problems:

1. Tourists entering the U.S. (and ditto for what other countries do)
are issued a temporary ID card at Customs. ("What about Canadian and
Mexican entry points?" They already stop drivers, albeit briefly, and
a $20 entry fee for non-citizens would cover quick generation of a
temporary ID, complete with photo, hologram, barcode, all the usual
junk.)

2. This temporary ID acts as a time-valued visa, good for 3 months, 6
months, "Green Card," etc. It times out, either locally (chip--not
such a great idea, technically) or in a data base (much more probably,
for security reasons, speeds of networks, etc. reasons).

3. The card acts essentially like the one citizen-units would receive,
perhaps not fully authorizing certain things.

Comment: It is not too much "work" to generate such a temporary ID,
especially with a "reasonable" entry fee. Nor would it slow down
border crossings in a way that would threaten massive
complainings...most border crossers would already have the cards, or
would with time have them. Those that don't, would be shunted aside as
the crossings, as part of Customs entry, to be photographed,
fingerprinted, etc. The anti-terrorism folks will like this, so will
Immigration and Naturalization, etc. The only complainers--aside from
ideological opponents like us--will be those intending to overstay
their visas (which this will help to stop--the card will cease to be
valid and the holder will find himself cut off from ATM machines,
employment, and schools for his children (no big deal, I hear Duncan
say, but consider the implications for most people, the visibility of
"truant" children, the day-care issues, etc....for most immigrant
families, this would be a devastating economic blow, and would likely
"out" them).

4. Employers, even for casual work, would be required to check these
cards, possibly even "work credentials" would have to be negotiated
jointly at some office. (I haven't thought too much about the details,
but I'm beginning to. And the possibilities are diabolically clever.
Just as "permits" are so often necessary in these Beknighted States,
so too could such mutually arranged work permits be required. Solves
the "Zoe Baird" problem and helps to surface the underground economy.
Electronic "point of sale" terminals, similar to cash machines, could
make this "painless." Even if cash is not outlawed--a different, and
even more controversial topic--such "work permits" could be enforced
in various way. Frankly, they already _are_. For example, here in
California I would be happy to pay some Mexicans to do yard work...but
I avoid this because of reports of stings, arrests, prosecutions, and
heavy fines. (The Beknighted States, as not all of you may be aware
of, operates on the principle of Deep Pockets Terror: those with the
money are soaked with heavy fines and threats of civil forfeiture. The
tax authorities then get involved, collecting back taxes the employer
was supposed to withold (funny, I thought it was my leaf-raker Juan's
job to settle up with the IRS?), assessing fines and collection fees,
and so on. Others, like Social Security, also get into the act.)

Well, this is getting too long, so I'll close.

I basically agree with Duncan's noble sentiments. I just don't think
it likely  that the "What about the tourists?" argument will stop the
national ID juggernaut once it begins to move.

And other countries, already enamored of tight controls, passports (I
had to surrender my passport at many hotels in Europe...multiple
purposes for this, of course)., etc., will likely play ball with the
U.S. on such an ID card.

Thanks to Duncan for giving me a place from which to launch this
essay.

And everyone go out and read or reread Brunner's "The Shockwave
Rider."

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hughes at ah.com  Thu Jul 14 12:07:09 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 14 Jul 94 12:07:09 PDT
Subject: Probabilistic Encryption
In-Reply-To: <199407141619.RAA13236@an-teallach.com>
Message-ID: <9407141841.AA16182@ah.com>


   I hope we're not about
   to get the usual kiddy PRNG exor encryption lecture. 

A PRNG XOR-ed with a data stream is a perfectly good stream cipher,
provided the PRNG is sufficiently strong.  It's that sufficiently
strong part that usually goes wrong.  LFSR doesn't cut it (Linear
Feedback Shift Register).  Neither does LC (Linear Congruential).  I
should point out that these are both iterates of 

	x_{i+1} = x_i * A + B (mod C)

where the domain is Z_2[x] (polynomials with coefficients mod 2) for
LFSR and Z (integers) for LC.

Blum-Blum-Shub makes a very good stream cipher, even with just XOR.

For those of you may have interpreted GT's comments as to disparage
all PNRG-XOR combinations, I hope the above may help.

Graham, you can read up on probabilistic encryption on page 406 of
Schneier.  In fact, it discusses the BBS generator in this context.

Eric





From tcmay at netcom.com  Thu Jul 14 12:10:14 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 14 Jul 94 12:10:14 PDT
Subject: Key length security (calculations!)
In-Reply-To: <1CA23B34695@BlueSky.OpenMind.com>
Message-ID: <199407141909.MAA01482@netcom9.netcom.com>


Doug Cutrells writes:

> Tim Mays writes:

Singular, but no matter.

> >I refer readers to the sci.crypt FAQ, the RSA FAQ, or books such as
> >"Applied Cryptography." (Hint for those who don't want to: one time
> >pads (Vernam ciphers) and things like RSA with 1000-digit moduli.)
> >
> >("Enough effort" can be interpreted in a circular way to ensure the
> >answer is 'Yes," as a truism. This is meaningless, if "enough effort"
> >is impossible to achieve, as with OTPs, or is beyond the energy in the
> >universe. If "enough effort" is interpreted to mean theft or rubber
> >hose crytanalysis, all bets are off. But most people who ask the
> >question I cited don't mean these loopholes.)
> 
> I have seen Tim posting statements to this effect many times, and because
> he is one of the more well respected and listened to voices on the list, I
> feel it important to examine this in some detail.  While I agree that 1000

Before going further, let me emphasize my mention in my section above
of one-time pads, or Vernam ciphers. These are
*information-theoretically secure*, which means that no amount of
computer power can *ever* break them. Period.

(In my characteristic way, I included a sidebar mention of stealing
the key and or using rubber hose cryptanalysis, which some may think
finessed my point about not being able to break OTPs. It does not, as
far as "breaking" the cipher has cryptographic meaning.)

As for RSA, that is only computationally secure, and depends on
advances on factoring, as we all know. Many of us think there will not
be "dramatic" advances in factoring, for various reason, but this of
course cannot be proved (can't prove the nonexistence of some clever
approach, logically). Factoring is suspected to be in the class NP (or
even harder, some suspect), but it has not yet been proved to be so.
If factoring is NP-complete, and if P = NP, then fast factoring
methods may be found (fast = polynomial in length). Crypto books deal
with this issue better than I can here.

> Still sounds pretty safe so far... if it really takes at least 20,000 times
> as long to crack a 1024 bit modulus, then it would still take the 7400 C.E.
> (Cray Equivalent) computer 24 years to crack a 1024 bit number.  BUT, the
> biggest worry is that no one knows how good the NSA's factoring algorithms
> are.  I read recently that the NSA is the world's largest employer of
> mathematicians.  The relative improvement in factoring algorithms since the

Not to attack Doug's point, which has validity here (that we don't
know what factoring advances NSA may have made), but I personally
think the combined capabilities of "public domain mathematicians" are
now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
researchers, publishing many papers a year on these topics. It is
unlikely that some GS-14 mathematicians at the Fort, not able to
publish openly, have made much more progress. I think the resurgence
of crypto in the 70s, triggered by public key methods and fueled by
complexity theory breakthrough, caused a "sea change" in inside
NSA-outside NSA algorithm expertise. 

> So, it seems *possible*, even if by no means probable, that a 1024 bit key
> length is only good for the next decade or so.  My intent is not to foster
> paranoia, but cypherpunks, of all people, should take as critical a view of
> key length security as possible.
> 
> I suggest that people who state that the want 1200 bit or even 2000 bit key
> sizes in PGP be no longer ridiculed... the issue is subjective, as we have
> no way of knowing what the NSA's factoring algorithms are like.

I have never ridiculed them (in fact, I use 1280 bits or somesuch),
and I think the whole recent matter of Phil Zimmermann charging that
"amateur cryptologists" are tainting his reputation and that of PGP to
have some supreme ironies. Seems to me I heard a guy named Bidzos
making the same points.....

(I'm not attacking Phil, just noting the ironies of Phil now
attempting to control the evolution of "his" intellectual property.
The "naming" issue is minor--and that's what digital signatures are
for, anyway.)

A 3000-bit key may very well require more total energy to break than
is available in the universe. Barring P = NP sorts of breakthroughs,
of course. (I did a post on this last week.)

The bottom line is sometimes lost in the debate:

* It is just not true that "any cipher can be broken if the NSA really
wants to." (This was the original point I was responding to.)

* Some ciphers are absolutely unbreakable, and others are effectively
unbreakable, or soon will be. Increased key length is computationally
"cheap" to use, but "expensive" to break. (The current imbroglio about
key lengths of PGP 2.6 is a passing implementation detail, having to
do with how PGP does math. By Version 3.0, speculatively, it will
likely be increased dramatically. No big deal. People should generate
new keys and flush the old ones, anyway.)


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From blancw at microsoft.com  Thu Jul 14 12:37:40 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Thu, 14 Jul 94 12:37:40 PDT
Subject: ID card from hell
Message-ID: <9407141937.AA28303@netmail2.microsoft.com>


From: Timothy C. May

I basically agree with Duncan's noble sentiments. I just don't think
it likely  that the "What about the tourists?" argument will stop the
national ID juggernaut once it begins to move.
..............................................................

And I can imagine be that tourists, especially, would be the special 
focus for ID cards and databases, since they evoke all sorts of fears 
of foreigners - not only the problems which Tim mentioned, but also of 
international crime, espionage, terrorism, etc.

It could easily become very important to establish databases to 
maintain records on people who have ever entered the U.S., so that that 
there would be a reference for any questionable activities requiring 
this kind of info.  I know some of these things are already in 
existence, but not yet like the kind which would be set up if the 
nationalization of IDs became accepted.

And if governments become very concerned about commercial 
protectionism, they might accept the idea of ID cards for control of 
traffic, from their competing national interests.

This is a great interest of mine, regarding the package deals which are 
a part of being an automatic member of a country/political system -  
the national "identity" which makes one subject to whatever system of 
operations the ruling class decides to implement.   If one could make 
oneself "irrelevant" to the location where one was at the time - either 
from having an established residence elsewhere, or from having no 
declared membership/citizenship anywhere, I would think this would 
eliminate some of the regional, political administrations of policy 
which would otherwise apply.  But with IDs and databases and closed 
door protectionist policies, this appears impossible.

I haven't read "The Shockwave Rider", but I shall; hopefully it will 
have imaginative (& realistic) scenarios on these possibilities (many 
sci-fi books are too remotely far off in fantasy-time than realizable 
in a near-future time scale.)

Blanc





From jgostin at eternal.pha.pa.us  Thu Jul 14 12:53:24 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Thu, 14 Jul 94 12:53:24 PDT
Subject: Classified Data on Unclassified machines
Message-ID: <940714142930a2Cjgostin@eternal.pha.pa.us>


snyderra at dunx1.ocs.drexel.edu (Bob Snyder) writes:

> In theory, anyway.  I do know of classified data having been on
> unclassified machines before, generally by accident.  Comes from the fun
> fact that unclassified datum A + unclassified datum B  can = classified
> data C.
     So true! A popular example of this is the following:

Classified Fact:    The Government is funding a new supersonic jet
                    project.
Unclassified Fact:  Boeing was awarded a new contract from the Government.
Unclassified Fact:  Boeing purchased 17.34 tons of titanium alloy.
Unclassified Fact:  Titanium is commonly used in supersonic jets.

.:, the govie awarded Boeing a Supersonic Jet contract.

                                             --jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From frissell at panix.com  Thu Jul 14 13:08:33 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 14 Jul 94 13:08:33 PDT
Subject: ID card from hell
Message-ID: <199407142005.AA22075@panix.com>



>I basically agree with Duncan's noble sentiments. I just don't think
>it likely  that the "What about the tourists?" argument will stop the
>national ID juggernaut once it begins to move.
>

The grim necessity of working for a living precludes a proper answer at this
time.  For now though:

"You can buy heroin in maximum security prisons."  Controls don't always work.

DCF

"Eudora for Windows addict since approximately 9:05 this morning."






From talon57 at well.sf.ca.us  Thu Jul 14 13:30:04 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Thu, 14 Jul 94 13:30:04 PDT
Subject: National I.D. Cards
Message-ID: <199407142029.NAA27017@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----


 It would seem we are missing a point about having National I.D.
cards. The rest of the world seems ready to rush in and adopt some
form of "Clipper" chips to monitor their own citizens. (There doing
it in the U.S.!) Do we really doubt they will adopt "The Card" as
well? (don't leave home without it!)

Step 2: International I.D. Cards......

 Can you say "New World Order?" Sure you can.......




Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLiWevNCcBnAsu2t1AQGhTQP/dOf1vfVoUs2wfXz70lPQ6WkwePzQCUPA
prtlzzhJaJllobpM9cKUDL3x1Zx8BCV9+ebcgaZ62xDDHoGtK6K9l8RAPy/x5m5p
QA+vV3Jgi0qI9UKRx4MOozaH6O2FhU6+4QgfWgE270yd4gv69cRHTEaiSB9Nfd7T
KUvrt0g5b2c=
=3fAd
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Thu Jul 14 13:33:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 14 Jul 94 13:33:34 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <199407142005.AA22075@panix.com>
Message-ID: <199407142033.NAA01489@netcom3.netcom.com>



> >I basically agree with Duncan's noble sentiments. I just don't think
> >it likely  that the "What about the tourists?" argument will stop the
> >national ID juggernaut once it begins to move.
> >
> 
> The grim necessity of working for a living precludes a proper answer at this
> time.  For now though:

Since I no longer work for a living, I can respond now :-}. (I despise
smileys, but one seemed apropos here.)


> "You can buy heroin in maximum security prisons."  Controls don't always work.

Well, of course. But this doesn't make the prospects of "internal
passports" (as I think it was you who dubbed them...or maybe Sandy)
any less likely, or any less worthy of fighting.

While if I were in prison, I might indeed be able to score heroin, a
national ID card tied in to financial transactions, employment,
driver's licenses, etc.,--"once card fits all"--would be incredibly
bothersome and intrusive. And short of "going underground," with all
that that implies, or leaving the country, your words of comfort about
buying heroin in prison would do me little good.

I was mainly saying that the "What about the tourists?" rebuttal is
very weak, and is easily solved. Further, the solution for the tourist
problem is actually one of he main motives for a national ID card:
stopping illegal immigrants by "freezing them out" of routine
economic, school, employment, and other transactions.

Ditto for the point Duncan often raises, presumable semi-ironically.
To wit, answering ID card checkers with a flippant "But I'm an illegal
alien."

"Fine," they will say, "we'll take you down to the Processing Center."

(Yes, I acknowledge that local shopkeepers will not, for example, be
the enforcers....in case Duncan raises the issue of there not being
enough cops to do this work. But it is completely plausible that all
cash register transactions could require presentation of the ID card,
for various reasons (perhaps made more palatable by offering some
rebate on sales taxes paid, or a VAT). Claiming one lacks a proper
card will just result in a "No Sale," just as a refusal to pay the
sales tax usually results in a "No Sale."...don't tell me about how
some merchants will offer to eat the sales tax...try that at Safeway.
(I'm not claiming Duncan will make this argument, just trying to
anticipate the nitpicky wise-ass comments people often make; the fact
is, most people will follow the rules, and if an ID card is made part
of the economic system--as it already is for booze and cigaretters, a
la age credentials--then those without an ID card will be a Real Bad
Situation. Yes, anticipating rebuttals, black markets exist. But few
will argue that buying most items on a black market, complete with
stings, arrests, etc., is a pleasant way to live.)

I for one view this prospect with alarm, and have since I read "1984'
so many years ago, and then read "Shockwave" in 1975.

I don't consider it too soon to think about ways to monkeywrench it.
(And as an EFF member, dues all paid up, I have no hope that EFF or
any of its FLA brethren will oppose this firmly. At the risk of
angering our own John Gilmore, a founder of the EFF, I think EFF
management is so enamored of being inside the Beltway that it will
likely confine its role to providing "input" to the Gorewellian forces
putting this thing together.)

"National ID cards are just the driver's licenses on the Information
Superhighway." 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From venom at kaos.aum.edu  Thu Jul 14 13:55:31 1994
From: venom at kaos.aum.edu (James E. Riggs)
Date: Thu, 14 Jul 94 13:55:31 PDT
Subject: PGP modifications
In-Reply-To: <9407141735.AA11602@fnord.lehman.com>
Message-ID: <Pine.3.89.9407141545.A12778-0100000@kaos>




On Thu, 14 Jul 1994, Rick Busdiecker wrote:

>     From: Jeff Gostin <jgostin at eternal.pha.pa.us>
>     Date: Wed, 13 Jul 1994 23:31:38 EST
> 
>          OTOH, we owe it to him to respect his opinion. If he didn't have the
>     guts to create the tool, this conversation would be moot. I say that we
>     should respect his wishes, and not bastardize PGP, if only not to
>     discourage other people to write "risky" software
> 
> Definitely.  While I don't believe that Phil has legal grounds to make
> Tom stop bastardizing PGP, I think that he has every right to protect
> his reputation and proclaim loudly that he considers Tom's
> modifications snake oil, etc.
> 
> I suspect that most people would respect Phil's wishes in this area,
> but the cat's out of the bag as far as legally enforcing those wishes.
> 
> 			Rick
> 

I must say that I agree here.  I don't think that he can stop him from 
making any modifications to PGP, but I think that he can stop him from 
using the name PGP on it.  I think that he has every right to do this.  
PGP is tied very closely with his reputation and that any modifications 
released under the name PGP should be his and his alone.  

----
<venom at kaos.aum.edu>                :.     .        ,o88o,
   James E. Riggs                  ;;::   ;:.      d888888b
                                  ;;   :,;'  :     8888888B
   Peace:  Live it              ,;;     :;'   :.   `Y8888P'
         or                    ;;;   :   ::.    :.   `""'
     rest in it!             ,;;;   :       :.    :....,,,,,,,,,,
                          ,,;;;            . :.....;;;;;;;;;;;;;;






From perry at imsi.com  Thu Jul 14 14:03:58 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 14 Jul 94 14:03:58 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <199407142033.NAA01489@netcom3.netcom.com>
Message-ID: <9407142100.AA20683@snark.imsi.com>



Timothy C. May says:
> > "You can buy heroin in maximum security prisons."  Controls don't
> > always work.
> 
> Well, of course. But this doesn't make the prospects of "internal
> passports" (as I think it was you who dubbed them...or maybe Sandy)
> any less likely, or any less worthy of fighting.

The following is worth mentioning: market forces will eventually
destroy virtually all controls. However, as the Soviet Union showed,
millions of people can be made miserable or killed in the meanwhile.
The mere fact that internal passports (what the ID cards are, really
-- another friend of mine called them that the minute he heard of
them) would not stop everyone doesn't mean that they couldn't make
almost everyone's life miserable.

Perry





From berzerk at xmission.xmission.com  Thu Jul 14 14:57:18 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Thu, 14 Jul 94 14:57:18 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <199407142033.NAA01489@netcom3.netcom.com>
Message-ID: <Pine.3.89.9407141509.A8374-0100000@xmission>




On Thu, 14 Jul 1994, Timothy C. May wrote:
> rebate on sales taxes paid, or a VAT). Claiming one lacks a proper
> card will just result in a "No Sale," just as a refusal to pay the
> sales tax usually results in a "No Sale."...don't tell me about how
This is, in fact, coded into the health care proposals.  In one 
compromise bill there is a tax of $10 every time you make a healthcare 
transaction where the recordkeeping is not in electronic format.  I might 
note that this was the same as the price of a FFL before they rased it to 
$600 to cope with some lie about a national problem or something.

Roger.





From sdw at lig.net  Thu Jul 14 15:27:01 1994
From: sdw at lig.net (Stephen D. Williams)
Date: Thu, 14 Jul 94 15:27:01 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <9407142100.AA20683@snark.imsi.com>
Message-ID: <m0qOVHb-0009ycC@sdwsys>


...
> The following is worth mentioning: market forces will eventually
> destroy virtually all controls. However, as the Soviet Union showed,
> millions of people can be made miserable or killed in the meanwhile.
> The mere fact that internal passports (what the ID cards are, really
> -- another friend of mine called them that the minute he heard of
> them) would not stop everyone doesn't mean that they couldn't make
> almost everyone's life miserable.
> 
> Perry

Do they realize how difficult it will be to get all the rural people,
little old ladies, etc. to go along with this?

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together
Newbie Notice:                          (Surfer's know the score...)
     I speak for LIGCo., CCI, myself, and no one else, regardless of
     where it is convenient to post from or thru.




From ifarqhar at laurel.ocs.mq.edu.au  Thu Jul 14 15:43:31 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Thu, 14 Jul 94 15:43:31 PDT
Subject: Idle question...
In-Reply-To: <199407141208.IAA09141@crypto.com>
Message-ID: <199407142236.AA20666@laurel.ocs.mq.edu.au>


>>>BTW, the algorithm leaked, it was not reverse engineered.  I do not expect
>>>SKIPJACK to leak, as it's distribution would be VERY limited, even within
>>>the NSA and chip houses.  Even A5 was reputed to be known to only 2 or 3
>>>people within Motorola.

>>How many have access to the masks?

An interesting question.  Presumably the companies are obliged to use
internal security procedures on the masks.  Let's face it: Motorola
manufactures a lot of other chips which contain sensitive implementation
details anyway, so they should be able to insure that the masks stay
relatively private.

You might also like to consider this.  I would expect an average chip
which implements the GSM protocols to contain 100K-500K transistors,
probably as a CMOS gate array with some standard cells.  The A5 cipher could
conservatively implemented in about 500 transistors.  Assuming that
Motorola maintains reasonable control and security over the masks on the
fab line, it is going to be extremely difficult for anyone to recover
the cipher's algorithm.  Besides, have you ever tried to figure out an
algorithm from a gate array?!  Insanity lies down that path. :)

A much more viable technique would be to decap it and use electron
microscopy to recover the algorithm.  Obviously this possibility
was factored into the design of A5.

Matt Blaze wrote:
>According
>to NSA, "part of the algorithm", probably including the configuration
>tables for the S-boxes, is burned in to the chips in the secure
>vault during the classified escrow programming session.  See my
>February comp.risks post, "Notes on Key Escrow Meeting with NSA",
>for more details.  (I think it's available somewhere in the
>ftp.eff.org archive.)

The technology used to implement this is ViaLink (Ref: Computer Design,
Jan 93, pp. 28-30).  It's an antifuse (ie. OC till blown) technology,
which buries an amorphous silicon fuse between two layers of metal.
The cell which forms part of this fuse is known as a VROM cell.
A blown VROM cell is inspectionally identical to an unblown cell (it
is conjectured.)  It is not visually inspectable certainly, and the
blown fuse has the same X-ray diffractive index as an unblown cell.
There are reportedly also procedures used to defeat EM analysis of the
running chip.

The s-boxes would certainly be implemented in VROM cells, and it is
also quite conceivable that these fuse cells are also used as crossbar
connects across busses (thus even hiding the information flow from
module to module).  One suggestion has even been that the implementations
may include unused modules to confuse any inspection, which would be an
amusing diversion.

Anyway, as Matt said, the chip is programmed in the SCIF, during which
time the two keys and unit serial number are also established (in VROM).

Originally this technology was claimed to require a $40 million/6 year
reverse engineering effort.  Recently that seems to have fallen to
$1 million/1 year.  Matt's followup to the post he refers to 
does cast some doubt over the technique's ability to resist destructive 
reverse engineering (in which the chip is not expected to survive).
It is certainly conceivable, for example, that if an attacker was to expose 
the lower-layer conductors, physical connections into and out of the VROM 
cells could determine their state and reconstruct the algorithm.

BTW, this is my current list of known facts and rumors about SKIPJACK
(_not_ Clipper, just the algorithm).  Has anyone got anything to add?

* 64 bit "electronic codebook" block cipher, 80 bit key. (Disclosed)
* Can use all four FIPS-81 modes of operation. (Disclosed)
* 32 rounds.  All rounds non-linear. (Disclosed)
* Not suceptible to differential cryptanalysis. (Claimed in the Interim report)
* Classified "Secret". (Disclosed)
* Part of a NSA suite of "Type 1" algorithms.  Such algorithms are suitable
  "for protecting all levels of classied data."  SKIPJACK, however, is only
  certified for unclassified/sensitive data. (Disclosed)
* Design commenced in 1987, based on algorithms circa 1980 or so. (Disclosed)
* No correlation observable between the output and input/key bits. (Claimed)
* No known weak keys found. (Claimed in interim report)
* SKIPJACK does not feature DES's complementation property. (Interim report)
* SKIPJACK incorporates design features found in algorithms which are
  used to protect classified information. (Interim Report)
* Contains 16 S-boxes (rumor attributed to Dorothy Denning.  Unverified.)

Anyone got anything else to add?

							Ian.




From jim at bilbo.suite.com  Thu Jul 14 16:04:40 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 14 Jul 94 16:04:40 PDT
Subject: INFOBAHN PANEL SEES WORLD THROUGH [..] BLINDERS
Message-ID: <9407142301.AA01696@bilbo.suite.com>




I'd like to correct a misunderstanding.

In the original "INFOBAHN PANEL SEES WORLD..." post I said that the ILA  
report was included in a fax from the Center for Strategic and  
International Studies (CSIS).  First, I was not an original recipient of  
the fax.  I obtained the fax (and ILA report) via a forwarded e-mail  
message so I can't say for sure that the original CSIS fax included the  
copyrighted ILA report.  I originally thought the ILA report was part of  
the fax.  I now suspect the ILA report was not sent with the CSIS fax but  
instead was placed in the forwarded e-mail message by one of the multiple  
forwarders.

Just felt like clearing that up.  Nobody at CSIS is demanding an apology  
or anything like that.

Ok.  Onward.

The reason I posted the ILA report:

I fear that the desire to minimize electronic copyright violations will  
give corporations an incentive to work with government to devise methods  
to "control" the content of the Infobahn.  Now, I don't believe they could  
ever completely succeed at controlling the content of the Infobahn, but I  
do believe they sure as hell will try.

Do you really think the politicians of the world will just sit back and  
say "Well, we really can't prevent electronic copyright violations, so we  
wont even try"?  More likely they will try many different things.

I'm hoping the ILA report will prompt a discussion of the possible  
approaches the government may take to control the content of the Infobahn,  
and the side affects of said approaches.

Jim_Miller at suite.com







From rfb at lehman.com  Thu Jul 14 17:18:53 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 14 Jul 94 17:18:53 PDT
Subject: PGP modifications
In-Reply-To: <Pine.3.89.9407141545.A12778-0100000@kaos>
Message-ID: <9407150017.AA19662@fnord.lehman.com>


-----BEGIN PGP SIGNED MESSAGE-----

    Date: Thu, 14 Jul 1994 15:52:54 -0500 (CDT)
    From: "James E. Riggs" <venom at kaos.aum.edu>
    
    I don't think that he can stop him from making any modifications
    to PGP, but I think that he can stop him from using the name PGP
    on it.  I think that he has every right to do this.

Well, perhaps every right except for a legal right.

Of course, as I mentioned somewhat obtusely earlier, there's no
precedent to work from, but (a version of) PGP was released under the
terms of the GPL.  Not "everything but the name of PGP" or "just the
code of PGP".  PGP is GPLed and Tom is legally free to bastardize it
and continue to call it PGP based on the GPL.

FWIW, the guy who developed the GPL believes that people who have
taken GNU Emacs and done things to it which are unacceptable to him --
the the schism -- are completely free to use the name GNU Emacs.
Because they are derivative works of GNU Emacs and GNU Emacs is GPLed,
they are in his words "by definition" GNU Emacs.

Tom's bastardization is similarly "by definition" PGP.  It's
intentional anarchy and I think that it's a Good Thing, despite the
fact I support Phil's right to call it snake oil (and I tend to agree
with him).

			Rick

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiXVrZNR+/jb2ZlNAQFkvAQAsWhP27vQxhgd5aK4WdWToOO1yftyyZ6S
EYCabqSKHfz4tZY046wnM0L08YbH5C9rttGtW7Vk44ehv96jmI7yJiAZTrT03jiE
J1xi+m7Gx+i0zWbEW+k1/bTA6IWQsNaptgEOE9sJtacnvBnMXbkTb9TGuhckMMES
JrxMBzMb5wo=
=iK3G
-----END PGP SIGNATURE-----





From kentborg at world.std.com  Thu Jul 14 17:56:51 1994
From: kentborg at world.std.com (Kent Borg)
Date: Thu, 14 Jul 94 17:56:51 PDT
Subject: ID card from hell
Message-ID: <199407150056.AA19961@world.std.com>


frissell at panix.com writes:
>"You can buy heroin in maximum security prisons."  

What a bizarre world!  

I have no interest in buying heroin and don't expect to go to prison
anytime soon, yet this is somehow the nicest realization I have had in
a long time.

Thank you, Duncan.


-kb, the Kent who insists upon having hope


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Thu Jul 14 19:17:18 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 14 Jul 94 19:17:18 PDT
Subject: National ID cards are just the driver's licenses...
In-Reply-To: <9407142100.AA20683@snark.imsi.com>
Message-ID: <199407150217.TAA06839@netcom5.netcom.com>



> The following is worth mentioning: market forces will eventually
> destroy virtually all controls. However, as the Soviet Union showed,
> millions of people can be made miserable or killed in the meanwhile.
> The mere fact that internal passports (what the ID cards are, really
> -- another friend of mine called them that the minute he heard of
> them) would not stop everyone doesn't mean that they couldn't make
> almost everyone's life miserable.
> 
> Perry

Perry makes my point well. That some people will be able to skirt the
system, or that the system will ultimately be unenforceable, does not
lessen my concerns.

My assets are not well hidden--which makes it very tough for me to
adopt a low-profile, tax-avoiding, ID card-skirting lifestyle. (As to
why my assets are not well hidden, hiding assets is harder than you
think, despite what some here on this list may claim.)

To tie this in with the title I picked for this thread, about national
ID cards being the driver's licenses for the Infobahn, let's consider
that for a moment.

- Imagine that vehicle registrations require presentation of this card
(gotta get those illegals out of their cars, or, more benignly, the
bureaucracy simply makes the ID cars part of their process).

- Instantly this makes those who refuse to get an ID card unable to
get valid license tags. (Enforcement is already pretty good....I was
pulled over a couple of times for either forgetting to put my new
stickers on, or for driving with Oregon expired tags.)

- Now I suspect my friend Duncan will mention that one can--and
should--lease one's car from one's Nevada-based tax shelter company.
Perhaps. But I again claim that this is much easier said than actually
done.

(I hear these proposals and think of all the detailed arguments about
how income taxes are invalid becuase Ohio incorrectly ratified the
XXth Amendment, or somesuch. All very logical, but it doesn't work.)

Anyway, I see the imposition of internal passports--with a name chosen
for easiest acceptance, probably something like "Social Benefits
Card"--as very likely and not easily avoided. Just the tying of such
cards to driving would be devastatingly effective.

Ditto for travel. And commerce.

Let's not forget that Nickie Halflinger was able to bypass the
Surveillance State because he was one of the guys who wrote the
system! The rest of us will be mostly unable to skirt the system.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tc at phantom.com  Thu Jul 14 19:42:46 1994
From: tc at phantom.com (Dave Banisar)
Date: Thu, 14 Jul 94 19:42:46 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <m0qOVHb-0009ycC@sdwsys>
Message-ID: <Pine.3.89.9407142237.A17803-0100000@mindvox>



On Thu, 14 Jul 1994, Stephen D. Williams wrote:

> ...
> 
> Do they realize how difficult it will be to get all the rural people,
> little old ladies, etc. to go along with this?
> 

Assuming that this becomes mandatory for all transactions that involve the
govt, most little old ladies would have to go along if they wanted their
medicare and social security checks. I dont see a huge liklihood of
most people wanting to give up those (or even being able to afford to).

Dave






From tc at phantom.com  Thu Jul 14 19:57:20 1994
From: tc at phantom.com (Dave Banisar)
Date: Thu, 14 Jul 94 19:57:20 PDT
Subject: New version of Digital Telephony Bill?
In-Reply-To: <9407132131.AA05989@bilbo.suite.com>
Message-ID: <Pine.3.89.9407142240.B17803-0100000@mindvox>


On Wed, 13 Jul 1994, Jim Miller wrote:

> 
> 
> In the latest Wired issue (2.08) there is a small blurb about a new  
> version of the Digital Telephony Bill that the FBI has presented.   
> According to the blurb, a couple of Senators has expressed a willingness  
> to sponsor this new version.  Anybody have any more info on this?
> 
> Jim_Miller at suite.com
> 

The FBI submitted a bill to Congress in March at the time of the Freeh
testimony. That draft was rejected by the Congress but at the same time
Sen. Biden has told the FBI that he would introduce a bill for them.

A working group of hill staffers  from relevant Congressmen and Senators
has been working on an "acceptable" bill to industry and the FBI. 
Industry's position has been led by the  Digital
Privacy and Security Working Group. For some strange reason,
privacy and consumer advocates usch as ourselves, the US Privacy Council, 
Public Citizen, PIRG, Consumers Union etc.who are still demanding 
that the FBI give us a serious rationalle for this substantial change
in the law  have  been left out of 
this deal-cutting frenzy. We have also been repeatly turned down from 
obtaining a copy of the draft legislation. What little we have learned is 
that there will still be a legislative mandate that surveillance 
capability will be built in will remain. Control will be placed in the 
hands of the attorney general, the FCC and the courts.

A meeting was scheduled for last tue, the 12th, to determine if a
good deal had been cut. So far, no word. We expect that if a dela was 
cut, official legislation will be introduced shortly after the Supreme 
Court confirmation hearings are complete

The moral of this story? Those that really believe that industry and 
their proxies will protect their privacy - I have a bridge for you
to buy. Cheap. And dont forget that its an election year.


Dave Banisar
EPIC






From DAVESPARKS at delphi.com  Thu Jul 14 22:27:35 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Thu, 14 Jul 94 22:27:35 PDT
Subject: Triple encryption...
Message-ID: <01HEPTT89VZI9I5RDS@delphi.com>


Carl Ellison (cme at tis.com) wrote:

> have you considered
>
>        des | tran | des | tran | des ?

That one's sort of your "trademark", isn't it? <g>  (TRAN is really
clever, BTW.)  One scheme that seems to make even more sense, though, is:

         des | tran | IDEA | tran | des

You get the benefits of 112 bits worth of DES keyspace along with 128 bits
of IDEA keyspace, and thus don't stake your total security on the strength
of EITHER algorithm.  Other than making the code bulkier by requiring the
inclusion of code for TWO crypto algorithms, and 64 bits of extra key
material, what other drawbacks would there be to such a scheme (in a
NON-commercial setting where licensing of the patented IDEA is not an
issue)?  If IDEA turns out to not be as secure as we've been led to believe,
at least it, sandwiched between two layers of TRAN shuffling, should at least
slow down a meet-in-the-middle attack on the remaining two layers of DES.

As I recall, last time we discussed this over on sci.crypt you also
advocated an additional step of "PRNGXOR".  Is that still the case?  Have
you had the opportunity to read the Eurocrypt '94 paper by Eli Biham on
triple DES modes, yet?

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From nobody at shell.portal.com  Thu Jul 14 22:39:24 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 14 Jul 94 22:39:24 PDT
Subject: PGP bastardization
Message-ID: <199407150540.WAA12162@jobe.shell.portal.com>


> You may be correct in that Phil Zimmermann has no legal
> recourse, but I counldn't say for sure.  I am more concerned
> with the ethical issues.  What have you called your new
> super-duper pgp?  If you make it abundantly clear that it is
> *your* hack of pgp, and not supported in any way by RSA, MIT, or
> prz, I personally wouldn't have a problem with it.

Isn't it ironic, though, that Phil Zimmerman was the victim of a 
similar accusation by PKP/RSA -- "pirating" code?  IMHO, that's 
also who the person who released this new version really needs to 
worry about.  If they modified PGP 2.3a code, then they're in the 
same boat as PRZ if they distribute it.  The GPL only covers 
PRZ's (and Colin Plumb's) code, not the RSA routines.  Also, I 
wonder whether the RSAREF license on 2.6 is valid for modified 
versions?

Geeez!  If it's just the name, then call this newest version 
"TAP" for "Totally Awesome Privacy", or something similar.  Just 
so the "look and feel" are the same.  Nothing would stop the end 
user from renaming it from TAP.EXE to PGP.EXE, of course... <g>

I can sympathize with PRZ in wanting to protect his "baby" from 
the hackings of "unwashed Philistines" or whatever, but had he 
taken that attitude regarding the original RSA code, PGP might 
never have come about.





From jamesd at netcom.com  Thu Jul 14 22:44:14 1994
From: jamesd at netcom.com (James A. Donald)
Date: Thu, 14 Jul 94 22:44:14 PDT
Subject: Key length security (calculations!)
In-Reply-To: <199407141909.MAA01482@netcom9.netcom.com>
Message-ID: <199407150536.WAA26322@netcom8.netcom.com>


Timothy C. May writes
> Factoring is suspected to be in the class NP (or
> even harder, some suspect), but it has not yet been proved to be so.

Those who have studied the matter generally believe that factoring
is NP, but is not NP complete.

Factoring cannot be "even harder than NP" since a simple minded
brute force attack is 2^(n/2), which is only NP

As Timothy May points out, if factoring is NP, then modest increases
in key length can easily defeat enormous improvements in factoring.


> ... if P = NP, then fast factoring
> methods may be found (fast = polynomial in length). 

In the highly unlikely event that P = NP then we have also solved, as
an almost trivial special case, the problems of true artificial
intelligence, artificial consciousness, and artificial perception,
and the failure of one particular form of crypto will not be noticed
in the midst of such radical changes.

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From solman at MIT.EDU  Thu Jul 14 23:45:54 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 14 Jul 94 23:45:54 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407141343.AA17589@snark.imsi.com>
Message-ID: <9407150645.AA13763@ua.MIT.EDU>


> 
> solman at mit.edu says:
> > Why do people do triple DES and *shudder* triple IDEA
> > instead of doing some form of non-redundant secret splitting
> > and then encrypting with multiple keys.
> 
> Because people like algorithms that work quickly and don't expand
> their data by a factor of two or three. As I've noted before, in spite
> of protestations, the evidence is good that splitting and encryption
> doesn't by you much over simple superencipherment.

Although I mentioned "true" secret splitting at the end of my post, I was
refering to non-redundant secret splitting in most of the post. That is,
for each 128 bit block, you split it into two 64 bit blocks. Obviously you
have to make sure that in the inverse of the split, each bit of the 128 is
dependent on multiple bits in both 64 bit parts.

This is obviously not as secure as traditional secret splitting, but you
don't need it to be because this isn't a threshold scheme. You just need
to guarantee that knowing one half does not allow you to reassemble the
other half. I am claiming that you can allow the crypt analyst to remove
half of the entropy from the plaintext (did I phrase that right? probably
not :( ) and the other half will still require successful cryptanalysis
of DES and since you can't tell if you're right until you get both halves,
meet in the middle does not work.

So, is a secret splitting algorithm that does NOT increase redundancy
followed by DES with different keys on both halves as secure as triple
DES? I believe so, but I would like your opinions on the issue before
I consider implementing this. If it works it would be especially nice
because it allows arbitrary extension of keysize without substantially
increasing the time required for computation.

I have a hunch that if I'm wrong, its because the time required to do secure
non-redundant secret splitting is as large as the time I'm saving.

JWS





From solman at MIT.EDU  Fri Jul 15 00:27:06 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 15 Jul 94 00:27:06 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407141449.AA19157@tis.com>
Message-ID: <9407150726.AA13887@ua.MIT.EDU>


> have you considered
> 
> 	des | tran | des | tran | des ?

My point is that you can get the same level of
security with much less effort/computation.

BTW, am I incorrect in my belief that the additional
security provided by the 32 bit shifting TRAN operation
suggested for the 3DEA hardly provides any additional
security? (i.e. if they could break 3 IDEA operations
or 3 DES operations, they can break them with
32 bit shifting TRAN operations interleaved in just
about the same amount of time.) It looks like it would
make meet-in-the middle attacks take up substantially
more memory and make identifying successful decryptions
slightly more difficult, but for security against nearly
brute force there isn't much difference between
2^(47) and 2^(47.2) operations. 

JWS





From solman at MIT.EDU  Fri Jul 15 00:29:01 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 15 Jul 94 00:29:01 PDT
Subject: Key length security (calculations!)
In-Reply-To: <199407141909.MAA01482@netcom9.netcom.com>
Message-ID: <9407150728.AA13904@ua.MIT.EDU>


> > Still sounds pretty safe so far... if it really takes at least 20,000 times
> > as long to crack a 1024 bit modulus, then it would still take the 7400 C.E.
> > (Cray Equivalent) computer 24 years to crack a 1024 bit number.  BUT, the
> > biggest worry is that no one knows how good the NSA's factoring algorithms
> > are.  I read recently that the NSA is the world's largest employer of
> > mathematicians.  The relative improvement in factoring algorithms since the
> 
> Not to attack Doug's point, which has validity here (that we don't
> know what factoring advances NSA may have made), but I personally
> think the combined capabilities of "public domain mathematicians" are
> now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
> Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
> researchers, publishing many papers a year on these topics. It is
> unlikely that some GS-14 mathematicians at the Fort, not able to
> publish openly, have made much more progress. I think the resurgence
> of crypto in the 70s, triggered by public key methods and fueled by
> complexity theory breakthrough, caused a "sea change" in inside
> NSA-outside NSA algorithm expertise.

I disagree with this, and I would site as a case and point the fact
that differential cryptanalytic attacks were not "discovered" until
1990 while a relatively small team of IBM cryptologists had it back
in 1974 when they made DES. NSA apparently had it before then.
This is why I would rather find a fast secure mulitple DES method
based on spliting and not have to use IDEA which us so new. Before I
was born, NSA knew all of these things which were not figured out
by the academic community until this decade. (of course they could
also know of some sort of back door, but I think that the fact that
NSA knew of differential cryptography and let an algorithm immune to
it pass while they lowered the key size says something about DES's
security against attacks the academic community hasn't figured out yet.

The bottom line is that NSA has demonstrated that they can outperform
academia without public reviews of their method (LEAFs aside for the
moment [government agencies are after all required to do several stupid
things each year])

Cheers,

JWS






From solman at MIT.EDU  Fri Jul 15 00:29:12 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 15 Jul 94 00:29:12 PDT
Subject: Probabilistic Encryption
In-Reply-To: <9407141627.AA17963@snark.imsi.com>
Message-ID: <9407150728.AA13894@ua.MIT.EDU>


> Graham Toal says:
> >>> How secure do you guys think Probabilistic encryption using a BBS
> >>> generator is? It looks like its every bit as good for key
> >>> exchanges as RSA and somewhat better because of its speed.

> >> The technique you mention is not one I've heard of. What is a BBS
> >> generator? Could you please explain?

> > BBS is Blum-Blum-Shub, a cryptographically strong RNG I believe.

> Ah, the Blum-Blum-Shub generator is familiar to me. However, how can
> you possibly use this for key exchange?

> > How he plans using this in some way to get the effect of an RSA
> > public key system I have no idea.  I hope we're not about to get the
> > usual kiddy PRNG exor encryption lecture.

> Ditto.

Well it is based on a PRNG exor, but the hardness of the encryption is
based on the hardness of factoring the modulus used in the BBS RNG so I
don't think you need to give me a "kiddy" lecture. (And I'm not using it
for authentication, something which I belive is necessarily weak in any
cypher being encrypted and decrypted via exor)

I first saw a useful version of this in Schneier although I had previously
seen versions that generated ciphers twice as large as the plaintext (which
are uninteresting to me since I'm working ona VERY bandwidth conscious 
application).

Here is how it works:

First, choose two large prime numbers that are one less than a multiple of
four. Since the security of this algorithm is based on the difficulty of
factoring, I guess hard primes would be nice but I don't know if it really
matters.

Next choose a random number. Since you only need one random number, you
probably don't need it to be very secure, but just in case its a good
idea.

In each iteration of a BBS you modify the seed by the following operation:
seed(new) = (seed(old))^2 mod n [n is the product of your primes].

Throw your seed in there, if you question its security iterate it once
before using any numbers.

If your seed has 2^n bits, the lowest n bits will be randomly generated
bits that are sufficiently secure for any cryptographics application you
can think off. Exor the the stream of random bits with the stream of
plaintext and append the final seed and you get your cyphertext.

NOW, in order to remove the cypher, you need to figure out what the initial
seed was. For a BBS generator, the only way you can do that is by factoring
the modulus. The private key then, is the two factors. The public key is the 
modulus n. Clearly you can't authenticate by this, but there are much better 
algorithms for that anyway. What this provides is a public key system based
on the hardness of factoring that is faster than RSA and apparently not
covered by the RSA patent. (although I've asked for opinions on this last
point in another post)

I really believe that this is secure, but I wanted opinions before I
implemented it as the algorithm users can use when they want to say
"screw you RSADSI".

Cheers,

Jason W. Solinsky





From dcwill at ee.unr.edu  Fri Jul 15 01:24:14 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Fri, 15 Jul 94 01:24:14 PDT
Subject: Where do Extropians live?
Message-ID: <9407150721.AA24496@solstice>



I'd appreciate a pointer to the extropians-request address (email
or post at your discretion). TIA.

=D.C. Williams
 dcwill at ee.unr.edu






From rjc at gnu.ai.mit.edu  Fri Jul 15 02:03:24 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Fri, 15 Jul 94 02:03:24 PDT
Subject: Key length security (calculations!)
In-Reply-To: <199407150843.EAA23914@umbc9.umbc.edu>
Message-ID: <9407150903.AA18447@geech.gnu.ai.mit.edu>


James Donald writes:
> Timothy C. May writes
> > ... if P = NP, then fast factoring
> > methods may be found (fast = polynomial in length). 
> 
> In the highly unlikely event that P = NP then we have also solved, as
> an almost trivial special case, the problems of true artificial
> intelligence, artificial consciousness, and artificial perception,
> and the failure of one particular form of crypto will not be noticed
> in the midst of such radical changes.

  When was AI proved NP? AFAIK, definitions of intelligence
and consciousness aren't even generally agreed on. Consciousness
especially.  Any citations on this claim? The only place I've
heard this before was your claim on the Extropians list last year that
AI required solving NP problems (and that a good answer would not
work), therefore classical computers couldn't do it, but quantum
computers could, and therefore the mind is based on quantum mechanics
and AI won't work.






From crame001 at hio.tem.nhl.nl  Fri Jul 15 02:20:58 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Fri, 15 Jul 94 02:20:58 PDT
Subject: Announcement: PGS v0.99d
Message-ID: <9407151011.AA00267@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----

Ok, I know that v0.99c was just released a week ago... But hey,

We had some spare time before our hollidays so we fixed some stuff
and here is the result: PGS v0.99d.

This version will be able to read the keysize of all keys. And gives a
nice statement in the information window that we CAN'T build the fingerprint
of keys that have been generated using a non-default exponent size. So,
no trash fingerprints anymore I hope...

Because v0.99c was just released a week ago I kept the 099c.new file in
the archive so you can still check out what's new there...

PGS v0.99d can be found right now at:
wuarchive.wustl.edu (128.252.135.4):/pub/msdos_uploads/pgs/pgs099d.zip

And at the beginning of next week at:
oak.oakland.edu (141.210.10.117):/SimTel/security/pgs099d.zip

- -- 

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
- --------------------------------------------------
- -- 

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
- --------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiZgwYDAdPKe9hHLAQHymAP+Ieil7M7It18ItDYUI/odC3eU45HB3Tnk
F8c7KlhTvaTCmHeeeVglm6CvFq40M1rCdBgDhB3LVLLGbCg2SKEVcJDextWw1aLN
DoEiu05Kxkk17AE0Txo2Lp6DqyIrMmnYoyHvqCLEsU/h7heVADZhepKeV89zf+qQ
x84ZTQ1m8d0=
=sAKM
-----END PGP SIGNATURE-----




From rfb at lehman.com  Fri Jul 15 03:41:26 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Fri, 15 Jul 94 03:41:26 PDT
Subject: PGP bastardization
In-Reply-To: <199407150540.WAA12162@jobe.shell.portal.com>
Message-ID: <9407151040.AA01890@fnord.lehman.com>


-----BEGIN PGP SIGNED MESSAGE-----

    Date: Thu, 14 Jul 1994 22:40:42 -0700
    From: nobody at shell.portal.com
    
    Geeez!  If it's just the name, then call this newest version 
    "TAP" for "Totally Awesome Privacy", or something similar.

I've been sending a cousin-in-law some information on privacy issues
and the net.  She's works in a policy office in DC and she's currently
working on a series of monographs relating to such things.  Among this
stuff has been, of course, information on PGP.  Apparently, her boss
asked something along the lines of `If it's so good, why is it only
Pretty Good Privacy' -- he apparently has a general problem of taking
things very literally.

He also apparently won't let employees take disks home because they
might infect them with viruses and them bring them back in.  Of
course, he doesn't stop them from bringing in disks that *weren't*
originally taken home from the office . . . .

			Rick

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiZniJNR+/jb2ZlNAQFjigQAxJoRdb5l2HV1JViftzKUxatVzgnd78h4
HgGvCBhygTlWU8B393JXNe6tKO2MLxjsZevythY2s+hVnPOG4rpc6s+KI4SScdbi
ls60W/XHPP1HMank0A+GlyLzvpn/TzuW3f03818OS9JdlDfRM1CFs4eLKDCEWyNO
ryj+1xDMLCE=
=qMzu
-----END PGP SIGNATURE-----





From frissell at panix.com  Fri Jul 15 04:35:29 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 04:35:29 PDT
Subject: Key length security (calculations!)
Message-ID: <199407151135.AA04051@panix.com>


At 03:28 AM 7/15/94 EDT, solman at MIT.EDU wrote:

>The bottom line is that NSA has demonstrated that they can outperform
>academia without public reviews of their method (LEAFs aside for the
>moment [government agencies are after all required to do several stupid
>things each year])
>

That is, they were able to out-perform the private sector when there was no
economic value in cryptography so no one (save them) had any incentive to
practice it.  Since crypto gained enormous economic value (for compression
and general bit manipulation as well as system security) they are unlikely
to be able to keep up.  Note the Market vs the Feds in electronics.  They
tend to buy most of their stuff from us these days.

DCF






From frissell at panix.com  Fri Jul 15 04:35:29 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 04:35:29 PDT
Subject: National ID cards are just the driver's licenses on the Information
Message-ID: <199407151135.AA04080@panix.com>


At 05:00 PM 7/14/94 -0400, Perry E. Metzger wrote:

>The following is worth mentioning: market forces will eventually
>destroy virtually all controls. However, as the Soviet Union showed,
>millions of people can be made miserable or killed in the meanwhile.

>Perry
>

Actually, in the G-7 countries, the rulers are in a more exposed and
vulnerable position than the ruled.  They are juicy opposition targets,
while we can slip (and SLIP) through the cracks.  They can't.  They must by
their nature be exposed.

DCF

"The Market *is* the river."
                        -- New Taoism for a New Age






From perry at imsi.com  Fri Jul 15 06:40:57 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 15 Jul 94 06:40:57 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <199407151135.AA04080@panix.com>
Message-ID: <9407151340.AA21611@snark.imsi.com>



Duncan Frissell says:
> Actually, in the G-7 countries, the rulers are in a more exposed and
> vulnerable position than the ruled.  They are juicy opposition targets,
> while we can slip (and SLIP) through the cracks.  They can't.  They must by
> their nature be exposed.

I'm optimistic only because we are deliberately opposing things. I'm
far from convinced that they are vulnerable on their own.

Perry





From perry at imsi.com  Fri Jul 15 06:45:36 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 15 Jul 94 06:45:36 PDT
Subject: Where do Extropians live?
In-Reply-To: <9407150721.AA24496@solstice>
Message-ID: <9407151341.AA21623@snark.imsi.com>



"D.C. Williams" says:
> I'd appreciate a pointer to the extropians-request address (email
> or post at your discretion). TIA.

extropians-request at extropy.org

.pm





From lstanton at sten.lehman.com  Fri Jul 15 07:36:31 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Fri, 15 Jul 94 07:36:31 PDT
Subject: National I.D. Cards
In-Reply-To: <199407142029.NAA27017@well.sf.ca.us>
Message-ID: <9407151437.AA01228@sten.lehman.com>


Brian D Williams <talon57 at well.sf.ca.us>:
  > Step 2: International I.D. Cards......
  > 
  >  Can you say "New World Order?" Sure you can.......

I don't think so, at least not easily. I think that most countries,
while they want to keep track of citizens/subjects, do not want other
countries to have such simple access to their data.

This is one area where the spooks are on our side.




From lstanton at sten.lehman.com  Fri Jul 15 07:44:58 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Fri, 15 Jul 94 07:44:58 PDT
Subject: National ID cards are just the driver's licenses on the Information
In-Reply-To: <199407142033.NAA01489@netcom3.netcom.com>
Message-ID: <9407151446.AA01566@sten.lehman.com>


tcmay at netcom.com (Timothy C. May) <199407142033.NAA01489 at netcom3.netcom.com> writes:
  > (And as an EFF member, dues all paid up, I have no hope that EFF or
  > any of its FLA brethren will oppose this firmly. At the risk of
  > angering our own John Gilmore, a founder of the EFF, I think EFF
  > management is so enamored of being inside the Beltway that it will
  > likely confine its role to providing "input" to the Gorewellian forces
  > putting this thing together.)

This may be an area where CPSR does a better job than EFF. CPSR has a
pretty good record on these topics, and seems less caught up in the
'but these guys are my friends' philosophy of EFF.

At the risk of reopening a very old thread, it is an unfortunate fact
that, in this country, these proposals are not getting the widespread
opposition that they would if they were introduced by Republicans.




From ravage at bga.com  Fri Jul 15 07:47:32 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 15 Jul 94 07:47:32 PDT
Subject: National ID Card Info Request...
Message-ID: <199407151447.JAA28327@zoom.bga.com>


Hi All,

Several of my more politicaly active friends are interested in starting a 
lobby group (if feasible) in the ctl. Texas area on this issue. I wandered
all over WWW, gopher, etc. last evening trying to find the specific bill
which covers this. I found *lots* of references to comprehensive plastic
data-cards and smart cards. 

I would appreciate some kind sould e-mailing me the bill name which has
this in it. 

Take care.






From sandfort at crl.com  Fri Jul 15 08:42:03 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 15 Jul 94 08:42:03 PDT
Subject: National ID cards are just the driver's licenses...
In-Reply-To: <199407150217.TAA06839@netcom5.netcom.com>
Message-ID: <Pine.3.87.9407150857.A14358-0100000@crl.crl.com>


C'punks,

On Thu, 14 Jul 1994, Timothy C. May wrote:

> . . . As to why my assets are not well hidden, hiding assets is harder
> than you think, despite what some here on this list may claim. . . .

> - Now I suspect my friend Duncan will mention that one can--and
> should--lease one's car from one's Nevada-based tax shelter company.
> Perhaps. But I again claim that this is much easier said than actually
> done.
> 
> (I hear these proposals and think of all the detailed arguments about
> how income taxes are invalid becuase Ohio incorrectly ratified the
> XXth Amendment, or somesuch. All very logical, but it doesn't work.)

The error in Tim's analogy between his income tax example standard 
privacy techniques is that the techniques have already passed the test of 
time.  They aren't theoretical; people have used them for years.  Tim's 
claim that "this is much easier said than actually done" only indicates 
that Tim either has never tried to do it, or did it poorly.  I've seen it 
done--year in and year out.  It's real, folks.

Over the period I've been on this list, I've seen the  optimism of 
various Cypherpunks wax and wane.  Normally, I greatly respect Tim's 
opinions.  Today, though, I think Tim is reflecting an emotional response 
more than a factual one.

I, and I'm sure Duncan, would be more than happy to discuss the subject 
with anyone on the list who is interested.  Let's do it offline, though, 
unless there is a strong crypto tie-in.


 S a n d y








From frissell at panix.com  Fri Jul 15 10:01:57 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 10:01:57 PDT
Subject: National ID Card Info Request...
Message-ID: <199407151701.AA09163@panix.com>


At 09:47 AM 7/15/94 -0500, Jim choate wrote:

>I would appreciate some kind sould e-mailing me the bill name which has
>this in it. 
>
>Take care.

There is no bill as far as I know.  At least not one very far along in the
legislative process.  Of course, the Health Security Act does include
mandatory Worker's ID cards (your employer needs one to sign you up with
your Health Alliance).  

DCF

"The Health Security Act - the most expensive government program in the
history of mankind:

$1,000,000,000,000/year in total government spending
$600,000,000,000/year in *new* government spending (& taxes)"






From frissell at panix.com  Fri Jul 15 10:02:48 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 10:02:48 PDT
Subject: National ID cards are just the driver's licenses...
Message-ID: <199407151701.AA09132@panix.com>


At 08:19 AM 7/15/94 -0700, Sandy Sandfort wrote:

>Over the period I've been on this list, I've seen the  optimism of 
>various Cypherpunks wax and wane.  Normally, I greatly respect Tim's 
>opinions.  Today, though, I think Tim is reflecting an emotional response 
>more than a factual one.

>
> S a n d y
>
>

Maybe Tim needs to leave the People's Republic of Kalifornia and go into
"internal exile" in one of the United States which is less invasive.

DCF

"Haven't read much SF since I found the Net since it seems 'wrong' now.
Left with military SF usually sited in 'other places/other times' where the
lack of the Net doesn't interfere with enjoyment.  Just finished "Guns of
the South" by Harry Turtledove.  Usual Lee vs Grant in the Battle of the
Wilderness with AK-47s.  Even if you don't like the Second American
Revolution (Civil War) or military SF, a hell of a story.  Every character
in it (save those from 2014) is a historical character.  Look for the cover
art of Lee with an AK-47."






From cme at tis.com  Fri Jul 15 10:30:28 1994
From: cme at tis.com (Carl Ellison)
Date: Fri, 15 Jul 94 10:30:28 PDT
Subject: Triple encryption...
In-Reply-To: <01HEPTT89VZI9I5RDS@delphi.com>
Message-ID: <9407151730.AA19916@tis.com>


>Date: Fri, 15 Jul 1994 01:14:52 -0400 (EDT)
>From: DAVESPARKS at delphi.com
>Subject: Re: Triple encryption...

>Carl Ellison (cme at tis.com) wrote:
>
>> have you considered
>>
>>        des | tran | des | tran | des ?
>
>That one's sort of your "trademark", isn't it? <g> 

yup :-)

>clever, BTW.)  One scheme that seems to make even more sense, though, is:
>
>         des | tran | IDEA | tran | des
>
>You get the benefits of 112 bits worth of DES keyspace along with 128 bits
>of IDEA keyspace, and thus don't stake your total security on the strength
>of EITHER algorithm.

good, too.  Of course, it leaves open the question of which should be
inside and which outside.

I'd be most concerned about any ciphertext-only attack which is improved by
having purely random bits as input.  Whichever algorithm is more resistant
to such an attack should be on the outside.  (No, I'm not aware of such an
attack, yet....)


>As I recall, last time we discussed this over on sci.crypt you also
>advocated an additional step of "PRNGXOR".  Is that still the case?  Have
>you had the opportunity to read the Eurocrypt '94 paper by Eli Biham on
>triple DES modes, yet?

Yes, it's in response to Eli's paper that I advocated prngxor, as in:


         des | prngxor | tran | des | tran | des

with the DES instances in ECB mode (in acknowledgement of Eli's attack).
The prngxor destroys any patterns from the input, which was the purpose of
CBC, without using the feedback path which Eli exploited.

	 - Carl

p.s.  tran.shar is available at ftp.std.com:/pub/cme






From gtoal at an-teallach.com  Fri Jul 15 10:42:05 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 15 Jul 94 10:42:05 PDT
Subject: National ID cards are just the driver's licenses...
Message-ID: <199407151741.SAA21412@an-teallach.com>


: I, and I'm sure Duncan, would be more than happy to discuss the subject 
: with anyone on the list who is interested.  Let's do it offline, though, 
: unless there is a strong crypto tie-in.

Sandy,

I'd love to take part in a list for discussing practical ways of
assuring privacy.  I've been doing it myself for years.  How about
asking Robert Hayden to start up a specific mailing list for it?
(Some name like 'obfusc', for obfuscating database entries etc...?)
- description: 'discussions of practical real-life ways of improving
personal privacy.'

Also, you tend to mention things in dribs and drabs... in fact, didn't
you do a sort of mini privacy-101 some years ago by posting little
snippets of advice in your .sig file every post?  Do you have
any collected files with _lots_ of this stuff in it already that we
could read?

G
PS Robert, did you say you could run anonymous mailing lists or was
that someone else?  This might be a good list to kick off as an
anon list, just on principle...





From cme at tis.com  Fri Jul 15 10:49:32 1994
From: cme at tis.com (Carl Ellison)
Date: Fri, 15 Jul 94 10:49:32 PDT
Subject: tran.shar
Message-ID: <9407151749.AA23450@tis.com>


BTW, it *was* at ftp.std.com -- but now I have it here, to e-mail to
people who ask for it.  (Sorry for the multiple messages.)

 - Carl





From jamiel at sybase.com  Fri Jul 15 11:04:00 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 15 Jul 94 11:04:00 PDT
Subject: National ID cards are just the driver's licenses on the Information
Message-ID: <9407151803.AA10936@ralph.sybgate.sybase.com>


At 10:38 PM 07/14/94 -0400, Dave Banisar wrote:
>On Thu, 14 Jul 1994, Stephen D. Williams wrote:

>> Do they realize how difficult it will be to get all the rural people,
>> little old ladies, etc. to go along with this?
>>
>
>Assuming that this becomes mandatory for all transactions that involve the
>govt, most little old ladies would have to go along if they wanted their
>medicare and social security checks. I dont see a huge liklihood of
>most people wanting to give up those (or even being able to afford to).

This conversation is beginning to remind me of parts of _The Illuminati_.
Great paranoid fantasy of a book. Kept me enrapt for *hours*.

>Dave


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From tcmay at netcom.com  Fri Jul 15 11:17:40 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 15 Jul 94 11:17:40 PDT
Subject: Leaving the Country
In-Reply-To: <199407151701.AA09132@panix.com>
Message-ID: <199407151750.KAA21412@netcom6.netcom.com>


I'll respond briefly here to the points both Sandy S. and Duncan F.
make. Cypherpunks who are interested exclusively in RSA keylengths or
in PGP Shells will not find this interesting. In my view, discussion
of tax policies and the implications of crypto has a role on this
list.

Those who don't think so should hit "delete" now.

> At 08:19 AM 7/15/94 -0700, Sandy Sandfort wrote:
> 
> >Over the period I've been on this list, I've seen the  optimism of 
> >various Cypherpunks wax and wane.  Normally, I greatly respect Tim's 
> >opinions.  Today, though, I think Tim is reflecting an emotional response 
> >more than a factual one.

Sandy, in his original post, went on to speculate that I am just
ignorant of the methods used. I disagree. I've talked to legal folks,
have strategized with friends who are also "persons of money" (to
coin a euphemism) and there appear to be few options for me to avoid
huge tax bites except via taking some pretty severe steps, like
leaving the U.S. and not returning.

I don't dispute that no schemes exist, I just claim that they're
difficult to set up (not surprisingly, in my opinion) and that in my
situation, with assets largely in the form of stock and real estate,
there are no easy ways to convert them into tax-protected forms
while remaining in the U.S. and while not being hit with a 35-45% tax
bite. (Which I find unacceptable, for various reasons.)

I have--don't forward this to the IRS!--toyed with the idea of simply
moving to a tax haven. A problem is that the tax folks in the U.S.
have a nifty idea that expatriates (ex-patriots?!) should still file
U.S. tax returns for 10 years after departure. Enforcement may be
tough right now, but I foresee advances in networks and border
checkpoints leading to situations in which tax-haven residents are
held at entries into the U.S. on charges of tax evasion.

If this belief of mine is accurate, then leaving the U.S. could be a
one-way ticket out. Maybe I'll go this route, ultimately, but it's
certainly not an easy step to take...and not one I'm planning to take
anytime soon, and not without a hell of a lot more thinking.

(My friends in similar situations are investigating options. None look
easy to take. Sure, Justin Dart can take his marbles and move to
Belize, but his needs are different from mine. He doesn't need
Computer Literacy Bookshop, Fry's Electronics, and a network of Bay
Area friends, for example. And so on.)


Duncan Frissell goes on to write:

> Maybe Tim needs to leave the People's Republic of Kalifornia and go into
> "internal exile" in one of the United States which is less invasive.

Well, Kalifornia is not the main issue. It's max tax rate is 11%,
compared to 39-41% (as I recall) for the Feds. So my _main_ concern is
not Kalif.

(I recall Duncan resides in New Jersey. An odd choice, I would think,
given their tax rate and other peculiar laws. But I digress.)

But I agree that the time may be coming for me to leave Kalifornia.
I'd give some reasons, but many of you kind-hearted people would
denounce me as racist, so I won't. (Suffice it to say I'm not a
racist, I just believe every person and every business should be free
to choose its customers and suppliers as it sees fit....Kalifornia is
choosing to inject itself into nearly all business dealings under the
guise of "fairness" and "antidiscrimination." I also see the social
welfare system straining, with inner cities becoming cesspools of
welfare and with unskilled immigrants being dropped directly onto the
welfare rolls...a reason Kalifornia is deeply in debt and why
businesses are seeking to expand elsewhere.)

As a step short of leaving the U.S. (partly because I think that while
the U.S. gets the Net attention for its Gorewellian plans, other
countries are following suit or have already done so), I've been to
Nevada to scout out property (no state income tax, lower real estate
prices, fairly mild climate, little welfare) and plan to check out the
coastal regions of Florida (also no state income tax).


The Cypherpunks connection (if you've read this far, no one was
forcing you to, so you must have found it interesting, eh?) is that I
might even be involved someday in a true Caribbean node for a Net
connection.

(But don't expect me to move to the Turks and Caicos tomorrow!)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From catalyst-remailer at netcom.com  Fri Jul 15 11:23:55 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Fri, 15 Jul 94 11:23:55 PDT
Subject: ATTENTION: OPERATION `WOODCOCK BLUDGEON' WILL COMMENCE SHORTLY
Message-ID: <199407151823.LAA01327@netcom9.netcom.com>



To Whom It May Concern:

We will shortly be commencing operation Woodcock Bludgeon. During this period 
you will experience some confusion and chaos due to secondary effects of
our meme carrier launchings in cyberspace.  This is a warmup `proof of 
principle' test for our more important, larger scale meme construction, 
fabrication, and penetration projects.

We assure you that these operations will help advance cyberspatial 
development past the current major blockages in the Matrix 
and combat future insidious perversions in the continuum (many of which
you may be personally familiar with).  Emphasis and urgency will be
focused on the most drained and threatened meme areas.

Please exercise the utmost discretion in your personal meme possession and
conveyance during this period of transition. We apologize in advance for any 
inconvenience this may cause.


 \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \
         _________       _________                      _________
        /   / \   \     /   / \   \                    /   / \   \
       /   /  /   /    /   /  /   /     ______        /   /  /   /
      /   /   ~~~~    /   /  /   /     /  __  \      /   /  /   /
     /   /           /    ~~~ __/      ~~~_/  /     /    ~~~   /
    /   /  ____     /   /~\   \      /~~~~_  /     /   /~~~~~~~
    \   \ /   /    /   /   \   \     \ ~~~ _ \    /   /
     ~~~~~~~~~     ~~~~     ~~~~      ~~~~~ ~~    ~~~~
 \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \

C y b e r a n a r c h i s t   R e p r e s s i o n   a n d   P o i s o n









From perry at imsi.com  Fri Jul 15 11:29:14 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 15 Jul 94 11:29:14 PDT
Subject: ATTENTION: OPERATION `WOODCOCK BLUDGEON' WILL COMMENCE SHORTLY
In-Reply-To: <199407151823.LAA01327@netcom9.netcom.com>
Message-ID: <9407151829.AA22181@snark.imsi.com>



Detweiler returns. Sigh.

Perry


catalyst-remailer at netcom.com says:
> 
> To Whom It May Concern:
> 
> We will shortly be commencing operation Woodcock Bludgeon. During this period
 
> you will experience some confusion and chaos due to secondary effects of
> our meme carrier launchings in cyberspace.  This is a warmup `proof of 
> principle' test for our more important, larger scale meme construction, 
> fabrication, and penetration projects.
> 
> We assure you that these operations will help advance cyberspatial 
> development past the current major blockages in the Matrix 
> and combat future insidious perversions in the continuum (many of which
> you may be personally familiar with).  Emphasis and urgency will be
> focused on the most drained and threatened meme areas.
> 
> Please exercise the utmost discretion in your personal meme possession and
> conveyance during this period of transition. We apologize in advance for any 
> inconvenience this may cause.
> 
> 
>  \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \
>          _________       _________                      _________
>         /   / \   \     /   / \   \                    /   / \   \
>        /   /  /   /    /   /  /   /     ______        /   /  /   /
>       /   /   ~~~~    /   /  /   /     /  __  \      /   /  /   /
>      /   /           /    ~~~ __/      ~~~_/  /     /    ~~~   /
>     /   /  ____     /   /~\   \      /~~~~_  /     /   /~~~~~~~
>     \   \ /   /    /   /   \   \     \ ~~~ _ \    /   /
>      ~~~~~~~~~     ~~~~     ~~~~      ~~~~~ ~~    ~~~~
>  \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \
> 
> C y b e r a n a r c h i s t   R e p r e s s i o n   a n d   P o i s o n
> 
> 
> 
> 





From jim at bilbo.suite.com  Fri Jul 15 11:42:48 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Fri, 15 Jul 94 11:42:48 PDT
Subject: intelligent networks
Message-ID: <9407151839.AA20107@bilbo.suite.com>




There's an interesting article in the July 11'th edition of Communications  
Week on page 8 of the Network Monitoring & Testing insert.

Here are some selected paragraphs:

"The convergence of technologies for multimedia promises a new age of  
"super-smart networks" to give users the ultimate weapon in monitoring and  
testing."

"These new multimedia networks...offer sophisticated self monitoring from  
a central signal distribution point, or head end, to the customer's  
doorstep."

"..hybrid fiber coax networks are, "a bit of a paradigm shift from  
previous networks in the sense that a large part of testing is eliminated  
and replaced by proactive maintenance in surveillance fashion."

"The hybrid network has monitoring everywhere, and that surveillance  
allows us to do proactive maintenance and isolation of problems."

"You can ask the network about itself, and discover things such as whether  
its healthy of not, whether it's got a phone call up, how a phone call is  
connected through the network or whether or not video is enabled at a  
particular home."

"...the network can test the NIU (Network Interface Unit) on the side of  
every home to determine whether a problem lies between the central office  
and the home or resides in a wiring flaw in the customer's home."

"...the set-top boxes in the network will belong to the service providers.   
But for test and monitoring purposes, US West will be able to tap all the  
information flowing back from that set-top box into the network, Emmot  
says."


With networks like that, who needs a Digital Telephony Bill?


Jim_Miller at suite.com






From jamiel at sybase.com  Fri Jul 15 11:46:20 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 15 Jul 94 11:46:20 PDT
Subject: ATTENTION: OPERATION `WOODCOCK BLUDGEON' WILL COMMENCE SHORTLY
Message-ID: <9407151845.AA07847@ralph.sybgate.sybase.com>


At 11:23 AM 07/15/94 -0700, catalyst-remailer at netcom.com wrote:

> \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \
>         _________       _________                      _________
>        /   / \   \     /   / \   \                    /   / \   \
>       /   /  /   /    /   /  /   /     ______        /   /  /   /
>      /   /   ~~~~    /   /  /   /     /  __  \      /   /  /   /
>     /   /           /    ~~~ __/      ~~~_/  /     /    ~~~   /
>    /   /  ____     /   /~\   \      /~~~~_  /     /   /~~~~~~~
>    \   \ /   /    /   /   \   \     \ ~~~ _ \    /   /
>     ~~~~~~~~~     ~~~~     ~~~~      ~~~~~ ~~    ~~~~
> \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \   \

Well, at least it came with a good .sig.


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From frissell at panix.com  Fri Jul 15 12:04:01 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 12:04:01 PDT
Subject: ID card from hell
Message-ID: <199407151900.AA04014@panix.com>


Three messages from Tim May concatenated:

>Many of Duncan's refutations boil down to "What about tourists?"
>The answer for the Feds is simple: temporary ID cards for tourists.

>3. The card acts essentially like the one citizen-units would receive,
>perhaps not fully authorizing certain things.
>
>4. Employers, even for casual work, would be required to check these
>cards, 
>
>Electronic "point of sale" terminals, similar to cash machines, could
>make this "painless." Even if cash is not outlawed--a different, and
>even more controversial topic--such "work permits" could be enforced
>in various way.

>I basically agree with Duncan's noble sentiments. I just don't think
>it likely  that the "What about the tourists?" argument will stop the
>national ID juggernaut once it begins to move.

>Perry makes my point well. That some people will be able to skirt the
>system, or that the system will ultimately be unenforceable, does not
>lessen my concerns.

>Anyway, I see the imposition of internal passports--with a name chosen
>for easiest acceptance, probably something like "Social Benefits
>Card"--as very likely and not easily avoided. Just the tying of such
>cards to driving would be devastatingly effective.

As a reader of utopian & dystopian literature since the 1950's (remember,
the Land of Oz was a utopian Socialist State), I was always hung up on
control technology and the possibilities of the State getting carried away.
Since I have been involved with computers and Cypherpunks my outlook has
reversed.

Let's assume for purposes of argument that the Feds have both the will and
the money to impose tight financial and regulatory controls on American
society.  I will even assume that *we* don't exist and there is no high-tech
opposition.
 Let's further assume that they rope in their NAFTA and G-7 (Gang of 7 Major
Industrialized Countries - US, Canada, Japan, England, France, Germany, and
Italy) partners in some sort of control regime to accomplish God knows what.
I guess their psychology is something along the lines of Houseman:

But no they will not,
They must still
Bend their neighbor to their Will
And make me dance as *they* desire
With jail and gallows and Hellfire.

The "Coercive Metaphor" as I like to call it fits in well with Klinton's
Bismarckian orientation.  Note his lovefest with Helmut a few days ago.  He
likes the German model of labor markets (where *all* jobs require a
certificate, where working during your holiday is a federal crime) and
medical care.  Where everything is either mandatory or prohibited.

Opposed to this model is the Anglo Saxon model of individual rights.  (X.25
vs TCP/IP to you networking types.)

Here's the problem for Control Freaks:  even if they get everything they
want it does them no good.  So they get their systems in place and they
start spitting out data.  What do they do with the data?  You run checks on
something the size of the G-7 economy, and you get tons of hits showing
anomalies.  You can't deal with all of them so you tighten your parameters
until you cover the (small) part of the deviate population that you have the
resources to do anything about.

Oh, you can employ all sorts of AI programs to "catch" deviates and you can
automate the punishment systems to deprive the deviants of "benefits" and
permissions.  We see this today with the automatic driver's license
suspensions for a host of offenses."  But cutting people off from "benefits"
just gives them the incentive to *work* for a living and they come out of it
stronger than ever with no ties to the government.  Until you deploy killer
robots to snuff deviates you can't make inroads into deviance purely by the
application of force.  The Commies tried.  Slick Willie only has the balls
to snuff a few Branch Davidians and Retail Pharmaceutical Salesmen.  "Wet
Work" is expensive.  Our prisons are likewise.

In New York City these days the big crusade is against unlicensed drivers
running over kids.  (Apparently, New Yorkers prefer their families to be
decimated by *licensed* drivers.)  The State automatically issues
suspensions and people keep driving.  The record is several hundred suspensions.

Note if you look around that even though there are more control attempts by
the State, things are less and less under control.  Compliance is *not*
increasing.    
Because direct application of force is difficult and expensive, it is rare.
What Control Freaks need is *voluntary* obedience.  But that is based on
respect for powerful institutions (which is falling).  We are primates and
try to get along with our "tribe."  In the past our "tribe" was village,
then local area, then nation state.  Today, technology has broken things up
so that we can form many different sorts of "tribes."  If we obey the mores
of our "tribe" it is increasingly unlikely that that "tribe will correspond
to the geographical nation state.

I obey the mores of my *tribe* -- libertarian net dwellers.  Others are
members of other "tribes."  We will collectively tend not to obey our nation
states and their power will therefore decline.

It is perfectly possible to have a rich full life even though you disobey
your nation state.  You need not even be an outcast any longer.  There are
*other* communities in which you can find full acceptance and support
*without* having to move.

I'm sure there will be much more to say later but I've run down...

>And everyone go out and read or reread Brunner's "The Shockwave
>Rider."

Also Harry Harrison's "Stainless Steel Rat" series.  Not for the technology
but for the philosophy.

DCF

"Nineteen Eighty-Four
Knocking at your door
Will you let it come
Will you let it run
Your life."

 --- Awaiting proper definition of Mime sound file standards.






From tcmay at netcom.com  Fri Jul 15 13:01:10 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 15 Jul 94 13:01:10 PDT
Subject: ID card from hell
In-Reply-To: <199407151900.AA04014@panix.com>
Message-ID: <199407151929.MAA11351@netcom7.netcom.com>


(Duncan's message not included, because I only want to make a brief
point.)

Not addressed in Duncan's essay was my chief concern: The "National
Benefits Card" is required to get license plate tags. (And maybe other
things, like car and home insurance, etc.)

It's all well and good to talk about disobedience, how the State can't
enforce traffic laws and how the "record" of several hundred traffic
citations shows this, etc. But how this applies to me is a different
matter.

To make this concrete, I recently got a speeding ticket--I was late
for the Saturday Cypherpunks meeting, ironically. The computer form
arrived a week or so ago: pay $130 by such-and-such date (in lieu of
contesting the charge), or the fee will roughly double, and then
double again, and so on. (I'm not sure of what the limits are, but the
fees escalate rapidly). Now my point is this: I plan to pay up, and
all the talk in the world about people with dozens or hundreds of
citations DOES ME NO GOOD.

If I fail to pay, I lose my car insurance (which makes me ripe for a
"deep pockets" lawsuit by anyone who gets into an accident with me).
Lots of other implications. Very real implications. 

It may be that scofflaws who are poor have an advantage--no assets to
seize, no insurance to worry about, etc. But for folks like me, the
notion that such laws can be safely ignored is crazy.

(No offense, Duncan, but I read your rant with enjoyment....I just
didn't see any connection with the reality I see around me.)

I continue to see great dangers here, in tying a national ID card to
transactions we are essentially unable to avoid in this society:
driving, insurance (and let's not argue insurance...I mean it is
unavoidable in the sense of legal issues, torts, etc.), border
crossings, etc.

As an example we haven't talked about recently, the national ID card
would presumably be tied in to income tax filings, in various ways I
won't go into here. The Postal Service, aiming to get into this area I
guess, has floated the idea of electronic filing, ID systems, etc.

Now how will one file taxes without such a card if one is made
mandatory for interactions with the government? Saying "taxes are not
collectable" is not an adequate answer. They may not be collectible
for street punks and others who inhabit the underground economy, but
they sure are for folks like me.

I see nothing in Duncan's essay that applies to me. And that's what
worries me about the move toward national ID systems and complete
traceability of all economic interactions.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From frissell at panix.com  Fri Jul 15 13:03:07 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 13:03:07 PDT
Subject: National ID cards are just the driver's licenses...
Message-ID: <199407152002.AA18475@panix.com>


At 06:41 PM 7/15/94 +0100, Graham Toal wrote:

>I'd love to take part in a list for discussing practical ways of
>assuring privacy.  I've been doing it myself for years.  How about
>asking Robert Hayden to start up a specific mailing list for it?
>(Some name like 'obfusc', for obfuscating database entries etc...?)
>- description: 'discussions of practical real-life ways of improving
>personal privacy.'

How about "Hardcore Privacy"
>
>Also, you tend to mention things in dribs and drabs... in fact, didn't
>you do a sort of mini privacy-101 some years ago by posting little
>snippets of advice in your .sig file every post?  Do you have
>any collected files with _lots_ of this stuff in it already that we
>could read?

That was me.  I'm kind of lazy about pulling everything together in one place.

DCF

"Give me a rule, I'll give you a work-around."






From frissell at panix.com  Fri Jul 15 13:36:58 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 13:36:58 PDT
Subject: Leaving the Country
Message-ID: <199407152033.AA25810@panix.com>


At 10:50 AM 7/15/94 -0700, Timothy C. May wrote:

>As a step short of leaving the U.S. (partly because I think that while
>the U.S. gets the Net attention for its Gorewellian plans, other
>countries are following suit or have already done so), I've been to
>Nevada to scout out property (no state income tax, lower real estate
>prices, fairly mild climate, little welfare) and plan to check out the
>coastal regions of Florida (also no state income tax).

FYI - the states with no (general) tax on wages are:

New Hampshire*
Florida
Texas
Tennesee
South Dakota
Wyoming
Nevada
Washington
Alaska*

*No (general) sales tax either.  How do they do it -- Magic.

DCF 

Privacy 101 - In 1944, my friend Byrt ran into this girl on the street that
he knew from his old neighborhood.  He told her where he was sleeping.  That
evening, the Geheime Staatspolizei visited Byrt and invited him to become a
guest of the German government.  One year later, elements of Patton's Third
Army rescued Byrt from his mistake of telling someone where he slept.






From analyst at Onramp.NET  Fri Jul 15 13:49:39 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Fri, 15 Jul 94 13:49:39 PDT
Subject: Leaving the Country
Message-ID: <199407152050.PAA28826@ns.onramp.net>



>FYI - the states with no (general) tax on wages are:
>
>New Hampshire*
>Florida
>Texas
>Tennesee
>South Dakota
>Wyoming
>Nevada
>Washington
>Alaska*
>
>*No (general) sales tax either.  How do they do it -- Magic.



*New Hampshire--alcohol sales (state run liquor stores), anything else?
*Alaska--lots of oil.



--
Benjamin McLemore
analyst at onramp.net







From hughes at ah.com  Fri Jul 15 13:51:13 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 15 Jul 94 13:51:13 PDT
Subject: Key length security (calculations!)
In-Reply-To: <199407150536.WAA26322@netcom8.netcom.com>
Message-ID: <9407152025.AA17813@ah.com>


First Tim wrote:
   > Factoring is suspected to be in the class NP (or
   > even harder, some suspect), but it has not yet been proved to be so.

NP is nondeterministic polynomial time, meaning that you can verify
the answer in polynomial time.  You need not be able to derive the
answer in P time.  The 'nondeterministic' part means that the machine
guesses the reason for the correct answer and then verifies that it
has the right answer.  The reasoning is encoded in a piece of data
called a witness.

Since one can multiply two numbers together quickly, factoring is
NP-hard.  (X-hard means that the answer comes from a 'short' sequence
of decision questions in complexity class X.)  The verification,
multiplication, is in P, so factoring, the inverse of multiplication,
is NP-hard.  

Since every P problem can be verified in P time (by running the P time
algorithm without the need for a witness), P is a subset of NP.  The
unknown question is whether it is a proper subset.

Then James wrote:
   Those who have studied the matter generally believe that factoring
   is NP, but is not NP complete.

Factoring isn't in NP.  Factoring is NP-hard.  Problems in P and NP
are decision problems, i.e. problems which have true or false answers.
NP-hard means that the problem can be reduced to answering a short
list of NP problems.  In this case, those questions might be "Is the
second-lowest bit of the smallest factor a 1?" and so on, questions
about specific properties of the factorization.  Note that a
factorization makes a suitable witness for every such NP question.

   Factoring cannot be "even harder than NP" since a simple minded
   brute force attack is 2^(n/2), which is only NP

2^n problems give you E, exponential time.  There's also NE,
nondetermistic exponential time, problems which have witnesses
verifiable in E time.  Merely having an exponential time algorithm
does not mean that the problem is in NP.

NP is a subset of E, however.  The easy algorithm is exhaustive search
of the space of possible witnesses, which in exponential in the length
of the P time verification method, and therefore exponential in the
length of the input.

   As Timothy May points out, if factoring is NP, then modest increases
   in key length can easily defeat enormous improvements in factoring.

Also not quite true.  Consider a putative problem whose provably best
algorithm is O(n^(log log n)).  This algorithm dominates every
polynomial (and hence is _not_ in P), but grows extremely slowly.  How
extremely?  Take the log base at 10 and n = 1 googol.  The calculation
yields O(n^2).  No such algorithms or problems are known, I might add;
neither is their existence firmly denied.

Eric





From smb at research.att.com  Fri Jul 15 13:57:53 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 15 Jul 94 13:57:53 PDT
Subject: Leaving the Country
Message-ID: <9407152057.AA15944@toad.com>


	 FYI - the states with no (general) tax on wages are:

	 New Hampshire*
	 Florida
	 Texas
	 Tennesee
	 South Dakota
	 Wyoming
	 Nevada
	 Washington
	 Alaska*

	 *No (general) sales tax either.  How do they do it -- Magic.

Magic?  TANSTAAFL.  Alaska has oil money (or has had it), and New
Hampshire provides (relatively speaking) fewer services to its citizens,
according to folks I know who have lived there.  Knowing the politics
of much of this list, that's probably considered a Good Thing by many;
I disagree, but I won't clutter the list with (even more) politics.
But if you're thinking of moving anywhere, find out what you *aren't*
getting for your money, and see if it's worth it.





From blancw at microsoft.com  Fri Jul 15 14:09:48 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 15 Jul 94 14:09:48 PDT
Subject: ID card from hell
Message-ID: <9407152109.AA17098@netmail2.microsoft.com>


>From Duncan Frissell:

It is perfectly possible to have a rich full life even though you disobey
your nation state.  You need not even be an outcast any longer.  There are
*other* communities in which you can find full acceptance and support
*without* having to move.
.....................................................

But it isn't the acceptance of a small group which is the problem  - it 
is the effects of the macrocosm upon the minor element ("tribe", group, 
or just individual):

It is that you must live in their re-arrangements of reality more and 
more, and in the actual reality less and less;  one's own area of 
authority is constantly reduced, replaced by their overriding decisions.

First they nationalize your possessions, then your mind:  but it can 
also be done the other way:  while everyone is freely engaging in 
commercial transactions across national boundaries, in the background 
everyone is being corralled into a national identity scheme by which 
they can be made responsive to the "needs of the State" (legitimate law 
enforcement, etc.)  It's not so much the fact that everyone is 
identifiable individually for every place they go and everything they 
purchase, etc. which is so much the issue (at least for me);  it is 
that the connection to the Holy Leadership is always maintained, like a 
tether  -  you always know, psychologically, to whom you are attached 
and to whom therefore, you must surrender your money, your time, your 
identity card........

It's just continous war.  I appreciate the tips which Duncan provides, 
even if they're inconvenient and don't work for everyone.  There oughta 
be a FAQ for Hitchhikers on the Galaxy, on "How to Live Among Them".

Blanc






From cactus at bb.com  Fri Jul 15 14:11:32 1994
From: cactus at bb.com (L. Todd Masco)
Date: Fri, 15 Jul 94 14:11:32 PDT
Subject: Factoring
Message-ID: <199407152117.RAA08087@bb.com>




I'm confused on a point, and I hope someone will clarify.  Factoring
 keeps being described as a 2^(n/2) problem, yet AFAIK (I wrote the code
 to do it the other morning before breakfast), it's doable in
 linear (O(n)) time.

What gives?

(The algorithm I'm thinking of is:

/* Algorithm:  To factor the number n, start with n boxes, each with one
   "marble."  Remove last box, put it's marble in box #1.  If all boxes
   have the same number of marbles, the number is factored.  If not,
   remove last box.  Put marble in box #2.  Compare.  Etc.

   possible optimizations: div by each prime l for a quicker starting
	point.  (2,3...)
   */

factor(int target)
{
  int place = target;
  int smallest = 0;
  int load = 1;

  while (place>1) {
    place--;       /* N-1 boxes. */
    smallest+=load;    /* Next box in line gets the marble */
    if (place <= smallest ) {
      load++;
      if (place == smallest) 
	printf(" Factor: %d by %d\n",place,load);
      smallest = smallest-place;
    }
  }
}
--
L. Todd Masco  | Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | "Information wants to be free, but authors want to be paid."





From hayden at vorlon.mankato.msus.edu  Fri Jul 15 14:29:43 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Fri, 15 Jul 94 14:29:43 PDT
Subject: ATTENTION: OPERATION `WOODCOCK BLUDGEON' WILL COMMENCE SHORTLY
In-Reply-To: <9407151829.AA22181@snark.imsi.com>
Message-ID: <Pine.3.89.9407151648.H7666-0100000@vorlon.mankato.msus.edu>


On Fri, 15 Jul 1994, Perry E. Metzger wrote:

> Detweiler returns. Sigh.

[D's spam deleted]

You have to admit though, he IS a creative paranoid...

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From berzerk at xmission.xmission.com  Fri Jul 15 14:38:14 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 15 Jul 94 14:38:14 PDT
Subject: Leaving the Country
In-Reply-To: <9407152057.AA15944@toad.com>
Message-ID: <Pine.3.89.9407151511.A11050-0100000@xmission>




On Fri, 15 Jul 1994 smb at research.att.com wrote:
> TANSTAAFL.
???????????

What is this, some comglomerate of 3 federal agencies?  tan-sta-afl

Berzerk






From analyst at Onramp.NET  Fri Jul 15 14:45:14 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Fri, 15 Jul 94 14:45:14 PDT
Subject: Leaving the Country
Message-ID: <199407152146.QAA05781@ns.onramp.net>


>On Fri, 15 Jul 1994 smb at research.att.com wrote:
>> TANSTAAFL.
>???????????
>
>What is this, some comglomerate of 3 federal agencies?  tan-sta-afl
>
>Berzerk

There Ain't No Such Thing As A Free Lunch
Robert Heinlein, _The Moon is a Harsh Mistress_  (I think)

--
Benjamin McLemore
analyst at onramp.net







From exabyte!gedora!mikej2 at uunet.uu.net  Fri Jul 15 14:45:58 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Fri, 15 Jul 94 14:45:58 PDT
Subject: Triple encryption...
In-Reply-To: <9407151730.AA19916@tis.com>
Message-ID: <Pine.3.89.9407151559.A29784-0100000@gedora>


> ...
> >> have you considered
> >>
> >>        des | tran | des | tran | des ?
> >
> >That one's sort of your "trademark", isn't it? <g> 
> 
> yup :-)
> 
> >clever, BTW.)  One scheme that seems to make even more sense, though, is:
> >
> >         des | tran | IDEA | tran | des
> >
> >You get the benefits of 112 bits worth of DES keyspace along with 128 bits
> >of IDEA keyspace, and thus don't stake your total security on the strength
> >of EITHER algorithm.
> 
> good, too.  Of course, it leaves open the question of which should be
> inside and which outside.
> ... 
> Yes, it's in response to Eli's paper that I advocated prngxor, as in:
> 
> 
>          des | prngxor | tran | des | tran | des
> 
> with the DES instances in ECB mode (in acknowledgement of Eli's attack).
> The prngxor destroys any patterns from the input, which was the purpose of
> CBC, without using the feedback path which Eli exploited.

Or for the rabid, clinically paranoid:

3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
... about 500 more lines of the same ...

with a memorized 5 megabyte key.

And I thought 15 round Diamond with a 256 bit key was overkill worse than 
3 key triple DES!

Seriously, folks, the weakest links of most cryptosystems are not in the 
symmetric key cipher (provided you pick one of the good ones), but in the 
key management, associating people with keys, and in picking good pass 
phrases.

Peace to you.
Mike Johnson
m.p.johnson at ieee.org






From koontzd at lrcs.loral.com  Fri Jul 15 14:50:16 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Fri, 15 Jul 94 14:50:16 PDT
Subject: Leaving the Country
Message-ID: <9407152149.AA20828@io.lrcs.loral.com>


TANSTAAFL

There Ain't No Such Thing As A Free Lunch





From merriman at metronet.com  Fri Jul 15 15:00:36 1994
From: merriman at metronet.com (David K. Merriman)
Date: Fri, 15 Jul 94 15:00:36 PDT
Subject: Leaving the Country
Message-ID: <199407152202.AA02284@metronet.com>


>
>
>On Fri, 15 Jul 1994 smb at research.att.com wrote:
>> TANSTAAFL.
>???????????
>
>What is this, some comglomerate of 3 federal agencies?  tan-sta-afl
>
>Berzerk
>
>

There Ain't No Such Thing As A Free Lunch

(The Moon Is A Harsh Mistress, Heinlein)

Clearly, a deprived and mis-spent youth......   :-)

Dave Merriman
Wherever you go in Life - there you are!






From sandfort at crl.com  Fri Jul 15 15:02:41 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 15 Jul 94 15:02:41 PDT
Subject: Leaving the Country
In-Reply-To: <199407151750.KAA21412@netcom6.netcom.com>
Message-ID: <Pine.3.87.9407151439.A9384-0100000@crl2.crl.com>


C'punks,

On Fri, 15 Jul 1994, Timothy C. May wrote:

> [lots of stuff about taking severe steps]

>From what Tim alludes to, I still think he is just plain wrong about how 
bad things would be on him.  He's probably getting bad advice from 
practicing lawyers who have a vested interest in having financial privacy 
"difficult" to obtain.  (More billible hours, more fees.)  For the rest 
of us who aren't retired zillionaires, though, there is plenty that can 
be done.

> . . .
> As a step short of leaving the U.S. (partly because I think that while
> the U.S. gets the Net attention for its Gorewellian plans, other
> countries are following suit or have already done so), I've been to
> Nevada to scout out property (no state income tax, lower real estate
> prices, fairly mild climate, little welfare) and plan to check out the
> coastal regions of Florida (also no state income tax).
> 
> . . . I might even be involved someday in a true Caribbean node for a Net
> connection.
> 
> (But don't expect me to move to the Turks and Caicos tomorrow!)

Now THIS is the give-'em-hell, can-do Tim we all know and love.


 S a n d y








From kentborg at world.std.com  Fri Jul 15 15:44:41 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 15 Jul 94 15:44:41 PDT
Subject: Card Playing Protocol?
Message-ID: <199407152244.AA22734@world.std.com>


Something that frustrates me in fighting about crypto issues is the
amazing quantities of ignorance available on the subject.  I wish
people knew more.  Yes, if they understood how a meet-in-the-middle
attack works that would be nice, but I would settle with something far
simpler:
 
It would be really nice if people had practical experiance *using*
cryptography in a friendly, innocent, and non-threatening way.
 
Familiarity breeds comfort.
 
How to do this?  What about a multi-player game which requires
cryptography to implement the play?  One possiblity would be a
cryptographic implementation of playing cards.
 
This has very obvious and easy to understand graphical
implementations.  So simple a small child can easily understand the
product--which means possibly even the ITAR police would get the
concept.
 
This "digital deck of cards" would be flexible enough to allow the
playing of most card games with the addition of the same manual
book-keeping as is needed with physical cards.  For assistance in
keeping score, bidding--or God forbid--betting, there would be a
journaled, low-bandwidth communication channel which would be--very
important here--in the clear.
 
The digital cards would be cryptographically strong.  
 
Players would appreciate that cheating could be accomplished by
cracking the codes, and yet no one seems to be able to cheat.  (Note,
cheating through collusion in a game like bridge would still be
possible.)
 
The cards would not be suitable for distributing porn, bomb making
secrets, or drugs, yet would drive the ITAR police *crazy*.  What if a
deck of the these cards were to be illegally exported from the
country?!?!?  Try telling all those Regular Citizens who are getting
on the net and discover they can play cards that the cards are
dangerous munitions.  What a wonderful way to make the ITAR police
look completely silly.  Oh, and to be sure they *do* get upset, make
the cards just open enough that they *do* constitute something more
general-purpose.  (Make calls to PGP, or let others make calls to the
crypto functions in the digital cards--something like that.)
 
 
Comments?  Suggestions for a game other than cards that would be
better or more suitable?  

Is anyone already working on a Card Playing Protocol?
 
 
-kb, the Kent who tries to cause trouble


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From shamrock at netcom.com  Fri Jul 15 15:56:20 1994
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 15 Jul 94 15:56:20 PDT
Subject: Leaving the Country
Message-ID: <199407152256.PAA15574@netcom.netcom.com>


Sandy wrote:

>>From what Tim alludes to, I still think he is just plain wrong about how
>bad things would be on him.  He's probably getting bad advice from
>practicing lawyers who have a vested interest in having financial privacy
>"difficult" to obtain.  (More billible hours, more fees.)  For the rest
>of us who aren't retired zillionaires, though, there is plenty that can
>be done.

I have read Sandy's and Duncan's posts with great interest. Could one of
you perhaps give some concrete examples what a normal person can do to
avoid government intrusions such as the national health card, taxes, etc
and _get away_ with it?

Thanks,


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger

Please write to clipper.petition at cpsr.org and tell them you oppose Clipper.







From jamiel at sybase.com  Fri Jul 15 16:07:48 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 15 Jul 94 16:07:48 PDT
Subject: Card Playing Protocol?
Message-ID: <9407152306.AA28268@ralph.sybgate.sybase.com>


At  6:44 PM 07/15/94 -0400, Kent Borg wrote:

>Comments?  Suggestions for a game other than cards that would be
>better or more suitable?

What about implementing a Multiplayer Game Protocol? That way,
you can play cards, checkers, chess, Life(TM), -  all those
games that used to be really popular circa precolor macintoshes.

Have an API for game developers to plug into and let the net.gaming
begin.

>Is anyone already working on a Card Playing Protocol?

Not that I know of, but this is both good and silly enough
that I might see if I can find some time. Need to bone back up
on real coding...

>-kb, the Kent who tries to cause trouble

jl, the Jamie who appreciates the subtle.


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From berzerk at xmission.xmission.com  Fri Jul 15 16:10:56 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 15 Jul 94 16:10:56 PDT
Subject: Triple encryption...
In-Reply-To: <9407151730.AA19916@tis.com>
Message-ID: <Pine.3.89.9407151717.A16059-0100000@xmission>




On Fri, 15 Jul 1994, Carl Ellison wrote:
> I'd be most concerned about any ciphertext-only attack which is improved by
> having purely random bits as input.  Whichever algorithm is more resistant
Ahhhhhhh, I don't know how to say this, but no such atack exists, and 
none will ever exist.  You can not EVER atack a cipher if the plaintext 
is "random", as you have no basis for saying which "plaintext" is in fact 
the "plaintext".  Now if you know the plaintext(random bits) this is a 
different story.

Roger.





From berzerk at xmission.xmission.com  Fri Jul 15 16:14:35 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 15 Jul 94 16:14:35 PDT
Subject: National ID cards are just the driver's licenses...
In-Reply-To: <199407151741.SAA21412@an-teallach.com>
Message-ID: <Pine.3.89.9407151718.A16059-0100000@xmission>




On Fri, 15 Jul 1994, Graham Toal wrote:
> (Some name like 'obfusc', for obfuscating database entries etc...?)
how about: 
MSOSINYT 
for: 
Minimise Signal Obfuscate Signal Inject Noise(yt:-)

Wow, I wonder if that acronym is clasified somewhere:-)

Roger.





From Ben.Goren at asu.edu  Fri Jul 15 16:21:21 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Fri, 15 Jul 94 16:21:21 PDT
Subject: Card Playing Protocol?
Message-ID: <aa4cc75c1202101eea30@[129.219.97.131]>


Just so people know: complete protocols for poker can be found in Schneier.
All you need is a snazzy GUI. And, with ecash, you can even do all your
betting.

Nice idea!

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From ghio at kaiwan.com  Fri Jul 15 16:42:17 1994
From: ghio at kaiwan.com (Matthew Ghio)
Date: Fri, 15 Jul 94 16:42:17 PDT
Subject: Detweiler Abuse Again...
Message-ID: <199407152341.QAA23332@kaiwan.kaiwan.com>


It seems our old friend is up to his stupid tricks again.

After his drivel began appearing on various newsgroups, I stated logging
messages, and found this...

>From vkj at netcom.com  Fri Jul 15 11:20:35 1994
>Received: from TIGGER.STCLOUD.MSUS.EDU (tigger.StCloud.MSUS.EDU [134.29.33.14])
>by kaiwan.kaiwan.com (8.6.9/8.6.5) with SMTP
>          id LAA12671 for <ghio at kaiwan.com>; Fri, 15 Jul 1994 11:20:34 -0700
>          *** KAIWAN Internet Access ***
>Date: Fri, 15 Jul 1994 11:20:34 -0700
>From: vkj at netcom.com
>Message-Id: <199407151820.LAA12671 at kaiwan.kaiwan.com>
>Received: from <netcom6.netcom.com> (netcom4.netcom.com) by
>          TIGGER.STCLOUD.MSUS.EDU (MX V4.1 VAX) with SMTP; Fri, 15 Jul 1994
>          13:22:01 CST
>To: ghio at kaiwan.com
>Errors-To: /dev/null
>Request-Remailing-To: mail2news at demon.co.uk
>
>##
>Subject: ATTENTION: OPERATION `BIG COLLISION' WILL COMMENCE SHORTLY
>Organization: CRAM
>Newsgroups: alt.current.net-abuse,news.misc,news.admin.policy,alt.politics.datahighway,alt.culture.usenet,alt.culture.internet,alt.censorship,talk.politics.crypto
>
>
>To Whom It May Concern:
>
>We will shortly be commencing operation Big Collision. During this period you
>may experience minor fluctuations and disturbances in multitudinous channels
>over the cyberspatial continuum. This will be the first of our larger scale
>meme construction, fabrication, and penetration projects.
>
>We assure you that these operations will help maximize overall communications
>efficiency in the Matrix and invigorate and energize the advancement of
>unhindered meme propagation within the lower-vibratory realms, as well as to
>relieve some tensions by combatting recent degradory eruptions. Emphasis and
>urgency will be focused on the most drained and threatened areas.
>
>Please exercise the utmost caution in your personal meme possession and
>conveyance during this period of transition. We apologize in advance for any
>inconvenience this may cause.
>
> \   \   \   \   \   \   \   \   \   |   /   /   /   /   /   /   /   /   /   /
>          _______       ________          _____        _____  _____
>         ///   \\\      |||   \\\        /// \\\       |||\\\///|||
>        |||     ~~      |||   ///       |||   |||      ||| \\// |||
>        |||     __      |||~~~\\\       |||~~~|||      |||  ~~  |||
>         \\\   ///      |||    \\\      |||   |||      |||      |||
>          ~~~~~~~       ~~~     ~~~     ~~~   ~~~      ~~~      ~~~
> /   /   /   /   /   /   /   /   /   |   \   \   \   \   \   \   \   \   \   \
>
>C y b e r s p a t i a l  R e a l i t y  A d v a n c e m e n t  M o v e m e n t


Looks like he figured out how to use port 25...

And look who wasn't logged in...

> % finger vkj at netcom.com
> [netcom.com]
>
> V K Jayakumar (vkj)
> Home: /u4/vkj
> Shell: /bin/csh
> No unread mail.
> V K Jayakumar (vkj) is not presently logged in.
> Last seen at netcom8 on Thu Jul 14 22:09:39 1994
>
>
> No plan.

And detweiler...

> % finger tmp at netcom.com
> [netcom.com]
>
>  (tmp)
> Home: /u3/tmp
> Shell: /bin/csh
> No unread mail.
> Last login on ttypc from NETCOM-den2.netc, on Thu Jun 30 17:40:37 1994
>
> No plan.

Has he really been logged in for 15 days?

Please CC me in any responses, as I haven't had much time to keep up with the
cypherpunks list lately... :(





From tcmay at netcom.com  Fri Jul 15 16:52:42 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 15 Jul 94 16:52:42 PDT
Subject: Leaving the Country
In-Reply-To: <Pine.3.89.9407151511.A11050-0100000@xmission>
Message-ID: <199407152352.QAA06814@netcom14.netcom.com>


> 
> On Fri, 15 Jul 1994 smb at research.att.com wrote:
> > TANSTAAFL.
> ???????????
> 
> What is this, some comglomerate of 3 federal agencies?  tan-sta-afl
> 
> Berzerk

Roger, you ain't no mad dog libertarian if you haven't read "The Moon
is a Harsh Mistress," by Heinlein of course, and from whence came the
popularizaiton of of TANSTAAFL--There Ain't No Such Thing As A Free
Lunch.

I say "popularization" instead of coinage, because Goldwater use a
variant ("There isn't...") in his 1964 campaign, reportedly written by
one of his speech writers, Karl Hess. (The same Karl Hess who is
involved in libertarian matters.)

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From cactus at bb.com  Fri Jul 15 16:56:54 1994
From: cactus at bb.com (L. Todd Masco)
Date: Fri, 15 Jul 94 16:56:54 PDT
Subject: Factoring
Message-ID: <199407152358.TAA08861@bb.com>



jamesd at netcom.com (James A. Donald) writes:
> n is the number of bits, and factoring can be done in considerably less
> than 2^(n/2)
>
> When discussing complexity it is usual to use a measure of problem
> size that corresponds to the physical size of the answer or
> the question.
>
> Thus thus if you are factoring a 1024 bit number, n is 1024, not
> 2^1024

Ah.  Thank you -- it's amazing the number of obviously wrong answers
 I received to my question, all of them taking an authoritative tone
 (from "your algorithm doesn't work" (it does) to "your algorithm takes
 enormous amounts of memory" (in fact, it takes 3n)).

Makes one realize (again) how sceptical one must be towards answers 
 received on the 'net, "even" from cypherpunks.   [This isn't to
 slam anyone, just to suggest that people take a little more time to
 think before hitting the 'r' key.]
--
L. Todd Masco  | Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | "Information wants to be free, but authors want to be paid."





From kentborg at world.std.com  Fri Jul 15 17:52:08 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 15 Jul 94 17:52:08 PDT
Subject: Card Playing Protocol?
Message-ID: <199407160051.AA03924@world.std.com>


jamiel at sybase.com wrote:
>What about implementing a Multiplayer Game Protocol?

Cool, but only to the extent it falls out nearly for free, being too
general is an enemy of actually getting results.  Besides, it seems a
better application of any urges to be general would be to work with
*any* transport medium from an alt.games.moves to IRC to email (AOL,
Compuserve, etc., in addition to Unix mail) to TCP/IP to pagers.  So
let's tag things and leave room for expansion with new tags, but let's
build one thing first.

Don't get me wrong, I would love for it to be general--like become the
basis for general purpose transactions--but the very fact that that
occurs to me warns me that it is best to make version 1.0 first, and
then 2.0, etc.  Plus, being general about allowing new tags will
certainly tweak the ITAR police.

Ben.Goren at asu.edu wrote:

>Just so people know: complete protocols for poker can be found in
>Schneier.  All you need is a snazzy GUI. 

Do you *really* think I would propose such a thing without a handy
place to crib from?  Some people!  Hell, I might have to write some
code here, and I'm lazy.

Oh, it would be nice to be bit more general than just poker.  Just a
deck of cards, places to put them, the ability to reshuffle and
rearrange stacks on the table, play cards from your hand, etc.  The
enforcement of plays is through the same technique as with a real
deck: other players are watching.  The cryptographic aspects are the
interesting ones, not implementing any particular game.  Besides, I'm
lazy, remember.

Ben.Goren at asu.edu also wrote:
>And, with ecash, you can even do all your betting.

Noooooo!  This is a political move.  It should be nothing more wicked
than a deck of cards.  (To some people that is bad enough.  Maybe
there would be a Rook option...)  

Just a deck of 52-cards (and how many for Rook?) and a table on which
to play.

And that worries me.  What are the fundamental operations with cards?

Can everything be modeled as different stacks on the table?  Some have
special privilages: I can see my hand, you can't; the top n-cards of
some stacks are visible to everyone; some stacks are visible to all
(playing a trick).  Any player can manipulate any card--though if you
grab one from my hand I might get upset, every player will see the
manipulation.  Some cards are face up (or once were), some are face
down (shuffled with the whole deck or a subset).  

Interesting realization: there is a set of card tricks which can be
performed in this environment and a set which cannot.  I suppose there
would then be a set of magicians who are willing to perform with this
deck and a set who will not.  (And how many will use magic tricks as
proof of having factored RSA-XXX?)

Where to put the information about face down cards: To make slow
interactions possible, is there a way every player can have all
information--but can be challanged that cards have not been peeked at?
And how to keep you from checking my hand in poker after
I--maybe--bluffed you into folding.  Hmm, there is a tension here.
Looks like I need to carefully read pages 78-81.


-kb, the Kent who is practicing looking innocent and saying things
like "Who me??  MUNITIONS???  All I wanted to do was to play gin
rummy.  With my mom in Minnesota."


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Fri Jul 15 18:50:52 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 15 Jul 94 18:50:52 PDT
Subject: Card Playing Protocol?
In-Reply-To: <199407152244.AA22734@world.std.com>
Message-ID: <199407160150.SAA09903@netcom.netcom.com>


Kent Borg writes:

> It would be really nice if people had practical experiance *using*
> cryptography in a friendly, innocent, and non-threatening way.
>  
> Familiarity breeds comfort.
>  
> How to do this?  What about a multi-player game which requires
> cryptography to implement the play?  One possiblity would be a
> cryptographic implementation of playing cards.

By the way, someone was proposing a crypto game some months back. I
don't recall who it was (speak up!), but the notion was floated.

An obvious problem with crypto card games is this: what does it
provide that is worth the extra effort of doing encryption?

This simple question of benefits vs. costs is often the showstopper in
deployment of crypto. The nonuse of Magic Money/Tacky Tokens lies, I
think, in the hassles of using it not providing tangible benefits over
ordinary cash.

When I play cards--which I admit has not been for many years--I play
to play, not to do crypto. I suspect most ardent card-players would be
even more adamant about this.

Find a _reason_ to use crypto in games, and you may have something.
(What might this be? Illegal gambling is an obvious possibility that
could "incentivize" folks. A lot of infrastructure would be
needed...digital money, much better remailer security than anything we
now have, etc.)

Until a reason exists, few people will jump through hoops imposed by
someone else. Give them a reason to use crypto, not just an excuse.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From kentborg at world.std.com  Fri Jul 15 19:06:57 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 15 Jul 94 19:06:57 PDT
Subject: CPP: Card Playing Protocol
Message-ID: <199407160206.AA23425@world.std.com>


Having reread pages 78-81, I guess pagers, usenet, and slow email are
pretty much out.

I looks like I am going to have to track down the proceedings from
Crypto 85, 86, and 87.  (Still in print?  Expensive??)  All the main
sources seem to be in them.

Though all the applicable literature talks of playing poker, it seems
more general and politically wiser to talk about playing cards.
Besides, "PPP" is already in big-time circulation meaning
"Point-to-Point Protocol", "PP" for "Poker Protocol" is only two
letters--of course verboten.  "PGP" for "Pretty Good Poker" would only
get Phil's lawyers after me.

That leaves "CPP", for a nice wholesome card game.


-kb, the Kent who might actually do it


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Fri Jul 15 19:28:23 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 15 Jul 94 19:28:23 PDT
Subject: Card Playing Protocol?
Message-ID: <199407160228.AA28369@world.std.com>


tcmay at netcom.com writes:
>Find a _reason_ to use crypto in games...

Easy.  Three quick ones.

1) If you like nice distributed "I don't need no stinkin' trusted
server" ways of doing things, it is the only way to play some virtual
games.

2) Games are very important.  (Quick: Name 10-industries which are
bigger.  ...  Betcha ya made at least one mistake.)

3) A simple game of cards is very non-threatening.  It doesn't smack
of anarchists or revolutionaries or anything frightening like that.
Those words scare a lot of people.  This is politics man, these things
matter.

Tim also writes:
>An obvious problem with crypto card games is this: what does it
>provide that is worth the extra effort of doing encryption?

I admit I originally considered a situation where the user actually
saw the crypto elements in action, I have since convinced myself that
is silly.  At least in the case of doing cards, too complicated.
Seeing the results is pretty powerful, however.

Also, remember who suggested this (today): I am a user interface
freak.  The effort is in the protocol, the user never sees it, she
only notices that she can now be part of the World Wide Duplicate
Bridge Tournament that she heard about on All Things Considered.

The effort in building the protocol?  I love that stuff.  

The effort in writing the software?  I like that stuff somewhat--but
there is possible *profit* here, I might not have to write more than
the crude 0.9 version.  Some game company might finally bring down
ITAR.  (Now that is economic might.)

The effort in CPU time or communication bandwidth?  Shit!  We are
talking a world of digital video, for christsakes!  What's a few
computrons and bauds burnt to deal a hand of go-fish?

Is there a flavor of effort I forgot?


-kb

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Fri Jul 15 20:15:59 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 15 Jul 94 20:15:59 PDT
Subject: Card Playing Protocol?
In-Reply-To: <199407160228.AA28369@world.std.com>
Message-ID: <199407160316.UAA19666@netcom.netcom.com>


Actually, I'm going to somewhat reverse direction and _encourage_ Kent
Borg to continue on with his card playing idea.

Not that my message a short while ago was condemning it, just pointing
out that one must motivate people to use something (or, even better,
cater to their natural motivations). The "castor oil" approach rarely
works. (For those younger than about 35, castor oil was once touted as
being "good for you." Actually, it has faded out before my time, but
the cultural effluvia of my childhood covered it.)

Kent writes:

> Easy.  Three quick ones.

Kent is showing the classic signs of infatuation with a new idea.
Which is good. The problem, which I'll get back to later, is that
this enthusiasm usually fades....this has been the experience on our list.

> 2) Games are very important.  (Quick: Name 10-industries which are
> bigger.  ...  Betcha ya made at least one mistake.)

I don't know, but so what? Lots of things are classed as games.
Gambling is big, but so are a lot of other things.

Nick Szabo, no longer of this list, was once very hot on creating the
"Internet Casino." I have been, too, in an abstract sense...crypto
gambling as a legal "cover" for crypto protocols, since around 1989.
But I've not worked on these protocols, so I claim no credit.

(By the way, an imnplementation of mental poker would be useful. Once
people got the idea, though, they'd probably stop playing. A lot of
games are "funny onces," to again cite 'The Moon is a Harsh Mistress.')

> 3) A simple game of cards is very non-threatening.  It doesn't smack
> of anarchists or revolutionaries or anything frightening like that.
> Those words scare a lot of people.  This is politics man, these things
> matter.

Kent is ranting here, which is good. But this still won't make people
play your game.

> Also, remember who suggested this (today): I am a user interface
> freak.  The effort is in the protocol, the user never sees it, she
> only notices that she can now be part of the World Wide Duplicate
> Bridge Tournament that she heard about on All Things Considered.
> 
> The effort in building the protocol?  I love that stuff.  

I agree the protocols are the interesting part. This is why, despite
my cynicism about people actually playing this game, I encourage Kent
to continue. 

A recurring problem we all have is one of initional wide-eyed, ranting
enthusiasm, resulting in the idea being the thread du jour for a
couple of days, followed by....silence. And nothingness. (I won't
embarrass or anger anyone here by mentioning recent examples. There
are of course various reasons things don't take off, or even clear the
launching tower.)

> The effort in writing the software?  I like that stuff somewhat--but
> there is possible *profit* here, I might not have to write more than
> the crude 0.9 version.  Some game company might finally bring down
> ITAR.  (Now that is economic might.)

A huge issue. The cryptographic primitives needs are poorly
implemented, in my opinion. "Bit commitment" is one good example. The
papers on mental poker and secret sharing are not filled with code
examples, to say the least! It took 10-12 years to get widely
available examples of something so semantically simple as RSA, and
digital cash remains in a sorry state. 

The Crypto Proceedings (to answer Kent's earlier question: the Crypto
books for 1985-87 are widely available in technical
bookstores--Computer Literacy, Stanford, many other stores--and
directly from Springer-Verlag, for about $60-80 apiece, in paperback)
provide a few mathematical details, but conversion to C code is iffy.
Ask Bruce Schneier. Complicated protocols will need building
blocks--C++ classes, Smalltalk objects and methods, whatever.

Henry Strickland is working on a TCL toolkit (TCL the
Ousterhout/Berkeley package, not the Symantec product of the same TLA
name). I'm interested in object-oriented protocol building blocks, and
spoke on this at the last physical Cypherpunks meeting.

Kent Borg could make a real contribution by implementing the several
protcols for card games. I don't think it'll be easy, but it could be
rewarding. It has not been done, generally. (Beware of "faking" parts
of the protocols with a GUI facade such as game designer might be
tempted to use...the underlying protocols must be extremely robust.)

> The effort in CPU time or communication bandwidth?  Shit!  We are
> talking a world of digital video, for christsakes!  What's a few
> computrons and bauds burnt to deal a hand of go-fish?

Slow communication has worked well for games of skill like Go and
chess, but an IRC-type speed would most likely be needed to keep
interest up in all the card games I've seen. 

> Is there a flavor of effort I forgot?

The most consistently lacking flavor of effort in these kinds of
enthusiasms is--drum roll--sustained interest. If this becomes an
abiding interest of Kent, progress could be made, perhaps in as short
as a year or so. (Beware of slapping together a Potemkin village
facade of a demo.)

Hence my encouragement that he stick with this. Implementing even a
cryptographically-secure penny matching game would be a start.

Kent, just don't get caught too much up in fantasies about Donald Trump
buying the algorithm...a _lot_ of work has to be done first.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From frissell at panix.com  Fri Jul 15 20:47:09 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 20:47:09 PDT
Subject: Leaving the Country
Message-ID: <199407160346.AA25007@panix.com>


At 03:50 PM 7/15/94 -0500, Benjamin McLemore wrote:
>

>*New Hampshire--alcohol sales (state run liquor stores), anything else?
>*Alaska--lots of oil.

All the New England States including Taxachussets have State Liquor Stores.
NH has the cheapest booze of the lot and even entreprenurially advertizes to
encourage the residents of other states to save money at their stores.  

Actually lots of states had no sales and income taxes when I was born and
yet life somehow went on.  People may have even been happier (or more
satisfied).

DCF

"Sunday is the 200th anniversary of the Whiskey Rebellion.  Our last chance
to avoid a strong federal system.  Have a rye whiskey in memorium."






From frissell at panix.com  Fri Jul 15 20:48:46 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 20:48:46 PDT
Subject: ID card from hell
Message-ID: <199407160346.AA25057@panix.com>


At 02:04 PM 7/15/94 PDT, Blanc Weber wrote:

>First they nationalize your possessions, then your mind:  but it can 
>also be done the other way:  while everyone is freely engaging in 
>commercial transactions across national boundaries, in the background 
>everyone is being corralled into a national identity scheme 

>the connection to the Holy Leadership is always maintained, like a 
>tether  -  you always know, psychologically, to whom you are attached 
>and to whom therefore, you must surrender your money, your time, your 
>identity card........

The advantage of expatriation.  If you are in a country other than that of
your birth there is less of a psychological burden.  The government is just
another thing to deal with.  No magic associations from childhood.  This is
particularly true if you move around.  Dual nationality helps too.  You can
buy same for <$25K  from various Carribean nations.

DCF

"Anyone with at least one grandparent (living or dead) born in Ireland
(including Northern Ireland) is an Irish citizen.  All you need do is apply
for a passport."







From berzerk at xmission.xmission.com  Fri Jul 15 20:48:47 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 15 Jul 94 20:48:47 PDT
Subject: Leaving the Country
In-Reply-To: <199407152352.QAA06814@netcom14.netcom.com>
Message-ID: <Pine.3.89.9407152117.A25131-0100000@xmission>




On Fri, 15 Jul 1994, Timothy C. May wrote:
> Roger, you ain't no mad dog libertarian if you haven't read "The Moon
> is a Harsh Mistress," by Heinlein of course, and from whence came the
This is way out there, but I no longer read fiction.  I stoped at about 
40 fiction books, and did most of my reading in the non-fiction section. 
Having read the entire encyclopidia of science and technology by the time 
I was 8, I established a love of dry technical reading.

Roger, a nerds nerd, and a mans man, Bryner.
***********
We now return you to on-topic mesages.





From frissell at panix.com  Fri Jul 15 20:58:08 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Jul 94 20:58:08 PDT
Subject: ID card from hell
Message-ID: <199407160346.AA25076@panix.com>


At 12:29 PM 7/15/94 -0700, Timothy C. May wrote:

>Not addressed in Duncan's essay was my chief concern: The "National
>Benefits Card" is required to get license plate tags. (And maybe other
>things, like car and home insurance, etc.)

This can't be required because corporations and other legal entities can own
cars and these entities can, in turn, be owned by non-resident foreigners.
Funny story.  A couple of weeks ago, I rented a car from (a major car rental
agency) in a NE state.  They gave it to me for a week.  It had Florida
plates.  The registration expired at the end of June, three days into my
week-long rental.  I drove an "unregistered" car with the permission (albeit
unknowing) of a major corporation for 4 days. 

Also hard to break the Clean Team/Dirty Team technique where one family
member owns the cars and the others drive.  Same with property ownership.
If demand develops, I expect that some enterprising members of the
"underclass" will be able to rent their identities or rights to conduct
transactions to those who need them.  Government penalties won't faze them. 

>If I fail to pay, I lose my car insurance (which makes me ripe for a
>"deep pockets" lawsuit by anyone who gets into an accident with me).
>Lots of other implications. Very real implications. 

It is *much* easier to protect your assets from a private party than from
the government.  Private parties usually can't afford to sue you in the Cook
Islands to try and break your Foreign Asset Protection Trust.  

>I continue to see great dangers here, in tying a national ID card to
>transactions we are essentially unable to avoid in this society:
>driving, insurance (and let's not argue insurance...I mean it is
>unavoidable in the sense of legal issues, torts, etc.), border
>crossings, etc.

Tim, I sense that you suffer from the great American Insurance Addiction.
The belief that it is possible to eliminate all risk if you pay massive
amounts of money to an insurance company.  This tends not to work.  It leads
to mandatory insurance laws that lead to exploding insurance costs that lead
to system collapse.  Judgment proofing oneself is cheaper.

>Now how will one file taxes without such a card if one is made
>mandatory for interactions with the government? Saying "taxes are not
>collectable" is not an adequate answer. They may not be collectible
>for street punks and others who inhabit the underground economy, but
>they sure are for folks like me.

If you fail to include your SS# on your tax form but it is otherwise
complete and they have their dough, they don't prosecute.  Remember "Have
Spacesuit, Will Travel" in which our hero's father kept his money in several
cookie jars including one labeled "Uncle Sam" and then once a year emptied
that one out and sent it to the government:

IRS Agent:  But you have to fill out a tax form
Taxpayer:   The government can't even require that you be able to read and
write.

In 1993, the IRS referred approximately 350 cases to the Justice Department
for criminal prosecution.  Out of 20 million tax evaders that's a pretty
blunt sword.

Note that the current ID requirements under the 1986 Immigration Act have
had the sole effect of *dropping* the price of an SS Card and a California
Driver's License on the streets of East LA from circa $50 to circa $20 (due
to economies of scale presumably).  More technically advanced ID will merely
encourage people to become self employed (a good thing in any case).
Germany has much tighter ID requirements than we do.  Illegals there work
through contract employment firms that accept the risk for profit.

On the subject of border controls.  The DDR tried machine guns, barbed wire,
and concrete as border controls.  It worked for less than 30 years and "that
was then this is now."  Things move faster these days.  Even with
anti-foreigner hysteria, Germany, France, and the Benelux countries recently
eliminated crossing controls.  The others in the EU "inner 9" should follow
soon.  NAFTA should reduce ours as well.  Note BTW that Mexican vehicles
(including trucks) will get ease of entry in a couple of years.  Good place
to register your car?

As more countries become "developed" and world real income doubles and
doubles again (with shorter doubling times) travel for all purposes will
explode.  It will make current travel rates (the highest in history) look
insignificant.  Swamping is bound to occur.

Since we've established that direct application of force will have to be
increasingly rare (cost factors) that leaves control freaks with only denial
of service to fall back on.  Since DOS leaves unfilled demands (if the
service denied is something people actually want) it will create its own
market opportunity.  Markets have become *much* more efficient at this sort
of arbitrage these days.  Note that those denied credit cards because of bad
credit suddenly have dozens of secured credit cards to choose from.  

Tim has claimed that the government will get markets to reject willing
customers who have money to spend because they lack their 'US Card'.  That
runs counter to the entire history of markets.  People will find a way to
buy what they want.  DOS attacks will just leave people increasingly outside
the government system where some of us want to see them in any case.

DCF

"What is the first thing a 'Rocket Scientist' Derivative Designer says when
he's told that Chairman Gonzales of the House Banking Committee is out to
crush derivatives.  'Gee, you mean to tell me that I'll have to charge
another couple a hundred thou to design a new derivative to eliminate the
new regs?  No rest for the weary.'"






From DAVESPARKS at delphi.com  Fri Jul 15 21:18:26 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Fri, 15 Jul 94 21:18:26 PDT
Subject: Triple encryption...
Message-ID: <01HER653MHUQ9ASKAD@delphi.com>


Adam Shostack <adam at bwh.harvard.edu> wrote:

>         While the IDEA in th middle might slow down a meet in the
> middle attack on 2DES, I don't know that you're justified in claiming
> 112 bits of DES key space without something like:
> 
> des|des|IDEA|des

If IDEA can be *TRIVIALLY* broken, and assuming the availability of the
massive amounts of memory needed to store all of the data required for a
MITM attack, then you're technically correct. But, even granting that
possibility for the time being, you still have the equivalent of 57 bits of
DES keyspace, which is better than totally relying on 3DEA.

While a "super DES breaker" machine has been hypothesized, and a cost to
build it estimated, I don't recall anyone doing so for a "MITM DES breaker"
which would require incredible amounts of memory. At a minimum, it would
require not only *TWO* super-DES-crackers, but a very sophistocated machine
to gather the blocks generated by all of the various parallel processors
comprising the other two machines, store, and continually compare them,
searching for matches.

IMHO, that "middle" machine would be far more complex and expensive than the
other two. A MITM attack might, theoretically, take only twice as long as
attacking a single layer, the cost of doing so would be much more than twice
as large.  Anyone care to estimate what the cost of the RAM alone for the
"MITM interface" machine would be?  Let's see, for two 56 bit beys, you'd
need storage for 2^57 blocks of 8 bytes each, or 2^60 bytes.  At $40 per Mb,
or so, that would come to ... let's see ... $4 * 10^51 for memory alone.  And
once the list of blocks started growing as the attack progressed, could the
interface processor keep up with the other two, in real time?  Massively
parallel processors might speed both ends of the attack, but the "database
comparison phase" would be the real bottleneck, IMHO.

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From DAVESPARKS at delphi.com  Fri Jul 15 21:20:06 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Fri, 15 Jul 94 21:20:06 PDT
Subject: Triple encryption...
Message-ID: <01HER66KT4XS9ASKAD@delphi.com>


Mike Johnson wrote:

> Or for the rabid, clinically paranoid:
> 
> 3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 

 [11 iterations deleted]

> ... about 500 more lines of the same ...
> 
> with a memorized 5 megabyte key.
> 
> And I thought 15 round Diamond with a 256 bit key was overkill worse than 
> 3 key triple DES!
> 
> Seriously, folks, the weakest links of most cryptosystems are not in the 
> symmetric key cipher (provided you pick one of the good ones), but in the 
> key management, associating people with keys, and in picking good pass 
> phrases.

There's always a trade-off, and you've just demonstrated one of the
extremes.  In the final analysis, it's sort of like deciding whether to
spend $1000 on a security system to protect a $500 car, for "security", or
leave the doors unlocked and "hide" the ignition key under the mat for "ease
of use".  Probably something in between makes the most sense.

HOWEVER ... I was merely demonstrating one possible permutation on the
triple DES method. (More precisely, a permutation to someone else's
permutation.)  Replacing the middle layer of DES with IDEA seems to be a
feasible alternative, since IDEA is as fast as DES, or slightly faster. If a
user is concerned enough about security to want to use 3DES in the first
place, then an extra 64 bits of keying material is not an unreasonable
burden.  It also "diversifies" the overall protection in case either DES or
IDEA should eventually be found to be exceptionally weak when attacked in a
certain, previously unknown, manner.

IMHO, "paranoid" would be saying that people *MUST* protect their data to
this level, regardless of its actual "value", as opposed to merely
presenting options for an end-user the choose from, including some
common-sense key management guidelines as well.

A single iteration of the 512 layer "overkill" scenario might even make
sense, actually, under certain extraordinary circumstances.  Unless the
various algorithms react in some sort of strange way to actually *WEAKEN*
each other, your final security is equal to that of the STRONGEST of the
mix.  OTOH, if we *KNEW* that the best attack against IDEA was brute force,
then single IDEA would suffice for just about any conceivable application.

What would you like to suggest in the way of key management to make that
"link" at least as strong as the algorithmic one?  Your point is certainly a
valuable one, but the two aren't mutually exclusive.  That would be like
saying that I won't buy a lock for my front door until I've first replaced
all my windows with something more sturdy than glass.  It depends on the
nature and source of any potential attacks.  To follow the analogy, some
"burglars" are better at lock picking than glass-smashing.

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From sameer at c2.org  Fri Jul 15 22:01:13 1994
From: sameer at c2.org (sameer)
Date: Fri, 15 Jul 94 22:01:13 PDT
Subject: National ID cards are just the driver's licenses...
In-Reply-To: <199407151741.SAA21412@an-teallach.com>
Message-ID: <199407160459.VAA08316@infinity.c2.org>


> G
> PS Robert, did you say you could run anonymous mailing lists or was
> that someone else?  This might be a good list to kick off as an
> anon list, just on principle...
> 

	That was me.
	I'd be willing to host a privacy list.
	I'd probably be willing to host a fully-anon privacy list too,
(and offer it for free, instead of charging like I would normally) for
both marketing and ideological reasons.

	I have majordomo running here.

	Keep in mind though.. Tim says this often and I agree with
him. The splinter lists have *not* had much traffic. I created the
remailer-operators list, and there hasn't been much traffic. I wasn't
surprised, but I thought I may as well start it. (Whenever I do any
remailer hacking and/or changes I *will* [I think I have, as well]
post to the remailer-operators list.. I still encourage others to do
the same.)

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From jamesd at netcom.com  Fri Jul 15 23:00:35 1994
From: jamesd at netcom.com (James A. Donald)
Date: Fri, 15 Jul 94 23:00:35 PDT
Subject: Key length security (calculations!)
In-Reply-To: <9407150903.AA18447@geech.gnu.ai.mit.edu>
Message-ID: <199407160600.XAA24435@netcom8.netcom.com>


James Donald writes:
> > In the highly unlikely event that P = NP then we have also solved, as
> > an almost trivial special case, the problems of true artificial
> > intelligence, artificial consciousness, and artificial perception,
> > and the failure of one particular form of crypto will not be noticed
> > in the midst of such radical changes.

Ray writes
>   When was AI proved NP? 

It has not been proved to be NP.  But all known methods are NP.  If
P=NP then these methods could be executed in polynomial time.

If there is nothing strange about the brain, then either AI is not
NP, or P=NP

We are wandering rather far from cryptography, so I will refrain
from discussing the description of the perception problem in
terms of a special case of a problem whose general case is NP
complete.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From wcs at anchor.ho.att.com  Fri Jul 15 23:21:06 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 15 Jul 94 23:21:06 PDT
Subject: Leaving the Country
Message-ID: <9407160619.AA02668@anchor.ho.att.com>


Tim writes: 
> I say "popularization" instead of coinage, because Goldwater use a
> variant ("There isn't...") in his 1964 campaign, reportedly written by
> one of his speech writers, Karl Hess. (The same Karl Hess who is
> involved in libertarian matters.)

_was_ involved, I'm afraid.  Karl's heart disease caught up with him
this spring.  He'll be long remembered.

			Bill
			
# Bill Stewart       AT&T Global Information Solutions (new name for NCR!)
# 6870 Koll Center Pkwy, Pleasanton CA 94566  1-510-484-6204 fax-6399
# Email: bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465

KH: "A good friend, good lover, good neighbor"
Q:  "That's all there is to being an anarchist?"
KH: "What did you expect, a lot of rules?"

		Karl Hess, 1923-1994 - R.I.P.





From wcs at anchor.ho.att.com  Fri Jul 15 23:30:14 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 15 Jul 94 23:30:14 PDT
Subject: National I.D. Cards
Message-ID: <9407160628.AA02720@anchor.ho.att.com>


Brian writes:
>  It would seem we are missing a point about having National I.D.
> cards. The rest of the world seems ready to rush in and adopt some
> form of "Clipper" chips to monitor their own citizens. (There doing
> it in the U.S.!) Do we really doubt they will adopt "The Card" as
> well? (don't leave home without it!)
> 
> Step 2: International I.D. Cards......
> 
>  Can you say "New World Order?" Sure you can.......

Various other people write:
> But what about the tourists?

But we've had *international* ones for years.  Passports.
Go visit Morocco, or Egypt, or other places with heavy-duty bureaucracies,
especially *French* bureaucracies, and you'll find you need to show
your passport or National ID Card to stay in a hotel or change money;
some of those places even have the beginnings of computer infrastructure
to let them coordinAte that information.  Disgusting, but all too common.
In Egypt, they stick paper stamps like postage stamps on all the paperwork
to show you've paid the fees.

We've escaped that stuff for a long time (not surprising, considering
how upset some of our ancestors got about a 3% tax on tea...),
but we could join the rest of the world just about the time they're
giving it up....





From nobody at c2.org  Sat Jul 16 00:38:18 1994
From: nobody at c2.org (Random H0Z3R)
Date: Sat, 16 Jul 94 00:38:18 PDT
Subject: Detweiller
Message-ID: <199407160736.AAA16807@zero.c2.org>


hello, I hope this isn't a stupid question (if it is, the anonymity protects
me!!)

ghio said that Detweiller must have forged that Big Collision message
sent to his remailer, because the person it was attributed to hadn't
logged in. I wonder if "rsh" shows up in that type of login?? maybe
he "rsh"ed to the account to send from there?!?! and didn't log in
to have a cover story??

btw, I haven't seen anything from Detweiller at tmp at netcom.com. I assume
he still has the account?!?! maybe if someone calls netcom and complains
they will do something??

i'm glad ghio caught that message in his mailbox through careful screening
so that it wouldn't go out to the newsgroups. I always thought the
remailers were automated, but I guess in most case the operators are 
screening all the stuff. this is good, because we don't need any more
Detweiller junk out there (amazing how peaceful things are without him!!!)
too bad if the message was forged, because it would be LOTS of fun to
EXPOSE THE BASTARD!!! (insert evil smirk here)

BTW, here is something I was wondering. on the Detweiller message he has
an "errors-to: /dev/null" field. what does that do? why did he put that
in there, anyway? i've never seen any documentation reference it. do
the remailers handle it?

"wondering"






From kentborg at world.std.com  Sat Jul 16 00:51:15 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 16 Jul 94 00:51:15 PDT
Subject: Leaving the Country
Message-ID: <199407160751.AA08287@world.std.com>


frissell at panix.com writes:
>All the New England States including Taxachussets have State Liquor Stores.

Nope.  As a many year Mass resident I have never seen a state liquor
store in the state.  Sure, plenty across the border in New Hampster,
but not in MA.

One of New Hampster's big tax sources is nasty property taxes.  Nice
regressive taxes on wealth (both taxing wealth and regressive taxes
annoy me), to support a state which does its best to not exist.


-kb, the Kent who is currently in California where I can buy booze on
*Sunday*, and at a *grocery* store.  Cool!


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Sat Jul 16 01:08:13 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 16 Jul 94 01:08:13 PDT
Subject: Card Playing Protocol
Message-ID: <199407160808.AA09114@world.std.com>


Oh, GREAT!
 
Tim says (roughly): "Go for it, too bad you are doomed to lose
interest shortly."
 
Geeze, I hate people who make generalizations which are, well, likely
to be borne out yet one more time.  (I *hate* that!)
 
<Mutter grumble hrumph errrrrrah, phooy!>
 
So I am either supposed to put my tail between my legs now, or take
this as a challenge to "Follow through this time.", or let it soon die
quietly and hope Tim takes mercy and doesn't rub my nose in it.
 
Grrr.  I *hate* reality.
 
 
So here is where I am:
 
1) I am wondering whether a "digital deck of cards" is a good choice.
 
2) If it is, I am wondering how the protocol would roughly be framed
   (Fundamental card operations, etc.), with an eye towards what the
   cryptographic protocols can offer.
 
3) Then, if things make sense, appear tractable, and (drum roll) I
   haven't gone onto fresher blue-sky ideas, I figure out how to start
   building the damn thing.
 
4) And if I ever get to building it I will start first with the little
   pieces (the cryptographic fragments) which might be useful
   individually when I lose interest in building the larger beast.
 
I assume that I will have to do real work at each of these
stages--though I welcome any help.  Both now when the talk is still
cheap and later when the bits hit the disk.
 
 
So far I am at step #1, nudging towards portions of step #2.  I refuse
to be shamed about abandoning step #3 until I have at least embarked
on it.  (Then you can make fun of me.)  Just producing a complete
RFC-quality protocol would be something not to be sniffed at.  In
fact, I am prepared to stop there and *still* feel smug.  (So there!)
 
As for getting people to want to use this digital deck of cards, I
rely on my passion for good user interface design combined with the
continuing popularity of card games.  (And people's continued interest
in playing games with other people rather than just computers.)
 
 
So I am currently at step #.  Is the Card Playing Protocol a good
choice for being:
 
1) cryptographically interesting
2) tractable
3) "harmless"
4) appealing to users?
 
Comments?  (You too Tim.)
 
And Tim, don't worry about my eyes becoming glazed over with images of
Donald Trump.  I don't like The Donald.  Gambling is boring.
(Besides, generalized transactions are far more appealing to a
megalomaniacal fool like me.  How CPP applies remains for me to
understand...)
 
 
-kb, the Kent who is going to be Cometing tomorrow, handy annual open
house at JPL this weekend, etc.
 
 
--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com
kentborg at aol.com
          Proud to claim 32:00 hours of TV viewing so far in 1994!





From mimir at io.com  Sat Jul 16 02:30:09 1994
From: mimir at io.com (Al Billings)
Date: Sat, 16 Jul 94 02:30:09 PDT
Subject: Citizenship
In-Reply-To: <199407160346.AA25076@panix.com>
Message-ID: <Pine.3.89.9407160400.D21915-0100000@pentagon.io.com>



Only marginally topical if at all but the .sig about Irish citizenship 
prompted me to remember something I had heard: is it true that if you can 
prove German ancestry sometime since the unification of Germany (the 
first time), you can get citizenship there easily? Germany has its 
repressive laws but two of my great-grandparents came from what was 
formerly Prussia a little over 100 years ago.

Wes thu hal,
Al Billings






From DAVESPARKS at delphi.com  Sat Jul 16 04:19:56 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Sat, 16 Jul 94 04:19:56 PDT
Subject: Rappin. with Jesus
Message-ID: <01HERKBK3XLK9GWZTX@delphi.com>


> Did I tell you I got to talk to Jesus face to face yesterday?  Yup, I ran
> into him at the store.  No, this was different than Elvis!  Honest!  He
> even gave me his card!  He was a very nice person, and very helpful.  Oh,
> did I mention.  His last name was Guardado.  <g>

I've often wondered that the "H" in "Jesus H. Christ" stands for, too! <g>

> (Don't tell anybody I listen to KIFM -- the local jazz station -- 98.1!)

I also won't tell anyone the TITLE of this message, which implies that the
Almighty might actually enjoy rap "music".

> Well I went to the zoo to see you.  Errr.  I went to the primate exhibit

You been readin' Darwin again?  What's the name of his book?  "The Origin of
Feces", or something like that? <g,d,r>  Best kept in the "reading room",
anyway...





From frissell at panix.com  Sat Jul 16 04:57:29 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 16 Jul 94 04:57:29 PDT
Subject: National ID cards are just the driver's licenses...
Message-ID: <199407161156.AA02026@panix.com>


At 09:59 PM 7/15/94 -0700, sameer wrote:

>	Keep in mind though.. Tim says this often and I agree with
>him. The splinter lists have *not* had much traffic. I created the
>remailer-operators list, and there hasn't been much traffic. I wasn't
>surprised, but I thought I may as well start it. (Whenever I do any
>remailer hacking and/or changes I *will* [I think I have, as well]
>post to the remailer-operators list.. I still encourage others to do
>the same.)

A Hardcore Privacy list could well get more "crossover" action than a list
for a Cypherpunks-specific topic.

DCF

"Note that the future capability to conduct a wide range of financial
transactions electronically will allow anyone on earth to wake up in the
morning and say 'I guess I'll become a bank today.'  A bank is just a
network node running a particular flavor of server software."






From DAVESPARKS at delphi.com  Sat Jul 16 08:00:03 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Sat, 16 Jul 94 08:00:03 PDT
Subject: Please ignore the previous message
Message-ID: <01HERSK0M4QA9GXNCC@delphi.com>


Please ignore my previous message.  It was intended for an individual, and I
sent it to the Cypherpunks list by mistake. :-(

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From werner at mc.ab.com  Sat Jul 16 08:21:53 1994
From: werner at mc.ab.com (tim werner)
Date: Sat, 16 Jul 94 08:21:53 PDT
Subject: What's apropos to this list (was Re: Leaving the Country)
Message-ID: <199407161521.LAA09882@sparcserver.mc.ab.com>


>From: tcmay at netcom.com (Timothy C. May)
>Date: Fri, 15 Jul 1994 10:50:49 -0700 (PDT)
>
>I'll respond briefly here to the points both Sandy S. and Duncan F.
>make. Cypherpunks who are interested exclusively in RSA keylengths or
>in PGP Shells will not find this interesting. In my view, discussion
>of tax policies and the implications of crypto has a role on this
>list.

I agree.  I believe that discussions of privacy issues belong on this
list as well.  If I have to subscribe to a separate list to keep up
with means of privacy-protection so be it, but I'd rather not have to.

tw





From jya at pipeline.com  Sat Jul 16 09:39:46 1994
From: jya at pipeline.com (John Young)
Date: Sat, 16 Jul 94 09:39:46 PDT
Subject: Card Playing Protocol
Message-ID: <199407161639.MAA11224@pipe1.pipeline.com>



Responding to msg by kentborg at world.std.com (Kent Borg) on Sat, 
16 Jul  4:8  AM


>Grrr.  I *hate* reality.


A good beginning to changing it.


>Comments?  (You too Tim.)


I like your original notion of card-playing as a way to build a 
taste for crypto by non-cryptoids (like me).

It parallels political and economic chance and the use of 
crypto to hide info from foes and competitors.

Putting crypto into public play like this will help teach 
protection from economic security mongers and toadies.

Your idea shows that c'punks chefs continue to cook tastier 
fare than the alt. and talk. fora elsewhere.  

It feeds my interest in c'punks: the peripheral discussions, 
sometimes crypto-related,  enhance the main dish.







From hughes at ah.com  Sat Jul 16 10:13:10 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 16 Jul 94 10:13:10 PDT
Subject: Factoring
In-Reply-To: <199407152358.TAA08861@bb.com>
Message-ID: <9407161648.AA19160@ah.com>


   > When discussing complexity it is usual to use a measure of problem
   > size that corresponds to the physical size of the answer or
   > the question.

Not quite.  The length of the answer is not typically used in measures
of complexity.

The 'n' in O(n^2), et al., is the length of the input.  Exactly that,
and nothing more.  The length used is the number of symbols used to
encode the input from some finite alphabet of symbols.  Thus, the
lengths are determined up to a constant factor related to the
logarithm of the size of the alphabet.

   > Thus thus if you are factoring a 1024 bit number, n is 1024, not
   > 2^1024

Yes.  Getting the wrong 'n' will make complexity theory meaningless
and impenetrable.

Eric





From hughes at ah.com  Sat Jul 16 10:23:34 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 16 Jul 94 10:23:34 PDT
Subject: Factoring
In-Reply-To: <199407152117.RAA08087@bb.com>
Message-ID: <9407161658.AA19174@ah.com>


   Factoring keeps being described as a 2^(n/2) problem, yet AFAIK
   [...], it's doable in linear (O(n)) time.

Remember that the 'n' is the length of the input.

   /* Algorithm:  To factor the number n, start with n boxes, each with on
      "marble."  Remove last box, put it's marble in box #1.  If all boxes
      have the same number of marbles, the number is factored.  If not,
      remove last box.  Put marble in box #2.  Compare.  Etc.

      possible optimizations: div by each prime l for a quicker starting
	   point.  (2,3...)
      */

This algorithm is equivalent to trial division by each number less
than n.  At each stage the 'box counter' is equal to the remainder and
the 'number of boxes' is the divisor.

Now since n can be encoded in lg n bits (lg = base 2 logarithm), the
length of the input is N = lg n.  The representation of the boxes can
be represented in O(N) bits; use two counters, each the length of the
input.  The number of trial divisors is about 2^N, yielding an
exponential time algorithm.

Eric





From hughes at ah.com  Sat Jul 16 10:26:23 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 16 Jul 94 10:26:23 PDT
Subject: CPP: Card Playing Protocol
In-Reply-To: <199407160206.AA23425@world.std.com>
Message-ID: <9407161701.AA19188@ah.com>


   I looks like I am going to have to track down the proceedings from
   Crypto 85, 86, and 87.  (Still in print?  Expensive??)  All the main
   sources seem to be in them.

As Tim mentions, the Crypto proceedings are about $60-80.  I'd
recommend a library for specific or occasional use.  MIT's libraries
are very complete for cryptography, for example.

Eric






From tcmay at netcom.com  Sat Jul 16 10:37:43 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 16 Jul 94 10:37:43 PDT
Subject: Card Playing Protocol
In-Reply-To: <199407160808.AA09114@world.std.com>
Message-ID: <199407161737.KAA26905@netcom2.netcom.com>



Kent Borg writes:

> Tim says (roughly): "Go for it, too bad you are doomed to lose
> interest shortly."
>  
> Geeze, I hate people who make generalizations which are, well, likely
> to be borne out yet one more time.  (I *hate* that!)

No, I think it's a fine project, certainly more useful in the long run
than another PGP shell. But also more complicated, if done right.
(Done right = reusable building blocks for the various needed primitives.)

> So I am either supposed to put my tail between my legs now, or take
> this as a challenge to "Follow through this time.", or let it soon die
> quietly and hope Tim takes mercy and doesn't rub my nose in it.
>  
> Grrr.  I *hate* reality.

Glad you are taking my comments in the spirit in which they were
given. There are some pretty good reasons many of the ideas excitedly
discussed here never reach fruition:

1. No time. Most people have full-time jobs doing other things.

2. No funding sources to _force_ people to complete things they've
already been paid for.

3. No group of co-workers to chat with, to reignite interest, to exert
peer pressure to finish. It's just _so easy_ to let a project kind of
s-l-i-d-e  a-w-a-y...


> So here is where I am:
>  
> 1) I am wondering whether a "digital deck of cards" is a good choice.

Read up on the "playing cards by telephone" papers of the early to
mid-80s. Maybe implementing just one of the sets of ideas would give
your further insights.

> 2) If it is, I am wondering how the protocol would roughly be framed
>    (Fundamental card operations, etc.), with an eye towards what the
>    cryptographic protocols can offer.

That's the central issue. 

> 3) Then, if things make sense, appear tractable, and (drum roll) I
>    haven't gone onto fresher blue-sky ideas, I figure out how to start
>    building the damn thing.
>  
> 4) And if I ever get to building it I will start first with the little
>    pieces (the cryptographic fragments) which might be useful
>    individually when I lose interest in building the larger beast.
>  
> I assume that I will have to do real work at each of these
> stages--though I welcome any help.  Both now when the talk is still
> cheap and later when the bits hit the disk.

Lots of work. Remember, the mathematicians and computer people who did
these papers did not bother to build them into computer code, though
some of them surely could have if it were easy. (Chaum's people built
a running simulation--and crypto simulation is what we're talking
about here--of digital cash, but the version I saw was unusable by
other programs. That is, it was a "user at the console" sort of thing,
not a tool or class library or even a function call.)

What's lacking in crypto is a reasonable "framework" for these
concepts and functions to live it.


> As for getting people to want to use this digital deck of cards, I
> rely on my passion for good user interface design combined with the
> continuing popularity of card games.  (And people's continued interest
> in playing games with other people rather than just computers.)

Good user interface is probably the wrong thing to be thinking about
now, if the goal is wide use. Think "client-server" (or choose your
own paradigm). The building blocks are more important than a snazzy
Windows or Mac interface.

> So I am currently at step #.  Is the Card Playing Protocol a good
> choice for being:
>  
> 1) cryptographically interesting

Yes,

> 2) tractable

Unknown.

> 3) "harmless"

Not a real issue.

> 4) appealing to users?

For researchers, it would be interesting to have the set of
abstractions reified into running code. This is a longstanding
interest of many of us, and was one of the motivations two years ago
to form the Cypherpunks group. Eric and I figured it was high time to
take the various theoretical abstractions and implement them in code;
we hoped that a bunch of people would generate "Pretty Good Digital
Money," "Pretty Good DC-Nets," etc. So far, it's been slow. (And some
actual deployments, such as Digital Money, have faltered for other
reasons. Kent should look at MM and why it isn't in wider use and try
to learn some lessons for a gambling scheme.)

> Comments?  (You too Tim.)

See above.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hughes at ah.com  Sat Jul 16 10:45:44 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 16 Jul 94 10:45:44 PDT
Subject: Card Playing Protocol?
In-Reply-To: <199407160228.AA28369@world.std.com>
Message-ID: <9407161720.AA19222@ah.com>


   only notices that she can now be part of the World Wide Duplicate
   Bridge Tournament that she heard about on All Things Considered.

Duplicate games won't work on the net because the assumption is that
the players have no advance knowledge of the cards of the other
players.  Even if the same hand is dealt simultaneously to multiple
virtual tables., the differences in order of play will reveal cards
early for some players.

The hole is the sharing of information between players.

Duplicate could still be supported with physically based, but
distributed, rooms of play, using the Internet for logistical support.

   Is there a flavor of effort I forgot?

There is a non-crypto issue of how one finds playing partners without
a central server.  An IRC channel seems to have the right properties:
real-time, centrality of name, distributed information paths.  IRC
might be able to be hacked into directly.

The code to find of playing partners should integrate digital
signatures for identity, in order to make possible long scale
tournament play.

Mutual agreement should be required for the formation of a group.
Automatic agreement can always be implemented in client software.
There is likely an interesting protocol here for the negotiation of
group formation without revealing preferences that are not manifested
in the creation of a group.

I would strongly suggest the separation of the communications, user
presentation, and decision parts of the client software.  Folks should
be able to pick the presentation of the cards that they want: table
layout, card backs, etc.  Decision in current card games is currently
all by user input; the user sees the cards, decides what to do, and
clicks.  People will want to try out card playing algorithms, and you
might as well leave a hook in for them.

Eric





From hughes at ah.com  Sat Jul 16 10:58:36 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 16 Jul 94 10:58:36 PDT
Subject: Card Playing Protocol
In-Reply-To: <199407160808.AA09114@world.std.com>
Message-ID: <9407161733.AA19240@ah.com>


   1) I am wondering whether a "digital deck of cards" is a good choice.

Premature abstraction is a severe problem if it happens to you.  Read
some of the literature to get an idea of the techniques before you
pick an abstraction.  Your remarks about knowledge models for an
abstraction proposal of "a table with stacks of cards" seem on target.

Most card games require a random permutation, mutually trusted to be
random, which can be revealed one card at a time.  That permutation
need not be generated in advance.  Games like Magic--The Gathering in
which each player shuffles their own deck, are easier to implement and
only require bit committment.

The revealing of cards cannot be global, since at the beginning each
player sees only their own cards.  The revealing of cards should
require that the cooperation of each player that sees the cards, and
possibly some others.

Time to read crypto.

Eric





From solman at MIT.EDU  Sat Jul 16 11:15:02 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Sat, 16 Jul 94 11:15:02 PDT
Subject: Card Playing Protocol?
In-Reply-To: <9407161720.AA19222@ah.com>
Message-ID: <9407161814.AA23394@ua.MIT.EDU>


If I implement a card playing protocol and Okamoto & Ohta's bankless cash
system today and tomorrow morning (primarilly to verify that my primitives
work correctly) will you guys promise to pick them apart Sunday evening and
Monday?

JWS





From snyderra at dunx1.ocs.drexel.edu  Sat Jul 16 11:54:24 1994
From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
Date: Sat, 16 Jul 94 11:54:24 PDT
Subject: Geek of the Week (fwd)
Message-ID: <aa4ddb600002101e035b@DialupEudora>


OK.  I do remember the earlier discussion about forwarding material to the
list, but this is forwarding a pointer to data, which I hope is OK. :-)

I get my talk radio files from ftp://sunsite.unc.edu/pub/talk-radio,
although you may want to check the ITR FAQ for a closer location.  (Th FAQ
should be on rtfm.mit.edu)

Bob

>Date: Fri, 15 Jul 1994 04:03:15 -0400
>To: "Announcements" <announce at radio.com>
>From: "Internet Multicasting Service" <rtfm at radio.com>
>Org: Internet Multicasting Service
>Subject: Geek of the Week
>Status: RO
>
>The MIME-Version header has been deleted from this message to permit
>interoperability with a larger number of mailers.
>
>------- =_aaaaaaaaaa0
>Content-Type: application/x-program-listing
>Content-ID: <071594_geek_ITR.2 at trystero.radio.com>
>
>Station:  Internet Multicasting Service
>Channel:  Internet Talk Radio
>Program:  Geek of the Week
>Content:  Steve Crocker
>
>Carl Malamud interviews Steve Crocker, a newly elevated member of the
>Internet Architecture Board and a leading contributor in efforts to
>provide a security infrastructure for the Internet.  Crocker discusses
>PEM, Clipper, DSS, PKP, and other important security acronyms.
>
>Geek of the Week is made possible by the sponsors of Internet Multicasting
>Service, including O'Reilly & Associates, Sun Microsystems, and Interop
>Company.  Additional support is provided by NASA, Cisco Systems, Harper
>Collins, Persoft, Tadpole Technology, and WAIS Inc.  Network connectivity
>for the Internet Multicasting Service is provided by UUNET Technologies and
>by MFS Datanet.
>
>Cassette tapes of Geek of the Week are available from O'Reilly & Associates.
>Send electronic mail to audio at ora.com or point your WWW Viewer to the
>Global Network Navigator (http://nearnet.gnn.com/gnn/gnn.html).
>
>ITR Program Files:
>
>Size           Name                      Description
>==========     ======================    =======================
>14,771,098     071594_geek_01_ITR.au     Steve Crocker
>               071594_geek_ITR.readme    (This File)
>
>To learn about the Internet Multicasting Service, send your electronic
>mail to info at radio.com.
>
>------- =_aaaaaaaaaa0
>Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa1"
>Content-ID: <071594_geek_ITR.3 at trystero.radio.com>
>
>------- =_aaaaaaaaaa1
>Content-Type: message/external-body;
>        access-type="anon-ftp";
>        name="071594_geek_ITR.readme";
>        site="$SITE"; directory="$DIRECTORY"
>
>Content-Type: text/plain
>Content-ID: <071594_geek_ITR.4 at trystero.radio.com>
>Content-Description: Readme (This File)
>
>------- =_aaaaaaaaaa1
>Content-Type: message/external-body;
>        access-type="anon-ftp";
>        name="071594_geek_01_ITR.au"; size="14771098";
>        mode="image"; site="$SITE"; directory="$DIRECTORY"
>
>Content-Type: audio/basic
>Content-ID: <071594_geek_ITR.5 at trystero.radio.com>
>Content-Description: Steve Crocker
>
>------- =_aaaaaaaaaa1--
>
>------- =_aaaaaaaaaa0--

--
Bob Snyder N2KGO                                     MIME, RIPEM mail accepted
snyderra at dunx1.ocs.drexel.edu                       finger for RIPEM public key
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.







From ben at Tux.Music.ASU.Edu  Sat Jul 16 13:52:27 1994
From: ben at Tux.Music.ASU.Edu (Ben Goren)
Date: Sat, 16 Jul 94 13:52:27 PDT
Subject: Hashed hash
Message-ID: <Pine.3.89.9407161315.B9512-0100000@Tux.Music.ASU.Edu>


I'm planning on implementing the "cryptographic protection of databases" 
on page 61 of Schneier, to create a directory of a professional 
organization that would be useless to telemarketers.

There's a problem, though: a brute-force attack is agonizingly easy. If 
the hash algorithm runs at the same speed as DES, then an MC68040 could 
break all eight-letter last names in about three months. Only those who 
have twelve-letter last names would have even the security of DES against 
brute-force, and all this goes out the window if the attacker has any 
brains at all and uses the "telephone-book" attack Bruce mentions.

So, my question: for any of the popular hash algorithms H(m), is it known if 
there is or is not an algorithm I(m) such that I(m)=H(H(m))? Are the hash 
algorithms groups or not?

If not, then I can hash the name field as many times as I like for as much
of a strength v speed compromise as I want. If they are groups, then I
either have to figure out some other method of slowing things down--and I
haven't yet thought of anything that isn't either trivial or security
through obscurity--or decide if I can live with the fact that it's still
about as hard to get the information by a cryptographic attack as by
scanning in the printed book. 

Of course, should the electronic version be much more secure, then perhaps 
I can talk the organization into stopping printed publication, and it 
would be useful to organizations which haven't yet published their 
membership lists over fears of abuse.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.





From kevin at beach.com  Sat Jul 16 13:57:06 1994
From: kevin at beach.com (kevin at beach.com)
Date: Sat, 16 Jul 94 13:57:06 PDT
Subject: Traceless Calling
Message-ID: <940716134941.541AAC7E.kevin@beach>


For anyone interested in private communications:

We have a way to make untraceable phone, fax and modem calls!

We've negotiated with a reseller to pre-pay a (huge)chunk of minutes at a set
price. No information is taken. My company simply gives them the money and
they give us an 800 number and a ton of random access codes to get into their
network...from anywhere in the world(it can also be used as a travel card). We
then make the number and codes available with no record of ownership. As well,
by the time we distribute the access codes, they have been sequestered through
3 levels of distribution.

Payment is made up front in cash or by money order and no record is kept of
who gets which access code. No records, no invoicing, no auditing by Uncle
Sam. Just complete communications privacy.

Access codes are available in blocks of 100 minutes for $75. Volume discounts
are available. FYI, another company is providing this same service at 90
minutes for $99.

Call or email:

Kevin T. Smith, President


TeleSource
A Division of SonRise Corp.
(408) 247-4782 voice
(408) 247-1070 fax
ksmith at beach.com

*****************NeXTMail Preferred********************





From CCGARY at MIZZOU1.missouri.edu  Sat Jul 16 14:03:53 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Sat, 16 Jul 94 14:03:53 PDT
Subject: www for cypherpunks' collection
Message-ID: <9407162103.AA10698@toad.com>


At the location:
http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src
is the location of all the Cypherpunks' posts with index. I can
get to this place by placing a "www" in front of this instruction.
However, then, their are no "hyper" keys to push. Some key words are
listed but I don't know how to use them to get info..
Anyone familiar with www & got some answers?.
                                    Yours Truly,
                                    Gary Jeffers





From banisar at washofc.epic.org  Sat Jul 16 14:18:02 1994
From: banisar at washofc.epic.org (Dave Banisar)
Date: Sat, 16 Jul 94 14:18:02 PDT
Subject: USA Editorial on ID Cards
Message-ID: <00541.2857223505.6948@washofc.epic.org>


Date	7/16/94
Subject	USA Editorial on ID Cards
From	Dave Banisar
To	Dave Banisar

  USA Editorial on ID Cards
USA TODAY'S OPINION  (1)  (7/15/94)

Think the federal government already knows too much about your
private life? Hang on. The granddaddy of all privacy invasions - a
national ID card - is marching onto Capitol Hill. Startling
numbers of Democrats and Republicans, liberals and conservatives,
are embracing variations of the identity card - all in the name of
immigration reform. They contend the cards could keep illegal
immigrants out of American jobs by requiring potential bosses to
use the cards and accompanying national data base to verify
citizenship. The cards present gargantuan potential for abuse with
enormous costs. Just ask Eddie Cortez about the possibilities. The
mayor of Pomona, Calif., was stopped and ordered to produce proof
of citizenship by U.S. Border Patrol agents more than 100 miles
from the Mexican border last summer. What did Cortez do to warrant
such suspicion? The mayor was sitting in a pickup truck, wearing
jeans and looking like a Latino. Civil rights organizations and
advocates for Asians, Hispanics and other minorities believe the
national ID cards would mushroom such incidents of harassment.

Even if true, what's the harm if law-abiding citizens have a card
to clear them on the spot? Fear of constant harassment is the
problemm. Having to carry a card to guarantee your freedom is not
what the Founding Fathers had in mind. Then there's the price tag.
Production costs plus a supporting computer data base are
estimated conservatively at $2.5 billion by the Social Security
Administration. More elaborate systems could top $6 billion or
more. Still, proponents believe the means justify the end -
closing the jobs door to illegals. Not likely, say technical
experts. Right now, on street corners in California, Texas and
other states, fake Social Security cards, passports and driver's
licenses can be had for a price. Should a national ID card go into
effect, these same counterfeiters would merely turn their talent
to producing fake IDs or to producing the fraudulent documents
necessary to obtain the national ID. National ID cards are an old
idea and a bad idea. The last thing the federal government needs
is another peephole on personal privacy that ends up costing U.S.
taxpayers more money than it saves.


OTHER VIEW  (2)

DAN STEIN is executive director of the Federation for American
Immigration Reform, Washington, D.C.: A decade-old plan to create
a counterfeit-resistant work-welfare eligibility document to help
stop illegal immigration got a boost when the Commission on
Immigration Reform hinted this week that it might recommend the
idea. This tame proposal is endorsed by Democrats and Republicans.
California's Dianne Feinstein and Pete Wilson support it. Polls by
`Time,' Roper and Field show most Americans do, too. The `Los
Angeles Times,' `San Diego Union' and `Sacramento Bee' nod
approval. Liberals such as Barbara Jordan and the Rev. Theodore
Hesburgh, who've chaired our last two major immigration
commissions - are also on board. So why the flak? Because the idea
got mislabeled as a sinister-sounding "national ID card."
Ridiculous. In a country where the average American now carries a
driver's license, credit cards, calling cards, bank cards and
leaves electronic fingerprints all over town, isn't it time to
improve the integrity of America's birth records and make the
Social Security card fraud-proof? Americans are comfortable with
today's technologies and want illegal immigration stopped. With
secure documents, we could do it. Without them, we can't. There
would be other benefits. A secure identification system would save
us money, reduce welfare fraud, voter fraud and tax cheating,
while improving delivery of vital government services and reducing
discrimination. Most compelling is the fact that illegal
immigration pressures are growing fast. You heard it here first:
These are the "good old days." Unless we take steps now to improve
our ability to tell who's here legally and who's not, we're going
to lose the nation. Because of birth-record fraud, our citizenship
is built on a foundation of sand. Americans may not notice it, but
criminals and smugglers do. Crime rings know that if you've got a
good laser printer, you can become a citizen of the USA - by
making a phony birth certificate and Social Security card. That's
all it takes to make the phony foundation for other state and
federal documents and benefits. We're taking steps to secure the
currency of the USA against fraud. Isn't it time our citizenship
is given the same protection?









From berzerk at xmission.xmission.com  Sat Jul 16 16:35:51 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sat, 16 Jul 94 16:35:51 PDT
Subject: Hashed hash
In-Reply-To: <Pine.3.89.9407161315.B9512-0100000@Tux.Music.ASU.Edu>
Message-ID: <Pine.3.89.9407161720.A18856-0100000@xmission>




On Sat, 16 Jul 1994, Ben Goren wrote:
> So, my question: for any of the popular hash algorithms H(m), is it known if 
> there is or is not an algorithm I(m) such that I(m)=H(H(m))? Are the hash 
> algorithms groups or not?
I too would be interested in this, but would also wory about the hash 
functions "converging" to one value.  Unless the function G(i) is one on 
one, and not a group, this not good.  [G(i): G=H(m;i) i=H(m)] You could 
loose information in in the G phase of hashing, and shoot yourself in the 
foot.  What is wrong with the folowing two stratigies.:

1)
let I(key,block) be Idea(key, block)
    N be the number of iterations.
 
and Si be a non-strong, simple sequence, like from a LCG.
do I(S1,I(s2,i(s3,..........,i(sN,m);
for however many times, then hash it.

2) 
use a salt value, n. with n%N not equal to 0;
do 
 {
  m=i(s1,previous m)
 and 
  n=i(n,previous n)
  
  
 } untill (n%N=0)

Number 2 has the added bonus of working with true random numbers for n, 
so if you wanted to inclose the value of n in some encryption you have no 
plaintext.

If you keep this to 8 bits or so, you could use feal-4 instead of idea:-)

I asked a similar question about hash functions and have recieved no 
replies.

Roger.





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sat Jul 16 16:48:50 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sat, 16 Jul 94 16:48:50 PDT
Subject: www for cypherpunks' collection
Message-ID: <774401806/vac@FURMINT.NECTAR.CS.CMU.EDU>


I exchanged email with Eric Johnson about his database a few days ago.
He has had some sort of problem and does not have the time to fix it,
so his database is down till further notice.  This is too bad, as it
was a fantastic resource.

Sometime back someone mentioned that they now had their own workstation
on the net and were willing to do something, like make it available for
the Cyperpunk Electronic Book idea.  I think it would be really good to
have a permanent archive site to make all of the cypherpunk mail
available via FTP.  If they, or someone else, have the disk space to do
this, it would be a very good thing.  Along with making the mail
directly available, a permanent archive would let mosaic pages
reference any mail.

   --  Vince

ftp://furmint.nectar.cs.cmu.edu/security/README.html





From sandfort at crl.com  Sat Jul 16 16:50:58 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 16 Jul 94 16:50:58 PDT
Subject: TEMPEST
Message-ID: <Pine.3.87.9407161600.A10052-0100000@crl.crl.com>


C'punks,

I seem to recall a thread on the origin of the term "tempest" with regard 
to electromagnetic emissions.  Several people thought it was an acronym 
and various phrases were offered.  

I found a story I don't think was mentioned.  It's in an article from 
/Full Disclosure/, #26.  The article, "Hi-Tech Fraud," is by James E. 
Carter of Bank Security.  The relevant part says:

	... Is there a real danger because of EME?

	Well, I have known about EME for over thirty years and back
	then our government was so concerned the subject was classified.
	Our government gave EME the name "Tempest."  When this issue
	was brought up before a congressional committee, the statement
	was made, "it sounds like a tempest in a teapot."  So thereafter
	the name Tempest was adopted, so the story goes.

Sounds plausible.


 S a n d y








From frissell at panix.com  Sat Jul 16 19:45:10 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 16 Jul 94 19:45:10 PDT
Subject: Traceless Calling
Message-ID: <199407170244.AA21499@panix.com>


At 01:49 PM 7/16/94 -0800, kevin at beach.com wrote:
>For anyone interested in private communications:
>

>Access codes are available in blocks of 100 minutes for $75. Volume discounts
>are available. FYI, another company is providing this same service at 90
>minutes for $99.
>

Or you can walk up to any newsstand or drug store and buy a phone card from
someone else for cash for 30-60 cents/minute.

DCF







From kentborg at world.std.com  Sat Jul 16 22:52:43 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 16 Jul 94 22:52:43 PDT
Subject: Card Playing Protocol
Message-ID: <199407170552.AA20283@world.std.com>


tcmay at netcom.com writes of why projects (like my proposal) never get 
finished.  His item #3:
>No group of co-workers to chat with, to reignite interest, to exert
>peer pressure to finish.

I'm counting on Cypherpunks to play that role!


-kb, the Kent who is pretty excited about Shoemaker-Levy 9 too.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:00 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Sat Jul 16 23:24:05 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 16 Jul 94 23:24:05 PDT
Subject: Card Playing Protocol?
Message-ID: <199407170623.AA29265@world.std.com>


hughes at ah.com wrote some interesting stuff:
>Duplicate games won't work

Damn!  People are paying attention.  It was an off-hand remark.  Any
bells and whistles along those lines are certainly banned from any
early version.

>There is a non-crypto issue of how one finds playing partners without
>a central server.

My mind wandered to that very point this very morning.  The simplist
way to find players is the same we currently find email addresses: the
hard way.  Type in the addresses of the other players.  (Assuming the
software is already running on those nodes, those players would not
have to retype the other addresses, accepting the invitation to play
would be more like a single "click".)

I think anything more elaborate along these lines is a candidate for
banning from 1.0.  (One problem is that the "I'm looking for a
game."-problem is at least as big and interesting as building a deck
of cards.)

>I would strongly suggest the separation of the communications, user
>presentation, and decision parts of the client software.

And that is one of the wonderful sort of engineering problems I love:
keeping the different parts clear of each other's private parts yet
still considerate of their desires and needs.

>client software

My instinct is for a peer-to-peer design.  Yes, they will serve each
other cards, etc., but I would like to avoid the user confusion of
having two different sorts of software needed.  (At a comms protocol
level there might always be a single server per game--I don't know
yet--but I would like to hide that sort of stuff from users.)


-kb, the Kent who will be driving to Pasadena early in the morning,
but not to watch soccer.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:00 hours of TV viewing so far in 1994!





From joshua at cae.retix.com  Sat Jul 16 23:31:44 1994
From: joshua at cae.retix.com (joshua geller)
Date: Sat, 16 Jul 94 23:31:44 PDT
Subject: Card Playing Protocol?
In-Reply-To: <9407161814.AA23394@ua.MIT.EDU>
Message-ID: <199407170631.XAA01238@sleepy.retix.com>



>   If I implement a card playing protocol and Okamoto & Ohta's bankless cash
>   system today and tomorrow morning (primarilly to verify that my primitives
>   work correctly) will you guys promise to pick them apart Sunday evening and
>   Monday?

I am not a good enough cardplayer to want to play any kind of cards
for money.

however, if you implement a backgammon playing protocol (and there 
already is one in the public domain ... probably more than one) I
will not only do my best to pick it apart, but I will play anyone
else who is willing, for real (electronicized) money.

josh






From kentborg at world.std.com  Sat Jul 16 23:38:55 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 16 Jul 94 23:38:55 PDT
Subject: Card Playing Protocol
Message-ID: <199407170638.AA01093@world.std.com>


hughes at ah.com
>Time to read crypto.

HEY!  I've read Schneier (if that is what you meant).

Eric also went into various details of how to reveal cards to
individuals (my hand) and all players (the current trick),
etc.--details I am not prepared to comment on yet.  I have some
reading to do first!

I also need to review (learn) a collection of card games to appreciate
their requirements, whether there is a tractable common set of
operations.  (Ironic to have a virtual non-card player consider this
choice of project.)  Crypto is not the only thing I need to read.

-kb


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:00 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Sun Jul 17 00:19:34 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 17 Jul 94 00:19:34 PDT
Subject: Hashed hash
Message-ID: <199407170719.AA03993@world.std.com>


Ben.Goren at asu.edu foolishly says:
>I'm planning on implementing the "cryptographic protection of databases"

And wonders about the hash being too fast to compute, that a
brute-force traversal of the database would be too easy.  The idea is
then to hash a bunch of times to burn CPU cycles, but what if the hash
is a group, extra hashing could be reversed quickly.  (Did I get that
right?)


Well, as the LOUD proponent of making secret keys s-l-o-w-e-r to
decrypt, I have thought about this a bit, and have a suggestion:

Hash once, then do a zillion encryptions of the hash with a non-group
cypher like DES.  

Another idea (something I have thought less about): send every legit
user of the database a custom version with the parts encrypted with
that user's public key--and do the trick mailing list companies use,
scatter some dummy info in the list.  When a dummy (not just me) gets
a junk mailing, go beat up on the user who's copy had to have supplied
the junk.  Not perfect: combinations of dummies are needed in case the
junk mailer cracks multiple copies (multiple work) and then trys to
sift unique dummies that way.  Another problem: it is expensive to
monitor the dummies.  (1990's biz opportunity?, the monitoring of data
that no one is supposed to have.)


-kb, the Kent who doesn't want to be thought of as only a card player


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:00 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Sun Jul 17 00:56:42 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 17 Jul 94 00:56:42 PDT
Subject: Card Playing Protocol
In-Reply-To: <199407170552.AA20283@world.std.com>
Message-ID: <199407170756.AAA25277@netcom4.netcom.com>


> 
> tcmay at netcom.com writes of why projects (like my proposal) never get 
> finished.  His item #3:
> >No group of co-workers to chat with, to reignite interest, to exert
> >peer pressure to finish.
> 
> I'm counting on Cypherpunks to play that role!
> 

I'm too tired to make substantive comments, so for now I'll comment
only on the easily commented upon points.

One of the known limitations of virtual realities is that they provide
few of the feedback mechanisms that being in an office several hours a
day, interacting with bosses and subordinates, etc., provides.

The bandwidth for explaining ideas, clarifying misconceptions, and
brainstorming is dramatically lower than in real life.

You are mistaken if you think casual comments on this list will
replace the contact cited above. In any case, good luck.

In another post, you asked what the "MM" I mentioned in connection
with Digital Money was. MM is Magic Money, Pr0duct Cypher's
implementation of digital cash. A gifted programmer, and a prime
subject on this list. And yet MM is rarely used...maybe never used,
despite some announced plans.

You should study this in detail. And study crypto. As Eric said, "time
to read crypto."

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From rarachel at prism.poly.edu  Sun Jul 17 07:56:04 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 17 Jul 94 07:56:04 PDT
Subject: Card Playing Protocol
In-Reply-To: <199407170638.AA01093@world.std.com>
Message-ID: <9407171443.AA15381@prism.poly.edu>


I remember my crypto professor going over this as part of the last week of our
crypto class.  Somehow, there was a snag using RSA, and if I remember correctly
he used a model where both sides share the same N value.  He ran across some
P and Q prime values where this didn't work, but with a shared modulus for
both players, it did work.

Bruce Schneier's book didn't mention this snag, so either that was an error,
or there's something else we overlooked durring the simulation.  (This was a
blackboard simulation, not a computer simulation, but it failed with some
small numners... :-)

Anyway, you can ask him about it, his address is rvslyke at prism.poly.edu





From rarachel at prism.poly.edu  Sun Jul 17 08:27:12 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 17 Jul 94 08:27:12 PDT
Subject: Card Playing Protocol?
In-Reply-To: <199407152244.AA22734@world.std.com>
Message-ID: <9407171514.AA15664@prism.poly.edu>


What I suggest you do is you build something that can be telnetted into.

Say, something that would sit on a specific telnet port that people can telnet
into.  When they do, another copy of the poker (or whatever game) process is
forked into existence, and all of these processes can talk to each other
to pass on the deck encrypted in some form or other.

>From what I remember off the top of my head:

  You have to use a cypher which allows each card to be doubly encrypted and
decrypted without decrypting both encryptions:

  1.  Card encrypted by player 1:   E1(Card,eK1)
  2.  Card encrypted by player 2:   E2(Card,eK2)
  3.  Card encrypted by player 1, then encrypted by player 2:
                                    E2(E1(Card,eK1),eK2)

Now, whatever you do, player one must be able to decrypt his encryption from
step 3 above.  That is he should be able to take: E2(E1(Card,eK1),eK2) and
decrypt it with his key giving E2(Card,eK2) as follows:

      D1(E2(E1(Card,eK1),eK2),dK1) = E2(Card,eK2)

Where E1(card,key1) means encrypted by Player 1 with his key, and eK1 means
Player 1's encryption key; D1() means decrypt by player 1 with his decryption
key dK1, etc.

You can take any cypher you like and make it into a random number generator
by putting it in a feedback mode which doesn't encrypt, but rather just
generates numbers (I forgot the name of this mode, but it's one of the DES
modes that's commonly used for communications which is immune to noise.) This
mode is built so that both sides use this sort of generator and simply XOR
the plaintext with the generated data to produce the cyphertext, and the
receiver XOR's the generated code of his generator with the received
cyphertext.

Anyway, what I'm getting to here is that XOR (exclusive OR, the ^ operator in
C) will allow you to meet the above requirement:
D1(E2(E1(Card,eK1),eK2),dK1) = E2(Card,eK2) so as to be able to implement the
card playing protocol.

An analogy to this is a box that has two pad locks on it put in such a way so
that the owner of one lock can remove that lock without having the other owner
remove his first.

Basically the two players pass an encrypted deck to each other.  Off the top
of my head (please check this!) both players encrypt the deck of cards.  
Alice and Bob are our players.  So Alice picks her hand, but since they are
still encrypted with Bob's key, she can't see what she's picked.  She passes
her picked hand to Bob.  He decrypts the hard with his key and returns it to
Alice.  Since this had was encrypted by Alice, Bob can't reveal it by decryption

Then Alice decrypts her hand and holds on to it.  She then passes the whole
deck (except for her hand) to Bob.  He picks his hand, sends it back to Alice,
she decrypts his hand and returns it to Bob.  He decrypts his hand and keeps
it, then passes the deck back to Alice.

When Alice needs to pick a card, she has to pass it to Bob to decrypt, etc.
And that in a nutshell is how the protocol works.  Since both sides see that
all the cards are there, they can verify that no one has cheated.  Since
neither side can see the other's cards, the game is safe.

I don't recall what you do with discarded cards... maybe mark them as such?

Also here's something else out to help you:

// shuffle the deck routine:
cardtype   cards[4*13+2]; // four suites of 13 cards + 2 jokers.

//initialize the deck:
for (i=0; i<=4*13+2; i++) cards[i].cardnumber=i;

//shuffle the deck:
for (i=0; i<=10000; i++)
 {
  c1=rand() % (4*13+2);
  c2=rand() % (4*13+2);
  swapcards(&cards[c1],&cards[c2]);
 }


You still have to define what the cards structure is, but I suggest you put
in plenty of information in them such as a discarded flag, maybe a player's
ID in which hand this card lives (if you pass the whole deck instead of the
unused cards), flags to indicate which players encrypted this card, etc.

The two for loops above work to build a deck for you in the best possible way.
The 1st, initializes the deck in order..   The second shuffles the cards
by swapping two at a time.  These functions are far more efficient for
shuffling/building a deck of cards than by picking a random number for a card
ID and checking to see if we've already seen it.


Also, I would add functions in to automate the game, be it Poker, or 21, or
whatever....  Ie: allowing the players to decide what's wild, automatically
checking each player's hand and telling them their hand, allowing for a card
split in Blakc Jack, etc.

If you like I can see if I can find some sources to card games for you...





From nowhere at bsu-cs.bsu.edu  Sun Jul 17 08:56:16 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sun, 17 Jul 94 08:56:16 PDT
Subject: No Subject
Message-ID: <199407171554.KAA03441@bsu-cs.bsu.edu>


Well, keeping in the spirit of the original message, I will reply
to it anonymously. Besides, what I am going to say probably won't
be popular.

>i'm glad ghio caught that message in his mailbox through careful screening
>so that it wouldn't go out to the newsgroups. I always thought the
>remailers were automated, but I guess in most case the operators are 
>screening all the stuff. this is good, because we don't need any more
>Detweiller junk out there (amazing how peaceful things are without him!!!)
>too bad if the message was forged, because it would be LOTS of fun to
>EXPOSE THE BASTARD!!! (insert evil smirk here)

Did anyone else shudder when they read this? All I can say is that I am
*glad* this person does not run a remailer (although, if I were really 
paranoid, I might speculate that he does!).

As Tim May and Carl Kadie have pointed out on numerous occasions,
by systematically filtering mail the operator tends to lose the protection
of the legal status of "common carrier". I don't know if a remailer 
operator would be classified as such but others have proposed that
idea.

But just from a philosophical view, I think any remailer operators
hunting for Detweiler-grams in all their incoming mail are employing
a procedure that is antithetical to their entire commitment. Isn't
it just a *teensy* bit hypocritical? Is this how you are going to build
cyberspatial-wide confidence in the use of your remailers for their
dependability and secrecy? Isn't it just a *teensy* bit hypocritical
to yell to the world that ANONYMITY IS THE RIGHT OF MAN and have a little
whisper in small print, "unless you are an official enemy of the 
cypherpunks"?

Is it just me, or is this Detweiler thing blown *way* out of proportion?
He seems like a harmless crackpot occupying himself by banging on a 
keyboard. In fact, being consistently at the tmp at netcom.com even helps to 
filter him.

Cypherpunks, we believe in the philosophy that we are being oppressed
by numerous forces that seek to deprive us of our privacy-- big business,
the government, police, etc. But how can we claim to uphold the philosophy
of freedom of speech and privacy looking at our relationship with Detweiler?
Sometimes I think he was sent by God to test us.

What is it in the human psyche, rooted deep in our subconscious, that 
pushes us to *vengeance* against those who offend us? That pushes us to
want to *expose* them (as the person said above, "EXPOSE THE BASTARD!!!").
Do we have any consistent beliefs? How is that we, who are dedicated
to privacy, broadcast to everyone listening in a clear voice, that
"freedom of speech does not belong to people who offend us"? There is
a saying, "who will guard the guardians themselves"? Who will ensure
that those who advocate anonymity actually follow through, if they don't?

I personally advocate that the Detweiler-Detritus be allowed through
the remailers unaltered as a blaring advertisement to the entire world
of cyberspace that yes, we believe that anonymity is *sacred*, even more
so than we believe that Detweiler is the AntiChrist of the Cypherpunks.

"I detest what you say, but I will defend to my death your right to
say it." --Voltaire

"Freedom of speech does not end at the point that it offends; to the
contrary, that is where it begins" --Supreme Court justice (paraphrase)

That's all I have to say.






From rarachel at prism.poly.edu  Sun Jul 17 09:38:53 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 17 Jul 94 09:38:53 PDT
Subject: Key length security (calculations!)
In-Reply-To: <199407141909.MAA01482@netcom9.netcom.com>
Message-ID: <9407171624.AA16313@prism.poly.edu>


To quote you:
<<Not to attack Doug's point, which has validity here (that we don't
know what factoring advances NSA may have made), but I personally
think the combined capabilities of "public domain mathematicians" are
now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
researchers, publishing many papers a year on these topics. It is
unlikely that some GS-14 mathematicians at the Fort, not able to
publish openly, have made much more progress. I think the resurgence
of crypto in the 70s, triggered by public key methods and fueled by
complexity theory breakthrough, caused a "sea change" in inside
NSA-outside NSA algorithm expertise.
>>


You mention Shamir, etc.  However I would point out that even if any of the
original RSA mathematicians found a better factoring algorithm, they'd be more
than likely to keep it under lock and key.  The obvious reason is that their
money supply depends on such an algorithm being suppressed.

Now, someone outside of their circle with a little less to worry about the
impact of such a factoring algirthm would be likely to publish it, but I 
doubt that PKP's founders would.





From cme at tis.com  Sun Jul 17 09:53:27 1994
From: cme at tis.com (Carl Ellison)
Date: Sun, 17 Jul 94 09:53:27 PDT
Subject: Triple encryption...
In-Reply-To: <Pine.3.89.9407151717.A16059-0100000@xmission>
Message-ID: <9407171652.AA12181@tis.com>


>Date: Fri, 15 Jul 1994 17:09:47 -0600 (MDT)
>From: Berzerk <berzerk at xmission.xmission.com>
>Subject: Re: Triple encryption...

>On Fri, 15 Jul 1994, Carl Ellison wrote:
>> I'd be most concerned about any ciphertext-only attack which is improved by
>> having purely random bits as input.  Whichever algorithm is more resistant
>Ahhhhhhh, I don't know how to say this, but no such atack exists, and 
>none will ever exist.  You can not EVER atack a cipher if the plaintext 
>is "random", as you have no basis for saying which "plaintext" is in fact 
>the "plaintext".  Now if you know the plaintext(random bits) this is a 
>different story.

Call it a hunch.

I didn't say I knew of any such attacks.  In fact, I used to believe that
such are completely impossible (and may yet come back to that belief), but
for the moment, I'm entertaining the notion of such attacks and seeing
where that leads me.  If there were such attacks, they would rely on
information about the key leaking into the ciphertext, independent of the
plaintext.  It might be possible to prove that any key-driven permutation
(1:1 mapping) can not allow such attacks, but I haven't composed such a
proof yet.

 - Carl





From s009amf at discover.wright.edu  Sun Jul 17 09:53:43 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Sun, 17 Jul 94 09:53:43 PDT
Subject: Card Playing Protocol?
In-Reply-To: <199407170623.AA29265@world.std.com>
Message-ID: <Pine.3.89.9407171253.A14792-0100000@discover>


On Sun, 17 Jul 1994, Kent Borg wrote:

> Damn!  People are paying attention.  It was an off-hand remark.  Any 
> bells and whistles along those lines are certainly banned from any 
> early version. 
>
> My mind wandered to that very point this very morning.  The simplist 
> way to find players is the same we currently find email addresses: the 
> hard way.  Type in the addresses of the other players. (Assuming the 
> software is already running on those nodes, those players would not 
> have to retype the other addresses, accepting the invitation to play 
> would be more like a single "click".) 
> 
> I think anything more elaborate along these lines is a candidate for 
> banning from 1.0.  (One problem is that the "I'm looking for a 
> game."-problem is at least as big and interesting as building a deck 
> of cards.) 
> 

The only problem is if a government spy is listening on this 
conversation, he is going to learn how to play this game to and learn how 
to intercept the messages and therefore learn how to decode the messages...
 
Aaron





From berzerk at xmission.xmission.com  Sun Jul 17 09:58:53 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sun, 17 Jul 94 09:58:53 PDT
Subject: Hashed hash
In-Reply-To: <199407170719.AA03993@world.std.com>
Message-ID: <Pine.3.89.9407171009.A17186-0100000@xmission>




On Sun, 17 Jul 1994, Kent Borg wrote:
> sift unique dummies that way.  Another problem: it is expensive to
> monitor the dummies.  (1990's biz opportunity?, the monitoring of data
> that no one is supposed to have.)
Well, you can pass the expense on to the company that is doing the 
mailing, by making the ratio of the dummies to the real ones about 10 to 1.

Roger.





From nym at netcom.com  Sun Jul 17 10:18:12 1994
From: nym at netcom.com (Sue D. Nym)
Date: Sun, 17 Jul 94 10:18:12 PDT
Subject: New Money design announced
Message-ID: <199407171718.KAA09500@netcom13.netcom.com>


I think this came from a Fidonet channel.

an interesting topic: how will this affect the value of US cash?
i.e. will it affect the value of the dollar worldwide? often when
countries are facing economic trouble they change their currency.

****

Conf. : 0008 - FINANCIAL


    WASHINGTON (AP) -- Move over Ben Franklin, tell Andrew Jackson
the news: The portraits on the nation's paper money likely will be
enlarged and moved off-center as part of the first major makeover
in 65 years.
    ``Our plan ... is a pre-emptive step to protect U.S. currency
from high-tech counterfeiting,'' Treasury Secretary Lloyd Bentsen
said in announcing the redesign Wednesday.
    His department plans to have a final design ready sometime in
1995 and begin circulating new bills about a year later, starting
with the most popular target for counterfeiters, $100 notes.
    Nothing has been decided for certain, but Treasury officials
gave the House Banking Committee a rundown Wednesday of what was
likely.
    The enlarged portraits -- Franklin on the $100, Ulysses Grant on
the $50, Jackson on the $20, Alexander Hamilton on the $10, Abraham
Lincoln on the $5 and George Washington on the $1 -- will allow for
more detailed engraving of what is the most recognizable feature on
a bill. The $2 bill, with Thomas Jefferson, is not being
redesigned.
    And, moving the portraits will make room for a watermark in the
form of a smaller version of the portrait, visible only when a bill
is held to the light.
    Other likely changes include:
    -- Color-shifting ink that may, for instance, appear green when
viewed straight on and gold from an angle.
    -- Computer-designed ``interactive'' patterns that turn wavy when
illicitly copied.
    -- Iridescent planchettes in bills' paper. These are colored
discs only a few millimeters wide that reflect light.
    -- Micro-printing and machine-detectable threads or fibers in the
paper.
    The last major change in U.S. currency came in 1929, when bills
were reduced in size and given a uniform look. Congress added the
words ``In God We Trust'' in 1957.
    In 1990, several small changes made it more difficult to
counterfeit with modern color photocopiers. They included adding a
microscopic line of type and a polyester thread visible only when a
bill is held to a light.
    Most lawmakers applauded the latest modifications, saying they
were long overdue.
    ``We must protect the dollar's standing as the world's foremost
currency. Our financial future depends upon it,'' said the
committee chairman, Rep. Henry B. Gonzalez, D-Texas.
    But others warned against too radical a redesign, saying it
would send a message of instability at a time when the value of the
dollar is being battered on world currency markets.
    Peter H. Daly, director of the Bureau of Engraving and Printing,
said the bills' traditional look will be maintained as much as
possible. The paper will feel the same and the size of notes won't
change. And the same engraving style will be used for portraits,
borders, numbers and the historic scenes on bills' back.
    Bentsen stressed that old money will continue as legal tender.
    ``The redesigned currency will be introduced over a period of
years and no U.S. currency will be demonetized, devalued or
recalled,'' he said.
    And U.S. Treasurer Mary Ellen Withrow promised a worldwide
educational campaign to encourage public acceptance of the new
design.
    About $357 billion of U.S. paper currency is in circulation,
more than 60 percent of it abroad. In fact, in some countries with
troubled economies it serves as the principal medium of exchange.
    According to the Secret Service, counterfeiting abroad now far
outweighs domestic counterfeiting. Last year, $120 million in phony
bills were seized overseas, compared with $44 million domestically,
said Secret Service Deputy Director Guy P. Caputo.
    Republican Reps. Jim Leach of Iowa and Bill McCollum of Florida
suggested the administration may be minimizing the severity of the
problem. Leach said a Middle Eastern country, which he did not
name, reportedly has developed the capacity to counterfeit large
quantities of $100 notes.
    He was apparently referring to trade press reports that Iran was
distributing counterfeit bills through Lebanon.
    But Bentsen stressed that the changes were being made in
anticipation of future problems and not in response to any current
counterfeiting crisis.







From tcmay at netcom.com  Sun Jul 17 10:19:47 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 17 Jul 94 10:19:47 PDT
Subject: Can NSA and PKP Suppress Breakthroughs?
In-Reply-To: <9407171624.AA16313@prism.poly.edu>
Message-ID: <199407171719.KAA16265@netcom8.netcom.com>


Arsen Ray A. writes:

> To quote you:
> <<Not to attack Doug's point, which has validity here (that we don't
> know what factoring advances NSA may have made), but I personally
> think the combined capabilities of "public domain mathematicians" are
> now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
> Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
> researchers, publishing many papers a year on these topics. It is
> unlikely that some GS-14 mathematicians at the Fort, not able to
> publish openly, have made much more progress. I think the resurgence
> of crypto in the 70s, triggered by public key methods and fueled by
> complexity theory breakthrough, caused a "sea change" in inside
> NSA-outside NSA algorithm expertise.
> 
> You mention Shamir, etc.  However I would point out that even if any of the
> original RSA mathematicians found a better factoring algorithm, they'd be more
> than likely to keep it under lock and key.  The obvious reason is that their
> money supply depends on such an algorithm being suppressed.
> 
> Now, someone outside of their circle with a little less to worry about the
> impact of such a factoring algirthm would be likely to publish it, but I 
> doubt that PKP's founders would.

Several points:

1. Adi Shamir sold out what little share he had some years back. He has
no financial links to PKP or RSADSI.

2. Shamir is Israeli. (This has led to more than one humorous
situation in which Shamir has received notification from the U.S.
government that he cannot "export" something he's working on--as an
Israeli, living in Israel.)

3. Shamir was the coinventor (with Biham), or at least the recent
rediscoverer, of differential cryptanalysis. He apparently felt no
constraint to not publish.

4. Some of the others I listed, such as Odzylko, are in fact the known
leaders of making improvements in factoring. (Not that various linear
factors matter much, in the long run, of course.)

It's only speculation as to the relative competence of mathematicians
inside vs. outside the NSA; my main point remains that the outside
community is very dynamic and robust and shows no signs that I can see
of holding back on reporting breakthroughs.

Nor could a major breakthrough be contained, I think.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From sandfort at crl.com  Sun Jul 17 11:01:17 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Jul 94 11:01:17 PDT
Subject: your mail
In-Reply-To: <199407171554.KAA03441@bsu-cs.bsu.edu>
Message-ID: <Pine.3.87.9407171043.A29183-0100000@crl.crl.com>


C'punks,

On Sun, 17 Jul 1994, Anonymous wrote:

> . . .
> >too bad if the message was forged, because it would be LOTS of fun to
> >EXPOSE THE BASTARD!!! (insert evil smirk here)
> 
> Did anyone else shudder when they read this? All I can say is that I am
> *glad* this person does not run a remailer (although, if I were really 
> paranoid, I might speculate that he does!).
> . . .

While you're speculating, care to guess who may have written the message 
which offended you?  Note the style, and think, "multiple personality 
disorder."  Did a light go on?


 S a n d y








From berzerk at xmission.xmission.com  Sun Jul 17 11:02:52 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sun, 17 Jul 94 11:02:52 PDT
Subject: Triple encryption...
In-Reply-To: <9407171652.AA12181@tis.com>
Message-ID: <Pine.3.89.9407171121.A18968-0100000@xmission>




On Sun, 17 Jul 1994, Carl Ellison wrote:
> where that leads me.  If there were such attacks, they would rely on
> information about the key leaking into the ciphertext, independent of the
> plaintext.  It might be possible to prove that any key-driven permutation
This is bogus.  No symetric algorithim has this characteristic, in fact, 
the 1 on 1 nature of the algorithim precludes this as the total ammount 
of information is equal to the information in the plaintext.  The proof 
is simple enumeration.

Roger.






From sandfort at crl.com  Sun Jul 17 11:25:51 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Jul 94 11:25:51 PDT
Subject: New Money design announced
In-Reply-To: <199407171718.KAA09500@netcom13.netcom.com>
Message-ID: <Pine.3.87.9407171130.A29183-0100000@crl.crl.com>


C'punks,

		HOW TO READ NEWSPEAK

On Sun, 17 Jul 1994, Sue D. Nym forwarded an AP story:

> 
>     ``Our plan ... is a pre-emptive step to protect U.S. currency
> from high-tech counterfeiting,'' Treasury Secretary Lloyd Bentsen
> said in announcing the redesign Wednesday.
>     His department plans to have a final design ready sometime in
> 1995 and begin circulating new bills about a year later, starting
> with the most popular target for counterfeiters, $100 notes.
> . . .

Nope, it's the $20 note.  However, "money launders" prefer the more
compact C-note.  And anyone leaving the country with much cash is
presumptively a money launder, nowadays.

> . . .
>     Other likely changes include:
> . . .
>     -- Micro-printing and machine-detectable threads or fibers in the
> paper.                    ^^^^^^^^^^^^^^^^^^ 
> . . .

Read, "computer readable."

> . . .
>     Bentsen stressed that old money will continue as legal tender.
>     ``The redesigned currency will be introduced over a period of
> years and no U.S. currency will be demonetized, devalued or
> recalled,'' he said.

Read, "At some unspecified date, old U.S. currency will be demonetized,
devalued or recalled.  Those holding old currency will be given a short
grace period to exchange old cash for new.  When making the exchange, they
will be required to present ID and, explain why they have cash and where
they got it.  Improperly explained cash will be confiscated and the 
holder my be charged as appropriate."

Don't believe it?  What did Johnson say just before silver was removed 
from US coinage?  For bonus points, what did Nixon say two weeks before 
he closed the gold window to foreigners and devalued the dollar?  

If you know the correct way to read government pronouncements, you will 
rarely be caught off guard.


 S a n d y








From solman at MIT.EDU  Sun Jul 17 11:58:52 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Sun, 17 Jul 94 11:58:52 PDT
Subject: Key length security (calculations!)
In-Reply-To: <9407171624.AA16313@prism.poly.edu>
Message-ID: <9407171856.AA01803@ua.MIT.EDU>


> To quote you:
> <<Not to attack Doug's point, which has validity here (that we don't
> know what factoring advances NSA may have made), but I personally
> think the combined capabilities of "public domain mathematicians" are
> now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
> Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
> researchers, publishing many papers a year on these topics. It is
> unlikely that some GS-14 mathematicians at the Fort, not able to
> publish openly, have made much more progress. I think the resurgence
> of crypto in the 70s, triggered by public key methods and fueled by
> complexity theory breakthrough, caused a "sea change" in inside
> NSA-outside NSA algorithm expertise.
> >>
> 
> 
> You mention Shamir, etc.  However I would point out that even if any of the
> original RSA mathematicians found a better factoring algorithm, they'd be 
more
> than likely to keep it under lock and key.  The obvious reason is that their
> money supply depends on such an algorithm being suppressed.

What about Shamir's triple pass key exchange protocol (explained briefly
below). Its the perfect key exchange algorithm. It obsoletes Public key
systems entirely as long as you only need to exchange keys and not
authenticate. I'd say that is pretty decent evidence that he does still
do things to help the field when it might hurt RSADSI. (although I wouldn't
say the same thing about all of them)

Triple pass key exchange:

Choose a commutative symetric encryption algorithm.

Step 1: A encrypts the session key in his personal symetric key (he doesn't
        share it with anybody) and sends the message to B: Ea(K)
Step 2: B encrypts this in her personal symetric key and sends it back
        to A: Eb(Ea(K))
Step 3: A decrypts the message and sends it back to B: Da(Eb(Ea(K)))
        Since we chose a commutative algorithm, this is Eb(K).
Step 4: B decrypts with her key and Eve (ala Scheier) has no clue. Mallet
        can't intercept your communication, but he can talk to you and
        unless you have some sort of authentication impersonate Eve.

Example commutative algorithm out of Schneier by Shamir based on the
hardness of factoring:

Choose a large prime, p. Choose an encryption key e that is a large prime
less than p. Choose a d so that d*e mod (p-1) = 1 (i.e. the muliplicative
inverse of e in mod (p-1)).

C = P^e mod p
P = C^d mod p

Cheers,

Jason W. Solinsky





From ebrandt at muddcs.cs.hmc.edu  Sun Jul 17 13:29:15 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Sun, 17 Jul 94 13:29:15 PDT
Subject: your mail
In-Reply-To: <199407171554.KAA03441@bsu-cs.bsu.edu>
Message-ID: <9407172028.AA16832@muddcs.cs.hmc.edu>


Lawrence Detweiler, posting anonymously, said:
>i'm glad ghio caught that message in his mailbox through careful screening
>so that it wouldn't go out to the newsgroups. I always thought the
>remailers were automated, but I guess in most case the operators are 
>screening all the stuff. this is good, because we don't need any more
>Detweiller junk out there (amazing how peaceful things are without him!!!)
>too bad if the message was forged, because it would be LOTS of fun to
>EXPOSE THE BASTARD!!! (insert evil smirk here)

I've been off the list for a bit, so I can only guess this relates
to a discussion of the latest CRAM spam.  Detweiler watchers, train
your sights on "nym at netcom.com (Sue D. Nym)", who fairly recently
showed up on Usenet sporting all the usual stigmata.

My take on the Singularity is that it will commence when the
Detweiler cycle devolves to zero length, so that he simultaneously
is obtaining and being booted from accounts on all service providers.
Pretty incomprehensible, eh?

   Eli   ebrandt at hmc.edu




From Ben.Goren at asu.edu  Sun Jul 17 13:31:07 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Sun, 17 Jul 94 13:31:07 PDT
Subject: Hashed hash (and Kent's games)
Message-ID: <aa4f36980002101ef083@[129.219.97.131]>


At 12:19 AM 7/17/94, Kent Borg wrote:
>Ben.Goren at asu.edu foolishly says:
>>I'm planning on implementing the "cryptographic protection of databases"
>
>And wonders about the hash being too fast to compute, that a
>brute-force traversal of the database would be too easy.  The idea is
>then to hash a bunch of times to burn CPU cycles, but what if the hash
>is a group, extra hashing could be reversed quickly.  (Did I get that
>right?)

On the nose.

>Well, as the LOUD proponent of making secret keys s-l-o-w-e-r to
>decrypt, I have thought about this a bit, and have a suggestion:
>
>Hash once, then do a zillion encryptions of the hash with a non-group
>cypher like DES.

I'll probably do just that. First thought, subject to revision: hash the
name, feed it to DES with the output of a deterministic RNG (need not be
secure, but the slower the better--BBS? (not that BBS is incesure)) as the
key; repeat as needed. Hmmm...perhaps I'll adapt an earlier idea of mine:
split the hash into two parts, a and b, and compute (a^(1/b))-1, and use
some or all bits after the leading zeros.

>Another idea (something I have thought less about): send every legit
>user of the database a custom version with the parts encrypted with
>that user's public key--and do the trick mailing list companies use,
>scatter some dummy info in the list.  When a dummy (not just me) gets
>a junk mailing, go beat up on the user who's copy had to have supplied
>the junk [. . . .]

Nice idea, but there's neither the available resources to do that, nor, I
think, the desire to beat up on careless users. Berzerk suggests a 0.1 S/N
ratio (and in an earlier note a couple useable algorithms for the multiple
encryption process); that would not be practical for any decent sized
database, and I might have 100K or so people to deal with. But I almost
certainly will mix in at least some random padding. I imagine that the
database will always be the same length, even as people are added and/or
removed with time. And the records, of course, will be premuted randomly.

>-kb, the Kent who doesn't want to be thought of as only a card player

Then here's a suggestion for you: develop some other primitives, like
rolling dice, and you could implement just about any other game you like.
Monopoly would need (aside from licensing issues) the dice, two decks of
special cards, and some ecash. (Surely MM used as Monopoly Money isn't
subversive? After all, it's teaching our young 'uns to be good
capitalists.) Scrabble would need a deck of cards, each of which contains
only a letter, with many duplicates. Trivial Pursiut is just a huge deck of
cards; they'd probably be index positions to the database of questions, so
special editions are just a file switch away.

These are among the most popular games in the US, and probalby abroad.
Build your primitives right, and these games are as simple as specifing
paramaters (how many sides to the dice, what info the cards contain, etc.).
And maybe you could license the stuff, each and every independent game, to
the current owners of the games that aren't PD.

So how about becomming "kb, the Kent who digitized the American family evening"?

Go for it! And drop me a line when you want beta testers (sometime Thursday?).

>Kent Borg                                                  +1 (617) 776-6899

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From Ben.Goren at asu.edu  Sun Jul 17 13:59:45 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Sun, 17 Jul 94 13:59:45 PDT
Subject: PGP bug *NOT* yet fixed
Message-ID: <aa4f46110202101e9059@[129.219.97.131]>


Y'all remember that bug that Colin Plumb told us about in the true random
number generation part of PGP? It's still there, in the version from
net-dist.mit.edu, as of late yesterday evening. There is *no* mention of
the bug anywhere, in any readme files, in the documentation, anything.

This strikes me as irresponsible. I would expect PGP 2.6a to have been
released the day of the announcement, with the bug fixed. If there's some
reason why that couldn't be done, then at least there should be some sort
of prominent notice detailing the change, and probably a diff file--or even
a simple shell script--to apply the (very simple!) fix.

The signature on the following file checks as follows:

>File has signature.  Public key is required to check signature. .
>Good signature from user "Colin Plumb <colin at nyx.cs.du.edu>".
>Signature made 1994/06/01 14:04 GMT

That's a month and a half ago.

The *only* copies of PGP 2.6 out there that are free of the bug are those
that have been fixed by hand. That's probably not all that many of them.

I'm going to bite the bullet and paste in the original message here. Feel
free to flame me if this is unnecessary re/cross-posting, but I'm not aware
of any place to get this aside from digging through archives, and....

b&

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.5

mQCNAi3L864AAAEEAKRe8j9QUqL4PDQSsliTKQ0yTkdLL8BFBm7c03RC9Ol5PP9K
j/RtnsdxFMTtW7wkMwTpY1jF23HR+x54LrOpi8ig6HEmiXVVWuNByRjSMgz8jvrn
MM0/tIOCPAgNMxiANUWqretPEWCZE9sLbylkJrrOd54ZKyXBTw/D7AL7u4qxAAUR
tCFDb2xpbiBQbHVtYiA8Y29saW5Abnl4LmNzLmR1LmVkdT6JAJUCBRAtyxCUZXmE
uMepZt0BAeiyA/4tNXz6loqEwyMv65TMGtqxTlT5ocGNzyE8mkZXvbmoS0m7sdsd
aVBvHfK8lrkQz/anrzAHJMBOaZ0V6T7aCLAK6GnjHoeanP8ZyhaXpc2e7EVut4Zi
hCpmq45uiA/1diwLXhC8OoHwKqZDT+uNnJLLdlAzrJiOaELAzXXeOvtMXokAYAIF
EC3L/BnKPaH9hlqn8wEBXWgCWMgIh8Lsww5pFHRFbAe2HehjGIiOmQ+ZcnL3pOhw
tLdoGm6lqWZ4njDSTULxDpKUtbe4pWNv6Go13t9p+1GmTh+RrnGoq6rs3Mlg+IkA
lQIFEC3L+zgPw+wC+7uKsQEBDZkEAJYkHK5n02GXLwEEgFKpxQvWLqI2xz33rPDa
0eT6+RYMDcr/1vzTqX7CwNpCuTaFTVNRbRznvwNTDcQXVsnyPg5yGdRIIMPnWuGf
gSEP7vjm8zzvfdh5te4ag6jobCN1PVyqIIxIV5S8iPv632gm4vQboJiQ+4+53qoS
WJ6BNDq9
=Wjfi
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNED MESSAGE-----

I have the unpleasant task of reporting a significant bug in PGP's
random number generation (for making primes), and that it's my fault.

It *is* a significant problem, although it is *not* end-of-the-world
severity.  That is, the code is not doing performing as intended,
and the results aren't as random as intended.  On the other hand,
this does not appear to make any generated keys easier to break.
Because it has to do with random-number generation, there are
no interoperability issues raised.  Please read on for details.

Thanks to the many people who have submitted other bug reports and
porting patches.  A new release from MIT is forthcoming with more
cleanups.

* The Bug

In pgp 2.6 (and 2.5), there is a file named "randpool.c", which
accumulates entropy from keyboard timings.  These random numbers are
used in generating session keys, although the primary random number
generator for session keys, based on IDEA, is unaffected.  The main
use of these random numbers is the much more sensitive task of
generating RSA secret keys.

In that file, a tiny helper function is xorbytes:

static void
xorbytes(byte *dest, byte const *src, unsigned len)
{
        while (len--)
                *dest++ = *src++;
}

A character is missing.  '^', to be precise.  That "=" should be "^=".

I wrote it, and I knew when I was writing it that it was critical
code.  Since you can't test a random-number generator (except for the
most trivial of flaws), you have to walk through the code very carefully.
I did, or thought I did, yet still managed to miss this.

Oops is too mild.  That code is not supposed to have ANY bugs.

In other words, I screwed up.  There's a lesson in there somewhere.
I'll try to learn it.

* The Effect

The randpool.c code works by maintaining a pool (buffer) of random bits
and adding in new "noise" from the environment each time a key is
pressed.  This "adding" is done by exclusive-oring it with successive
bytes from the existing pool.  When the pool is "full", a cryptographic
stirring operation is performed to mix all the information in the pool
together and get ready for new noise.  The bytes in the pool at the end
are intended to be uncorrelated with the noise bytes that will be added,
so the XOR adding does not cause any sort of "cancellation" of
information.  This stirring is done with a key, which is taken from the
pool at the end of each pass.

With the bug in place, the noise bytes *replace* the bytes in the pool
rather than being added to them.  So the information that was in the
pool is obliterated.  The only trace that remains is what's stored in
the key.  This is at most the size of the key, 512 bits, rather than the
size of the whole pool, 3072 bits.

PGP tries to ensure that generated RSA keys are completely unpredictable
by accumulating enough Shannon information to make the whole key.  Thus,
infinite computational power would not let you predict a generated
secret RSA key.  This bug subverts that.

* Security Analysis

What effect does this have on someone's chances of breaking an RSA
secret key generated with PGP 2.6?  Not much, as far as I can tell.
But it requires more careful thought and that eats into the comfort
margin that should be there.

Just for comparison, the RSAREF library's random number generation
routines are also based on MD5, but use 16 bytes of seed.  Successive
random bytes are taken by computing the MD5 hash of the 16-byte seed,
using those 16 bytes, incrementing the seed by 1 (taken as a 128-bit
number), and repeating.

Taking the MD5 of a 16-byte value involves one pass of the MD5Transform
function, with 16 of the 64 key bytes unknown, 48 bytes are known
(fixed, in fact), and the input hash is known (fixed, in fact).
Compared to this, PGP 2.6, even with the bug, is excellent.  All 64
bytes of key to MD5Transform are dependent on all of the seed, the input
hash varies widely, and the output is XORed with some
difficult-to-predict data.

The reason that you can get away with less than perfect random numbers
(less Shannon information than the size of the generated key) is that
you only have to make sure that the weakness does not make any attack
easier than the best known attack without the weakness.

As long as guessing is only useful to a brute-force attack, it remains
far easier to factor.

Paul Leyland estimated that the work to try all possible 128-bit
IDEA keys is equivalent to factoring a 3100-bit RSA key.  Now,
recent work by Arjen Lenstra on the number field sieve (Paul Leyland
was assuming the MPQS used in RSA-129) has raised this RSA key
length somewhat.  Thus, an argument can be made in favour of
RSAREF's use of a 128-bit random number seed, since that's all that
is necessary.

PGP prefers to be a little bit more paranoid.  Still, once you have
512 bits of uncertainty, trying all possibilities is more work than
trying to break a 1024-bit RSA key by trial division.

So let's see just how much entropy is in there.

Each keystroke, the following data is added to the random pool:

- - The cahracter typed, an int (2 or 4 bytes)
- - the time_t result of time() (4 bytes)
- - the clock_t result of clock() (4 bytes)
- - On MS-DOS, 2 bytes of hardware timer 0
- - On Unix, 8 bytes of gettimeofday() and 20 bytes of times() results
- - On VMS, 8 bytes of high-resolution timer.

The total is 12 bytes on MS-DOS, 32 bytes on Unix (this may vary, but
that's very common), and 20 bytes on VMS.

The information content of the bytes is taken at a maximum of 8 bits,
although it's actually closer to 15 bits on MS-DOS, and less (maybe
as low as 1 or 2) on a Unix system with a fast typist and a slow (60 Hz)
clock.  VMS is in between.

This means that the entropy density in the added bytes varies from 1/12
(or better) in MS-DOS to 1/256 on Unix.  Thus, the content of a pool's
worth (3072 bits) is 256 bits (or more) under MS-DOS and may be as low
as 12 bits on some flavours of Unix.

The random number accumulation operation adds bytes to the pool
until it is either full or the desired number of bits have been
accumulated.  Then it stors the pool.

For a maximum-sized key (1024 bits), it will take many passes through
the pool to accumulate the entropy, but owing to the bug, each time
the pool is overwritten with the most recently collected data.
The only entropy that remains from the previous pass is in the 512-bit
key buffer.

This applies to every stirring pass until the last, after the last noise
data has been added and new data is about to be withdrawn from the pool.
This last pass is very likely to be incomplete; some of the data at the
tail of the pool is probably not overwritten.  This can carry over
extra entropy from the previous pass.  No more than is there (the 12
to 256 bit range observed before), and then you have to add an unknown
fraction of that for data that has been added in the current pass,
but the total will vary from 12 bits (an average of 18) to 256 bits
(an average of 384).

Plus the entropy preserved in the key buffer.  So there is from
just over 512 to an average of 896 bits of entropy in the pool.
1016 random bits are used to make the starting values for the
two primes in a 1024-bit key.  This is clearly not the perfect
Shannon entropy PGP aims for.

As long as the stirring operation is still considered cryptographically
strong, this reduction in the possible range of generated keys is
not useful to a factoring algorithm, so it doesn't make a factoring
attack any easier, yet a factoring attack is still far easier than
a guessing attack, so the easiest attack is no easier.

So I don't think anything is more attackable.  Still, it's NOT
what was intended, and that's always bad.

My apologies to users of PGP.
- --
        -Colin

-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLeyVSw/D7AL7u4qxAQEjCQP/YlzY5DWT4FrSErQ8W0TP9ibRqpck4gKL
YOkUgiMQnvCE2XHEvP1VTfUANgU9O/P7lClJ1oaOXIEbt5GW45DAVPgSZk5PoJ10
TZ5Ly4wqDzMa8YLDu4I2l2Use5wwIIYl5IbGEdZiRlYdox7eWaGRLfOiA8CPVb9p
yZ7PgFZU10Y=
=Bj83
-----END PGP SIGNATURE-----

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From tcmay at netcom.com  Sun Jul 17 14:31:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 17 Jul 94 14:31:34 PDT
Subject: Sue D. Nym, and Netcom records
In-Reply-To: <9407172028.AA16832@muddcs.cs.hmc.edu>
Message-ID: <199407172131.OAA07373@netcom2.netcom.com>



> I've been off the list for a bit, so I can only guess this relates
> to a discussion of the latest CRAM spam.  Detweiler watchers, train
> your sights on "nym at netcom.com (Sue D. Nym)", who fairly recently
> showed up on Usenet sporting all the usual stigmata.

>    Eli   ebrandt at hmc.edu

Thanks, Eli! I just checked here on Netcom to see if this "nym"
personna is posting from the Denver POP. Sure enough, it is.

Here's the result. A lot of activity, all from Denver. I wonder why
Netcom, who suspended his account for intense abuse, has given him a
new account?

{Netcom:8} {Netcom:8} fin nym
Login       Name              TTY Idle    When    Where
nym      Sue D. Nym                < .  .  .  . >
nym      Sue D. Nym            r1  <Jul 11 11:03> NETCOM-den2.netc    
nym      Sue D. Nym            pb  <Jul 16 14:03> NETCOM-den1.netc    
nym      Sue D. Nym            r8  <Jul 15 07:49> NETCOM-den2.netc    
nym      Sue D. Nym            pf  <Jul 14 22:16> NETCOM-den2.netc    
nym      Sue D. Nym            pa  <Jul 16 08:59> NETCOM-den1.netc    
nym      Sue D. Nym            rd  <Jul 14 07:42> NETCOM-den1.netc    
nym      Sue D. Nym            q3  <Jul 15 19:36> NETCOM-den2.netc    
nym      Sue D. Nym                < .  .  .  . >
nym      Sue D. Nym            t0  <Jul 14 20:00> NETCOM-den2.netc    
nym      Sue D. Nym            rb  <Jul 14 19:12> NETCOM-den2.netc    
nym      Sue D. Nym            re  <Jul 15 19:49> NETCOM-den2.netc    
nym      Sue D. Nym            qa  <Jul 17 08:39> NETCOM-den1.netc    
nym      Sue D. Nym            tc  <Jul 17 14:21> NETCOM-den2.netc    
{Netcom:9} 



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From nym at netcom.com  Sun Jul 17 15:27:49 1994
From: nym at netcom.com (Sue D. Nym)
Date: Sun, 17 Jul 94 15:27:49 PDT
Subject: uh... excuse me
Message-ID: <199407172228.PAA07232@netcom4.netcom.com>


Pardon me, but I think people are mistaking me for someone else. I read about
this group from talk.politics.crypto (which I found poking around for info
on Clipper). 

Are people objecting to the article I posted? I thought the interest in 
"digital cash" might warrant my posting that article about the U.S. currency 
changes. I guess I better just shut up and listen awhile longer on this list 
to find out what people are really interested in. I like to play an active 
role in posting contributions to every mailing list I subscribe to but I guess 
I was out of line here.

Or maybe I should leave. You guys seem a little too paranoid for my tastes.

(It's too bad, because I had some speculation I was hoping to share with you
from some fascinating books I've been reading. You see, I'm a bit of a 
"new ager" and have been reading about prophecies that predict a new Hitler
will arise partly via seizing the worldwide electronic infrastructure,
and was curious what you would think.)

Anyway, my apologies if my post was out of line. I'll be glad to leave if
this list is not open to the general public or something.

--nym at netcom.com





From perry at imsi.com  Sun Jul 17 15:31:05 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 17 Jul 94 15:31:05 PDT
Subject: Leaving the Country
In-Reply-To: <199407152352.QAA06814@netcom14.netcom.com>
Message-ID: <9407172227.AA00637@snark.imsi.com>



Timothy C. May says:
> I say "popularization" instead of coinage, because Goldwater use a
> variant ("There isn't...") in his 1964 campaign, reportedly written by
> one of his speech writers, Karl Hess. (The same Karl Hess who is
> involved in libertarian matters.)

The same Karl Hess (sadly departed on the same day as Tricky Dick
Nixon) who wrote for Goldwater: "Extremism in the defense of liberty
is no vice, moderation no virtue" (or something like that; I can't
remember the exact words). Hess was an anarchist, and open about it.
When he died, the New York Times obituary for him refered to him as an
important Republican who had "reversed views" and become an anarchist,
never understanding what his views had been all along.

Goldwater was a friend of his to the end. Recently, some Republicans
have been shocked to discover that Goldwater supports equal treatment
under the law (although not "affirmative action" or other similar
crud) for Homosexuals and other similar unattractive groups, and that
he holds other evil "liberal" views. Some conservatives have gone so
far as to denounce him for "slipping". They never have understood what
his views have been all along, either.

However, might I point out that none of this has anything to do with
cryptography?

Perry





From sandfort at crl.com  Sun Jul 17 15:54:03 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Jul 94 15:54:03 PDT
Subject: ACAPULCO H.E.A.T.
Message-ID: <Pine.3.87.9407171520.A17282-0100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Today's episode of "Acapulco H.E.A.T." was a treasure trove of
privacy and technology issues.

The story was about a renegade biologist who had "supplied both
sides with biological weapons in the Iran-Iraq war."  It seems
he's now living in South America where he owns a casino and--in
his spare time--is using genetic engineering to create an army of
super-soldiers.  The only example we see, though, is a steroidal
acromegalic who looks like a young Arnold (he has some sort of
European accent, too).

H.E.A.T. "hack" the casino's computers to give themselves a
million dollar line of credit.  In the meantime, they use a
homing device they plant on the bad guys van, they find his
secret jungle lab where they plant a microcam to spy on the bad
guy's genetic operation.

Through the use of a room bug the *fire* into an exterior wall
with a rifle, they learn that the bad guy and an accomplice use
marked cards, which can be read with special contact lenses, to
cheat at chemin de fer.  Using a special hand-held electronic
lock pick, our heroes defeat a card-key hotel lock and break into
the room in which the marked cards are kept.  There, they
substitute their own marked deck.

After that, a fortune gets won, things get blown up, machine-guns
are fired, truth and justice prevail.  The usual.

While this episode had no bikinis, it also had no Fabio.  As they
say in Blackjack, it was a "push."


 S a n d y

P.S.  There was no "Acapulco H.E.A.T." report last week.
      Fabio was in that episode, and he tried to act.
      I was too bilious to write.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


































From jgostin at eternal.pha.pa.us  Sun Jul 17 16:03:57 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sun, 17 Jul 94 16:03:57 PDT
Subject: Nixon, Johnson, and the Dollar
Message-ID: <940717182954f8Rjgostin@eternal.pha.pa.us>


Sandy Sandfort <sandfort at crl.com> writes:

> Don't believe it?  What did Johnson say just before silver was removed 
> from US coinage?  For bonus points, what did Nixon say two weeks before 
> he closed the gold window to foreigners and devalued the dollar?  
     I'll show my ignorance of history once again... I've not clue, but
you've tickled my curiosity. Care to inform us? :-)

                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From perry at imsi.com  Sun Jul 17 16:20:05 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 17 Jul 94 16:20:05 PDT
Subject: Sue D. Nym, and Netcom records
In-Reply-To: <199407172131.OAA07373@netcom2.netcom.com>
Message-ID: <9407172319.AA00703@snark.imsi.com>



Timothy C. May says:
> Here's the result. A lot of activity, all from Denver. I wonder why
> Netcom, who suspended his account for intense abuse, has given him a
> new account?

Why assume that they know who he is?

I'm not disturbed by this, actually. The only way to stop it would be
for Netcom to demand to see people's national ID papers before giving
them an account. Do any of us want that sort of world?

Perry





From berzerk at xmission.xmission.com  Sun Jul 17 16:21:31 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sun, 17 Jul 94 16:21:31 PDT
Subject: Hashed hash (and Kent's games)
In-Reply-To: <aa4f36980002101ef083@[129.219.97.131]>
Message-ID: <Pine.3.89.9407171757.A29855-0100000@xmission>




On Sun, 17 Jul 1994 Ben.Goren at asu.edu wrote:
> think, the desire to beat up on careless users. Berzerk suggests a 0.1 S/N
> ratio (and in an earlier note a couple useable algorithms for the multiple
> encryption process); that would not be practical for any decent sized
> database, and I might have 100K or so people to deal with. But I almost

It depends on the size of the noise.  If the noise could be a simple 
4-6char number(compressed name, with pointer to trash adresses or real 
mismatched ones), giving a 16 char hash and the rest of the information was 
much larger, say 100chars, a signal to noise of 1 would only be a 15% ish 
increse in size, and this improves if you have more data.

Berzerk.






From berzerk at xmission.xmission.com  Sun Jul 17 16:33:51 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sun, 17 Jul 94 16:33:51 PDT
Subject: Hashed hash
In-Reply-To: <aa4f36980002101ef083@[129.219.97.131]>
Message-ID: <Pine.3.89.9407171723.A29855-0100000@xmission>


OK, I have been doing a few numerical experiments on hash functions to 
see if all this stuff I have been saying is true.  I took the folowing 
function, as my n bit to n bit hash function.

first n bits(md5(n bits))

and iterated it to see how many colisions there were.  I found that the 
total entropy in the result typically decresed by 50% for n=8,10,12,14 
and droped like a rock when you itterated these.

I have a couple of questions,
1) is this a good hash function, or am I missing something here.
2) the expected collision rate for rand functions is much lower.  I am at 
a loss to explain md5.

I will be trying smaller versions of all of the suggestions here to see 
if they help or hurt, and will set them up to run on the spare cycles on 
a machene or two around here.

Any comments on my stratigy are appreciated in advance of me running the 
calculatios.

Roger.






From hfinney at shell.portal.com  Sun Jul 17 16:34:51 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 17 Jul 94 16:34:51 PDT
Subject: Remailer Detweiler filtering
Message-ID: <199407172336.QAA02923@jobe.shell.portal.com>


Nobody wrote:

> But just from a philosophical view, I think any remailer operators
> hunting for Detweiler-grams in all their incoming mail are employing
> a procedure that is antithetical to their entire commitment. Isn't
> it just a *teensy* bit hypocritical? Is this how you are going to build
> cyberspatial-wide confidence in the use of your remailers for their
> dependability and secrecy? Isn't it just a *teensy* bit hypocritical
> to yell to the world that ANONYMITY IS THE RIGHT OF MAN and have a little
> whisper in small print, "unless you are an official enemy of the 
> cypherpunks"?

The issue is not a desire to deprive Detweiler of the benefits of anonymity;
it is that he appears to do things which are designed to bring down the
remailer network.  By intentionally mass-posting to inappropriate news-
groups, and injecting exponentially-growing messages into the remailer chain,
he seems to be trying his best to deprive the benefits of the remailer net-
work to others.  This is, of course, in accordance with his well-known
position against anonymity.

If Detweiler succeeds, Nobody won't get to post anonymously (so to speak)
anymore.  I know that it is unfortunate that the remailer network is so
fragile that a lone crackpot is a significant threat, but presently that is
essentially what the situation is.

> Cypherpunks, we believe in the philosophy that we are being oppressed
> by numerous forces that seek to deprive us of our privacy-- big business,
> the government, police, etc. But how can we claim to uphold the philosophy
> of freedom of speech and privacy looking at our relationship with Detweiler?
> Sometimes I think he was sent by God to test us.

Pragmatically, I think that filtering Detweiler is more likely to provide
privacy than not doing so.  I understand the charges of inconsistency but
IMO the particular facts of a case are a better guide to the proper action
than abstract arguments.

> What is it in the human psyche, rooted deep in our subconscious, that 
> pushes us to *vengeance* against those who offend us? That pushes us to
> want to *expose* them (as the person said above, "EXPOSE THE BASTARD!!!").
> Do we have any consistent beliefs? How is that we, who are dedicated
> to privacy, broadcast to everyone listening in a clear voice, that
> "freedom of speech does not belong to people who offend us"? There is
> a saying, "who will guard the guardians themselves"? Who will ensure
> that those who advocate anonymity actually follow through, if they don't?

If chained, encrypted remailing techniques are used, it is not a question
of "exposing" anyone.  Detweiler may be blocked from the network (if everyone
agrees to do so) but it won't be possible to find out just what he is being
blocked from doing.  Had he been sufficiently careful in the first place
there would not necessarily be any way of knowing who exactly was producing
the offensive messages.  In that case I believe most of the remailers would
no longer exist.

> I personally advocate that the Detweiler-Detritus be allowed through
> the remailers unaltered as a blaring advertisement to the entire world
> of cyberspace that yes, we believe that anonymity is *sacred*, even more
> so than we believe that Detweiler is the AntiChrist of the Cypherpunks.

I suggest, then, that you run a remailer (it only costs $20 a month on the
system I use), and publicize the fact that Detweiler can use yours with
impunity.  Set up a mail-to-news gateway that other remailer operators can
use so that they don't have to worry about the consequences of abuse.
It's easy to talk about sacred ideas, but perhaps not so easy to keep an
unpopular and misunderstood remailing infrastructure in place.  "Xenon"
also accused us of hypocrisy, started up a remailer, and stopped it in just
a couple of days faced with these kinds of problems.

> "I detest what you say, but I will defend to my death your right to
> say it." --Voltaire
> 
> "Freedom of speech does not end at the point that it offends; to the
> contrary, that is where it begins" --Supreme Court justice (paraphrase)

Detweiler is free to send any messages he likes; his service providers are
free to continue or terminate his accounts as they see fit; and remailer
operators are free to establish whatever policies they like for message
handling.  What better implementation of free speech could you want?

Hal Finney
hfinney at shell.portal.com





From hfinney at shell.portal.com  Sun Jul 17 16:58:55 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 17 Jul 94 16:58:55 PDT
Subject: Key length security (calculations!)
Message-ID: <199407180000.RAA03808@jobe.shell.portal.com>


solman at mit.edu writes (quoting someone else initially):

>> You mention Shamir, etc.  However I would point out that even if any of the
>> original RSA mathematicians found a better factoring algorithm, they'd be 
>more
>> than likely to keep it under lock and key.  The obvious reason is that their
>> money supply depends on such an algorithm being suppressed.

>What about Shamir's triple pass key exchange protocol (explained briefly
>below). Its the perfect key exchange algorithm. It obsoletes Public key
>systems entirely as long as you only need to exchange keys and not
>authenticate. I'd say that is pretty decent evidence that he does still
>do things to help the field when it might hurt RSADSI. (although I wouldn't
>say the same thing about all of them)

I suspect this protocol is covered by the Diffie-Hellman patent, which is
quite broad, covering many sorts of key exchanges.  Diffie-Hellman is now
owned by PKP, the sister company to RSA.  If so, Shamir has not undercut his
own financial interests by this work.  (Also, this does not obsolete PK
since it requires several exchanges before communication can occur, making
it inappropriate for high-latency communications, such as for most email.)

Hal





From SNMC62A at prodigy.com  Sun Jul 17 17:00:17 1994
From: SNMC62A at prodigy.com (MR BOB SCHWEERS)
Date: Sun, 17 Jul 94 17:00:17 PDT
Subject: request for subscription
Message-ID: <013.00980864.SNMC62A@prodigy.com>


request for subscription






From jdwilson at gold.chem.hawaii.edu  Sun Jul 17 17:15:15 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Sun, 17 Jul 94 17:15:15 PDT
Subject: Clipper Costing / NSA ATM Crypto Venture
Message-ID: <Pine.3.07.9407171436.A22200-d100000@gold.chem.hawaii.edu>



         
         CP's, here's a couple of tidbits to get the juices flowing.  
         They are from Infosecurity News July/August 1994 issue, page 
         10.  The ATM part is particularly interesting...
         
         "Clipper Debate Rages Onnnn..." by Charlotte Adams
         
         Controversy continues to escalate over the government's
         Clipper escrowed-key proposal.  Attacks include an analysis 
         of just how much taxpayers would have to pay for it, and a 
         Freedom-of-Information-Act request to hand over Clipper's 
         escrowed keys.  Meanwhile, the federal government continues 
         to backpedal, saying that Clipper will not be mandatory, 
         even for government users.
         
         What cost Clipper?  To gauge Clipper's economic impact on
         taxpayers, Steve Walker, president of Trusted Information 
         Systems Inc., offers the following analysis.         
         
         Approximately 5,000 legally authorized wiretaps take 
         place each year, based on a reported total of 800.  
         He increased this reported figure to 1,000, for argument's 
         sake, and multiplied by five to account for multiphone 
         wiretaps.) There are approximately 500 million phones in 
         the U.S., so the ratio of taps to the total number of phones is
         about O.001 percent.
         
         If the government taps 0.001 percent of AT&T's estimated market
         of 250,000 Clipper-equipped telephones, that works out to 2.5 
         key-escrow taps per year. Since the cost to run the country's 
         two planned key-escrow centers is estimated at about $6 million 
         per year, Clipper taps could cost taxpayers $2.4 million apiece 
         (beyond the $250 million to buy the Clipper-equipped phones at 
         $1,000 apiece in the first place).  But if the number of Clip
         per phones sold is 100-fold greater than AT&T estimates--25 
         million devices--there would still be only 250 escrow
         taps per year and one call to key-escrow centers every 1.5 days,
         Walker figures. Each approved Clipper tap, under these cir-
         cumstances, would cost $24,000.
         Now, add to these escrowed-tap approval costs the estimated 
         $50,000 to $60,000 that would be required to actually set up
         each wiretap.
         More than 1,000 Clipper crypto devices have been sold
         commercially since the products became available late last year,
         Department of Justice officials said. So far, the government has
         purchased another 9,000.
         
         Stalling tactics.  A response to the Freedom-of-Information-
         Act (FOIA) request for Clipper's keys filed by Electronic Frontier
         Foundation cofounder, John Gilmore, is slow in coming. According to 
         Gilmore's lawyer, Lee Tien, the FOIA applications--to the 
         Department of the Treasury and Department of Commerce
         --have only generated requests for more time. The agencies,
         however, "seem to be making an effort to respond," Tien adds.
         
         Now, it's voluntary.  Government witnesses testifying before
         back-to-back congressional hearings in May stressed the voluntary 
         nature of key-escrow technology for both government and
         commercial use. But others demanded more than executive-branch 
         reassurances.
         
         Raymond Kammer, deputy director of the National Institute
         of Standards and Technology, told a House Science, Space and
         Technology panel that he hopes government use will drive prices
         down far enough to make Clipper phones attractive to the public. 
         Citizens may also wish to buy Clipper-equipped phones for 
         communicating with government agencies, he added.

         Among Clipper critics, David Farber, professor of
         telecommunication systems at the University of Pennsylvania,
         told the House subcommittee that Congress needs to "weld
         into law" guarantees that Clipper will not be mandatory. And
         Trusted Information Systems' Walker told an earlier hearing
         before the SenateJudiciary Subcommittee on Technology and
         the Law that the administration should not "proceed on its own
         without separation of powers." He suggested putting key-es-
         crow centers under the judiciary branch, so that the executive
         branch "can't twist arms."
         
         ---------------------------------------------------------------
         
         NSA Launches ATM Encryption.  
         
         Trying to stay in step with rapidly evolving telecommuncations
         technology, the National Security Agency has kicked off an
         Asynchronous Transfer Mode (ATM) encryption program to provide
         end-to-end encoding across synchronous optical network (SONET)
         systems.  Called Fastlane, the ATM project specifies optical-
         channel  (OC) rates, with OC12 desired.  The work will parallel
         a SONET encryptor development program awarded to Motorola earlier
         this year.
         
         ---------------------------------------------------------------
         
         Disclaimer:  these articles were scanned, not forwarded <hehehe>
        
-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From sandfort at crl.com  Sun Jul 17 17:43:07 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Jul 94 17:43:07 PDT
Subject: Nixon, Johnson, and the Dollar
In-Reply-To: <940717182954f8Rjgostin@eternal.pha.pa.us>
Message-ID: <Pine.3.87.9407171758.A22802-0100000@crl.crl.com>


C'punks,

On Sun, 17 Jul 1994, Jeff Gostin wrote, first quoting me:

> > . . .  What did Johnson say just before silver was removed 
> > from US coinage?  For bonus points, what did Nixon say two weeks before 
> > he closed the gold window to foreigners and devalued the dollar?  

>      I'll show my ignorance of history once again... I've not clue, but
> you've tickled my curiosity. Care to inform us? :-)

Johnson said words to the effect that, "The United States has no plans to
remove silver from its coinage, now or in the future."

Nixon promised something along the lines, "The United States would never 
end the free covertability of the dollar to gold."

Both of these statements were made no more than two months before the US 
stopped making silver coins, and closed the gold window.  When asked why 
the denials were made and then violated, both administrations said it was 
to maintain order.  They didn't want "speculators" to start runs on 
silver or gold.  See?  The government lied to us for our own good.

WHAT AM THE MORAL OF THE STORY, UNCLE REMUS?

When the government makes any announcement (ESPECIALLY a denial), you
should figure out what the government is trying to get you to do--and do
the opposite.  Contrarianism with a vengance.  Of all the advice I've 
offered on the Cypherpunks Channel, this is absolutely the most certain.


 S a n d y











From merriman at metronet.com  Sun Jul 17 17:47:54 1994
From: merriman at metronet.com (David K. Merriman)
Date: Sun, 17 Jul 94 17:47:54 PDT
Subject: Sue D. Nym, and Netcom records
Message-ID: <199407180050.AA00341@metronet.com>


>
>I'm not disturbed by this, actually. The only way to stop it would be
>for Netcom to demand to see people's national ID papers before giving
>them an account. Do any of us want that sort of world?

Oh, sure, give us an easy choice...

Detweiler or National ID card.....

Dave M
Wherever you go in Life - there you are!






From merriman at metronet.com  Sun Jul 17 17:52:37 1994
From: merriman at metronet.com (David K. Merriman)
Date: Sun, 17 Jul 94 17:52:37 PDT
Subject: Sue D. Nym
Message-ID: <199407180055.AA00573@metronet.com>


I trust that everyone got the joke:

Sue D. Nym = pseudonym

Dave Merriman
Wherever you go in Life - there you are!






From blancw at microsoft.com  Sun Jul 17 17:57:47 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 17 Jul 94 17:57:47 PDT
Subject: uh... excuse me
Message-ID: <9407180058.AA21906@netmail2.microsoft.com>


From: Sue D. Nym

"....maybe I should leave. You guys seem a little too paranoid for my tastes."
.........................................................

It's not paranoia, it's just that LD is always trying to induce the 
list members into self-incrimination:  he intends to evoke 
crowd-gathering behavior wherein they will all betray their true 
nature, true motives, true attitudes.  He doesn't believe that they 
deserve as much credit as they seem to give themselves and wants to 
reveal to them, by their actual responses, what they would deny in 
public.  He doesn't think that they have all that much respect for 
privacy, but are only opportunists bent on only their own advantage, 
rather than supporting the principle of privacy per se (even for their 
enemies, who could as well use the available methods against them).

Everyone always knows what his true aims are, though, and no one    
ever   gives him any slack.

Blanc





From blancw at microsoft.com  Sun Jul 17 18:03:25 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 17 Jul 94 18:03:25 PDT
Subject: Nixon, Johnson, and the Dollar
Message-ID: <9407180103.AA22034@netmail2.microsoft.com>


From: Sandy Sandfort

"When the government makes any announcement (ESPECIALLY a denial), you
should figure out what the government is trying to get you to do. . . . . . "
......................................

I think this is what is called "providing incentive"  or in 
corporate-speak,  "incentivization" (when they make an announcement and 
you take the kind of action which they intended you should).

Blanc










From jis at MIT.EDU  Sun Jul 17 18:15:08 1994
From: jis at MIT.EDU (Jeffrey I. Schiller)
Date: Sun, 17 Jul 94 18:15:08 PDT
Subject: PGP bug *NOT* yet fixed
Message-ID: <9407180114.AA15441@MIT.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

Chill out friend. We are working on a bugfix release to PGP which will
fix several important bugs. The bug you mention is fixed in our
development sources and will be fixed in the next release. Read Colin's
note carefully. If you do you will realize that this problem is not
a disaster.

The reason that you need good random numbers for cryptographic
purposes is to make an exhaustive search through all possible values
of a key too hard to do. There is more then enough randomness in the
random pool even with this bug to prevent someone from being able
to search all possible values.

                      -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6x

iQBVAgUBLinTiVUFZvpNDE7hAQGm2QH/S7uvlJMUGeYNTncQ9rvr0Dkowjto2GG7
Pi+f0cLlUGTfDNTtAlSdao0HxwT5uv2PUwXMAd6Cns3uo3ordRiP1Q==
=9BZ3
-----END PGP SIGNATURE-----





From blancw at microsoft.com  Sun Jul 17 18:23:48 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 17 Jul 94 18:23:48 PDT
Subject: ACAPULCO H.E.A.T.
Message-ID: <9407180124.AA22404@netmail2.microsoft.com>


Thinking about card games & privacy/technology issues (eliminating el 
Fabuloso for a minute):

It would be interesting to see TV shows with real-life crypto 
scenarios, demonstrating the advantages of using it and how it prevents 
the bad guys ("them") from intruding upon the free movement, the 
private property, etc. of the hero-winners.   "It's just me and my code 
(and my public key. . . . and my pc....and my laser gun) against the 
world, winning against the odds....."

But it probably wouldn't be as interesting as an exotic melange of 
Iran/Iraquis, renegade biologists, casinos, blackjack, etc. (not to 
mention bikinis).

Blanc





From j.hastings6 at genie.geis.com  Sun Jul 17 18:51:06 1994
From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com)
Date: Sun, 17 Jul 94 18:51:06 PDT
Subject: New FLA
Message-ID: <199407180150.AA292286255@relay2.geis.com>


The computer-designed replicant, Kent Borg, writes:
 
>We need another TLA?
 
>I propose: TPD: Terrorists, Pedophiles, and Drug-dealers.
 
No, we need another FLA:
TPMD: Terrorists, Pedophiles, Money-Launderers, and Drug-dealers.
 
The Treasury's IRS and Customs collectors are really concerned
that the rich will evade their fair share of taxes. We'll
accomplish something if we can discredit tax collection.
 
Billions of unregulated dollars will destabilize foreign
democracies. Corrupt regimes may enact strict bank secrecy
laws. These new evil dictators may not cooperate with income
tax investigations. Send the Marines and the ATF now!!!
 
Yes, a horde of Islamic fundamentalist, child molesting,
dope smoking, welfare chiseling tax cheaters may soon cross
our borders. There is only one way to repel this invasion.
We must give up our infantile obsession with Liberty.
 
The President's responsible leadership with the Clipper chip
and Digital Telephony will protect us from certain doom.
Let's unite under Uncle Sam's infobahn jackboot, install
Big Brother's interactive video cameras in our homes, and
embrace the new national socialist health I.D. internal
passports without complaint. Then we can be happy.
 
The one true Kent - j.hastings6 at genie.geis.com
Proud to have watched 1,743.21 hours of Beavis and Butt-head this week





From frissell at panix.com  Sun Jul 17 19:49:20 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 17 Jul 94 19:49:20 PDT
Subject: Leaving the Country
Message-ID: <199407180245.AA09102@panix.com>


At 06:27 PM 7/17/94 -0400, Perry E. Metzger wrote:

>The same Karl Hess (sadly departed on the same day as Tricky Dick
>Nixon) who wrote for Goldwater: "Extremism in the defense of liberty
>is no vice, moderation no virtue" (or something like that; I can't
>remember the exact words). Hess was an anarchist, and open about it.

"Extremism in the defense of liberty is no vice.  Moderation in the search
for justice is no virtue."

Delivered at the '64 Republican National Convention at the Cow Palace in San
Francisco (actually Daly City), California.  It was ascribed to Karl but he
said he didn't actually write it.

Au H2O

DCF

"Ted, I'm pregnant."
"Don't worry Mary Jo.  We'll cross that bridge when we come to it.
        -Still the best Chappaquiddick joke.  July 18, 1969






From dmandl at panix.com  Sun Jul 17 19:54:05 1994
From: dmandl at panix.com (David Mandl)
Date: Sun, 17 Jul 94 19:54:05 PDT
Subject: ID card from hell
In-Reply-To: <199407151900.AA04014@panix.com>
Message-ID: <199407180253.AA16436@panix.com>


Duncan Frissell writes:

> "Nineteen Eighty-Four
> Knocking at your door
> Will you let it come
> Will you let it run
> Your life."
> 
>  --- Awaiting proper definition of Mime sound file standards.

Just for the hell of it...

How much do I get for identifying that quote?  It's from the song "1984"
by the band Spirit, a single released in late 1969.

I'm really impressed, Duncan.

   --Dave.

-- 
Dave Mandl
dmandl at panix.com





From wcs at anchor.ho.att.com  Sun Jul 17 20:46:14 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 17 Jul 94 20:46:14 PDT
Subject: Sue D. Nym, and Netcom records
Message-ID: <9407180344.AA19759@anchor.ho.att.com>


> Oh, sure, give us an easy choice...
> 
> Detweiler or National ID card.....

That's real easy - I'd take Detweiler in a minute.
Sure, it takes work to filter out each incarnation of Sue D. Spoof,
and there are N-1 more like him out there,
but it's a lot less work than explaining to people why you don't have 
any intention of using the Nationalist ID Card Number in your databases,
or carrying it on your person, or presenting it when you open bank accounts,
or getting it printed on your armonce they make tattoo removal the
monopoly of the National Health Care System or whatever the paranoids
will thinnk of next.  (And *please* don't say too much of this around
politicians; they tend to miss the smileys and think this sort of thing is
a good idea....)

		Bill





From qwerty at netcom.com  Sun Jul 17 21:21:02 1994
From: qwerty at netcom.com (-=Xenon=-)
Date: Sun, 17 Jul 94 21:21:02 PDT
Subject: Detweiler Remailer filtering
Message-ID: <199407180421.VAA21192@netcom9.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Hal told the oral history of my remailer as...

>I suggest, then, that you run a remailer (it only costs $20 a month on the
>system I use), and publicize the fact that Detweiler can use yours with
>impunity.  Set up a mail-to-news gateway that other remailer operators can
>use so that they don't have to worry about the consequences of abuse.
>It's easy to talk about sacred ideas, but perhaps not so easy to keep an
>unpopular and misunderstood remailing infrastructure in place.  "Xenon"
>also accused us of hypocrisy, started up a remailer, and stopped it in just
>a couple of days faced with these kinds of problems.

However, I experienced *no* abuse of my remailer, I being at the time on
fairly good terms with Mr. Detweiler. (I had a single amusing "abuse" in
which the person told someone in personal anonymous mail that their
continued us of their IP number was a copyright violation and would be
procecuted. Guy just didn't have a sense of humour.)

I did not accuse anyone of hypocrisy. All I said was that a simple quick fix
solution of blocking his known address would ONLY MAKE THINGS WORSE, since
then he would forge mail instead. Besides, fight him and he'll fight back
with renewed energy, I reasoned. I also thought it was sort of funny to see
all the propellor-beenie types yelling at the top of their lungs about some
inappropriate posting in their oh so precious newsgroups, and said that
his posts could be called performance art. I said we needed an *abuse*
filter not a Detweiler filter. This of course got me flamed :-).

I shut down qwerty-remailer, after perhaps a month of operation, due to two
reasons. I felt moderated remailers were necessary (until Usenet is "fixed"
to catch such abuses in some open moderation scheme) and did not have the
*time* to moderate qwerty. The major reason however was the public threats
of other remailer operators sending *their* abusive user's mail through
qwerty-remailer when I refused to block Detweiler's address! That threw me
for a loop. Wow. Nasty situation that was, and an isolated remailer is not
an effective one. I also was not at all effective at trying to gather FULL
information about the existing remailers, and my "Full Discosure Remailer
List" is still incomplete, as well as now outdated.

 -=Xenon=-

P.S. If anyone is interested in a few radical essays on remailer/internet
security from an output larger than the internet, see the Rant Series on
ftp.netcom.com in /pub/qwerty/Writings.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLinKgQSzG6zrQn1RAQE7JwQApnXmm35jUxq0QyAYEN+pJgPxnQE5Jcqz
RJfMKNjNT/1LDkgRvKoJxCoYfzd9ga/nQvIZczwefAPI2Ko8Q7bLMh1zm/txZzN7
RnCVd8Hdhq9UpPue3rwZ037jRc6K/XTEwgeKT9Ct3tmIJDbu5FyMqsK4asT4fgFi
b/8h2TZG7ks=
=FemC
-----END PGP SIGNATURE-----





From kentborg at world.std.com  Sun Jul 17 22:04:40 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 17 Jul 94 22:04:40 PDT
Subject: Card Playing Protocol
Message-ID: <199407180503.AA15220@world.std.com>


rarachel at prism.poly.edu writes about problems with card protocols,
>Anyway, you can ask him about it, his address is rvslyke at prism.poly.edu

I will once I am sure I will understand the answer.

Thanks,

-kb, the Kent who does have some reading ahead of him

--


Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:00 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Sun Jul 17 22:07:07 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 17 Jul 94 22:07:07 PDT
Subject: Card Playing Protocol?
Message-ID: <199407180506.AA15727@world.std.com>


rarachel at prism.poly.edu writes some interesting looking details
on crypto cards, but I am too exhausted to make sense of it tonight.

I am not ignoring it.

Thanks,

-kb

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:00 hours of TV viewing so far in 1994!





From wcs at anchor.ho.att.com  Sun Jul 17 22:10:15 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 17 Jul 94 22:10:15 PDT
Subject: Key length security (calculations!)
Message-ID: <9407180508.AA20968@anchor.ho.att.com>


> solman at mit.edu writes (quoting someone else initially):
> >What about Shamir's triple pass key exchange protocol (explained briefly
> >below). Its the perfect key exchange algorithm. 
> >It obsoletes Public key systems entirely as long as you only need to 
> >exchange keys and not authenticate.

[ A: Ea(K)   B: Eb(Ea(K))  A: Da(Eb(Ea(K))) == Da(Ea(Eb(K))) == Eb(K) ]

Some problems - commutative symmetric encryption algorithms aren't very 
common; the most obvious one ( M xor K ) doesn't work here,
since you have known plaintext, making it trivial to find Ka and Kb,
while the usable M**K mod p looks suspiciously close to Diffie-Hellman
from a patent perspective, though Diffie-Hellman makes useful simplifications,
as Hal points out.

Also, an active eavesdropper can break it (maybe at the cost of reencrypting the
entire conversation), which is the main weakness of Diffie-Hellman;
authentication is still necessary in environments where this matters.

Hal writes:
> Also, this does not obsolete PK since it requires several exchanges 
> before communication can occur, making it inappropriate for high-latency
> communications, such as for most email.

Lots of email these days flows over SMTP connections, where
a couple of extra messages at handshake time isn't a major problem,
though it's really more applicable for link encryption than end-to-end,
given the amount of mail that really goes through MX records or
other mail gateways.  It wouldn't be that hard, now that RSAREF includes
Diffie-Hellman, to do a DH-SMTP and DH-POP, though the <censored> export
regulations make it a bit annoying to use internationally,
and you could just as well use Shamir's 3-way handshake if there's no 
patent problem.

				Bill Stewart





From kentborg at world.std.com  Sun Jul 17 22:11:03 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 17 Jul 94 22:11:03 PDT
Subject: Card Playing Protocol?
Message-ID: <199407180510.AA16311@world.std.com>


s009amf at discover.wright.edu writes:
>The only problem is if a government spy is listening on this
>conversation, he is going to learn how to play this game to and learn how
>to intercept the messages and therefore learn how to decode the messages...

Oh, I sure hope the spooks are listening, but I don't intend that
their knowing the protocol will help them cheat at cards any more then
having the PGP source will let them read messages encrypted by it.
That is what cryptography is all about.

Note, depending on how things land thrid parties might have no
difficulty watching the play without a superencrypting--I don't yet
know.

-kb






From rjc at powermail.com  Sun Jul 17 22:14:35 1994
From: rjc at powermail.com (Ray)
Date: Sun, 17 Jul 94 22:14:35 PDT
Subject: True Lies and other wiretaps
Message-ID: <199407180316.XAA00187@extropy.digex.net>



  There's some pretty good bits of government abuse of wiretaps in
Arnold's newest mega-blockbuster, _True Lies_. (big abuses of
wiretaps really)  Apparently the terrorists in this movie must
use clipper because the "Omega Sector" (the government superspy
agency in the movie) decrypts some of the terrorist's files in
a matter of minutes. Probably just another bit of Cameron's humor,
because the movie is loaded with unlikely events which are hilarious.

-Ray





From sandfort at crl.com  Sun Jul 17 22:20:18 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Jul 94 22:20:18 PDT
Subject: Nixon, Johnson, and the Dollar
In-Reply-To: <9407180103.AA22034@netmail2.microsoft.com>
Message-ID: <Pine.3.87.9407172221.A24034-0100000@crl2.crl.com>


C'punks,

On Sun, 17 Jul 1994, Blanc Weber wrote, first quoting me:

> From: Sandy Sandfort
> 
> "When the government makes any announcement (ESPECIALLY a denial), you
> should figure out what the government is trying to get you to do. . . . . . "
> ......................................
> 
> I think this is what is called "providing incentive"  or in 
> corporate-speak,  "incentivization" (when they make an announcement and 
> you take the kind of action which they intended you should).

No, it's worse than that.  They're just plain trying to fool you in order
to *keep* you from doing something (like accumulating silver coins).  You 
can be government insiders have already taken positions contrary to what 
they want you to do (or not do).


 S a n d y









From shabbir at panix.com  Sun Jul 17 22:36:06 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Sun, 17 Jul 94 22:36:06 PDT
Subject: HR 3937 comes to the floor this wednesday with a "good" amendment!
Message-ID: <199407180523.AA01390@panix3.panix.com>


[updated July 18, 1994 shabbir]

[HR 3937 COMES TO THE FLOOR WEDNESDAY JULY 20TH; YOUR ACTION NEEDED]
[PLEASE CHECK THE "WHAT YOU CAN DO RIGHT NOW" SECTION!]
*********************************************************************
 
                        DISTRIBUTE WIDELY
 
*********************************************************************

Table of contents:
	Introduction & Alert
	Status of the bill
	What you can do right now
	List of legislators supporting HR 3937 (formerly HR 3627)
	List of legislators wavering on HR 3937 (formerly HR 3627)
	List of legislators opposing HR 3937 (formerly HR 3627)
	What is the Cantwell bill?

-------------------------------------------------------------------------------
INTRODUCTION

Voters Telecomm Watch keeps scorecards on legislators' positions on 
legislation that affects telecommunications and civil liberties.
If you have updates to a legislator's positions, from either:

	-public testimony,
	-reply letters from the legislator,
	-stated positions from their office,

please contact vtw at panix.com so they can be added to this list.

General questions: 	vtw at panix.com
Mailing List Requests: 	vtw-list-request at panix.com
Press Contact: 		stc at panix.com
Gopher URL: 		gopher://gopher.panix.com:70/1/1/vtw
WWW URL:		Be patient; we're working on it. :-)
-------------------------------------------------------------------------------
STATUS OF THE BILL (updated 7/18/94)

The Cantwell bill HR3627, that allows for fewer restrictions on exports
of cryptography, was rolled into the General Export Administration Act
HR 3937.  The House Foreign Affairs Committee passed the full strength
version out of committee after open, public hearings.  The House
Intelligence Committee took the bill and gutted it after a day of
closed, secret hearings.  The gutted version will come to the House
floor on Wednesday July 20th.

A amendment that reinstates Rep. Maria Cantwell's cryptography export
provisions WILL be offered.  It is crucial that you ensure that your
representative knows that you support ONLY the amended version of this
bill.

This may be the last thing you can do for the cryptographic export
legislation.  Take the time to make a call!

Schedule/Chronology of the bill
Jul 20, 94  HR3937 comes to House floor; a "good" amendement will be offered
	    [YOUR ACTION IS NEEDED TO PASS THIS]
Jul 11, 94  House Rules Committee marks HR3937 "open"; allowing amendments
Jun 30, 94  [*** vote postponed, perhaps till the week of 7/11/94]
	    House Rules Comm. decides whether to allow amendments
	    on the bill when it reaches the House floor 
Jun 14, 94  Gutted by the House Select Committee on Intelligence 
May 20, 94  Referred to the House Select Committee on Intelligence 
May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
	    attached to HR 3937, the General Export Administration Act
Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
Nov 22, 93  Referred to the House Committee on Foreign Affairs.

-------------------------------------------------------------------------------
WHAT YOU CAN DO RIGHT NOW

Estimated time to do this good deed: Six minutes

Your legislator needs to know that you want them to support HR3937
but only with an amendment including Rep. Maria Cantwell's cryptography
export provisions.

If you wish to fax a letter instead of calling, that's fine too.

If you don't know who your representative is, call:

	-The League of Women Voters in your area, or
	-Any representative from your state.  They will tell you which
	 is yours.

You can obtain a complete copy of all representatives by:
	-checking the VTW gopher site:

		URL:gopher://gopher.panix.com:70/1/1/vtw
		(check under Congress)

	-or by dropping a note to vtw at panix.com

[Our directory is a bit out of date.  Please check all fax numbers before
sending.  People volunteering to obtain a new directory for us are
welcome to help out.]

Feel free to use the following sample communique:

	The Honorable ____________
	address
	Washington DC, 20515

	Dear Congressman or Congresswoman,

	On Wed. July 20th, HR 3937 (General Export Administration Act)
	comes to the floor.  Please support HR3937 but only with an
	amendment including Rep. Maria Cantwell's cryptography export
	provisions.  These provisions are crucial to the development of
	privacy-enhancing technology as the competitiveness of the
	American cryptographic industry.

	Sincerely,

	_________________________________


A shorter telephone sample communique might be:

	Dear Congressman or Congresswoman,

	Please support HR3937 but only with an amendment including
	Rep.  Maria Cantwell's cryptography export provisions.

	Thank you.

-------------------------------------------------------------------------

LIST OF LEGISLATORS SUPPORTING CRYPTOGRAPHY EXPORT LEGISLATION

The following legislators have formally registered support for
cryptography export legislation.  Call them with your cheers.

All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      1 WA Cantwell, Maria (D)            1-202-225-6311   1-202-225-2286
             1520 LHOB
	HR 3627's sponsor; thank her for her work!

     16 IL Manzullo, Donald (R)           1-202-225-5676   1-202-225-5284
             506 Cannon
	Cosponsored HR 3627 on 11/22/93
 
      3 UT Orton, William H. (D)          1-202-225-7751   1-202-226-1223
             1122 LHOB
	Cosponsored HR 3627 on 03/22/94

      3 OR Wyden, Ronald (D)              1-202-225-4811   1-202-225-8941
             1111 LHOB
	Cosponsored HR 3627 on 03/22/94

     16 CA Edwards, Donald (D)            1-202-225-3072   1-202-225-9460
             2307 RHOB
	Cosponsored HR 3627 on 03/22/94

     19 OH Fingerhut, Eric D. (D)         1-202-225-5731   1-202-225-9114
             431 Cannon
	Cosponsored HR 3627 on 03/22/94

      4 MA Frank, Barney (D)              1-202-225-5931   1-202-225-0182
             2404 RHOB
	Cosponsored HR 3627 on 03/22/94

      2 UT Shepherd, Karen (D)            1-202-225-3011   1-202-226-0354
             414 Cannon
	Cosponsored HR 3627 on 03/22/94

      3 WA Unsoeld, Jolene (D)            1-202-225-3536   1-202-225-9095
             1527 LHOB
	Cosponsored HR 3627 on 03/22/94

     19 FL Johnston II, Harry (D)         1-202-225-3001   1-202-225-8791
             204 Cannon
	Cosponsored HR 3627 on 03/22/94

      9 WA Kreidler, Mike (D)             1-202-225-8901   1-202-226-2361
             1535 LHOB
	Cosponsored HR 3627 on 03/22/94

      4 WA Inslee, Jay (D)                1-202-225-5816   1-202-226-1137
             1431 LHOB
	Cosponsored HR 3627 on 03/22/94

      7 WA McDermott, James A. (D)        1-202-225-3106   1-202-225-9212
             1707 LHOB
	Cosponsored HR 3627 on 03/22/94

      8 IN McCloskey, Frank (D)           1-202-225-4636   1-202-225-4688
             306 Cannon
	Cosponsored HR 3627 on 03/22/94

     14 CA Eshoo, Anna G. (D)             1-202-225-8104   1-202-225-8890
             1505 LHOB
	Cosponsored HR 3627 on 03/22/94

     10 NC Ballenger, Thomas C. (R)       1-202-225-2576   1-202-225-0316
             2238 RHOB
	Cosponsored HR 3627 on 05/04/94

      2 WA Swift, Al (D)                  1-202-225-2605   1-202-225-2608
             1502 LHOB
	Cosponsored HR 3627 on 05/04/94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS WAVERING ON CRYPTOGRAPHY EXPORT LEGISLATION
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

     26 NY Hinchey, Maurice D. (D)        1-202-225-6335   1-202-226-0774
             1313 LHOB
	Recently told a constituent that he is taking the Cantwell bill
	under consideration, but has "national security concerns" about
	allowing encryption to be exported outside the United States.

      1 IA Leach, James (R)               1-202-225-6576   1-202-226-1278
             2186 RHOB
	Has yet to answer a constituent letter with a stated position.

     13 NY Molinari, Susan (D)            1-202-225-3371   1-202-226-1272
             123 Cannon
	Has yet to answer a constituent letter with a stated position.
	(has taken inordinately long)

      8 NY Nadler, Jerrold (D)            1-202-225-5635   1-202-225-6923
             424 Cannon
	Met with lobbying constituent in April '94; no position taken yet

     25 CA McKeon, Howard P. (R)          1-202-225-1956   1-202-226-0683 
             307 Cannon
	Responded to a constituent with a "non-position", May '94
	Had a favorable meeting with a constituent and a VTW volunteer
		in May '94.

-------------------------------------------------------------------------------
LIST OF LEGISLATORS OPPOSING CRYPTOGRAPHY EXPORT LEGISLATION
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      5 AL Cramer Jr, Robert E. (D)       1-202-225-4801   1-202-225-4392
             1318 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      8 CA Pelosi, Nancy (D)              1-202-225-4965   1-202-225-8259
             240 Cannon
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     32 CA Dixon, Julian C. (D)           1-202-225-7084   1-202-225-4091
             2400 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     40 CA Lewis, Jerry (R)               1-202-225-5861   1-202-225-6498
             2312 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     46 CA Dornan, Robert K. (R)          1-202-225-2965   no reliable fax
             2402 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      2 CO Skaggs, David E. (D)           1-202-225-2161   1-202-225-9127
             1124 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     10 FL Young, C. W. (R)               1-202-225-5961   1-202-225-9764 
             2407 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      4 KS Glickman, Daniel (D)           1-202-225-6216   1-202-225-5398
             2371 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 NE Bereuter, Douglas (R)          1-202-225-4806   1-202-226-1148 
             2348 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      3 NM Richardson, William (D)        1-202-225-6190   no reliable fax
             2349 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 NV Bilbray, James H. (D)          1-202-225-5965   1-202-225-8808
             2431 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     17 PA Gekas, George W. (R)           1-202-225-4315   1-202-225-8440
             2410 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      2 RI Reed, John F. (D)              1-202-225-2735   1-202-225-9580
             1510 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     14 TX Laughlin, Gregory H. (D)       1-202-225-2831   1-202-225-1108 
             236 Cannon 
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     16 TX Coleman, Ronald D. (D)         1-202-225-4831   None
             440 Cannon
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     19 TX Combest, Larry (R)             1-202-225-4005   1-202-225-9615
             1511 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 UT Hansen, James V. (R)           1-202-225-0453   1-202-225-5857
             2466 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      6 WA Dicks, Norman D. (D)           1-202-225-5916   1-202-226-1176
             2467 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

-------------------------------------------------------------------------------
What is the Cantwell bill?

The Cantwell bill would permit companies to export products with
encryption technology in them.  US companies are currently
not permitted to export products (hardware or software) with this
technology in them.


What is encryption technology?

Encryption technology, or cryptography, is the art of scrambling 
a conversation so that only the people communicating can decode
it.  Other people (such as eavesdroppers) cannot learn about
the conversation.


Where is cryptography being used?

Cryptography is used to encrypt electronic mail to protect its confidentiality
in transit.  It's used by bank automatic teller machines to protect
sensitive data (such as your account number, your Personal Identification
Number, and your bank balance).  It can be implemented into software
(such as electronic mail programs and word processors) as well as hardware
(such as telephones and "walkie-talkies") to ensure your privacy.


Why is there a restriction on exporting products with technology
in them?

For many years the United States poured vast sums of money into
cryptography.  The US government thought that if they did not let this
technology be exported, foreign individuals would not be able to obtain
it and use it against us (by keeping US intelligence agencies from
eavesdropping on their communications)

Today, many companies selling cryptographic technology are producing
their products for the global market.  A recent Software Publishers'
Association Report (available from the VTW gopher) identified over 200
non-US companies producing cryptographic technology in the global
marketplace.  You can buy the same, high-quality cryptographic
technology from many international firms despite the US export
regulations.  Although the marketplace has changed, the regulations
have not.


Why should the regulations be changed?

US companies compete in a global marketplace.  Because of the export
regulations, they often compete alongside products with superior
cryptographic capabilities built into them.

The result is that US companies build their products with
an inferior encryption technology.  The result of this is that
you, as an American consumer, have great difficulty obtaining
products with strong encryption in them.

Because US products cannot compete against products with better 
privacy features, and because the laws are outdated, the regulations
should be changed.  The Cantwell bill fixes these regulations to more
accurately resemble the current situation of the world marketplace.


How can I help encourage more privacy-enhanced products and
pass the Cantwell bill?

Call or write your representative and ask them to support or cosponsor
Rep. Cantwell's export provisions (formerly HR 3627) in the General
Export Administration Act, HR 3937.  You can base your letter on the
sample communication below.


SAMPLE LETTER OR PHONE CALL

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

As a citizen concerned for my privacy, as well as a supporter of
American business, I urge you to cosponsor the Rep. Cantwell's
cryptographic export provisions (formerly HR 3627) in the General
Export Administration Act, HR 3937.

The bill would allow US companies to produce and export products with
cryptographic privacy-enhancing technology in them.  These products
are already available from firms throughout the world.  US companies
lose nearly $100 million per year in exports to them.

By encouraging this industry, ordinary citizens like you and me would
be able to purchase products with better privacy features.

Please support or co-sponsor HR 3937.

Sincerely,

___________________________________ 

-------------------------------------------------------------------------------





From wcs at anchor.ho.att.com  Sun Jul 17 22:56:10 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 17 Jul 94 22:56:10 PDT
Subject: PROTOCOLS: Re: Hashed Hash
Message-ID: <9407180554.AA21317@anchor.ho.att.com>


> I'm planning on implementing the "cryptographic protection of databases" 
> on page 61 of Schneier, to create a directory of a professional 
> organization that would be useless to telemarketers.
> [hash last name to get DES key and location of encrypted data in list.]
> [ problems of brute-force and popular-last-names attacks ]

If you're only concerned about telemarketers, this amount of obscurity 
may be enough - anybody competent enough to hash a list of, say,
10000 last names x 1000 first names into your database is at 
least an *interesting* telemarketer :-)

If you're concerned about telemarkers from the NSA/FBI/KGB,
then the algorithm isn't enough anyway, because even if you make the
search space large/slow enough to make it hard to list the whole list,
it's still easy to look up "Goren" or "Stewart" or "McCarthy" to see if
they're card-carrying members; it won't protect the usual suspects.

An intermediate variant is to use a password as part of the hash;
if everybody has their own password, the table size is N**2, or you can
give everyone the same password without increasing the table size,
and still be able to distribute the list on FTP.

[This version is probably most useful for Secret Societies,
where key distribution and privacy are taken seriously -
the Masons could use a 33*N-entry hash table, and you *still* wouldn't
be able to tell whether any members were the Illuminati! :-) ]

By giving everyone different passwords and adding logN dummy records to
the database, you could also tell whose copy was leaked (if only one copy
leaks out; you obviously need more entries to detect multiple leaks.)

On the question of whether there are functions I(m) = H(H(m)) for popular
hashes, by definition there are, since H(H(m)) is one.  For most of
the cryptographically useful functions, though, there aren't any that
are faster than running the hash function twice.  Some exceptions are
hashes like a**x mod p, x**a mod p, and obviously (a*x+c) mod p.
But DES is known not to be a group, and MD5 is ugly enough it probably
isn't group-like either.

			Bill





From nobody at vox.hacktic.nl  Sun Jul 17 23:03:55 1994
From: nobody at vox.hacktic.nl (nobody at vox.hacktic.nl)
Date: Sun, 17 Jul 94 23:03:55 PDT
Subject: Bankless cash system?
Message-ID: <199407180603.AA18321@xs4all.hacktic.nl>


-----BEGIN PGP SIGNED MESSAGE-----

>... Okamoto & Ohta's bankless cash system ...

How does this work? Where can I get more information about it?
If it's as good as it sounds, I will code it.

					   Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLimznsGoFIWXVYodAQEcdAP/c/0mQtHRWAq+3L/kbbcwG0iauEMjtQ+t
W2py+L32CfnfeYtz9olBpOm37s9/uXj25RnKMveiiUFEgo43fGGKqfyQIYVqhRtu
VFmQ3GjatguOv8V5mStnaKQFEhhfW8R/eosmbnoZKXm+t+DsPZIrCSXKo97EcyXn
HnCXUJfGEfY=
=bv0R
-----END PGP SIGNATURE-----






From apoulter at nyx.cs.du.edu  Sun Jul 17 23:44:47 1994
From: apoulter at nyx.cs.du.edu (Alan  Poulter)
Date: Sun, 17 Jul 94 23:44:47 PDT
Subject: Board games
Message-ID: <9407180644.AA00319@nyx.cs.du.edu>




Timothy May writes:-
>An obvious problem with crypto card games is this: what does it
>provide that is worth the extra effort of doing encryption?

Quite so. What other sorts of games are there that could benefit from
crypto?

There are a large number of multiplayer board games which combine high
levels of complexity in move options with the necessity for inter-player
diplomacy. Such board games are suitable for play-by-email (PBEM), as
players need time to negotiate and work out moves. They generally work
by requiring all players to submit orders for their move by a deadline.
Problems with PBEM of such games revolve around having to persuade one
person to sit out and adjudicate player moves (the luckless 'games
master' or GM). There is a die roll server (send 'help' to
dice at danpost4.uni-c.dk for details) which can provide die rolls for game
functions but a person is still needed to request the appropriate die
rolls to resolve player orders.

The solution here is crypto. You can do away with the need for an extra
person as GM by having one of the players act as GM (the 'player-GM')
and resolve moves for each turn. Since all moves are due by one deadline
there is the risk that the player-GM can move in response to other
player's moves which have been sent to the player-GM for resolution. To
prevent this the player-GM must make their move before all the other
players. If done using plain text this puts the player-GM at a
disadvantage so their orders are encrypted before emailing to all other
players. These encrypted orders cannot then be changed in response to
other player orders.

During move resolution all player orders are published. This benefits
all players in that they can check that the player-GM has resolved their
orders correctly (when using a non-player GM order resolution is
typically hidden). These published orders would include the decrypt pass
phrase for the player-GM's orders, and the plain text of those orders.
It would be incumbent on one or more of the players to be able to
decrypt the player-GM's orders using the decrypt pass phrase, just to
check that when decrypted they match the plain text version.

Player-GM offers other advantages as well. For example, players can swap
the onerous role of player-GM to allow for holidays etc. Using a
non-player GM, if that person drops out then the game dies. Player-GM
also allows short deadlines, each successive deadline being handled by a
different player-GM, which speeds up the game and spreads the GMing
load.

Another use of a non-player GM is to hold secret agreements between
players. Using player-GM this is no longer possible, but public/private
key-based encryption can be used to allow players to sign secret
treaties with each other. There is a specific forfeit in many game rules
for breaching a signed treaty, so the need exists to make secret deals
that can later be verified by players not in on the secret deal. Once
public keys have been exchanged by players then secret treaties are no
problem.

Persuading gamers to use crypto to play multiplayer board games PBEM
does not take much doing. If no one wants to be a non-player GM (and few
do) then without crypto there is no game. I am currently playing in a
7-player PBEM board game called 'Empires of the Middle Ages' using the
player-GM method. We use PGP as it supports the encryption facilities
needed, runs on the various platforms different players use and is free.
However, player-GM and crypto have yet to make an impact in the PBEM
gamer community. This community is small and the ownership of particular
games is limited. The game I am playing player-GM, 'Empires of the
Middle Ages', although an excellent game, has been out of print nearly
15 years. I will be trying to start other board games using crypto and
player-GM in the near future. Watch rec.games.board and rec.games.pbm
for announcements.

I should mention that player-GM is not the only solution to the GM
problem. Another answer is to code a email-driven program which will
adjudicate orders. Here the problem is the inherent complexity of many
board games. The most successful adjudicator program to my knowledge is
the Diplomacy judge (send 'help' to judge at morrolan.eff.org for details).
Diplomacy is a relatively simple board game set loosely in Europe prior
to the Great War. As the game name suggests, players can only win the
game by good diplomacy, as military skills are not enough on their own.
Many thousands of people play PBEM Diplomacy and its variants (games
which change certain rules and/or map features from the standard game).
Although the Diplomacy judge allows anonymous opponents and faked email
in certain Diplomacy variants, it has no built-in facilities for use of
public keys, which seems to me a strange omission. More information on
the Diplomacy Judge can be found in the FAQ for rec.games.diplomacy.

Alan Poulter (apoulter at nyx.cs.du.edu/a.poulter at lut.ac.uk)





From danielce at ee.mu.oz.au  Mon Jul 18 00:09:07 1994
From: danielce at ee.mu.oz.au (Daniel Carosone)
Date: Mon, 18 Jul 94 00:09:07 PDT
Subject: Crypto Games
Message-ID: <199407180713.RAA07140@anarres>




I'd like to float a few ideas on this, generated by cutting right back
to fundamental objectives.

In his orignal posting, Kent Borg wrote:

 > It would be really nice if people had practical experiance *using*
 > cryptography in a friendly, innocent, and non-threatening way.
 >  
 > How to do this?  What about a multi-player game which requires
 > cryptography to implement the play? 

A lovely idea. I think that the `requires' above is fundamental, since
our objective is to raise awareness of crypto -- not only for the
obvious purposes of sending secret messages, but as a basic, useful,
and necessary tool for many other applications. Ideally, it should be
a game which simply cannot be reasonably played without the use of
crypto, a point Tim was driving towards earlier. Additionally, the
actual use of encrypted messages must be visible to all parties (and
outsiders) as Kent pointed out in his original posting.

Without intending to rain on anyone's parade, I think that the choice
of a card game is probably not the best vehicle, for a number of
reasons. Firstly, most card games are too close to realtime. While
that is no great problem technically given internet-connected
machines, it severely reduces the visibility of the underlying crypto
-- people will be too busy playing with cards to look at the messages,
and for the most part I suspect couldn't care if the messages were
sent unencrypted. Card games certainly have both popular appeal, and
(thanks to various `solitaire' programs) a good assosciation with
computers to their advantage.

However, I think we need a game that runs over a longer period, which
requires (or at least allows for) periods of thought and contemplation
between moves. Obvious examples are chess, or some of the play-by-mail
type games. Indeed, it may well be worthwhile wandering over into some
appropriate newsgroups and looking around, or asking a few questions
-- it may well be that there are keen games programmers and players
over there with a technical problem that could be solved with a bit of
crypto.

Since this is intended to be a political move, lets carefully look at
what our political objectives are, and then choose (or even design) a
game around them. Visibility of the usefulness of crypto, both to
players and onlookers, is a key point.

Ideally, then, a game that is played by posting an encrypted block to
a public place such as a newsgroup for all the world to see, and that
can be decoded by players to reveal (perhaps selective) information.
This text block can then be captured and fed into the game program --
perhaps not until version 2 does this happen automatically :) It would
be ideal if there were something from the game that could be
recommended to be put in someone's .sig, perhaps a player code public
key or something. This has great benefits for publicity, for instance
in the past I've had a reasonable number of queries from net denizens
asking `what is this PGP block stuff on the messages you post.. I keep
seeing that around more and more'.

It would be best if we can design the system to be distributed, and to
operate without a central server (or with only a very minimal one),
again to highlight the possibilities enabled by crypto. Perhaps
players form playing groups amongst themselves using the keys in their
.sigs and a group session key. Perhaps its a world-wide game that
anyone can join. Maybe a central server issues a `turn key' to every
player each week (or whatever play period) to enable them to make
their next move.

There's one sad consequence that will be hard to avoid.. while the
posted messages may be cryptographically secure, it will be hard to
come up with a solution whereby the game can be distributed in source
form and not be vulnerable to cheating by source modification in the
game-play parts of the code above the encryption. I think it is
important that the code be distributed in source form, not only for
practical reasons, but also to highlight that cryptography does *not*
depend on keeping the cryptographic algorithm secret or obscured in
any way. The game documentation can include detailed discussions of
the cryto techniques and issues involved.

The ability for the players to send encrypted messages to other
players as part of the basic gameplay is important too.

As has been pointed out, it is probably a good idea to keep the actual
subject matter non-threatening. I keep thinking about the pbm-style
empire-simulation games, perhaps because I've had some contact with
them in the past, but that scenario isn't all that interesting for
many people (including myself). Games of spies and secrecy and so on
suggest themselves naturally, but maybe that assosciation does not
need to be strengthened.

A game for children might be a very good idea. There is a lot of
activity currently in networking k12 schools to internet. One of the
important challengers for teachers is finding appropriate educational
uses for the technology. Foreign language students corresponding with
native speakers and so on.  For example, a game that lets students
around the globe cooperate in solving problems and ferreting out clues
may win wide appeal -- multiplayer distributed _Carmen_Sandiego_.. :)
All the better to snub ITAR if it's an innocent game for kids.

Should this game be written inside or outside the US? Any of you US
citizens planning a move outside soon, who, when the game becomes
wildly popular, can claim that the move was motivated by ITAR
restrictions? :)

 > The cards would not be suitable for distributing porn, bomb making
 > secrets, or drugs, yet would drive the ITAR police *crazy*.  What if a
 > deck of the these cards were to be illegally exported from the
 > country?!?!?  Try telling all those Regular Citizens who are getting
 > on the net and discover they can play cards that the cards are
 > dangerous munitions.  What a wonderful way to make the ITAR police
 > look completely silly.  Oh, and to be sure they *do* get upset, make
 > the cards just open enough that they *do* constitute something more
 > general-purpose.  (Make calls to PGP, or let others make calls to the
 > crypto functions in the digital cards--something like that.)

Hmm.. :)

 > Comments?  Suggestions for a game other than cards that would be
 > better or more suitable?  

See above for some generalised handwaving, at least. 

--
Dan.





From solman at MIT.EDU  Mon Jul 18 01:52:54 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Mon, 18 Jul 94 01:52:54 PDT
Subject: Key length security (calculations!)
In-Reply-To: <199407180000.RAA03808@jobe.shell.portal.com>
Message-ID: <9407180852.AA10228@ua.MIT.EDU>


[I describe the shamir triple pass key exchange protocol]

> I suspect this protocol is covered by the Diffie-Hellman patent, which is
> quite broad, covering many sorts of key exchanges.  Diffie-Hellman is now
> owned by PKP, the sister company to RSA.  If so, Shamir has not undercut his
> own financial interests by this work.  (Also, this does not obsolete PK
> since it requires several exchanges before communication can occur, making
> it inappropriate for high-latency communications, such as for most email.)

Can anybody verify this? I thought that DH only applied to public key systems.
Surely the idea of exchanging keys can't be patented. You have to patent the
process and I though DH just took care of the public key symetric key exchange 
process.

JWS





From j.hastings6 at genie.geis.com  Mon Jul 18 02:04:28 1994
From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com)
Date: Mon, 18 Jul 94 02:04:28 PDT
Subject: L.A.-area meeting Karl Hess
Message-ID: <199407180904.AA100962259@relay2.geis.com>


> > (The same Karl Hess who is involved in libertarian matters.)
 
> The same Karl Hess (sadly departed on the same day as Tricky Dick
> Nixon) who wrote for Goldwater: "Extremism in the defense of liberty
> is no vice, moderation no virtue"
 
When William F. Buckley was here in Southern California to give a
speech at the AARP (buncha greedy old geezers), he was more
concerned about Karl Hess than Tricky Dick. So I heard from a
friend who met WFB there for other business.
 
Here's the real text:
"Extremism in the defense of liberty is no vice,
and let me remind you, moderation in the
pursuit of justice is no virtue."
 
Hess admitted that it came from someone else, I think Tom Paine,
but he was the one who got it into Goldwater's speech.
 
When I posted my Karl Hess club flyer a while back, a few people
implied that I was an incompetent, bungling moron just because I
forgot to say "L.A. area meeting." That's Los Angeles, not Lake
Arrowhead. In California, the United States of America, Western
Corporate Fascist Empire, Earth, Solar Federation Slave Labor Star
System. Others thought it was off-topic. One guy complained about
weird ASCII characters like �, �, �, and perhaps �. Heh heh heh.
 
So "let me remind you" if you are in the LOS ANGELES AREA,
or know someone who is and might be interested, that the
Karl Hess Club will meet in the Alpine Village Restaurant
Emerald Room, Monday, July 18, 1994, at 7 P.M.  Torrance Blvd
exit off the 110 freeway, presumably in the City of Torrance.
 
I will be doing my mega-bit to Sink Clipper by distributing PGP.
Victor Koman will deliver a timely presentation against NASA,
based on the research he did for his new novel, Kings of the
High Frontier. Three cheers for "Subnationals in Space."
 
No reservations needed, and free admission. If you want dinner, the
arrangement with the restaurant is $17 prix fixe incl tax and tip.
 
Kent - j.hastings6 at genie.geis.com





From rishab at dxm.ernet.in  Mon Jul 18 05:23:27 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 18 Jul 94 05:23:27 PDT
Subject: NSA searches for Tentacles
Message-ID: <gate.7k3iPc1w165w@dxm.ernet.in>


Someone said:

> Someone else posted in t.p.c that they'd sent in a letter and been
> told that NSA would not license this technology to individuals. That
> sort of echoes the argument that there are some munitions appropriate
> for government but not for individuals.

Spies generally like to help each other -- after all the CIA and KGB had
much more in common with each other than with the common people of their
respective nations. Probably the foremost use of NSA's technology would be
by governments monitoring traffic and other data for incorrect thought
patterns. I can see other uses, though -- if Cypherpunks had this thing,
we wouldn't need Arsen Ray's Tentacle-sniffer -- NSALookUp (tm) Detweiler
should do it ;-)

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Mon Jul 18 05:24:20 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 18 Jul 94 05:24:20 PDT
Subject: Newbies on Cypherpunks
Message-ID: <gate.PN3iPc1w165w@dxm.ernet.in>


ksmith at beach.com
> Please put me on your mailing list.
> [...]
> Kevin T. Smith, President, TeleSource, A Division of SonRise Corp....

Is there any way to make Majordomo tell all such newbie posters how to
subscribe (send a mail with "subscribe cypherpunks" to majordomo at toad.com)?

After all, almost anyplace you find the Cypherpunks list mentioned, the 
address given is the list address, not the subscription one. We can't really
expect people who are not necessarily very net-aware, who just happened to
see the address in some article somewhere, to know all about mailing list
protocol...

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Mon Jul 18 05:24:34 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 18 Jul 94 05:24:34 PDT
Subject: Probabilistic encryption works!
Message-ID: <gate.qBgLPc1w165w@dxm.ernet.in>


solman at MIT.EDU:
> Here is how it works:
> 
> First, choose two large prime numbers that are one less than a multiple of
> [...]
> plaintext and append the final seed and you get your cyphertext.

Congratulations! You've just described the Blum-GoldWasser Efficient 
Probabilistic Public-Key Encryption Scheme, first outlined in Crypto 84.
Nice description in Schneier, who says it's much faster and more secure
than any other PK scheme, but can obviously only be used one-way as it's
vulnerable to a chosen plaintext attack. It would be possible to cook up 
a protocol to allow for signatures as well, but it'd be tricky.

> algorithms for that anyway. What this provides is a public key system based
> on the hardness of factoring that is faster than RSA and apparently not
> covered by the RSA patent. (although I've asked for opinions on this last
> point in another post)

But we don't know whether it's covered by any Blum-Goldwasser patent... or
the PKP ones.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From jya at pipeline.com  Mon Jul 18 06:07:51 1994
From: jya at pipeline.com (John Young)
Date: Mon, 18 Jul 94 06:07:51 PDT
Subject: Encrypting fax machine
Message-ID: <199407181307.JAA18596@pipe1.pipeline.com>


Pointer:  Encrypted fax patent

Publication:  The New York Times, July 18,, 1994; 
Business Section D; 
Patents column; p. D2.

Title:  A small Company offers a scanning device to make faxes 
private by encoding their computer bits.

By:  Sabra Chartrand



Some excerpts:

The Kryptofax Corporation . . . was set up to sell a scanning 
device that uses encryption algorithms to turn fax text into 
indecipherable dots on a page.

***

Then the most critical thing is to provide a password, says 
Richard Varga, a former computer programmer who is the 
president.

***

The encoded page emerges with the title and addressee name 
appearing in plain language at the top.  The rest is a grid of 
random dots.

***

As the [receiving] Kryptofax machine reads the encrypted grid, 
it begins simultaneously to print a decrypted version of the 
page.

***

We use an encryption algorithm called seeded pseudo-random 
number generator, Mr. Varga said.  The company chose that 
algorithm because it is in the public domain, he added.

***

The Kryptofax Corporations's patent is 5,321,749.





From hayden at vorlon.mankato.msus.edu  Mon Jul 18 06:44:33 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 18 Jul 94 06:44:33 PDT
Subject: Detweiler Files on FTP
Message-ID: <Pine.3.89.9407180824.H8212-0100000@vorlon.mankato.msus.edu>


Following the announcement last week that I'd be willing to hold the 
"detweiler files" (sounds like a FOX television show), they are now 
available on FTP:

vorlon.mankato.msus.edu:
	/home/ftp/pub/cypherpunks/detweiler_files/detweil.zip

Enjoy.

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.0) GJ/CM d- h-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$
		P+>++ L++$ 3- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5++ j 
		r+++$ G- v+ b D+ b--- e+>++(*) u** H* f r-->+++ !n y++**






From rishab at dxm.ernet.in  Mon Jul 18 07:13:53 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 18 Jul 94 07:13:53 PDT
Subject: The Detweiler Files on FTP
Message-ID: <gate.iDNoPc1w165w@dxm.ernet.in>


Thanks to Joichi Ito and Robert Hayden, The Detweiler Files should now be 
available by ftp at:

eccosys.com/pub/incoming
vorlon.mankato.msus.edu/pub/cypherpunks

It includes an earlier CRaP post from Detweiler:

> From: vikram!an12070 at anon.penet.fi (Cryptoanarchist Assassination Squad   )
> X-Anonymously-To: cypherpunks at toad.com
> Date: Tue, 14 Dec 1993 15:56:58 UTC
> Subject: Surrender or Die

> There has been some extremely strong speculation as to our 
> identity lately. It's time for us to identify ourselves. We are
> Operation CRaP, the Cryptoanarchist Repression and Poison, and 
> we have infiltrated your own conspiracy to the most sensitive 
> levels. L.Detweiler retypes most notes to prevent style analysis
> and inference detection that would lead to our identities. 
> We have infiltrated the *interesting* mailing list, have a 
> 'bug' planted at crl.com, and a brilliant spy in one of your 
> ...

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Mon Jul 18 07:48:44 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 18 Jul 94 07:48:44 PDT
Subject: ID card from hell
Message-ID: <gate.suNoPc1w165w@dxm.ernet.in>


Duncan says:
> Opposed to [German] model is the Anglo Saxon model of individual rights.  
> (X.25 vs TCP/IP to you networking types.)

Ha! I like that. Also X.400 vs RFC-822.


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rah at shipwright.com  Mon Jul 18 08:10:18 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 18 Jul 94 08:10:18 PDT
Subject: The Detweiler Files on FTP
Message-ID: <199407181506.LAA27253@zork.tiac.net>


a detweiler testicle says:

>> L.Detweiler retypes most notes to prevent style analysis
>> and inference detection that would lead to our identities.

sheesh.  You folks weren't kidding about the "net.loon" stuff...

His self-reference in the third person says a lot more than he lets on, I
bet... But he's right, though, he *is* a conspiracy. ;-)^h^h^h (oops,
smiley detester present...).

On the other hand, how old is this guy? 12? I mean what do we really know
about him? Do these archives have anything on him besides his spam and the
resultant fusilades?  Has anyone actually met him? Not that I'd like to, I
guess...

I'm curious about this guy for no legitmate reason. He just seems bright,
and he must have done some crypto once. He is listed as a contributor on my
copy MacPGP, for instance, and before he started spamming it, his posts to
imp-interest could make sense on occasion. If this discussion is not
applicable to crypto (I can't imagine how it really could be) send me
e-mail, please.

cheers,
Bob Hettinga


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From nym at netcom.com  Mon Jul 18 09:03:16 1994
From: nym at netcom.com (Sue D. Nym)
Date: Mon, 18 Jul 94 09:03:16 PDT
Subject: Expose on North's Arm Smuggling
Message-ID: <199407181603.JAA13382@netcom14.netcom.com>


Some people have kindly sent me email encouraging me to stay. I'm still
vacillating, but thought you might be interested in this. I got this
from the same place that last message came from, a sort of "psychic
exploration" list (also deeply interested in world/government events).
Again, probably from a Fidonet channel originally.


****


(From): NYT at NYXFER.BLYTHE.ORG
(To)  : ALL
System: SNET
Conf. : 0009 - CONSPIRACY




Via NY Transfer News Collective * All the News that Doesn't Fit

From: Paul DeRienzo <pdr at echonyc.com>



                      VIRTUAL RADIO NETWORK

             184 Underhill Avenue, Brooklyn, NY 11238
               Tel: 718/622-9660  Fax: 718/622-9781

            Executive Director: Andrew Leslie Phillips


July 14, 1994
FOR IMMEDIATE RELEASE    

PRESS CONTACTS:  Curtis Ellis   212/580-2156
            or   Andy Wandzilak 718/622-9660


                  THE CLINTON-NORTH CONNECTION: 
                      A live press briefing

                      Wednesday, July 27th
                             7:00 pm


The Virtual Radio Network will host a live press briefing, open to
the public, that will reveal Senate-hopeful Oliver North's million
dollar international arms and drugs smuggling operations out of
Central America into the United States through a covert airstrip
at Mena, Arkansas protected by then Governor Bill Clinton. 

Two high level former government officials have agreed to appear
together in this Virtual Radio Network news making background
briefing to reveal their eyewitness accounts including:

 - Why presidential candidate Clinton would not attack President
Bush's Iran-Contra record.

 - How Bill Clinton protected Oliver North's Iran-Contra weapons
for drugs operation at Mena, Arkansas.

 - Oliver North's direct connections and support of DEA documented
drug smugglers at El Salvador's Illopango airstrip which was used
as a CIA-contra resupply point.

The briefing will be held on Wednesday, July 27th, 7 PM at The
Greenwich Village School, 6th Avenue and 11th Street, Manhattan.
Tickets for the public are $8 to benefit Virtual Radio Network's
Producers Fund. 

For public Information and Reservations: 718/ 857-8902.

                                *

Celerino Castillo was the Drug Enforcement Administrations senior
agent in El Salvador from 1985 to 1991. He reported to top federal
officials in 1986 about cocaine flights used to supply the contras
by the "North Network." He told the U.S. ambassador to El
Salvador, Edwin Corr, now retired and teaching at the University
of Oklahoma, and then Vice-President George Bush about the drug
smuggling operation but could get no federal official to act on
his information.

Celerino Castillo and Dave Harmon's, book "Powder Burns" will be
released this summer, by Mosaic Press 1-800-387-8992

Terry Reed, an eight year veteran in U.S. Air Force intelligence
in Southeast Asia. He was recruited by Colonel Oliver North to
train Contra pilots at Mena, Arkansas in an operation named "Jade
Bridge." In 1985, North chose Reed to set up a CIA proprietary,
Maquinaria International, in Mexico to serve as an arms warehouse
and trans-shipment point for weapons. When Reed learned he was
also transmitting cocaine he tried to resign and return to the
U.S. but his life was threatened and a warrant was issued for his
arrest. An FBI/CIA manhunt ensued.  Employing skills learned as an
intelligence officer, Reed and his family fled over a six- month,
30,000 mile odyssey through 48 states. In November 1990 Reed was
acquitted. He has gone to court to seek redress for violations of
his civil rights. 

Terry Reed and John Cummings book "Compromised" published by S.P.I
Books/Shapolsky Publishers Inc. 212-633-2022

Terry Reed and Celerino Castillo will be available for interviews.

Call Curtis Ellis, 212-580-2156 Virtual Radio Network.
- -- 
+ 212-675-9690      NY TRANSFER NEWS COLLECTIVE     212-675-9663 +
+           Since 1985: Information for the Rest of Us           +
+            GET INFO from ftpmail%transfr at blythe.org            +
+ e-mail: nyt at blythe.org                   info: info at blythe.org +
               
GLENDA STOCKS                  | FidoNet 1:330/201.0 
SearchNet HeadQuarters         | InterNet GS at rochgte.fidonet.org
Snet Mailing List info, SEND   | Data: 508-586-6977 / 617-961-4865
info snet-l             TO     | Download SEARCHNT.ZIP For Info!
majordomo at world.std.com        | Voicemail: +1-617-341-6114
Searchnet.zec at channel1.com     | FidoNet CHANNELS, & I_UFO moderator

 * RM 1.3 00257 * when's the last time you called your Higher Self?

------- End of Forwarded Message






From perry at imsi.com  Mon Jul 18 09:12:10 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 18 Jul 94 09:12:10 PDT
Subject: Expose on North's Arm Smuggling
In-Reply-To: <199407181603.JAA13382@netcom14.netcom.com>
Message-ID: <9407181609.AA01261@snark.imsi.com>



Consider this to be a request that you leave. I strongly suspect that
any messages requesting that you stay came from your alternate
personalities. Even if you aren't Detweiler (and evidence isn't good
on your side), this is not a place for "psychic exploration" or any
similar stuff. Go away.

Perry


Sue D. Nym says:
> Some people have kindly sent me email encouraging me to stay. I'm still
> vacillating, but thought you might be interested in this. I got this
> from the same place that last message came from, a sort of "psychic
> exploration" list (also deeply interested in world/government events).
> Again, probably from a Fidonet channel originally.
> 
> 
> ****
> 
> 
> (From): NYT at NYXFER.BLYTHE.ORG
> (To)  : ALL
> System: SNET
> Conf. : 0009 - CONSPIRACY
> 
> 
> 
> 
> Via NY Transfer News Collective * All the News that Doesn't Fit
> 
> From: Paul DeRienzo <pdr at echonyc.com>
> 
> 
> 
>                       VIRTUAL RADIO NETWORK
> 
>              184 Underhill Avenue, Brooklyn, NY 11238
>                Tel: 718/622-9660  Fax: 718/622-9781
> 
>             Executive Director: Andrew Leslie Phillips
> 
> 
> July 14, 1994
> FOR IMMEDIATE RELEASE    
> 
> PRESS CONTACTS:  Curtis Ellis   212/580-2156
>             or   Andy Wandzilak 718/622-9660
> 
> 
>                   THE CLINTON-NORTH CONNECTION: 
>                       A live press briefing
> 
>                       Wednesday, July 27th
>                              7:00 pm
> 
> 
> The Virtual Radio Network will host a live press briefing, open to
> the public, that will reveal Senate-hopeful Oliver North's million
> dollar international arms and drugs smuggling operations out of
> Central America into the United States through a covert airstrip
> at Mena, Arkansas protected by then Governor Bill Clinton. 
> 
> Two high level former government officials have agreed to appear
> together in this Virtual Radio Network news making background
> briefing to reveal their eyewitness accounts including:
> 
>  - Why presidential candidate Clinton would not attack President
> Bush's Iran-Contra record.
> 
>  - How Bill Clinton protected Oliver North's Iran-Contra weapons
> for drugs operation at Mena, Arkansas.
> 
>  - Oliver North's direct connections and support of DEA documented
> drug smugglers at El Salvador's Illopango airstrip which was used
> as a CIA-contra resupply point.
> 
> The briefing will be held on Wednesday, July 27th, 7 PM at The
> Greenwich Village School, 6th Avenue and 11th Street, Manhattan.
> Tickets for the public are $8 to benefit Virtual Radio Network's
> Producers Fund. 
> 
> For public Information and Reservations: 718/ 857-8902.
> 
>                                 *
> 
> Celerino Castillo was the Drug Enforcement Administrations senior
> agent in El Salvador from 1985 to 1991. He reported to top federal
> officials in 1986 about cocaine flights used to supply the contras
> by the "North Network." He told the U.S. ambassador to El
> Salvador, Edwin Corr, now retired and teaching at the University
> of Oklahoma, and then Vice-President George Bush about the drug
> smuggling operation but could get no federal official to act on
> his information.
> 
> Celerino Castillo and Dave Harmon's, book "Powder Burns" will be
> released this summer, by Mosaic Press 1-800-387-8992
> 
> Terry Reed, an eight year veteran in U.S. Air Force intelligence
> in Southeast Asia. He was recruited by Colonel Oliver North to
> train Contra pilots at Mena, Arkansas in an operation named "Jade
> Bridge." In 1985, North chose Reed to set up a CIA proprietary,
> Maquinaria International, in Mexico to serve as an arms warehouse
> and trans-shipment point for weapons. When Reed learned he was
> also transmitting cocaine he tried to resign and return to the
> U.S. but his life was threatened and a warrant was issued for his
> arrest. An FBI/CIA manhunt ensued.  Employing skills learned as an
> intelligence officer, Reed and his family fled over a six- month,
> 30,000 mile odyssey through 48 states. In November 1990 Reed was
> acquitted. He has gone to court to seek redress for violations of
> his civil rights. 
> 
> Terry Reed and John Cummings book "Compromised" published by S.P.I
> Books/Shapolsky Publishers Inc. 212-633-2022
> 
> Terry Reed and Celerino Castillo will be available for interviews.
> 
> Call Curtis Ellis, 212-580-2156 Virtual Radio Network.
> - -- 
> + 212-675-9690      NY TRANSFER NEWS COLLECTIVE     212-675-9663 +
> +           Since 1985: Information for the Rest of Us           +
> +            GET INFO from ftpmail%transfr at blythe.org            +
> + e-mail: nyt at blythe.org                   info: info at blythe.org +
>                
> GLENDA STOCKS                  | FidoNet 1:330/201.0 
> SearchNet HeadQuarters         | InterNet GS at rochgte.fidonet.org
> Snet Mailing List info, SEND   | Data: 508-586-6977 / 617-961-4865
> info snet-l             TO     | Download SEARCHNT.ZIP For Info!
> majordomo at world.std.com        | Voicemail: +1-617-341-6114
> Searchnet.zec at channel1.com     | FidoNet CHANNELS, & I_UFO moderator
> 
>  * RM 1.3 00257 * when's the last time you called your Higher Self?
> 
> ------- End of Forwarded Message
> 





From hfinney at shell.portal.com  Mon Jul 18 09:30:21 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 18 Jul 94 09:30:21 PDT
Subject: Key length security (calculations!)
In-Reply-To: <9407180852.AA10228@ua.MIT.EDU>
Message-ID: <199407181631.JAA06377@jobe.shell.portal.com>


JWS writes:

>[I describe the shamir triple pass key exchange protocol]

>> I suspect this protocol is covered by the Diffie-Hellman patent, which is
>> quite broad, covering many sorts of key exchanges.  Diffie-Hellman is now
>> owned by PKP, the sister company to RSA.  If so, Shamir has not undercut his
>> own financial interests by this work.  (Also, this does not obsolete PK
>> since it requires several exchanges before communication can occur, making
>> it inappropriate for high-latency communications, such as for most email.)

>Can anybody verify this? I thought that DH only applied to public key systems.
>Surely the idea of exchanging keys can't be patented. You have to patent the
>process and I though DH just took care of the public key symetric key exchange 
>process.

As I recall, the patent is very general.  A sends a message to B, B sends
one back to A; this goes on for a while, then both sides feed their messages
into a black box and, presto, out pops a suitable encryption key which is the
same for both sides, but is such that no eavesdropper could feasibly produce
the key.  It's been a long time since I looked at it, though.  I would welcome
some verification.

(I should also add that my comment about Shamir not undercutting his own
financial interests was apparently incorrect if he has actually sold out his
interest in RSA as reported.)

Hal





From nym at netcom.com  Mon Jul 18 09:58:19 1994
From: nym at netcom.com (Sue D. Nym)
Date: Mon, 18 Jul 94 09:58:19 PDT
Subject: Expose on North's Arm Smuggling
In-Reply-To: <9407181609.AA01261@snark.imsi.com>
Message-ID: <199407181657.JAA23135@netcom14.netcom.com>



"Evidence"? Because I post from the same city as this "Detweiller"
net.kook I am guilty by association?

I did NOT make up people's supportive mail. I'll send you a
copy if you don't believe me, if you promise to keep it private.

I think you must have something against women. In fact, I think
the whole list is pretty unbalanced. I haven't seen any other
women except Sandy post. If you are trying to create an atmostphere
of fear and intimidation, let me say that you have succeeded!

Are you involved with the moderation with the list? What is your
authority to tell me to get lost? I am certainly thinking of giving
up on you guys. I have posted two messages I thought were similar
to everyone's interests here. But all I get is a lot of serious
antagonism.

Look, I'll level with you. The name *is* a pseudonym. But it's to
keep jerks like you from harassing and stalking me in the real world.
It seems that people that are jerks in the real world can be even
more insane in cyberspace. I've had some bad experiences in the
past when I used my real name.

I don't think I will have much to say to you in the future. And I may
stick around just to spite you. It's a free country, last time I
checked (contrary to what all you Orwellian-thought-police-paranoids think) 
and I'm free to choose.

This is a nasty message, but you are being nasty to me for no reason. 
I'm going to use you as a punching bag for everyone that is bashing me
for nothing. When/if you apologize, I will.

Have you ever looked at a newborn child? Do you think, "here is another
perverted arm of humanity waiting to cause untold misery"? Or do you think,
"what a joyous event, a clean slate, an innocent soul come to the world
with undreamed-of possibilities"?

If you believe in reincarnation (as I do) you will understand that the
earthly realm is a place where souls are being recycled. And a baby is
born without a tatoo of all their previous crimes against humanity 
for a *reason*-- so that the Perry Metzgers of the world give them a 
chance anyway. 

So think of my new "appearance" into this forum that like a new baby. A
chance for a new beginning, a clean slate. We are all fellow passengers
on this planet earth. Let us work together in harmony and find our
common goals, and resolve peacefully our differences.

There are a lot of neat parallels between reincarnation and email addresses.
When someone gets a new email address it is like their spirit has found
a new vehicle for expression free of prior "reputation baggage"
(identical to the process it goes through of "wearing" a body). In
weird cases where people seem to be "possessed" by different spirits,
or people are "channeling" them, it is just a case (or "manifestation)
of the lack of an entirely one-to-one correspondence between spirits
and bodies, just as there is not a one-to-one correspondence between
people and email addresses.

I find it a refreshing atmosphere, full of possibilities. I thought
some cypherpunks were interested in this kind of thing. I remember
seeing someone's flashing signature about "digital pseudonyms" or 
something like that. Isn't that the idea? It is all just another
variation of the scenes that play out in this earth drama. Whether
the aspect of this "fluidity of identity" is used for good or evil
is based on the application.

I foresee a new harmony between technology and spirituality in the
near future in which these ideas won't sound so bizarre. But I will not
be depressed by anyone's attacks of my ideas. I have long ago learned
how to "turn the other cheek" over ideas. In fact, it is easy in
cyberspace.

I hope you can get over your obvious intolerance, Perry.

--nym at netcom.com





From nym at netcom.com  Mon Jul 18 09:59:16 1994
From: nym at netcom.com (Sue D. Nym)
Date: Mon, 18 Jul 94 09:59:16 PDT
Subject: oops
Message-ID: <199407181659.JAA23336@netcom14.netcom.com>



Oops. I meant to send that last message to Perry Metzger only but my
mail software automatically cc:ed the list. My apologies for wasting
bandwidth.





From perry at imsi.com  Mon Jul 18 10:12:47 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 18 Jul 94 10:12:47 PDT
Subject: Expose on North's Arm Smuggling
In-Reply-To: <199407181657.JAA23135@netcom14.netcom.com>
Message-ID: <9407181709.AA01350@snark.imsi.com>



Sue D. Nym says:
> I think you must have something against women.
> I haven't seen any other women except Sandy post.

You know, L. (if I may call you L.) you are at least getting creative.

> I am certainly thinking of giving up on you guys.

Don't allow me to stand in your way.

.pm





From nelson at crynwr.com  Mon Jul 18 10:34:41 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Mon, 18 Jul 94 10:34:41 PDT
Subject: Expose on North's Arm Smuggling
In-Reply-To: <9407181709.AA01350@snark.imsi.com>
Message-ID: <m0qPwbl-000I7XC@crynwr.com>


   Date: Mon, 18 Jul 1994 13:09:01 -0400
   From: "Perry E. Metzger" <perry at imsi.com>

   Sue D. Nym says:
   > I think you must have something against women.
   > I haven't seen any other women except Sandy post.

   You know, L. (if I may call you L.) you are at least getting creative.

If Sue is indeed a tentacle of Detweiler, don't you think we should
encourage his more sane personalities?  And if not a tentacle, aren't
you getting a little weirded out, Perry?

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From perry at imsi.com  Mon Jul 18 10:36:23 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 18 Jul 94 10:36:23 PDT
Subject: Expose on North's Arm Smuggling
In-Reply-To: <m0qPwbl-000I7XC@crynwr.com>
Message-ID: <9407181736.AA01392@snark.imsi.com>



Russell Nelson says:
>    Date: Mon, 18 Jul 1994 13:09:01 -0400
>    From: "Perry E. Metzger" <perry at imsi.com>
> 
>    Sue D. Nym says:
>    > I think you must have something against women.
>    > I haven't seen any other women except Sandy post.
> 
>    You know, L. (if I may call you L.) you are at least getting creative.
> 
> If Sue is indeed a tentacle of Detweiler, don't you think we should
> encourage his more sane personalities?  And if not a tentacle, aren't
> you getting a little weirded out, Perry?

As I've said, if Sue isn't a tentacle, s/he is posting rather useless
drivel anyway. Frankly I'd say that the evidence is far from
conclusive as to Sue's identity, but it isn't so difficult to note
that random drivel about Ollie North isn't relevant, and that "newage"
(rhymes with sewage) isn't very relevant either.

Perry





From johndo at microsoft.com  Mon Jul 18 11:03:17 1994
From: johndo at microsoft.com (John Douceur)
Date: Mon, 18 Jul 94 11:03:17 PDT
Subject: Why triple encryption instead of split+encrypt?
Message-ID: <9407181803.AA19912@netmail2.microsoft.com>



-----BEGIN PGP SIGNED MESSAGE-----

>From:  <solman at MIT.EDU>
>Date: Friday, July 15, 1994 2:45AM

>Although I mentioned "true" secret splitting at the end of my post, I was
>refering to non-redundant secret splitting in most of the post. That is,
>for each 128 bit block, you split it into two 64 bit blocks. Obviously you
>have to make sure that in the inverse of the split, each bit of the 128 is
>dependent on multiple bits in both 64 bit parts.

I read this as something like the following:

int munge[16] = {0x0, 0xE, 0xD, 0x3, 0xB, 0x5, 0x6, 0x8,
                 0x7, 0x9, 0xA, 0x4, 0xC, 0x2, 0x1, 0xF};

for (int i = 0; i < num_blocks/2; i++)
  {
  unsigned int s0 = source[2*i], s1 = source[2*i+1];
  unsigned int d0 = 0, d1 = 0;
  for (int j = 0; j < 8; j++)    // 32-bit ints assumed
    {
    d0 |= munge[(s0>>(4*j)) & 0xF] << (4*j);
    d1 |= munge[(s1>>(4*j)) & 0xF] << (4*j);
    }
  dest0[i] = (d1 & 0xAAAAAAAA) | (d0 & 0x55555555);
  dest1[i] = (d1 & 0x55555555) | (d0 & 0xAAAAAAAA);
  }

This fragment splits alternating bits from each contiguous pair of 64-bit
blocks in the source[] array into two blocks, each of which is placed
into one of the two dest[] arrays.  The inner loop first makes each bit
in the pre-split data dependent on the three other bits in the same
nibble.  Is this consistent with your suggestion?

>This is obviously not as secure as traditional secret splitting, but you
>don't need it to be because this isn't a threshold scheme. You just need
>to guarantee that knowing one half does not allow you to reassemble the
>other half.

I believe these claims hold true for the above code.

>I am claiming that you can allow the crypt analyst to remove
>half of the entropy from the plaintext (did I phrase that right? probably
>not :( ) and the other half will still require successful cryptanalysis
>of DES and since you can't tell if you're right until you get both halves,
>meet in the middle does not work.

Yes and no.  Meet-in-the-middle does not work, per se, or more precisely
has no applicability.  Recall that meet-in-the-middle is a method of
extending a known-plaintext attack on a single encryption to multiple
encryptions by means of an enormous amount of memory to hold intermediate
results.  In the split+encrypt proposal (as I have implemented it above),
a known-plaintext attack can be applied directly, with only twice as much
computation as that needed for a single encryption, and no need for large
amounts of memory.

The cryptanalytic approach is simple:

     1) Split the known plaintext, P, with the splitting algorithm, into
        P0 and P1.

     2) Apply known-plaintext attack to P0 and C0 to determine key K0.

     3) Apply known-plaintext attack to P1 and C1 to determine key K1.

>So, is a secret splitting algorithm that does NOT increase redundancy
>followed by DES with different keys on both halves as secure as triple
>DES?

No.  It is not even as secure as double DES, since cryptanalysis of the
former has the same computational complexity as the latter, but without
the extreme memory requirements of meet-in-the-middle.

>I believe so, but I would like your opinions on the issue before
>I consider implementing this.

MHO.

>If it works it would be especially nice
>because it allows arbitrary extension of keysize without substantially
>increasing the time required for computation.

A noble goal.  It would also have allowed multi-threaded crypto code on
multiprocessor machines to perform the separate encryptions in parallel.

>I have a hunch that if I'm wrong, its because the time required to do secure
>non-redundant secret splitting is as large as the time I'm saving.

>JWS

JD

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLirAX0GHwsdH+oN9AQH9uQQAswJhWwuB57y/V2ETz0epmFCKqk9JAwLC
WWF9P5sNoOIHDK0soACURcvRCAWnUMJnXspbQ+0B2nQa7aWFLgD9lbm9obvbZREP
9q1dAqjK1yKxu1qxunk3wsdc7tyDMJzdOwGnpUOR1Gs7hqDOtVbs3wG9napzBY4h
2ndBT/BtJec=
=QDW9
-----END PGP SIGNATURE-----





From hughes at ah.com  Mon Jul 18 11:09:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 18 Jul 94 11:09:22 PDT
Subject: Card Playing Protocol?
In-Reply-To: <9407161814.AA23394@ua.MIT.EDU>
Message-ID: <9407181745.AA22115@ah.com>


   If I implement a card playing protocol and Okamoto & Ohta's bankless cash

Bankless?  The paper I have from them (in CRYPTO '91) is not bankless.

Eric





From jrochkin at cs.oberlin.edu  Mon Jul 18 11:13:23 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 18 Jul 94 11:13:23 PDT
Subject: pseudonyms and such
Message-ID: <199407181813.OAA19246@cs.oberlin.edu>


I think it's rather odd to find cypherpunks basically flaming someone 
because they choose to use a pseudonym instead of their real name. 
Or presuming guilt of being Detweiler because of the choice to use the
pseudonym.  Isn't the right to hide one's official on-your-passport
identity something that we all supposedly support?  Seems kind of contrary
to this goal to go making anyone who exercises this right feel unwelcome
on the list.  
 
I'm sure if someone had mailed this sue person, and politey explained why they
felt her posts to be inappropriate, she would have changed her behavior.
And if she didn't, _then_ you could try to make her feel as unwelcome as
possible. Sure, this plan of action means that Detweiler-spoofs are
a bit more effective, and detweiler identities will take a bit longer to
be "outed".  And preventing the clipper chip from becoming a standard means that
drug dealers will have a bit of an easier time, especially if we succeed
in making PGP standard. Or terrorists. Such is the cost of being fair. 
 
I think it's awfully hypocritical to judge this pseudonomous person
harshly merely because of her pseudonimity, or because that 
pseudonimity makes you suspect she's really detweiler. 





From rfb at lehman.com  Mon Jul 18 11:19:31 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Mon, 18 Jul 94 11:19:31 PDT
Subject: Newbies on Cypherpunks
In-Reply-To: <gate.PN3iPc1w165w@dxm.ernet.in>
Message-ID: <9407181817.AA03637@fnord.lehman.com>


    From: rishab at dxm.ernet.in
    Date: Fri, 15 Jul 94 19:19:48 +0530
    
    After all, almost anyplace you find the Cypherpunks list mentioned, the 
    address given is the list address, not the subscription one. We can't really
    expect people who are not necessarily very net-aware, who just happened to
    see the address in some article somewhere, to know all about mailing list
    protocol...

Especially since people who've been around for a while could easily
get frustrated by the fact that cypherpunks-request at toad.com doesn't
bounce, but doesn't result in subscript either.

			Rick





From solman at MIT.EDU  Mon Jul 18 11:20:33 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Mon, 18 Jul 94 11:20:33 PDT
Subject: Probabilistic encryption works!
In-Reply-To: <gate.qBgLPc1w165w@dxm.ernet.in>
Message-ID: <9407181819.AA14370@ua.MIT.EDU>


> Congratulations! You've just described the Blum-GoldWasser Efficient 
> Probabilistic Public-Key Encryption Scheme, first outlined in Crypto 84.
> Nice description in Schneier, who says it's much faster and more secure
> than any other PK scheme, but can obviously only be used one-way as it's
> vulnerable to a chosen plaintext attack. It would be possible to cook up 
> a protocol to allow for signatures as well, but it'd be tricky.

Is this true? I've given this some thought and I had convinced myself that
the nature of the algorithm makes it fundamentally impossible. You tend
to give away bits of information reguardless of how you use it. I'd like
to be wrong though...

JWS





From joshua at cae.retix.com  Mon Jul 18 11:35:00 1994
From: joshua at cae.retix.com (joshua geller)
Date: Mon, 18 Jul 94 11:35:00 PDT
Subject: pseudonyms and such
In-Reply-To: <199407181813.OAA19246@cs.oberlin.edu>
Message-ID: <199407181835.LAA03330@sleepy.retix.com>



>   I think it's rather odd to find cypherpunks basically flaming someone 
>   because they choose to use a pseudonym instead of their real name. 
>   Or presuming guilt of being Detweiler because of the choice to use the
>   pseudonym.  Isn't the right to hide one's official on-your-passport
>   identity something that we all supposedly support?  Seems kind of contrary
>   to this goal to go making anyone who exercises this right feel unwelcome
>   on the list.  

finger is generally enabled at netcom. interestingly, fingering nym at netcom
causes a segmentation fault. .plan a link to something wierd maybe?

>   I think it's awfully hypocritical to judge this pseudonomous person
>   harshly merely because of her pseudonimity, or because that 
>   pseudonimity makes you suspect she's really detweiler. 

well, she seems to be an idiot which is usually enough for me.

josh






From hughes at ah.com  Mon Jul 18 11:37:39 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 18 Jul 94 11:37:39 PDT
Subject: Card Playing Protocol?
In-Reply-To: <199407170623.AA29265@world.std.com>
Message-ID: <9407181813.AA22205@ah.com>


   (At a comms protocol
   level there might always be a single server per game--I don't know
   yet--but I would like to hide that sort of stuff from users.)

There's no need for a central server per game, even running on one of
the player's own machines.  What is possible with crypto is completely
flat distribution of the simulation.  The difference is profound.  I
would suggest that all who don't understand this meditate upon coin
flipping protocols, the simplest flatly distributed simulation--here,
of a random number generator.

Eric






From hughes at ah.com  Mon Jul 18 11:40:42 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 18 Jul 94 11:40:42 PDT
Subject: Card Playing Protocol
In-Reply-To: <199407170638.AA01093@world.std.com>
Message-ID: <9407181816.AA22222@ah.com>


   >Time to read crypto.

   HEY!  I've read Schneier (if that is what you meant).

No.  Schneier is a start, but the source papers are really a must read
for an actual implementer.

Schneier's book is very good as a survey of technique and ideas.  The
bibliography is _excellent_, and make the survey truly useful.

Eric





From hughes at ah.com  Mon Jul 18 12:00:03 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 18 Jul 94 12:00:03 PDT
Subject: How to make a random permutation
In-Reply-To: <9407171514.AA15664@prism.poly.edu>
Message-ID: <9407181835.AA22253@ah.com>


A deck shuffling method was presented:

   //shuffle the deck:
   for (i=0; i<=10000; i++)
    {
     c1=rand() % (4*13+2);
     c2=rand() % (4*13+2);
     swapcards(&cards[c1],&cards[c2]);
    }


I continue to be amazed at how few people know an algorithm to
generate a truly random permutation efficiently.  There's one (due to
Parnas, if I remember correctly) which generates each of the 52!
possible permutations with equal probability, runs with exactly 52
loop iterations (i.e. a 200 time speed up over the above), and is
provably correct by a simple induction.

Assume random(x) returns a random integer between 0 and x.

a[ 0 ] = 0 ;
for ( x = 1 ; x < N ; ++ x ) {
    i = random( x ) ;
    if ( i == x ) {
	a[ i ] = i ;
    } else {
	a[ x ] = a[ i ] ;
        a[ i ] = x ;
    }
}

Proof is left to the reader.  (Hint: use induction on N.)

Eric





From lefty at apple.com  Mon Jul 18 12:07:31 1994
From: lefty at apple.com (Lefty)
Date: Mon, 18 Jul 94 12:07:31 PDT
Subject: pseudonyms and such
Message-ID: <9407181904.AA18242@internal.apple.com>


>I think it's rather odd to find cypherpunks basically flaming someone 
>because they choose to use a pseudonym instead of their real name. 

I suspect that's not it.  _Lots_ of people post to the list using
pseudonyms, in case you haven't noticed.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From lefty at apple.com  Mon Jul 18 12:19:18 1994
From: lefty at apple.com (Lefty)
Date: Mon, 18 Jul 94 12:19:18 PDT
Subject: Objet Trouve from talk.religion.newage
Message-ID: <9407181917.AA18646@internal.apple.com>


If this _is_ Detweiler, he's getting quite a bvit stranger...

>Newsgroups: talk.religion.newage
>Path:
>gallant.apple.com!trib.apple.com!agate!darkstar.UCSC.EDU!news.hal.COM!olivea!ch
>arnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!nym
>From: nym at netcom.com (Sue D. Nym)
>Subject: Re: Light & Love to Jupiter!
>Message-ID: <nymCszrzw.G71 at netcom.com>
>Organization: NETCOM On-line Communication Services (408 261-4700 guest)
>X-Newsreader: TIN [version 1.2 PL1]
>References: <3040nf$oor at triton.unm.edu>
>Date: Fri, 15 Jul 1994 17:16:43 GMT
>Lines: 15
>
>
>I was just thinking that the collision of the comet with jupiter seems
>to be to be symbolic of a sperm colliding with an egg.
>
>I was reading recent forwarded Ashtar channelings which stated that
>the collision will create a sort of new harmonic resonance in this
>plane. that explanation seems intuitive to me. the whole solar system
>is going to ring at the striking of the bell, the `blaring of the
>first trumpet' (which someone was claiming this constitutes).
>
>p.s. could someone familiar with the Revelations describe some of
>the symbolism of the trumpets?

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From ebrandt at muddcs.cs.hmc.edu  Mon Jul 18 12:31:39 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Mon, 18 Jul 94 12:31:39 PDT
Subject: Expose on North's Arm Smuggling
In-Reply-To: <199407181657.JAA23135@netcom14.netcom.com>
Message-ID: <9407181930.AA17251@muddcs.cs.hmc.edu>


> So think of my new "appearance" into this forum that like a new baby. A
> chance for a new beginning, a clean slate.

*New* appearance?  Do you mean to say you've been here before?
As L. Detweiler, as an12070, as tmp at netcom?

But anyway, you're right.  A new e-mail address is a chance for a
new beginning.  I suggested something like this to you when you
showed up as tmp at netcom.com, in fact.  But you didn't exactly hold
up your end of the game.  This time, I'm not willing to cut you as
much slack.  Your "BIG COLLISION" announcement and the probably-yours
"WE ARE BLAMELESS AT NETCOM" slander don't encourage me, either.
You're piling up some lousy karma for future incarnations...

   Eli   ebrandt at hmc.edu




From nzook at math.utexas.edu  Mon Jul 18 12:45:27 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Mon, 18 Jul 94 12:45:27 PDT
Subject: "Sue" and Detweiler
Message-ID: <9407181942.AA29990@vendela.ma.utexas.edu>




Okay, so I'm very new here.  Got a nickel?  Here's three cents change...

First, if you look to the posts, the Detweiler connection/accusation did not
stem from the name being used.  Cyber-stalking (combo of net-stalking and
physical stalking) has been documented, and I seriously doubt that anyone
that belongs on this list would object.  More specificly, how can Nobody
get upset about Sue?

The connection/accusation _did_ arise, however, when the text of the post
was analysized.  The Clinton/North post greatly enhanced the connection.
Once the connection was made, the system started looking for "collateral"
evidence, and found some.


Some words to "Sue":  If you have, in fact, been the subject of stalking,
physical, net, or cyber, please accept my appologies on behalf of all
honorable males for failing to properly limit the number/range of these
monsters.

If you wish to avoid being connected to Detweiler, limit your posts accordingly
Specifically, don't philosophize about 42 unless it has a strong crypto/
privacy slant.  Don't post conspiracy info unless it has a strong crypto/
privacy slant.  In fact, avoid ALL posts that don't have some/privacy slant.

Most of us have many other things to do, and since this list does around 300
posts per week, many are annoyed at best by off-topic posts.  This explains
the reason for the "Go Away" responses.


As for threats to the remailer that posted Detweiler, why not just recylce
the threat?  A and B threaten C, C routes A to B and B to A.  More to the
point, this is the fronteer, and most of us are learning.
eg: Ambulance-chasing spammers get mail-bombed.  Sounds like appropriate
Justice to me.


Now, _I_ better quit before someone suspects _me_.

Nathan Zook

When Senator Hatch supports any Clinton nominee great guns from the get go,
worry.





From sandfort at crl.com  Mon Jul 18 12:51:15 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 18 Jul 94 12:51:15 PDT
Subject: pseudonyms and such
In-Reply-To: <199407181813.OAA19246@cs.oberlin.edu>
Message-ID: <Pine.3.87.9407181252.A26243-0100000@crl.crl.com>


C'punks,

On Mon, 18 Jul 1994, Jonathan Rochkind wrote:

> I think it's rather odd to find cypherpunks basically flaming someone 
> because they choose to use a pseudonym instead of their real name. 
> Or presuming guilt of being Detweiler because of the choice to use the
> pseudonym.
> . . . 
> I think it's awfully hypocritical to judge this pseudonomous person
> harshly merely because of her pseudonimity, or because that 
> pseudonimity makes you suspect she's really detweiler. 

It looks as though Jonathan is assuming facts not in evidence.  I don't 
recall ANY posts that judged "this pseudonomous person harshly merely 
because of her [sic] pseudonimity," or otherwise (emphasis added).
^^^^^^^
I think it would behoove us to eschew knee-jerk reactions in favor of 
careful reading and critical thinking.


 S a n d y








From blancw at microsoft.com  Mon Jul 18 12:54:19 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 18 Jul 94 12:54:19 PDT
Subject: pseudonyms and such
Message-ID: <9407181954.AA28453@netmail2.microsoft.com>


From: Jonathan Rochkind

I'm sure if someone had mailed this sue person, and politey explained why they
felt her posts to be inappropriate, she would have changed her behavior.
...........................................................

FYI,  I did write to the "sue person" and explained further about list 
subjects & LD's subjects, and received the reply  that (among other things):

	"OK OK I will try to lay of the posting for awhile."

If nym at netcom.com is not LD, then it should be that he/she will hold 
true to their word.

Blanc





From nzook at math.utexas.edu  Mon Jul 18 12:57:59 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Mon, 18 Jul 94 12:57:59 PDT
Subject: Pseudo-Random Number Generators & _BIG_ Primes
Message-ID: <9407181955.AA00121@vendela.ma.utexas.edu>



I've pasted my algebra prelim, so please consider my intuition here as
possibly being above average.

Last week, some posters were talking about using "good" pseudo-random number 
generators for working with big primes.  I would hope that all here are 
aware of the non-recursive and non-algebraic distribution of primes.  It is
my deepest suspicion that in fact primes are strongly non-recursive and
non-algebraic.  That is, I suspect that tests for primeness, and quests
for primitive roots of primes, form a test for randomness whose strength
is directly linked to the length of the prime, possibly in a non-polynomial
fashion.

What I am saying is:  until I see a proof that some pseudo-random code will
in fact work for primality testing (in all cases), or primitive root
searching, I shall hold that {p|p is a "bad" prime} is nonempty.  As a
lemma, I claim that elements of this set are _precisely_ the sorts of primes
that we would wish to use.

$.02

Nathan Zook

When Senator Hatch supports a Clinton nominee great guns from the get-go,
worry.






From weaver at avtc.sel.sony.com  Mon Jul 18 12:59:21 1994
From: weaver at avtc.sel.sony.com (Eric Weaver)
Date: Mon, 18 Jul 94 12:59:21 PDT
Subject: TCMay on KFJC Tonight at 6
Message-ID: <9407181843.AA20576@sosfc.avtc.sel.sony.com>


Tonight on a Very Special "Thoughtline" I'll have Tim May, discussing
coming social changes due to crypto-technology, including things such
as anonymity, e-cash and dreaded national ID cards.

6 PM on 89.7 in the Bay basin, or check your cable listings.





From weaver at avtc.sel.sony.com  Mon Jul 18 12:59:49 1994
From: weaver at avtc.sel.sony.com (Eric Weaver)
Date: Mon, 18 Jul 94 12:59:49 PDT
Subject: TCMay on KFJC Tonight at 6
Message-ID: <9407181847.AA20596@sosfc.avtc.sel.sony.com>


Tonight on a Very Special "Thoughtline" I'll have Tim May, discussing
coming social changes due to crypto-technology, including things such
as anonymity, e-cash and dreaded national ID cards.

6 PM on 89.7 in the Bay basin, or check your cable listings.

And no jokes about my air name, please.  Gotta have it; union rules.





From ebrandt at muddcs.cs.hmc.edu  Mon Jul 18 13:00:13 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Mon, 18 Jul 94 13:00:13 PDT
Subject: How to make a random permutation
In-Reply-To: <9407181835.AA22253@ah.com>
Message-ID: <9407181959.AA18227@muddcs.cs.hmc.edu>


Eric Hughes said:
> I continue to be amazed at how few people know an algorithm to
> generate a truly random permutation efficiently.

The slowest one I've seen in code is "pick at random until you
get an unchecked element; select it and check it off."  What's
worse is how many people know algorithms that they *think*
generate true-random permutations, but which don't.  They are
sometimes good approximations in practice, but it irks me.

1. Assign a random tag to each element.  Sort on these.
2. The one you responded to: do a large number of swaps.
3. Sort, using a random bit generator as a comparator function.
   (This one is actually in Schneier.)

Why?
1. Tag collisions.
2. Asymptotic at best.
3. Counting argument.

Elaboration is left as an exercise, etc. etc.

   Eli   ebrandt at hmc.edu




From tcmay at netcom.com  Mon Jul 18 13:08:19 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 18 Jul 94 13:08:19 PDT
Subject: Handling subscription requests
Message-ID: <199407181937.MAA24344@netcom7.netcom.com>


Rishab asked earlier if there isn't some way that Majordomo could
automatically filter the requests that go this list instead of to the
Majordom agent.

Pretty unlikely, for various reasons:

- The requests would be poorly formed, such as "Can anyone tell me how
to subscribe?" and I can't imagine anything short of a CPU-intensive
natural language processor able to deduce the actions needed.
Certainly I don't want to get added again, or be sent a message, every
time "Pretty Good Autosubscriber" sees the word "subscribe" in one of
my messages! (Yes, I can imagine an algorithm--"if not already a
subscriber and mentions subscribe, then...")

- In any case, this is very far from what Majordomo now does. In fact,
Majordomo is very picky about the command syntax it expects to see.

- And the CPUi-intensive filtering to look for the right magic words
would be unwelcome. Especially if every message to
cypherpunks at toad.com had to be examined! (Again, I can imagine way to
reduce this, such as only looking closely at nonsubscriber messages.
But not in Majordomo's current feature set.)

So what to do?

Frnakly, I don't think it's too big a problem. Only a couple of these
hit the list per week, even after the list has gotten some publicity
someplace like "Wired."

Here's what I try to do, when I remember. When I see one of these
requests I reply and attach this message:


How to Subscribe to the Cypherpunks List


This message is just an informal tip sheet on how to get on and off
the Cypherpunks list, sent manually by me to people who ask how they
can join the list.

The Cypherpunks list is managed automatically by the "Majordomo"
program, which is commonly used for mailing lists. Command syntax may
be familiar to you from other lists.

To subscribe:

* Send a message to: majordomo at toad.com

* No subject is needed, or is used

* In the *body* section, include only the following:

subscribe cypherpunks


* This will subscribe you with the address from which you sent the
message. If you wish to subscribe with a different address, for some
odd reason, send a "help cypherpunks" message instead.

* Unsubscribe by sending the message: unsubscribe cypherpunks

* A list of current subscribers can be gotten by sending the message
"who cypherpunks" to the same address. Be forewarned--your membership
on the list will be known to others. (Hal Finney and others have
talked about providing secondary mailing list, which can even be
encrypted.) 

Comments:

- Write the above information down somewhere. Do not send unsubscribe
messages to the main list (cypherpunks at toad.com). And the address
"cypherpunks-request at toad.com" probably will not work either. Use
majordomo at toad.com. 

- The list is a high volume one. Fifty messages a day is common. If
you can't handle this, unsubscribe. Or read your mail several times a
day and make liberal use of the "delete" function.

- The list was started in 1992 and has roughly 600 subscribers.

- If you are new to the list, read for a while before posting. Be
especially polite by not asking "dumb" questions like "Why is Clipper
a bad idea?" and "Can anybody break this code?" (It is sometimes said 
there are no dumb questions. I disagree.)

- You will also receive a longer welcome message after your
subscription has been successfully processed.

- The subscriber list has gotten corrupted several times, due to disk
space problems. If you receive no traffic for several hours or more,
do a "who cypherpunks" to see if this has happened again. Either
resubscribe in the usual way, or wait for the list to (maybe) be
restored.

- If you find yourself getting two copies of every message, see if you
are subscribed under two different mailing addresses. (The mail headers
should tell you.) Then unsubscribe the address you don't want to use.

This should answer the most obvious questions. Feel free to pass this
message on to folks who ask about subscribing.


--Tim May





-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From solman at MIT.EDU  Mon Jul 18 13:19:22 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Mon, 18 Jul 94 13:19:22 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407181803.AA19912@netmail2.microsoft.com>
Message-ID: <9407182018.AA15727@ua.MIT.EDU>


> The cryptanalytic approach is simple:
> 
>      1) Split the known plaintext, P, with the splitting algorithm, into
>         P0 and P1.
> 
>      2) Apply known-plaintext attack to P0 and C0 to determine key K0.
> 
>      3) Apply known-plaintext attack to P1 and C1 to determine key K1.

Clearly, if you have access to P0, P1; C0 and C1 this attack crushes the
algorithm. In most books I've seen, it is assumed that you do not have
access to this. For example, it is not considered a liability that somebody
hacking a DES encrypted message after 8 rounds could have a _relatively_
easy time hacking it.

Nonetheless, your cryptanalytic algorithm makes clear an additional
constraints that must be placed on the system which I had not realized:

>From the algorithm, the plaintext, and the cypher text, in must not be
possible to reconstruct both the plaintext, and the cyphertext for either
half of the message.

To that end I would suggest the improvement of making the splitting
operation dependent on the keys.

One of many possible implementations: Do a simple splitting operation
like the one johndo suggested. Concatenate the two halves. Then hash
the concatenation of the two keys. Concatenate the negation of the hash
to the hash. Then multiplex the bits of the message to message #0 and
message #1 based on the bits in the resultant string of bits, repeating
the string until all the message bits are allocated. This prevents them
from splitting the problem in two thus, I believe, requiring the full
attack, giving arbitrarilly strong protection based on your favorite
fully analyzed encryption algorithm while only minimally decreasing speed
versus the single encryption (20-30%) and maintaining the same size. Am
I wrong?





From hayden at vorlon.mankato.msus.edu  Mon Jul 18 13:20:25 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 18 Jul 94 13:20:25 PDT
Subject: TCMay on KFJC Tonight at 6
In-Reply-To: <9407181847.AA20596@sosfc.avtc.sel.sony.com>
Message-ID: <Pine.3.89.9407181505.E14753-0100000@vorlon.mankato.msus.edu>


On Mon, 18 Jul 1994, Eric Weaver wrote:

> Tonight on a Very Special "Thoughtline" I'll have Tim May, discussing
> coming social changes due to crypto-technology, including things such
> as anonymity, e-cash and dreaded national ID cards.
> 
> 6 PM on 89.7 in the Bay basin, or check your cable listings.

Any chance a digital-audio recording of the could be made available 
(similiar to Internet Talk Radio)?  I'd like to hear what Tim has to say, 
but I don't have a Bay around me. :-)

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**







From greg at ideath.goldenbear.com  Mon Jul 18 13:24:38 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Mon, 18 Jul 94 13:24:38 PDT
Subject: pseudonyms and such
In-Reply-To: <199407181813.OAA19246@cs.oberlin.edu>
Message-ID: <m0qPz50-0005IvC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

Jonathan Rochkind writes:

> I think it's awfully hypocritical to judge this pseudonomous person
> harshly merely because of her pseudonimity, or because that 
> pseudonimity makes you suspect she's really detweiler. 

Detweiler is judged harshly because of his poor behavior, not because
he uses pseudonyms. He would be flamed even more vigorously, I predict,
if he were to reappear with his real name. The pseudonymity does not
make him suspect, the message content does. His plaintive "you all suck -
why are you mean to me - I hate you - can't we be friends? - I'm leaving,
you're awful - maybe I'll stay - I'm just a newbie, be nice to me -
you all suck" whining is classic Detweiler; the recent message to Perry
"accidentally" forwarded to the list takes me back to last summer in a
swoon of deja vu. 

I can't tell whether Xenon or Detweiler wins the prize for most frequently
announcing their final, irrevocable, non-negotiable departure from the
Cypherpunks list and all of its arrogant maniac-losers who don't understand
how things *REALLY ARE*, followed by a re-emergence within a month or two.
Does anyone out there have an accurate count?


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLirign3YhjZY3fMNAQF8EQP9FyT9Z+iAe+8yf181WJGQktnnJk5TK/8e
wojOM8EMTm8jCRYs9b7EdTFfC5uSHRnkgoWI5/OcvcRb2Kp2Lv2gFVRJbl4ubwLV
m3/BoMKTBLtOwFvyZ42icihVwHQqN7GJ1EY70xHhYtHzfVAuuxoV1YHbwXLKLZyj
xrdwU1YwamA=
=57C5
-----END PGP SIGNATURE-----




From Eric_Weaver at avtc.sel.sony.com  Mon Jul 18 13:25:59 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Mon, 18 Jul 94 13:25:59 PDT
Subject: TCMay on KFJC Tonight at 6
In-Reply-To: <Pine.3.89.9407181505.E14753-0100000@vorlon.mankato.msus.edu>
Message-ID: <9407182025.AA21441@sosfc.avtc.sel.sony.com>


   Date: Mon, 18 Jul 1994 15:21:56 +0100
   From: "Robert A. Hayden" <hayden at vorlon.mankato.msus.edu>

   On Mon, 18 Jul 1994, Eric Weaver wrote:

   > Tonight on a Very Special "Thoughtline" I'll have Tim May...

   Any chance a digital-audio recording of the could be made available 
   (similiar to Internet Talk Radio)?  I'd like to hear what Tim has to say, 
   but I don't have a Bay around me. :-)

Tellya what, I'll inquire of the ITR guys if they'd take a tape and
put it out.  Best we can do, until the MBone has enough capacity for a
continuous KFJC feed.





From Ben.Goren at asu.edu  Mon Jul 18 13:33:52 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Mon, 18 Jul 94 13:33:52 PDT
Subject: PGP bug *NOT* yet fixed
Message-ID: <aa5092810202101e7432@[129.219.97.131]>


At 5:58 PM 7/17/94, Jeffrey I. Schiller wrote:
>Chill out friend. We are working on a bugfix release to PGP which will
>fix several important bugs. The bug you mention is fixed in our
>development sources and will be fixed in the next release. Read Colin's
>note carefully. If you do you will realize that this problem is not
>a disaster [. . . .]

It might not be a disaster, but if it was bad enough for Colin to write
that message--it couldn't have been comfortable to admit to such a
mistake--it seems more than worthwhile to fix it at the same time,
especially considering that the fix could be as simple as putting his
message in the release directory.

I certainly thank Colin for having the courage to publicly announce the
mistake; my complaint is that there wasn't any follow-through.

The point is that this is damaging to PGP's reputation--it makes the
programmers look amateurish. You might be amatuers, but you sure haven't
acted like it until this. Any security-related bug serious enough to
announce is serious enough to fix immediately; otherwise, we should take
"Pretty Good" much more literally than most of us do now.

Heck, it would have taken a fraction of the time to fix the code than it
must have for Colin to write the letter.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From werner at mc.ab.com  Mon Jul 18 13:47:09 1994
From: werner at mc.ab.com (tim werner)
Date: Mon, 18 Jul 94 13:47:09 PDT
Subject: Leaving the Country
Message-ID: <199407182046.QAA12227@sparcserver.mc.ab.com>


>Date: Sun, 17 Jul 1994 18:27:52 -0400
>From: "Perry E. Metzger" <perry at imsi.com>
>
>Goldwater was a friend of his to the end. Recently, some Republicans
>have been shocked to discover that Goldwater supports equal treatment
>under the law (although not "affirmative action" or other similar
>crud) for Homosexuals and other similar unattractive groups, and that
>he holds other evil "liberal" views. Some conservatives have gone so
>far as to denounce him for "slipping". They never have understood what
>his views have been all along, either.
>
>However, might I point out that none of this has anything to do with
>cryptography?

That may be true, but does it have to do with punks?

tw





From Ben.Goren at asu.edu  Mon Jul 18 13:54:51 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Mon, 18 Jul 94 13:54:51 PDT
Subject: Encrypting fax machine
Message-ID: <aa5096b80302101e710e@[129.219.97.131]>


At 6:07 AM 7/18/94, John Young wrote:
>[. . .]
>We use an encryption algorithm called seeded pseudo-random
>number generator, Mr. Varga said.  The company chose that
>algorithm because it is in the public domain, he added.

*Groan*

One would think that anybody who would go to the expense of designing an
encrypting FAX machine could at least afford to read the introduction to
any beginning crypto book.

Heck, I bet it's even the generator on page 46 of K&R's second edition C book.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From baum at apple.com  Mon Jul 18 14:48:16 1994
From: baum at apple.com (Allen J. Baum)
Date: Mon, 18 Jul 94 14:48:16 PDT
Subject: article: DES strength against attacks
Message-ID: <9407182143.AA02260@newton.apple.com>


"The Data Encryption Standard (DES)and its strength against attacks"
by D. Coppersmith in IBM J. or R&D, v38#3, May 1994 pp243-250


..in this paper, we examine one such attempt [to break DES], the method of
differential cryptanalysis.... we show some of the safeguards against
differential cryptanalysis that were built into the system from the
beginning.

Disclaimer: The present author participated in the design and test of DES,
particularly in the design of the S-boxes and in strengthening them against
differential cryptonalysis. Naturally , this author has strong opinions
about DES and its history. Any opinions in this paper are those of the
author and are not necessarily shared by IBM

**************************************************
* Allen J. Baum              tel. (408)974-3385  *
* Apple Computer, MS/305-3B                      *
* 1 Infinite Loop                                *
* Cupertino, CA 95014        baum at apple.com      *
**************************************************







From smb at research.att.com  Mon Jul 18 15:17:51 1994
From: smb at research.att.com (smb at research.att.com)
Date: Mon, 18 Jul 94 15:17:51 PDT
Subject: article: DES strength against attacks
Message-ID: <9407182217.AA26293@toad.com>


	 "The Data Encryption Standard (DES)and its strength against attacks"
	 by D. Coppersmith in IBM J. or R&D, v38#3, May 1994 pp243-250


	 ..in this paper, we examine one such attempt [to break DES],
	 the method of differential cryptanalysis.... we show some of
	 the safeguards against differential cryptanalysis that were
	 built into the system from the beginning.

	 Disclaimer: The present author participated in the design and
	 test of DES, particularly in the design of the S-boxes and in
	 strengthening them against differential cryptonalysis.
	 Naturally , this author has strong opinions about DES and its
	 history. Any opinions in this paper are those of the author
	 and are not necessarily shared by IBM

Let me strongly recommed this paper.  It shows, quite graphically,
just how tightly coupled some parts of DES are.  You don't make up
a good cipher by random bit-twiddling!  (By contrast, I heard a
presentation last week on the cryptanalysis of another cipher.  It
wasn't that strong a cipher -- 2^18 ciphertexts, 2^27 operations
to crack it -- but it would have been far weaker had it not been for
chance.  The cipher had a right shift operation; originally, it was
left unspecified if an arithmetic or logical right shift should be
used.  When different C compilers started producing different results,
the inventor arbitrarily decided to standardize on arithmetic right
shifts.  It turns out that the other choice was far weaker -- but he
didn't know that.)





From klbarrus at owlnet.rice.edu  Mon Jul 18 16:04:16 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Mon, 18 Jul 94 16:04:16 PDT
Subject: Card Playing Protocol
In-Reply-To: <199407180503.AA15220@world.std.com>
Message-ID: <9407182303.AA03222@flammulated.owlnet.rice.edu>


Kent Borg wrote:
>I will once I am sure I will understand the answer.

Start out simple, just try something like a blackjack game (good
choice since the house strategy follows simple rules) over a
network.

The house shuffles, bit commits to the shuffle, and sends you the
hash.  Then, you can begin playing, or you can try to break the system
by finding a deck with a matching hash.  After you are done, the
casino sends you the deck and you can verify that you weren't cheated.

All sorts of other stuff can be added later, like digital cash, etc.

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
"One man's mnemonic is another man's cryptography" - K. Cooper




From sameer at c2.org  Mon Jul 18 16:09:34 1994
From: sameer at c2.org (sameer)
Date: Mon, 18 Jul 94 16:09:34 PDT
Subject: Handling subscription requests
In-Reply-To: <199407181937.MAA24344@netcom7.netcom.com>
Message-ID: <199407182304.QAA00342@infinity.c2.org>



> 
> Rishab asked earlier if there isn't some way that Majordomo could
> automatically filter the requests that go this list instead of to the
> Majordom agent.
> 

	majordomo does have this feature but it just looks for a word
like subscribe in the body.. rather ugly, but it works. More work for
the list maintainer, less nosie for the recipients. there are +'s and
-'s.



-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From Ben.Goren at asu.edu  Mon Jul 18 16:45:17 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Mon, 18 Jul 94 16:45:17 PDT
Subject: PROTOCOLS: Re: Hashed Hash
Message-ID: <aa50b4fe0702101e8937@[129.219.97.131]>


At 10:54 PM 7/17/94, wcs at anchor.ho.att.com
(bill.stewart at pleasantonca.ncr.com +1-510 wrote:
>> I'm planning on implementing the "cryptographic protection of databases"
>> on page 61 of Schneier, to create a directory of a professional
>> organization that would be useless to telemarketers.
>> [hash last name to get DES key and location of encrypted data in list.]

Not quite; the last name would at least be the foundation of the
key--otherwise, just use the first field to decrypt the second. Location is
either 132 or 160 bytes from the start of the hash; all else is obscurity
that wouldn't be all that effective. Remeber, anybody can do individual
lookups, or else I'd just use some secure method to get it into people's
hands. If you can do individual lookups, you can do a lot (all) of them;
the best I can hope for is to slow that down, preferably in a
cryptographically secure way.

>> [ problems of brute-force and popular-last-names attacks ]
>
>If you're only concerned about telemarketers, this amount of obscurity
>may be enough - anybody competent enough to hash a list of, say,
>10000 last names x 1000 first names into your database is at
>least an *interesting* telemarketer :-)

All it takes is some ambitious employee with connections to somebody with a
medium-sized workstation with a fair amount of idle time, like overnight. A
cheapie Alpha would do very nicely. Let it work--at no cost other than
initial setup and electricity--for a month or three, and you've got an
awful lot of names, even if you don't have the whole database.

There's not much obscurity here. Just write a minimal wrapper to the
existing (supplied) decryption code, unless my "security" relies on
non-cryptographic stalling, like counting to a million before doing
anything. I sure don't want to rely on that.

And a company such as Microsoft wouldn't even notice the effort. Think
about it: a database of musicians (the group I'm doing this for is the Phi
Mu Alpha Sinfonia, the men's professional fraternity in music) known to be
technically inclined--after all, their database is cryptographically
protected. Who better to target for their musical instrument CD?

>If you're concerned about telemarkers from the NSA/FBI/KGB,
>then the algorithm isn't enough anyway [. . .]

If any TLA wants the unencrypted database, they can have it from me for the
price of a warrant--and that's just to be sure that they're not imposters.
Our membership rolls are alerady public.

>An intermediate variant is to use a password as part of the hash;
>if everybody has their own password, the table size is N**2, or you can
>give everyone the same password without increasing the table size,
>and still be able to distribute the list on FTP.
>[. . .]

Nice idea. If there is demand for a program such as this after I've written
the basic version for Sinfonia, I'll code that, as well.

>On the question of whether there are functions I(m) = H(H(m)) for popular
>hashes, by definition there are, since H(H(m)) is one.

Well, by that definition, DES is a group....

>For most of
>the cryptographically useful functions, though, there aren't any that
>are faster than running the hash function twice.  Some exceptions are
>hashes like a**x mod p, x**a mod p, and obviously (a*x+c) mod p.
>But DES is known not to be a group, and MD5 is ugly enough it probably
>isn't group-like either.

Any chance you (or anybody else) can point me in the direction of sources
that would state this definitively? I'd much rather do multiple hashes than
use some sort of kludge with multiple DES encryptions, but I won't unless I
can find something in the literature. "A job worth doing...."

>                        Bill

Thanks for your help.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From kkirksey at world.std.com  Mon Jul 18 17:29:46 1994
From: kkirksey at world.std.com (Ken Kirksey)
Date: Mon, 18 Jul 94 17:29:46 PDT
Subject: GUT and P=NP
Message-ID: <199407190029.AA07438@world.std.com>



-----BEGIN PGP SIGNED MESSAGE-----
 
I was reading Hawking's _Black Holes & Baby Universes_ and an interesting
question struck me:  If a Grand Unified Theory exists, would it not 
prove P=NP to be true?
 
My Armchair Cosmologist's (TM) reasoning goes something like this:  If
a GUT exists, and that GUT is proven to be true (making it the Grand
Unified Law, I suppose), any behaviour we believe to be non-deterministic
really isn't: it obeys the GUL.  So P=NP must be true, since NP is
an artifact our pre-GUL way of looking at things.
 
Am I way off base here?  Can anyone with more knowledge in this area
than I tell me if I'm right, wrong, or somewhere in between?  Many
thanks,
 
Ken
 
=============================================================================
Ken Kirksey            kkirksey at world.std.com            Mac Guru & Developer
- -----------------------------------------------------------------------------
Harassment is a power issue, and power is neither male nor female.  Whoever
is behind the desk has the opportunity to abuse power, and women will take
advantage as often as men.               - Michael Crichton (in _Disclosure_)
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6
 
iQCVAgUBLisd3+sZNYlu+zuBAQFIewP+Pailgh2SFHki+eakhVU9wRCX4kvTXGt/
A2cL/GdIAWkMTPDwOIjzG6MusXcyNUTnTIiAp+Ctzti2xa8F2hsyXU5yd8RQh6aE
ukmmKGvzYBocmiPV2ekl5aSlubV8+0BG4bLDDY5IKOwy1P+oXhY9539YumXuVq+D
xKp/7PdRBcU=
=Gx6j
-----END PGP SIGNATURE-----





From johndo at microsoft.com  Mon Jul 18 18:02:10 1994
From: johndo at microsoft.com (John Douceur)
Date: Mon, 18 Jul 94 18:02:10 PDT
Subject: Why triple encryption instead of split+encrypt?
Message-ID: <9407190102.AA15543@netmail2.microsoft.com>



-----BEGIN PGP SIGNED MESSAGE-----

>From:  <solman at MIT.EDU>
>Date: Monday, July 18, 1994 4:18PM

>Clearly, if you have access to P0, P1; C0 and C1 this attack crushes the
>algorithm. In most books I've seen, it is assumed that you do not have
>access to this.

The assumptions about the information available to the cryptanalyst
vary with the type of attack.  The essence of a known-plaintext attack
is that both plaintext and cyphertext of several messages are known,
and the task is to deduce the key.  This is more practical than it may
sound, since there may be (for example) header information that has
small or no variability among messages.

>Nonetheless, your cryptanalytic algorithm makes clear an additional
>constraints that must be placed on the system which I had not realized:

>From the algorithm, the plaintext, and the cypher text, in must not be
>possible to reconstruct both the plaintext, and the cyphertext for either
>half of the message.

>To that end I would suggest the improvement of making the splitting
>operation dependent on the keys.

For that matter, one could have a third key which is used by the
splitting algorithm.  If one chooses to make this splitting key a
function of the two DES keys, then this approach reduces to your
suggestion, at the expense of a smaller keyspace.  It could be said
that, in the code fragment of my previous message, the splitting key
is fixed at 0x55555555.

So now the meet-in-the-middle attack regains its earlier applicability:
A known-plaintext attack would encrypt P with the splitter, decrypt
C0 with DES, and attempt to meet in the middle to discover key K0;
similarly, decrypting with C1 to get K1.  If you can design a splitter
that is as cryptographically secure as DES (good luck), then the
resulting algorithm is as secure as double DES.  Actually, the
computational complexity of a cryptanalysis would be somewhere between
one and two times that of double DES, since it requires one encryption
analysis and two decryption analyses.

In your previous message, you commented:

>I have a hunch that if I'm wrong, its because the time required to do secure
>non-redundant secret splitting is as large as the time I'm saving.

If your secret-splitting algorithm is as secure as DES, then it probably
runs as slowly as DES does, making your hunch correct.  However, even if
this were not the case, the security of this scheme is significantly less
than that of triple DES.

JD

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLisjcEGHwsdH+oN9AQHwDgQAualDZ4kcq15Cs/oIufau4f23x11gVmEY
nAkWt7teczUa+ZUHIRrsY1x3D6FDgzQLdBeajMpz3W8XHzO9HjAykbx3Rg8eTeQf
ZjGtysnNhSqJwtQLypGhZV+kSv8n4UY5lYkhGHVhTbnn/2ynyjKmqZMkmoN66Klt
GcbayT4Jhzw=
=qfay
-----END PGP SIGNATURE-----





From pleiku!kelly at pleiku.com  Mon Jul 18 18:14:14 1994
From: pleiku!kelly at pleiku.com (kelly@netcom.com)
Date: Mon, 18 Jul 94 18:14:14 PDT
Subject: JUST GO AWAY Sue D nym!
Message-ID: <199407181814.LAA21676@pleiku.pleiku.com>


 Hey detweiler... I am not as gentle as perry is... just go away...
you DONT have any votes here... p.s. I WIll be notifying netcom management
again of your activities... 
    


     




From hayden at vorlon.mankato.msus.edu  Mon Jul 18 18:28:51 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 18 Jul 94 18:28:51 PDT
Subject: Big Brother comes to Campus
Message-ID: <Pine.3.89.9407182024.A18901-0100000@vorlon.mankato.msus.edu>


I wanted to forward this to everyone to show ya what the school is trying 
to spring on us over the summer when nobody is around.  

---------------------------

Acting for:  XXXXX XXXXX

 Mankato State's new ID card is fast becoming a reality.
 We are calling the new ID the MavCard and have begun
 taking pictures of the summer orientation students.

 Attached is a brief summary of the features of the
 MavCard we have given to parents and students who were
 here for orientation.

 Soon we will be taking pictures of other students,
 faculty and staff. I will inform you of the time and
 location.

 If you have any questions or concerns about Mankato
 State's MavCard, please let me know.

 Mankato State University MavCard

 As part of our mission to improve campus services,
 Mankato State University is introducing the new
 MavCard, a more efficient identification card (ID) that
 can also act like cash to pay for many on-campus
 services.

 The MavCard is more efficient because it will become
 the only ID card you need for access to university
 facilities, services and events including the Memorial
 Library, athletic and student activities.

 The MavCard will also eliminate the hassle of carrying
 cash. It can be used like cash for library charges,
 vending machine products, photocopying, laundry
 services and more!

 Mankato State University's goal is to provide one
 convenient card that does it all!

 It all begins with your new MavCard for the 1994-95
 academic year.

 Where to Get Your MavCard
 The Office of Business Affairs will start processing
 MavCards during Freshman Orientation, the first two
 weeks of Fall Quarter, and until the entire campus
 community has been issued new ID cards. Hours and
 convenient processing locations will be posted at the
 Office of Business Affairs, Administration Building.

 It's Quick and Easy
 Getting a MavCard is quick and easy. A new photo
 imaging process will use a video camera and computer to
 create and store all of your card information in
 seconds. Your picture, along with all other card
 information, will be directly transferred to one
 durable plastic card (the same size as a credit card).
 One process, one card does it all!

The First Phase
 Beginning Fall Quarter 1994, you will be able to use
 your MavCard in the Memorial Library, food and vending
 machines, laundry machines, photocopying services, the
 University Bookstore and Residence Hall meal plans.

 How the MavCard Works
 The MavCard will carry three primary information
 identifiers, along with your name and picture.

 The first identifier is your library and Residence Hall
 meal plan Barcode on the front of the card.

 The second identifier is a small black magnetic Cash
 Stripe on the back of the card. This Cash Stripe will
 retain information on the amount of funds you apply to
 the card through one of the many CASH-TO-CARD or
 $10, or $20 on your Cash Stripe, you will activate your
 the card through one of the many CASH-TO-CARD or
 ACCOUNT-TO-CARD machines on campus. By placing $1, $5,
 $10, or $20 on your Cash Stripe, you will activate your
 new MavCard. For safety purposes, there will be a $20
 limit on the funds that can be placed on the Cash
 Stripe at any time. Once your Cash Stripe is activated,
 you can use your MavCard like cash to pay for campus
 services such as photocopying, vending and laundry.

 The third identifier is a large magnetic Bank Stripe on
 the back of the card, similar to the bank stripe on a
 credit card. The Bank Stripe is like an electronic
 check! Once money is deposited to your MavCard account,
 the card can be used instead of a check to purchase
 goods and services. The amount of the purchase is
 deducted directly from your on-line bank account so
 there is no possibility of overdrawing your account.
 This Bank Stripe is also used to obtain cash from the
 automatic teller machines which will be available on
 campus. A Personal Identification Number (PIN) is used
 with this stripe so that your account is protected in
 the event the card is lost or stolen.  The Bank Stripe
 will save you time, reduce the need to carry cash, and
 help eliminate the hassle of writing checks.

 Calling Card Option
 The MavCard can be used as a personal long distance
 calling card. Information on this feature will be
 available from MCI during Welcome Week.

 Future Phases
 In the future the MavCard will expand to include
 building access, voting, campus food services and
 direct deposit of financial aid, refunds and student
 payroll.

 Questions & Answers

 Will I have to get a MavCard or can I just use my old
 ID?
 Your old ID will still be valid when classes start in
 the Fall of 1994 and until all students can get their
 new ID. The process to get your new MavCard is quick
 and easy.

What will the benefits of using the MavCard really be
 to non-campus residents?
 The MavCard will do much more than just consolidate
 your ID with meal plan information. Even if you do not
 those offered through the library, vending machines,
 your ID with meal plan information. Even if you do not
 use a meal plan on campus, other services including
 those offered through the library, vending machines,
 photocopiers, food services...will be easier to use
 than ever before.

 What if I lose my MavCard?
 Contact the Office of Business Affairs at XXX-XXXX.
 Since your information, including your photo, is stored
 in the computer, replacement cards can be processed
 immediately.

 Who do I contact with any questions about the MavCard?
 The Office of Business Affairs at XXX-XXXX, with any
 questions or suggestions on how to make the MavCard
 work... and save...for you!

=====================================================

Basically, they can now track you whenover you enter a building, get 
financial aid, or even purchase a soda or make a photocopy.

I feel used.

--
____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**







From ghio at kaiwan.com  Mon Jul 18 19:17:54 1994
From: ghio at kaiwan.com (Matthew Ghio)
Date: Mon, 18 Jul 94 19:17:54 PDT
Subject: Detweiler
Message-ID: <199407190217.TAA23602@kaiwan.kaiwan.com>


|ghio said that Detweiller must have forged that Big Collision message
|sent to his remailer, because the person it was attributed to hadn't
|logged in. I wonder if "rsh" shows up in that type of login?? maybe
|he "rsh"ed to the account to send from there?!?! and didn't log in
|to have a cover story??

The messages appear to be being forged via port 25.  He's sent several
dozen of them, and they all have different from addresses.

|btw, I haven't seen anything from Detweiller at tmp at netcom.com. I assume
|he still has the account?!?! maybe if someone calls netcom and complains
|they will do something??

Well, I complained...  Haven't heard anything from them yet tho.

|i'm glad ghio caught that message in his mailbox through careful screening
|so that it wouldn't go out to the newsgroups. I always thought the
|remailers were automated, but I guess in most case the operators are
|screening all the stuff. this is good, because we don't need any more
|Detweiller junk out there (amazing how peaceful things are without him!!!)
|too bad if the message was forged, because it would be LOTS of fun to
|EXPOSE THE BASTARD!!! (insert evil smirk here)

No.  The remailer is automated.  I don't normally screen messages before they
are sent out or otherwise censor them.  The message he sent went out to the
newsgroups.  After I saw the anonymous messages appearing, I started having the
remailer save copies of all messages.  He seems to have an automated process
set up to spew these things out.  I have now temporarily disabled my remailer
until this crud stops.

|BTW, here is something I was wondering. on the Detweiller message he has
|an "errors-to: /dev/null" field. what does that do? why did he put that
|in there, anyway? i've never seen any documentation reference it. do
|the remailers handle it?

It doesn't do anything that I'm aware of.  My remailer does support
"Request-Remailing-To: null" which will just delete the message.
The more recent messages just have a blank Errors-To: header.  I keep getting
messages from him every few minutes.  blah...





From ghio at kaiwan.com  Mon Jul 18 19:45:34 1994
From: ghio at kaiwan.com (Matthew Ghio)
Date: Mon, 18 Jul 94 19:45:34 PDT
Subject: Tracing port 25 mail forgery
Message-ID: <199407190244.TAA26934@kaiwan.kaiwan.com>


While looking over some of the detcrud I noticed something interesting...

>From colton at netcom.com  Mon Jul 18 15:48:30 1994
>Received: from virginia.edu (uvaarpa.Virginia.EDU [128.143.2.7]) by
>kaiwan.kaiwan.com (8.6.9/8.6.5) with SMTP
>          id PAA27245 for <ghio at kaiwan.com>; Mon, 18 Jul 1994 15:48:24 -0700
>          *** KAIWAN Internet Access ***
>From: colton at netcom.com
>Received: from fulton.seas.virginia.edu by uvaarpa.virginia.edu id aa05968;
>          18 Jul 94 18:48 EDT
>Received: from <netcom12.netcom.com> (nym at netcom14.netcom.com
> [192.100.81.126]) by fulton.seas.Virginia.EDU (8.6.8/8.6.6) with SMTP id
> SAA67017 for <ghio at kaiwan.com >; Mon, 18 Jul 1994 18:48:20 -0400
>Date: Mon, 18 Jul 1994 18:48:20 -0400
>Message-Id: <199407182248.SAA67017 at fulton.seas.Virginia.EDU>
>To: ghio at kaiwan.com
>Request-Remailing-To: alt.59.79.99 at comlab.ox.ac.uk
>
>##
>Followups-To: news.admin.policy
>Reply-To: <support at netcom.com>
>Subject: Netcom is being SCAPEGOATED
>
...drivel removed...

In the Received: header, fulton.seas.Virginia.EDU identifies the message as
coming from nym at netcom14.netcom.com

My question is, How did it do this???  Did it use identd?  I tried making a
fake mail thru that site and it did not show my username...but neither kaiwan
nor andrew have identd installed.  nova.unix.portal.com did the same thing:

>Received: from <netcom12.netcom.com> (nym at netcom2.netcom.com [192.100.81.108])
>by nova.unix.portal.com (8.6.7/8.6.5) with SMTP id SAA22450 for
><ghio at kaiwan.com >; Mon, 18 Jul 1994 18:09:22 -0700

Comments?





From kentborg at world.std.com  Mon Jul 18 20:03:15 1994
From: kentborg at world.std.com (Kent Borg)
Date: Mon, 18 Jul 94 20:03:15 PDT
Subject: Life & Times LA TV prog on LLL Porn
Message-ID: <199407190302.AA19355@world.std.com>


A local public TV program in LA just ended.  One of their closing mini-
items was on the spy porn at Lawrence Livermore (sic).  One host gave a
short version of the hysterical take, including that LLL was going to do
Star Wars, and how terrible their security must be.

Host #2 kicked in with a claim that he knows nothing about computers.

Host #3 did the best thing I can imagine: said it was also part of the
JFK coverup...

FYA.

-kb, the Kent who has been caught watching TVF



--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:30 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Mon Jul 18 20:12:01 1994
From: kentborg at world.std.com (Kent Borg)
Date: Mon, 18 Jul 94 20:12:01 PDT
Subject: Card Playing Protocol?
Message-ID: <199407190311.AA23428@world.std.com>


>There's no need for a central server per game

I am presuming this is true--I am just trying to phrase things carefully.
I don't yet understand all I need to know (I think I need to read
crypto someone said).  I like distributed stuff...I am just too
ignorant to know how purely it can be adhered to.

-kb, the Kent who is trying not to get too far ahead of himself


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:30 hours of TV viewing so far in 1994!





From kentborg at world.std.com  Mon Jul 18 20:19:22 1994
From: kentborg at world.std.com (Kent Borg)
Date: Mon, 18 Jul 94 20:19:22 PDT
Subject: Card Playing Protocol
Message-ID: <199407190318.AA26984@world.std.com>


>No.  Schneier is a start, but the source papers...

So I should wonder about how to find the sources mentioned in
his bibliography?

Yup.  I haven't gotten that far yet.

-kb, the Kent who is only human


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 35:30 hours of TV viewing so far in 1994!





From frissell at panix.com  Mon Jul 18 20:31:33 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 18 Jul 94 20:31:33 PDT
Subject: Federal Control of Financial Transactions
Message-ID: <199407190330.AA13407@panix.com>


As regular readers will be aware, Tim May and I have been sparring with each
other about the risks of various control strategies that the world's
governments may deploy.

I thought it might be helpful to make one of his fears concrete so that we
can analyze it.  I trust that I am not putting words in Tim's mouth.

The major concern is the same one mentioned in the Book of Revelations:

"REV 13:16  And he causeth all, both small and great, rich and poor, free 
and bond, to receive a mark in their right hand, or in their foreheads:

REV 13:17  And that no man might buy or sell, save he that had the mark, 
or the name of the beast, or the number of his name."

So the Feds deploy a card (smart or dumb) that has to be used for most
transactions and lets them track everything we do.  Tourists are brought
into the system through the use of temporary cards (or the machine-readable
strip on their passports which already includes a space for a national ID
number.)

How is this most likely to come about?  I consider force majeure to be
unlikely.  It would be rough to get Congress to impose a burden like this on
businesses (who would have to completely wire themselves) in a formal vote.
It is not necessary to do this in any case since they know they can't snag
everyone into the system.  They just want to capture most of the transaction
data.  If they can do it administratively without involving Congress in
controversy, they will use that approach.

Clipper and the Post Office agitprop on the US Card give us a possible
scenario.  The P.O., desperate to find a reason to exist as its core
business drains away to the wires and private carriers, would like to become
the primary digital signature authorizers for the U.S.  It claims to be able
to put millions of "US Cards" in the hands of happy shoppers within months
of the go-ahead.  (Assuming they use FedEx for the actual *shipments* of
course).  The recently attempted "Clipper maneuver" of game strategy
(government preemption by standard setting rather than by direct application
of force) shows us how the US Card system might be actually deployed.  The
government adopts the standard it likes and tries to make it the de facto
standard by requiring it for most official business.  An instant market is
thereby created.  No congressional action required.  

Similarly, the government might try to preempt the market for digital
signature and commercial encryption technology by deciding to make anyone
who wants to use a digital signature system in dealings with the government
use the Post Office or some such agency as the signature authenticator.
Thus bids, purchasing, benefits, and taxes could all require your "US Card"
registered at your local post office.  The government would then hope that
commercial users who would need to use the government's system for tax
filings anyway would also use it for its ordinary dealings with the public.
Then if a health care bill drafting you into a "universal coverage" army is
ever passed, the "US Card" also becomes the Health Security Card you will
have to show to get a job in the US.

Thus, all sorts of authentication transactions would pass through the
powerful and efficient post office data network and the
ex-countercultural/born-again control freaks Inside the Beltway could get
their jollies tracking your employment and purchases.

What's the big hole in this frightening scenario?  Ask yourself one
question.  Why is the Post Office looking around for some useful work these
days?  Didn't they have a monopoly guaranteed by the Federal Government for
more than 100 years?  If they couldn't make a go of it with a pure coercive
monopoly during a time of slower commercial activity, what makes them think
that they can compete *without* a genuine coercive monopoly in a time of
constant change.

Governments have proved over and over again that they can go broke running
"guaranteed" money spinners like state lotteries and such.  They don't stand
a chance in a marketplace that will break the hearts of the brightest people
this planet has ever produced.

What has recent history established?  Governments are weaker.  

Why didn't the Amin mandate Clipper?  No political ability to do so.  Why
are banks and telecoms being deregulated in nearly every country on earth
(in spite of propaganda about "risks" and "public needs"?  Why have exchange
controls (a common feature of life a generation ago) become impossible
almost everywhere on earth?  Is it "free market ideology" that has triumphed
or did the *reality* of markets rather than the *idea* of markets hit
governments on the head.

To those who romanticize the power of the State in the modern world I ask,
why doesn't Clinton impose wage and price controls, exchange controls,
tariffs, and a full-blown industrial policy?  Why doesn't he nationalize the
steel industry, guarantee jobs for all, confiscate all estates above
$100,000, impose 95% income taxes on those making more than $40,000/year,
and all of the other proposals that were popular earlier in this century?  I
doubt that he is restrained because of his deep commitment to human liberty.
He doesn't do it because he can't.  Markets wouldn't put up with it.  His
government would be destroyed (by capital flight.)  

In this connection, I invite everyone to read the excellent profile of Japan
in last week's Economist.  It discusses the current and growing Japanese
commitment to deregulation and what is driving it.  That issue is a keeper
anyway because of an article on commerce on the Internet and (as has been
mentioned before) the use of the word "anarcho-capitalism" in an article
comparing Thailand and Singapore.

Assuming that the government were to attempt to establish a Post Office
mediated digital authentication system, there is no guarantee that it would
work.  Foreign users would presumably use foreign systems to authenticate
their transactions.  Some of these systems might be run by privatized
foreign PTTs or by others.  Note that since banks and credit agencies will
still have to approve the transactions anyway (to make sure you've got the
dough), they may decide to use other systems for signature authentication.
It would not really cost them any more.  Since information is cheap, setting
up a system to use several authentication systems is almost as easy as
setting up a system to use one.  (Particularly since you have to do it
anyway.)  It is difficult to imagine the P.O. being able to compete in the
cutthroat world of credit processing.

Recall that even today, there are companies that pick up and deliver your
mail to the P.O. to speed the process along.  Similarly, expediters may
interpose themselves between the customer and the P.O. to speed
authentication in the even that the P.O. network is slow or inefficient
(likely).  

Here again, Clipper gives us some hints as to how the attempted market
cornering might work out in practice:  The Admin is currently floating
stories about perhaps withdrawing Clipper in favor of "wider discussions"
with the industry.  Clipper is already painfully obsolete and it isn't even
shipping in quantity.

Inefficient government monopolies create marvelous profit opportunities for
markets to arbitrage the gap between cost and price.  In a highly efficient
networked world, it will be very difficult for governments to compete.

DCF

Why Pizza Hut should hire *me* as their spokesman:

"Why does Pizza Hut oppose mandatory, employer-paid health insurance in the
US even though we are forced to pay it in Japan and Germany? 

We support the principle of cultural diversity under which different
societies experiment with different methods of social organization.  Germany
and Japan have chosen one road, we have chosen another.  Pizza Hut would not
voluntarily impose on our US customers the burden of the very high food
costs that the agricultural policies of Germany and Japan impose on their
citizens.  Similarly, we would not choose to impose on our US employees the
burden of bureaucratically designed employment contracts.  

Pizza Hut supports the right of our customers to enjoy the least expensive
and best pizza on earth and the right of our employees to bargain with us
collectively and individually concerning the conditions of their employment."







From eric at Synopsys.COM  Mon Jul 18 21:13:40 1994
From: eric at Synopsys.COM (Eric Messick)
Date: Mon, 18 Jul 94 21:13:40 PDT
Subject: PARTY: [2nd post] A Post Jovial Bash, July 23rd, Santa Cruz, CA.
Message-ID: <9407190413.AA26269@tiedye.synopsys.com>


[This is going to several lists with overlapping memberships.
Apologies if you're recieving this more than once.]

The bashing of Jupiter has begun, and in less than a week it will be
over.  That's certainly a cause for celebration, so you're invited to
join me for a Post Jovial Bash.

Where: A cozy geodesic dome nestled in the Santa Cruz mountains.
Directions are included below.

When: Saturday, July 23, 1994.  The party begins at noon.  Crash space
is available if you wish to stay until Sunday.

What to bring:

Food and/or drink to share and enjoy.  I'd like to encourage people to
bring healthier items: low-fat and/or vegetarian food, juices, etc...
but nothing will be turned away.  A grill will be available, and I
will be providing some food and drinks.  Suggestions and contributions
are welcome.

Musical instruments.

A towel (you do know where it is, don't you?) for enjoying the hot
tub.  It will be clothing optional, but probably not used until it
cools off in the evening.

Bedding if you suspect you might want to spend the night.

And of course, bring interesting people, ideas, and things.

Note to cat allergy sufferers (like me):  6 cats live in the house.
Be prepared.

To print a map and directions, snip off the file below and send it to
any PostScript(tm) printer.  If you haven't got one, you'll have to
make do without the map.  Just read the text at the top of the file
for directions.

				Be seeing you --

				-eric messick

PS: PostScript is a registered trademark of Adobe Systems Incorporated.
------>8------>8------>8------>8------>8------>8------>8------>8------>8
%!ps
%			Directions to KT & Eric's dome
%
%			KT & Eric
%			15139 Old Ranch Rd
%			Los Gatos CA 95030 8506
%			+1 408 353 4751
%
% From San Jose, take Highway 17 South from Highway 280 for 15 miles.
% From Santa Cruz, take Highway 17 North from Highway 1 for 12.5 miles.
% Exit Highway 17 at Summit Road (the only bridge over Highway 17 in
%    the mountains), and head west.
% 0.5 miles west of 17, turn left from Summit Road onto Hutchinson Road.
% 0.2 miles from Summit, just after Riva Ridge Road on the left and a long
%    group of mailboxes on the right, turn right from Hutchinson onto
%    Old Ranch Road.
% A short distance down Old Ranch there is a three-way fork.  The left
%    branch is a small driveway; the center branch is Old Ranch Road which
%    continues around a curve to the left (a sign points to the left to
%    indicate this); and the right branch leads to our house and three
%    others.  Our address (15139) is on the top of a sign to the right.
%    Turn onto the rightmost fork, down a steep grade.
% Our geodesic dome is 0.4 miles from Hutchinson Road down the rightmost
%    fork of Old Ranch Road.

/fg { 0 setgray } def
/bg { 1 setgray } def

/r { moveto currentpoint } def
/a { rmoveto pop pop currentpoint } def
/ah { pop pop currentpoint } def

/rc { rcurveto } def

/lab { % x y alpha (str)
	gsave
		4 2 roll rmoveto
		exch rotate
		show
	grestore
} def

/nl { show 7 sub r } def

bg clippath fill

4.25 72 mul 5.5 72 mul translate
90 rotate
2 2 scale
/Helvetica findfont 5 scalefont setfont

0 0 moveto
currentpoint

70 -100 a

	currentpoint				% North arrow
	50 30 a
	fg 3 setlinewidth
	0 60 rlineto ah stroke r
	0 -10 1 -15 5 -20 rc stroke r
	gsave
		-5 5 rmoveto
		/Times-Bold findfont 13 scalefont setfont
		(N) show
	grestore
	pop pop r

-12 20 -90 (to Santa Cruz -->) lab
-25 210 -65 (<-- to San Jose) lab

11 setlinewidth fg 2 120 -10 170 -30 200 rc stroke r	% 17 outer lines
7 setlinewidth bg 2 120 -10 170 -30 200 rc stroke r	% 17 interior
1 setlinewidth fg 2 120 -10 170 -30 200 rc stroke r	% 17 center

1.25 100 a

10 -40 270 (Highway 17) lab

2 setlinewidth

-2.5 27 rmoveto
fg 2 -7 5 -9 14.5 4.7 rc stroke r		% summit to 17n

-8.2 0 rmoveto
fg -2.5 20 -10.5 30 -20.5 50 rc stroke r	% summit to 17s

-12.75 35 rmoveto
fg 2 -15 -4 -8 -13.3 10 rc stroke r	% 17s to summit

1 setlinewidth

-3.2 49 rmoveto			% bridge fingers
fg 5 5 rlineto stroke r
-3.2 49 rmoveto
fg .85 -7 rlineto stroke r
-18.5 52 rmoveto
fg -3 6 rlineto stroke r
-19 52 rmoveto
fg -2 -6 rlineto stroke r

-1 48 rmoveto			% bridge border
9 setlinewidth
fg -8 3 -13 5 -20 4 rc stroke r
-1 48 rmoveto			% bridge interior
7 setlinewidth
bg -8 3 -13 5 -20 4 rc stroke r

2 setlinewidth

.5 0 rmoveto
fg 0 20 9.5 30 19.5 40 rc ah stroke r		% 17n to summit

	currentpoint
	fg 10 10 25 15 40 10 rc stroke r	% summit e
	33 15 -15 (Summit Rd) lab

	25 11.5 rmoveto
	fg 10 10 10 20 5 40 rc stroke r	% mt charlie e
	30 70 -80 (Mt Charlie Rd) lab

	5 15 25 (Phone) lab
	0 5 25 (Parking lot) lab
	pop pop r

fg -20 10 -40 15 -48 10 rc ah stroke r		% across bridge
fg -16 -10 10 -35 -3 -43 rc ah stroke r
fg 5 -10 0 -20 5 -30 rc stroke r		% mt charlie w
5 -5 -80 (Mt Charlie Rd) lab
fg -13 -8 -20 20 -30 15 rc ah stroke r
fg -10 -5 -30 -20 -55 -20 rc ah stroke r
fg 5 -10 0 -20 5 -30 rc stroke r		% stagecoach
5 -5 280 (Stagecoach Rd) lab
fg -25 0 -10 -20 -15 -25 rc ah stroke r
fg -5 -5 -30 0 -40 0 rc stroke r		% summit continues...
-45 5 -5 (Summit Rd) lab
fg 5 -5 0 -20 0 -30 rc ah stroke r		% hutchinson
5 25 -90 (Hutchinson Rd) lab
% side road could go here
fg 0 -10 3 -10 5 -17 rc ah stroke r
fg 5 -5 10 -8 20 -8 rc stroke r		% riva ridge
15 -5 0 (Riva Ridge Rd) lab
fg 1 -3 1 -4 2 -7 rc ah stroke r
fg 1 -3 5 -5 10 -7 rc stroke r		% hutchinson continues...
3 -12 -20 (Hutchinson Rd) lab
1.5 setlinewidth
fg -5 -5 -10 8 -15 3 rc ah stroke r	% old ranch
fg -3 -3 0 -10 5 -15 rc stroke r	% old ranch continues...
-8 -9 -55 (Old Ranch Rd) lab
1 setlinewidth
fg 2 1 rmoveto
-1 -2 1 -4 5 -7 rc stroke r		% left fork driveway
fg -5 5 -15 15 -20 12 rc ah stroke r	% our portion of old ranch
fg -5 -3 -15 -15 -25 -10 rc ah stroke r
fg -10 5 -15 5 -20 0 rc ah stroke r
fg -5 -5 -10 -5 -20 0 rc stroke r	% our portion continues...
fg 5 -5 rlineto ah stroke r		% our driveway

fg 7 2 rmoveto currentpoint newpath
3 0 360 arc stroke r

/Helvetica-Bold findfont 5 scalefont setfont
-15 -10 0 (KT & Eric) lab
-15 -15 0 (15139 Old Ranch Rd) lab
-15 -20 0 (Los Gatos CA 95030 8506) lab
-15 -25 0 (+1 408 353 4751) lab

-155 115 moveto ah
/Times-Roman findfont 6 scalefont setfont

(From San Jose, take Highway 17 South from Highway 280 for 15 miles.) nl
(From Santa Cruz, take Highway 17 North from Highway 1 for 12.5 miles.) nl
(Exit Highway 17 at Summit Road \(the only bridge over Highway 17 in) nl
(   the mountains\), and head west.) nl
(0.5 miles west of 17, turn left from Summit Road onto Hutchinson Road.) nl
(0.2 miles from Summit, just after Riva Ridge Road on the left and a long group) nl
(   of mailboxes on the right, turn right from Hutchinson onto Old Ranch Road.) nl
(A short distance down Old Ranch there is a three-way fork.  The left branch is a) nl
(   small driveway; the center branch is Old Ranch Road which continues around a) nl
(   curve to the left \(a sign points to the left to indicate this\); and the right branch) nl
(   leads to our house and three others.  Our address \(15139\) is on the top of a) nl
(   sign to the right.  Turn onto the rightmost fork, down a steep grade.) nl
(Our geodesic dome is 0.4 miles from Hutchinson Road down the rightmost) nl
(   fork of Old Ranch Road.) nl

-80 128 moveto ah
/Times-Bold findfont 12 scalefont setfont

(Directions to KT & Eric's dome) nl

pop pop
showpage





From hughes at ah.com  Mon Jul 18 22:22:19 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 18 Jul 94 22:22:19 PDT
Subject: GUT and P=NP
In-Reply-To: <199407190029.AA07438@world.std.com>
Message-ID: <9407190458.AA23116@ah.com>


   question struck me:  If a Grand Unified Theory exists, would it not 
   prove P=NP to be true?

No.  Hardly.

   behaviour we believe to be non-deterministic
   really isn't: it obeys the GUL.  So P=NP must be true, since NP is
   an artifact our pre-GUL way of looking at things.

Non-determinism will exist forever as an idea, just the same way that
no real number has ever been measured, merely approximations to them.
NP is an expression of that idea.  There are other ways to formalize
NP without resorting to non-determinism.  NP is the class of problems
for which there exists a witness to a PTIME computation.
Non-determinism is only another way of rephrasing the existential
quantification.

Eric





From hughes at ah.com  Mon Jul 18 22:26:26 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 18 Jul 94 22:26:26 PDT
Subject: Encrypting fax machine
In-Reply-To: <aa5096b80302101e710e@[129.219.97.131]>
Message-ID: <9407190502.AA23131@ah.com>


   At 6:07 AM 7/18/94, John Young wrote:
   >We use an encryption algorithm called seeded pseudo-random
   >number generator, Mr. Varga said.  The company chose that
   >algorithm because it is in the public domain, he added.

   One would think that anybody who would go to the expense of designing an
   encrypting FAX machine could at least afford to read the introduction to
   any beginning crypto book.

I just said this last week.  PNRG-XOR can be very secure.  If they're
using Blum-Blum-Shub, it could be secure, since there are other things
to go wrong.  If they're using a LFSR, it's not secure.

It looks like a none-too-competent technology reporter to me.

Eric





From jdblair at nextsrv.cas.muohio.EDU  Mon Jul 18 22:46:56 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Mon, 18 Jul 94 22:46:56 PDT
Subject: y'all gotta see True Lies
Message-ID: <9407190601.AA14391@ nextsrv.cas.muohio.EDU >


Hey y'all, check it out!  The cypherpunks better go to the movies!

I just got back from True Lies, the latest Arnie flick.  I recommend y'all
go see it.  Hollywood's managed to push the collective american button yet
another time, ladies and gentlemen.  Where's the "Dr. Strangelove" of the
90's when we need it? 

I'll make a short list:

1) Passionate Arabs driven to find there revenge through stolen Soviet
nuclear weapons. 

2) A "blanket order" to a vague, unknown government agency to wire tap
anything they feel like. 

3) Fear that, because there are no customs or controls regulating traffic
between the Florida Keys and the mainland, the terrorists will be able to
drive anywhere with their fancy nuclear weapon. 

4) After summoning the skill to purchase a nuclear weapon, smuggle it into
the United States undetected (except for the suspicions of our amazing
Arnie and his crack team), and detonate one of them in the Keys, still
unable to work a video camera with reliability (oh, those crazy wacko
arabs!  Oh the magic of Hollywood!)

5) Of course, every hacker in the audience noticed that the rich
multinational zillionaire is unable to choose encryption secure enough to
fend off an attack on minutes in length using computer equipment in a van! 
What was he using to hide his records?  Enigma? 

6) Oh yeah, the women are unable to do anything except talk on the phone,
get into catfights, give men blowjobs, and kill people by accident.  The
only female villain is clever, but the screenplay is sure to point out
that she has not principle other than the dollar (or yen, pound, mark,
etc).  This is a very male film, even without getting into that old 60's
cliche about missiles being penis extensions. 

7) Luckily, amid all the casual death in the name of national security and
the american way, we have Arnie pointing out that "he only kills bad
people."  Reminds me of the time I was at the Space and Rocket Center in
Huntsville, right after the Gulf War.  They had a patriot missile on
display, along with the wreckage of a "busted scud."  A mother pointed to
the missile, saying to her son, "Look, its the patriotic missile."  I am
not making this up. 



Y'all better get crackin', you clever cypherpunks.  We sit here and chat
about the National ID card, and argue about the best way to not pay our
taxes (should I lease my car from a front, or buy it from the Mafia?  What
if I get a speeding ticket?).  Meanwhile, the REAL MEDIA, the MOVIES, the
TV, and all the other DRUGS most of America uses to ignore their
surroundings are giving people the armor to fend off all the reason in the
world we will ever cook up. 

"You can see, as the movie 'True Lies' showed, its relatively easy for a
group of Arab terrorists to land in America and cruise up the coast with a
nuclear weapon!  Just think how easy it is for some Joe to walk on in with
a kilo taped to his belly, and feed it to your kids!  Worse, a whole
family of Mexicans could sneak in and collect YOUR welfare check!
(pregnant mother giving birth the moment she steps on American soil!" 

Choose whatever villain you wish for the delivery.  The lefties can
imagine Ronnie Boy calming us with his liquid voice.  Those of other
persuasions can choose Billary Klinton, promising us health and benefits. 
Maybe I'll imagine that guy my parents told me about... I think his name
was Mixon or something like that. 

I doubt it'll matter who's holding the wheel. I think the car's driving 
itself.

If anyone has a good monkeywrench, send it my way.

-john.

--------------------------------------------------------------------------
John Blair: <jdblair at nextsrv.cas.muohio.edu>         voice: (513) 529-2961
http://phoenix.aps.muohio.edu/users/jdblair/home.html            KILL YOUR
Finger me for PGP key.                                          TELEVISION
 Too much proximity to folly tends to make it seem normal. --Edward Abbey




From paul.elliott at hrnowl.lonestar.org  Mon Jul 18 22:58:05 1994
From: paul.elliott at hrnowl.lonestar.org (Paul Elliott)
Date: Mon, 18 Jul 94 22:58:05 PDT
Subject: How to legally circumvent the PGP 2.6 "legal kludge"!
Message-ID: <2e2b5b31.flight@flight.hrnowl.lonestar.org>


 How to legally circumvent the PGP 2.6 Legal Kludge.

According to the pgpdoc2.txt that comes with PGP 2.6:

>PGP version 2.6 can read anything produced by versions 2.3, 2.3a, 2.4,
>or 2.5.  However, because of a negotiated agreement between MIT and
>RSA Data Security, PGP 2.6 will change its behavior slightly on 1
>September 1994, triggered by a built-in software timer.  On that date,
>version 2.6 will start producing a new and slightly different data
>format for messages, signatures and keys.  PGP 2.6 will still be able
>to read and process messages, signatures, and keys produced under the
>old format, but it will generate the new format.  This incompatible
>change is intended to discourage people from continuing to use the
>older (2.3a and earlier) versions of PGP, which Public Key Partners
>contends infringes its RSA patent (see the section on Legal Issues).

This is the "legal kludge". However there is an undocumented PGP
parameter in PGP 2.6 which appears to be intended to allow the PGP
user to disable this "feature". This parameter may only be specified
on the command line using the "+" syntax. It is thought that it was
intended that one could disable this feature using a command like the
following:

pgp +legal_kludge=off -e file

However this does not work. In the source file config.c we find:

		  case LEGAL_KLUDGE:
			legal_kludge = value;
			break;

Since legal_kludge is a Boolean variable, the specified value "=off"
is in the variable "flag". Value usually has the wrong number, since
it is not set for Boolean values. Thus due to what appears to be a
bug, we can not use the "legal_kludge" parameter to disable the
kludge.  Perhaps the bug is not really a bug at all, but a
feature. After all it does limit the interpretability of pgp 2.6 with
earlier versions.

We can not fix this bug without violating MIT's licensing
requirements.

>2.  Software included in this compilation includes a feature that
>causes the format of messages generated by it to change on September
>1, 1994. Modification to this software to disable this feature is not
>authorized and will make this license, and the license in the
>underlying software, null and void.

If we were hell-bent to frustrate RSA and MIT, we would simply use
pgp26ui and not tell them about it rather than hack their sacred
kludge.

It would seem to be an impasse. Or is it? Note that value is declared
statically:

>static int value;


Every time a numeric parameter is parsed the variable value is used to
hold the number. So all we have to do is specify a numeric parameter
of zero before we specifying "legal_kludge"!  We can then set that
parameter back to the desired value if zero is not desired. That is
the following works!

>pgp +cert_depth=0 +legal_kludge=off +cert_depth=4 -e file

The above assumes that we wish to use 4 as the value of cert_depth.
We set cert_depth to zero only to get the value of "value" to 0.  The
the legal_kludge parameter will set the value of "legal_kludge" to be
=value=0, then we set cert_depth to the real desired value.

This trick is legal, because we have not modified pgp 2.6 in any way.
We are simply exploiting a bug or feature in the way PGP 2.6 is
written.

This kludge may seem to be too kludgy! It is asking a lot to ask users
to type such a thing! But is this really a problem? Most users do not
invoke PGP directly. They usually invoke PGP thru a mail program or
some other shell program.  These shell programs can be easily modified
to do the right thing.  In the worst case, people could define a shell
alias to invoke pgp with the incantation!

This discovery will allow people who must use PGP 2.6 to communicate
with people with earlier versions of PGP!
------------------------------------------------------------------------------
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott at hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-- 





From yusuf921 at raven.csrv.uidaho.edu  Mon Jul 18 23:54:40 1994
From: yusuf921 at raven.csrv.uidaho.edu (certified *WiErDo*)
Date: Mon, 18 Jul 94 23:54:40 PDT
Subject: How to legally circumvent the PGP 2.6 "legal kludge"!
In-Reply-To: <2e2b5b31.flight@flight.hrnowl.lonestar.org>
Message-ID: <Pine.3.87.9407182318.A29357-0100000@raven.csrv.uidaho.edu>



-----BEGIN PGP SIGNED MESSAGE-----




On Tue, 19 Jul 1994, Paul Elliott wrote:

>  How to legally circumvent the PGP 2.6 Legal Kludge.
> 
[deleted]

> If we were hell-bent to frustrate RSA and MIT, we would simply use
> pgp26ui and not tell them about it rather than hack their sacred
> kludge.

[deleted]

> This discovery will allow people who must use PGP 2.6 to communicate
> with people with earlier versions of PGP!
> ---------------------------------------------------
> Paul Elliott                                  
> Paul.Elliott at hrnowl.lonestar.org            

I think I'll stay hell bent on frustrating MIT.
PZ has never spoken out against pgp26ui, I'll take that silence as 
implied consent while covering his ass legally. besides, 2.6ui lets you put
nifty ascii armour version names 

- --
Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui
GJ/GP -d+ h+ g? Au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++
          t+ 5-- j++ r b+++ D+ b--- e+(*) u** h* r+++ y?  
- --

-----BEGIN PGP SIGNATURE-----
Version: 2.6MITSUX

iQCxAwUBLit4OMXmMf9qeaBdAQFpzwTdF1k0Osa812zyCZzn/sXCgvaarnFqFC3q
pGioFuvsXe9xOx9Om82jni803HQki07n/iHIBfV0ekkQKtZkmfCem2gIh9Vu+4lY
XUwUlFCDLfvkT+RH4J8AZCeLyxTRstHlX6w+ezm6WL+G38H3VVK+aAQAGDhDWwhb
yXv57lt1KFGlkvEGJs+FNSojhYQOn7NizYjAR5w/CdZZ9bHq
=Zhuk
-----END PGP SIGNATURE-----






From snyderra at dunx1.ocs.drexel.edu  Tue Jul 19 00:20:35 1994
From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
Date: Tue, 19 Jul 94 00:20:35 PDT
Subject: JUST GO AWAY Sue D nym!
Message-ID: <aa511f2f0602101e06c2@DialupEudora>


At 2:14 PM 7/18/94, kelly at netcom.com wrote:
> Hey detweiler... I am not as gentle as perry is... just go away...
>you DONT have any votes here... p.s. I WIll be notifying netcom management
>again of your activities...

When I joined the list, I received a note describing Detweiler, and asking
me not to react to said person.  This seems like good advice.

I have placed "Sue" in my mail filtering program.  I suggest that those who
feel that "Sue D. Nym" is Detweiler do the same, and ignore the person.

If it is Detweiler, he's having his desired effect.

Bob

--
Bob Snyder N2KGO                                     MIME, RIPEM mail accepted
snyderra at dunx1.ocs.drexel.edu                       finger for RIPEM public key
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.







From jdwilson at gold.chem.hawaii.edu  Tue Jul 19 00:54:48 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Tue, 19 Jul 94 00:54:48 PDT
Subject: Anti-Clipper Article in "THe Computer Applications Journal"
Message-ID: <Pine.3.07.9407182130.C5407-f100000@gold.chem.hawaii.edu>



FYI the following is scanned, not stirred (or forwarded) from "The Computer
Applications Journal", July 1994, issue #48 (a 'zine with a refreshingly
technical mix of software, hardware info for board-level integration with
current popular operating systems e.g. DOS etc.)


         By John Iovine
         
         Cryptology is a science of enciphering and deciphering messages
         and information. The word conjures up images of espionage, spies, 
         hostile government action, and top secret information. We don't 
         usually associate this word with privacy--your privacy--but it 
         is this facet of cryptology that is being argued today in our 
         courts and among government agencies.
         
         ENCRYPTED PRIVACY?
         The arena where electronic bits of information are transmitted
         through data conduits is loosely termed "cyberspace." Currently, in
         cyberspace there's no guarantee of privacy. Transmitted messages
         may be intercepted and read indiscriminately. This possible invasion of
         privacy is not just limited to Email on your local BBS or on
         Internet. Our national telephone network, which handles voice and 
         fax as well as computer telecommunication, is vulnerable.
         Additional data conduits like cable television systems and satellite
         feeds are becoming more commonplace all across the country. These
         newer networks are vulnerable to interception as well.

         To better grasp the threat, imagine a company that
         routinely transmits bids or promotional information to
         field agents through one of these networks. The company can be put
         at a severe disadvantage if a competitor gains access to
         this information.

         The dark side of our information age is that technically skilled
         crooks--sometimes romantically referred to as phreakers and crackers 
         can create havoc in your life.  
         
         For a while, crackers were making national news by breaking into
         secured government databases.
  
         Intercepting various unprotected data communications makes most
         people easy targets for others to gain access to confidential
         material.

         Anyone who has been electronically mugged has very little
         sympathy for these criminals. By stealing credit card numbers,
         they are capable of making purchases, charging telephone calls to 
         your phone number, reading your Email, and listening to cellular 
         phone conversations.

         The problem is growing. Our national data network increases in size
         and complexity daily. It is changing and defining the methods by
         which people communicate, information is transferred, and business is
         conducted.

         It is therefore becoming increasingly important to secure the
         privacy of the networks and reduce their vulnerability to 
         interception. Business has been less than responsive to this threat. 
         For instance, credit card companies justify their exorbitant +19% 
         interest rates because they are needed to compensate for the
         tremendous amount of credit card (read "electronic") fraud and
         thievery. These companies should be doing
         much more to prevent electronic fraud instead of just passing the
         cost on to honest consumers in the way of high interest rates.
         Rep. Edward J. Markey (D-Mass), the chairman of the House Telecom-
         munication and Finance Subcommittee, had this to say about privacy:
         "Whether it's a cellular phone conversation, computer data, a fax 
         transmission, a satellite feed, cable programming, or other
         electronic 
        services, encryption is the key to protecting privacy and security." 
         He stated further that "developing a national policy
         for encryption and its uses is therefore a process of fundamental
         importance for the future of our national networks and our 
         competitive position internationally."
         
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


--------- ENTER THE CYPHERPUNKS

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  
         That's cypher, not cyber. Let's not confuse these similar sounding
         monikers. The cypherpunks want to see widespread public use 
         of cryptotechnology. They see the individual's privacy protected 
         through cryptography. However, they face powerful governmental and 
         political obstacles.

         The end of the cold war hasn't eliminated the need for cryptography
         and secret codes used by our government. But it should
         have alleviated some of the regulations concerning private use of
         cryptotechnology. The government still classifies cryptotechnology 
         with hard military weapons such as tanks. The U.S. government agency 
         in charge of cryptotechnology is the National Security Agency (NSA). 
         The cypherpunks see the NSA as trying to keep its monopoly on
         cryptotechnology intact.

         One of the most outspoken and visible members of the cypherpunks is
         Iohn Gillmore. Mr. Gillmore has this to say on the subject:
         
         Government investment leads to government control.

         Government control is detrimental to the development of the media.

         Government seized the control of radio and television in their
         infancy. Since then the media has never had full first amendment
         rights or protection.

         Encryption technology is the key for people and companies to maintain
         their privacy over the networks.  The government should cease its
         involvement .
         
         John has fought legal battles with the NSA on a few fronts. So
         far he has been victorious.
         
         BATTLE LINES
         
         The lines are drawn. On one side you have the cypherpunks who feel
         that good public cryptographic technology safeguards our privacy. The
         NSA feels this is compromising our national security.
         
         The government has threatened private cryptographers with jail. John
         Gillmore was threatened by the NSA stating that he was on the
         verge of violating the Espionage Act. A conviction would have sent 
         him to jail  for 10 years.

         How can the government threaten private citizens7 Easily: as stated
         previously, the government classifies cryptographic tools with
         military tanks and bomber planes.
         
         THE WASHINGTON CONNECTION

         The Administration wants America to encrypt its information to
         protect it from unauthorized access.  The encryption scheme, con-
         tained in the government-sponsored Clipper chip, includes voice as 
         well as data information sent over communication lines. A major
         catch  in this plan is that only the government-approved encryption is 
         allowed in any device used by the government or in government
         projects. 

         Other encryption methods continue to be legal for domestic use, but 
         only in nongovernment applications.

         The second catch is the potential for a trap door in the
         encryption chip's program that would allow law enforcement agencies 
         to decipher any encrypted data. Therefol-e, this method of encryption 
         doesn't alleviate concerns that the government could abuse its ability 
         to tap into the privacy of the citizenship.

         Of course, organized crime would use its own crytotechnology, anyway.
         So a trap door would only be effective for spying on
         small incidental crooks and private citizens.

         The encryption algorithm touted by the Administration is
         contained in an integrated circuit. This chip, designed by Mykotronx 
         in Torrance, Calif. and manufactured by VLSI in San Jose, Calif., is 
         nicknamed "Clipper." It is a 12-Mbps encryption coprocessor. The OEM 
         cost of the chip is $26 when purchased in large quantities, which
         trickles down to an increase of $100 in the street price of any 
         electronic equipment (computer, phone, fax that contains the chip.
         
         SOFTWARE VS. HARDWARE

         There are less expensive encryption chips on the market than the
         Clipper. 

         Usually anyone interested in encryption takes a software 
         approach.  It may be a little slower than hardware, but the
         recurring cost is much less. Speed only becomes a critical 
         consideration when it's necessary to secure fast communication
         such as video or voice communication.
         
         RECENT EVENTS

         On February 4, 1994, the U.S. Government officially endorsed the
         Clipper chip and directed the Commerce Department's National
         Institute of Standards and Technology (NIST) and the Treasury 
         Department to hold in escrow the keys used to unlock the Clipper
         codes. It also establishes new procedures for exporting products 
         using Clipper to most countries.

         The government has formed an interagency group whose job it is to
         develop encryption technologies that could serve as alternatives to 
         Clipper.

         The Clipper endorsement contains three flaws according to a
         policy paper released in January 1994 by the Institute of Electrical 
         and Electronic Engineers: a classified algorithm, the key-escrow 
         system, and an encryption standard developed for public use without 
         public scrutiny.

         The Clipper chip has developed many industrial and congressional
         opponents.  So far, Novell, AT&T, Citicorp, Computer Associates,
         Hughes Aircraft, Motorola, and other major corporations openly 
         oppose the Clipper encryption standard. The failure of recent 
         administrations lies in
         the fact that they did not seek greater industry participation
         before proposing the Clipper chip. Further, they ignored protests 
         from industry and Congress.
         
         THE BIG BROTHER ISSUE

         The Clipper chip can provide government agencies with
         unprecedented wiretapping ability.

         Ideally, the Clipper chip encrypts (scrambles) communication to
         everyone except the intended recipient. The key code to unscramble
         communication is held by two separate government agencies. The 
         government has the option of using a joining key code to unscramble
         communications with court-approved legal authorization.

         However, there is a strong possibility that a trap door exists in the
         Clipper chip that would allow agencies unauthorized tapping. The
         government wouldn't allow the algorithm used in the Clipper, called
         "SkipJack," to be studied publicly, so no one knows for sure.
         When the Administration endorsed the Clipper as a Federal Data
         Processing Standard on February 4, it was backed up with an immediate
         order for 50,000 Clipper chips. Meanwhile, a forced export
         embargo keeps all other encryption schemes expensive. U.S.manu-
         facturers must "dumb down" their data encryption programs by
         keeping the key lengths to 40 bits or fewer for legal export. The
         Clipper uses an 80-bit code.
         
         ENCRYPTION BASICS

         The following is a list of some of the basic terms that are used in
         encryption. Plaintext is the original unaltered message or file. 
         Ciphertext is the encrypted message or file. An encryption
         algorithm is the function that maps plaintext into ciphertext.  
         Keys are used to determine mapping.  Keyspace describes the size
         of the key; it determines 
         the number of all possible keys. For instance, an 8-bit key has a
         keyspace of 256 (256 possible values), where a 16-bit key has a 
         keyspace of 65,536.  Keys are usually alphanumeric.

         There are three main types of ciphers: substitution, transposition,
         and product. Substitution ciphers substitute each character in the 
         plaintext with another, determined by the key. Transposition ciphers
         rearrange the characters in plaintext, again, determined by the key. 
         Product ciphers combine the substitution and transposition
         algorithms.

         A substitution cipher simply substitutes each plaintext character
         with another character determined by the key. For instance, we could 
         easily displace the alphabet by one character to generate a simple 
         substitution. For example, ABC...XYZ could become BCD...YZA, and the 
         phrase "HELLO WORLD" would become "IFMMP XPSME."
         Substitution ciphers are also called Caesar ciphers, because Julius 
         Caesar used this simple method of encoding messages.

         The transposition cipher system rearranges the characters in
         plaintext. A simple system rearranges every two characters, so "ab" 
         becomes "ba." With this kind of cipher, "HELLO WORLD" becomes 
         "EHLLW ORODL."
         
         GENERATING MORE COMPLEX CIPHER SYSTEMS

         Blaise de Vigenere, a French cryptographer in the sixteenth century,
         complicated the simple Caesar code. He proposed that the key be
         used to change the plaintext in a periodic manner. When a message is 
         encoded by this method, you change a plaintext letter for each 
         successive letter in the key, always running through the same 
         sequence of key letters. A simple example should clear any confusion.

         Suppose the name "John" was selected for the key code. This corre-
         sponds to the number sequence 9, 14, 7, 13. To encode a message
         using this key sequence, divide the letters of the plaintext message
         into groups of four.  This corresponds to the four letters used in the
         key. 

         To each letter group, add 9 to the number value of the
         first letter of each group, 14 to the second letter, 7 to the third 
         letter, and 13 to the fourth letter. The example below illustrates 
         the Vigenere code:
         
         Key Code: JohnJohnJohnJohn
         Plaintext message: helloworld
         Ciphertext message: qssy xlvf m
         
         As you can see, the coding algorithms are becoming more
         complex. Even this code pales to the more sophisticated programs 
         available.
         
         THE DEBATE CONTINUES

         I've only scratched the surface in the great encryption debate. 
         There are a number of on-line newsletters carried on the Circuit 
         Cellar BBS that follow the issue closely Computer Underground Digest 
         [CuD] and Electronic Frontier Foundation [EFF].  If you are 
         interested in following along,  check them out.

         So what do you think? Write and let me nkwo (pun intended) 
         
         John Iovine is a free-lance writer living in Staten Island, N.Y.
         He has published numerous books on electronics and science-related
         topics. He may be reached at 75425.673 at compuserve.com.
         
         For those who wish to pursue data encryption, Images Company
         offers an encryption program titled Cipher 1.0 for $9.95. Images 
         Company, P.O. Box 140742, Staten Island, NY 10314, l 718 698-8305. 
         New York residents must add the appropriate sales tax. Add $5.00 
         postage and handling to  all orders.


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From xentrac at cybele.unm.edu  Tue Jul 19 01:37:30 1994
From: xentrac at cybele.unm.edu (Kragen J. Sittler)
Date: Tue, 19 Jul 94 01:37:30 PDT
Subject: Card Playing Protocol
In-Reply-To: <9407182303.AA03222@flammulated.owlnet.rice.edu>
Message-ID: <9407190837.AA15374@cybele.unm.edu>


Karl Lui Barrus:
> The house shuffles, bit commits to the shuffle, and sends you the
> hash.  Then, you can begin playing, or you can try to break the system
> by finding a deck with a matching hash.  After you are done, the
> casino sends you the deck and you can verify that you weren't cheated.
> 
> All sorts of other stuff can be added later, like digital cash, etc.

Salting the deck before hashing it could prevent the above attack.
Hopefully not too many people will suggest this on the list. :)

Kragen




From xentrac at cybele.unm.edu  Tue Jul 19 01:57:39 1994
From: xentrac at cybele.unm.edu (Kragen J. Sittler)
Date: Tue, 19 Jul 94 01:57:39 PDT
Subject: Sue D. Nym
Message-ID: <9407190857.AA15475@cybele.unm.edu>


I think that the evidence is pretty strong that Sue isn't Larry.
She's another person completely, with a different posting style, a
moderate feminist and extreme leftist political stance, a willingness
(possibly, probably IMHO) to forward unsubstantiated libels (Ollie
North smuggling drugs?  How likely is that?), a great deal of
sensitivity to the feelings of others, and a beautiful capacity to find
symbolism.  I could be wrong about any or all of these, but they are
my impression on reading her posts, both here and from the new-age
religion group.

I suggest that the cypherpunks list has been dominated by a few people
to a great extent.  They're highly intelligent people, their ideas are
worth listening to, but they don't take well to being challenged.  I
think that if we are to maintain a rational view of reality, we must
listen to the views of people from outside.  The tone has been rather
paranoid IMHO much of the time.

My opinion is that the repressive government shit that several
prominent and articulate cypherpunks fear so greatly is unlikely, for
the simple reason that the government is in the process of communist
collapse.  If it takes on health-care as well as all of the things it
has taken on so far, it will die from the inside much faster.  I
predict within two or three decades, unless it becomes a police state.

Needless to say, I don't want to be living here when that happens.
But I know that the government that rises in its place will be
different from any government the world has ever seen before, simply
because the circumstances it will arise in will be so unique.

We must be open to the opinions of others.  We don't need to accept
them without reservation;  I'd like to do my best to make sure that
what happens here after the Feds die is positive, and assures privacy.
I want to avoid the police-state mentality, though, which permeates
the thinking of many cypherpunks.

Kragen




From rishab at dxm.ernet.in  Tue Jul 19 02:33:47 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Tue, 19 Jul 94 02:33:47 PDT
Subject: The Detweiler Files on FTP
Message-ID: <gate.19qoPc1w165w@dxm.ernet.in>


rah at shipwright.com (Robert Hettinga):
> On the other hand, how old is this guy? 12? I mean what do we really know
> about him? Do these archives have anything on him besides his spam and the
> resultant fusilades?  Has anyone actually met him? Not that I'd like to, I
> guess...

He's obviously intelligent and rather older than 12. The archives have someone's
well-researched trace of his activities, Tim May's (lengthy) biography of LD, 
and some of his sane posts -- such as a correspondence with Diffie.


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From ebrandt at muddcs.cs.hmc.edu  Tue Jul 19 02:45:44 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Tue, 19 Jul 94 02:45:44 PDT
Subject: Sue D. Nym
In-Reply-To: <9407190857.AA15475@cybele.unm.edu>
Message-ID: <9407190945.AA10389@muddcs.cs.hmc.edu>


> I think that the evidence is pretty strong that Sue isn't Larry.

This isn't something that needs to be argued.  If "Sue" is Larry
and reveals this through his or her actions, so be it.  If he/she isn't,
or doesn't, that's great.  (I do have to wonder, though, who else
would remail messages with Detweiler's "Organization: CRAM" header.)

> I suggest that the cypherpunks list has been dominated by a few people
> to a great extent.

Actually, we're all T.C.May.

> I want to avoid the police-state mentality, though, which permeates
> the thinking of many cypherpunks.

Could you elaborate on what you mean by this?  I doubt many people on
the list think that a full-blown _1984_ is just around the corner.
Some of us are, however, not enamored of Clipper, Digital Telephony,
ITAR, a National I.D. Card, or the like.  I trust this does not
constitute a full-blown "police-state mentality".

> But I know that the government that rises in its place will be
> different from any government the world has ever seen before, simply
> because the circumstances it will arise in will be so unique.

Hmm.  I hope millenarianism works better now than it did the first
time around.

   Eli   ebrandt at hmc.edu




From rfb at lehman.com  Tue Jul 19 03:14:11 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Tue, 19 Jul 94 03:14:11 PDT
Subject: How to legally circumvent the PGP 2.6 "legal kludge"!
In-Reply-To: <2e2b5b31.flight@flight.hrnowl.lonestar.org>
Message-ID: <9407191007.AA13606@fnord.lehman.com>


    Date: Tue, 19 Jul 94 5:48:41 +1800
    From: Paul Elliott <paul.elliott at hrnowl.lonestar.org>
    
     How to legally circumvent the PGP 2.6 Legal Kludge.

[ Analysis of and clever workaround for legal_kludge deleted ]
    
    This kludge may seem to be too kludgy! It is asking a lot to ask users
    to type such a thing! But is this really a problem? Most users do not
    invoke PGP directly. They usually invoke PGP thru a mail program or
    some other shell program.  These shell programs can be easily modified
    to do the right thing.  In the worst case, people could define a shell
    alias to invoke pgp with the incantation!
    
    This discovery will allow people who must use PGP 2.6 to communicate
    with people with earlier versions of PGP!

All of this is true.  As someone who decided to start using 2.6, and
who typically invokes it indirectly, I will start using it.  However,
Bizdos and buddies have still succeeded to some extent.  Some people
will use 2.6 without any attempt to bypass legal_kludge.  Also
Detweiler . . . I mean, Sue . . . may already be sending 800 zillion
copies of your message to rsa.com.

			Rick





From xentrac at cybele.unm.edu  Tue Jul 19 03:57:35 1994
From: xentrac at cybele.unm.edu (Kragen J. Sittler)
Date: Tue, 19 Jul 94 03:57:35 PDT
Subject: Sue D. Nym
In-Reply-To: <9407190945.AA10389@muddcs.cs.hmc.edu>
Message-ID: <9407191057.AA16076@cybele.unm.edu>


Eli Brandt:
> > I suggest that the cypherpunks list has been dominated by a few people
> > to a great extent.
> 
> Actually, we're all T.C.May.

(Ignoring Det-bait :) No, but I think we *agree* with T. C. May more
than can be explained by the kind of people who subscribe to the list.
I think we see the logic in his postings, and since he is usually
considerably better at argument than anyone on the list who disagrees
with him, we tend to believe him.

> > I want to avoid the police-state mentality, though, which permeates
> > the thinking of many cypherpunks.
> 
> Could you elaborate on what you mean by this?  I doubt many people on
> the list think that a full-blown _1984_ is just around the corner.
> Some of us are, however, not enamored of Clipper, Digital Telephony,
> ITAR, a National I.D. Card, or the like.  I trust this does not
> constitute a full-blown "police-state mentality".

What I mean by this is that there are too many people who think that
the above things will *matter*.  Clipper is flopping and will continue
to flop.  DT, in whatever form, will never be useful; the government
simply does not have the resources to closely watch the phone network.
If a singularity-producing AI is born, well, all bets may be off...
but then again, the AI might want a little privacy too.  ITAR is
dying, and we already have a National ID Card.  We have had one for
more than half a century.

But the government which supports these things is being pulled
gradually into the embrace of communism.  Inexorably, communism sucks
at the hearts of the American voters.  The decline of America's
current government is already irreversible.  Our duty, as human beings
at the scene of the crime, is to make its death as pleasant as
possible, and its rebirth as innocuous as possible.

> Hmm.  I hope millenarianism works better now than it did the first
> time around.

:) It's not millenarianism, Eli.  It's just confidence that in this
age, when information is exchanged in ways it never has been before,
the old forms of government and economy won't work anymore.

Kragen





From smb at research.att.com  Tue Jul 19 04:13:34 1994
From: smb at research.att.com (smb at research.att.com)
Date: Tue, 19 Jul 94 04:13:34 PDT
Subject: Anti-Clipper Article in "THe Computer Applications Journal"
Message-ID: <9407191113.AA09296@toad.com>


Might I suggest that this is not the right newsgroup for anti-Clipper
articles?  I've never seen *any* Cypherpunk defend it; what's the
point?  Preaching to the choir?  Repeat doses of brainwashing?

Citations are fine; they show what the outside world thinks.  Technical
aspects are fine; there's a lot to be learned about Skipjack and key
escrow.  But there's little point -- on this list -- to hearing yet
again that Clipper is bad (unless, of course, someone starts defending
it here).


		--Steve Bellovin





From perry at imsi.com  Tue Jul 19 04:51:35 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 19 Jul 94 04:51:35 PDT
Subject: GUT and P=NP
In-Reply-To: <199407190029.AA07438@world.std.com>
Message-ID: <9407191149.AA00764@snark.imsi.com>



Ken Kirksey says:
> I was reading Hawking's _Black Holes & Baby Universes_ and an interesting
> question struck me:  If a Grand Unified Theory exists, would it not 
> prove P=NP to be true?

No.

.pm





From solman at MIT.EDU  Tue Jul 19 05:37:39 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Tue, 19 Jul 94 05:37:39 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407190102.AA15543@netmail2.microsoft.com>
Message-ID: <9407191237.AA21406@ua.MIT.EDU>


> >Nonetheless, your cryptanalytic algorithm makes clear an additional
> >constraints that must be placed on the system which I had not realized:
> 
> >From the algorithm, the plaintext, and the cypher text, in must not be
> >possible to reconstruct both the plaintext, and the cyphertext for either
> >half of the message.
> 
> >To that end I would suggest the improvement of making the splitting
> >operation dependent on the keys.
> 
> For that matter, one could have a third key which is used by the
> splitting algorithm.  If one chooses to make this splitting key a
> function of the two DES keys, then this approach reduces to your
> suggestion, at the expense of a smaller keyspace.  It could be said
> that, in the code fragment of my previous message, the splitting key
> is fixed at 0x55555555.
> 
> So now the meet-in-the-middle attack regains its earlier applicability:
> A known-plaintext attack would encrypt P with the splitter, decrypt
> C0 with DES, and attempt to meet in the middle to discover key K0;
> similarly, decrypting with C1 to get K1.

I don't believe this is true. You have C0 and C1, but you can not figure
out P0 and P1 without the hash of the concatenation of both keys. Without
this you can not do a meet in in the middle attack, right?

BTW, after thinking about things, I would modify my earlier design in
one way:

Don't concatenate the negation of the two key hash to the hash. The
point of that step was to split the cipher into two equal sized parts,
but there is no reason to require that. In fact the possibility of
different sized parts would add to the confussion. (The probability
of an extreme imbalance in the size of the ciphers is extremelly
small.)

> If you can design a splitter
> that is as cryptographically secure as DES (good luck), then the
> resulting algorithm is as secure as double DES.

I think that multiplexing based on the hash of the concatenated keys
is as secure as the one way hash function is, no?

> In your previous message, you commented:
> 
> >I have a hunch that if I'm wrong, its because the time required to do secure
> >non-redundant secret splitting is as large as the time I'm saving.
> 
> If your secret-splitting algorithm is as secure as DES, then it probably
> runs as slowly as DES does, making your hunch correct.  However, even if
> this were not the case, the security of this scheme is significantly less
> than that of triple DES.

Well I don't believe that this is the case, but there is one way to find out
:). I believe that for messages longer than a couple of K, my algorithm
provides substantially more security than its DES analog and is quicker.
I'll write up a version of this that splits into 4 parts and post it here
some time over the next week. I think that splitting into four parts should
be about as quick as double DES while providing substantially more security
than triple DES (which I will time it against).

The question of the security of the split is difficult to resolve so I would
like some help with it. Is multiplexing based on the hash of the concat of
the keys as secure as the hash?

Cheers,

Jason W. Solinsky





From frissell at panix.com  Tue Jul 19 05:56:56 1994
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 19 Jul 94 05:56:56 PDT
Subject: Federal Control of Financial Transactions
Message-ID: <199407191254.AA11524@panix.com>


As regular readers will be aware, Tim May and I have been sparring with each
other about the risks of various control strategies that the world's
governments may deploy.

I thought it might be helpful to make one of his fears concrete so that we
can analyze it.  I trust that I am not putting words in Tim's mouth.

The major concern is the same one mentioned in the Book of Revelations:

"REV 13:16  And he causeth all, both small and great, rich and poor, free 
and bond, to receive a mark in their right hand, or in their foreheads:

REV 13:17  And that no man might buy or sell, save he that had the mark, 
or the name of the beast, or the number of his name."

So the Feds deploy a card (smart or dumb) that has to be used for most
transactions and lets them track everything we do.  Tourists are brought
into the system through the use of temporary cards (or the machine-readable
strip on their passports which already includes a space for a national ID
number.)

How is this most likely to come about?  I consider force majeure to be
unlikely.  It would be rough to get Congress to impose a burden like this on
businesses (who would have to completely wire themselves) in a formal vote.
It is not necessary to do this in any case since they know they can't snag
everyone into the system.  They just want to capture most of the transaction
data.  If they can do it administratively without involving Congress in
controversy, they will use that approach.

Clipper and the Post Office agitprop on the US Card give us a possible
scenario.  The P.O., desperate to find a reason to exist as its core
business drains away to the wires and private carriers, would like to become
the primary digital signature authorizers for the U.S.  It claims to be able
to put millions of "US Cards" in the hands of happy shoppers within months
of the go-ahead.  (Assuming they use FedEx for the actual *shipments* of
course).  The recently attempted "Clipper maneuver" of game strategy
(government preemption by standard setting rather than by direct application
of force) shows us how the US Card system might be actually deployed.  The
government adopts the standard it likes and tries to make it the de facto
standard by requiring it for most official business.  An instant market is
thereby created.  No congressional action required.  

Similarly, the government might try to preempt the market for digital
signature and commercial encryption technology by deciding to make anyone
who wants to use a digital signature system in dealings with the government
use the Post Office or some such agency as the signature authenticator.
Thus bids, purchasing, benefits, and taxes could all require your "US Card"
registered at your local post office.  The government would then hope that
commercial users who would need to use the government's system for tax
filings anyway would also use it for its ordinary dealings with the public.
Then if a health care bill drafting you into a "universal coverage" army is
ever passed, the "US Card" also becomes the Health Security Card you will
have to show to get a job in the US.

Thus, all sorts of authentication transactions would pass through the
powerful and efficient post office data network and the
ex-countercultural/born-again control freaks Inside the Beltway could get
their jollies tracking your employment and purchases.

What's the big hole in this frightening scenario?  Ask yourself one
question.  Why is the Post Office looking around for some useful work these
days?  Didn't they have a monopoly guaranteed by the Federal Government for
more than 100 years?  If they couldn't make a go of it with a pure coercive
monopoly during a time of slower commercial activity, what makes them think
that they can compete *without* a genuine coercive monopoly in a time of
constant change.

Governments have proved over and over again that they can go broke running
"guaranteed" money spinners like state lotteries and such.  They don't stand
a chance in a marketplace that will break the hearts of the brightest people
this planet has ever produced.

What has recent history established?  Governments are weaker.  

Why didn't the Amin mandate Clipper?  No political ability to do so.  Why
are banks and telecoms being deregulated in nearly every country on earth
(in spite of propaganda about "risks" and "public needs"?  Why have exchange
controls (a common feature of life a generation ago) become impossible
almost everywhere on earth?  Is it "free market ideology" that has triumphed
or did the *reality* of markets rather than the *idea* of markets hit
governments on the head.

To those who romanticize the power of the State in the modern world I ask,
why doesn't Clinton impose wage and price controls, exchange controls,
tariffs, and a full-blown industrial policy?  Why doesn't he nationalize the
steel industry, guarantee jobs for all, confiscate all estates above
$100,000, impose 95% income taxes on those making more than $40,000/year,
and all of the other proposals that were popular earlier in this century?  I
doubt that he is restrained because of his deep commitment to human liberty.
He doesn't do it because he can't.  Markets wouldn't put up with it.  His
government would be destroyed (by capital flight.)  

In this connection, I invite everyone to read the excellent profile of Japan
in last week's Economist.  It discusses the current and growing Japanese
commitment to deregulation and what is driving it.  That issue is a keeper
anyway because of an article on commerce on the Internet and (as has been
mentioned before) the use of the word "anarcho-capitalism" in an article
comparing Thailand and Singapore.

Assuming that the government were to attempt to establish a Post Office
mediated digital authentication system, there is no guarantee that it would
work.  Foreign users would presumably use foreign systems to authenticate
their transactions.  Some of these systems might be run by privatized
foreign PTTs or by others.  Note that since banks and credit agencies will
still have to approve the transactions anyway (to make sure you've got the
dough), they may decide to use other systems for signature authentication.
It would not really cost them any more.  Since information is cheap, setting
up a system to use several authentication systems is almost as easy as
setting up a system to use one.  (Particularly since you have to do it
anyway.)  It is difficult to imagine the P.O. being able to compete in the
cutthroat world of credit processing.

Recall that even today, there are companies that pick up and deliver your
mail to the P.O. to speed the process along.  Similarly, expediters may
interpose themselves between the customer and the P.O. to speed
authentication in the even that the P.O. network is slow or inefficient
(likely).  

Here again, Clipper gives us some hints as to how the attempted market
cornering might work out in practice:  The Admin is currently floating
stories about perhaps withdrawing Clipper in favor of "wider discussions"
with the industry.  Clipper is already painfully obsolete and it isn't even
shipping in quantity.

Inefficient government monopolies create marvelous profit opportunities for
markets to arbitrage the gap between cost and price.  In a highly efficient
networked world, it will be very difficult for governments to compete.

DCF

Why Pizza Hut should hire *me* as their spokesman:

"Why does Pizza Hut oppose mandatory, employer-paid health insurance in the
US even though we are forced to pay it in Japan and Germany? 

We support the principle of cultural diversity under which different
societies experiment with different methods of social organization.  Germany
and Japan have chosen one road, we have chosen another.  Pizza Hut would not
voluntarily impose on our US customers the burden of the very high food
costs that the agricultural policies of Germany and Japan impose on their
citizens.  Similarly, we would not choose to impose on our US employees the
burden of bureaucratically designed employment contracts.  

Pizza Hut supports the right of our customers to enjoy the least expensive
and best pizza on earth and the right of our employees to bargain with us
collectively and individually concerning the conditions of their employment."










From nelson at crynwr.com  Tue Jul 19 06:40:49 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Tue, 19 Jul 94 06:40:49 PDT
Subject: Expose on North's Arm Smuggling
Message-ID: <m0qQFUv-000IBeC@crynwr.com>


   Date: Mon, 18 Jul 1994 19:53:45 -0700
   From: someone

    It IS Detweiler. For sure.

Fine.  I don't care.  If he's going to behave himself, what's the
problem?  If not, we should censure him as we would censure anyone.
Worrying about whether *this* person or *that* person is Detweiler is
completely unproductive.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From lstanton at sten.lehman.com  Tue Jul 19 06:51:54 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Tue, 19 Jul 94 06:51:54 PDT
Subject: Leaving the Country
In-Reply-To: <Pine.3.87.9407151439.A9384-0100000@crl2.crl.com>
Message-ID: <9407191352.AA07329@sten.lehman.com>


Sandy Sandfort <sandfort at crl.com> writes:
  > >From what Tim alludes to, I still think he is just plain wrong about how 
  > bad things would be on him.  He's probably getting bad advice from 
  > practicing lawyers who have a vested interest in having financial privacy 
  > "difficult" to obtain.  (More billible hours, more fees.)  For the rest 
  > of us who aren't retired zillionaires, though, there is plenty that can 
  > be done.

The real problem that I see is getting legal assets out of the control and
monitoring of the US/IRS. Especially without taking a bath in the process.

It is much easier to launder illegal assets than legal ones, and any method
would need to handle NYSE securities to be useful.




From ravage at bga.com  Tue Jul 19 06:57:22 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 19 Jul 94 06:57:22 PDT
Subject: GUT and P=NP
In-Reply-To: <9407191149.AA00764@snark.imsi.com>
Message-ID: <199407191356.IAA28134@zoom.bga.com>


> 
> 
> Ken Kirksey says:
> > I was reading Hawking's _Black Holes & Baby Universes_ and an interesting
> > question struck me:  If a Grand Unified Theory exists, would it not 
> > prove P=NP to be true?
> 
> No.
> 
> .pm
> 
Ok Perry, I am not going to let you off that easily. Could you elucidate why
you feel that such a GUT would not solve this problem even in principle? If
a GUT could answer definitively whether there were a many-worls interpretation
this would definately address at least peripheral aspects of the P=NP problem.
It would also, necessarily, describe some limitations on computations and 
problem complexity. 

When one considers that there is no clear definition or proof of the exact 
solutions methods to prove P=NP it seems premature to posit such a definate
answer. While it might not be true that it would solve the problem in toto
it may be true that a clarification of the boundary conditions might make
the solution easier by reducing the number of choices of methodology one 
might look at.

I am interested on why you feel a GUT would have no effect, at least, on 
the boundary conditions of the problem?

Take care.






From perry at imsi.com  Tue Jul 19 07:11:03 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 19 Jul 94 07:11:03 PDT
Subject: GUT and P=NP
In-Reply-To: <199407191356.IAA28134@zoom.bga.com>
Message-ID: <9407191410.AA00961@snark.imsi.com>



Jim choate says:
> Ok Perry, I am not going to let you off that easily. Could you elucidate why
> you feel that such a GUT would not solve this problem even in
> principle?

Because the question "does P=NP" is a question made with respect to an
abstract mathematical model that has nothing to do with the laws of
physics or the "real world". The models it is based on are complete in
and of themselves. Even in a Newtonian universe in which all things
are deterministic, the mathematical concept of a non-deterministic
Turing machine is possible. The notion that physics breakthroughs
might help the problem is based on a complete and utter ignorance of
the way mathematics works. It is as though one could show that the
concept of one half doesn't "work" because in the real world you can
never cut something perfectly in half.

The notion also shows a complete ignorance of automata theory and
its motivations. Turing machines are ALREADY impossible. They exist
only in mens minds.  A real Turing machine could never be built,
period, because they require infinite tapes. A Turing machine is a
MODEL of computation. The notion of a non-deterministic Turing machine
was never based on the concept that such a thing could actually exist,
but on the idea of asking the question "assuming one existed, what
could one do with one that one couldn't do with a "normal" Turing
machine." It is a common exercise in automata theory -- one sees
many exercises of the form "what could you do with an N head M tape
Turing machine, and how much faster can it compute". Did you suppose
that just because one can't build oracles for unsolvable problems that
the mathematics of oracles would suddenly disappear into the void?

> If a GUT could answer definitively whether there were a many-worls
> interpretation this would definately address at least peripheral
> aspects of the P=NP problem.  It would also, necessarily, describe
> some limitations on computations and problem complexity.

It would not have the least effect, any more than one could settle the
question of whether the continuum hypothesis is true.

Perry





From ravage at bga.com  Tue Jul 19 07:13:58 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 19 Jul 94 07:13:58 PDT
Subject: Sue D. Nym
In-Reply-To: <9407191057.AA16076@cybele.unm.edu>
Message-ID: <199407191413.JAA28997@zoom.bga.com>


> the above things will *matter*.  Clipper is flopping and will continue
> to flop.  DT, in whatever form, will never be useful; the government
> simply does not have the resources to closely watch the phone network.
> If a singularity-producing AI is born, well, all bets may be off...
> but then again, the AI might want a little privacy too.  ITAR is
> dying, and we already have a National ID Card.  We have had one for
> more than half a century.
>
On the issue of AI, the Dept. of Treasury has a AI project as White
Sands which is intended to watch real-time the monetary transactions
of the citizen-units real-time (quite a task if you ask me). It would
not be a stretch of the imagination to see such technology hooked into
a network of intelligent switches for real-time communications monitoring.
In most cases all the AI would need access to is the identity of the 
parties, not necessarily the entire contents of the communication.

As to the national ID card you refer to, is this the Social Security Card?
If so it is not, nor was it ever meant to be, a national ID card. The only
agencies which *require* access to it are the IRS and the SSA.

> But the government which supports these things is being pulled
> gradually into the embrace of communism.  Inexorably, communism sucks
> at the hearts of the American voters.  The decline of America's
> current government is already irreversible.  Our duty, as human beings
> at the scene of the crime, is to make its death as pleasant as
> possible, and its rebirth as innocuous as possible.
>
Seems to me we are looking at Socialism and not Communism as the trend of 
the day. Communism implies that we all work together in a 'commune' where all
is owned by all. Socialism however is the belief that the people can handle
small amounts of private ownership and responsibility but ultimately the 
power resides in the authorities. The situation really reminds me of the 
post-WWI conditions in Italy when Mussollini took over and instituted facism
as the order of the day. The only good thing one can say about that is that
the trains run on time.

> :) It's not millenarianism, Eli.  It's just confidence that in this
> age, when information is exchanged in ways it never has been before,
> the old forms of government and economy won't work anymore.
>
I do not believe this for a minute. Governments and economies are mitigated 
by psychology not technology. Technology is the means, not the goal. The      
information is what is important, not how it is transfered. While it is true
that the existing systems are having a hard time keeping up with the technology
this is due to beurocratic inertia to do it as it has been done in the past
more than any particular aspect of technology which prevents its use by any
particular party. If your thesis is correct then we have nothing to worry 
about and our 'meeting' here is a waste of our time, we should be out pushing
technology even harder and not worrying about government and its policies 
in any way. I get the impressio that you feel the world is driven by technology
and I hold that people always have and always will drive the world and how
it turns out. Technology is a means to an end, not an end unto itself.

Take care all.






From nzook at math.utexas.edu  Tue Jul 19 07:32:43 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Tue, 19 Jul 94 07:32:43 PDT
Subject: GUT and P=NP
Message-ID: <9407191429.AA02051@vendela.ma.utexas.edu>


(flashing mathematical credentials)

Okay, I was hoping this would die quietly, but sinces it isn't....

GUT is a physical theory.  If true, it is believed, it would be possible to
manufacture a computer which excedes a Turing machine in several important
ways.  In particular, it is believed that a "quantum computer" could perform
certain NP tasks (factoring) in P time.

BUT, as I read it, this has _nothing_ to do with the P/NP question.  It simple
creates a new area of inquiry, the QP/QNP/QNP-complete area.  (The first qu
question being wheather some of these sets are empty.)  The P/NP question is
a question about Turing machines, and as such, would not be affected by the
creation of a non-Turing computer.


As for boundaries...  GUT _might_ give us a single equation that contains all
physical laws.  But so what?  We can't even solve the three-body problem for
gravity!  Chaos is an emergent process.

Have fun.






From ravage at bga.com  Tue Jul 19 07:54:07 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 19 Jul 94 07:54:07 PDT
Subject: Recent references to Crypto in the media...
Message-ID: <199407191453.JAA01223@zoom.bga.com>


Hi all,

Just a note to alert those interested that the latest issue of PC Magazine
has two articles about crypto. One is about public key and DES and the 
general currents. The second is in reference to WinCrypt.

Both articles are very general and do not delve into technical discussion.

Take care.






From cme at tis.com  Tue Jul 19 08:26:54 1994
From: cme at tis.com (Carl Ellison)
Date: Tue, 19 Jul 94 08:26:54 PDT
Subject: Nat'l ID # ?
Message-ID: <9407191526.AA20126@tis.com>


It strikes me as anachronistic to worry about national ID numbers for
privacy reasons.  With data processing of the 1950's, someone would have
needed a single index number in order to gather all records about me into
one place.  With today's excess computing power, there's no problem doing a
kind of fuzzy fill algorithm -- find all my various numbers, record links
between them and therefore equate them

	(MC 1234 5678 8765 1982)
	= (AMEX 9876 123655 83002)
	= (SS 788 84 2345)
	= Carl M. Ellison 2130 Mass Ave; Cambridge 02140
	= (617) 876-6644
	etc.

To aid those who are computationally challenged, this entity could also
create its own index number and let others refer to that -- even call it
a national ID number.

None of this requires a national ID card.






From nzook at bga.com  Tue Jul 19 08:29:22 1994
From: nzook at bga.com (Nathan Zook)
Date: Tue, 19 Jul 94 08:29:22 PDT
Subject: Cypherpunks & math
Message-ID: <Pine.3.89.9407191010.A2415-0100000@zoom.bga.com>


I know I'll regret this, but...
I've seen a lot of comments by folks that indicates a high level of
mathematical sofistication.  So I'm curious.

Please e-mail me as follows:
SUBJECT: nomath              If you've not had some Discrete Math course.
SUBJECT: discrete            If you've had Discrete Math.
SUBJECT: algebra1            If you've had semester course on algebra.
SUBJECT: algebra2            If you've had a year-long senior level course
                               based on Fraliegh or some such.
SUBJECT: grad                If you've been to grad school in math.
SUBJECT: firstcourse         If you've had the prelim algebra course. 
                                     (Hungerford or such)
SUBJECT: prelim              If you've passed your algebra prelim.
SUBJECT: orals               If you've passed your oral exam.
SUBJECT: orala               If your oral had a significant algebra component
SUBJECT: candidate           If you are a candidate in algebra.
SUBJECT: phd                 If you have a phd in math.
SUBJECT: research            If you have published in number theory.

I'm an "orala".

Thanks!





From berzerk at xmission.xmission.com  Tue Jul 19 09:06:48 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 19 Jul 94 09:06:48 PDT
Subject: y'all gotta see True Lies
In-Reply-To: <9407190601.AA14391@ nextsrv.cas.muohio.EDU >
Message-ID: <Pine.3.89.9407190914.A322-0100000@xmission>




On Tue, 19 Jul 1994 jdblair at nextsrv.cas.muohio.EDU wrote:
> 2) A "blanket order" to a vague, unknown government agency to wire tap
> anything they feel like. 
Dont forget the abuse of this to tap his own wife!  I am sure that 
convinced everyone that there needed to be no oversite on this.(not).

They also mentioned that unauthorized wiretaps were a felony, but also 
showed the man ignoring it.

> 5) Of course, every hacker in the audience noticed that the rich
> multinational zillionaire is unable to choose encryption secure enough to
> fend off an attack on minutes in length using computer equipment in a van! 
> What was he using to hide his records?  Enigma? 
No! an atack on enigma would take much to long, must have been [in]deskrete.

> 6) Oh yeah, the women are unable to do anything except talk on the phone,
> get into catfights, give men blowjobs, and kill people by accident.  The
I liked that part.:-)

> 7) Luckily, amid all the casual death in the name of national security and
> the american way, we have Arnie pointing out that "he only kills bad
> people."  Reminds me of the time I was at the Space and Rocket Center in
The exact line was 
Q: "have you ever killed anyone?"
a: "Ja, but they were all bad".

> Huntsville, right after the Gulf War.  They had a patriot missile on
> display, along with the wreckage of a "busted scud."  A mother pointed to
> the missile, saying to her son, "Look, its the patriotic missile."  I am
> not making this up. 
Raising good little sheep for the fatherland.

> I doubt it'll matter who's holding the wheel. I think the car's driving 
> itself.
And it is not a pendulum swinging back and forth, it is a car swerving 
from the right lane to the left lane and heading for a cliff.

> If anyone has a good monkeywrench, send it my way.
Hehehhehehehehheheheheh.

Berzerk, Green Libertarian
*******************
Hey, those dams were paid for by stolen tax money, right?  Does that mean 
we can blow them up?





From sandfort at crl.com  Tue Jul 19 09:11:49 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 19 Jul 94 09:11:49 PDT
Subject: Leaving the Country
In-Reply-To: <9407191352.AA07329@sten.lehman.com>
Message-ID: <Pine.3.87.9407190929.A7007-0100000@crl2.crl.com>


C'punks,

On Tue, 19 Jul 1994, Linn Stanton wrote:

> . . .
> The real problem that I see is getting legal assets out of the control and
> monitoring of the US/IRS. Especially without taking a bath in the process.
> 
> It is much easier to launder illegal assets than legal ones, and any method
> would need to handle NYSE securities to be useful.

Can do.  If Duncan and I gave a privacy seminar, who would be interested 
in participating?  Private e-mail responses, please.


 S a n d y








From berzerk at xmission.xmission.com  Tue Jul 19 09:15:21 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 19 Jul 94 09:15:21 PDT
Subject: GUT and P=NP
In-Reply-To: <9407191149.AA00764@snark.imsi.com>
Message-ID: <Pine.3.89.9407191040.A322-0100000@xmission>




On Tue, 19 Jul 1994, Perry E. Metzger wrote:
> Ken Kirksey says:
> > I was reading Hawking's _Black Holes & Baby Universes_ and an interesting
> > question struck me:  If a Grand Unified Theory exists, would it not 
> > prove P=NP to be true?
> No.
Unless *all* problems in the GUT were of class P and it was 
deterministic(ala bohm).  And if wishes were horses beggars would ride.

Roger, Never say never, Bryner.





From rah at shipwright.com  Tue Jul 19 09:27:34 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 19 Jul 94 09:27:34 PDT
Subject: Federal Control of Financial Transactions
Message-ID: <199407191625.MAA16624@zork.tiac.net>


At  8:53 AM 7/19/94 -0400, Duncan Frissell wrote:

>Inefficient government monopolies create marvelous profit opportunities for
>markets to arbitrage the gap between cost and price.  In a highly efficient
>networked world, it will be very difficult for governments to compete.

Yeah. What he said.  Arachno-Capitalism, anyone?

You have to be careful to use the analytic methods of the present (modern
financial concepts, for instance), to make informed guesses about the
future.  If you don't, and your analysis is clouded with a belief in the
efficacy of command economies, you start to see totalarians behind every
bush.

I think Eric put his finger on it before when he said something about not
demonizing the NSA. They were just wrong, and they were going to lose this
fight because the technology was stacked against them. "Reality is not
optional", to quote Thomas Sowell.

While I've been watching this discussion about manditory identity, I keep
remembering a couple of things I read a while ago.

The first was Gerard K. O'Neill's book "2081". Gerry was the Princeton
physicist whose undergraduate physics class started the space colonization
craze of the late 70's. In "2081", O'Neill had posited a world where, among
other things, everyone had micro-transponders. The ultimate nightmare of
free people everywhere.  Yet it had it's advantages. You could pick up
something and walk out of a store, and since the store's receivers knew who
you were and what you took, the item would be deducted from your bank
account. Phone calls would be routed to follow you wherever you went. If a
crime is committed, you have an alaibi.

I'm pretty sure most of you have heard about Xerox PARC's work in this
regard. There was an article in Scientific American about it a couple of
years ago. I even saw that Olivetti has begun manufacturing the smart
badges (transponders) upon which the technology hinges.

I expect that strong cryptology is the way to make this technology work so
that a person's freedom and privacy is actually enhanced.

The other thing I remember reading was an old Esther Dyson (Freeman Dyson's
daughter...synchronicity!) quote about the necessity for some kind of law
which made personal information the property of the person whose
information it was.

Again, I expect strong crypto and market mechanisms will evolve together to
enforce that legal claim at some point.

Cheers
Bob Hettinga



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From gtoal at an-teallach.com  Tue Jul 19 09:30:31 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 19 Jul 94 09:30:31 PDT
Subject: CBS News: National ID Card Returns
Message-ID: <199407191629.RAA05329@an-teallach.com>


: From: michael at resonex.com (Michael Bryan)

: On a related note, I was very surprised when I went to England, and
: found out that their driver's licenses don't have photos on them,
: supposedly because it would be an invasion of privacy.  And I was also
: told that they cannot keep your fingerprints on file permanently,
: except for particularly severe crimes.  Minor crimes might allow them
: to keep records of your fingerprints for a couple of years or so, but
: then the records must be destroyed.  It's amazing how complacent we
: are in the US by comparison.  I fear that a National ID card would be
: far to easy to foist upon the American public.  I hope I'm wrong.

The *police* aren't supposed to keep fingerprints on file if the
person isn't a criminal, but who believes they're that stringent?

And of course MI5 (SIS, whatever) can do what they damn well please.

The USA aren't supposed to keep peoples fingerprints on file either,
after they've done the background check, when you immigrate.  Want to
bet they do?  I think when I give my fingerprints I'll ask the
official to write me a *personal* guarantee that my fingerprints won't
be saved, then sue his ass if they ever appear later...  once they've
been digitised for the system, do you believe that all copies will
be deleted?  I sure don't.  All I believe is when they tell you the
*card* will be returned they're probably telling the truth.  BFD.

G (Who also wonders if the blood sample for AIDS testing gets dried
and filed for future genetic fingerprinting...)
PS So are we going to spin off that list we talked about for this
sort of stuff or not?  Sameer?





From perry at imsi.com  Tue Jul 19 09:35:10 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 19 Jul 94 09:35:10 PDT
Subject: GUT and P=NP
In-Reply-To: <Pine.3.89.9407191040.A322-0100000@xmission>
Message-ID: <9407191634.AA01305@snark.imsi.com>



Berzerk says:
> Unless *all* problems in the GUT were of class P and it was 
> deterministic(ala bohm).

That would make no difference. This tells us nothing about what
problems that are not in class P are like -- and our question is,
after all, if there are problems in NP that are not in P. The
determinism never even comes into play. Beyond that, the possibility
of such a mapping between P and GUT is so miniscule as to be
infinitesimal, and certainly has nothing to do with the question of
whether the universe is closed (which is what the original poster
suggested), especially since GUT doesn't predict the mass of the
matter in the universe and thus makes no prediction on openness or
closedness.

Perry





From t-vinodv at microsoft.com  Tue Jul 19 09:49:26 1994
From: t-vinodv at microsoft.com (Vinod Valloppillil)
Date: Tue, 19 Jul 94 09:49:26 PDT
Subject: Big Brother comes to Campus
Message-ID: <9407191649.AA02521@netmail2.microsoft.com>


<stuff about Mankato State U. requiring that all students use a new 
PhotoID card deleted>

	Personally, I don't think I have any real problem with it.  Unlike a 
government approach, you still retain some level of choice -- i.e. if 
you don't like Mankato's ability to track you through this card, don't 
go to Mankato, or perhaps more realistically, minimize usage of the 
card.  This seems kind of similar to the arguments about a company's 
right to use escrowed keys.  There is no reason why a company can't 
mandate that all use escrowed keys for employees conducting company 
business (email, transactions, etc.).  If the company is regularly 
using its keys to examine your mail and it pisses you off, quit and 
work for a different company that treats its employees with more 
respect.  In any case, choice is preserved.

Vinod





From johndo at microsoft.com  Tue Jul 19 09:50:08 1994
From: johndo at microsoft.com (John Douceur)
Date: Tue, 19 Jul 94 09:50:08 PDT
Subject: Why triple encryption instead of split+encrypt?
Message-ID: <9407191650.AA02589@netmail2.microsoft.com>



-----BEGIN PGP SIGNED MESSAGE-----

>From:  <solman at MIT.EDU>
>Date: Tuesday, July 19, 1994 8:37AM

>> So now the meet-in-the-middle attack regains its earlier applicability:
>> A known-plaintext attack would encrypt P with the splitter, decrypt
>> C0 with DES, and attempt to meet in the middle to discover key K0;
>> similarly, decrypting with C1 to get K1.

>I don't believe this is true. You have C0 and C1, but you can not figure
>out P0 and P1 without the hash of the concatenation of both keys. Without
>this you can not do a meet in in the middle attack, right?

Wrong.  (sorry to sound so authoritative; just wanted to make my position
clear.)  If you knew how to perform the split, there would be no need for
a meet-in-the-middle attack; you could just attack each of the DES
encryptions of the split data separately.

Recall that a meet-in-the-middle attack is a method for cryptanalyzing a
message that has been doubly encrypted, as the following:

	I = E0_K0(P)
	C = E1_K1(I)

By this nomenclature, I mean to imply that not only the keys but also the
algorithms may be different between the first and second encryptions.
Meet-in-the-middle works by encrypting from P towards I, decrypting from
C towards I, and attempting to meet in the middle.  For algorithms with
large keyspaces, this attack requires so much memory for storing
intertext as to be almost absurd in today's world, but it is a valuable
theoretical technique for demonstrating that double encryption provides
little more computational security than single encryption.

I am claiming that your technique:

	P0, P1, P2, ... Pn = S_KS(P)

	C0 = E_K0(P0)
	C1 = E_K1(P1)
	C2 = E_K2(P2)
	.   .   .
	Cn = E_Kn(Pn)

Can be decomposed into parallel double encryptions, and is therefore just
as vulnerable to a meet-in-the-middle attack as double DES (or more so,
if your splitting algorithm is less secure than DES).  NB:  When I use
the term "double encryption" here, I am not referring to your use of DES
multiple times after the split; I am referring to the splitting itself as
the first encryption, and the DES as the second encryption.  Let us
define the function Sx_KS(P) as the portion of the splitting algorithm
which produces Px:

	P0 = S0_KS(P)
	P1 = S1_KS(P)
	.   .   .

We now have a parallel set of double encryptions as follows:

	P0 = S0_KS(P)
	C0 = E_K0(P0)

	P1 = S1_KS(P)
	C1 = E_K1(P1)

	.   .   .

Each of these double encryptions is vulnerable to a known-plaintext
meet-in-the-middle attack from P to Cx.

>Don't concatenate the negation of the two key hash to the hash. The
>point of that step was to split the cipher into two equal sized parts,
>but there is no reason to require that. In fact the possibility of
>different sized parts would add to the confussion. (The probability
>of an extreme imbalance in the size of the ciphers is extremelly
>small.)

>I think that multiplexing based on the hash of the concatenated keys
>is as secure as the one way hash function is, no?

In my above argument, I assumed a splitting key which is completely
independent of the DES keys.  This will be more secure than a splitting
key which is *any* function of the DES keys, since it increases the size
of the keyspace.

>> the security of this scheme is significantly less
>> than that of triple DES.

>Well I don't believe that this is the case,

Perhaps you do now?

>but there is one way to find out
>:). I believe that for messages longer than a couple of K, my algorithm
>provides substantially more security than its DES analog and is quicker.
>I'll write up a version of this that splits into 4 parts and post it here
>some time over the next week. I think that splitting into four parts should
>be about as quick as double DES while providing substantially more security
>than triple DES (which I will time it against).

If you still maintain this position, then either you have not understood my
argument above, or I seriously misunderstand your algorithm.  If you have
not yet been convinced that you have not eliminated the meet-in-the-middle
attack as triple encryption does, then I welcome your algorithm in code, so
that I may see if I am missing something fundamental in your approach.
However, I strongly suggest that you review meet-in-the-middle attacks as
described by Merkle and Hellman and judge for yourself their applicability
to and effectiveness against your algorithm.

>The question of the security of the split is difficult to resolve so I would
>like some help with it. Is multiplexing based on the hash of the concat of
>the keys as secure as the hash?

The security of the generation of the splitting key from the DES keys is
almost irrelevant.  You can guarantee that the splitting key is completely
uninferable from the DES keys by making them independent, yet the
split+encrypt algorithm is still as weak as (or weaker than) double DES.

JD

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiwC4EGHwsdH+oN9AQFfIQP+MoNBMzrrZiTJYdF2eIuwLiprxTLeqBpR
pxNfOrQ190Ugw+BGcjgbb7r1HZkpPtvNaXEtS/n0jBDasMalnwnPbNDM1rpl0ZkY
qWsGcLXhb5MQr/sCN9E5Bud8QCRD1eF+OL3jLUxIq3fKVuECA1zk+4osE2bTw2Fv
shX6vT8xZjg=
=COAe
-----END PGP SIGNATURE-----





From catalyst-remailer at netcom.com  Tue Jul 19 10:07:35 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Tue, 19 Jul 94 10:07:35 PDT
Subject: the Cypherpunk and the Shadow
Message-ID: <199407191707.KAA09373@netcom6.netcom.com>


L.Detweiler here. I'm extremely hurt by Hal Finney's recent accusations
that I am trying to `sabotage' remailers. Quite to the contrary, I 
am attempting to strengthen your infrastructure through frequent use
and pointing out the lapses in design. I see cypherpunks attacking
Unix security holes with such fervor, but how is that you, as designers,
failed to even anticipate a `geometrical explosion' attack after 
several years of remailer operation? If I wanted to destroy your
remailers I would be sending you exploding mailbombs every second!

Hal Finney claims that I have a `well known enmity' to anonymity &
pseudonymity. Quite to the contrary I am fully in favor of responsible
uses of it. But I also believe it is not for a remailer operator to
determine `responsible use'. (And, actually, I thought you did too). 
The entire population of cyberspace does not understand 
this simple concept: cutting off a message at the source is 
censorship; cutting it off at the destination is filtering. 
I am trying to force people to understand this. 

Where are the reputation systems that some Cypherpunks have talked about? 
They are *far* more important to cyberspatial development than remailers.
And in fact they will help us deal with remailers in a positive way.

The essence of the animosity toward remailers is not that anonymity
is involved, but that people wish to be able to control what they
themselves read, and (for the closet control freaks) what other 
people read. The latter urge I believe is generally a perversion of
free speech, outside of exceptional cases (e.g. where a parent controls
what their child reads, although even this I have some objections to).
But the former demand is certainly legitimate. I don't believe we have
a right to ever *force* anyone to listen to us.

The basic solution to this is a reputation system that associates a
`credibility' or `interest' factor to `sources' (e.g. senders, identified
by their email addresses) based on collective judgement, i.e. voting.
It is a trivial concept but one which has so far utterly eluded *everyone*
in cyberspace. It is the solution to virtually every filtering and censorship
hullaballo that erupts every few seconds at some place over Usenet, mailing
lists, and cyberspace. 

The Cypherpunks are in the best position to implement such a system. But
instead you attack the wrong end of the problem, just as everyone else
in cyberspace. Your philosophy should push you to realize the solution,
but you are blinded by the same delusions that everyone else is.

As for recent messages sent to remailers: it is true that I have been
sending many messages. Mathew Ghio has switched off his remailer until
they stop, he says. How fragile a system! How utterly fragile! 

Strive to achieve the level of resiliency of a phone system. Does the
whole network come to a halt when one crank caller gets loose? Do people
panic and scream that We're Under Attack By the Detweiler The Antichrist
when some telemarketer gets a computerized autodialer? In cyberspace,
it is the equivalent of an atom bomb. Why? Because it is an untamed
wilderness, full of petty demagogues who derive their power and get their
jollies from perpetuating this turmoil by failing to modify the 
infrastructure and adopt the attitude `our system is not so fragile
it will be destroyed by abuse'. 

Yes, that is the key: abuse of the phone system exists, but there are
established protocols for dealing with it. It is not a case of every
new `abuse' becoming an international debacle with hordes of people
screaming for blood and vengeance.

Zen saying: `man stands in his own shadow and wonders why it is dark'.

* * *

Yes, I am sending out many messages through your remailers. They are
designed to get Netcom to change what I see as oppressive policies:

1. They do not agree that their own forums are public forums. They
prohibit notes about competition and intimidate people from posting
criticism by calling them over the phone over negative posts.

2. Bruce Woodcock censored my other account for the reason that I 
borrowed a Support `signature' for satiric effect (in news.admin.policy).
On the phone he took the ridiculous position that it wasn't my stealing
the signature but `the content of the message'.

3. Bruce Woodcock at Netcom fails to make his affiliation with Netcom
clear in his messages in netcom.general. He has repeatedly browbeated
and dismissed customers in the forum. I see him as illustrative of
a problem at Netcom where the sysadmins don't really give a damn about
any individual user or customer satisfaction of individuals. And there
is *no coherent policy* about terminating accounts. 

4. Whether you realize it, when the people you don't like are censored,
your own protection from tyranny and oppression is diminished. If the
least among us is not free or has been done an injustice, then none
of us are free and we all have been done an injustice. When my account
is yanked without any consequence to Netcom, they can yank any one
of your accounts without consequence.

5. Freedom of speech does *not* exist unless you have *security*. If you
can be deprived your ability to post by anyone, anywhere, anytime, for
any reason, you do *not* have any security. `BS. I can get an account
somewhere else easy.' You are dangerously deluded in this thinking. 
Unless there are safeguards no one has any right.

6. I have deliberately gone "easy" on my output of messages to remailers.
I could easily flood them all into oblivion. But I am sending messages
at a gentle drip-drip-drip pace. They make an excellent cloud over any 
traffic analysis being done, IMHO.

7. Ultimately we are on the same side of freedom of speech and privacy. 
I have only criticized cypherpunks for hypocrisy and sinister aspects of 
your practices that seem to contradict your own adopted philosophy. If
your philosophy was openly `we are going to poison cyberspace with 
untold tentacles to manipulate puublic opinion' I might still attack you
but certainly wouldn't accuse you of hypocrisy  <g>

8. Someone remarked on my postings as `performance art'. This is my
intent. I am quite amused at people like T.C.May calling it `intense
abuse'. Hee, hee. I can imagine T.C.May going to see Star Wars and
after getting out of the movie diverting all his money into Scud
Launchers because it makes clear DARTH VADAR IS COMING!

9. Why should I lose my netcom account for vague, unspecified reasons?
I am the Oliphant, the Thomas Nast, the Mark Twain, the Doonesbury of 
Cyberspace. And I have been censored at something like 5 accounts now for my 
editorial cartoons and razor-sharp satire in cyberspace. Why? Because I am a 
perfecting this misunderstood `art of flaming and provocation to effect
social consciousness'. And every time that I am censored and no
one gives a damn, and my jugular vein is slashed in front of you all
with nary an objection (and an abundance of encouragement) it is a chip 
off of *YOUR* rights in cyberspace.

10. I am the Jew of cyberspace, kicked out of my house with my 
furniture confiscated at Netcom despite my pleadings. Yes, I had
many megabytes of private email and files that were not backed up.
And they all evaporated when someone at Netcom (gosh, I don't know
who, they only give first names) decided they didn't like my scathing
satire of Netcom in news.admin.policy. What was the procedure to
censor me? The criteria? It is as unknown as civility in cyberspace.

Cypherpunks, I continue to try to get you and the rest of the world
in cyberspace to realize you are playing with fire and gasolene. 
You don't understand the forces at play and you, through your own
actions and thoughts, are perpetuating a dangerously unstable system
when simple solutions are hair-widths away.

Why am I not implementing these so called `simple solutions' myself?
Because the basic problem is not that no one is implementing them,
it is that no one has the understanding to do so. This is a problem
of a serious mental block on the part of everyone with a brain and
a keyboard. And I am trying to break through that mental block in 
the collective consciousness of Cyberspace the only way I know how.

If you permit my messages to percolate through your remailers, your
infrastructure will be ultimately strengthened as people begin to
understand that the proper response to inflammatory anonymous email
is a disinterested "ho hum yawn" instead of erupting like Mount
Saint Helens or shaking in livid anger like the San Andreas Fault.
You complain about overreaction of outsiders to anonymous mail? It
is nothing compared to your own insane frenzies. `THE REMAILERS ARE
DYING FROM DETWEILER DAMNATION! YAAAAH'

How can you claim I am trying to sabotage your remailers? I am
immensely dependent on them. I am more dependent on them than *you*
are. I don't have a voice without them. My Nyx account would be 
censored immediately from your screeching complaints if I didn't 
post through them! I can send messages, therefore I am. I cannot post 
from my own account, therefore I am dead. Look at how you target even
innocent bystanders with postmaster-mailing-bomb campaigns without
the slightest provocation! Look at how Tim May immediately exploits
Netcom records to try to `out' me wherever I live in cyberspace?
You should be ashamed of yourselves.

Have you ever read Calvin? `Rules are for everyone else, not for me.'
`I will have the power, but no one else will.' Your grandiose philosophy 
of privacy, in practice is that `We will be bathed in the riches of privacy 
but our enemies will be robbed of it.'

I will continue to send my messages through your remailers. If you
wish to shut them down because you really believe they are a threat
to your existence, fine. But if they are, I think you should reconsider
your philosophy of anonymity in cyberspace as fundamentally impossible 
in practice. I have been *gentle* with your remailers. I haven't even
studied the Perl code for the *really* insidious holes and glitches.
Believe me, if I wanted to destroy cypherpunk remailers I would have
brought them to their knees a *long* time ago. I am trying to provide
the impetus to you to *strengthen* them. And the Netcom `electric
prod' is a way to kill two birds with one stone.

Would I spend dozens of hours writing about `Anonymity on the Internet'
if I was against it? No, your lesson to learn is that I believe in it
with such passion that I have dedicated a significant fraction of my
waking hours to promote it-- but through means that are poorly understood.

Sincerely,
L.Detweiler






From exabyte!gedora!mikej2 at uunet.uu.net  Tue Jul 19 10:11:32 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Tue, 19 Jul 94 10:11:32 PDT
Subject: Triple encryption...
In-Reply-To: <01HER66KT4XS9ASKAD@delphi.com>
Message-ID: <Pine.3.89.9407191058.A19020-0100000@gedora>




On Sat, 16 Jul 1994 uunet!delphi.com!DAVESPARKS at gedora wrote:
> Mike Johnson wrote:
> 
> > Or for the rabid, clinically paranoid:
> > 
> > 3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
> 
>  [11 iterations deleted]
> ... 
> There's always a trade-off, and you've just demonstrated one of the
> extremes.  In the final analysis, it's sort of like deciding whether to
> spend $1000 on a security system to protect a $500 car, for "security", or
> leave the doors unlocked and "hide" the ignition key under the mat for "ease
> of use".  Probably something in between makes the most sense.

Agreed.

> ...
 
> What would you like to suggest in the way of key management to make that
> "link" at least as strong as the algorithmic one?  Your point is certainly a
> valuable one, but the two aren't mutually exclusive.  That would be like
> saying that I won't buy a lock for my front door until I've first replaced
> all my windows with something more sturdy than glass.  It depends on the
> nature and source of any potential attacks.  To follow the analogy, some
> "burglars" are better at lock picking than glass-smashing.

Naturally, the two aren't mutually exclusive, but I'll not buy a vault 
door for my house unless I've got a vault to put it on.

Anyway, I think the best key management so far is the PGP web of trust 
design of Phil Zimmermann's.  I think this could be extended for other 
applications, too, like encrypted IP (swIPe?) and the like.  I've been 
trying to think of ways to extend that to private key systems, too.

Peace to you.







From jamiel at sybase.com  Tue Jul 19 10:20:01 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Tue, 19 Jul 94 10:20:01 PDT
Subject: Sue D. Nym
Message-ID: <9407191718.AB19025@ralph.sybgate.sybase.com>


At  2:57 AM 07/19/94 -0600, Kragen J. Sittler wrote:

>moderate feminist and extreme leftist political stance, a willingness
>(possibly, probably IMHO) to forward unsubstantiated libels (Ollie
                                      ^^^^^^^^^^^^^^^^^^^^^^
>North smuggling drugs?  How likely is that?), a great deal of
                         ^^^^^^^^^^^^^^^^^^^

Uh, I hope you are being ironic and I am too dense to get it.


>Kragen


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From tcmay at netcom.com  Tue Jul 19 10:25:12 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 19 Jul 94 10:25:12 PDT
Subject: Leaving the Country
In-Reply-To: <9407191352.AA07329@sten.lehman.com>
Message-ID: <199407191724.KAA20132@netcom4.netcom.com>


(If you are not interested in the topic of money laundering, using
crypto to avoid taxes, etc., hit "DELETE" now. Better this than
sending me messages telling me that the "purpose" of Cypherpunks is
discussing the latest versions of PGP 2.6ui and the like.)

Linn Stanton hit the nail on the head:

> Sandy Sandfort <sandfort at crl.com> writes:
>   > >From what Tim alludes to, I still think he is just plain wrong about how 
>   > bad things would be on him.  He's probably getting bad advice from 
>   > practicing lawyers who have a vested interest in having financial privacy 
>   > "difficult" to obtain.  (More billible hours, more fees.)  For the rest 
>   > of us who aren't retired zillionaires, though, there is plenty that can 
>   > be done.
> 
> The real problem that I see is getting legal assets out of the control and
> monitoring of the US/IRS. Especially without taking a bath in the process.
> 
> It is much easier to launder illegal assets than legal ones, and any method
> would need to handle NYSE securities to be useful.

Precisely! For those of us whose assets are already "visible," in the
form of real estate or stock or the like, the prescripions of some on
this list to "ignore them and they'll be powerless" (a paraphrase of
this scofflaw approach) is not at all persuasive.

Having been invited in to "chat" with my regional IRS officials in San
Jose on a couple of occasions, and seeing my stock broker's wonderful
computerized statements being forwarded to these same folks, I don't
hold out much hope for escaping.

Now I suppose some might say this is my fault, for not having acquired
the assets in a foreign tax haven like the Cayman Islands, or not
having lived my life by leasing my cars, only renting houses, etc.
These were not options. 

While it is certainly true than I can easily hide modest amounts of
assets, hiding large amounts is usually a one-way street. That is, the
legal and jurisdictional repercussions have to be very carefully
considered, as they can't be reversed once taken.

Maybe they exist. I'm sure some people have hidden assets from the tax
collector and still lived in the U.S. or other high tax rate states.

But I'm not at all convinced by arguments that because some people
have piled up unpaid traffic tickets, or have no assets to seize, and
are hence "judgement proof," that this helps me or anyone else in my
position (a bunch of my Silicon Valley friends, concretely enough).

I'm sure the judgement-proofing Duncan Frissell talks about has worked
for him, in his situation, but I've seen no convincing way to get from
"here" to "there" in a way that I am remotely comfortable with. And
I'd suggest that if Duncan really knows a way to do this--one that
takes into account people's _current situations_, as opposed to
suggesting that they should have chosen a different path in the
past--then he should have no problem earning a million dollars a year
as a tax consultant.

Not having had the pleasure of meeting Duncan, I can't judge whether
he's now earning rates like this. (If so, congratulations--and give me a
call and I'll hire you. If not, why not?)


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From SADLER_C at HOSP.STANFORD.EDU  Tue Jul 19 10:28:09 1994
From: SADLER_C at HOSP.STANFORD.EDU (Connie Sadler (415)725-7703)
Date: Tue, 19 Jul 94 10:28:09 PDT
Subject: Come On
Message-ID: <01HEVY8UMCCK00156P@MR.STANFORD.EDU>



Subject: Come On
From: "Connie Sadler"@MR.STANFORD.EDU
Date: Tue, 19 Jul 1994 17:04:00 PDT
A1-type: DOCUMENT
Posting-date: Tue, 19 Jul 1994 07:00:00 PDT



On Tue, 19 Jul 1994 jdblair at nextsrv.cas.muohio.EDU wrote:
and BERZERK responds:
>>
>> 6) Oh yeah, the women are unable to do anything except talk on the phone,
>> get into catfights, give men blowjobs, and kill people by accident.  The

>I liked that part.:-)

>> If anyone has a good monkeywrench, send it my way.
>Hehehhehehehehheheheheh.

>Berzerk, Green Libertarian

My first post, although I've been *listening* for some time now. I'm all for 
privacy and private encryption, and am learning a lot from this list - just 
installed PGP on two platforms and am learning how to use it. I agree that 
there are very few women involved - is this an all boys club? I assume not, 
but have to say I find lines like the above very offensive/non-professional. 
I won't let it stop me from continuing on, but what's the point? I really 
don't get it.

CS - 





From mspellman at cix.compulink.co.uk  Tue Jul 19 10:41:46 1994
From: mspellman at cix.compulink.co.uk (Martin Spellman)
Date: Tue, 19 Jul 94 10:41:46 PDT
Subject: Detweiler: other lives
Message-ID: <memo.699442@cix.compulink.co.uk>


To:Cypherpunks at toad.com

Robert Hettinga  (rah at shipwright.com) asked:
> On the other hand, how old is this guy? 12? I mean what do we really
> knowabout him? Do these archives have anything on him besides his spam
> and theresultant fusilades?  Has anyone actually met him? Not that I'd
> like to, Iguess...
> 
> I'm curious about this guy for no legitmate reason. He just seems
> bright,and he must have done some crypto once. He is listed as a
> contributor on mycopy MacPGP, for instance, and before he started
> spamming it, his posts toimp-interest could make sense on occasion. 

It may (or may not) be of interest but Larry Detweiler is keeper of the 
Internet Writer Resource Guide - the FAQ on writing groups.
There was also a minor character called Lord Detweiler in a Jack Vance 
story.alt.netloons.pita anyone?

Martin Spellman

<mspellman at cix.compulink.co.uk>






From perry at imsi.com  Tue Jul 19 10:45:32 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 19 Jul 94 10:45:32 PDT
Subject: the Cypherpunk and the Shadow
In-Reply-To: <199407191707.KAA09373@netcom6.netcom.com>
Message-ID: <9407191744.AA01454@snark.imsi.com>



catalyst-remailer at netcom.com says:
> L.Detweiler here. I'm extremely hurt by Hal Finney's recent accusations
> that I am trying to `sabotage' remailers.

Cut the crap, Detweiler. No one believes you any more. You lie like a
cheap rug.

> Where are the reputation systems that some Cypherpunks have talked about? 

Reputation systems in people's brains are up and functioning as we
speak. For example, your reputation right now is mud.

> 9. Why should I lose my netcom account for vague, unspecified reasons?

Because Netcom is a private organization, and should have the right to
kick annoying jerks off just for being themselves if they feel like
it.

Free speech is a right. Free printing presses are not. You have the
right to say anything you like, but not to use other people's
resources to do it if they, for any arbitrary reason at all, decide
they don't want you to.

Perry





From tcmay at netcom.com  Tue Jul 19 10:52:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 19 Jul 94 10:52:30 PDT
Subject: GUT and P=NP
In-Reply-To: <9407191429.AA02051@vendela.ma.utexas.edu>
Message-ID: <199407191751.KAA23246@netcom4.netcom.com>



> (flashing mathematical credentials)

Who cares? I mean, really?

> Okay, I was hoping this would die quietly, but sinces it isn't....
> 
> GUT is a physical theory.  If true, it is believed, it would be possible to
> manufacture a computer which excedes a Turing machine in several important
> ways.  In particular, it is believed that a "quantum computer" could perform
> certain NP tasks (factoring) in P time.

Nope. A physical theory says nothing about this kind of stuff. It
might, but it doesn't have to, which is the key issue. Suppose, for
example, that the GUT (Grand Unified Theory) was Newtonian physics. Or
Einsteinian GR. What could this possibly say about proving that P =
NP?

If the Really Truly Basic Unified Theory (RTBUT) is that subquark
partons are scattering like billiard balls on a cosmic pool table,
what could this possibly imply for theories of P = NP? Knowing that
billiard ball physics is the RTBUT doesn't allow us to build computers
that are really different from today's computers. Fact of life.

Finding a solution to the shortest route between 50 cities is beyond
current computer capabilitie, by many, many orders of magnitude. Doing
it for 100 cities, or 10,000 cities, or as N increases further, will
not made simple just because we learn in the year 2014 that gluons are
made up of dentons and bound charmicles, all interacting via aptical
foddering.

Eric Hughes gave a mathematical perspective on this, I'm just giving a
physics perspective.

(Invoking quantum mechanics is something I'm avoiding discussing here,
because it confuses things and may not be ultimately part of a GUT,
logically. That's why I considered the less confusing example in which
the RTBUT involved billiard ball scattering of sub-gluon or whatever
particles. This GUT or RTBUT would _still_ not imply P = NP.)

Another way to put it, there is no evidence, despite some speculation
by Peter Shor, David Deutsch, Roger Penrose, and others, that any new
theories of physics will allow "Super-Turing machines" to be built. In
fact, most physicists discount this kind of speculation. 

Some of the work would need arbitrarily precise physical measurements,
a situation not found in the real world....fits nicely with Eric's
point about measuring the "reals"...real numbers in some sense have
"infinite logical depth" and cannot be computed by any computer
operating on discrete symbols....Smale at Berkeley has worked on the
implications of building Turing machines with reals as the elements,
and, indeed, amazing things happen, such as P = NP. But no such
computer will be built in our universe, no matter what particles come
flying out of the Super Duper Collider Looper.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From nelson at crynwr.com  Tue Jul 19 10:55:58 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Tue, 19 Jul 94 10:55:58 PDT
Subject: Federal Control of Financial Transactions
In-Reply-To: <199407191625.MAA16624@zork.tiac.net>
Message-ID: <m0qQJTY-000IBeC@crynwr.com>


   Date: Tue, 19 Jul 1994 12:31:56 -0500
   From: rah at shipwright.com (Robert Hettinga)

   At  8:53 AM 7/19/94 -0400, Duncan Frissell wrote:

   >Inefficient government monopolies create marvelous profit opportunities for
   >markets to arbitrage the gap between cost and price.  In a highly efficient
   >networked world, it will be very difficult for governments to compete.

   Yeah. What he said.  Arachno-Capitalism, anyone?

Sure.  It goes right along with PGP's web of trust.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From rfb at lehman.com  Tue Jul 19 11:00:42 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Tue, 19 Jul 94 11:00:42 PDT
Subject: Nat'l ID # ?
In-Reply-To: <9407191526.AA20126@tis.com>
Message-ID: <9407191759.AA21824@fnord.lehman.com>


    Date: Tue, 19 Jul 94 11:26:09 EDT
    From: Carl Ellison <cme at tis.com>

    It strikes me as anachronistic to worry about national ID numbers for
    privacy reasons.  With data processing of the 1950's

    . . .

    None of this requires a national ID card.

But, nothing prevents you from acting on an individual level to make
this the info gatherers job more difficult.  There is plenty of reason
to believe that effective strategies exist for keeping such data bases
inaccurate.

When such things have the force of law behind them, they are more
worrisome.  Making the info gatherers job more difficult is
potentially a harder task and even attempting to inject bogus data
could be criminally penalized.

			Rick





From nelson at crynwr.com  Tue Jul 19 11:26:27 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Tue, 19 Jul 94 11:26:27 PDT
Subject: Reputation
In-Reply-To: <199407191751.KAA23246@netcom4.netcom.com>
Message-ID: <m0qQJwf-000IBeC@crynwr.com>


   From: tcmay at netcom.com (Timothy C. May)
   Date: Tue, 19 Jul 1994 10:51:42 -0700 (PDT)

   > (flashing mathematical credentials)

   Who cares? I mean, really?

Because credentials are portable reputation.  A college is not a place
of higher learning, it's a reputation-granting institution.  A college
degree is no more valuable than the reputation it grants to you.  And,
once you establish your own reputation (as I have in my field), a
college degree becomes moot.  I wish colleges understood that.  I wish
students understood that.

This leads me to wonder how encryption helps make portable
reputations?  Can it even?

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From cme at tis.com  Tue Jul 19 11:30:14 1994
From: cme at tis.com (Carl Ellison)
Date: Tue, 19 Jul 94 11:30:14 PDT
Subject: Cypherpunks & math
In-Reply-To: <Pine.3.89.9407191010.A2415-0100000@zoom.bga.com>
Message-ID: <9407191829.AA07796@tis.com>


BS in math -- algebra2 plus
not on your chart





From Ben.Goren at asu.edu  Tue Jul 19 11:31:00 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Tue, 19 Jul 94 11:31:00 PDT
Subject: Come On
Message-ID: <aa51c9140402101e3873@[129.219.97.131]>


At 5:15 PM 7/19/94, Connie Sadler (415)725-7703 wrote:
>On Tue, 19 Jul 1994 jdblair at nextsrv.cas.muohio.EDU wrote:
>[. . .] I find lines like the above [about the women in "True Lies] very
>offensive/non-professional. I won't let it stop me from continuing on, but
>what's the point? I really don't get it.

Neither do I.

Connie's right, guys. How can saying that you like women whose best skills
are oral sex and who are so klutzy that they kill people accidently do
anything to promote civil rights through cryptography? At the least, please
be a little more clear with your sarcasm; otherwise, you're just
re-inforcing the "harmless guy-stuff" that leads directly to rape and
wife-battering.

Drunk driving used to be given a wink and a nod, and now drunk drivers rate
somewhere near lawyers. Let's do the same for women, and promote
cryptography at the same time by getting back on topic.

>CS -

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From solman at MIT.EDU  Tue Jul 19 11:32:40 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Tue, 19 Jul 94 11:32:40 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407191650.AA02589@netmail2.microsoft.com>
Message-ID: <9407191831.AA24540@ua.MIT.EDU>


> I am claiming that your technique:
> 
> 	P0, P1, P2, ... Pn = S_KS(P)
> 
> 	C0 = E_K0(P0)
> 	C1 = E_K1(P1)
> 	C2 = E_K2(P2)
> 	.   .   .
> 	Cn = E_Kn(Pn)
> 
> Can be decomposed into parallel double encryptions, and is therefore just
> as vulnerable to a meet-in-the-middle attack as double DES (or more so,
> if your splitting algorithm is less secure than DES).

We thus far agree. Vulnerability is dependent on splitting it into
parallel problems.

> NB:  When I use
> the term "double encryption" here, I am not referring to your use of DES
> multiple times after the split; I am referring to the splitting itself as
> the first encryption, and the DES as the second encryption.

AH! I hadn't been looking at it that way. I wish I had thought of it like
that. You are then quite correct that meet-in-the-middle attacks can be
done, but the key to the first encryption (the hashing multiplex) is 112
bits (for the split into two parts version) which would require 2^112
stored messages, substantially more than could possibly be stored by
anybody ever (well, I guess ever is a bad word to use in this context). 

> Let us define the function Sx_KS(P) as the portion of the splitting
> algorithm which produces Px:
> 
> 	P0 = S0_KS(P)
> 	P1 = S1_KS(P)
> 	.   .   .
> 
> We now have a parallel set of double encryptions as follows:
> 
> 	P0 = S0_KS(P)
> 	C0 = E_K0(P0)
> 
> 	P1 = S1_KS(P)
> 	C1 = E_K1(P1)
> 
> 	.   .   .
> 
> Each of these double encryptions is vulnerable to a known-plaintext
> meet-in-the-middle attack from P to Cx.

When I am multiplexing based just on the hash of the keys and not
hash followed by negated hash, the cryptanalyst does not know how
to derive Ci (i=1...n) from C. This is even more true if I interleave
the cipher texts instead of sending them one after the other (which makes
more sense if I am doing them in parallel anyway). Of course this only
increases security by a few powers of two (about n-2 where the length of
the hash is 2^n and we constrain the keys slightly to avoid lopsided
splits) if the opponent has the memory available to do a meet in the middle 
attack for n=2. For n=4 this increased security becomes substantial
however. (Combinations of numbers that add up to the size of the hash as
constrained by the binomial distribution and splits that the program
determines to be acceptable.) It is still far less security than is
provided by the rest of the algorithm, however. So I suppose I should
consider this to negligible (even if it is around 2^10) and concede the
point.

> >I think that multiplexing based on the hash of the concatenated keys
> >is as secure as the one way hash function is, no?

> In my above argument, I assumed a splitting key which is completely
> independent of the DES keys.  This will be more secure than a splitting
> key which is *any* function of the DES keys, since it increases the size
> of the keyspace.

Certainly, but I figure that if using the hash of the keys stands up, then
the stronger totally seperate version certainly will.

> >> the security of this scheme is significantly less
> >> than that of triple DES.
> 
> >Well I don't believe that this is the case,
> 
> Perhaps you do now?

Your point is unquestionably valid, but I still believe that the security
of the scheme, even when just splitting into two parts and using the hash
of the keys to multiplex the split, is much worse (by more than a couple
of factors of two) than DES.

I suppose I have merely created a new hash based symetric cipher. I will
have to look up the other hash based symetric ciphers and see how they
compare.
 
> >but there is one way to find out
> >:). I believe that for messages longer than a couple of K, my algorithm
> >provides substantially more security than its DES analog and is quicker.
> >I'll write up a version of this that splits into 4 parts and post it here
> >some time over the next week. I think that splitting into four parts should
> >be about as quick as double DES while providing substantially more security
> >than triple DES (which I will time it against).
> 
> If you still maintain this position, then either you have not understood my
> argument above, or I seriously misunderstand your algorithm.  If you have
> not yet been convinced that you have not eliminated the meet-in-the-middle
> attack as triple encryption does, then I welcome your algorithm in code, so
> that I may see if I am missing something fundamental in your approach.

I don't think that meet in the middle attacks are relevant because nobody
has 2^112 memory. Its just alot. Schneier claims that at 128 bits there
probably isn't enough matter in the universe to meet an algorithm using
IDEA in the middle. I would say that 112 bits is nearly as solid a line of
defense.





From jbotz at orixa.mtholyoke.edu  Tue Jul 19 11:33:22 1994
From: jbotz at orixa.mtholyoke.edu (Jurgen Botz)
Date: Tue, 19 Jul 94 11:33:22 PDT
Subject: GUT and P=NP
In-Reply-To: <199407190029.AA07438@world.std.com>
Message-ID: <199407191832.OAA29502@orixa.mtholyoke.edu>


Ken Kirksey wrote:
> I was reading Hawking's _Black Holes & Baby Universes_ and an interesting
> question struck me:  If a Grand Unified Theory exists, would it not 
> prove P=NP to be true?

No.  For a couple of good arguments for this answer read the
``Mathematical Recreations'' column in the latest SciAm.  (Or 
maybe it was last month's).





From patrick at CS.MsState.Edu  Tue Jul 19 11:42:53 1994
From: patrick at CS.MsState.Edu (Patrick G. Bridges)
Date: Tue, 19 Jul 94 11:42:53 PDT
Subject: the Cypherpunk and the Shadow
In-Reply-To: <199407191707.KAA09373@netcom6.netcom.com>
Message-ID: <9407191842.AA24339@Walt.CS.MsState.Edu>


Geez... When you guys said net.loon, you weren't just whistlin' Dixie...
Wow...






From rah at shipwright.com  Tue Jul 19 11:46:52 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 19 Jul 94 11:46:52 PDT
Subject: GUT and P=NP
Message-ID: <199407191842.OAA19431@zork.tiac.net>


(flashing philosophical credentials) :-P

All this stuff about existing in mind and existing in reality reminds me of
St. Anselm's proof of the existence of god (Hettinga's Hashed Layman's
Version 1.0(tm)):

1. Conceive of perfection.
2. You have just demonstrated that perfection can exist in mind.
3. It is more perfect to exist in mind and in reality
   than to exist solely in mind.
4. Define god as perfection.
5. Therefore god exists.

Now this Midieval brainbuster was pretty much beat to death sometime in the
Enlightment, though somebody respectable in the late 19th century (Frege?)
liked it a lot...

This GUT and P=NP thing smells awfully like scholastic bickering, don't ya
think?

Just my (unmathematical) opinion...


Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From tcmay at netcom.com  Tue Jul 19 11:51:02 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 19 Jul 94 11:51:02 PDT
Subject: Nat'l ID # ?
In-Reply-To: <9407191526.AA20126@tis.com>
Message-ID: <199407191850.LAA29869@netcom4.netcom.com>


Carl Ellison writes:

> It strikes me as anachronistic to worry about national ID numbers for
> privacy reasons.  With data processing of the 1950's, someone would have
> needed a single index number in order to gather all records about me into
> one place.  With today's excess computing power, there's no problem doing a
> kind of fuzzy fill algorithm -- find all my various numbers, record links
> between them and therefore equate them

My main concern with a "national ID card" is that it will be mandatory
to carry, mandatory to use in various financial transactions (where
showing ID is not presently required), and required for interactions
with various government agencies.

This would be far worse than the current mishmosh of various state
driver's licenses (most of which currently lack mag stripes, barcodes,
etc.) and other slips of paper. While I agree that the numbers from
such cards are correlatable--and are, by the credit card companies,
the credit rating triopoly, etc.--this correlation would be
dramatically easier if a machine-readable card was required for
interactions now handled without such cards.

The government has explicitly stated that a goal of EES is to drive
out competing forms of encryption by market methods (I think the
market method for Clipper will fail, but that's another discussion).
The same could be said for a national ID card.

It would be so "painless" for other card-issuing agencies (DMV, VISA,
MCI, etc.) to simply "piggyback" on the government's smart card.
Voila! One card, total traceability of all transactions. And
movements. And hotels stayed in. And ammunition bought. And so on.

David Chaum correctly focussed on this chilling issue in his 1985
paper, "Transactions Systems to Make Big Brother Obsolete" (the paper
has had various titles, as he refined the ideas...).

Chaum's work on selectively-disclosing credentials deserves more
attention than it's getting. That nobody in the "card business" is
working on this stuff pretty much tells us we ain't gonna have it as
an option.

Bear in mind that under the current system, I don't have to carry
identification (a raging civil liberties debate, but the conclusions I
draw are that cops may ask for ID, but rarely will anyone spend time
in jail for not carrying ID...and since I don't speak broken English
and look Mexican, I'm not likely to be bussed into Tijuana and
dumped).

I also don't have to carry credit cards.

The only "required" card I have is my driver's license (and my
passport, should I wish to leave and reenter....and at the Mexican
border I've never even needed that).

I don't want this to change. I don't want a mandated ID card, then
usable by default by all the other card-issuers, or tied to car
registration, tax filing, visits to emergency rooms, jury duty, etc.

That's why a national ID card is, in my opinion, much worse than the
current mishmosh of cards and permission slips.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hayden at vorlon.mankato.msus.edu  Tue Jul 19 11:52:27 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Tue, 19 Jul 94 11:52:27 PDT
Subject: Come On
In-Reply-To: <aa51c9140402101e3873@[129.219.97.131]>
Message-ID: <Pine.3.89.9407191312.A190-0100000@vorlon.mankato.msus.edu>


On Tue, 19 Jul 1994 Ben.Goren at asu.edu wrote:

> Drunk driving used to be given a wink and a nod, and now drunk drivers rate
> somewhere near lawyers. Let's do the same for women, and promote
> cryptography at the same time by getting back on topic.

Associate women with lawyers?  That's insulting to women :-)

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**







From mab at research.att.com  Tue Jul 19 11:56:32 1994
From: mab at research.att.com (Matt Blaze)
Date: Tue, 19 Jul 94 11:56:32 PDT
Subject: CFS 1.1.0 now available
Message-ID: <9407191845.AA08328@big.info.att.com>


A new release of CFS, my encrypting file system for Unix-ish platforms,
is now available,  This version includes a number of bug fixes and ports
to new platforms, reasonably friendly hooks for adding new ciphers, and an
online 3-DES mode.  Details in the announcement attached below.

-matt

=================================================================
Source code for version 1.1 of CFS, the Cryptographic File System, is
now available upon request for research and experimental use in the US
and Canada.

CFS pushes encryption services into the Unix(tm) file system.  It
supports secure storage at the system level through a standard Unix
file system interface to encrypted files.  Users associate a
cryptographic key with the directories they wish to protect.  Files in
these directories (as well as their pathname components) are
transparently encrypted and decrypted with the specified key without
further user intervention; cleartext is never stored on a disk or sent
to a remote file server.  CFS employs a novel combination of DES
stream and codebook cipher modes to provide high security with good
performance on a modern workstation.  CFS can use any available file
system for its underlying storage without modification, including
remote file servers such as NFS.  System management functions, such as
file backup, work in a normal manner and without knowledge of the key.

CFS runs under SunOS and several other BSD-derived systems with NFS.
It is implemented entirely at user level, as a local NFS server
running on the client machine's "loopback" interface.  It consists of
about 5000 lines of code and supporting documentation.  You must have
"root" access to install CFS.

CFS was first mentioned at the work-in-progress session at the Winter
'93 USENIX Conference and was more fully detailed in:

    Matt Blaze, "A Cryptographic File System for Unix", Proc. 1st ACM
    Conference on Computer and Communications Security, Fairfax, VA,
    November 1993. (PostScript available by anonymous ftp from
    research.att.com in the file dist/mab/cfs.ps.)

The version being released differs from the version described in the
paper in a few ways:

* The encryption scheme has been strengthened, and now provides
approximately the security of 3-DES with the online latency of only
single-DES.

* Support for the smartcard-based key management system is not
included.

* A few of the tools are not included (in particular, cname and ccat).

* The performance has been improved.

* The security of the system against certain non-cryptanalytic attacks
has been improved somewhat. 

New features in CFS 1.1 include:

* User-contributed ports to a number of additional platforms.

* Better hooks for adding new ciphers.

* 3-DES encryption option.

CFS is being distributed as a research prototype; it is COMPLETELY
UNSUPPORTED software.  No warranty of any kind is provided.  We will
not be responsible if the system deletes all your files and emails the
cleartext directly to the NSA or your mother.  Also, we do not have
the resources to port the software to other platforms, although you
are welcome to do this yourself.  The software was developed under
SunOS and BSDI, and there are also unsupported user-contributed ports
available for AIX, HP/UX, Irix, Linux, Solaris and Ultrix.  We really
can't promise to provide any technical support at all, beyond the
source code itself.  We also maintain a mailing list for CFS users and
developers; subscription information is included with the source code.

Because of export restrictions on cryptographic software, we are only
able to make the software available within the US and Canada to US and
Canadian citizens and permanent residents.  Unfortunately, we cannot
make it available for general anonymous ftp or other uncontrolled
access, nor can we allow others to do so.  Sorry.

Legal stuff from the README file:

 *              Copyright (c) 1992, 1993, 1994 by AT&T.
 * Permission to use, copy, and modify this software without fee
 * is hereby granted, provided that this entire notice is included in
 * all copies of any software which is or includes a copy or
 * modification of this software and in all copies of the supporting
 * documentation for such software.
 *
 * This software is subject to United States export controls.  You may
 * not export it, in whole or in part, or cause or allow such export,
 * through act or omission, without prior authorization from the United
 * States government and written permission from AT&T.  In particular,
 * you may not make any part of this software available for general or
 * unrestricted distribution to others, nor may you disclose this software
 * to persons other than citizens and permanent residents of the United
 * States and Canada. 
 *
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
 * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.

If you would like a copy of the CFS source code, please send email to:

	cfs at research.att.com

DO NOT REPLY DIRECTLY TO THIS MESSAGE.  Be sure to include a statement
that you are in the US or Canada, are a citizen or permanent resident
of the US or Canada, and have read and understand the license
conditions stated above.  Also include an email address in a US or
Canada-registered domain. The code will be sent to you via email in a
uuencoded compressed tarfile.





From tcmay at netcom.com  Tue Jul 19 12:07:32 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 19 Jul 94 12:07:32 PDT
Subject: "But this is not really related to crypto, so...."
In-Reply-To: <199407191842.OAA19431@zork.tiac.net>
Message-ID: <199407191907.MAA01420@netcom4.netcom.com>


Since Robert Hettinga specifically addressed his post to me, I presume
he had me in mind when he wrote:

> (flashing philosophical credentials) :-P
> 
> 
> This GUT and P=NP thing smells awfully like scholastic bickering, don't ya
> think?

Look, I'm fed up with people giving advice on how such-and-such a
topic is "far afield" form what they want to hear about.

I'm especially unamused by folks (not Robert H., by the way) writing
up a long post and then ending with a statement to the effect "But
this is really not a crypto subject, so I suggest we not discuss this
further."!!

Translation: "I just wrote two pages on this, but I want the last
word."

I mean no insult by this...at least one of the frequent offenders here
I also count as my friend. Im just pointing out the absurdity of it.
If one thinks a topic is unimportant to the topics at hand, DON'T
COMMENT!

Equally absurd are all the anti-Detweiler posts, which simply gives
him the attention from us he craves so much. (Even this post will. But
then I'm not writing "Can't we just stop talking about Detweiler?"
posts, unless this is counted as such, ironically.)

What I'm saying is this:

* if a topic bores you, delete it, or filter it. 

* but don't moralize about it as being "off-topic," when it clearly is
"on-topic' to some people--the house of Cypherpunks has many rooms.

* especially don't be so nervy as to write a long rebuttal to some
post and then end with a suggestion that no further discussion is
needed.

That's what I have to say. And having said it, may I suggest that this
is not really a crypto issue, and hence could you all just take my
words as the last ones on this subject? (:-} for the smiley-impaired)

----Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From blancw at microsoft.com  Tue Jul 19 12:18:15 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 19 Jul 94 12:18:15 PDT
Subject: Federal Control of Financial Transactions
Message-ID: <9407191918.AA12833@netmail2.microsoft.com>


Some comments on Duncan's post:

All of the arguments which he proposes against reasons why the 
government can't succeed are true and accurate; however, it is one of 
those things where "you know and I know, but *they* don't know"......

The examples which you relate of government failures from inefficiency, 
etc. have been proven time and again in history, but in that case why 
does history keep repeating itself, in slightly different variations.

"......why doesn't Clinton impose wage and price controls, exchange controls,
tariffs, and a full-blown industrial policy?"

If he can succeed in implementing the Health Plan, and if the National 
ID were accepted, that would probably next on his agenda (if he were to 
be re-elected  [2 more years]).
One saving grace from all the discussions which are going on of the 
above projects is that they presently are just discussions, and if they 
could just be kept discussing these things, none of them will ever be 
accomplished.  By the time the discussions are finished, everyone will 
have version 10.x of every computer app and all companies will be "virtual".

Blanc






From berzerk at xmission.xmission.com  Tue Jul 19 12:21:29 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 19 Jul 94 12:21:29 PDT
Subject: Come On
In-Reply-To: <01HEVY8UMCCK00156P@MR.STANFORD.EDU>
Message-ID: <Pine.3.89.9407191353.A8844-0100000@xmission>


Hey, my comment about likeing that part was just offhand, was "guy stuff" 
and "non-pc" and supporting something crude.

I am not sorry.  I liked it.

If it had been a bumbleing and incompentent male lover who gave good snugle, 
as in le-fem nakita, I would have liked it even more(hey, I did:-)

I am sorry if I can't be myself around some people here.

I would like to ask those who objected to my comments about this to 
comment about that movie(if you have seen it).  It would seem most 
liberal people I know said it was beautiful.  Why did they not criticize 
the weak man in this film?  Are your standards different, or would you 
apply this to that film also.

Roger, who is not ashamed to be a guy.
*******
Anyone ever made a titanium bullet?(before the prohabition or with the 
proper govt. approval, of cource)



From support at netcom.com  Tue Jul 19 12:27:17 1994
From: support at netcom.com (Netcom Support)
Date: Tue, 19 Jul 94 12:27:17 PDT
Subject: ATTENTION: OPERATION `WOODCOCK BLUDGEON' WILL COMMENCE SHORTLY
In-Reply-To: <199407151823.LAA01327@netcom9.netcom.com>
Message-ID: <199407190630.XAA25705@mail.netcom.com>


catalyst-remailer writes:
> From catalyst Fri Jul 15 11:24:08 1994
> Return-Path: <catalyst>
> Received: by netcom.com (8.6.8.1/SMI-4.1/Netcom)
> 	id LAA01327; Fri, 15 Jul 1994 11:23:56 -0700
> Date: Fri, 15 Jul 1994 11:23:56 -0700
> Message-Id: <199407151823.LAA01327 at netcom9.netcom.com>
> To: support at netcom.com, sterling at netcom.com, tmp at netcom.com,
>         cypherpunks at toad.com, alt.censorship.usenet at decwrl.com,
>         alt.flame.net-cops at news.demon.co.uk
> From: catalyst-remailer
> Remailed-By: Remailer <catalyst-remailer at netcom.com>
> Comment: This message is NOT from the address on the 'From:' line; it is from an anonymous remailing service.  Please report problem mail to catalyst at netcom.com.
> Subject: ATTENTION: OPERATION `WOODCOCK BLUDGEON' WILL COMMENCE SHORTLY
> Organization: CRAM
> 
> To Whom It May Concern:

So, what's the deal behind this?

___________________________________________________________________________
Support                                                  support at netcom.com
Technical Support Staff               NETCOM On-line Communication Services 




From nym at netcom.com  Tue Jul 19 12:31:39 1994
From: nym at netcom.com (Sue D. Nym)
Date: Tue, 19 Jul 94 12:31:39 PDT
Subject: Federal Control of Financial Transactions
In-Reply-To: <199407191254.AA11524@panix.com>
Message-ID: <199407191928.MAA10224@netcom12.netcom.com>



OK, I will try a new tact of replying to an *existing* message
so no one can accuse me of being off charter.

frissell at panix.com (Duncan Frissell)
>The major concern is the same one mentioned in the Book of Revelations:
>
>"REV 13:16  And he causeth all, both small and great, rich and poor, free 
>and bond, to receive a mark in their right hand, or in their foreheads:
>
>REV 13:17  And that no man might buy or sell, save he that had the mark, 
>or the name of the beast, or the number of his name."

I have been reading some fascinating interpretations of these and 
other prophecies lately. Some interpretations that impress me deeply
claim that the Antichrist ("Beast") will use the international 
communications infrastructure in exactly the way that Duncan is 
implying: enforced identity on all participants to participate in
economic transactions. And he will "cut off" the nations that don't 
participate in his deification. How? Apparently, from what I can
figure, seizing satellite communications control.

Something struck me about Duncan's next comment, though:

>So the Feds deploy a card (smart or dumb) that has to be used for most
>transactions and lets them track everything we do.  Tourists are brought
>into the system through the use of temporary cards (or the machine-readable
>strip on their passports which already includes a space for a national ID
>number.)

Actually, cypherpunks, I am going to become a human lighting rod 
and propose the following (I just haven't received enough eyeball-melting
flames today yet). I think your cause for privacy would actually be
*advanced* by promoting an ID *card* under the following condition:

Anyone can obtain as many ID cards as they want. The *individual* can
maintain the connection that "This is my card". But the government
cannot draw the conclusion "This card belongs to so-and-so". From 
what I can figure, some of your technology like remailers and
codes might be able to support such a scheme (maybe some of the hard
core genious could expound on this).

Now, suppose that the government did all its taxes through the use
of the cards, instead of through *individuals* (as is the case with
the current income tax system). That is, they might tax transactions
on the cards slightly.

The point I want to get at is that one can have a system that supports
"identity-related" transactions without actually allowing the government
to trace to a given identity. The absolute worst case scenario I agree
is as described in the Revelations--having an "identity stamp" on your
forehead or something. But note that the correspondence between humans
and cards is wholly unrestrained. 

Before you accuse me of heresy, consider the system of email address
privacy that was championed earlier by Perry Metzger: you can get any 
account on any system with any alias, and this protects you from people
tracing you. And you can use the system. Would it be an OK compromise
if a government was set up under the same system? I.e. you can get any
cards you want, and you can "use the system", but the government can
never trace you?

I see discussions about tax avoidance and I wonder if people are really
trying to just avoid taxes through privacy. This I think is a very 
dangerous possibility. It seems to me  that governments
have been around as long as people have and while it can get dangerous or
oppressive with some variations of them, it can also get extremely
dangerous *without* them. Do you want privacy, i.e. the government
does not know who you are, but you still participate in a social
system with government? Or do you just want to get rid of governments,
and use "privacy" as the reason? Yikes.

I agree that there is a possibility of a police state using identity 
"stamps" in a negative way. It allows them to correlate activities 
with people and target them. But if they cannot trace people, 
as would be the case with "multiple cards", do they really have any 
power over you? It seems like it could work to me.

It seems to me the real danger is correlating business activities with
individuals, not necessarily so much that those activities
are taxed. Imagine a system like we have today, where you can have
credit cards without actually revealing your identity to anyone.
What if we had credit cards with all kinds of different "names"
(IDs) and could pay the bank secretly? That would be a system
that supported privacy but also supported the ability to interact in
an economy.

I think some attempt should be made to discriminate between 
mere "cards" for transactions that don't enforce identity but still
allow transactions, vs. the requirement that transactions be
traceable to particular human "vessels" (i.e., the Stamp of the Beast).

>Clipper and the Post Office agitprop on the US Card give us a possible
>scenario.  The P.O., desperate to find a reason to exist as its core
>business drains away to the wires and private carriers, would like to become
>the primary digital signature authorizers for the U.S. 

But what if these signatures were not signatures in the sense today of
a one-to-one correspondence of people to signatures, but the indirect
relationship of people-to-email addresses? Wouldn't we want to *encourage*
such a system? I keep seeing this stuff about "digital signatures"--
if people want them, wouldn't you be in favor of getting a strong system
together? Maybe you should consider *supporting* the Post Office proposal
if you can twist in the favor of *privacy*, i.e. allowing anyone to
have multiple signatures as a basic prerequisite of the infrastructure.
Here is an opportunity to impose the Cypherpunk vision of privacy in
the real world, but instead you lambaste it.

>Similarly, the government might try to preempt the market for digital
>signature and commercial encryption technology by deciding to make anyone
>who wants to use a digital signature system in dealings with the government
>use the Post Office or some such agency as the signature authenticator.

Would this necessarily be a "bad thing" if it supported "fluidity of
identity" that I refer to? (Can't remember where I found that phrase;
apologies to whoever invented it.) In fact, wouldn't it be an extremely 
"good thing" for the cause of privacy to have your ideas implemented
in a massive, conservative (and therefore *entrenched*) bureacracy?

>Thus, all sorts of authentication transactions would pass through the
>powerful and efficient post office data network and the
>ex-countercultural/born-again control freaks Inside the Beltway could get
>their jollies tracking your employment and purchases.

Again, if the system allowed "fluidity" it would be FANTASTIC IMHO.

>Assuming that the government were to attempt to establish a Post Office
>mediated digital authentication system, there is no guarantee that it would
>work. 

There is no guarantee that *any* system will *ever* work. But it seems
to me there is an "authentication vacuum" in cyberspace. If you can't
find *something* to support, something you *don't* support will 
inevitably fill the vacuum. By criticizing the *reasonable* approaches
as Orwellian, you may leave no choice but the Orwellian ones.

---

"Someone" on "True Lies"
>6) Oh yeah, the women are unable to do anything except talk on the phone,
>get into catfights, give men blowjobs, and kill people by accident.  The
>only female villain is clever, but the screenplay is sure to point out
>that she has not principle other than the dollar (or yen, pound, mark,
>etc).  This is a very male film, even without getting into that old 60's
>cliche about missiles being penis extensions. 

ug. 

---

>Some words to "Sue":  If you have, in fact, been the subject of stalking,
>physical, net, or cyber, please accept my appologies on behalf of all
>honorable males for failing to properly limit the number/range of these
>monsters.

Well, I do not appreciate threats in my mailbox such as "Go away--I'm not
as gentle as Perry Metzger". I can't believe how torqued-up all you guys
are. This mailing list is like a firing range.

People, you may successfully get me to lose this account for no reason.
I hear that Netcom has an itchy "trigger finger" and frankly, no one
cares if anyone else loses a computer account. And some people have the
audacity to call this "freedom of speech". What could be better?

Just delete my messages if you find them irrelevant. Please, stop
bringing all of mankind's strife with you into cyberspace. It is a
"new baby" that is being stabbed with the sharp knives of your 
paranoia and hatred. I for one refuse to be intimidated by barbarians
in cyberspace.

You who say it is no big deal when an account is yanked, at that
the provider should always have the perogative to do this--do
you think this will ever happen on a global level? What if the 
provider of [x] satellite decides he doesn't like you? Your ideas
do not scale well. In fact, they scale disastrously. IMHO every
account that is yanked is another brick in the wall of the Antichrist's.
It encourages the "ho hum" attitude when a great injustice has
taken place. It is a subtle vice-press encroachment of liberty 
that happened in Nazi Germany as no one was looking--or, as everyone
was.

"Can we change the future"? It may be that in attempting to bring 
about a desired situation of suppressing the Beast we are actually 
playing into his goals. How can we know what to do? Well, for one, 
it seems to me that negative emotions like paranoia and revenge play 
into evil ploys.

bye
nym





From greg at ideath.goldenbear.com  Tue Jul 19 12:33:28 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Tue, 19 Jul 94 12:33:28 PDT
Subject: DT, surveillance, and "the policeman inside"
In-Reply-To: <9407191057.AA16076@cybele.unm.edu>
Message-ID: <m0qQKjZ-0005GEC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

Kragen Sittler writes:

> Clipper is flopping and will continue
> to flop.  DT, in whatever form, will never be useful; the government
> simply does not have the resources to closely watch the phone network.

The fact that DT allows real-time monitoring of conversations is secondary;
the interesting effect is that it creates (to steal from .. Burroughs?)
"the policeman inside", who *does* watch us at every moment. Surveillance
can cause the subject to become his/her own watcher, an autonomous unit of
self-suppression. This is the real danger of Clipper and DT.
 

-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLiwniH3YhjZY3fMNAQFZrgP8CDQDfwteIUkPGEbvUNvBbDQ+N11IFHrC
UbOrLnTDGGYRuyrfrE66k7uKC/E3Pnr8ByfeioQSl98XVtNxBqGYrvRs/MoqZtoC
V6K6LiDcmZ6TAsTXXsnuNvjdSBJVONH0yPIhiQrsLPK9XvlwyTmVmHtat4htu/Sf
nMnHeYUVz3k=
=fxC5
-----END PGP SIGNATURE-----




From sandfort at crl.com  Tue Jul 19 13:15:34 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 19 Jul 94 13:15:34 PDT
Subject: YOUR TAX DOLLARS AT WORK
Message-ID: <Pine.3.87.9407191346.A16947-0100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I just heard on the news that 1300 IRS employees have been
disciplined for unauthorized accesses to electronically filed
income tax returns.  An IRS spokesperson said that under the
current electronic filing system, there is no way to prevent
unauthorized access, change, disclosure or loss of returns.  As
you may recall, last month the GSA told us the IRS could hand its
paper based accounts either.

I'm sure they will do much better, though, when the FBI runs the
phone system, the Post Office controls digital identity and
Hillary takes care of our health.

May you live in interesting times,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From blancw at microsoft.com  Tue Jul 19 13:17:32 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 19 Jul 94 13:17:32 PDT
Subject: FW: Federal Control of Financial Transactions
Message-ID: <9407192017.AA16238@netmail2.microsoft.com>


Some comments on Duncan's post:

All of the arguments which he proposes against reasons why the 
government can't succeed are true and accurate; however, it is one of 
those things where "you know and I know, but *they* don't know"......

The examples which you relate of government failures from inefficiency, 
etc. have been proven time and again in history, but in that case why 
does history keep repeating itself, in slightly different variations.

"......why doesn't Clinton impose wage and price controls, exchange controls,
tariffs, and a full-blown industrial policy?"

If he can succeed in implementing the Health Plan, and if the National 
ID were accepted, that would probably next on his agenda (if he were to 
be re-elected  [2 more years]).
One saving grace from all the discussions which are going on of the 
above projects is that they presently are just discussions, and if they 
could just be kept discussing these things, none of them will ever be 
accomplished.  By the time the discussions are finished, everyone will 
have version 10.x of every computer app and all companies will be "virtual".

Blanc






From blancw at microsoft.com  Tue Jul 19 13:43:10 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 19 Jul 94 13:43:10 PDT
Subject: Come On
Message-ID: <9407192042.AA17822@netmail2.microsoft.com>


I think that because there are proportionately so very few females on 
the list who post, that the gentlemen sometimes forget themselves and 
include some "men talk".  But I haven't noticed anyone follow up on it; 
 they never carry on and on as they do about LD (a much more 
interesting topic), and it isn't long before they get back to random 
numbers, Clipper, PGP, the intricacies of money laundering, etc.

Blanc





From blancw at microsoft.com  Tue Jul 19 13:50:18 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 19 Jul 94 13:50:18 PDT
Subject: the Cypherpunk and the Shadow
Message-ID: <9407192050.AA18369@netmail2.microsoft.com>


It's nice to see an intelligent & honest post from you, LD, even if I 
do disagree with you in your attitude and your methods of dealing with 
what you perceive as hypocrisy from the c'punks.

I would like to address the issues which you brought up, but I don't 
want to bother the list with my comments, as I know that many have 
already gone through these too often and you are not satisfied with 
their rebuttals.   Won't you reply to me personally, so that I may 
present a superior argument (mine).

Blanc





From werner at mc.ab.com  Tue Jul 19 13:53:52 1994
From: werner at mc.ab.com (tim werner)
Date: Tue, 19 Jul 94 13:53:52 PDT
Subject: Schneier
Message-ID: <199407192053.QAA08098@sparcserver.mc.ab.com>


>Date: Mon, 18 Jul 1994 23:18:40 -0400
>From: kentborg at world.std.com (Kent Borg)
>
>>No.  Schneier is a start, but the source papers...

Speaking of Schneier, I have an upbeat note.

I ordered his book, when it first came out, from the local Borders book
store.  When I went to pick it up, they told me that if I decided to buy it
I could not return it, since it was not a book that they would otherwise
stock.

Today I was there checking out the computer books, and they had a copy on
the shelf, so I guess it was in enough demand that they decided to stock it.

tw





From nobody at shell.portal.com  Tue Jul 19 14:03:49 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Tue, 19 Jul 94 14:03:49 PDT
Subject: Kragen == LD?
Message-ID: <199407192104.OAA28295@jobe.shell.portal.com>


"Kragen J. Sittler", xentrac at cybele.unm.edu, writes:

>I think that the evidence is pretty strong that Sue isn't Larry.
>She's another person completely, with a different posting style, a
>moderate feminist and extreme leftist political stance, a willingness
>(possibly, probably IMHO) to forward unsubstantiated libels (Ollie
>North smuggling drugs?  How likely is that?), a great deal of
>sensitivity to the feelings of others, and a beautiful capacity to find
>symbolism.  I could be wrong about any or all of these, but they are
>my impression on reading her posts, both here and from the new-age
>religion group.

Isn't a "Kragen" a fictional sea beast, something like a giant squid or
octopus?  Something with tentacles?  And isn't Kragen's user name,
xentrac, close to an anagram for tentacle?  And isn't unm the University
of New Mexico, adjacent to Detweiler's home state of Colorado?  And here
Kragen is praising Sue D. Nym for having a "beautiful capacity to find
symbolism", when "her" posts seem to be random garbage?  And didn't all
of Kragen, Sue, and the various anonymous Detweiler posts all appear at
about the same time?  And hasn't Detweiler frequently discussed the use
of multiple pseudonyms to mutually support and praise each other in order
to build up an illusionary reputation?

Makes you wonder...





From catalyst-remailer at netcom.com  Tue Jul 19 14:11:27 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Tue, 19 Jul 94 14:11:27 PDT
Subject: Ms. Nym's stigmata
Message-ID: <199407192111.OAA21143@mail2.netcom.com>


A quick review of the patent stigmata:

> I have been reading some fascinating interpretations of these and 
> other prophecies lately.

Frequent Biblical allusions, particularly fond of apocalyptic references.


>                    I think your cause for privacy would actually be
> *advanced* by promoting an ID *card* under the following condition:

Attempts to mask underlying obsession with veneer of rationality.


> Anyone can obtain as many ID cards as they want.

Fixation on multiple personalities (tentacles, "pseudo-anonymity").


> Before you accuse me of heresy, consider the system of email address
> privacy that was championed earlier by Perry Metzger: you can get any 
 [ and later ]
> Well, I do not appreciate threats in my mailbox such as "Go away--I'm not
> as gentle as Perry Metzger". I can't believe how torqued-up all you guys
> are. This mailing list is like a firing range.

Frequent mention of Perry Metzger.
Standard unit of torment: Perry Metzger.


> system with government? Or do you just want to get rid of governments,
> and use "privacy" as the reason? Yikes.

Tireless apologist and supporter of government.


> People, you may successfully get me to lose this account for no reason.

Paranoia never far below the surface.





From jya at pipeline.com  Tue Jul 19 14:24:30 1994
From: jya at pipeline.com (John Young)
Date: Tue, 19 Jul 94 14:24:30 PDT
Subject: Card Playing Protocol
Message-ID: <199407192123.RAA28461@pipe1.pipeline.com>



Responding to msg by kentborg at world.std.com (Kent Borg) on Mon, 
18 Jul 11:18 PM

>>No.  Schneier is a start, but the source papers...
>
>So I should wonder about how to find the sources 
>mentioned in  his bibliography?


kb, the Kent who is only human:

Get <who cypherpunks> and assign each c'punk, alphabetically, 
to send you 900/#c'punks sources.






From sidney at taurus.apple.com  Tue Jul 19 14:31:12 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Tue, 19 Jul 94 14:31:12 PDT
Subject: the Cypherpunk and the Shadow
Message-ID: <9407192131.AA05790@federal-excess.apple.com>


Please point me to appropriate references if I am going over old territory.

What if an anonymous remailer required that messages were digitally signed?
To use such a remailer, you would have to register an e-mail address and
public key with the remailer. Mail that you send through the remailer would
only go through if it were properly signed with your key. The return
address on the remailed message would be something that the remailer could
use to get replies back to you. Chained remailing would still be possible
if each remailer signed the messages that it sent out, verifying that it
had been received from an address that is registered with it (which may be
a user or another such remailer).

This would provide a way of dealing with someone mail-bombing a remailer or
through a remailer, because the messages from one person could be
identified and filtered out either by the remailer or later on, as
appropriate. If someone tried to generate a million different identities
and public keys, that could be dealt with by imposing a time delay for
registration, which would not have to be imposed under normal
circumstances.

The current cypherpunk remailers maintain strict anonymity by not keeping
records the way the Finnish anonymous remailer does. But if you want to be
able to get a reply, you still have to place an encrypted reply block in
your message, which the remailer can decrypt, so you still lose anonymity
in the case that someone compromises the remailer. That is no better than
registering an e-mail address (which can be your anonXXXX address anyway)
that the mailer stores encrypted along with your public key.

For that matter, this would work if everyone had to register a public key
with the remailer in order to send mail through it, but only people who
wanted to be able to receive replies also registered their e-mail address.
Then the only thing that would be required to prevent a mail-bomb attack
would be to enforce a registration delay during such time as it became
necessary.

Having all messages identified, even though still anonymous, would make
building of reputations possible.

 -- sidney markowitz <sidney at apple.com>








From sandfort at crl.com  Tue Jul 19 14:40:06 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 19 Jul 94 14:40:06 PDT
Subject: PRIVACY SEMINAR
Message-ID: <Pine.3.87.9407191312.A22205-0100000@crl2.crl.com>


C'punks,

Several of you have asked *where* my proposed privacy would be held.  The
answer is "cyberspace," natch.  It would be "free" to you, but TANSTAAFL
(There Ain't No Such Thing As A Free Lecture).  Duncan and I, however,
retain the right to charge you through the nose for personal consultations
or services.  The "when" questions will be answered as soon as Duncan and 
I can come up with a good plan of action.

Thanks for all the positive responses.


 S a n d y








From ebrandt at muddcs.cs.hmc.edu  Tue Jul 19 14:40:07 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Tue, 19 Jul 94 14:40:07 PDT
Subject: Kragen >= LD
In-Reply-To: <199407192104.OAA28295@jobe.shell.portal.com>
Message-ID: <9407192138.AA29409@muddcs.cs.hmc.edu>


> Isn't a "Kragen" a fictional sea beast, something like a giant squid or
> octopus?  Something with tentacles?

No, that's a "kraken".

> And isn't Kragen's user name, xentrac, close to an anagram for tentacle?

Uh, no.  "tenracx"?  "rentacx"?

> And didn't all of Kragen, Sue, and the various anonymous Detweiler
> posts all appear at about the same time?

No, Kragen Sittler long predates "Sue D. Nym".  And frankly, I wouldn't
care if he were Detweiler, because he doesn't act like a loon.  You,
on the other hand, are skirting that line.

   Eli   ebrandt at hmc.edu





From adwestro at ouray.Denver.Colorado.EDU  Tue Jul 19 16:16:23 1994
From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope)
Date: Tue, 19 Jul 94 16:16:23 PDT
Subject: Kragen == LD?
Message-ID: <qR5Bkaa0i-qU067yn@ouray.denver.colorado.edu>


> octopus?  Something with tentacles?  And isn't Kragen's user name,
> xentrac, close to an anagram for tentacle?  And isn't unm the University
> of New Mexico, adjacent to Detweiler's home state of Colorado?

The Alliance for Bandwidth Conservation (ABC), asked me to point out:

LD> I don't have a voice without them. My Nyx account would be
LD> censored immediately from your screeching complaints if I didn't
LD> post through them!

LD's account is anon????@nyx.cs.du.edu (? = hex digit).  This is the
first I knew of this, but it doesn't surprise me -- Nyx is a public
access site at the University of Denver.   And please don't all
mailbomb his overworked sysadmin (who volunteers his time to run Nyx),
right away.  LD's been fairly mild lately, compared to last Nov-Dec.  I
think it suffices for him to know that this will occur if he becomes
abusive -- damn surprised he mentioned Nyx, in fact!  His sysadmin
*can* correlate anon accounts with True Names, if necessary.

btw, anyone can telnet there and read the list gated as newsgroup
mail.cypherpunks.  You'll have to jump through some hoops to be able
to post from there, though.

Sigh...awaiting the (awestrop = Detweiler?) thread,

Alan Westrope                  <awestrop at nyx.cs.du.edu>
__________/|-,                 <adwestro at ouray.denver.colorado.edu>
   (_)    \|-'                  finger for pgp 2.6 public key
PGP fingerprint:  D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23





From collins at newton.apple.com  Tue Jul 19 16:17:07 1994
From: collins at newton.apple.com (Scott Collins)
Date: Tue, 19 Jul 94 16:17:07 PDT
Subject: Non-determinism forever. (was -- Re: GUT and P=NP)
Message-ID: <9407192254.AA27028@newton.apple.com>


At  9:58 PM 18.7.94 -0700, Eric Hughes wrote:
  >Non-determinism is only another way of rephrasing the existential
  >quantification.

I agree.

Entropy, like velocity, is relative.  `Non-deterministic' is the label we
apply to the unknown or possibly unknowable.  Non-deterministic algorithms
(or thought experiments) work by `knowing more than we do'.  They guess the
un-guessable: the correct answers to problems we can't solve readily any
other way.  From their point of view, for some reason, it's not
un-guessable.  This very attribute makes them un-guessable to us.

We simulate `guessing' correctly by exhaustive search (check out, e.g.,
NFA's and pattern matching).  "Is P==NP?" is roughly equivalent to "For
every problem that you could `guess' the answer if only you knew how---and
can prove the answer correct without guessing---is there a shortcut (that
meets some strong criterea)?"

If P==NP is ever proven it _will_ have an impact on a large class of
problems (and the effect will depend on the nature of the proof), but not
all problems.  Some problems are harder than NP, e.g. decrypting a message
encrypted with a truly random OTP.  Even if you guess the correct
decryption, you can't prove it's right without guessing.

Currently, lacking `THE shortcut', P != NP (in the practical sense; _not_
the theoretical).  Even if it becomes the case that, demonstrably, P == NP
in both the practical and theoritical sense, the world will still be an
interesting place (in both the practical and theoretical sense).


Scott Collins     | "Invention, my dear friends, is 93% perspiration,
                  |  6% electricity, 4% evaporation, and 2% butter-
  collins at acm.org |  scotch ripple."                   -- Willy Wonka
..................|..................................................
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
408.862.0540   fax:974.6094   R254(IL5-2N)   collins at newton.apple.com
.....................................................................
408.257.1746  1024:669687                         catalyst at netcom.com







From johndo at microsoft.com  Tue Jul 19 16:18:59 1994
From: johndo at microsoft.com (John Douceur)
Date: Tue, 19 Jul 94 16:18:59 PDT
Subject: Why triple encryption instead of split+encrypt?
Message-ID: <9407192229.AA24565@netmail2.microsoft.com>


-----BEGIN PGP SIGNED MESSAGE-----

>From:  <solman at MIT.EDU>
>Date: Tuesday, July 19, 1994 2:31PM

>You are then quite correct that meet-in-the-middle attacks can be
>done, but the key to the first encryption (the hashing multiplex) is 112
>bits (for the split into two parts version) which would require 2^112
>stored messages, substantially more than could possibly be stored by
>anybody ever (well, I guess ever is a bad word to use in this context).

There are two separate operations here.  One is splitting the plaintext:

	P0, P1 = S_KS(P)

The other is generation of the splitting key.  I assume independent
generation of the splitting key both because it maximizes the total
keyspace and because it avoids the confusion that I believe is evidenced
by the above quoted paragraph.  To wit:  You have suggested generating
the split key with a one-way hash of the DES keys:

	KS = hash(concat(K0,K1))

If the concatenation of the DES keys is 112 bits, then there are 2^112
possible values of the concatenation.  However, the hashing of this
value is not the first of the two encryptions; the splitting of the
plaintext is the first encryption, and the hash is merely a mechanism
for generating the splitting key.  The domain of KS is the determinant
of the size of the intermediate memory in a brute-force
meet-in-the-middle attack.

Furthermore, even for an independently generated splitting key, if the
size of the domain of KS is greater than the size of the domain of K0
or K1, then the DES-decrypted values can be stored as the intertext,
requiring no more memory than that required for decrypting double DES.

>I still believe that the security
>of the scheme, even when just splitting into two parts and using the hash
>of the keys to multiplex the split, is much worse (by more than a couple
>of factors of two) than DES.

I suspect that you mean better, not worse [smiley deleted by censor].
I do not contest this claim, but I consider a more pertinent metric to
be the security of this scheme relative to that of double DES.  One
decomposite of the split+encrypt algorithm can be viewed as:

	C = E_K0(S0_KS(P))

And an analogous double DES encryption is:

	C = E_K0(E_K1(first_half(P)))

For the sake of argument, I'll assume that the domains of KS and K1 are
equal in size.  Thus, a brute-force meet-in-the-middle attack will
require the same number of encryptions and the same amount of memory in
both cases, although the amount of computational power required will be
somewhat less in the case of split+encrypt because the splitting is less
computationally intensive than DES.

However, the splitting algorithm is relatively simple, far more so than
DES.  It is unlikely that a brute-force approach is necessary to
cryptanalyze the splitter.  For example, consider the following
splitting algorithm:

	p0[i] = (p[i+1] & ~key) | (p[i] & key);
	p1[i] = (p[i+1] & key) | (p[i] & ~key);

This is particularly simple, and I chose it to be so for simplicity of
discussion.  Imagine that our cryptanalytic algorithm begins as follows:
Decrypt first block of ciphertext with each possible DES key; check to
see if the resulting intertext could possibly have come from first block
of known plaintext; if so, store the key; continue.  Without looping
through all possible split keys, we can determine whether the intertext
could have come from the plaintext:

precompute:

	bits_in_common = ~(p[0] ^ p[1]);  // ^ = XOR
	must_be_1 = bits_in_common & p[0];
	must_be_0  = bits_in_common & ~p[0];

inside loop:

	if (test_block & must_be_0 | ~test_block & must_be_1)
		test_block could not be from plaintext

This greatly shortens the amount of memory required for the search,
making the algorithm much less secure than double DES.  You may respond
by suggesting improvements to the splitting algorithm, such as
multiple-bit dependency; but there are doubtless other weaknesses that
could be exploited.  I did not spend a lot of time on the above
technique; persons more qualified than I am, devoting serious time to
the problem, will certainly develop better cryptanylitic attacks.  I
think you will be very hard pressed to develop an algorithm anywhere
near as secure as DES.

JD

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLixRSUGHwsdH+oN9AQE4QgP8CMTmnk0It9Y4qWK08j9jLWCEYn2gLrEr
+b17avqtVE/ArvLh3g6wHLQ4bMU0UOuLyNI0abk19FM7agqYT3WLo+U36DvU4qDJ
9lsyyUfqHgYrXOMGAPG/Kzg4ixqo+9IiCvnFxMbsniPnlCT5l5UuEOBLlAPqyrNQ
ggvcxZ4a4rU=
=gPdN
-----END PGP SIGNATURE-----





From xentrac at cybele.unm.edu  Tue Jul 19 16:20:03 1994
From: xentrac at cybele.unm.edu (Kragen J. Sittler)
Date: Tue, 19 Jul 94 16:20:03 PDT
Subject: Ms. Nym's stigmata
In-Reply-To: <199407192111.OAA21143@mail2.netcom.com>
Message-ID: <9407192229.AA20496@cybele.unm.edu>


catalyst-remailer at netcom.com:
> A quick review of the patent stigmata:
> 
> > I have been reading some fascinating interpretations of these and 
> > other prophecies lately.
> 
> Frequent Biblical allusions, particularly fond of apocalyptic references.
> 
> >                    I think your cause for privacy would actually be
> > *advanced* by promoting an ID *card* under the following condition:
> 
> Attempts to mask underlying obsession with veneer of rationality.
> 
> 
> > Anyone can obtain as many ID cards as they want.
> 
> Fixation on multiple personalities (tentacles, "pseudo-anonymity").

But she doesn't demonstrate the maniacal hatred for multiple
pseudonyms that LD did.  In fact, she's supporting them.

> > Before you accuse me of heresy, consider the system of email address
> > privacy that was championed earlier by Perry Metzger: you can get any 
>  [ and later ]
> > Well, I do not appreciate threats in my mailbox such as "Go away--I'm not
> > as gentle as Perry Metzger". I can't believe how torqued-up all you guys
> > are. This mailing list is like a firing range.
> 
> Frequent mention of Perry Metzger.
> Standard unit of torment: Perry Metzger.

Someone sent the mail she mentions.  I think that it was an excellent
example of 'extreme go-away mail'.  It's not her fault that the person
who sent the most militant message of paranoia mentioned pmetzger.

I don't think the few mentions of him in what she has posted have
exceeded normal levels.

> > system with government? Or do you just want to get rid of governments,
> > and use "privacy" as the reason? Yikes.
> 
> Tireless apologist and supporter of government.

This sounds like what an average person would say if you showed them
messages saying things like 'the reason I like crypto is that it's a
hammer with which to smash the State.'  She doesn't sound like a
'tireless apologist and supporter'; she sounds like a non-anarchist.

> > People, you may successfully get me to lose this account for no reason.
> 
> Paranoia never far below the surface.

She's telling the truth.  She's recognizing the reality that if a
couple of hundred people complain about her being LD, it's likely that
support at netcom is likely to terminate her account with extreme
prejudice, without listening to her insistence that she's not.

I don't think that's paranoid.  Do you?

Kragen






From xentrac at cybele.unm.edu  Tue Jul 19 16:20:14 1994
From: xentrac at cybele.unm.edu (Kragen J. Sittler)
Date: Tue, 19 Jul 94 16:20:14 PDT
Subject: Kragen == LD?
In-Reply-To: <199407192104.OAA28295@jobe.shell.portal.com>
Message-ID: <9407192219.AA20432@cybele.unm.edu>


Man, when I got this post, I just about fell off my chair laughing.

nobody at shell.portal.com:
> "Kragen J. Sittler", xentrac at cybele.unm.edu, writes:
> 
> >I think that the evidence is pretty strong that Sue isn't Larry.
> >She's another person completely, with a different posting style, a
> >moderate feminist and extreme leftist political stance, a willingness
> >(possibly, probably IMHO) to forward unsubstantiated libels (Ollie
> >North smuggling drugs?  How likely is that?), a great deal of
> >sensitivity to the feelings of others, and a beautiful capacity to find
> >symbolism.  I could be wrong about any or all of these, but they are
> >my impression on reading her posts, both here and from the new-age
> >religion group.
> 
> Isn't a "Kragen" a fictional sea beast, something like a giant squid or
> octopus?  Something with tentacles?

No, that's a 'kraken'. :D

>  And isn't Kragen's user name,
> xentrac, close to an anagram for tentacle?

No, it's 'Kragen' rot13'ed, with a 'c' added to the end. :D

> And isn't unm the University
> of New Mexico, adjacent to Detweiler's home state of Colorado?

So?  Are you suggesting that being 200 miles away rather than 1000
miles away makes it easier to get a fake account?

> And here
> Kragen is praising Sue D. Nym for having a "beautiful capacity to find
> symbolism", when "her" posts seem to be random garbage?

Well, you see, I associate with people who think in the ways she is
accustomed to thinking, and I can see the beauty in them.  I suspect
that most of the cypherpunks don't.

> And didn't all
> of Kragen, Sue, and the various anonymous Detweiler posts all appear at
> about the same time?

No, I've been on the list as to1sittler at apsicc.aps.edu, xentrac@(I
can't remember).unm.edu, and here, since right before clipper broke.
This doesn't, of course, prevent me from being LD.  But I'm not.

Eric Hughes might remember me.  In fact, he might even give me the
"most abusive unsubscribe message" award. *sheepish look*.

> And hasn't Detweiler frequently discussed the use
> of multiple pseudonyms to mutually support and praise each other in order
> to build up an illusionary reputation?
> Makes you wonder...

LD thinks I'm Eric Hughes.  If you like, I could email you a bunch of
messages I exchanged with him one midnight.

Gee.  I've never been accused of being Larry Detweiler before. :D

Kragen




From sidney at taurus.apple.com  Tue Jul 19 16:21:32 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Tue, 19 Jul 94 16:21:32 PDT
Subject: the Cypherpunk and the Shadow
Message-ID: <9407192158.AA06714@federal-excess.apple.com>


I said:
>If someone tried to generate a million different identities
>and public keys, that could be dealt with by imposing a time delay for
>registration

Whoops. Of course that wouldn't work. If a delay was imposed after any
registration before processing any next one, then there's an obvious denial
of service attack by simply sending in lots of registrations. And if there
isn't, someone can simply register a zillion different e-mail addresses and
public keys and send each copy of a mail bomb from a different one. Someone
who wants to build up a reputation can already do it anonymously (like
Pr0duct Cypher), while someone who wants to make trouble doesn't need to
build up a reputation. Oh well.

 -- sidney <sidney at apple.com>








From jya at pipeline.com  Tue Jul 19 16:27:12 1994
From: jya at pipeline.com (John Young)
Date: Tue, 19 Jul 94 16:27:12 PDT
Subject: Come On
Message-ID: <199407192326.TAA21515@pipe1.pipeline.com>



Responding to msg by SADLER_C at HOSP.STANFORD.EDU ("Connie Sadler 
(415)725-7703") on 19 Jul 1994 

<I find lines like the above very offensive/non-professional. I 

>won't let it stop me from continuing on, but what's the 
>point? I really don't get it.
>
>CS - 


Glad you posted.  I don't get it either.

John





From pfarrell at netcom.com  Tue Jul 19 16:27:59 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Tue, 19 Jul 94 16:27:59 PDT
Subject: Reputation
Message-ID: <69876.pfarrell@netcom.com>


In message Tue, 19 Jul 94 14:31 EDT,
  nelson at crynwr.com (Russell Nelson)  writes:

> This leads me to wonder how encryption helps make portable
> reputations?  Can it even?

Chaum did some work on credentials without identity. Pretty interesting
stuff. But I haven't seen any of the c'punks pursuing it.

Anybody interested in doing some real work on this?

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From lefty at apple.com  Tue Jul 19 16:37:19 1994
From: lefty at apple.com (Lefty)
Date: Tue, 19 Jul 94 16:37:19 PDT
Subject: 
Message-ID: <9407192334.AA19509@internal.apple.com>


>On Tue, 19 Jul 1994 nobody at shell.portal.com wrote:
>> Isn't a "Kragen" a fictional sea beast, something like a giant squid or
>What does this have to do with crypto?

Yawn.

What did _that_ have to do with crypto.

Here, I'll save you some time: what does _this_ have to do with crypto?

Not much, I guess, but I always _did_ wonder where Superman's dog got that
stupid cape. Do you suppose the _dog_ had a "secret identity", too?


--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From jya at pipeline.com  Tue Jul 19 16:54:58 1994
From: jya at pipeline.com (John Young)
Date: Tue, 19 Jul 94 16:54:58 PDT
Subject: \"But this is not really related to crypto, so....\"
Message-ID: <199407192354.TAA27079@pipe1.pipeline.com>



Responding to msg by tcmay at netcom.com (Timothy C. May) on Tue, 
19 Jul 12:7  PM


>the house of Cypherpunks has many rooms.


Best thing about it, exceeded only by the fact that 
construction continues without architect.





From paul at hawksbill.sprintmrn.com  Tue Jul 19 16:57:56 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Tue, 19 Jul 94 16:57:56 PDT
Subject: Ms. Nym's stigmata
In-Reply-To: <199407192111.OAA21143@mail2.netcom.com>
Message-ID: <9407200057.AA09069@hawksbill.sprintmrn.com>



> 
> A quick review of the patent stigmata:
>

You forgot to mention tentacles. Lots of tentacles.

- paul

 




From nobody at c2.org  Wed Jul 20 15:54:22 1994
From: nobody at c2.org (Random H0Z3R)
Date: Wed, 20 Jul 94 15:54:22 PDT
Subject: The Infamous 'Sue D. Nym' Spam
Message-ID: <199407200005.RAA01838@zero.c2.org>


nym at netcom.com (Sue D. Nym) wrote:

> I think you must have something against women. In fact, I think 
> the whole list is pretty unbalanced. I haven't seen any other 
> women except Sandy post. If you are trying to create an 
> atmostphere of fear and intimidation, let me say that you have 
> succeeded!

Gawd!  What should the quota for FemiNazis be?  Scared away the 
women just to make room for female impersonators like you?  Did 
you enjoy wearing mommy's clothes when you were "growing up"?  Or 
DID you ever grow up?

> This is a nasty message, but you are being nasty to me for no reason. 

Oh really?  As if we couldn't have figured that out for 
ourselves?

> If you believe in reincarnation (as I do) you will understand 
> that the earthly realm is a place where souls are being recycled. 

Here we go ... another religious spammer on the net.  Why don't 
you go hang out with Ralph (the Mouth) Stokes and Clarence (the 
World is Coming to an End RSN) Thomas IV, and blather each other 
to death.  Take your Shirley MacLaine bullshit elsewhere.

> There are a lot of neat parallels between reincarnation and email 
> addresses.

Are you what Detweiler died and became reincarnated as?  If so, 
Karma dealt him poetic justice, I'd say.

> I hope you can get over your obvious intolerance, Perry.

Probably as soon as you get back on your broom and fly away.






From solman at MIT.EDU  Wed Jul 20 15:54:23 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Wed, 20 Jul 94 15:54:23 PDT
Subject: Why triple encryption instead of split+encrypt?
In-Reply-To: <9407192229.AA24565@netmail2.microsoft.com>
Message-ID: <9407200006.AA27418@ua.MIT.EDU>


> There are two separate operations here.  One is splitting the plaintext:
> 
> 	P0, P1 = S_KS(P)
> 
> The other is generation of the splitting key.  I assume independent
> generation of the splitting key both because it maximizes the total
> keyspace and because it avoids the confusion that I believe is evidenced
> by the above quoted paragraph.  To wit:  You have suggested generating
> the split key with a one-way hash of the DES keys:
> 
> 	KS = hash(concat(K0,K1))
> 
> If the concatenation of the DES keys is 112 bits, then there are 2^112
> possible values of the concatenation.  However, the hashing of this
> value is not the first of the two encryptions; the splitting of the
> plaintext is the first encryption, and the hash is merely a mechanism
> for generating the splitting key.  The domain of KS is the determinant
> of the size of the intermediate memory in a brute-force
> meet-in-the-middle attack.

Agreed so far.

> Furthermore, even for an independently generated splitting key, if the
> size of the domain of KS is greater than the size of the domain of K0
> or K1, then the DES-decrypted values can be stored as the intertext,
> requiring no more memory than that required for decrypting double DES.

Yeah. You're right. Make a table of the backwards DES, then match
against that when attacking the spliting part of the algorithm. I
don't know how I missed that.

> This greatly shortens the amount of memory required for the search,
> making the algorithm much less secure than double DES.  You may respond
> by suggesting improvements to the splitting algorithm, such as
> multiple-bit dependency; but there are doubtless other weaknesses that
> could be exploited.  I did not spend a lot of time on the above
> technique; persons more qualified than I am, devoting serious time to
> the problem, will certainly develop better cryptanylitic attacks.  I
> think you will be very hard pressed to develop an algorithm anywhere
> near as secure as DES.

Agreed (although I'll point out that my splitting algorithm IS dependent
on both keys/) If I want a fast hash based symetric cipher, I'll use
MDC or Luby-Rackoff.

*sigh*

JWS





From mikecap at WPI.EDU  Wed Jul 20 16:04:16 1994
From: mikecap at WPI.EDU (Michael V. Caprio Jr.)
Date: Wed, 20 Jul 94 16:04:16 PDT
Subject: I take it the list is down?
Message-ID: <199407202153.RAA02370@bigwpi.WPI.EDU>




If so, please resubscribe me.  I find it unusual to not have the typical 
20 or so messages waiting for me since my last login...

If not, apologies for the letter.


Mike




From berzerk at xmission.xmission.com  Wed Jul 20 16:05:47 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Wed, 20 Jul 94 16:05:47 PDT
Subject: Come On
In-Reply-To: <199407192326.TAA21515@pipe1.pipeline.com>
Message-ID: <Pine.3.89.9407201541.A9178-0100000@xmission>




On Tue, 19 Jul 1994, John Young wrote:
> Responding to msg by SADLER_C at HOSP.STANFORD.EDU ("Connie Sadler 
> (415)725-7703") on 19 Jul 1994 
> 
> <I find lines like the above very offensive/non-professional. I 
> 
> >won't let it stop me from continuing on, but what's the 
> >point? I really don't get it.
> 
> Glad you posted.  I don't get it either.
I liked the portrail of the wife as being a normal, easily spooked person 
out of a 50's sitcom who was thrown into a james bond world.  Call me 
stupid, but the time when she was trying to dance like a striper and fell 
down was funny.  I thought the whole idea was that this was part comedy 
about this.  I don't hear anyone screaming when arnold trips, or flexes.  

In that sence I don't agree with the statment about "all women are good 
for is..." but I can see how the portrial of a "weak" woman could be 
interpreted as that, and I LIKED the portraial. Just as I liked it in an 
analogous movie with the sex roles reversed.

This is why there was a little :-) on the end of this.

Berzerk.






From berzerk at xmission.xmission.com  Wed Jul 20 16:07:51 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Wed, 20 Jul 94 16:07:51 PDT
Subject: Kragen == LD?
In-Reply-To: <9407192219.AA20432@cybele.unm.edu>
Message-ID: <Pine.3.89.9407201535.A9178-0100000@xmission>


Xr

On Tue, 19 Jul 1994, Kragen J. Sittler wrote:
> So?  Are you suggesting that being 200 miles away rather than 1000
> miles away makes it easier to get a fake account?
Ya, like post office and long distan ce charge more for 1000 miles--NOT!

> Well, you see, I associate with people who think in the ways she is
> accustomed to thinking, and I can see the beauty in them.  I suspect
> that most of the cypherpunks don't.
I do.

> LD thinks I'm Eric Hughes.  If you like, I could email you a bunch of
> messages I exchanged with him one midnight.
> 
> Gee.  I've never been accused of being Larry Detweiler before. :D
I have, join the club.

I am orginizing the psudo-tenticles off detweiler club for people who 
have been labeled tenticles of detweiler by paradoids on this list.

Berzerk.





From mimir at io.com  Wed Jul 20 16:18:27 1994
From: mimir at io.com (Al Billings)
Date: Wed, 20 Jul 94 16:18:27 PDT
Subject: Time Article
In-Reply-To: <199407202153.RAA02370@bigwpi.WPI.EDU>
Message-ID: <Pine.3.89.9407201841.C11590-0100000@pentagon.io.com>



We're listed in the latest issue of Time magazine in their Internet 
article.

--
Al Billings	mimir at io.com	http://io.com/user/mimir/asatru.html
Nerd-Alberich			Admin for Troth - The Asatru E-mail List
Lord of the Nerd-Alfar		Sysop of The Sacred Grove - (206)322-5450
Poetic-Terrorist		Lodge-Master, Friends of Loki Society






From jdwilson at gold.chem.hawaii.edu  Wed Jul 20 16:21:03 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Wed, 20 Jul 94 16:21:03 PDT
Subject: Anti-Clipper Article in "THe Computer Applications Journal"
In-Reply-To: <9407191123.AA05778@gold.chem.hawaii.edu>
Message-ID: <Pine.3.07.9407200621.J11857-b100000@gold.chem.hawaii.edu>



On Tue, 19 Jul 1994 smb at research.att.com wrote:

> Might I suggest that this is not the right newsgroup for anti-Clipper
> articles?  I've never seen *any* Cypherpunk defend it; what's the
> point?  Preaching to the choir?  Repeat doses of brainwashing?
> 

Actually I sent it because I thought the members of this list might be
interested in seeing how they are "presented" in a mainstream tech journal.
Also I was curious to see if members agreed with the statement of the one
member basically speaking for the list, as well as the total lack of reference
to PGP in the article.  Was I off base in my thoughts about the potential
interest in this article?  If so, apologies.

-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>







From rishab at dxm.ernet.in  Wed Jul 20 16:24:33 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 20 Jul 94 16:24:33 PDT
Subject: The east is red
Message-ID: <gate.30esPc1w165w@dxm.ernet.in>



A swallow flew into a school classroom and wept for 10 minutes for 
the Great Leader. Then it prayed for 5 minutes, says North Korean Radio.
Three wild geese wailed and circled over a Kim Il Sung statue. Tri-coloured
clouds and rainbows have appeared to mourn Kim's death.

Meanwhile in Singapore housing societies, closed circuit TV cameras have been 
installed in elevators, connected to TV's in many apartments. Intended to
reduce the handful of people used to urinating in elevators, this will provide
some much needed entertainment to satellite-dish-less Singaporeans.

A letter in the Economist, replying to their story on the problem of too
much growth in Singapore, suggested that the root cause is the 'near-whiplash
speed of the escalators' that makes the citizens a scurrying lot.


Rishab, who's too bemused to laugh.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Wed Jul 20 16:24:34 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 20 Jul 94 16:24:34 PDT
Subject: Time magazine says I'm a hacker
Message-ID: <gate.o9esPc1w165w@dxm.ernet.in>



Time's cover story on the Net says of cypherpunks: "a group of hackers who
believe that powerful encryption will set them free". Huh |-*

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From cardtris at umich.edu  Wed Jul 20 16:25:27 1994
From: cardtris at umich.edu (Jennifer Mansfield-Jones)
Date: Wed, 20 Jul 94 16:25:27 PDT
Subject: Come On
In-Reply-To: <Pine.3.89.9407191353.A8844-0100000@xmission>
Message-ID: <Pine.3.89.9407200953.A29059-a100000@defender.rs.itd.umich.edu>

******
> Anyone ever made a titanium bullet?(before the prohabition or with the 
> proper govt. approval, of cource)

     The bench-rest rifle crowd have almost certainly tried that
along with everything else imaginable.  You might ask on rec.guns.
I assume one would use a sabot to avoid tearing up the barrel.
  regards, 
  [insert std non-crypto-apology]
                                      -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dept. of Biology                             Jennifer Mansfield-Jones
University of Michigan                             cardtris at umich.edu




From pkm at maths.uq.oz.au  Wed Jul 20 16:26:26 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Wed, 20 Jul 94 16:26:26 PDT
Subject: Cypherpunks & math
In-Reply-To: <Pine.3.89.9407191010.A2415-0100000@zoom.bga.com>
Message-ID: <9407201245.AA23657@axiom.maths.uq.oz.au>



I was slightly suspicious of this posting at first. But I don't see
what damage replying would do. My only reservation is that I find many of 
the "SUBJECT" titles too vague for proper analysis. After all, "discrete"
mathematics covers quite a lot. So I'll just go through it bit by
bit...

> 
> I know I'll regret this, but...
> I've seen a lot of comments by folks that indicates a high level of
> mathematical sofistication <sic - pkm... sorry :-) >.  So I'm curious.
> 
> Please e-mail me as follows:
> SUBJECT: nomath              If you've not had some Discrete Math course.
> SUBJECT: discrete            If you've had Discrete Math.

Well, yes... I have had quite a bit of discrete mathematics. However I
wouldn't be able to categorize it into one snappy word entry. I am mainly
interested in group theory (and am in fact doing my B. Sc. on it). Other
interests: combinatorics, digital communications, set theory, and of
course, everyone's favourite: cryptology and number theory. Oh... does
this section include high-school as well?

> SUBJECT: algebra1            If you've had semester course on algebra.
> SUBJECT: algebra2            If you've had a year-long senior level course
>                                based on Fraliegh or some such.

Assuming that "algebra"="discrete Maths", I have had ~10 odd little subjects
concerning this. Only the first 2 fell into "algebra1". As for "algebra2",
yes, we did use Fraleigh for it, but we packed it into a semester.

> SUBJECT: grad                If you've been to grad school in math.

At the U. of Q. (and a lot of other Australian Universities), the B.Sc. (and
B.A.) is a flat three year course. Doing Honours takes an extra year, and is
classified as postgraduate). So I guess I fall into the "yes" category.

> SUBJECT: firstcourse         If you've had the prelim algebra course. 
>                                      (Hungerford or such)
> SUBJECT: prelim              If you've passed your algebra prelim.

I think I answered this above.

> SUBJECT: orals               If you've passed your oral exam.
> SUBJECT: orala               If your oral had a significant algebra component

I've never actually done any oral exams. Just a few seminar presentations.

> SUBJECT: candidate           If you are a candidate in algebra.
> SUBJECT: phd                 If you have a phd in math.
> SUBJECT: research            If you have published in number theory.

Nope. Nope. Nope.

> 
> I'm an "orala".
> 
> Thanks!
> 

No Problem.

However, as there seems to be some misunderstanding on my part (due to
the different curriculum), I guess that if anyone posts this quiz in future,
there would have to be some redesigning for people from different edu-
cational systems. For example, Engineering is a separate course from
Science down here. I think this is not true in the U.S. (I could be wrong).


Peter.




From frissell at panix.com  Wed Jul 20 16:26:51 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 16:26:51 PDT
Subject: No Subject
Message-ID: <199407201159.AA08053@panix.com>


This week's "Time" has a cover story on Internet and we're in it.

"Spooks vs. Cypherpunks

There is a group of hackers who
believe that powerful encryption
will set them free.  Government
spooks don't mind if these so-
called cypherpunks use codes to
lock up secrets, so long as the
spooks hold the back-door key."

DCF

"I don't care what you say about me as long as you spell my name right."






From frissell at panix.com  Wed Jul 20 16:27:36 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 16:27:36 PDT
Subject: Censorship in Cyberspace in London Sunday Times
Message-ID: <199407201117.AA03897@panix.com>


Last Sunday's Times (of London) had a cover story in the color supplement
entitled "Lost in Cyberspace" by Stephen Amidon about the fact that you
can't censor same.  Included history of film and video censorship in the UK.
Sober.  No mention of TDPs (Terrorists, Drug-dealers, Pederasts).  Said
governments and major corporations were worried.  Mentioned virtual sex.
Suggested we try giving people other interests rather than censoring their
inputs (since we can't anyway.

DCF

"If you think that those people are worthy or capable of ruling you then
you're probably right."







From frissell at panix.com  Wed Jul 20 16:28:02 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 16:28:02 PDT
Subject: Leaving the Country
Message-ID: <199407201118.AA03940@panix.com>


At 10:24 AM 7/19/94 -0700, Timothy C. May wrote:

>Precisely! For those of us whose assets are already "visible," in the
>form of real estate or stock or the like, the prescripions of some on
>this list to "ignore them and they'll be powerless" (a paraphrase of
>this scofflaw approach) is not at all persuasive.

Tim, you have the *easiest* situation not the hardest.  The hardest
situation is a high-income professional in a licensed profession who has to
work and can't really move.  Since you are in the "great army of the
unemployed," you can move easily and your assets can be fairly easily
converted to cash.  You might lose on your real property (depending on when
you bought) but that has always been the downside of property.

Marc Rich certainly earned a lot of money in a reasonably conventional way
and is living comfortably in Switzerland.  Switzerland is lovely this (or
any other) time of year.  Proof:

http://martigny.ai.mit.edu/photos/photo_album.html      - Photos of Swizerland

I know you like the Bay Area (as do I) but the net is there in Switzerland
and the interface improves from year to year.  If you want to do things
strictly legally, expatriate, secure a second citizenship, renounce your US
citizenship, wait ten years, and you'll be able to visit the US for up to
180 days a year.  You could take this step given your situation but I know
it can be a big one.  Consider though if your US citizenship is worth so
many $thousands/year plus a hefty chunk if you die (extropians isn't the
same without you).

One can always take small steps the first one of which should be to
internationalize your investments and yourself.  If you practice living
"outside the jurisdiction" you might find that you like it.  I know you like
the Bay Area (as do I) but the net is there in Switzerland and the interface
improves from year to year.  I'm not advocationg a particular course here
just pointing out possibilities.

The best way for an ordinary working stiff to minimize the tax consequences
of his earnings is to work on a contract basis so he has no investment in a
particular asignment and his job cannot be used to control him.

>Having been invited in to "chat" with my regional IRS officials in San
>Jose on a couple of occasions, and seeing my stock broker's wonderful
>computerized statements being forwarded to these same folks, I don't
>hold out much hope for escaping.

When the IRS knocked on the gate of Heinlein's place at 5000 Bonny Doone
Road (or was that 26000?) above Santa Cruz, he told them to get lost and
write to his attorney.

>Now I suppose some might say this is my fault, for not having acquired
>the assets in a foreign tax haven like the Cayman Islands, or not
>having lived my life by leasing my cars, only renting houses, etc.
>These were not options. 

It's not too late.

>While it is certainly true than I can easily hide modest amounts of
>assets, hiding large amounts is usually a one-way street. That is, the
>legal and jurisdictional repercussions have to be very carefully
>considered, as they can't be reversed once taken.

Mighty oaks from little acorns grow.  The habitual practice of disobedience
in small things helps you disobey in the large things when your life may
depend on it.

>Maybe they exist. I'm sure some people have hidden assets from the tax
>collector and still lived in the U.S. or other high tax rate states.

Those who become PTs often live (serialy) in high tax states with perfect
legallity:

ftp://furmint.nectar.cs.cmu.edu/security/perpetual-traveler.html

>But I'm not at all convinced by arguments that because some people
>have piled up unpaid traffic tickets, or have no assets to seize, and
>are hence "judgement proof," that this helps me or anyone else in my
>position (a bunch of my Silicon Valley friends, concretely enough).

It is not a matter of tax planning but a matter of psychology.  They have
convinced you to manage your own oppression because it is cheaper and easier
if you do it than if they do it.  They have pushed all your primate buttons
employing techniques that they and their "ancestors in oppression" developed
even before the invention of agriculture.

It is possible to reprogram yourself to disobedience.  I am not particularly
a "tough guy."  On a day-to-day basis I'm reasonably chicken.  But their
culture of oppression infuriates me more than anything.  I can use that fury
to turn down the job of self-jailer that they offer to each of us.

I may suffer from actual oppression from time to time but it won't come from
*me*.  They'll have to spend actual resources.  It will cost them big bucks
for nothing.  Those who *have* met me know that facing my mouth and taking
the abuse therefrom will not be fun.  (It really pisses people off when you
call them copraphagic cretins and they know they've been insulted but they
don't know exactly what you've said.)

Let me give you an example of self-oppression and the ease of resistence in
a less threatening realm.  It is common these days to assign employees to
re-education and self-crticism sessions to cure the modern sins of racism,
sexism, bigotry, and homophobia.  Like the Chinese techniques from which
they were derived, these sessions count on the "sinner" listing all his many
sins and purging them by begging the community for forgivness.  

As a contractor, I am unlikely to even have the opportunity to experience
one of these things but I pity the poor "facilitator" assigned to re-educate
me.  They might have a hard time handling: "Since you, yourself, have
discriminated on the basis of race, creed, color, sex, age, alienage,
previous condition of servitude, sexual or affectional preference, handicap,
marital status, and veteran status in the selection of friends and sexual
partners, you have a whole hell of a lot of nerve telling me that I can't do
the same thing in *my* associations."

>I'm sure the judgement-proofing Duncan Frissell talks about has worked
>for him, in his situation, but I've seen no convincing way to get from
>"here" to "there" in a way that I am remotely comfortable with.

We are still in the Rev 0.99a Alpha testing stage.  The interface is a bit
rough and since it's a Windows app we do have "General Protection Fault"
problems.  When you're out on the "bleeding edge" of technology, you
sometimes bleed.

Once enough people notice that they are free, it will be like Checkpoint
Charlie at 2200 hrs (+1) on 09 November 1989.  You know how it is.  You
remove a cage from around a zoo animal and it takes him a while to notice he
can leave.  He will continue to pace his old path until he discovers his
freedom.

>I'd suggest that if Duncan really knows a way to do this--one that
>takes into account people's _current situations_, as opposed to
>suggesting that they should have chosen a different path in the
>past--then he should have no problem earning a million dollars a year
>as a tax consultant.

I don't know where you got the idea that I have focused on people's past
situations in my analysis.  Since you have day-to-day control of your assets 
and your own time, you can change your social arrangements whenever you like.
I realize that friction exists but I am talking options not mandates.  No
universal coverage here.  My problem with conventional analysis of tax,
investment, and life strategies is that it ignores the full range of
possibilities.  

Since individual human power and range of choices are both increasing,
people should at least be made aware of what can be done.  They need some
options to blind obedience. 

>Not having had the pleasure of meeting Duncan, I can't judge whether
>he's now earning rates like this. (If so, congratulations--and give me a
>call and I'll hire you. If not, why not?)

What I try and do is give people the sort of analysis that they would get
from a lawyer or an accountant if that lawyer or accountant were willing to
treat government as just another entity with no magic status.  A
matter-of-fact approach.  I also direct people to nuts-and-bolts
practitioners (say Ron Rudman in Denver for a Foreign Asset Protection
Trust) if they decide they would like to take some particular action.

The hardest thing to find is an advisor who doesn't have a conflict of
interest (who doesn't serve the state in addition to serving you).

DCF

"Can it ever by moral for the group to do something which is immoral for a
*member* of that group to do?"






From j.hastings6 at genie.geis.com  Wed Jul 20 16:29:50 1994
From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com)
Date: Wed, 20 Jul 94 16:29:50 PDT
Subject: Tax Evasion Morality
Message-ID: <199407200937.AA255947030@relay2.geis.com>


-----BEGIN PGP SIGNED MESSAGE-----
 
Libertarian Political Doctrine 101
 
>I wonder if people are really trying to just avoid taxes through
>privacy.
 
Avoidance is legal, of course, so I assume evasion is what you mean.
Is taxation legalized theft or the price we pay for civilization?
 
- From an individual rights point of view, the assumed government
"social contract" is bogus because it is not voluntary. It is a
coercive monopoly, like a Mafia protection racket with a flag.
Muscle in on the TG's (Territorial Gangsters) turf at your own risk.
But might doesn't make right. Just because thugs in D.C. control
military machines, doesn't give them the right to rob and kill us.
 
Are we obliged to obey them, or should we resist evil?
 
Aside from the support of an elite or a few marginal basket cases, are
we better off with the existing system or with competing courts and
defense agents? Such a non-coercive alternative might provide order
and efficient defense against retail criminals without giving wholesale
power to a centralized gang of political tyrants.
 
A well-connected network, being necessary to the integrity of a free
State (of Being, man), the right of the people to keep and bear strong
cryptography shall not be infringed.
 
Kent - j.hastings6 at genie.geis.com
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3
 
iQCVAgUBLiyHbDQYUX1dU7vxAQGAGgP/Skez+0dumZOg+jqX1R8qPa6dFkktY0ab
E48er0KVakS+C8HRVrnsX3sEu5jl5it1P1eRU07WyjHub8hKBhvXxvFcV2NkUpSN
0VHn7OstiFBClOo6QYjTRjvwA0r0RpGJpHnADZjYJT+fipiS193RX7VZL59AvkMW
OFcwgzSU0Hw=
=b8ZX
-----END PGP SIGNATURE-----





From j.hastings6 at genie.geis.com  Wed Jul 20 16:29:53 1994
From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com)
Date: Wed, 20 Jul 94 16:29:53 PDT
Subject: Voice/Fax Checks
Message-ID: <199407200937.AA255897028@relay2.geis.com>


-----BEGIN PGP SIGNED MESSAGE-----
 
I got an interesting fax today from someone promoting "Telephone
Check Payment Systems, a division of Financial Planning Associates,
a company that has been in existence for 17 years."
 
Excerpts:
"Paper drafts are established as a legal method of payment as
provided in the Uniform Commercial Code, Title 1, Section 1-201 [39]
and Title 3, Sections 3-104, 3-401 and 3-403; Code of Federal
Regulations, Title 12 Chapter II, Part 210; and Regulation J, Federal
Reserve Bank, Part 2, Sections 4A-201 to 4A-212. Only verbal agreement
is required for authorization. Also see Romani v Harris, 255 Md.389."
 
and...
"Attention Businesses...Accept Personal and Business Checks Over The
Telephone (or by fax) for Your Orders, Payments, Collections and
Donations!"
 
If you want more details about this, drop me a note. I have no
other connection with the company besides the fax from a sales guy,
so far. Does anyone out there know something about this concept?
Could this be useful for a digital cash bank interface?
 
I read in Dvorak's Guide to PC Telecom that the difference between
on-line failures and successes depends on the convenience of payment.
If you needed a credit card to buy a hamburger, McDonald's wouldn't
make many sales.
 
Back to the fax, "There are 65 million consumers who have checking
accounts but do not have credit cards...plus millions of credit card
holders with little or no usable credit currently available on their
cards. You can dramatically increase your sales by tapping into this
huge market with your ability to take check payments over the
telephone. Don't lose that important IMPULSE SALE!" etc. ...
 
Fascinating.
 
Kent - j.hastings6 at genie.geis.com
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3
 
iQCVAgUBLiyIBTQYUX1dU7vxAQFUBgP5AVbEJRlCrYWS+O2sWHaMPpVdZVW3olAs
iPh2T/Uz8L8EnZVSLs01vhH1vzWpNhDYAbSdsnnd+hSXDpxtMMvCPwDovcACnope
53nvlU4NPhSwb1sXskf3TIyk5Fs9J22BY4w2JBndBSco2YRLaratEkmD81LcnIkC
nAAj5UL1tnE=
=uhFf
-----END PGP SIGNATURE-----





From DAVESPARKS at delphi.com  Wed Jul 20 16:33:24 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Wed, 20 Jul 94 16:33:24 PDT
Subject: Triple encryption...
Message-ID: <01HEWTYX500E8ZE0TH@delphi.com>


Mike Johnson wrote:

> Naturally, the two aren't mutually exclusive, but I'll not buy a vault 
> door for my house unless I've got a vault to put it on.

Perhaps not, but I would not call a person who decides to do so, for reasons
of his own, "rabid, clinically paranoid" - a phrase you used in your
original post. While I might chuckle at his inconsistent approach, I wouldn't
call the men in white coats to take him away.  In fact, I DON'T KNOW whether
his approach is "reasonable" or not until I have a chance to evaluate the
perceived threat he's protecting against.  If the potential burglar he's
concerned about is an expert lockpicker who has a phobia about breaking
glass, then your hypothetical "vault door" *MIGHT* make sense, to continue
the analogy. The point being, I'm not in a position to make that decision
for him.

Technically, it might be easier to use the third degree on someone rather
than attempt to break even a 384 bit public key, but sheer level of effort is
not always the whole story.  Let's say I stumbled across an encrypted
message from someone I knew, not addressed to me, that I thought might be
"interesting" to decipher.  I *MIGHT*, hypothetically, be willing to write a
program that would run in the background on my PC, even if it took many,
many years, or even decades, to arrive at a solution by brute force.
Breaking into the guy's house, or torturing his passphrase out of him might
be "faster", or "easier" for me, but that's not the nature of the "threat"
I'd pose, since I, as an "attacker" would also be weighing risks versus
rewards.  While I might be willing to wait years or even decades to satisfy
my curiosity, the message is probably not valuable enough to risk a prison
term for.  Thus, a longer key, more layers of encryption, etc. might make
more sense (for him against me) than buying an expensive safe to store his
keyring in, or splitting it up as a "shared secret" so that a "rubber hose"
attack on any one person would not reveal the entire key/passphrase.

Also, the envelope of encryption protection needs to be "pushed".  As
processing becomes faster and cheaper, currently "secure" technologies could
become vulnerable.  What seems "clinically paranoid" today might seem
"reasonable" in a decade or two, who knows?  Why not get them tested and
proven BEFORE they're absolutely needed, even if that testing is at the
hands of people willing to risk being considered "paranoid"?

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From hfinney at shell.portal.com  Wed Jul 20 16:35:02 1994
From: hfinney at shell.portal.com (Hal)
Date: Wed, 20 Jul 94 16:35:02 PDT
Subject: Non-determinism forever. (was -- Re: GUT and P=NP)
Message-ID: <199407200447.VAA01776@jobe.shell.portal.com>


When I first heard about P and NP and such, I made a common mistake, one
which I think underlies a lot of the misconceptions people have.  I knew
that P meant "polynomial time" and understood pretty well what that meant,
but I mistakenly jumped to the conclusion that NP meant "non-polynomial
time", the complement of P.  It does not, of course; it means "nondeterministic
polynomial time" as others have described.  Basically, if you could _check_
an answer to a problem in polynomial time the problem is in NP, as others
have described here.

Hal





From frissell at panix.com  Wed Jul 20 16:35:51 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 16:35:51 PDT
Subject: Censorship in Cyberspace in London Sunday Times
Message-ID: <199407200350.AA28266@panix.com>


Last Sunday's Times (of London) had a cover story in the color supplement
entitled "Lost in Cyberspace" by Stephen Amidon about the fact that you
can't censor same.  Included history of film and video censorship in the UK.
Sober.  No mention of TDPs (Terrorists, Drug-dealers, Pederasts).  Said
governments and major corporations were worried.  Mentioned virtual sex.
Suggested we try giving people other interests rather than censoring their
inputs (since we can't anyway.

DCF

"If you think that those people are worthy or capable of ruling you then
you're probably right."







From frissell at panix.com  Wed Jul 20 16:37:09 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 16:37:09 PDT
Subject: Leaving the Country
Message-ID: <199407200227.AA13457@panix.com>


At 10:24 AM 7/19/94 -0700, Timothy C. May wrote:

>Precisely! For those of us whose assets are already "visible," in the
>form of real estate or stock or the like, the prescripions of some on
>this list to "ignore them and they'll be powerless" (a paraphrase of
>this scofflaw approach) is not at all persuasive.

Tim, you have the *easiest* situation not the hardest.  The hardest
situation is a high-income professional in a licensed profession who has to
work and can't really move.  Since you are in the "great army of the
unemployed," you can move easily and your assets can be fairly easily
converted to cash.  You might lose on your real property (depending on when
you bought) but that has always been the downside of property.

Marc Rich certainly earned a lot of money in a reasonably conventional way
and is living comfortably in Switzerland.  Switzerland is lovely this (or
any other) time of year.  Proof:

http://martigny.ai.mit.edu/photos/photo_album.html      - Photos of Swizerland

I know you like the Bay Area (as do I) but the net is there in Switzerland
and the interface improves from year to year.  If you want to do things
strictly legally, expatriate, secure a second citizenship, renounce your US
citizenship, wait ten years, and you'll be able to visit the US for up to
180 days a year.  You could take this step given your situation but I know
it can be a big one.  Consider though if your US citizenship is worth so
many $thousands/year plus a hefty chunk if you die (extropians isn't the
same without you).

One can always take small steps the first one of which should be to
internationalize your investments and yourself.  If you practice living
"outside the jurisdiction" you might find that you like it.  I know you like
the Bay Area (as do I) but the net is there in Switzerland and the interface
improves from year to year.  I'm not advocationg a particular course here
just pointing out possibilities.

The best way for an ordinary working stiff to minimize the tax consequences
of his earnings is to work on a contract basis so he has no investment in a
particular asignment and his job cannot be used to control him.

>Having been invited in to "chat" with my regional IRS officials in San
>Jose on a couple of occasions, and seeing my stock broker's wonderful
>computerized statements being forwarded to these same folks, I don't
>hold out much hope for escaping.

When the IRS knocked on the gate of Heinlein's place at 5000 Bonny Doone
Road (or was that 26000?) above Santa Cruz, he told them to get lost and
write to his attorney.

>Now I suppose some might say this is my fault, for not having acquired
>the assets in a foreign tax haven like the Cayman Islands, or not
>having lived my life by leasing my cars, only renting houses, etc.
>These were not options. 

It's not too late.

>While it is certainly true than I can easily hide modest amounts of
>assets, hiding large amounts is usually a one-way street. That is, the
>legal and jurisdictional repercussions have to be very carefully
>considered, as they can't be reversed once taken.

Mighty oaks from little acorns grow.  The habitual practice of disobedience
in small things helps you disobey in the large things when your life may
depend on it.

>Maybe they exist. I'm sure some people have hidden assets from the tax
>collector and still lived in the U.S. or other high tax rate states.

Those who become PTs often live (serialy) in high tax states with perfect
legallity:

ftp://furmint.nectar.cs.cmu.edu/security/perpetual-traveler.html

>But I'm not at all convinced by arguments that because some people
>have piled up unpaid traffic tickets, or have no assets to seize, and
>are hence "judgement proof," that this helps me or anyone else in my
>position (a bunch of my Silicon Valley friends, concretely enough).

It is not a matter of tax planning but a matter of psychology.  They have
convinced you to manage your own oppression because it is cheaper and easier
if you do it than if they do it.  They have pushed all your primate buttons
employing techniques that they and their "ancestors in oppression" developed
even before the invention of agriculture.

It is possible to reprogram yourself to disobedience.  I am not particularly
a "tough guy."  On a day-to-day basis I'm reasonably chicken.  But their
culture of oppression infuriates me more than anything.  I can use that fury
to turn down the job of self-jailer that they offer to each of us.

I may suffer from actual oppression from time to time but it won't come from
*me*.  They'll have to spend actual resources.  It will cost them big bucks
for nothing.  Those who *have* met me know that facing my mouth and taking
the abuse therefrom will not be fun.  (It really pisses people off when you
call them copraphagic cretins and they know they've been insulted but they
don't know exactly what you've said.)

Let me give you an example of self-oppression and the ease of resistence in
a less threatening realm.  It is common these days to assign employees to
re-education and self-crticism sessions to cure the modern sins of racism,
sexism, bigotry, and homophobia.  Like the Chinese techniques from which
they were derived, these sessions count on the "sinner" listing all his many
sins and purging them by begging the community for forgivness.  

As a contractor, I am unlikely to even have the opportunity to experience
one of these things but I pity the poor "facilitator" assigned to re-educate
me.  They might have a hard time handling: "Since you, yourself, have
discriminated on the basis of race, creed, color, sex, age, alienage,
previous condition of servitude, sexual or affectional preference, handicap,
marital status, and veteran status in the selection of friends and sexual
partners, you have a whole hell of a lot of nerve telling me that I can't do
the same thing in *my* associations."

>I'm sure the judgement-proofing Duncan Frissell talks about has worked
>for him, in his situation, but I've seen no convincing way to get from
>"here" to "there" in a way that I am remotely comfortable with.

We are still in the Rev 0.99a Alpha testing stage.  The interface is a bit
rough and since it's a Windows app we do have "General Protection Fault"
problems.  When you're out on the "bleeding edge" of technology, you
sometimes bleed.

Once enough people notice that they are free, it will be like Checkpoint
Charlie at 2200 hrs (+1) on 09 November 1989.  You know how it is.  You
remove a cage from around a zoo animal and it takes him a while to notice he
can leave.  He will continue to pace his old path until he discovers his
freedom.

>I'd suggest that if Duncan really knows a way to do this--one that
>takes into account people's _current situations_, as opposed to
>suggesting that they should have chosen a different path in the
>past--then he should have no problem earning a million dollars a year
>as a tax consultant.

I don't know where you got the idea that I have focused on people's past
situations in my analysis.  Since you have day-to-day control of your assets 
and your own time, you can change your social arrangements whenever you like.
I realize that friction exists but I am talking options not mandates.  No
universal coverage here.  My problem with conventional analysis of tax,
investment, and life strategies is that it ignores the full range of
possibilities.  

Since individual human power and range of choices are both increasing,
people should at least be made aware of what can be done.  They need some
options to blind obedience. 

>Not having had the pleasure of meeting Duncan, I can't judge whether
>he's now earning rates like this. (If so, congratulations--and give me a
>call and I'll hire you. If not, why not?)

What I try and do is give people the sort of analysis that they would get
from a lawyer or an accountant if that lawyer or accountant were willing to
treat government as just another entity with no magic status.  A
matter-of-fact approach.  I also direct people to nuts-and-bolts
practitioners (say Ron Rudman in Denver for a Foreign Asset Protection
Trust) if they decide they would like to take some particular action.

The hardest thing to find is an advisor who doesn't have a conflict of
interest (who doesn't serve the state in addition to serving you).

DCF

"Can it ever by moral for the group to do something which is immoral for a
*member* of that group to do?"






From frissell at panix.com  Wed Jul 20 16:37:28 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 16:37:28 PDT
Subject: ID card from hell
Message-ID: <199407200227.AA13400@panix.com>


At 10:53 PM 7/17/94 -0400, David Mandl wrote:

>How much do I get for identifying that quote?  It's from the song "1984"
>by the band Spirit, a single released in late 1969.
>
>I'm really impressed, Duncan.
>
>   --Dave.

Any libertarian "of a certain age" should know the song.  Not much strictly
libertarian rock out there.  No extra points.

DCF

"Avoid possible future war crimes prosecutions -- disobey."






From rjc at gnu.ai.mit.edu  Wed Jul 20 16:39:11 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Wed, 20 Jul 94 16:39:11 PDT
Subject: Come On
Message-ID: <9407200106.AA07980@geech.gnu.ai.mit.edu>



   The fact that the original moron trivialized the women's roles
in this film as "all they can do is talk on the phone, get
into cat fights, give blow jobs, and kill people by accident"
says more about his attitudes towards women than the response
that followed. It would be like saying "all the men do is drive around
in harrier jets,  deliver stupid one liners, and kill people"

   The fact is, not a single "blow job" was delivered in this movie.
"Cat fight" is a derogatory term for what happened (would you
call what happened in Total Recall with Sharone Stone a "cat fight"?
How many cat fights involve no hair pulling, and punches and kicks
to the face?")  And the "talk on the phone" bit takes up probably 5 minutes
of screen time.

   He also trivialized Juno Skinner's role (she is a villainness), because
she was greedy and did it all for profit.   Well what villain doesn't?
How many hundreds of movies have portrayed the evil Corporate CEO 
out to destroy the world for profit? Is it only when a woman is
potrayed doing it that it becomes taboo? If I was a woman, I'd be
more concerned about this attitude than guys lusting after Jamie
Lee Curtis's body.  What it says is this: Selfish Ambitious
Man = Up and Coming Ruthless Businessman.  Selfish Ambitious Woman = 
gold digging bitch.

   It is arguably  more damaging to women's business success than
"I like Hooters".

   Anyway, I'm surprised that there isn't a feminist witch-hunt
investigating Samdy Sandfort, for his non-pc H.E.A.T. reports.

   As for the crypto-related aspects. The movie did more to show
the *abuses* of wiretaps rather than how great they are at
stopping nuclear terrorists.
















From paul at hawksbill.sprintmrn.com  Wed Jul 20 16:39:43 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 20 Jul 94 16:39:43 PDT
Subject: Time goes mainstream w/ Internet hype
Message-ID: <9407200152.AA09272@hawksbill.sprintmrn.com>



Greets, fellow tentacles.

Just a quick note to alert you to the recent Time issue with the cover:

"The Strange New World of the Internet," subtitled "Battles on the 
Frontiers of cyberspace."

Actually, it's a decent article for the neophyte. It goes into detail on
the Cantor & Seigle (boo, hiss) 'Green Card' spam and even mentions
cypherpunks by name.

- paul






From shamrock at netcom.com  Wed Jul 20 16:40:07 1994
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 20 Jul 94 16:40:07 PDT
Subject: Schneier
Message-ID: <199407200053.RAA09433@netcom.netcom.com>


Tim Werner wrote:

>Speaking of Schneier, I have an upbeat note.
>
>I ordered his book, when it first came out, from the local Borders book
>store.  When I went to pick it up, they told me that if I decided to buy it
>I could not return it, since it was not a book that they would otherwise
>stock.
>
>Today I was there checking out the computer books, and they had a copy on
>the shelf, so I guess it was in enough demand that they decided to stock it.
>
>tw

I have been trying to buy a copy at my local Barnes&Noble for about two
months now, but everytime I go back to check, they "just sold the last
one". They have sold out three shipments in two months!


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger

Please write to clipper.petition at cpsr.org and tell them you oppose Clipper.







From nobody at ds1.wu-wien.ac.at  Wed Jul 20 16:40:11 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Wed, 20 Jul 94 16:40:11 PDT
Subject: Ghio "loses it"
Message-ID: <9407200045.AA17232@ds1.wu-wien.ac.at>


Hi Mathew Ghio. Ask, and you shall receive. You complain about my current
campaign and report that you have shut down your remailer because of it.
My sincere apologies. As I wrote, it is not my intention to sabotage
any remailers. I was sending you messages at a gentle pace (not nearly
as much as you claim for sympathy), but apparently it was too much!

So I will take you off the current mailing list. I'm sorry to see you
go. I may add you in the future at some unspecified time, however.
This will help encourage your inspired and highminded attention to
carefully filtering and screening every incoming message to your remailer
which you have grandly demonstrated.  I think I speak for all other 
members of the Reich in saying that we are proud of your extremely patriotic 
commitment to censorship and upholding our cause.  Any user of your 
highly secure system will surely be flush with pride.

I wish I had more men who are as dedicated as you are. I have grand
plans for my brethen that will soon, very soon, be coming to fruition.
The first few `triggers' are the drastic earth cataclysms (not the
least of which will be Operation Shake-and-Bake in CA, commencing
shortly) that will help plunge the world into an anarchy that is more 
receptive to our way of thinking. The paranoia and deadly cynicism against 
government will help too. But the most important brick of all, of course, 
is the deification of cyberspace.

I would love to expound on these subjects more but I have to keep
a `low profile' at the moment. The time has not come yet.

Thanks again for your contributions.

    . . . . . . . ,,. . . . . . . . . . . . . . . . . . . . . .  ,   ___
   . .//~~~. . //. ./. . //. ./. . //~~\ . . //~~~ . .//~~\. .  /   /
  . .//===. . //. ./. . //===/. . //===/. . //=== . .//===/ .  +===#===+
 . .// . . . .\\__/. . //. ./. . //. \ . . //___ . .//. \. .      /   /
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .    ~~~   '
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From jamiel at sybase.com  Wed Jul 20 17:25:02 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Wed, 20 Jul 94 17:25:02 PDT
Subject: Come On
Message-ID: <9407210024.AA29727@ralph.sybgate.sybase.com>


At  9:06 PM 07/19/94 +0000, Ray wrote:

>   Anyway, I'm surprised that there isn't a feminist witch-hunt
>investigating Samdy Sandfort, for his non-pc H.E.A.T. reports.

Sandy's honest, up front and cool about his HEAT Posts. Speaking
only for me, don't think there is anything wrong with liking bodies.
It's when someone can only see that body and not person in there
that it becomes an issue.

Hmmm, if I could only find a way to make this crypto related.""


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From jamesd at netcom.com  Wed Jul 20 17:49:56 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 20 Jul 94 17:49:56 PDT
Subject: GUT and P=NP
In-Reply-To: <199407191751.KAA23246@netcom4.netcom.com>
Message-ID: <199407210050.RAA15113@netcom8.netcom.com>


Timothy C. May writes
> Another way to put it, there is no evidence, despite some speculation
> by Peter Shor, David Deutsch, Roger Penrose, and others, that any new
> theories of physics will allow "Super-Turing machines" to be built. In
> fact, most physicists discount this kind of speculation. 

Existing physical theories show that Super Turing machines are possible
in principle though very difficult to build in practice.

Such machines will probably not be able to solve NP complete
problems though they will be able to solve some NP problems
such as factoring.

Since such machines do not operate algorithmically, they have
no relevance to the question of whether P=NP, because this
question is a question about *algorithms*.

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From blancw at microsoft.com  Wed Jul 20 18:12:27 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 20 Jul 94 18:12:27 PDT
Subject: Ghio "loses it"
Message-ID: <9407210112.AA13834@netmail2.microsoft.com>


Another article reference:

I think I just saw an image of the new Fuhrer on page 23 of the August 
edition of PCWorld.

Blanc





From rfb at lehman.com  Wed Jul 20 18:23:42 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Wed, 20 Jul 94 18:23:42 PDT
Subject: Tax Evasion Morality
In-Reply-To: <199407200937.AA255947030@relay2.geis.com>
Message-ID: <9407210123.AA10203@fnord.lehman.com>


Yeah, yeah, this has only the most extremely tenuous links to
cryptology.  I'll talk about some free code (GPLed) that I've written
at the end of this message to make up for it.

    From: j.hastings6 at genie.geis.com
    Date: Wed, 20 Jul 94 09:23:00 UTC
    
    - From an individual rights point of view, the assumed government
    "social contract" is bogus because it is not voluntary.

With respect to many taxes, for example income tax in the US, it is
voluntary.  You avoid entering into the social contract very simply:
don't interact with the society.  Actually, you can even play a little
without paying -- very legally -- by never choosing to extract from
society a net income greater than the lowest income tax bracket.  Some
war tax avoiders have done this for decades.  Some even make
reasonable amounts of money and give most of it away.

If you wish to avoid having the negative penalties of the social
contract, you simply avoid accepting the positive benefits.  If you
don't require the society, don't participate in it -- at all.  Any
`income' that you acquire without interacting with society will not be
taxed.  This route is not for everyone.  Most people prefer to enter
into the contract.

Yes, I'm being more than a bit facetious here, but not completely.

I not only respect, but I agree with most of the complaints typically
voiced by the `libertarian' segment here, but the extremes of the
economic arguments are ridiculous.  Some -- certainly not all or even
most -- manage to come off sounding like spoiled teenagers:
``Everything that I have I have completely because of my own doing and
the fact that there's this social structure all around me had nothing
at all to do with it.''

There is a degree to which a social contract is not a completely
unreasonable thing.  Of course, most (all?) government's to date have
gone about a zillion times overboard . . . .

			      * * * * *

Ok, now the cypher connection.  I've been working on, and using, a
package to add PGP support to Emacs-based messaging.  I call it PGP
Enhanced Messaging (PEM), a blatant rip-off of an already used
acronym.  It is initially targeted at doing sign (standard or as an
X-PGP-Signed header), verify signature, encrypt, sign-and-encrypt,
decrypt, extract key block, and insert key block.  Lots more on the
wish list :-)

npgp.el defines region oriented PGP operations.  The process
interaction is different than other packages in that it runs PGP
asynchronously and notices when PGP asks questions and passes them up
to the user.

pem.el defines message oriented operations.  It knows about message
headers and bodies, etc., but is not tied to any specific package.

The user layer is a set of interfaces to other packages.  Currently
there's pem-mhe.el (works with mh-e.el, an interface to MH) and
pem-gnus.el (works with GNUS).  Since pem.el does most of the work,
new interfaces should be relatively easy.  A pem-vm and pem-rmail
would be nice, but they're not my top priority.

If you're interested in Alpha testing let me know.  Basically, it
works fine in my environments (Sparc-10, SunOS-4.1.3, lemacs-19.10 at
work, fsf-19.24 at home), but the first Alpha tester has demonstrated
lots of places where environment differences, different Emacs
customizations, etc. cause problems.

When it's a bit more stable, I'll ask for Beta testers, probably here
and on a newsgroup or two.

			Rick





From CCGARY at MIZZOU1.missouri.edu  Wed Jul 20 18:26:11 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Wed, 20 Jul 94 18:26:11 PDT
Subject: *comeon
Message-ID: <9407210126.AA07820@toad.com>


   Connie Sadler is quite displeased at what Berzerk finds delightful.
I would not call this list a boys' club but the vast majority is male.
People talk to please themselves. This list is statistically unusual.
We have lots of guys, minarchists, anarchists, eccentrics, & tech-
heads. We kinds of people are amused at what berzerk finds amusing. I
doubt that Sadler's principles are offended, but rather her interests.
If fun had been poked at guys then she would have been amused. In the
US women are accorded special rights at being a "victimized group".
There are many places that your interests will be specially catered to.
The Cypherpunks' list is just about as "politically incorrect" as you
can get & we like it this way.
   We are sick of being censored & vilified by society at large. We
also do not like our rights of freedom of association being trampled.
Your demands that your sensibilities be respected is a demand that our
speech be censored.
   We would be quite pleased by any contributions to the Cypherpunks'
cause that you have to offer. But you will not get a good reception
here by demanding rights that you believe are awarded to state
certified "victims" groups.
  Of course, I'm not really familiar with you. Possibly you think of
yourself more as an individual than as a member of a particular group &
possibly you will be an asset to Cypherpunks & your first post was
not representative of yourself. In that case, we would be pleased to
have your company.
                                            Wishing for the best,
                                            Gary Jeffers





From sidney at taurus.apple.com  Wed Jul 20 19:00:52 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Wed, 20 Jul 94 19:00:52 PDT
Subject: *comeon
Message-ID: <9407210201.AA15851@federal-excess.apple.com>


"Gary Jeffers" <CCGARY at MIZZOU1.missouri.edu> wrote:

>We [...] are amused [...]
>The Cypherpunks' list is [...] "politically incorrect" [...]
> & we like it this way.
> We are sick of [...]
> We also do not like [...]
> We would be quite pleased by [...]

Thank you for speaking up for us.

Unfortunately you got it wrong. Unless you were using the archaic royal
"we". Or unless you just forgot to say what "we" you were talking about.

>  Of course, I'm not really familiar with you.

Now you got it right.

 -- sidney markowitz <sidney at apple.com>
  One of the 500+ subscribers to the cypherpunk mailing list.
  Not one of the n who let Gary Jeffers know their personal political and
social philosophies so that he could speak authoritatively for their
collective.









From blancw at microsoft.com  Wed Jul 20 19:28:36 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 20 Jul 94 19:28:36 PDT
Subject: Leaving the Country
Message-ID: <9407210229.AA15334@netmail2.microsoft.com>


>From Duncan:

It is not a matter of tax planning but a matter of psychology.  They 
have convinced you to manage your own oppression because it is cheaper 
and easier if you do it than if they do it.. . . . .

It is possible to reprogram yourself to disobedience. . . .
..................................................

For those who have seen the light of reason, there is still the problem 
of living with the methods used to enforce complicity to the prevalent 
political policy.  Disobedience by itself may psychologically help the 
individual who imagines themselves to be free, but the disadvantage of 
a government administrative clerk's preemption over your own decisions remains.

There is still the need to keep what is one's own, even when there is 
no recognition for the sanctity of the self or of personal property.   
This problem of efficacy in the face of human forces which are moved by 
values contrary to one's own, is what I think of when I imagine what it 
takes to "live among them", considering that there is no longer a place 
to form a new, improved country.

There are some circumstances at a company I know of (!) where they have 
found ways of establishing a "win-win" situation with clients.  It is a 
controversial way of arriving at arrangements which are acceptable to 
all parties  -  I wonder what sort of compromises go on at meetings 
where eventually everyone comes out smiling.   But it is the sort of 
calculating in interpersonal, entrepreneural, and political 
juxtapositions which sometimes appear to be the only way to make 
headway in difficult butt-heading circumstances.

I'm not an advocate of compromising, but I do think that there is much 
material for personal advantage in the study of psychology & cognition, 
as it relates to understanding what one is up against.  The question 
remains, how to navigate in spite of some of these things.

The more that one can live openly in correspondence with the way things 
really, really work,
the better it is for the minds which must live with the actual.  I do 
think an anarcho-capitalist would rather live/work with the actual, 
rather than shrink from it or excuse themselves from the fray (even 
while trying to avoid the obstacles).  Judiciously.

Blanc






From rah at shipwright.com  Wed Jul 20 19:30:38 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 20 Jul 94 19:30:38 PDT
Subject: Response to Duncan
Message-ID: <199407210225.WAA16540@zork.tiac.net>


As usual, I'm putting my oar in where it's not wanted, but the only way I
can figure out how to keep money out of the tax rolls if you're an american
citizen is not to make it here in the first place, and that doesn't work if
you're too aggressive in hiding it from the Uncle.

Forbes seems to think most of this money won't come back.  Since the
corporations are foriegn domiciled, these people get to tell the Feds the
most plausible story. Thrashing my shaky memory of the Forbes 400, the
examples of these people are:

Arneson:  (Princess Cruise Lines) money made on ships flagged in Panama, a
known tax haven. Foriegn crews, for the most part. Americans pay mucho
dinero for booze cruizes aroun' de islands, mon.

The two guys who own Duty Free Stores, Inc. Billionaires. Shaking down
japanese tourists.  One is still an american citizen who flies coach.  The
other ran afoul of the IRS and now has Hong Kong citizenship.  Wonder what
he's going to do in a few years...

Marc Rich.  We know about him. BTW, his wife is in the process of suing him
for divorce, and may get half.  If she can prove what that is.

There was a guy in Texas who made a great big pile in Liberian flagged oil
tankers.  I think he's lost it all by now, though, and we know what
happened to Liberia, anyway.

There's another guy who got into container ships in a big way early.
American President lines, I think.  Like Arneson, he made most of his money
offshore with foreign flagged ships.

Rupert Murdoch.  I believe he's a U.S. citizen now.

Oh yeah.  My favorite. Mr. Soros. The man who made the fastest billion (4
months?) ever.  His corporation is domiciled in the Netherlands Antilles.
He's also foriegn born, and I'm not sure he's a citizen.

The point here is that Tim's right.  You have to take some serious chances
in order to keep your money out of Uncle Sam's hands.  Either you risk the
big fun of a piss-fight with the IRS taking known money out of the country,
or you have to take a chance and make your stash outside the border.  To do
that, you must invest that money with an uncertain return.  If you're in it
for income, which would seem to be Tim's goal right now (it would be mine
if I were in his shoes, anyway, he wants to do other things than play
financial cowboy), putting that money in high risk foreign ventures is not
a good idea.

I have no personal finance credentials to justify any of the above
opinions.  I just read too much and I have a big mouth.  I'll sit down and
shut up now.

Thanks,
Bob Hettinga



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From andy at autodesk.com  Wed Jul 20 19:31:54 1994
From: andy at autodesk.com (Andrew Purshottam)
Date: Wed, 20 Jul 94 19:31:54 PDT
Subject: Was accurate description of movie...
Message-ID: <199407210231.TAA21491@meefun.autodesk.com>


Hi, I hope no one of any race/sex/religion is so offended that
they feel driven away from this list. There is some genuinely
interesting techincal comment amongst the flames, tracts,
rants, and chatter. In the case of the informal
movie review of _True Lies_, the description is quite correct, 
if stated rather coarsely. Rather than hassling the reviewer, you
might like to keep his comments in mind when deciding whether to see
the movie. This said, I went to the movie with several people of
various sexes and nationalities, and they all enjoyed highly, 
though some felt it necessary to express formal dis-approval 
before laughing.

Andy




From hal at martigny.ai.mit.edu  Wed Jul 20 19:32:26 1994
From: hal at martigny.ai.mit.edu (Hal Abelson)
Date: Wed, 20 Jul 94 19:32:26 PDT
Subject: Clipper Chip retreat
Message-ID: <9407210232.AA08923@toad.com>



>From tomorrow's NYT:


    type: NYT (Copyright 1994 The New York Times)
    priority: Urgent
    date: 07-20-94 2114EDT
    category: Financial
    subject: BC CLIPPER CHIP RETREAT
    title: ADMINISTRATION REVERSES ITSLEF ON WIRETAPPING TECHNOLOGY
    author:  JOHN MARKOFF
    text: 

	   In an abrupt and significant reversal, the Clinton
    administration indicated Wednesday that it was willing to consider
    alternatives to its Clipper chip wiretapping technology, which has
    been widely criticized by industry executives and privacy-rights
    groups.

    ...

I'll leave it to someone else to post the entire article, but the gist
is that Gore sent a letter to Maria Cantwell saying that the
administration is willing to consider alternatives to Clipper that are
based upon nonclassified algrithms, and where the escrow agents are
not government agencies.  They still insist on an escrow system,
however.

There's a quote from Marc Rotenberg saying that the escorw requirement
is still unacceptable.





From greg at ideath.goldenbear.com  Wed Jul 20 19:33:00 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Wed, 20 Jul 94 19:33:00 PDT
Subject: *comeon
In-Reply-To: <9407210126.AA07820@toad.com>
Message-ID: <m0qQnkq-0005HjC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


>    We are sick of being censored & vilified by society at large. We
> also do not like our rights of freedom of association being trampled.
> Your demands that your sensibilities be respected is a demand that our
> speech be censored.
>    We would be quite pleased by any contributions to the Cypherpunks'
> cause that you have to offer. But you will not get a good reception
> here by demanding rights that you believe are awarded to state
> certified "victims" groups.

Not bad, Gary - you've managed to manufacture a non-existent consensus
of cypherpunk feeling/opinion from thin air, *and* used it to 
address an argument nobody made in the first place. But what will you do
for an encore?

Seriously, speak for yourself. I'm in no hurry to call the P.C. cops of
either the left or the right wing down on Cypherpunks, but a little bit
of respect isn't so much to ask, either. 


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLi3bdH3YhjZY3fMNAQFebgQApyyZy5lG1tyGcmd/hsmTETIdENT+UzkY
tFkJBx1xCpoe9zJvvm91epu7IRRg/dQ6onwEYoeIc5KzIX4ofOUdJTFyLi3VrOS1
4TvXG7qrXGDegWscI1PBCG2bnE+xREdNsK+SU/eOozQJDIklWT1fJycXNv3uCiMv
xTQq5onY5RA=
=Hj4b
-----END PGP SIGNATURE-----




From frissell at panix.com  Wed Jul 20 20:23:25 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 20:23:25 PDT
Subject: Voice/Fax Checks
Message-ID: <199407210323.AA23357@panix.com>


At 09:19 AM 7/20/94 UTC, j.hastings6 at genie.geis.com wrote:

>"Attention Businesses...Accept Personal and Business Checks Over The
>Telephone (or by fax) for Your Orders, Payments, Collections and
>Donations!"
> 
>If you want more details about this, drop me a note. I have no
>other connection with the company besides the fax from a sales guy,
>so far. Does anyone out there know something about this concept?
>Could this be useful for a digital cash bank interface?

Say that you're selling something and someone says "I'll mail you a check
today."  This lets you say:

"Don't bother.  Take out the check you were going to send me, read me the
routing code and check number on the bottom.  Give me your name and address
and the bank's name and address as they appear on the check, the amount you
will pay and the date.  I'll collect that check electronically without you
having to bother to send it."

They reconstruct the check as an electronic payment order and submit it.  Works.
Even easier if they have a fax of the check.

DCF

Privacy 101 - States without mandatory auto insurance: Alabama, District of
Columbia, Iowa, Mississippi, New Hampshire, Pennsylvania, Tennessee,
Virginia, Wisconsin. (The last time I looked -- updates welcome.)






From zoo at monad.armadillo.com  Wed Jul 20 20:25:12 1994
From: zoo at monad.armadillo.com (david d `zoo' zuhn)
Date: Wed, 20 Jul 94 20:25:12 PDT
Subject: Clipper Chip retreat
Message-ID: <199407210320.WAA22790@monad.armadillo.com>



>From the NY times reports

   The administration is willing to consider alternatives to Clipper that are
   based upon nonclassified algrithms, and where the escrow agents are
   not government agencies.  They still insist on an escrow system,
   however.

   There's a quote from Marc Rotenberg saying that the escorw requirement
   is still unacceptable.

Hmm.  If the escrow agent isn't a government entity, then what sort of
coercion will they have over that agent in order to get the keys in a
timely fashion?

The Cypherpunks Key Escrow Agency could volunteer to be one of the escrow
agents, and upon receipt of a request for their part of an escrowed key,
could act with all of the haste that the Feds seems to consider reasonable
for the CJR and FOIA requests from the cypherpunks community.  

-- 
-  david d `zoo' zuhn  -| armadillo zoo software -- 
--  zoo at armadillo.com --|   unix generalist (and occasional specialist)
------------------------+   send e-mail for more information
  pgp key upon request  +----------------------------------------------------





From frissell at panix.com  Wed Jul 20 20:25:44 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Jul 94 20:25:44 PDT
Subject: Response to Duncan
Message-ID: <199407210323.AA23369@panix.com>


Only solid factual info & techniques to follow...

At 11:49 AM 7/20/94 -0700, Timothy C. May wrote:

>Facile nonsense! (No offense, Duncan.) Marc Rich is a virtual exile in
>Zug, unable to visit the U.S., and with an army of lawyers. I'm far
>from being Marc Rich, in more ways that one, and I have family and
>friends here in the States. Leaving and not being able to return is
>"not an option." 

Marc Rich was born in Belgium and currently holds Spanish citizenship.  He
is free to travel anywhere but the US and has $0.5 Billion in compensation.
I doubt that he misses New York.  It is possible to "internationalize" your
family and friends.  I did it.  It is even easier these days because of
cheap travel and telecoms.  It is unfortunate that the US (and the
Phillipines) claim to tax a national's earnings anywhere on earth but there
you have it.

>(If Duncan's main advice is that I simply "take the money and run," this
>is precisely the "one way street," the not easily reversed decision I
>have said that I may someday take, but not casually 

I'm not really speaking to Tim in these pieces (I'm sure that he can take
care of himself) but to others.  It is quite common for otherwise
sophisticated Americans to avoid thinking about expatriation even though
objectively it may be their best financial move.  I was recently working
with a businessman who has been self-employed and successful since he was a
teenager.  A libertarian, he was heavily involved in Foreign Asset
Protection Trusts (FOAPTs).  But even this guy was jumpy about expatriation
of self and money until he really checked things out.  Americans are too
provincal.

>"Wait ten years" seems to be the key. The IRS considers expats to be
>responsible for U.S. taxes for each of these 10 years (some details
>complicate the issue, but the basic point is that failure to file
>while living abroad is comparable to failing to file here).

However 60% of expatriate Americans don't file.  A high rate of non-compliance.

>I agree that such self-questioning is stupid. What's it got to do with
>the issues here, except to confirm that you, like me, and like a big
>fraction of the subscribers here, are politically incorrect and of an
>independent mind?

The fact that attempts at social control via political correctness dissolve
if you merely refuse to accept them shows a general method of political
resistance.  The technique applies in many situations.  Many control
attempts fail if you do no more than oppose them.  I know it sounds banal
but why don't more people do it?  I read constant pissing and moaning on the
Nets about the big bad government and I see few people trying to demonstrate
a little optimism.  There are so many show stoppers out there that are
guaranteed to get most control freaks to leave you alone:

"My father doesn't believe in sending us to your schools.  He says they are
controlled by communists." -- My daughter used this one.

"I am morally opposed to recycling." -- A real jaw dropper.

"But I'm not a resident of this state." -- Saved a guy I know a $400 fine
and automatic license suspension.

"Where's your warrant." -- Surprising how few people employ this one.

"All this agitprop about spousal abuse is merely an attempt to destroy the
bourgeois family so that it can be replaced by individuals and weak entities
that are dependent upon and hence supportive of the coercive state
apparatus." -- They *really* leave you alone after this one.

>Maybe this has been the crux of the issue in all these round and round
>in circles debates: I have no interest in general ideological
>sloganeering, only in the concrete "nuts and bolts." 
>
>"Cypherpunks write code" has resonances elsewhere.

I know that I am given to rhetoric.  My wife complains about it all the
time.  But words are things too.  They are code.  I do recall that in "Snow
Crash" our heroine employed Jesuit Rhetorical programming to protect herself
against a Sumerian brain virus.  There are "magic words" that will help in
most situations.

I do have quite a few actual techniques (residential ambiguity,
contract/self employment, expatriation both real and virtual, avoidance of
database links or key fields, conventional tax planning, multiplication of
entities, clean team/dirty team, etc.).  I must have talked about all of
these on the list from time to time.

Sandy and I will be doing so again in our virtual privacy seminar coming
soon to a majordomo server near you.  All are welcome.  We invite public
officials to drop by.  Since you are rapidly becoming "market actors" like
the rest of us you can probably use the info.

DCF

"Your children will be vastly richer and freer than you are.  Be sure to
inform them of this fact whenever they complain about life." 








From rarachel at prism.poly.edu  Wed Jul 20 20:41:06 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 20 Jul 94 20:41:06 PDT
Subject: Card Playing Protocol?
In-Reply-To: <940717.141117.4g3.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <Pine.3.05.9407202305.A10662-d100000@prism.poly.edu>



On Sun, 17 Jul 1994, Roy M. Silvernail wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >       D1(E2(E1(Card,eK1),eK2),dK1) = E2(Card,eK2)
> 
> I think I see a problem with XOR here.  Seems to me that D and E are the
> same operation (DE == ED == D^2 == E^2 == 0).  So is this true?
> 
> E1(E2(Card,eK2),OldCardBeforeEncryption) == eK2
> 
> Looks like Alice can cheat pretty easily.  (if I'm wrong here, please
> let me know)

Nope.  Alice's key is not Bob's key, so they can't cancel each other out.
ie:  Say Alice's key is 3 and Bob's key is 7 and the plaintext to encrypt
is 0.

Alice encrypts with her key, you get 3.
Bob encrypts with his key, you get 7.
Both encrypt and you get 4.
Bob decrypts the dualy encrypted message, and he gets 7 again.
Alice decrypts the dualy encrypted message and she gets 3.

But Bob doesn't know what the card is if its encrypted by Alice.
alice doesn't know what card it is if it's encrypted by Bob.
Only when the message is decrypted by one part can the other see it.  But
since you're sending the whole deck, there's no way one of the could cheat.

Now neither Bob nor Alice use XOR as a cypher.  They use a cypher such as
DES or IDEA in a rng mode whose output they XOR to the deck of cards to
encrypt or decrypt.

> Assuming your random number generator is good, this would be faster:
> 
> //shuffle the deck:
> for (i = (4*13+2) - 1; i >= 0; i--)
>  {
>   c1=rand() % (i)   <-- change % (i) into % 54 and I'll agree with you *;
>   swapcards(&cards[c1],&cards[i]);
>  }
> 
> This will randomize the whole deck in one pass.  Remember, though, that

The reason I say this is that you're not really shuffling the cards very
well.  If a card is at the front of the deck, the odds are that it will
remain between the front of the deck and its relative position.  While
larger cards at the back of the deck are likely to swap themselves with
the ones in front just as likely as the ones in the back, this is a bit
one sided.  This is off the top of the my head and what's obvious in crypto
may not be actual, so Kent may want to test this out to see just how random
the shuffle is.

> seasoned card players will notice that this deck doesn't act like a real
> deck.  This is because the traditional method of shuffling doesn't
> randomize the whole pack.  It performs a series of permutations with a
> small random content.  Although slower and far less random, it might be
> a plus to implement a realistic hand shuffle.  Here's a (really) rough
> 10-minute untested hack.  Feel free to optimize it!  :)
> 
> //hand-shuffle the deck
> #define DECK_END 53
> #define DECK_SIZE 54
> int     deck_split, tmp_index, left, right, x, y;
> cardtype    cards[DECK_SIZE], tmp[DECK_SIZE];
> 
> 
> 
> while(passess--) {
>     decksplit = (rand() % 10) + 22);  // split the deck within 10 card
>                                       // of the center.
>     left = 0;
>     right = decksplit;
>     tmp_index = 0;
>     while(left < decksplit && right <= DECK_END) {
>         y = rand() % 4;
>         for(x = 0;x < y;x++) {
>             if(left >= decksplit) {
>                 break;
>             }
>             tmp[tmp_index++] = cards[left++];
>         }
>         y = rand() % 4;
>         for(x = 0;x < y;x++) {
>             if(right <= DECK_END) {
>                 break;
>             }
>             tmp[tmp_index++] = cards[right++];
>         }
>     }
>     for(x = 0;x <= DECK_END;x++) {  // copy the deck back
>         cards[x] = tmp[x];
>     }
> }
> 
> This always drops the left hand cards first, which you might want to
> randomize too.  But if you watch people shuffling cards, you'll notice
> that a given player usually drops one side first.

Yes, but the goal of shuffling is to randomize cards.  If you simulate it,
you're giving seasoned players a bigger advantage with the "odds" :-)  Then
again, the desireability of this is left to the implementor, so Kent you
decide which you want to do.

Seasoned players will prefer the second method, however, this may be less
random, and may infact weaken the security given by the protocol and
encrypting the deck because they may "guess" where the cards are likely to be.

Other issues: should the deck be reshuffled after each hand is played, or
should it continue to be used for the next few hands?  In "real" poker you
reshuffle occasionaly (anyone know the actual "rule" for this?)

Someone may build a good algorith to play poker.  You have no way of knowing
that you're playing against a machine or a human.  However, in the least you
can be sure that the machine can't cheat.  Though you could train it to be
very smart and keep track of every card that's been played and have it
calculate the odds for each next hand.  Casual players won't match this
"skill" but pros will.







From jamesd at netcom.com  Wed Jul 20 20:55:29 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 20 Jul 94 20:55:29 PDT
Subject: Response to Duncan
In-Reply-To: <199407210323.AA23369@panix.com>
Message-ID: <199407210355.UAA16951@netcom9.netcom.com>


Duncan Frissell writes
> Only solid factual info & techniques to follow...
> 
> ...
> 
> There are so many show stoppers out there that are
> guaranteed to get most control freaks to leave you alone:
> 
> ...
> 
> "But I'm not a resident of this state." -- Saved a guy I know a $400 fine
> and automatic license suspension.
> 
> "Where's your warrant." -- Surprising how few people employ this one.
>
> ...
> 

Very true.  Duncan knows of what he speaks.

And another two good ones are:

"You have no probable cause to believe that a crime has been committed. I
wish to leave now!"

"This is unnecessary force!"

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From ifarqhar at laurel.ocs.mq.edu.au  Wed Jul 20 20:58:35 1994
From: ifarqhar at laurel.ocs.mq.edu.au (Ian Farquhar)
Date: Wed, 20 Jul 94 20:58:35 PDT
Subject: Clipper Chip retreat
In-Reply-To: <9407210232.AA08923@toad.com>
Message-ID: <199407210356.AA27526@laurel.ocs.mq.edu.au>


>I'll leave it to someone else to post the entire article, but the gist
>is that Gore sent a letter to Maria Cantwell saying that the
>administration is willing to consider alternatives to Clipper that are
>based upon nonclassified algrithms, [...]

There are three of ways they could proceed from here.  The first is
to declassify SKIPJACK, which would (IMO anyway) be another welcome
boost for civilian crypto, in that it would be the chance to see
and analyse a NSA-designed cryptosystem.  For that very reason,
I doubt that they will do it.  (Small aside from another field: it will be 
_very_ interesting to compare the old SHA to the revised version.  One of
the reasons I suspect that the problem is quite significant is simply
because they have decided to revise it and run the risk of invoking
comparitive research which may disclose design techniques or methods
of attack.  If the later option is the lesser of two evils, I would
guess that it is a nasty hole indeed.)

The second would be to take an existing commercial cipher, and to
sanctify that as their recommended algorithm.  Again, assuming that
they selected a properly secure algorithm, the very features of the
algorithm they chose would be another point of interest.  This is
the least favorable option.

Their final option would be to release another cipher, but with a
reduced keysize or key entropy.  Not the best solution, but one
which I have a nasty suspicion will happen.

						Ian.




From nobody at c2.org  Wed Jul 20 21:07:09 1994
From: nobody at c2.org (Random H0Z3R)
Date: Wed, 20 Jul 94 21:07:09 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <199407210405.VAA07049@zero.c2.org>


Hello. I've been on this list for a long time and noticed some disturbing
correlations between Perry Metzger's and Detweiler's posts. Now, bear with
me on this. First of all, has anyone noticed how Perry flames Detweiler
with the most rabid virulence of anyone? But what is more interesting
is that his flames are always kind of lame. They don't have any cutting
comebacks. They're just filled with ad-hominem insults.

Now, if you recall how Detweiler was posting under tmp at netcom.com to the
newsgroups, he intentionally poisoned the reputation of one of his tentacles,
"Beavis Butthead", by having it hurl nasty insults, nasty words, and wallow
in degrading thoughts. That way, to ridicule a position he finds abhorrent,
he has Beavis take the position. An interesting "reputation cancellation"
effect occurs, quite like in Shakespearan prose when a slow-witted rioter
says, "First, let's kill all the laywers". Its a literary device.

So Detweiler, posting from Perry Metzger's addess as a "tentacle", is 
accomplishing several things. First of all, he hasn't been discovered since 
the inception of the list. And by flaming Detweiler tentacles so hotly, he 
maintains the illusion of being a distinct enemy, someone else who is repulsed 
by Detweiler stuff. And he's been more effective in starting massive flamewars
than Detweiler ever was. (In fact, when Detweiler was on the list under his
own name, they got into heated arguments over ridiculous issues no one
else cared about like "changing the cypherpunk name to something less radical").
But most of all, he has a "negative tentacle" to talk about ideas that he
really detests, and causes other people to detest by association.

Moreover: Have you noticed that "Perry" rhymes with "Larry"? And that "Lehman" 
(where he posts from) starts with "L"? And sounds a little like "madman"? 
Also, Perry talks about stock trading and digital cash. I think this reflects 
Detweiler's well-known interest in digital cash (he posted to the imp-interest
list for a long time). And Detweiler liked to smirk at Perry being the same as 
Parry, the paranoid AI computer program simulation!  I think he *built in*
this insult by design! It's his little "inside joke"!

Makes you wonder, eh? And has anyone actually MET Metzger?
I mean, of the people we can TRUST? He's in New York and has had NOTHING
to do with the CA cypherpunk meetings. And it's possible that the Metz
part of his name is just based on the NY Mets baseball team! Another
little "piece": he has been on the list forever, even when Detweiler
leaves (but always comes back). Detweiler is *known* to be drawn to this
list "like a moth to a flame". I think he was only *pretending* to go
away to start a flamewar while sticking around as Perry (and post from
Perry to help heat up the flamewar as he "left").

He reminds me of Sternlight. No one likes him. He has no reputation. But
he's immensely effective in starting massive flamewars. Detweiler loves
to hurl the ad hominem stuff all over talk.politics.crypto! Metzger
has *got* to be a Detweiler tentacle. It makes perfect sense. I've listed
far more reasons than those for Kragen (who I wasn't sure about).

I have heard of other reasonable-minded people leaving because of the
Perry flames, anyway. At least I hope the Perry-tentacle will tone down the 
routine scathing ad hominem face-slapping routine and posting lame drivel
no one cares about. Demonizing people rarely serves anyone's best interests.

BTW, I don't like what has been going on the list where there are anonymous
attacks on people in the list. Do we really want to bring this kind of
toxic rumormongering into cyberspace? If we had some reputation systems
our remailers would probably be less dangerous. In fact, that inspires
a Zen of Cyberspace joke:

Q. If a remailer is yin and a reputation system is yang, what is Yin without
Yang?

A. The sound of one hand clapping.

Voila! <g> Gotta run. Bye.






From jamesd at netcom.com  Wed Jul 20 21:13:58 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 20 Jul 94 21:13:58 PDT
Subject: *comeon
In-Reply-To: <9407210126.AA07820@toad.com>
Message-ID: <199407210414.VAA19681@netcom9.netcom.com>


Connie was being silly and bitchy.

If Bezerk had launched an attack on women she would have
been entitled to be offended, and could have answered him
instead of demanding that he be silent.

He did not attack women.

He said that he enjoyed the films representation of woman
as dumb incompetent sex bimbos.

Connie was offended that he should enjoy such a thing.

Tough shit Connie.  Lots of people enjoy stuff I don't like either.

You could complain that the film is false - but then you would look
like an even bigger idiot because the film makes not the slightest
pretence of being realistic.


 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From hfinney at shell.portal.com  Wed Jul 20 21:19:24 1994
From: hfinney at shell.portal.com (Hal)
Date: Wed, 20 Jul 94 21:19:24 PDT
Subject: Card Playing Protocol?
Message-ID: <199407210420.VAA17487@jobe.shell.portal.com>


My system has been up and down last couple of days, and what with this
and the small downtime on toad.com I'm not sure if my message got through
on Karl's idea to use blackjack as an example crypto based card game.

First I'll mention that I was browsing rec.gambling this morning and I
saw several references to poker games being played over IRC.  They had
an init file posted which defined macros so you could say "/raise",
"/fold", etc.  This might be something which could be incorporated into
a good crypto-strong version.  (A corollary would be to hack the existing
code so you could win every time if possible.  I believe they are relying
on a trusted server at a well-known host.)

The point I had made earlier about blackjack was that Karl's idea is good
if there is just one player and one dealer.  The dealer shuffles and
publishes a hash of the deck so that he is commited to it.  Then they
play through the deck.  At the end the player can confirm that the hash
of the played cards in sequence matches that originally published.  Since
the dealer has no discretion in blackjack this works well and it is much
simpler than the more general protocols.

The one problem I saw was that if there were more than one player, the
dealer and one or more players could collude to cheat the other players.
The dealer could tell his players what the upcoming cards were, and they
could hit or stand in such a way as to hurt the other players.  The sol-
ution I proposed was a little bit complicated, but still quite a bit
simpler than the full-generality card-playing protocols, I think.  You
just have the players and dealer cooperatively choose the next card to
be played via a joint coin-flipping-type algorithm.  By using the English
version of blackjack, in which all cards can be dealt face-up, everyone
learns each new card at once and there is no opportunity for any players
to know what the cards will be ahead of time.

Of course, blackjack is not nearly as popular as poker, so perhaps a
more general implementation is desirable for this reason.

Hal





From nelson at crynwr.com  Wed Jul 20 21:42:33 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Wed, 20 Jul 94 21:42:33 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407200937.AA255897028@relay2.geis.com>
Message-ID: <m0qQq4L-000I7UC@crynwr.com>


   From: j.hastings6 at genie.geis.com
   Date: Wed, 20 Jul 94 09:19:00 UTC

   "Attention Businesses...Accept Personal and Business Checks Over The
   Telephone (or by fax) for Your Orders, Payments, Collections and
   Donations!"

   Could this be useful for a digital cash bank interface?

Sure could.  Problem is that they charge something like $2 per check
they write for you.  Makes it hard to deal with small amounts.

Other problem is that people are resistant to give you their checking
account number.  Yes, it's no worse than actually sending a check, but
who ever said that people were rational?

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From mclow at san_marcos.csusm.edu  Wed Jul 20 22:28:12 1994
From: mclow at san_marcos.csusm.edu (Marshall Clow)
Date: Wed, 20 Jul 94 22:28:12 PDT
Subject: NYT Article on Clipper Chip Retreat
Message-ID: <aa53c1cb0102101ec22f@[144.37.1.117]>


Taken from the New York Times on America Online:
--------------------------------------------------
7/21:ADMINISTRATION REVERSES ITSELF ON WIRETAPPING TECHNOLOGY

By JOHN MARKOFF

c.1994 N.Y. Times News Service

In an abrupt and significant reversal, the Clinton administration indicated
Wednesday that it was willing to consider alternatives to its Clipper chip
wiretapping technology, which has been widely criticized by industry
executives and privacy-rights groups.

In a letter Wednesday to a congressional opponent of the technology, Vice
President Al Gore said that the administration was willing to explore
industry alternatives to Clipper, a system designed in secrecy by National
Security Agency scientists.

Intended as a way to let people scramble their electronic conversations -
but retain law-enforcement agencies' ability to conduct court-authorized
wiretaps - the Clipper chip was introduced by the administration in April
1993 as the government's preferred method for communicating in secret code
in the era of computerized digital electronics. Such coded communications
use hardware and software known as encryption technology.

Critics have said that because Clipper is classified, there is no way to
verify whether the nation's intelligence agencies have embedded a secret
electronic "backdoor" in the Clipper design that might allow for
unauthorized government spying.

And software and computer industry executives have worried that the
government would use its Clipper preference as a way to block exports of
hardware and software products using other commercially available - and
more popular - encryption methods.

But Gore's letter is the apparent result of a compromise with Rep. Maria
Cantwell, D-Wash., who recently introduced legislation that would have
significantly relaxed controls on the export of encryption software.

Ms. Cantwell said she welcomed the vice president's willingness to
compromise. "I view this as going down a new path, with a new set of
criteria," she said Wednesday. "This has been driven by private industry
and privacy groups."

A number of people in the computer industry and in privacy-rights groups
who had read Gore's letter to Ms. Cantwell said that it indicated that the
Clipper chip plan might now be abandoned - at least for anything beyond
basic telephone calls.

As for computer communications and video networks, Gore's letter said, "we
are working with industry to investigate other technologies for those
applications."

Some industry executives hailed the news.

"I think this is great," said Nathan Myhrvold, vice president for advanced
technology at Microsoft Corp., the nation's largest software publisher.
"Maria Cantwell has gone head-to-head with the powers-that-be and they
blinked. The Clipper chip is dead at least for any kind of data stuff."

Microsoft has been one of a wide range of U.S. high technology companies
that have been fighting the administration over the Clipper chip and export
control policies. Software publishers have argued that stiff controls on
the export of coding software hamper them in international competition.

Still, while the administration is now willing to compromise on its
original proposal that became a de facto national standard, it is not ready
to compromise on a principal Clipper feature, known as key escrow.

The original Clipper system called for a two-part key for decoding
scrambled conversations. These two parts of the key - actually two large
numbers - are to be held by two independent government agencies.

Under the plan, when a law enforcement agency had a legally obtained
warrant to listen to a conversation that had been coded by Clipper, it
would obtain the keys from the separate agencies. By merging the keys, it
could obtain a key that would successfully unlock the coded conversation.

Gore's letter said that any industry-proposed alternative to Clipper
accepted by the administration would need to have a key-escrow component.
But the escrow agents need not be government agencies - a proviso of the
Clipper system that had raised concerns over excessive government intrusion
and made it seem unlikely that foreign customers would want to buy
Clipper-based communications products.

Other concessions by the administration include a willingness to consider
an encryption system based on nonclassified mathematical formulas that
would be subject to testing and evaluation by industry experts. The
administration is also willing to let products containing this encryption
system be eligible for export.

The government's National Institute for Standards and Technology recently
licensed such a system from a computer scientist at the Massachusetts
Institute of Technology. It could become the basis for a Clipper
replacement.

Not all Clipper critics were ready to endorse the new plan. Marc Rotenberg,
director of the Electronic Privacy Information Center in Washington, said
the vice president's letter was a step in the right direction but still did
not resolve a critical concern.

"We cannot accept the key-escrow requirement," Rotenberg said. "This will
undermine the security of the encrypted messages. The privacy risks are
enormous."

But administration officials portrayed the reversal as a fresh start that
indicated their willingness to work with industry and privacy groups to
build a consensus.

"This is a clarification of our goals and our willingness to work with
industry," said Greg Simon, chief domestic policy adviser to the vice
president. "There has been a lot of static on the line between industry and
the administration."





Transmitted:  94-07-20 23:07:46 EDT

Marshall Clow
Aladdin Systems
mclow at san_marcos.csusm.edu







From ebrandt at muddcs.cs.hmc.edu  Wed Jul 20 22:31:44 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Wed, 20 Jul 94 22:31:44 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <199407210405.VAA07049@zero.c2.org>
Message-ID: <9407210531.AA23445@muddcs.cs.hmc.edu>


> He reminds me of Sternlight.

You know, my reputation system tells me you're a flame-baiting twit,
and a pretty poor one to boot.  Go bother "cypherwonks" for a while.

> In fact, that inspires a Zen of Cyberspace joke:
> 
> Q. If a remailer is yin and a reputation system is yang, what is Yin without
> Yang?
> 
> A. The sound of one hand clapping.
> 
> Voila! <g> Gotta run. Bye.

You'd exercise our reputation systems better if you didn't drop these
broad hints as to your identity.

   Eli   ebrandt at hmc.edu




From norm at netcom.com  Wed Jul 20 22:35:15 1994
From: norm at netcom.com (Norman Hardy)
Date: Wed, 20 Jul 94 22:35:15 PDT
Subject: Triple encryption...
Message-ID: <199407210535.WAA08275@netcom.netcom.com>


At 00:18 1994/07/16 -0400, DAVESPARKS at delphi.com wrote:
...
>IMHO, that "middle" machine would be far more complex and expensive than the
>other two. A MITM attack might, theoretically, take only twice as long as
>attacking a single layer, the cost of doing so would be much more than twice
>as large.  Anyone care to estimate what the cost of the RAM alone for the
>"MITM interface" machine would be?  Let's see, for two 56 bit beys, you'd
>need storage for 2^57 blocks of 8 bytes each, or 2^60 bytes.  At $40 per Mb,
>or so, that would come to ... let's see ... $4 * 10^51 for memory alone.  And
>once the list of blocks started growing as the attack progressed, could the
>interface processor keep up with the other two, in real time?  Massively
>parallel processors might speed both ends of the attack, but the "database
>comparison phase" would be the real bottleneck, IMHO.
...
DAT tape, not RAM, I think. At $5 per GB I get $5*10^11 to hold the info.
MITM requires a sort of this which requires roughly log(10^20) passes with
a favorable constant. This will wear out a bunch of DAT drives but that is
relatively minor. This is about an order of magnitude bigger than a project
that I considered once to find the optimal solution to the Rubics cube.







From nobody at ds1.wu-wien.ac.at  Wed Jul 20 23:02:03 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Wed, 20 Jul 94 23:02:03 PDT
Subject: Detweiler vs the 'Paranoids'
Message-ID: <9407210601.AA24915@ds1.wu-wien.ac.at>


"Berzerk" wrote:

> I am orginizing the psudo-tenticles off detweiler club for 
> people who have been labeled tenticles of detweiler by paradoids 
> on this list.

How 'bout a club for everyone who's been called "paranoid" (or 
"paradoid", whatever that is -- a new geometric shape?) on this 
list?  Being "paranoid", BTW, doesn't make you wrong ALL of the 
time about EVERYTHING...





From rjc at gnu.ai.mit.edu  Thu Jul 21 00:08:11 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Thu, 21 Jul 94 00:08:11 PDT
Subject: was an accurate description of movie...
Message-ID: <9407210708.AA15380@geech.gnu.ai.mit.edu>




   Well, this is my last post in this thread since it is becoming
quickly obvious that I may not be able to convince you and there
isn't much relevance to cypherpunks except the "wiretap propaganda"
of the movie, but you say that the original poster's "review" of the movie 
was an accurate description.  If that is so, I challenge you to find the
so-called "blow job" scene in this movie. I also challenge you to find
the scene proving Omega had a "blanket order" to wiretap. Tom Arnold
tells Arnie's character atleast twice that what he is doing (wiretapping
his wife) is *illegal*. Secondly, the movie does not show that SIGINT
was needed to stop the nuclear terrorists. It was HUMINT and the
breakin in the beginning of the movie that was used to gather the
intelligence neccessary. The entire movie was a comedy without a serious
bone in it and I certainly don't think it was intended as pro-government
wiretap.

   Finally, there is the subtle implication that making Arabs the enemy 
was a racist intention. There are a plethora of reasons why this was
done other than racism. For 40 years, the enemy in our movies and
culture was the USSR. Now that the USSR is gone, the only new enemies for
Hollywood are either Columbian drug lords, corporations, or Islamic
fundamentalists. It's not because they are Arabs, but because
the middle east is the current hotbed of conflict, and Arab funded
terrorists can and do plant bombs around the world. (one exploded
the other day in South America) The PC crowd has a habit of jumping
to conclusions before examining the facts. (did you know that
the last four disney movies were racist pro-nazi propaganda?
Check out the old threads in rec.arts.movies and rec.arts.animation.
Or look at the hoopla over Basic Instinct)

   All I can say to people is go to the movie and judge for yourself.
Just remember that Arnie is a libertarian leaning Republican (one of
the few in Hollywood) and that James Cameron is known for making
movies which are decidedly pro-women with characters like Ripley and
Sarah Connor.








From nobody at soda.berkeley.edu  Thu Jul 21 00:16:49 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Thu, 21 Jul 94 00:16:49 PDT
Subject: no subject (file transmission)
Message-ID: <199407210716.AAA03815@soda.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

This is a dumb question, but where can I get info on how key
escro works?

No, I am not championing clipper, just curious on this idea of
key escrow.

BTW:  here is my PGP key, so that a tentacle or minion of SOMEBODY
does not use my identity. ;-)

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi4uAxoAAAEEAODNXIRJh7tu9MwBblaTxT2i1TRRn+HSxaVJ3IER4Yyl7aei
4pSt1anvxf0ZW+5tSdN6MFjUbYsioji8+DmXbnFoTTNtTIu5gE9TNYmF1pjpi8as
HlvinbVbOUtZp8KENhfHOWkVtTqRmapTxXH0Ji6yxImo8jsb204+28KmzpWFAAUX
tAlDeWJlcmR1bmU=
=l+xa
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLi4HQk4+28KmzpWFAQF49gP+Ms9+Hz71enBuA5Z4OCwbjcqcCCuyoIE4
AHqAKZeBPukqUdtrBZH3j8bdVP8i+8UKack3EnxfJXz+T8b010J52bIpP0deMw+l
vtYXB1dSUIamIL9W7HP+V6ghbk1DKgyFmUTk0qWe0jad5RODW3IVquTCB6jMDSHX
iwrzqiquY1U=
=iaDb
-----END PGP SIGNATURE-----

------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%ES^P;+]AB?X9TW6\8WR:RP&2$59PH9(D5\+J5R.&*'OJ%/+7CSM):,
MHR*%41?,$L`(2]NQW&5EF7*TTG"8=]"T<J0;JUR9_(()X7 at 4#8?5L+O$$:,\
$P#BH5P``
====Encrypted-Sender-End====





From rjc at gnu.ai.mit.edu  Thu Jul 21 00:46:14 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Thu, 21 Jul 94 00:46:14 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407210746.AA15446@geech.gnu.ai.mit.edu>



 No, no.  You've got it all wrong. Perry is really the brother of Tom
Metzger, publisher of W.A.R. or White Aryan Resistance. The whole
organization is financed by Tim May and Perry is the W.A.R. liaison
to Tim. They use cryptography to avoid FBI investigation of their
organization. Detweiler is really a federal agent. His idiocy
is really a cover for his crisp deductive ability which he uses
to investigate people on cypherpunks.

  Proof of Tim May's racism is his use of the word "black" in
his blacknet essay. Why not whitenet? Tim has also been caught
attacking the government's AFDC program and we all know that's a sure
sign of racism. Finally, if you're not convinced, look at Tim's
pseudonym, "Klaus von Future Prime" That's proof of his
pro-german-nazi attitude.

  I'm sending this message to you privately because if it ever
got out that I told you all this, Tim May would take out a contract
on my life. Hitnet really exists; Tim's satires on it are merely
a cover just like the War of the Worlds broadcast!


thguoht I naht tiwt reggib a era uoy siht fo yna eveileb uoy fi

-information highway patrol, making the net safe from assault speech









From rah at shipwright.com  Thu Jul 21 04:20:14 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 21 Jul 94 04:20:14 PDT
Subject: Voice/Fax Checks
Message-ID: <199407211118.HAA20691@zork.tiac.net>


At 10:52 PM 7/20/94 -0400, Duncan Frissell wrote:

>"Don't bother.  Take out the check you were going to send me, read me the
>routing code and check number on the bottom.  Give me your name and address
>and the bank's name and address as they appear on the check, the amount you
>will pay and the date.  I'll collect that check electronically without you
>having to bother to send it."

This is exactly the problem we're having with identifying a market for
digital cash. There's no unique selling proposition besides privacy. There
are too many real good substitutes, like this one for checks. E-mail with
the above information in it can be encrypted and signed, and would be
secure enough to make a real good check in its own right. This is like my
favorite quote (in InforWorld) about Macs: "It seems that 85% of the market
will settle for 75% of a Macintosh."

By no means take this to mean that digital cash isn't going to make it.  I
figure all e$ now, including the encrypted check above, is kind of like
aviation was in the beginning.  It's really cool that that it works, we can
make some pretty good guesses as to its possible uses, but nobody's built
the "DC-3" which proves once and for all its commercial necessity.  I
expect that the only way to find out whether digital cash is gonna make it
on it's own is when someone risks a small pile and implements it.  Let the
devil take the hindmost, more guts than brains, and all that.  It looks
like maybe that's what Chaum and Co. is going to try to do, with this test
of theirs.  Has anyone out there been contacted about it yet?

Cheers,
Bob


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From rfb at lehman.com  Thu Jul 21 04:51:37 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 21 Jul 94 04:51:37 PDT
Subject: Clipper Chip retreat
In-Reply-To: <199407210320.WAA22790@monad.armadillo.com>
Message-ID: <9407211151.AA21922@fnord.lehman.com>


    Date: Wed, 20 Jul 1994 22:20:19 -0500
    From: "david d `zoo' zuhn" <zoo at monad.armadillo.com>

    >From the NY times reports

       The administration is willing to consider alternatives to
       Clipper that are based upon nonclassified algrithms, and where
       the escrow agents are not government agencies.

    Hmm.  If the escrow agent isn't a government entity, then what sort of
    coercion will they have over that agent in order to get the keys in a
    timely fashion?

My guess is that this means that a ``quasi-government corporation''
would be acceptable to the administration.  In other words, they're
willing to play word games in an attempt to placate people as long as
they get what they were after in the first place.

			Rick





From rfb at lehman.com  Thu Jul 21 05:17:13 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 21 Jul 94 05:17:13 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <199407210405.VAA07049@zero.c2.org>
Message-ID: <9407211216.AA22327@fnord.lehman.com>


    Date: Wed, 20 Jul 1994 21:05:10 -0700
    From: Random H0Z3R <nobody at c2.org>

    [ much silliness deleted ]

    Moreover: Have you noticed that "Perry" rhymes with "Larry"? And
    that "Lehman" (where he posts from) starts with "L"?

Get with the program.  Perry hasn't posted from Lehman for some time
now.

    Makes you wonder, eh? And has anyone actually MET Metzger?

Yes.

			Rick





From perry at imsi.com  Thu Jul 21 05:38:56 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 21 Jul 94 05:38:56 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <199407210405.VAA07049@zero.c2.org>
Message-ID: <9407211238.AA04209@snark.imsi.com>



Random H0Z3R says:
> Hello. I've been on this list for a long time and noticed some disturbing
> correlations between Perry Metzger's and Detweiler's posts. Now, bear with
> me on this. First of all, has anyone noticed how Perry flames Detweiler
> with the most rabid virulence of anyone?

[Rest of Detweiler's message claiming that I'm really him elided.]

Unfortunately for you, Mr. Detweiler, I'm personally known to dozens of
people on this mailing list. I've physically met very large numbers of
people. I'm also not given to long and extremely boring messages.

.pm





From m5 at vail.tivoli.com  Thu Jul 21 05:44:21 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 21 Jul 94 05:44:21 PDT
Subject: GUT and P=NP
In-Reply-To: <199407191751.KAA23246@netcom4.netcom.com>
Message-ID: <9407211244.AA16861@vail.tivoli.com>



James A. Donald writes:
 > Existing physical theories show that Super Turing machines are
 > possible in principle though very difficult to build in practice.

That's the understatement of the year.

 > Such machines will probably not be able to solve NP complete
 > problems though they will be able to solve some NP problems
 > such as factoring.

Huh?

 > Since such machines do not operate algorithmically

This statement is exactly wrong.  Such machines *define* a class of
algorithms.

 > they have
 > no relevance to the question of whether P=NP, because this
 > question is a question about *algorithms*.

And this one.

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From lstanton at sten.lehman.com  Thu Jul 21 07:04:06 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Thu, 21 Jul 94 07:04:06 PDT
Subject: Leaving the Country
In-Reply-To: <199407201118.AA03940@panix.com>
Message-ID: <9407211404.AA24126@sten.lehman.com>


frissell at panix.com (Duncan Frissell) <199407201118.AA03940 at panix.com>writes:
  > unemployed," you can move easily and your assets can be fairly easily
  > converted to cash.  You might lose on your real property (depending on when
  > you bought) but that has always been the downside of property.

This is a problem. The capital gains / alternative minimum tax hit is gruesome.

  > I know you like the Bay Area (as do I) but the net is there in Switzerland
  > and the interface improves from year to year.  If you want to do things
  > strictly legally, expatriate, secure a second citizenship, renounce your US
  > citizenship, wait ten years, and you'll be able to visit the US for up to
  > 180 days a year.  You could take this step given your situation but I know
  > it can be a big one.  Consider though if your US citizenship is worth so
  > many $thousands/year plus a hefty chunk if you die (extropians isn't the
  > same without you).

I agree of the inheritance tax question, but there is still a problem. The only
stock markets that I know well enough to be comfortable investing in are in the
US. That will not magically change just because I get citizenship somewhere
else, and that still leaves me liable for US tracking and taxes.

  > When the IRS knocked on the gate of Heinlein's place at 5000 Bonny Doone
  > Road (or was that 26000?) above Santa Cruz, he told them to get lost and
  > write to his attorney.

The forfeiture laws were weaker then.

  > It is possible to reprogram yourself to disobedience.  I am not particularly
  > a "tough guy."  On a day-to-day basis I'm reasonably chicken.  But their
  > culture of oppression infuriates me more than anything.  I can use that fury
  > to turn down the job of self-jailer that they offer to each of us.

That's not really it. I have no moral problems with tax evasion, just pragmatic
ones.

  > We are still in the Rev 0.99a Alpha testing stage.  The interface is a bit
  > rough and since it's a Windows app we do have "General Protection Fault"
  > problems.  When you're out on the "bleeding edge" of technology, you
  > sometimes bleed.

I respect your efforts in this area, and don't want to give the impression that
I do not take your advice seriously. However, it is too bleeding edge for someone
with a family, IMHO.





From talon57 at well.sf.ca.us  Thu Jul 21 07:12:06 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Thu, 21 Jul 94 07:12:06 PDT
Subject: Cypherpunks in WIRED
Message-ID: <199407211411.HAA24319@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

 There is a great article in the August (2.08) Wired on Satellite
Pirates, we are mentioned as well as PGP...

Exerpt from wired issue 2.08 August " Satellite Pirates"

Lesson Number Four: Encryption protects little guys better then big
guys. When a scrambled TV signal is sent to millions of decoder
modules, that signal becomes easy pickings. When two individuals
exchange a brief encrypted message, that message is relativly
secure. Video pirates have started test running PGP (Pretty Good
Privacy, the "peoples encryption software") to protect private
messages that they exchange via their bulletin boards. This doesn't
just put the pirates on equal terms with the programmers, it gives
them an edge. Cypherpunks have promoted PGP as protection from a
potential state, while the Clinton administration sees it as more
of a threat to law and order. Evidently, both sides are correct,
but there no point in arguing about it anymore. The genie is out of
the bottle.


 This article is highly recommended! The two principles in the
story operate out of the Bahamas, they distribute the "magic codes"
through a nationwide series of BBS's. The "Chipped" decoders are
set to dial there local BBS!


reaching for my eyepatch and a bottle of rum!



Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLi6A9tCcBnAsu2t1AQFdhAP6AwtUkFZJjZmDqotMs+GZuYWy5TspMOJ/
EBvitiLnSAiAfSIRK6JvBp8dUTmV1mIW6eDvBx/itGOTb/Ne3wChZYMB0bDaYTMb
1ajxbWX8w/ojthsnFZ++GmifB/EAJxHrHzgx6pQPRoPXieJSb15DYNat/OPmEArt
s1dHe4uduHc=
=E61m
-----END PGP SIGNATURE-----





From jya at pipeline.com  Thu Jul 21 07:27:12 1994
From: jya at pipeline.com (John Young)
Date: Thu, 21 Jul 94 07:27:12 PDT
Subject: Computer snoopers
Message-ID: <199407211426.KAA08341@pipe1.pipeline.com>


The NY Times today has long Peter Lewis article on computer 
snooping at military sites.  It makes an interesting 
counterpoint to the NY Times article today on Clipper's 
ostensible travails.

Many klaxons tooted about lack of security on Internet:

Quote:  This is the place where the first information Chernobyl 
will happen.

Quote:  . . . raised the specter of information assassins, 
highly skilled programmers who work for foreign governments, 
rival corporations or organized crime, who exploit computer 
security weaknesses to manipulate the stock market, hide 
drug-money transactions, or destroy the data bases of financial 
instiutions.

Quote:  There are people coming onto the net who don't have the 
same high ideals and goals, and who are willing to abuse the 
rights of others.  I have likened it to selling swamp land in 
Florida for vacation homes.

And more on how lack of security relates to national encryption 
policy and issues.








From gtoal at an-teallach.com  Thu Jul 21 08:00:31 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 21 Jul 94 08:00:31 PDT
Subject: *comeon
Message-ID: <199407211325.OAA12846@an-teallach.com>


> > We are sick of [...]
> > We also do not like [...]
> > We would be quite pleased by [...]

> Thank you for speaking up for us.

> Unfortunately you got it wrong. Unless you were using the archaic royal
> "we". Or unless you just forgot to say what "we" you were talking about.

Seconded.  Gary Jeffers does not speak for me.  Tim May does not speak
for me.  Roger Bryner most certainly does not speak for me.  L.Detweiler
not only doesn't speak for me, he doesn't even speak for himself :-)  The
only person who speaks for me here is me, and I'd like to keep it that way.

Also (not related to the postings above) whenever anyone speaks to the
press, *please* try to convey you're a member of this list speaking
personally, and not speaking for the list.  Even if the journalist
deliberately ignores you when he writes it up, I'd like folks to make
the effort first.

G





From solman at MIT.EDU  Thu Jul 21 08:15:13 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 21 Jul 94 08:15:13 PDT
Subject: No more Cantwell amendment? was Re: Clipper Chip retreat
In-Reply-To: <9407210232.AA08923@toad.com>
Message-ID: <9407211514.AA08382@ua.MIT.EDU>


> 	   In an abrupt and significant reversal, the Clinton
>     administration indicated Wednesday that it was willing to consider
>     alternatives to its Clipper chip wiretapping technology, which has
>     been widely criticized by industry executives and privacy-rights
>     groups.
> 
> I'll leave it to someone else to post the entire article, but the gist
> is that Gore sent a letter to Maria Cantwell saying that the
> administration is willing to consider alternatives to Clipper that are
> based upon nonclassified algrithms, and where the escrow agents are
> not government agencies.  They still insist on an escrow system,
> however.
> 
> There's a quote from Marc Rotenberg saying that the escorw requirement
> is still unacceptable.

The article implied that in exchange for this, the Cantwell amendment had
been scrapped. This was far more important, IMHO. The government never had
a chance to impose that silly chip. But threatening prison to people who
export crypto is extremelly painful to people trying to build businesses
based on things that use cryptography.

Has the government ever actually prosecuted somebody for exporting crypto
source code via the net? It seems like an interesting test case, and based
on the ruling about exporting applied cryptography, I would say that it was
permitted. (After all, our right to free speach involves the transmission
of ideas. I can understand them stopping the export of physical things
like computer disks, but not source code).

So does anybody actually know of a case in which the government attempted
to jail somebody for knowingly transmitting cryptographic programs from the
US?

JWS





From solman at MIT.EDU  Thu Jul 21 08:38:36 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 21 Jul 94 08:38:36 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407211118.HAA20691@zork.tiac.net>
Message-ID: <9407211538.AA08530@ua.MIT.EDU>


> At 10:52 PM 7/20/94 -0400, Duncan Frissell wrote:
> 
> >"Don't bother.  Take out the check you were going to send me, read me the
> >routing code and check number on the bottom.  Give me your name and address
> >and the bank's name and address as they appear on the check, the amount you
> >will pay and the date.  I'll collect that check electronically without you
> >having to bother to send it."
> 
> This is exactly the problem we're having with identifying a market for
> digital cash. There's no unique selling proposition besides privacy. There
> are too many real good substitutes, like this one for checks. E-mail with
> the above information in it can be encrypted and signed, and would be
> secure enough to make a real good check in its own right. This is like my
> favorite quote (in InforWorld) about Macs: "It seems that 85% of the market
> will settle for 75% of a Macintosh."

The selling point for digital cash is that it has a low transaction cost
and can easily be used for extremelly small transactions. If agent A and
agent B want to do business without bothering their owners, you had better
have some robust digicash.





From nate at VIS.ColoState.EDU  Thu Jul 21 08:42:58 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Thu, 21 Jul 94 08:42:58 PDT
Subject: remailer list
Message-ID: <9407211542.AA10890@matisse.VIS.ColoState.EDU>



Where can I finger for a list of remailers?  fingering 
ghio at andrew.cmu.edu says to finger remailer-list at chaos.bsu.edu and
that account does not exist.

-nate





From nym at netcom.com  Thu Jul 21 08:53:35 1994
From: nym at netcom.com (Sue D. Nym)
Date: Thu, 21 Jul 94 08:53:35 PDT
Subject: "dumb incompetent sex bimbos"
Message-ID: <199407211553.IAA26939@netcom13.netcom.com>



Jamesd at netcom.com (James A. Donald)

>He did not attack women.
>
>He said that he enjoyed the films representation of woman
>as dumb incompetent sex bimbos.
>
>Connie was offended that he should enjoy such a thing.
>
>Tough shit Connie.  Lots of people enjoy stuff I don't like either.

She's not asking you to have polite consideration because "we" women
think of "ourselves" as "victims"--She's asking you to show respect and
courtesy to everyone in the forum and the forum because we think of ourselves 
as part of humanity.

The "we" is in quotes because it seems to cause massive flamewars whatever
the context. i.e. We are against the Government, We have no respect Your
Opinion, We are Victims of Manhaters, We are Victims of Thought Police, etc.

Why is everything in our society in terms of "Us vs. Them"? This can't
even be called a society. It is a battlefield.

Here's hoping the positive vibrations of the Jupiter-trumpet will beam into 
OUR lives and wreak a positive transformation. 

bye
nym






From lefty at apple.com  Thu Jul 21 09:02:44 1994
From: lefty at apple.com (Lefty)
Date: Thu, 21 Jul 94 09:02:44 PDT
Subject: *comeon
Message-ID: <9407211559.AA25909@internal.apple.com>


Garry Jeffers writes:
>
> We kinds of people are amused at what berzerk finds amusing.

and

> The Cypherpunks' list is just about as "politically incorrect" as you
> can get & we like it this way.

and

> We are sick of being censored & vilified by society at large.

and
> We also do not like our rights of freedom of association being trampled.

and

> We would be quite pleased by any contributions to the Cypherpunks'
> cause that you have to offer.

I assume that, in using the word "we" in this posting, you're referring to
yourself and your intestinal parasites.  You certainly have neither the
authority, the wit, nor the wherewithal to speak for _me_, Mr. Jeffers.

This post strongly suggests that you can barely speak for yourself.

I liked your presence _much_ better when you were absent.  A word to the
wise is sufficient, which strongly implies that you'll derive no useful
intelligence from this.

Just for the record, I think Mr. Bryner is a half-wit.  I don't find _you_
nearly that intelligent.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From sandfort at crl.com  Thu Jul 21 09:14:50 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 21 Jul 94 09:14:50 PDT
Subject: Come On
In-Reply-To: <9407200106.AA07980@geech.gnu.ai.mit.edu>
Message-ID: <Pine.3.87.9407210808.A13327-0100000@crl.crl.com>


C'punks,

On Tue, 19 Jul 1994, Ray wrote:

> . . .
>    Anyway, I'm surprised that there isn't a feminist witch-hunt
> investigating Samdy Sandfort, for his non-pc H.E.A.T. reports.

Yikes, Ray, let's not give anybody ideas!  In reality, though, I think the 
perceptive women on this list know my heart is in the right place.  Isn't 
it clear to everyone what I'm making fun of?

 
 S a n d y   S a n d f o r t
     ^
"Sex traitor since early childhood."






From mech at eff.org  Thu Jul 21 09:23:31 1994
From: mech at eff.org (Stanton McCandlish)
Date: Thu, 21 Jul 94 09:23:31 PDT
Subject: HR3937 Export Admin. act status
Message-ID: <199407211622.MAA10222@eff.org>


Not voted on yet, in discussion on House floor TODAY (Thu. 07/21/94).
We've seen a draft of one possible proposed ammendment, but it is far
weaker than the original crypto language.

Flowchart:

Original HR3627 (Cantwell bill)
   |
   |
passed by Foreign Affairs Cmte & combined with HR3937 (more general Export
 Administration Act)
   |
   |
 gutted by Intelligence Cmte
   |
   |
 passed by Rules Cmte in gutted form
   |
   |
 passed into House for final amendments if any (NOW)
   |
   |
 passes or fails vote (today probably)
 

The next to last spot is where we're at now, and the prospects are grim.
The only proposed amendment we've heard yet does very little, and even it
is expected to be rejected.   Looks like we'll all be going through this
again next year.


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L    C  U   L   T   U   R   E     C  R   Y   P   T   O




From lefty at apple.com  Thu Jul 21 09:26:39 1994
From: lefty at apple.com (Lefty)
Date: Thu, 21 Jul 94 09:26:39 PDT
Subject: Come On
Message-ID: <9407211625.AA26353@internal.apple.com>


>>    Anyway, I'm surprised that there isn't a feminist witch-hunt
>> investigating Samdy Sandfort, for his non-pc H.E.A.T. reports.
>
>Yikes, Ray, let's not give anybody ideas!  In reality, though, I think the 
>perceptive women on this list know my heart is in the right place.  Isn't 
>it clear to everyone what I'm making fun of?

Heh.

It's not clear to Ray.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From rah at shipwright.com  Thu Jul 21 09:43:36 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 21 Jul 94 09:43:36 PDT
Subject: Voice/Fax Checks
Message-ID: <199407211641.MAA25949@zork.tiac.net>


At 11:38 AM 7/21/94 -0400, solman at MIT.EDU wrote:
>The selling point for digital cash is that it has a low transaction cost
>and can easily be used for extremelly small transactions. If agent A and
>agent B want to do business without bothering their owners, you had better
>have some robust digicash.

I've made this claim myself here before.  It's possible you're in a
position to verify it.  Can you?

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From whitaker at dpair.csd.sgi.com  Thu Jul 21 09:50:37 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Thu, 21 Jul 94 09:50:37 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <9407211238.AA04209@snark.imsi.com>
Message-ID: <9407210949.ZM25140@dpair.csd.sgi.com>


On Jul 21,  8:38am, Perry E. Metzger wrote:
>
> Unfortunately for you, Mr. Detweiler, I'm personally known to dozens of
> people on this mailing list. I've physically met very large numbers of
> people. I'm also not given to long and extremely boring messages.
>

I have met Perry.  He IsAPerson.


--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From solman at MIT.EDU  Thu Jul 21 09:53:13 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 21 Jul 94 09:53:13 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407211641.MAA25949@zork.tiac.net>
Message-ID: <9407211652.AA09087@ua.MIT.EDU>


> At 11:38 AM 7/21/94 -0400, solman at MIT.EDU wrote:
> >The selling point for digital cash is that it has a low transaction cost
> >and can easily be used for extremelly small transactions. If agent A and
> >agent B want to do business without bothering their owners, you had better
> >have some robust digicash.
> 
> I've made this claim myself here before.  It's possible you're in a
> position to verify it.  Can you?

Not yet. But I'm just a few weeks away from Alpha testing a very
large web-based project which has all sorts of agents interacting
with each other and dealing in very small amounts of money. It
includes a second rate (but effective) digital cash protocol.
When I'm done (which will be very soon), I'll post the code
here so everybody can tell me what's wrong. I am presently
attempting to upgrade the digital cash to a new method that
I've devised (using other people's demonstratedly secure
primatives of course). That's why I joined this list recently.

I am sure of two things:

A) To extract the greatest possible value from human time,
it is necessary so set up a complex infrastructure of agents
that can abstract tasks whenever possible.

and

B) A system like this can not exist without a method of
dealing with extremelly small monetary transactions.

If my confidence is not misplaced, digital cash is simply
required by the digital future.

JWS





From rah at shipwright.com  Thu Jul 21 10:04:25 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 21 Jul 94 10:04:25 PDT
Subject: Voice/Fax Checks
Message-ID: <199407211702.NAA26432@zork.tiac.net>


At 12:52 PM 7/21/94 -0400, solman at MIT.EDU wrote:
>Not yet. But I'm just a few weeks away from Alpha testing a very
>large web-based project which has all sorts of agents interacting
>with each other and dealing in very small amounts of money

I'm looking forward to this. Gleefully.

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From lefty at apple.com  Thu Jul 21 10:04:44 1994
From: lefty at apple.com (Lefty)
Date: Thu, 21 Jul 94 10:04:44 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407211702.AA27039@internal.apple.com>


Some nobody, posting as "Random L0Z3R" asks:
>
>Makes you wonder, eh? And has anyone actually MET Metzger?

Doesn't make me wonder at all.  I _have_ met Perry.

Has anyone actually met _you_?

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From joshua at cae.retix.com  Thu Jul 21 10:25:20 1994
From: joshua at cae.retix.com (joshua geller)
Date: Thu, 21 Jul 94 10:25:20 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <9407210949.ZM25140@dpair.csd.sgi.com>
Message-ID: <199407211725.KAA11063@sleepy.retix.com>



>   Russell Earl Whitaker wrote:
>   On Jul 21,  8:38am, Perry E. Metzger wrote:

>   > Unfortunately for you, Mr. Detweiler, I'm personally known to dozens of
>   > people on this mailing list. I've physically met very large numbers of
>   > people. I'm also not given to long and extremely boring messages.

>   I have met Perry.  He IsAPerson.

or at least a reasonable facsimile. even given his unclean fondness for vi.

josh







From perry at imsi.com  Thu Jul 21 10:29:16 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 21 Jul 94 10:29:16 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <199407211725.KAA11063@sleepy.retix.com>
Message-ID: <9407211728.AA04996@snark.imsi.com>



joshua geller says:
> >   Russell Earl Whitaker wrote:
> 
> >   I have met Perry.  He IsAPerson.
> 
> or at least a reasonable facsimile. even given his unclean fondness for vi.

To my knowledge, I've never met Joshua Geller. (Its possible I've met
him at some conference without realizing it.)

I don't use vi.

Perry





From sandfort at crl.com  Thu Jul 21 10:44:15 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 21 Jul 94 10:44:15 PDT
Subject: Leaving the Country
In-Reply-To: <9407211404.AA24126@sten.lehman.com>
Message-ID: <Pine.3.87.9407211019.A11779-0100000@crl2.crl.com>


C'punks,

The Seminar will cover this in much greater detail, I'm sure but...

On Thu, 21 Jul 1994, Linn Stanton wrote:

> . . .
> This is a problem. The capital gains / alternative minimum tax hit is
> gruesome. 

There are alternatives available.  Are you familiar with "selling short 
against the box"?  What about tax-free "contributions of capital" to 
corporations or trusts?

> . . .
> The only stock markets that I know well enough to be comfortable
> investing in are in the US. That will not magically change just because
> I get citizenship somewhere else, and that still leaves me liable for US
> tracking and taxes. 

You are too smart to believe this.  Why not try to see the obvious 
solution rather than lament the "fact" that you are trapped?  For those 
of you who haven't followed Duncan's argument in favor of "attitude 
adjustment," the explanation is implicit in the defeatest attitude 
demonstrated above.

> . . . [in re: Heinlein] The forfeiture laws were weaker then. 

Stuff and nonsense.  The tactic Heinlein used, for the reasons he used 
it, would work just as well today.  Perhaps you are unfamiliar with what 
he actually did and why.  (Remind me to cover it in the Seminar.)


 S a n d y








From gbe at netcom.com  Thu Jul 21 10:51:33 1994
From: gbe at netcom.com (Gary Edstrom)
Date: Thu, 21 Jul 94 10:51:33 PDT
Subject: DEF CON II Conference Schedule?
Message-ID: <199407211751.KAA01250@netcom12.netcom.com>


Does anyone have the latest DEF CON II conference schedule?  If so, could 
you please email me a copy?

Thanks

--
Gary B. Edstrom          | Sequoia Software     | PGP fingerprint:
Internet: gbe at netcom.com | Programming Services | 2F F6 1B 28 6E A6 09 6C
CompuServe: 72677,564    | P.O. Box 9573        | B0 EA 9E 4C C4 C6 7D 46
Fax: 1-818-247-6046      | Glendale, CA 91226   | Key available via finger
What is PGP?  Subscribe to alt.security.pgp and find out!





From gtoal at an-teallach.com  Thu Jul 21 11:10:14 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 21 Jul 94 11:10:14 PDT
Subject: "dumb incompetent sex bimbos"
Message-ID: <199407211808.TAA18282@an-teallach.com>


: From: "Sue D. Nym" <nym at netcom.com>

: She's not asking you to have polite consideration because "we" women
: think of "ourselves" as "victims"--She's asking you to show respect and
: courtesy to everyone in the forum and the forum because we think of ourselves 
: as part of humanity.

Personally I find your caricature of how you think women post to
Usenet the most discourteous of all these posts, Larry.

(Like this, for example:
: Here's hoping the positive vibrations of the Jupiter-trumpet will beam into 
: OUR lives and wreak a positive transformation. 
)

G





From blancw at microsoft.com  Thu Jul 21 11:18:08 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Thu, 21 Jul 94 11:18:08 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407211818.AA04779@netmail2.microsoft.com>


Remember this?

	"We will shortly be commencing operation Woodcock Bludgeon.
	During this period you will experience some confusion and chaos
	due to secondary effects of our meme carrier launchings in
	cyberspace. "

There must be some LD memes floating around confusing everyone's neural 
recognition pathways.

Blanc





From wrevans at oceanus.mitre.org  Thu Jul 21 11:26:34 1994
From: wrevans at oceanus.mitre.org (Ward R. Evans)
Date: Thu, 21 Jul 94 11:26:34 PDT
Subject: Detweiler
Message-ID: <9407211818.AA22564@oceanus.mitre.org>


To quote from the Welcome to Cypherpunks posting:

>"The cypherpunks list has its very own net.loon, a fellow named L.
>Detweiler.  The history is too long for here, but he thinks that
>cypherpunks are evil incarnate.  If you see a densely worded rant
>featuring characteristic words such as "medusa", "pseudospoofing",
>"treachery", "poison", or "black lies", it's probably him, no matter
>what the From: line says.  The policy is to ignore these postings.
>Replies have never, ever, not even once resulted in anything
>constructive and usually create huge flamewars on the list.  Please,
>please, don't feed the animals."

Can we stop feeding the animals? I'm tired of getting 20 to 30 postings
about Detweiler. I'm new to this interesting and high volume list, but its
interest is reduced by the flame war. I hope I haven't offended anyone, but
lets talk issues and technology and raise the SNR.

Thanks,
Ward R. Evans

wrevans at mitre.org
voice: (703) 883-7631
fax:   (703) 883-1363






From banisar at epic.org  Thu Jul 21 11:47:41 1994
From: banisar at epic.org (Dave Banisar)
Date: Thu, 21 Jul 94 11:47:41 PDT
Subject: EPIC Alert 1.04 (Gore on Clipper)
Message-ID: <9407211434.AA24758@Hacker2.cpsr.digex.net>


=============================================================
    
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
     
    ============================================================
    Volume 1.04 (special edition)                  July 21, 1994
    ------------------------------------------------------------
    
                        Published by the
           Electronic Privacy Information Center (EPIC)
                         Washington, DC
                        (Alert at epic.org)
     


=======================================================================
Table of Contents
=======================================================================
 
 SPECIAL EDITION -- "SON OF CLIPPER"
 [1] Administration "Reversal" on Clipper
 [2] EPIC Statement
 [3] Letter from Gore to Cantwell
 [4] What You Can Do (Email the VP)
 [5] Upcoming Conferences and Events


=======================================================================
 [1]  Administration "Reversal" on Clipper
=======================================================================

	A letter from Vice President Al Gore to Representative Maria
Cantwell (D-WA) sent this week during Congressional debate on the
Export Administration Act has raised important questions about the
current state of the Clipper proposal.  Some have hailed the statement
as a major reversal.  Others say the letter seals a bad deal.

	Below we have included the letter from the Vice President, a
statement from EPIC, and recommendations for further action.

=======================================================================
 [2] EPIC Statement on Gore Letter to Cantwell
=======================================================================

	News reports that the Clinton Administration has reversed
itself on encryption policy are not supported by the letter from Vice
President Gore to Maria Cantwell regarding export control policy.  In
fact, the letter reiterates the White House's commitment to the NSA's
key escrow proposal and calls on the private sector to develop
products that will facilitate electronic surveillance.

	The letter from the Vice President calls on the government and
the industry to develop jointly systems for key escrow cryptography.
Key escrow is the central feature of the Clipper chip and the NSA's
recommended method for electronic surveillance of digital
communications.

	The letter also reaffirms the Administration's support for
Clipper Chip as the federal standard for voice networks. There is no
indication that the White House will withdraw this proposal.
Statements that Clipper is "dead" are absurd.

	The letter offers no changes in export control policy.  It
recommends instead that the status quo be maintained and that more
studies be conducted.   (The White House already completed such a
study earlier this year.  The results were never disclosed to the
public, despite EPIC's request for release of the findings under the
Freedom of Information Act.)

	This is a significant setback for groups expecting that export
control laws would be revised this year.

	The White House expresses a willingness to allow unclassified
algorithms and to hold key escrow agents liable for misuse.  These are
the only provisions of the Gore letter favorable to the user
community.  But neither provision would even be necessary if the White
House did not attempt to regulate cryptography in the first place.

	The Administration's willingness to accept private sector
alternatives to Clipper for data networks essentially ratifies an
agreement to develop "wiretap ready" technologies for data networks.

	 We believe the letter from the Vice President is essentially
a blueprint for electronic surveillance of digital networks.  The
government will set out the requirements for surveillance systems such
as key escrow, and the industry will build complying systems.

	The plan dovetails neatly with the FBI's Digital Telephony
proposal, which will establish legal penalties for companies and users
that design systems that cannot be wiretapped.

	We do not believe this is in the interests of users of the
information highway.  Key escrow necessarily weakens the security and
privacy of electronic communications.  It makes networks vulnerable to
tampering and confidential messages subject to compromise.  It is the
approach urged by organizations that specialize in electronic
eavesdropping.  No group of Internet users has ever called for key
escrow encryption.

	If this proposal goes forward, electronic surveillance will
almost certainly increase, network security will be weakened, and
people who design strong cryptography without key escrow could become
criminals.  This is not a victory for freedom or privacy.

	We support unclassified standards and relaxation of export
controls.  We cannot support the premise that the government and
industry should design key escrow systems.  We also do not believe
that Clipper is an appropriate standard for federal voice
communications.

	We are asking the Vice President to reconsider his position
and urging network users to make known their concerns about the
proposal.

Electronic Privacy Information Center 
Washington, DC 
July 21, 1994


=======================================================================
 [3] Letter from Gore to Cantwell
=======================================================================


THE VICE PRESIDENTWASHINGTON

July 20, 1994

The Honorable Maria Cantwell House of Representatives Washington, DC
20515

"Dear Maria,

	"I write today to express my sincere appreciation of your
efforts to move the national debate forward on the issue of
information security and export controls.  I share your strong
conviction for the need to develop a comprehensive policy regarding
encryption, incorporating an export policy that does not disadvantage
American software companies in world markets while preserving our law
enforcement and national security goals.

	"As you know, the Administration disagrees with you on the
extent to which existing controls are harming U.S. industry in the
short run and the extent to which their immediate relaxation would
affect national security.  For that reason we have supported a
five-month Presidential study.  In conducting this study, I want to
assure you that the Administration will use the best available
resources of the federal government.  This will include the active
participation of the National Economic Council and the Department of
Commerce.  In addition, consistent with the Senate-passed language,
the first study will be completed within 150 days of passage of the
Export Administration Act reauthorization bill, with the second study
to be completed within one year after the completion of the first. I
want to personally assure you that we will reassess our existing
export controls based on the results of these studies.  Moreover, all
programs with encryption that can be exported today will continue to
be exportable.

	"On the other hand, we agree that we need to take action this
year to ensure that over time American companies are able to include
information security features in their program in order to maintain
their international competitiveness.  We can achieve this by entering
into a new phase of cooperation among government, industry
representatives and privacy advocates with a goal of trying to develop
a key escrow encryption system that will provide strong encryption, be
acceptable to computer users worldwide, and address our national
security needs as well.

	"Key escrow encryption offers a very effective way to
accomplish our mutual goals.  That is why the Administration adopted
the key escrow encryption standard in the "Clipper Chip" to provide
very secure encryption for telephone communications while preserving
the ability for law enforcement and national security.  But the
Clipper Chip is an approved federal standard for telephone
communication and not for computer networks and video networks.  For
that reason, we are working with industry to investigate other
technologies for these applications.

	"The administration understands the concerns that industry has
regarding the Clipper Chip.  We welcome the opportunity to work with
industry to design a more versatile, less expensive system  Such a key
escrow scheme would be implementable in software, firmware or
hardware, or any combination thereof, would not rely on a classified
algorithm, would be voluntary, and would be exportable.  While there
are many severe challenges to developing such a system, we are
committed to a diligent effort with industry and academics to achieve
such a  system.  We welcome your offer to assist us in furthering this
effort.

	"We also want to assure users of key escrow encryption
products that they will not be subject to unauthorized electronic
surveillance.  As we have done with the Clipper Chip, future key
escrow schemes must contain safeguards to provide for key disclosure
only under legal authorization and should have audit procedures to
ensure the integrity of the system.  Escrow holders should be strictly
liable for releasing keys without legal authorization.

	"We also recognize that a new key escrow encryption system
must permit the use of private-sector key escrow agents as one option.
It is also possible that as key escrow encryption technology spreads,
companies may establish layered escrowing services for their own
products.  Having a number of escrow agents would give individuals and
businesses more choice and flexibility in meeting their needs for
secure communications.

	"I assure you the President and I are acutely aware of the
need to balance economic and privacy needs with law enforcement and
national security.  This is not an easy task, I think that our
approach offers the best opportunity to strike an appropriate balance.
I am looking forward to working with you and others who share our
interest in developing a comprehensive national policy on encryption.
I am convinced that our cooperative endeavors will open new creative
solutions to this critical problems."

Sincerely
  /s/
Al Gore


=======================================================================
 [4]  What You Can Do (Email the VP)
=======================================================================

The Clipper debate has reached a critical juncture.  The White House
and industry are about to seal a deal to make key escrow the standard
for encrypted communications.  If you believe that individuals should
have the right to make full use of new technologies to protect
privacy, now is the time for your voice to be heard (and your email to
be sent).

EMAIL the Vice President at vice.president at whitehouse.gov

- Thank him for the Administration's willingness to reconsider its
views on Clipper

- Express support for the decision to support unclassified algorithms
and liability for key escrow agents

- But urge him not to require key escrow as a standard for encryption
products

- Emphasize that key escrow is the soul of Clipper, the method for
conducting electronic surveillance of digital communications

- Call for extensive testing and studies before any key escrow system
is deployed

You should also:

- Urge him to withdraw Clipper as a standard for voice communications

- Urge him to support relaxation of export controls

- Ask for the public release of the earlier White House study on
cryptography

- Ask for the public release of White House documents reviewing the
weaknesses of the key escrow proposal

	The Vice President has clearly shown a willingness to listen
to the concerns of the user community on this issue.  Your letter
could make a difference.

	  

=======================================================================
 [5] Upcoming Privacy Related Conferences and Events
=======================================================================

DEF CON ][ ("underground" computer culture) "Load up your laptop
Muffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July
22-24. Contact: dtangent at defcon.org.

Hackers on Planet Earth: The First US Hacker Congress. Hotel
Pennsylvania, New York City, NY. August 13-14. Sponsored by 2600
Magazine. Contact: 2600 at well.sf.ca.us.

Technologies of Surveillance; Technologies of Privacy. The Hague, The
Netherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (davies at privint.demon.co.uk).

16th International Conference on Data Protection. The Hague,
Netherlands.  September 6-8.  Contact: B. Crouwers 31 70 3190190
(tel), 31-70-3940460 (fax).

CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre <pagre at weber.ucsd.edu>

Symposium: An Arts and Humanities Policy for the National Information
Infrastructure. Boston, Mass. October 14-16. Sponsored by the Center
for Art Research in Boston. Contact: Jay Jaroslav
(jaroslav at artdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, North
Carolina. October 27-28. Sponsored by CPSR. Contact:
trigg at parc.xerox.com.

Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November
11-13. Sponsored by ACM. Contact: jkizza at utcvm.utc.edu
 
            (Send calendar submissions to Alert at epic.org)


=======================================================================
 
To subscribe to the EPIC Alert, send the message:
 
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname

to listserv at cpsr.org. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce

=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email info at epic.org, or write
EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1
202 544 9240 (tel), +1 202 547 5482 (fax).
 
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: cpsr-info at cpsr.org
 
------------------------ END EPIC Alert 1.04 ------------------------







From pcw at access.digex.net  Thu Jul 21 11:54:21 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Thu, 21 Jul 94 11:54:21 PDT
Subject: Jupiter, AC Clark, Ted Kennedy and the Moon
Message-ID: <199407211853.AA18065@access2.digex.net>



>(Like this, for example:
>: Here's hoping the positive vibrations of the Jupiter-trumpet will beam into 
>: OUR lives and wreak a positive transformation. 
>)

Did anyone else find it really weird that we were watching a comet hit
Jupiter almost exactly 25 years after we set foot on the moon? Doesn't this
bring memories of the movie/book _2001_? I can't remember what happened
exactly 
(and I can't find my copy to refresh the cache) but didn't our moon base
discover a slab on the moon that when uncovered
triggered  cool music _and_ a signal to outer space. Then we sent HAL and some
human cargo out to Jupiter or Saturn were they encountered a weird,
exponentially replicating slab of the same dimensions as the slab on the
moon. Didn't this rendezvous happen some fixed amount of time after the
discovery on the moon? 

Or is my brain just mapping everything together everywhich way. I.e.
memories = g^{-1}(f(events)) where the kernal of f and g is their entire
respective
domains. 

What does this have to do with cyphers? Well, the slab on the moon was a
cipher. It communicated to outer space in ciphers. The SETI project that
listens to the outer space is essentially an exercise in cryptanalysis.
Kubrick's film was a big cipher that left AC Clark the job of explaining.
Okay, enough. But I couldn't find a better group to pose this question.

P.S. Or was it 25 years after Chappaquidick?







From jrochkin at cs.oberlin.edu  Thu Jul 21 11:54:45 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 21 Jul 94 11:54:45 PDT
Subject: Clipper Chip Retreat
Message-ID: <199407211854.OAA20322@cs.oberlin.edu>


> I'll leave it to someone else to post the entire article, but the gist
> is that Gore sent a letter to Maria Cantwell saying that the
> administration is willing to consider alternatives to Clipper that are
> based upon nonclassified algrithms, and where the escrow agents are
> not government agencies.  They still insist on an escrow system,
> however.
 
This was an incredibly wise move on their part. We who still find 
the kindler gentler Clipper unacceptable are going to have a much harder
time convincing the public at large of our case. Before Clipper was such
a completley idiotic idea that almost anyone who wasn't on the NSA-s payrole
would automatically oppose it. It's still a bad idea, but a public-domain
algorithm clipper with non-governmental escrow agents isn't quite as 
obvously insane and inane as the previous clipper. 
 
On the other hand, we already have "clipper is bad", implanted in a lot of
people's minds. I don't think the administration is going to be able
to shake that loose quite so easily. And I do think we can convince many
people that new improved clipper is bad because of the escrow agency alone.
But it's not so easy. If the administation had come out with a version of this
kinder gentler clipper from the start, it might actually have been succesful.





From nelson at crynwr.com  Thu Jul 21 12:12:54 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 21 Jul 94 12:12:54 PDT
Subject: Detweiler
In-Reply-To: <9407211818.AA22564@oceanus.mitre.org>
Message-ID: <m0qR3em-000I7WC@crynwr.com>


   Date: Thu, 21 Jul 94 14:18:59 EDT
   From: wrevans at oceanus.mitre.org (Ward R. Evans)

   >Replies have never, ever, not even once resulted in anything
   >constructive and usually create huge flamewars on the list.  Please,
   >please, don't feed the animals."

   lets talk issues and technology and raise the SNR.

Two ways to kill off a flamewar: rant and rage to the list about how
awful the flamewar is, or overwhelm the flamewar with good content.
Remember, Cypherpunks write code (which I guess means that I'm not a
Cypherpunk, but we can only each save our *own* corner of the world).

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From rjc at powermail.com  Thu Jul 21 12:18:59 1994
From: rjc at powermail.com (Ray)
Date: Thu, 21 Jul 94 12:18:59 PDT
Subject: Come on
In-Reply-To: <199407211831.OAA01033@umbc9.umbc.edu>
Message-ID: <199407211914.PAA00189@powermail.com>


Lefty:
> >>    Anyway, I'm surprised that there isn't a feminist witch-hunt
> >> investigating Samdy Sandfort, for his non-pc H.E.A.T. reports.
> >
> >Yikes, Ray, let's not give anybody ideas!  In reality, though, I think the 
> >perceptive women on this list know my heart is in the right place.  Isn't 
> >it clear to everyone what I'm making fun of?
> 
> Heh.
> 
> It's not clear to Ray.

  Well, I can certainly say that I am impressed that you've progressed
to telepathy, but humor a poor student for once. Could it be that
H.E.A.T. is a low budget campy syndicated show with bad writing whose
only "redeeming" (gimmick) feature is the hunky guys and bodacious babes which
appear on it? Like 9 million similar shows on USA up-all-night.  I'm a
fan of the genre myself, only instead of H.E.A.T., I watch "Thunder in
Paradise" which has Hulk Hogan, a wonder speedboat, and Carol Alt in
it. You can't beat the ridiculous plots, impossible boat technology
(artificial intelligence, rocket powered *in water* at speeds that
would easily tear it apart, and cheesy morphing effects), and the way
Carol Alt seems to fall into the hands of the bad guy every week. (the
bad guy usually has a harem of women, or amazons from American
Gladiators).

   Sandy may think that the women "know his heart is in the right
place", but that is a dangerous assumption to make, especially in a
professional setting where you aren't judgement proof. Let me tell you
what happened to my brother-in-law 2 weeks ago. He had just gotten
back from vacation in the Bahamas with my sister and was eager to show
his buddies at work(United Airlines) the pictures he had taken on the
beach. It just so happened that this beach had plenty beautiful women
in bikini's on it and he had taken many pictures of them. His buddies
made a few comments like "check out that one", "that one's a babe", etc.
One of the female coworkers overheard and filed sexual harrassment
charges. (she thought the pictures were pornographic, she hadn't seem
them).  He was punished and given a list of words and phrases you
can't say around the office, including stuff like, "you look different,
did you change something?" and "your hair looks nice today." The
point being, it doesn't matter what your intentions are, or if you
meant no harm by a comment, one sexist comment or mention of a woman's
body part, and in many workplaces, you could be in hot water.

 The key phrase is "perceptive women". There will always be one twit,
or group of twits, waiting to pounce on you. After experiencing
speech codes and feminist wackos on the U of MD campus, I'm not
going to underestimate the power of twits any more.

  Sandy's pretty safe making comments on this list because of the 
make up of the list (mostly male, many libertarian, many anti-pc, etc)
just as Tim May was safe making plenty of politically controversial
statements on Extropians. Try making those kinds of statements in a
more politically diverse forum. (and indeed, I believe Tim did 
eventually catch fire in the netcom newsgroups where someone mistook
one of his comments against welfare as bigotry)

  I hope I "got it"










From ravage at bga.com  Thu Jul 21 12:23:05 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 21 Jul 94 12:23:05 PDT
Subject: (fwd) Noise diodes
Message-ID: <199407211922.OAA23855@vern.bga.com>


Path: bga.com!news.sprintlink.net!news.onramp.net!convex!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!agate!msuinfo!harbinger.cc.monash.edu.au!aggedor.rmit.EDU.AU!goanna.cs.rmit.oz.au!not-for-mail
From: ok at goanna.cs.rmit.oz.au (Richard A. O'Keefe)
Newsgroups: sci.electronics,sci.math.consult
Subject: Noise diodes
Date: 21 Jul 1994 18:03:24 +1000
Organization: Comp Sci, RMIT, Melbourne, Australia
Lines: 35
Message-ID: <30la4c$bng at goanna.cs.rmit.oz.au>
NNTP-Posting-Host: goanna.cs.rmit.oz.au
NNTP-Posting-User: ok
Keywords: rng

Some people I'm working with have built a machine to generate "real"
random numbers, using a BC546 transistor as an avalanche mode noise
diode (12V Vcc).  The noise output is supposedly 100mV peak.  That's
then fed into an LM311 comparator, to generate 0/1 signals.  This is
then fed to a divide-by-2 counter.  When their CPU wants a random
number, it samples the output of the divide-by-2 counter eight times
at 6.25kbit/sec.

They did collect a bunch of samples from this, and claim that successive
samples did seem to be uncorrelated, but there seemed to be a slight bias
in favour of 0 bits.  However, they say the test results have been lost.
I don't really understand how the output of a divide-by-two counter can
be biassed this way
	(free-running biassed random 0s and 1s) ->
	(divide by 2) ->
	(sample at regular intervals) ->
	(take 8 consecutive samples as one random number)

They don't need to produce random numbers at a very high rate (a couple
of hundred a second is more than enough for their application).

I have a faint memory that there are several problems with generating
random numbers from noise diodes, but I can't remember what any of them
are.  The requirement is for
	- independent
	- equidistributed
	- random 0..255 integers
	- which remain so throughout a 0 to 40 degree Celsius range
If there is a standard way to get something like this, I'd like to hear
about it.  If there is a standard set of problems I should know about
and check for, that'd be great.

-- 
30 million of Australia's 140 million sheep
suffer from some form of baldness.  -- Weekly Times.





From lefty at apple.com  Thu Jul 21 12:36:19 1994
From: lefty at apple.com (Lefty)
Date: Thu, 21 Jul 94 12:36:19 PDT
Subject: Come on
Message-ID: <9407211935.AA00243@internal.apple.com>


>Lefty:
>> >>    Anyway, I'm surprised that there isn't a feminist witch-hunt
>> >> investigating Samdy Sandfort, for his non-pc H.E.A.T. reports.
>> >
>> >Yikes, Ray, let's not give anybody ideas!  In reality, though, I think the 
>> >perceptive women on this list know my heart is in the right place.  Isn't 
>> >it clear to everyone what I'm making fun of?
>> 
>> Heh.
>> 
>> It's not clear to Ray.
>
>  Well, I can certainly say that I am impressed that you've progressed
>to telepathy, but humor a poor student for once. 
>
> {long, irrelevant diatribe, elided}
>
>  I hope I "got it"

Er, no.  Not at all.  In fact, I think you demonstrated what I was saying
quite clearly.

But not to leave you hopelessly adrift, what's the fundamental difference
between the actions of the subject of your oh-so-sad story, and Sandy's
actions?  Take your time.

Off by a millimeter at the arrow's point; off by a mile at the target.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From jya at pipeline.com  Thu Jul 21 13:01:02 1994
From: jya at pipeline.com (John Young)
Date: Thu, 21 Jul 94 13:01:02 PDT
Subject: Detweilure
Message-ID: <199407212000.QAA01006@pipe1.pipeline.com>


Responding to msg by wrevans at oceanus.mitre.org (Ward R. Evans) 
on Thu, 21 Jul  2:18 PM

>To quote from the Welcome to Cypherpunks posting:
>
>>"The cypherpunks list has its very own net.loon, a fellow 
named L.
>>Detweiler.  . . . The policy is to ignore these postings.
>>Replies have never, ever, not even once resulted in anything
>>constructive and usually create huge flamewars on the list.  
Please,
>>please, don't feed the animals."
>
>Can we stop feeding the animals?


The beguiling welcome cypherpunks excerpt about @@ entices not 
repels.

It's a notorious literary lure.

Was put it there by @@ himself as titillating recuiting poster?






From frissell at panix.com  Thu Jul 21 13:34:05 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 21 Jul 94 13:34:05 PDT
Subject: Leaving the Country
Message-ID: <199407212033.AA09109@panix.com>


At 10:32 AM 7/21/94 -0700, Sandy Sandfort wrote:

>Stuff and nonsense.  The tactic Heinlein used, for the reasons he used 
>it, would work just as well today.  Perhaps you are unfamiliar with what 
>he actually did and why.  (Remind me to cover it in the Seminar.)
>
>
> S a n d y

The traditional Japanese saying, "The nail that sticks up will get pounded
down."

The American version, "The nail that sticks up is too much trouble to pound
down so we will go find a nail that's already pounded down."






From frissell at panix.com  Thu Jul 21 13:34:32 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 21 Jul 94 13:34:32 PDT
Subject: Leaving the Country
Message-ID: <199407212033.AA09004@panix.com>


At 10:04 AM 7/21/94 -0400, Linn Stanton wrote:

>I agree of the inheritance tax question, but there is still a problem. The only
>stock markets that I know well enough to be comfortable investing in are in the
>US. That will not magically change just because I get citizenship somewhere
>else, and that still leaves me liable for US tracking and taxes.

US stocks are now traded overseas.  Non-residents of the US can execute
trades on US exchanges.  Learning to feel comfortable in different countries
and investing environments is very important for diversification even
without the independence it gives you.  Remember the one major advantage
that you have over the nation state -- you can move and it can't.

>I respect your efforts in this area, and don't want to give the impression that
>I do not take your advice seriously. However, it is too bleeding edge for
>someone with a family, IMHO.

I have a family too.  We shipped the kids out first (so they would learn to
read and write).  They are very transnational these days.

DCF

"I think I'll set up a Conformity Consulting Firm.  It will teach "diverse"
employees how to get along with white males in the workplace."






From solman at MIT.EDU  Thu Jul 21 13:46:58 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 21 Jul 94 13:46:58 PDT
Subject: No more Cantwell amendment? was Re: Clipper Chip retreat
In-Reply-To: <9407211837.AA10414@ua.MIT.EDU>
Message-ID: <9407212046.AA11440@ua.MIT.EDU>


> You wrote:
> 
> | So does anybody actually know of a case in which the government attempted
> | to jail somebody for knowingly transmitting cryptographic programs from the
> | US?

> 	There was a case where someone was jailed for shipping cable
> boxes that do DES out of the US; they didn't know it was illegal &
> went to jail.  They were in Florida, 1991 or so.

I'm not concerned with physical equiptment. Clearly the government has the
authority to regulate the export of physical items under munitions laws.
But I don't think they should be (or can be under the first amendment)
allowed to regulate the flow of information, whether it be via nets or
paper. I would suggest that this distinction is why the US is allowing the
export of applied cryptography, but not applied cryptography disks. Even if
the government believes that distribution of the book is harmful to national
security, they clearly can't regulate the expression of ideas on paper.

Now most of us have come to think of email as something in between paper
and phone calls, but there is no legal precedent (To my knowledge). So I
suppose the government could make that argument and defend it. But its
really hard for me to imagine the government cracking down on somebody for
posting source code via the internet. I'll test that when I'm ready for
alpha though. Anybody know a constitutional lawyer interested in taking
on a precedent setting case pro bono? :-/

JWS





From cme at tis.com  Thu Jul 21 14:21:37 1994
From: cme at tis.com (Carl Ellison)
Date: Thu, 21 Jul 94 14:21:37 PDT
Subject: Clipper Chip Retreat
In-Reply-To: <199407211854.OAA20322@cs.oberlin.edu>
Message-ID: <9407212121.AA12961@tis.com>


>Date: Thu, 21 Jul 1994 14:54:22 -0400
>From: Jonathan Rochkind <jrochkin at cs.oberlin.edu>
>Subject: Clipper Chip Retreat

>It's still a bad idea, but a public-domain
>algorithm clipper with non-governmental escrow agents isn't quite as 
>obvously insane and inane as the previous clipper. 

Sorry, but the major Clipper flaw to me (and at least one corporate
executive with whom I've discussed this) *is* the very idea of key escrow.

My previous company used to sell computers to banks and funds transfer
agents.  A skeleton key to the crypto they used would be worth enough money
to warrant an expensive attack -- and the vulnerable place to attack is the
escrow databases.

Of course they could fix this vulnerability.  They could use the NSA HQ and
maybe Fort Knox as the escrow sites.  That would make us all more
comfortable with the scheme, wouldn't it?

 - Carl





From m5 at vail.tivoli.com  Thu Jul 21 14:38:25 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 21 Jul 94 14:38:25 PDT
Subject: Clipper Chip Retreat
In-Reply-To: <199407211854.OAA20322@cs.oberlin.edu>
Message-ID: <9407212138.AA20166@vail.tivoli.com>



Carl Ellison writes:
 > Sorry, but the major Clipper flaw to me (and at least one corporate 
 > executive with whom I've discussed this) *is* the very idea of key
 > escrow. 

Agreed; however, I don't see what good (from the standpoint of the key
escrow fan club) a non-classified Skipjack would be, other than to
make the banning of non-escrowed cryptography "ineluctable".

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From blancw at microsoft.com  Thu Jul 21 14:49:33 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Thu, 21 Jul 94 14:49:33 PDT
Subject: FW: "dumb incompetent sex bimbos"
Message-ID: <9407212149.AA16801@netmail2.microsoft.com>


From: Sue D. Nym

".....She's asking you to show respect and courtesy to everyone in the 
forum and the forum because we think of ourselves as part of humanity." 
 You are so kind to speak up for the cause of womanhood and civil 
demonstrations of respect & courtesy (and for this forum, as well).

"Why is everything in our society in terms of "Us vs. Them"?"  One 
reason is because some people are looking more for heat than light.

"This can't even be called a society. It is a battlefield."  However, 
somewhere in the heat of ideological battles some productive 
conclusions are reached; such as that some people will not be 
influenced by other's opinions and that it is useless to attempt to 
make conclusions for everyone without their expressed consent.

"Here's hoping the positive vibrations of the Jupiter-trumpet will beam 
into OUR lives and wreak a positive transformation."  I think Jupiter 
is suffering from problems of its own, at this time, being bombarded by 
a string of meteors.   Let us hope we (on planet Earth) don't receive the same.

Blanc







From cme at tis.com  Thu Jul 21 15:03:46 1994
From: cme at tis.com (Carl Ellison)
Date: Thu, 21 Jul 94 15:03:46 PDT
Subject: Clipper Chip Retreat
In-Reply-To: <9407212138.AA20166@vail.tivoli.com>
Message-ID: <9407212203.AA15301@tis.com>


>Date: Thu, 21 Jul 94 16:38:02 CDT
>From: m5 at vail.tivoli.com (Mike McNally)
>Subject: Re: Clipper Chip Retreat
>
>Carl Ellison writes:
> > Sorry, but the major Clipper flaw to me (and at least one corporate 
> > executive with whom I've discussed this) *is* the very idea of key
> > escrow. 
>
>Agreed; however, I don't see what good (from the standpoint of the key
>escrow fan club) a non-classified Skipjack would be, other than to
>make the banning of non-escrowed cryptography "ineluctable".

I don't care about Skipjack.  If they want to publish, I'd read the paper,
but I'm plenty content with triple-DES for routine stuff and DTDTD
(des|tran|...) for more sensitive stuff.  (ditto with IDEA variants)

By key length, triple-DES is far more secure than Skipjack -- and probably
faster.  I don't remember the Clipper data rate off hand, but I just timed
RSAREF triple-DES (CBC) on my 66 MHz 486 (running Mach) at 112 KBytes/sec.
(That's just short of 1 Mb/sec.)  That would do for telephone speeds :-).

 - Carl






From nobody at ds1.wu-wien.ac.at  Thu Jul 21 16:33:00 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Thu, 21 Jul 94 16:33:00 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407212332.AA00201@ds1.wu-wien.ac.at>


Cyphertentacles:

Maybe I missed something here, but I thought what the original writer
was implying was that Perry Metzger may indeed be a real human being,
but that he was actually working as a *double agent* for Detweiler.
That is one of the connotations of the word "tentacle" that Detweiler
loves to toss around. 

I think there is a plausible case for this. Remember, just because
you see mail coming from perry at imsi.com doesn't mean that the
"Perry Metzger" you met in person actually wrote it. It is possible
that Detweiler and Metzger are both posting from that account. In
fact, looking at the text styles, it seems reasonable. Sometimes
Perry writes some very interesting posts related to cryptography,
stock trading and other subjects. But in other cases he just rants
in a few terse lines, particularly when Detweiler is the subject. 

Maybe the "orders" to Perry from Detweiler are to "improve your 
reputation on the list as much as possible". In the meantime, Detweiler
is occasionally using the same account to instigate dissension. 
Haven't you ever noticed an eerie, strange, sort of Jekyll-and-Hyde
personality to what comes out of that account at times? Almost
to the point of wondering if the same knowledgable person would 
spew such fervent vitriol?

But anyway, I think all of this is plausible enough that Perry should
broadcast a denial to everyone on the list again, just to assuage
anyone's unconscious fears of secret conspiracies all around them
in cyberspace.

Heh. These conspiracy theories are kind of fun to imagine. Maybe on the 
other hand EVERYONE on this list is a tentacle of Detweiler, and YOU are 
the only one who doesn't realize it.

Hee, hee.

By the way, I found some records of another person posting from Denver
at Netcom that seems to match Detweiler's patterns. It's pretty obvious
when you look at the records. I'll let you figure it out for the fun
of it. <g>

When Detweiler is dead, you won't be seeing me at his funeral. Although
you might catch me dancing on his grave.






From sidney at taurus.apple.com  Thu Jul 21 16:36:34 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Thu, 21 Jul 94 16:36:34 PDT
Subject: Clipper Chip Retreat
Message-ID: <9407212337.AA15472@federal-excess.apple.com>


Carl Ellison writes:
>I don't care about Skipjack.  If they want to publish, I'd read the paper,
>but I'm plenty content with triple-DES for routine stuff and DTDTD

But if the government is going to push key escrow and they are going to use
an unclassified system, then they have to 1) Use a relatively weak
cryptographic system in order to keep people from using the unclassified
system for fully secure communication with their own non-escrowed keys, and
2) Outlaw using any other (more secure) encryption.

This fits right in with Gore's not backing down on export controls. Combine
that with his talk of using unclassified, exportable encryption, and he has
to be talking about replacing Skipjack with a weak or key-size restricted
system (which would not be subject to export controls). And as Mike McNally
pointed out, that just increases the likelihood that the government would
attempt to make use of other encryption illegal, because with the
algorithms known and in software there would be no other way of controlling
(or attempting to control) what people do.

 -- sidney <sidney at apple.com>








From lefty at apple.com  Thu Jul 21 16:48:25 1994
From: lefty at apple.com (Lefty)
Date: Thu, 21 Jul 94 16:48:25 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407212346.AA06059@internal.apple.com>


>Cyphertentacles:
>
>{bait, elided}
>
>Hee, hee.

Cut it out, Larry.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From Mike_Spreitzer.PARC at xerox.com  Thu Jul 21 16:49:59 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Thu, 21 Jul 94 16:49:59 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <94Jul21.164935pdt.14430(3)@alpha.xerox.com>


(1) I'm not an anarchist.  Does that make me out of place here?  I'm willing to
live with some amount of government, as long as us owners stand a chance of
controlling or overthrowing it.  My biggest problem with Capstone is that it
changes the balance of power too much.

(2) I think crimes can be committed in cyberspace.  Substantially, if not
entirely, in cyberspace.  Maybe not so many now.  But I think it's
intellectually dishonest of us who understand the growing importance of
cyberspace to claim there won't be any social contracts there that could be
violated.  I accept the terms of the 4th ammendment: search and siezure allowed
when due process followed.  "Key escrow" is an attempt to implement the
cyberspatial analog of search.

(3) The Feds must know they can't prevent modestly well funded, educated, and
motivated folks from using unbreakable cryptography amongst themselves.  The
argument for doing key escrow anyway is that by installing a breakable
infrastructure, they'll make enough investigations cheaper and more effective
to be worth it.  Note that's a comparison of their money and success rate
against our privacy; no wonder they got it so wrong.

(4) If you accept points (1) and (2) above, you're left wanting a way to
implement searches in cyberspace when due process is followed.  I hope
anarchists won't be the only people opposing changing the balance of power
greatly in the government's favor (by poorly designed key escrow).  What are
the rest of us left to answer with?  Perhaps a much better key escrow design.
One that integrates the search with the due process in a cryptographically
strong way; one that can't be subverted by a few people in a few organizations.
For example, who says an escrowed key must have only two parts?  Why not a
whole lot of parts, distributed to a whole lot of people/organizations?  If
there are only 1000 legal wiretaps in a year, and they're already fairly
expensive, we can add a fair amount to the cost before it gets significant.
And again, remember where we're weighing money against freedom.  It may be that
we just have to spend more to stay a reasonably free society.  Also, it's worth
debating just how strong the protections have to be.  Will we need them to be
stronger than those against physical searches?  How few people does it take to
subvert the current protections against illegal searches?  Do we feel that
needs to be changed?  How much are we willing to spend on it?





From merriman at metronet.com  Thu Jul 21 17:06:01 1994
From: merriman at metronet.com (David K. Merriman)
Date: Thu, 21 Jul 94 17:06:01 PDT
Subject: No more Cantwell amendment? was Re: Clipper Chip retreat
Message-ID: <199407220008.AA26204@metronet.com>


>Now most of us have come to think of email as something in between paper
>and phone calls, but there is no legal precedent (To my knowledge). So I
>suppose the government could make that argument and defend it. But its
>really hard for me to imagine the government cracking down on somebody for
>posting source code via the internet. I'll test that when I'm ready for
>alpha though. Anybody know a constitutional lawyer interested in taking
>on a precedent setting case pro bono? :-/

Might check with EFF/ACLU/CPSR - *one* of them should be interested :-|

Dave Merriman
Wherever you go in Life - there you are!






From CCGARY at MIZZOU1.missouri.edu  Thu Jul 21 17:38:42 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Thu, 21 Jul 94 17:38:42 PDT
Subject: comeon**
Message-ID: <9407220038.AA04732@toad.com>


   Lefty says I don't have the wit to speak for him. It would take no
wit - just a person with the tastes of a bottom feeder. Lefty, aren't
you the little shit who brutally flamed  Nobody for using a pseudonym?
Lefty? is that your first or last name? Do you have a last name? Are
you sure? Say, hero, what is your true name?
   Lefty, do I have you all wrong, or are you one of those guys who
hang back from a fight till you see your opponent is outnumbered?
                                      PUSH EM BACK! PUSH EM BACK!
                                      WWWAAAYYY  BBBAAACCCK!
                                      BBBEEEAAATTTT   STATE!





From tcmay at netcom.com  Thu Jul 21 18:00:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 21 Jul 94 18:00:33 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul21.164935pdt.14430(3)@alpha.xerox.com>
Message-ID: <199407220100.SAA08895@netcom8.netcom.com>


Mike_Spreitzer writes:

> (1) I'm not an anarchist.  Does that make me out of place here?  I'm willing to

Yes, you are out of place. We took a vote a while back and the
anarchists won by 173 votes. The detailed rules of discourse we
adopted can be found at the csua.berkeley.edu site.

> (2) I think crimes can be committed in cyberspace.  Substantially, if not
> entirely, in cyberspace.  Maybe not so many now.  But I think it's

I know of no one who disagrees. Of course crimes can be committed in
cyberspace, whatever one's definition may be of crime. From forwarding
copyrighted material to posting GIFs of children being raped to
contracting for hits on one's enemies.  (Personally, I treat very few
things as being criminal, and thus see few things in cyberspace that
could possibly be criminal.)

> intellectually dishonest of us who understand the growing importance of
> cyberspace to claim there won't be any social contracts there that could be
> violated.  I accept the terms of the 4th ammendment: search and siezure allowed
> when due process followed.  "Key escrow" is an attempt to implement the
> cyberspatial analog of search.

Nope. "Key escrow" is far broader. It is telling people they must
"escrow" their house keys with the cops, just in case the cops have a
need to enter.

It is the requirement that all photographs be "escrowed" with the
cops, just in case some dirty pictures need to be looked at. It is the
requirement that diaries and journals be written in "approved
languages," in case authorities need or want to read them.

(By the way, your tacit assumption, that key escrow will become
mandatory, is probably accurate, but is in fact not the Administration's
proposal. They claim it will forever remain voluntary, though they are
then silent on just how this will help with the criminals they seek to
catch this way.)

The remaining points I'll leave for others to critique.

Mandatory key escrow is like telling people they have to use special
curtains that can be made transparent if the cops think they need to
aim their cameras in our houses.

Not exactly what I have in mind for my future.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From rah at shipwright.com  Thu Jul 21 18:15:11 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 21 Jul 94 18:15:11 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <199407220113.VAA05344@zork.tiac.net>


At  4:49 PM 7/21/94 -0700, Mike_Spreitzer.PARC at xerox.com wrote:
>(1) I'm not an anarchist.
[snip]

I'm a congenital republican.
[snip]

>(2) I think crimes can be committed in cyberspace...
[snip]

So do I.
[snip]

>(4) If you accept points (1) and (2) above, you're left wanting a way to
>implement searches in cyberspace when due process is followed.

[Plea for better key escrow removed]

I've never gotten into the Clipper discussion before now.  I've assumed
(somewhat lazily, I might add) that market forces would kill it, if nothing
else.  I am much more in other consequences of strong-crypto and global
public-access computer networks; e$ and all that...

I'm not so sure that wiretapping was ever a good idea, but the "private
life" of the technology which enabled it ensured its use. Like machine
guns, nuclear weapons and semi-automatic firearms, weapons (wiretapping is
as surely a weapon as any of the above) will be used.  Fortunately,
counter-weapons arise.

Gentlemen didn't read each other's mail because they couldn't do it
practically. Telephony and signals intellegence changed that. People found
that they could, and they did it. Now the technological pendulum has swung
back to the days where letters were sealed in wax with unique seals.

I would like to propose, probably not the first time on this list, an
acceptable, time-honored method of determining the contents of a secure
conversation.  Snitches.

That's they used before wiretaps, and it seemed to work well enough then.
A contempt of court citation for refusing a warranted search seems strong
enough to handle the rest of a government's prosecutory urges.

Cheers,
Bob


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From jya at pipeline.com  Thu Jul 21 18:41:50 1994
From: jya at pipeline.com (John Young)
Date: Thu, 21 Jul 94 18:41:50 PDT
Subject: (Fwd) RE: Computer snoopers
Message-ID: <199407220141.VAA00739@pipe1.pipeline.com>



Forwarding mail by: DBURK at gmuvax.gmu.edu ("DAN L. BURK") on 
Thu, 21 Jul  7:50 PM
-------------------

Yeah, "snooping" indeed!  According to Federal Computer Week, 
July 11, 1994:

   The hacker attacks have reached such a scale over the past 
few months
   "that on any give day DOD literally does not have control of 
five or
   six of its computer systems; the hackers do," one former 
government
   official said.

Bob Brewin & Elizabeth Sikorivsky, "Hackers storm DOD nets," 
Federal Computer  Week, July 11, 1994 at 1, col. 3.

Want to play a game?

Dan
dburk at gmuvax.gmu.edu	







From rfb at lehman.com  Thu Jul 21 18:56:26 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 21 Jul 94 18:56:26 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul21.164935pdt.14430(3)@alpha.xerox.com>
Message-ID: <9407220155.AA09328@fnord.lehman.com>


    Date: 	Thu, 21 Jul 1994 16:49:01 PDT
    From: Mike_Spreitzer.PARC at xerox.com
    
    I accept the terms of the 4th ammendment [sic]: search and siezure
    allowed when due process followed.

The 4th amendment:
       The right of the people to be secure in their persons, houses,
    papers, and effects, against unreasonable searches and seizures,
    shall not be violated; and no warrants shall issue, but upon
    probable cause, supported by oath or affirmation, and
    particularly describing the place to be searched and the persons
    or things to be seized.

One problem with what you've said is that the fourth amendment is not
phrased in the sense in which you refer to it.  Specifically, it
proscribes unreasonable searches and seizures.  It does not require
the people to actively facilitate the government in `reasonable'
searches and seizures.  Essentially, you've turned the 4th amendment
on its head in your effort to rationalize key escrow.

In any case, it's a purely academic question given the dissociation of
the `Bill of Rights' from reality.

			Rick





From berzerk at xmission.xmission.com  Thu Jul 21 18:58:24 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Thu, 21 Jul 94 18:58:24 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <199407220113.VAA05344@zork.tiac.net>
Message-ID: <Pine.3.89.9407211908.A6907-0100000@xmission>



On Thu, 21 Jul 1994, Robert Hettinga wrote:
> I'm a congenital republican.
Hmm, I hear medical science has tracked down the gene for that and will 
have a cure soon.

I like crime, but believe that imoral behavior is wrong.  I believe you 
can behave imoraly in cyberspace.

> I would like to propose, probably not the first time on this list, an
> acceptable, time-honored method of determining the contents of a secure
> conversation.  Snitches.
ABSOLUTELY!  The fact is if you can't get someone to snitch, IT IS NOT A 
CRIME(moraly)!  I dare anyone to come up with a counterexample.

Berzerk.





From joshua at cae.retix.com  Thu Jul 21 19:12:08 1994
From: joshua at cae.retix.com (joshua geller)
Date: Thu, 21 Jul 94 19:12:08 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <9407212332.AA00201@ds1.wu-wien.ac.at>
Message-ID: <199407220212.TAA11727@sleepy.retix.com>



detweiler writes:

>   By the way, I found some records of another person posting from Denver
>   at Netcom that seems to match Detweiler's patterns. It's pretty obvious
>   when you look at the records. I'll let you figure it out for the fun
>   of it. <g>
	   ^^^---you mean like this?

I am filled with shame that I have contributed to this thread.

josh








From rittle at comm.mot.com  Thu Jul 21 19:25:14 1994
From: rittle at comm.mot.com (Loren James Rittle)
Date: Thu, 21 Jul 94 19:25:14 PDT
Subject: The Clipper Chip Proposal
Message-ID: <9407220224.AA12751@supra.comm.mot.com>



Dear Mr. Vice President,

I am glad to hear that the Administration is willing to back down on
some of the highly unfavorable aspects of the Clipper Chip Proposal.

I strongly support mandated encryption key escrow for all government
employees, such as yourself, but none whatsoever on private
individuals or private-sector companies.  You all should be
accountable to the public.  Encryption key escrow of all government
employees' keys would help allow the public to hold rogue government
employees accountable for their inappropriate actions while in office
and hold great power over the public.

Get rid of the idea that would place mandatory key escrow on all
private users of your encryption standard and, in my opinion, you will
go down in history as the first person in government to actually help
make this country *more* free and *more* open.

I also support completely voluntary (i.e. no outside government coercion)
encryption key escrow for all private individuals and private-sector
companies, if they themselves so chose it.  I cannot see why a private
individual would ever want to have their encryption key in escrow, but
the private-sector company could gain many benefits.  As employee turn-
over occurs (by death or disgruntlement), a company would be insured
continued access to its information if it had an escrow plan in place.

Until the, so called, National Security concerns that are often
alluded to, yet never discussed, are bought fully to light on this
matter, it is very hard for me to swallow the real need for key escrow
for private citizens.  Given the low number of legal wiretaps that are
authorized each year, it just doesn't make sense to spend the kind of
money key escrow would require to implement it on the wide scale you
propose.

I understand that the White House has already conducted one study on
this issue of National Security as it relates to the key escrow issue.
Why don't you release this study in full instead of starting another
study?  I also understand that you have held up the FOIA request to
have this study released.  Why?  In a free society, it is just as
important to discuss the National Security issue in the open as the
citizen's privacy issue.

I leave you with a quote that describes the situation fairly well
for me:  ``You can have my personal encryption key when you pry it from
my cold, dead hands (and even then you can't have it because it has
been memorized and my brain is now dead).''

Sincerely,
Loren

--
Loren J. Rittle (rittle at comm.mot.com)          Ripem-1.2 MD5OfPublicKey:
Systems Technology Research (IL02/2240)        D2CE4A0F2BABF33AEF10C8C669DD782D
Motorola, Inc.                                 PGP-2.6 Key fingerprint:
(708) 576-7794                                 6810D8AB3029874DD7065BC52067EAFD





From solman at MIT.EDU  Thu Jul 21 19:37:26 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Thu, 21 Jul 94 19:37:26 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul21.164935pdt.14430(3)@alpha.xerox.com>
Message-ID: <9407220236.AA13439@ua.MIT.EDU>


> (1) I'm not an anarchist.  Does that make me out of place here?  I'm
> willing to live with some amount of government, as long as us owners
> stand a chance of controlling or overthrowing it.  My biggest problem
> with Capstone is that it changes the balance of power too much.

Simple solution for people like you: Secret split your key into eight pieces,
such that six or seven are required to reconstruct it. Create a mechanism
whereby people can anonymously distribute their keys. Have the govenment
escrow keep just the names of the people with the other pieces. Periodically
require everybody to prove that they still have the same piece by sending
hashes. When the government wants your key it presents a warrant to the people
holding your pieces.

But I find this sort of system to be silly. its only purpose is to eavesdrop
in on my conversations. Why would I want somebody doing that? I like my
privacy so I'd rather not participate.

> (2) I think crimes can be committed in cyberspace.  Substantially, if not
> entirely, in cyberspace.  Maybe not so many now.  But I think it's
> intellectually dishonest of us who understand the growing importance of
> cyberspace to claim there won't be any social contracts there that could be
> violated.  I accept the terms of the 4th ammendment: search and siezure
> allowed when due process followed.  "Key escrow" is an attempt to implement
> the cyberspatial analog of search.

This is total bullshit. In the physical world, the ideal set up would
clearly be one in which each individual negotiated with each other
individual what the contract between them would be. "I don't want to
die and you don't want to die, so lets both agree not to kill each other
and put some money towards a system of police that guarantees this.
I want property rights so I can enjoy the fruits of my labor..."

This scenario is, of course, absurd. It takes time to negotiate things like
this. Negotiations also require the possibility of no agreement, allowing
the parties to re-examine the strength of their respective positions before
going back to the table. The cost of conducting these negotiations in the
physical world is enourmous.

The cost of conducting these negotiations in the real world is negligible.
People who like their freedom can negotiate on their own. The stupid and
the insecure can purchase agents from other people that do the same thing.
LAWS CAN EASILY BE MADE OPTIONAL IN CYBERSPACE WHILE STILL MAINTAINING
THEIR EFFECTIVENESS. Enforcement of a law is a natural part of the agreement
to participate in it. There is absolutely no reason why one set of laws with
one set of enforcers needs to be adopted simply because the transactional
cost is negligible and the results of non-agreement can be determined
nearly instantaneously. I will be introducing the paleolithic analog of
an information society in the next few weeks. You had better believe that
by the time the information superhighway takes off, complex systems that
enforce complex rules will be available to those who want them.

> (3) The Feds must know they can't prevent modestly well funded, educated, and
> motivated folks from using unbreakable cryptography amongst themselves.  The
> argument for doing key escrow anyway is that by installing a breakable
> infrastructure, they'll make enough investigations cheaper and more effective
> to be worth it.  Note that's a comparison of their money and success rate
> against our privacy; no wonder they got it so wrong.

It absurd to think that the Feds can control anything in cyberspace without
some sort of physical world police state. Its just not feasible, entropy
is dominant.

JWS





From rjc at gnu.ai.mit.edu  Thu Jul 21 19:55:38 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Thu, 21 Jul 94 19:55:38 PDT
Subject: Come On
Message-ID: <9407220255.AA19888@geech.gnu.ai.mit.edu>


Sandy:
>Yikes, Ray, let's not give anybody ideas!  In reality, though, I think the 
>perceptive women on this list know my heart is in the right place.  Isn't 
>it clear to everyone what I'm making fun of?                        ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Channeling alt.syntax.tactical and alt.flame (Ohm!), Lefty writes:
> Heh.
> 
> It's not clear to Ray.

   Implying of course that it's clear to him.

As I so eloquently stated:
>
>  Well, I can certainly say that I am impressed that you've progressed
>to telepathy, but humor a poor student for once. 
>
> {long, irrelevant diatribe, elided}
 
  I'm glad you liked it. Atleast you kept the best line.

Continuing my masterfully written piece:
>  I hope I "got it"


Answering back from the astral plane:
> Er, no.  Not at all.  In fact, I think you demonstrated what I was saying
> quite clearly.

  Meaning that the answer I supplied to Sandy's question was the wrong
one. If he knows it's wrong, then he must know the correct answer,
well what is it? Otherwise, I'm waiting for a retraction.


<contemplate the correct answer to the following question
for 3 nights: "What is the sound of one hand clapping?">

Alert, an alt.syntax.tactical gambit move is about to be attempted:
> But not to leave you hopelessly adrift, what's the fundamental difference
> between the actions of the subject of your oh-so-sad story, and Sandy's
> actions?  Take your time.

   Uh oh, do I detect a change of subject? You see, my last post was
directed to supply an answer to Sandy's question "Isn't it clear to
everyone what I'm making fun of?" (my answer, the campiness of the
show) with an added commentary on assuming a receptive audiencce. All
of a sudden, we have a diversion here into how Sandy's H.E.A.T. posts
on a mailing list compare to my brother-in-law's showing of vacation
pictures during a break at work which is irrelevent to the original
line of questioning (if you could call "Heh. It isn't clear to Ray."
questioning or discussion) A well timed change of subject, and a
barely subtle attempt to bait me of course.

   I'm not going to fall into the trap, so I won't bother responding. I'm
still waiting for your answer to Sandy's question, oh great oracle.

> Off by a millimeter at the arrow's point; off by a mile at the target.

  You shouldn't think out loud. But your reflections on your own 
behavior are quite on the mark.

> --
> Lefty (lefty at apple.com)
> C:.M:.C:., D:.O:.D:. O:.H:.M:

  Really Lefty, isn't it about time you stopped baiting people?
Scan the last twenty messages you posted to cypherpunks. At best,
they were nothing but a bunch "witty" 3-liners designed to start
a flame with somebody you thought you could obviously outwit. Almost
zero discussion or information content. The only post of yours
which contained atleast five full sentences was a forward of some
Sue D. Nym message. I'm honored that you respect my intellect enough
to dedicate more than your usual quota of 3 short sentences (I know
it must be quite taxing on your creativity), but maybe it's time for you 
to take a vacation.


-internet highway patrol, assault speech division.







From jamesd at netcom.com  Thu Jul 21 20:28:02 1994
From: jamesd at netcom.com (James A. Donald)
Date: Thu, 21 Jul 94 20:28:02 PDT
Subject: GUT and P=NP
In-Reply-To: <9407211244.AA16861@vail.tivoli.com>
Message-ID: <199407220328.UAA19260@netcom5.netcom.com>


Mike McNally writes
> 
> 
> James A. Donald writes:
>  > Existing physical theories show that Super Turing machines are
>  > possible in principle though very difficult to build in practice.
> 
> That's the understatement of the year.

I was referring to the proposed quantum computers.

> 
>  > Such machines will probably not be able to solve NP complete
>  > problems though they will be able to solve some NP problems
>  > such as factoring.
> 
> Huh?
> 
>  > Since such machines do not operate algorithmically
> 
> This statement is exactly wrong.  Such machines *define* a class of
> algorithms.

I recommend that you read the following paper.

E. Bernstein and U. Vazirani, {\it Quantum Complexity
Theory}, Proc. 25th ACM Symp. on Theory of Computation, pp.  11--20
(1993).


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From jamesd at netcom.com  Thu Jul 21 20:33:00 1994
From: jamesd at netcom.com (James A. Donald)
Date: Thu, 21 Jul 94 20:33:00 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407211118.HAA20691@zork.tiac.net>
Message-ID: <199407220333.UAA19905@netcom5.netcom.com>


Robert Hettinga writes
> ... the problem we're having with identifying a market for
> digital cash. There's no unique selling proposition besides privacy. There
> are too many real good substitutes, like this one for checks. E-mail with
> the above information in it can be encrypted and signed, and would be
> secure enough to make a real good check in its own right.

All existing substitutes are either insecure (credit cards) or involve
excessive labor and transaction costs.

Electronic transactions will take off like a rocket once they 
*undercut* existing methods.

As yet, our mail encryption interface is still bad.  Convenient
crypto cash must come after convenient crypto mail.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From nobody at soda.berkeley.edu  Thu Jul 21 20:35:03 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Thu, 21 Jul 94 20:35:03 PDT
Subject: remail
Message-ID: <199407220334.UAA08778@soda.berkeley.edu>


BSA Business software Alliance
NEWS RELEASE

FOR IMMEDIATE RELEASE
Wednesday, July 20, 1994

FOR ADDITIONAL INFORMATION
Diane Smiroldo, 202.872.5500

BSA PRESIDENT ROBERT HOLLEYMAN REACTION STATEMENT TO
VICE PRESIDENT GORE'S LETTER TO REP. CANTWELL ON ENCRYPTION

"On behalf of the leading American PC software companies, BSA commends 
Rep. Maria Cantwell for her success in convincing the administration to 
change its policy on encryption. Following extensive negotiations with 
Rep. Cantwell, today Vice President Gore announced that the 
administration will work with industry to develop a new key escrow 
encryption system. This new encryption system has the potential for 
wide-spread use because it will be practical, affordable, and trustworthy.

"The administration has recognized that Clipper Chip will not be used 
for computers. It has been recognized that the information security 
system for personal computers must be privately developed and 
controlled. The administration has agreed that the new encryption 
system must be voluntary, software implementable, based on a 
non-classified encryption formula, exportable, and employ private 
sector agents to hold the keys.

"The administration also agreed to support periodic studies assessing 
the availability and impact of foreign encryption programs on American 
companies. Recognizing the economic importance of the software 
industry, the administration pledged the active participation of the 
National Economic Council and the Department of Commerce in the 
studies. The Vice President agreed that the studies will lay the 
groundwork to reassess existing export controls.

"Today's agreement is a significant victory both for U.S. software 
companies and the future of the global information superhighway. U.S. 
software companies must be permitted to compete on a level playing 
field with foreign vendors who already provide security on software 
programs. High tech industries are indebted to Rep. Cantwell for her 
leadership in convincing the administration to adopt a new approach and 
potentially end the disruptive war on encryption policy."

#

BSA promotes the continued growth of the software industry through its 
international public policy, education, and enforcement programs in the 
U.S. and more than 55 other countries throughout North America, Asia, 
Europe, and South America. BSA represents the leading U.S. publishers 
of PC software including Aldus, Apple Computer, Autodesk, Intergraph, 
Lotus Development, Microsoft, Novell, and WordPerfect.



------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 7 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%-S^P;+]AB?X9TW6\8WR:&P&2'K1RX_1#HL&P at GW&U6W_:A2N?I86=*
K404T##68_(;5YO()D7.H.%@%L*"][5<DF\.P,/H9EE?>#D6V_FT>:$,!0```
====Encrypted-Sender-End====





From Russ.Nelson at Potsdam.edu  Thu Jul 21 21:07:13 1994
From: Russ.Nelson at Potsdam.edu (Russell Nelson)
Date: Thu, 21 Jul 94 21:07:13 PDT
Subject: True Lies
Message-ID: <199407220405.AA06034@ns.potsdam.edu>


Quite clearly, the bad guys in True Lies used a Capstone unit to do
their encryption.  Too bad they didn't make a point of it -- after all,
catching terrorists is putatively what escrowed encryption is aimed at.
-russ





From claborne at microcosm.sandiegoca.NCR.COM  Thu Jul 21 21:26:54 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris)
Date: Thu, 21 Jul 94 21:26:54 PDT
Subject: Clipper Chip retreat
Message-ID: <2E2EA933@microcosm.SanDiegoCA.NCR.COM>



   Congratulations!  I consider the "Clipper Chip retreat" a victory for the 
Cypherpunks, EFF, and inhabitants of cyberspace.  We have succeeded in a 
tactic often used by three letter agencies... Stall!  The "stall" tactic 
lets you re-supply, regroup and plan the next attack .

   This event slows the government down and will provide the inhabitants of 
cyberspace more time to develop a defacto encryption system (PGP, RIPEM, 
PEM, etc) that will overshadow any scheme deployed by government.  It also 
gives us time to continue the fight against "Key-escrow" and government back 
doors.

This message may be a little premature but if true, we should be ready for 
the next offensive.  (yes offensive).  This bit of information also makes me 
wander what their next move might be.  It could be... "NEWS FLASH... Drug 
lord goes free because he is using non-key-escrow crypto..."

                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From shabbir at panix.com  Thu Jul 21 21:32:10 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Thu, 21 Jul 94 21:32:10 PDT
Subject: HR 3937 now a dead end; House Rules Comm results
Message-ID: <199407220422.AA24710@panix3.panix.com>


[updated July 21, 1994 shabbir]

*********************************************************************
 
                        DISTRIBUTE WIDELY
 
*********************************************************************

Table of contents:
	Introduction
	Result of House Rules committee vote
	Status of the bill
	1994 Voters Guide

-------------------------------------------------------------------------------
INTRODUCTION

Voters Telecomm Watch keeps scorecards on legislators' positions on 
legislation that affects telecommunications and civil liberties.
If you have updates to a legislator's positions, from either:

	-public testimony,
	-reply letters from the legislator,
	-stated positions from their office,

please contact vtw at vtw.org so they can be added to this list.

General questions: 	vtw at vtw.org
Mailing List Requests: 	vtw-list-request at vtw.org
Press Contact: 		stc at vtw.org
Gopher URL: 		gopher://gopher.panix.com:70/11/vtw
WWW URL:		We're working on it. :-)
-------------------------------------------------------------------------------
RESULT OF THE HOUSE RULES COMMITTEE VOTE ON HR 3937

Based on information gathered by volunteers, we've been able to
piece together some of the positions of the House Rules Committee
as to how they voted for/against opening up HR 3937 to amendments on
the House floor.  [This is now somewhat moot, as is explained in the
next section.]

Extensive kudos go to
	Joe Thomas <jthomas at pawpaw.mitre.org>
	gaj at portman.com (Gordon Jacobson)
who both did extensive work to help find this information.

Here are the results we were able to obtain:

	[The committee voted 5-4 to open the bill]

		HOUSE RULES COMMITTEE MEMBERS

   Dist ST Name, Address, and Party       Phone            
   ==== == ========================       ==============  
      9 MA Moakley, John Joseph (D)       1-202-225-8273  
	UNSPECIFIED POSITION

      3 SC Derrick, Butler (D)            1-202-225-5301 
	UNSPECIFIED POSITION

     24 CA Beilenson, Anthony (D)         1-202-225-5911
	UNSPECIFIED POSITION

     24 TX Frost, Martin (D)              1-202-225-3605 
	UNSPECIFIED POSITION

     10 MI Bonior, David E. (D)           1-202-225-2106
	UNSPECIFIED POSITION

      3 OH Hall, Tony P. (D)              1-202-225-6465
	UNSPECIFIED POSITION

      5 MO Wheat, Alan (D)                1-202-225-4535
	UNSPECIFIED POSITION

      6 TN Gordon, Bart (R)               1-202-225-4231
	UNSPECIFIED POSITION

     28 NY Slaughter, Louise M. (D)       1-202-225-3615
	Voted "open"

     22 NY Solomon, Gerald B. (R)         1-202-225-5614
	Voted "open"

      1 TN Quillen, James H. (R)          1-202-225-6356
	Told a constituent he would vote for "open".

     28 CA Dreier, David (R)              1-202-225-2305
	UNSPECIFIED POSITION

     14 FL Goss, Porter J. (R)            1-202-225-2536
	UNSPECIFIED POSITION

It is probably not worth the trouble to ask the remaining legislators
how they voted unless you happen to chat with their staff often. 
-------------------------------------------------------------------------------
STATUS OF THE BILL (updated 7/21/94)

If you read the appropriate newsgroups (or any major newspaper) you've
seen the news about the Gore/Cantwell compromise.  Since everyone
has reprinted it already, we'll not reprint it again, though we'll
happily send you a copy should you have missed it.

The upshot of this is that Rep. Maria Cantwell will not be offering
her amendment and therefore HR 3937 is a dead end this year for
liberalizing cryptography exports.  Since VTW is an organization dedicated
to working on legislation, and there is no longer a piece of relevant
legislation, we will be concentrating on other projects.  The "cantwell"
section of our archive will be reworked, and the records of legislators
that voted will be kept there for future reference.  [NOTE: these
voting records will also be rolled into our 1994 Voters Guide]

Here is the final schedule/chronology of the bill

Jul 21, 94  Rep. Cantwell and Vice Pres. Al Gore compromise on seven
	    principles, retreating on the Clipper chip; Rep. Cantwell
	    chooses not continue to press the legislation or the amendment
	    (see relevant articles in today's NY Times and Washington Post)
Jul 20, 94  HR3937 comes to House floor; a "good" amendement will be offered
Jul 11, 94  House Rules Committee marks HR3937 "open"; allowing amendments
Jun 30, 94  [*** vote postponed, perhaps till the week of 7/11/94]
	    House Rules Comm. decides whether to allow amendments
	    on the bill when it reaches the House floor 
Jun 14, 94  Gutted by the House Select Committee on Intelligence 
May 20, 94  Referred to the House Select Committee on Intelligence 
May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
	    attached to HR 3937, the General Export Administration Act
Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
Nov 22, 93  Referred to the House Committee on Foreign Affairs.

-------------------------------------------------------------------------------
1994 VOTERS GUIDE

Voters Telecomm Watch believes that you should be informed about your
legislators' positions on key issues.  We will be developing a survey
to give to current legislators and their challengers that will gauge
their positions on key issues involving telecommunications and civil
liberties.  These results will be made publicly available on the net
for you to use in casting your vote in November.

We'll be depending on you to help get legislative candidates to fill
out and return their surveys.  Please watch this space for the
announcement of survey availability in the coming weeks.

If you wish to participate in the development of the survey, feel free
to join the working list by mailing a note to that effect to

			vtw at vtw.org
-------------------------------------------------------------------------------




From Mike_Spreitzer.PARC at xerox.com  Thu Jul 21 21:35:56 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Thu, 21 Jul 94 21:35:56 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407220155.AA09328@fnord.lehman.com>
Message-ID: <94Jul21.213532pdt.14447(2)@alpha.xerox.com>


I'm sorry, I guess my wording was too sloppy.  I mean the interpretation you
claim is correct.





From rjc at gnu.ai.mit.edu  Thu Jul 21 21:44:13 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Thu, 21 Jul 94 21:44:13 PDT
Subject: GUT and P=NP
Message-ID: <9407220444.AA20360@geech.gnu.ai.mit.edu>


James A. Donald writes:
> I was referring to the proposed quantum computers.
> >  > Since such machines do not operate algorithmically
> > 
> > This statement is exactly wrong.  Such machines *define* a class of
> > algorithms.

> I recommend that you read the following paper.

> E. Bernstein and U. Vazirani, {\it Quantum Complexity
> Theory}, Proc. 25th ACM Symp. on Theory of Computation, pp.  11--20
> (1993).

   James, without reading the paper, can you tell me why the following
argument is incorrect?

1) By definition, if something can be computed by a turing machine,
then it is an algorithm (Lewis and Papadimitriou)
2) a quantum computer can be simulated by a TM with exponential 
slowdown. (claimed by you on the Extropians list, but also
claimed by Feynmann I believe, not about qm computers, but qm systems
in general)

then by (1) and (2), it follows that
3) quantum computers are algorithmic (if not, it would contradict
2) and possibly 1)

   It doesn't matter how slow the turing machine runs the simulation
because we allow an arbitrary time along with the infinite tape
to complete the computation. 
-Ray







From cyber1 at io.org  Thu Jul 21 21:55:37 1994
From: cyber1 at io.org (Cyber City)
Date: Thu, 21 Jul 94 21:55:37 PDT
Subject: Come On
Message-ID: <m0qRCdr-000tzpC@io.org>


Connie Sadler <sadler_c at hosp.stanford.edu> writes:

<I find lines like the above very offensive/non-professional. I 
>won't let it stop me from continuing on, but what's the 
>point? I really don't get it.

CypherPUNKs is an offshoot of the cyberpunk paradigm, which can be
stated as "high tech/lowlife".  There are no claims of professionalism
as far as I know.  If cypherpunks share a common attribute, it is
probably their enjoyment of the _practice_ of encryption and related
disciplines.

I did not notice anyone insult you personally.  Surely if you find the
language offensive, the solution is to filter your mail, or else 
unsubscribe.

--
Alex Brock





From rah at shipwright.com  Thu Jul 21 22:02:15 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 21 Jul 94 22:02:15 PDT
Subject: Voice/Fax Checks
Message-ID: <199407220458.AAA08181@zork.tiac.net>


At  8:33 PM 7/21/94 -0700, James A. Donald wrote:

>All existing substitutes are either insecure (credit cards) or involve
>excessive labor and transaction costs.
>
>Electronic transactions will take off like a rocket once they
>*undercut* existing methods.
>
>As yet, our mail encryption interface is still bad.  Convenient
>crypto cash must come after convenient crypto mail.

Chaum's going to do a full-blown internet demo real soon now, but the topic
of this thread (faxed account, ABA#, etc) is being done right now, right
out of the box.  There are the various "net.malls" on the net out with
secure mosaic credit card transactions.  A guy just said he made his first
sale (encrypted receipts and all) and we pooh-poohed him 'cause he didn't
tell us anything we didn't already know. (We gotta be nicer to these guys,
maybe???)

To mutate what I said in the previous post in this thread, 85% of the
people will settle for 75% privacy.  If there's something to buy, and they
can do an honest transaction and get the stuff they buy without being
ripped off, then they probably don't care who's looking over their
shoulder. Privacy will probably never be a selling point.  Privacy will
probably be an outflow of the need for e$, not vice versa. At this point I
may have a quasi-religeous faith that the key to the adoption of e$ is that
e$ reduces transaction costs, but we don't have any data to back it up.

As someone who's been thrashing this a little bit, I've gotten stuck on
exactly how to "*undercut*" the transaction costs of existing methods.  Got
any ideas?  Are those transaction costs as a percentage of total cost
meaningful enough to embue digital cash with the rocket-like competitive
advantage we hope for?

I don't have answers to these questions. I challenge you to come up with
that analysis without a working system to benchmark your assumptions
against.  Mr. Solman, who seems to have pre-announced an agent based system
with e$ "ticks" like in telescript, has my devoted interest at this point,
but until there's some actual data, we're only speculating.

BTW, I agree with you that Crypto mail isn't convenient. I still don't use
PGP because it's way too much trouble to screw around with, and I bet
doughnuts to dollars (Perry can hold the stakes.  He's a wagering man
;-)...) that the Mac PGP I have is easier to mess with than any version on
any other machine. <MacBigotMode(off)>

But, as I said above, you don't need secure email to move e$ around. Secure
mosaic will do just fine.  I used email in the section you quoted because
it's the simplest protocol conceptually, and I'm sorry you got tripped up
in it.

Light dawns on Marblehead. (Massachusetts joke).  Isn't the point of
digital cash that you *can* send it through unsecure mail and buy things?
Perry, I want my bag of doughnuts back. No need to have a "mine is better
than yours" bet after all.


I really should just go to sleep now...


Good Night,
Bob Hettinga


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From pkm at maths.uq.oz.au  Thu Jul 21 22:06:47 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Thu, 21 Jul 94 22:06:47 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407220505.AA04971@axiom.maths.uq.oz.au>


I have deleted most of the blather from "Nobody" on this subject. However,
this line was _very_ interesting...

> BTW, I don't like what has been going on the list where there are anonymous
> attacks on people in the list.

This, of course, comes after about 60-80 lines of insinuations that Perry
Metzger is really L. Detweiler. 

Isn't the world a funny place?

Peter.






From wcs at anchor.ho.att.com  Thu Jul 21 22:26:40 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 21 Jul 94 22:26:40 PDT
Subject: Who Detweiler is *really* posting as
Message-ID: <9407220525.AA05538@anchor.ho.att.com>


aNdOm0Zre suggests that Perry Metzger is really a tentacle for L:.D:.,
and that Perry isn't one of the alifornia Cypherpunks so who knows him.
Well, I've known Perry since beforre the Cypherpunks group started,
and he was at one of the first couple Cypherpunks meetings I'd been at
after I moved out here,as well as being out here fairly often for
Extropians gatherings and computer conferences.  He's real.
(I can't vouch for certain that he's not Detweiler, since I haven't
met the Detweilers, but he's real.)  At one of those meetings, it was
noticed that most of the major tentacles were there, including 
Jamie Dinkelacker (one of the first to be accused of being a Tim May 
tentacle), and I even sw California Drivers Licenses from the 8 or so
who were there.

Personally, I think if he hadn't existed,we would at some point hasve had
to invent him to discover some of the practical difficuties with
anonymity techniques, but we would probably have invented a less verbose,
less paranoid version who can be turned off when we do't need him :-)

		Bill





From DAVESPARKS at delphi.com  Thu Jul 21 22:55:33 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Thu, 21 Jul 94 22:55:33 PDT
Subject: Double DES calculations
Message-ID: <01HEZL9H8PSO95MU4U@delphi.com>


norm at netcom.com (Norman Hardy) wrote:

> >Anyone care to estimate what the cost of the RAM alone for the
> >"MITM interface" machine would be?  Let's see, for two 56 bit beys, you'd
> >need storage for 2^57 blocks of 8 bytes each, or 2^60 bytes.  At $40 per
> >Mb, or so, that would come to ... let's see ... $4 * 10^51 for memory
> >alone.  And once the list of blocks started growing as the attack
> >progressed, could the interface processor keep up with the other two, in
> >real time?  Massively parallel processors might speed both ends of the
> >attack, but the "database comparison phase" would be the real bottleneck,
> >IMHO.
> ...
> DAT tape, not RAM, I think. At $5 per GB I get $5*10^11 to hold the info.
> MITM requires a sort of this which requires roughly log(10^20) passes with
> a favorable constant. This will wear out a bunch of DAT drives but that is
> relatively minor. This is about an order of magnitude bigger than a
> project that I considered once to find the optimal solution to the Rubics
> cube.

"Only" $500 Billion, huh (for tapes and drives alone)?  Let's see how the
logistics work out on that.  If each tape drive measured 2"X4"X6", and if
they were mounted in racks, back-to-back, five feet high, with three feet
wide aisleways between them, they would require 3.2 million square feet of
floor space.  (How big is the entire Pentagon, BTW?)  Assuming each of the
300 million tape drives consumed 25 watts of power, the total power
consumption would be 7500 megawatts!  At $0.10 per kwh., it would cost $1
million/hour in power costs alone, assuming a 33% overhead for removing all
they heat they generated.

Assuming it took an average of five seconds to load a tape into a drive,
loading 300 million tapes would take 16,680 man hours, or roughly 10
man-years assuming a normal 40 hr./week work schedule.  A set of replacement
tapes alone would cost $3 Billion.

It has been estimated that breaking single-DES would take 1.35 hours on a
hypothetical "super-DES-breaker" machine, searching half the total keyspace,
with a 50% probability of finding the key in that time.  You yield the same
probability on double-DES would require searching 71% of the keyspace, which
would take roughly two hours, using TWO such machines.  During that two
hours, each of the 300 million tapes would be filled with data, but no
actual MITM comparisons would have occurred yet.  Thus far, we've spent $2
million on electricity alone.

Now let's assume that each block of data generated was at least pre-sorted
onto one of the 150 million available drives during the initial phase,
according to its MSBs, or whatever.  Now it remains to check for matches for
the data on each of the 150 million drives on the ENcryption side with the
corresponding drive on the DEcryption side.  Let's further assume 150
million processors each assigned to handle a pair of drives, one on each
side.  Assume that a complete pass through the tape would require the same
two hours as it took to write the data there in the first place, with
buffered I/O so that at least half of the drives are running at full speed,
and ignoring any rewind time between passes.

Assuming a fast enough processor, the number of passes required would vary
according to the ratio of the total data on each tape, divided by the total
RAM, with the available RAM available for searching equalling four times the
search block size to allow double buffering on both sides.  With that in
mind, the number of passes required would equal to ( 4 * 4 Gb / RAM ).  If
64 Mb of RAM is available per processor, then a total of 256 passes would be
required, for a total search time of 512 hours.  The sum total of all the
RAM on all 150 million processors would be 2 * 10^16 bytes.  At $40/Mb, the
RAM alone would cost $800 Billion, bringing the total cost of this machine
to $1.3 TRILLION!  The time required to crack a double-DES key is over 200
times that of a single-DES key, at a cost in excess of half a BILLION
dollars per 112 bit key.

While that *MIGHT* be technologically feasible, it probably wouldn't be
politically feasible.  That is probably more than the sum total of all US
defense spending in out 120 year history, and probably more than "Star Wars"
was projected to cost.  That'd be a bit hard to hide in a "black" budget.

Of course, there are various ways of trading dollars for time in designing
such a system.  Speed is virtually proportional to cost.

Nevertheless ... if you've got the time to do TRIPLE-DES, it's probably
still wise, "Justin Case"...

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/-/





From cactus at bb.com  Thu Jul 21 23:10:56 1994
From: cactus at bb.com (L. Todd Masco)
Date: Thu, 21 Jul 94 23:10:56 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407220458.AAA08181@zork.tiac.net>
Message-ID: <199407220612.CAA07369@bb.com>


In article <199407220458.AAA08181 at zork.tiac.net> you write:
>out of the box.  There are the various "net.malls" on the net out with
>secure mosaic credit card transactions.  A guy just said he made his first
>sale (encrypted receipts and all) and we pooh-poohed him 'cause he didn't
>tell us anything we didn't already know. (We gotta be nicer to these guys,
>maybe???)

As far as I know, nobody has made any purely "secure mosaic" sales yet;
 If you're talking about me, our only current system is mail-based.  [And
 also if so, don't worry -- two of the three of us have over 8 years
 net experience... we're not going anywhere.]

By the way, if at all possible, both to forward our own financial goals
 *and* our political goals (the latter of which is well within bound of
 what is accepted as "cypherpunk," I believe), Bibliobytes is going to try
 to provide free support to anyone for getting PGP running (no hooks
 attached).

Volunteers to help with this would be greatly appreciated -- how about it?
 Are y'all willing to put your money where your mouth is, and hand-hold
 clueless users to get them up and running with PGP?  Minimal skills required,
 past basic literacy and the ability to give simple instructions.  This
 could help to truly give freedom to the masses -- people who don't
 necessarily know where to find an FAQ or even know what one is.  People
 who automatically flame *@aol.com need not apply.

Anybody interested, send mail to "pgp-volunteer at bb.com" and I'll set up
 the list.
--
L. Todd Masco  | Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | info at bb.com  | "Authors





From kwe at cerf.net  Thu Jul 21 23:14:53 1994
From: kwe at cerf.net (Kent W. England)
Date: Thu, 21 Jul 94 23:14:53 PDT
Subject: Please unsubscribe vtw-announce from com-priv list!
Message-ID: <199407220559.WAA10364@is.internic.net>


>[updated July 18, 1994 shabbir]
>
>[HR 3937 COMES TO THE FLOOR WEDNESDAY JULY 20TH; YOUR ACTION NEEDED]
>[PLEASE CHECK THE "WHAT YOU CAN DO RIGHT NOW" SECTION!]
>*********************************************************************
>
>                        DISTRIBUTE WIDELY
>
>*********************************************************************
>
>Table of contents:
>        Introduction & Alert
>        Status of the bill
>        What you can do right now
>        List of legislators supporting HR 3937 (formerly HR 3627)
>        List of legislators wavering on HR 3937 (formerly HR 3627)
>        List of legislators opposing HR 3937 (formerly HR 3627)
>        What is the Cantwell bill?
>
>-------------------------------------------------------------------------------
>INTRODUCTION
>
>Voters Telecomm Watch keeps scorecards on legislators' positions on
>legislation that affects telecommunications and civil liberties.
>If you have updates to a legislator's positions, from either:
>
>        -public testimony,
>        -reply letters from the legislator,
>        -stated positions from their office,
>
>please contact vtw at panix.com so they can be added to this list.
>
>General questions:      vtw at panix.com
>Mailing List Requests:  vtw-list-request at panix.com
>Press Contact:          stc at panix.com
>Gopher URL:             gopher://gopher.panix.com:70/1/1/vtw
>WWW URL:                Be patient; we're working on it. :-)
>-------------------------------------------------------------------------------
>STATUS OF THE BILL (updated 7/18/94)
>
>The Cantwell bill HR3627, that allows for fewer restrictions on exports
>of cryptography, was rolled into the General Export Administration Act
>HR 3937.  The House Foreign Affairs Committee passed the full strength
>version out of committee after open, public hearings.  The House
>Intelligence Committee took the bill and gutted it after a day of
>closed, secret hearings.  The gutted version will come to the House
>floor on Wednesday July 20th.
>
>A amendment that reinstates Rep. Maria Cantwell's cryptography export
>provisions WILL be offered.  It is crucial that you ensure that your
>representative knows that you support ONLY the amended version of this
>bill.
>
>This may be the last thing you can do for the cryptographic export
>legislation.  Take the time to make a call!
>
>Schedule/Chronology of the bill
>Jul 20, 94  HR3937 comes to House floor; a "good" amendement will be offered
>            [YOUR ACTION IS NEEDED TO PASS THIS]
>Jul 11, 94  House Rules Committee marks HR3937 "open"; allowing amendments
>Jun 30, 94  [*** vote postponed, perhaps till the week of 7/11/94]
>            House Rules Comm. decides whether to allow amendments
>            on the bill when it reaches the House floor
>Jun 14, 94  Gutted by the House Select Committee on Intelligence
>May 20, 94  Referred to the House Select Committee on Intelligence
>May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
>            attached to HR 3937, the General Export Administration Act
>Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
>Nov 22, 93  Referred to the House Committee on Foreign Affairs.
>
>-------------------------------------------------------------------------------
>WHAT YOU CAN DO RIGHT NOW
>
>Estimated time to do this good deed: Six minutes
>
>Your legislator needs to know that you want them to support HR3937
>but only with an amendment including Rep. Maria Cantwell's cryptography
>export provisions.
>
>If you wish to fax a letter instead of calling, that's fine too.
>
>If you don't know who your representative is, call:
>
>        -The League of Women Voters in your area, or
>        -Any representative from your state.  They will tell you which
>         is yours.
>
>You can obtain a complete copy of all representatives by:
>        -checking the VTW gopher site:
>
>                URL:gopher://gopher.panix.com:70/1/1/vtw
>                (check under Congress)
>
>        -or by dropping a note to vtw at panix.com
>
>[Our directory is a bit out of date.  Please check all fax numbers before
>sending.  People volunteering to obtain a new directory for us are
>welcome to help out.]
>
>Feel free to use the following sample communique:
>
>        The Honorable ____________
>        address
>        Washington DC, 20515
>
>        Dear Congressman or Congresswoman,
>
>        On Wed. July 20th, HR 3937 (General Export Administration Act)
>        comes to the floor.  Please support HR3937 but only with an
>        amendment including Rep. Maria Cantwell's cryptography export
>        provisions.  These provisions are crucial to the development of
>        privacy-enhancing technology as the competitiveness of the
>        American cryptographic industry.
>
>        Sincerely,
>
>        _________________________________
>
>
>A shorter telephone sample communique might be:
>
>        Dear Congressman or Congresswoman,
>
>        Please support HR3937 but only with an amendment including
>        Rep.  Maria Cantwell's cryptography export provisions.
>
>        Thank you.
>
>-------------------------------------------------------------------------
>
>LIST OF LEGISLATORS SUPPORTING CRYPTOGRAPHY EXPORT LEGISLATION
>
>The following legislators have formally registered support for
>cryptography export legislation.  Call them with your cheers.
>
>All addresses are Washington, D.C. 20515
>
>   Dist ST Name, Address, and Party       Phone            Fax
>   ==== == ========================       ==============   ==============
>      1 WA Cantwell, Maria (D)            1-202-225-6311   1-202-225-2286
>             1520 LHOB
>        HR 3627's sponsor; thank her for her work!
>
>     16 IL Manzullo, Donald (R)           1-202-225-5676   1-202-225-5284
>             506 Cannon
>        Cosponsored HR 3627 on 11/22/93
>
>      3 UT Orton, William H. (D)          1-202-225-7751   1-202-226-1223
>             1122 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>      3 OR Wyden, Ronald (D)              1-202-225-4811   1-202-225-8941
>             1111 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>     16 CA Edwards, Donald (D)            1-202-225-3072   1-202-225-9460
>             2307 RHOB
>        Cosponsored HR 3627 on 03/22/94
>
>     19 OH Fingerhut, Eric D. (D)         1-202-225-5731   1-202-225-9114
>             431 Cannon
>        Cosponsored HR 3627 on 03/22/94
>
>      4 MA Frank, Barney (D)              1-202-225-5931   1-202-225-0182
>             2404 RHOB
>        Cosponsored HR 3627 on 03/22/94
>
>      2 UT Shepherd, Karen (D)            1-202-225-3011   1-202-226-0354
>             414 Cannon
>        Cosponsored HR 3627 on 03/22/94
>
>      3 WA Unsoeld, Jolene (D)            1-202-225-3536   1-202-225-9095
>             1527 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>     19 FL Johnston II, Harry (D)         1-202-225-3001   1-202-225-8791
>             204 Cannon
>        Cosponsored HR 3627 on 03/22/94
>
>      9 WA Kreidler, Mike (D)             1-202-225-8901   1-202-226-2361
>             1535 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>      4 WA Inslee, Jay (D)                1-202-225-5816   1-202-226-1137
>             1431 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>      7 WA McDermott, James A. (D)        1-202-225-3106   1-202-225-9212
>             1707 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>      8 IN McCloskey, Frank (D)           1-202-225-4636   1-202-225-4688
>             306 Cannon
>        Cosponsored HR 3627 on 03/22/94
>
>     14 CA Eshoo, Anna G. (D)             1-202-225-8104   1-202-225-8890
>             1505 LHOB
>        Cosponsored HR 3627 on 03/22/94
>
>     10 NC Ballenger, Thomas C. (R)       1-202-225-2576   1-202-225-0316
>             2238 RHOB
>        Cosponsored HR 3627 on 05/04/94
>
>      2 WA Swift, Al (D)                  1-202-225-2605   1-202-225-2608
>             1502 LHOB
>        Cosponsored HR 3627 on 05/04/94
>
>-------------------------------------------------------------------------------
>LIST OF LEGISLATORS WAVERING ON CRYPTOGRAPHY EXPORT LEGISLATION
>[Feel free to use the sample communique at the end of the FAQ when calling
> or writing a legislator.]
>
>     26 NY Hinchey, Maurice D. (D)        1-202-225-6335   1-202-226-0774
>             1313 LHOB
>        Recently told a constituent that he is taking the Cantwell bill
>        under consideration, but has "national security concerns" about
>        allowing encryption to be exported outside the United States.
>
>      1 IA Leach, James (R)               1-202-225-6576   1-202-226-1278
>             2186 RHOB
>        Has yet to answer a constituent letter with a stated position.
>
>     13 NY Molinari, Susan (D)            1-202-225-3371   1-202-226-1272
>             123 Cannon
>        Has yet to answer a constituent letter with a stated position.
>        (has taken inordinately long)
>
>      8 NY Nadler, Jerrold (D)            1-202-225-5635   1-202-225-6923
>             424 Cannon
>        Met with lobbying constituent in April '94; no position taken yet
>
>     25 CA McKeon, Howard P. (R)          1-202-225-1956   1-202-226-0683
>             307 Cannon
>        Responded to a constituent with a "non-position", May '94
>        Had a favorable meeting with a constituent and a VTW volunteer
>                in May '94.
>
>-------------------------------------------------------------------------------
>LIST OF LEGISLATORS OPPOSING CRYPTOGRAPHY EXPORT LEGISLATION
>[Feel free to use the sample communique at the end of the FAQ when calling
> or writing a legislator.]
>
>   Dist ST Name, Address, and Party       Phone            Fax
>   ==== == ========================       ==============   ==============
>      5 AL Cramer Jr, Robert E. (D)       1-202-225-4801   1-202-225-4392
>             1318 LHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      8 CA Pelosi, Nancy (D)              1-202-225-4965   1-202-225-8259
>             240 Cannon
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     32 CA Dixon, Julian C. (D)           1-202-225-7084   1-202-225-4091
>             2400 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     40 CA Lewis, Jerry (R)               1-202-225-5861   1-202-225-6498
>             2312 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     46 CA Dornan, Robert K. (R)          1-202-225-2965   no reliable fax
>             2402 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      2 CO Skaggs, David E. (D)           1-202-225-2161   1-202-225-9127
>             1124 LHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     10 FL Young, C. W. (R)               1-202-225-5961   1-202-225-9764
>             2407 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      4 KS Glickman, Daniel (D)           1-202-225-6216   1-202-225-5398
>             2371 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      1 NE Bereuter, Douglas (R)          1-202-225-4806   1-202-226-1148
>             2348 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
>             2159 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      3 NM Richardson, William (D)        1-202-225-6190   no reliable fax
>             2349 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      1 NV Bilbray, James H. (D)          1-202-225-5965   1-202-225-8808
>             2431 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     17 PA Gekas, George W. (R)           1-202-225-4315   1-202-225-8440
>             2410 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      2 RI Reed, John F. (D)              1-202-225-2735   1-202-225-9580
>             1510 LHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     14 TX Laughlin, Gregory H. (D)       1-202-225-2831   1-202-225-1108
>             236 Cannon
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     16 TX Coleman, Ronald D. (D)         1-202-225-4831   None
>             440 Cannon
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>     19 TX Combest, Larry (R)             1-202-225-4005   1-202-225-9615
>             1511 LHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      1 UT Hansen, James V. (R)           1-202-225-0453   1-202-225-5857
>             2466 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>      6 WA Dicks, Norman D. (D)           1-202-225-5916   1-202-226-1176
>             2467 RHOB
>
>        FAILED Cryptography exports:
>                Voted to kill Rep. Cantwell's export provisions in the
>                House Intelligence Committee on 6/15/94.
>
>-------------------------------------------------------------------------------
>What is the Cantwell bill?
>
>The Cantwell bill would permit companies to export products with
>encryption technology in them.  US companies are currently
>not permitted to export products (hardware or software) with this
>technology in them.
>
>
>What is encryption technology?
>
>Encryption technology, or cryptography, is the art of scrambling
>a conversation so that only the people communicating can decode
>it.  Other people (such as eavesdroppers) cannot learn about
>the conversation.
>
>
>Where is cryptography being used?
>
>Cryptography is used to encrypt electronic mail to protect its confidentiality
>in transit.  It's used by bank automatic teller machines to protect
>sensitive data (such as your account number, your Personal Identification
>Number, and your bank balance).  It can be implemented into software
>(such as electronic mail programs and word processors) as well as hardware
>(such as telephones and "walkie-talkies") to ensure your privacy.
>
>
>Why is there a restriction on exporting products with technology
>in them?
>
>For many years the United States poured vast sums of money into
>cryptography.  The US government thought that if they did not let this
>technology be exported, foreign individuals would not be able to obtain
>it and use it against us (by keeping US intelligence agencies from
>eavesdropping on their communications)
>
>Today, many companies selling cryptographic technology are producing
>their products for the global market.  A recent Software Publishers'
>Association Report (available from the VTW gopher) identified over 200
>non-US companies producing cryptographic technology in the global
>marketplace.  You can buy the same, high-quality cryptographic
>technology from many international firms despite the US export
>regulations.  Although the marketplace has changed, the regulations
>have not.
>
>
>Why should the regulations be changed?
>
>US companies compete in a global marketplace.  Because of the export
>regulations, they often compete alongside products with superior
>cryptographic capabilities built into them.
>
>The result is that US companies build their products with
>an inferior encryption technology.  The result of this is that
>you, as an American consumer, have great difficulty obtaining
>products with strong encryption in them.
>
>Because US products cannot compete against products with better
>privacy features, and because the laws are outdated, the regulations
>should be changed.  The Cantwell bill fixes these regulations to more
>accurately resemble the current situation of the world marketplace.
>
>
>How can I help encourage more privacy-enhanced products and
>pass the Cantwell bill?
>
>Call or write your representative and ask them to support or cosponsor
>Rep. Cantwell's export provisions (formerly HR 3627) in the General
>Export Administration Act, HR 3937.  You can base your letter on the
>sample communication below.
>
>
>SAMPLE LETTER OR PHONE CALL
>
>The Honorable ____________
>address
>Washington DC, 20515
>
>Dear Congressman or Congresswoman,
>
>As a citizen concerned for my privacy, as well as a supporter of
>American business, I urge you to cosponsor the Rep. Cantwell's
>cryptographic export provisions (formerly HR 3627) in the General
>Export Administration Act, HR 3937.
>
>The bill would allow US companies to produce and export products with
>cryptographic privacy-enhancing technology in them.  These products
>are already available from firms throughout the world.  US companies
>lose nearly $100 million per year in exports to them.
>
>By encouraging this industry, ordinary citizens like you and me would
>be able to purchase products with better privacy features.
>
>Please support or co-sponsor HR 3937.
>
>Sincerely,
>
>___________________________________
>
>-------------------------------------------------------------------------------







From shamrock at netcom.com  Thu Jul 21 23:44:07 1994
From: shamrock at netcom.com (Lucky Green)
Date: Thu, 21 Jul 94 23:44:07 PDT
Subject: Gore's "new and improved" key escrow proposal
Message-ID: <199407220644.XAA26141@netcom.netcom.com>


Is it just me, or has the administration just delivered the knock-out puch?

It seems that by abandoning the Clipper proposal for a software based
system they managed to convince key industry groups (and soon the public?)
to end their opposition to the fascist key escrow proposal. Cypherpunks, we
are in deep trouble.


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger

Clinton is in the process of making internal passports aka "Universal
Health Care Card" mandatory:
"REV 13:16  And he causeth all, both small and great, rich and poor, free
and bond, to receive a mark in their right hand, or in their foreheads:
REV 13:17  And that no man might buy or sell, save he that had the mark,
or the name of the beast, or the number of his name."







From tcmay at netcom.com  Thu Jul 21 23:58:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 21 Jul 94 23:58:30 PDT
Subject: Agorics, Digital Cash, and Protocol Ecologies
In-Reply-To: <9407211538.AA08530@ua.MIT.EDU>
Message-ID: <199407220658.XAA22067@netcom8.netcom.com>


Fellow Cypherpunks,

(Sorry to break in on the flames about bimbos, tentacles, and quantum
computers, etc. And since I have nothing to say about new releases of
PGP 2.6ui, CFS, WinPGP, or PGS, I'll focus on some things that
interest me these days.)

solman at MIT.EDU wrote:

> The selling point for digital cash is that it has a low transaction cost
> and can easily be used for extremelly small transactions. If agent A and
> agent B want to do business without bothering their owners, you had better
> have some robust digicash.

Very fine granularity digital cash--sub-cent levels, even
sub-millicent levels--could have many uses. Multiple transactions,
transations by "agents" (like Telescript will reportedly have), etc.

Cypherpunks should be aware of several tie-ins that some of our
members are working on:

* Norm Hardy and Dean Tribble have been working on a scheme called
"Digital Silk Road," or DSR, in which fractional-cent payments may be
made without incurring the full overhead of a commlink to a bank
clearinghouse, for example. (As communication charges drop, the
overhead cost of a clearinghouse call could be small enough not to
matter, but not for a while....and I'd still worry about the speed of
light delays if nothing else!).

- a version of their DSR work should be available in the usual places
(Netcom's ftp site, the ftp.csua.berkeley.edu site, and various
Cypherpunks-oriented URLs that get posted here often).

* Mark Miller, Eric Drexler, and others have worked on a scheme they
call "agorics," for computer-mediated markets, auctioning of computer
resources, etc.  This developed from work with Xanadu and AMIX, and
other places.  (Ironically, my last major project at Intel, in 1986,
was the explication of a 'Frame-Based Manufacturing System,' in which
scarce wafer fab resources are bought and sold in a manufacturing
ecology.  Miller and Drexler visited my old group a year or so after I
left to talk to them....by this time I also knew Miller and Drexler in
other contexts.)

- Mark will be speaking on the Agorics Project, and the connections to
crypto, at the next Cypherpunks meeting.

(Miller, Tribble, Hardy, and others are working on several projects of
potential interest to us: the "Joule" programming language (built in
Smalltalk, as I recall, but eventually to be ported to a faster and
lower footprint form), the "CORBA-mite" (I hope I got the spelling
right...it's a pun) extension to C++, and some network allocation work
involving special kinds of auctions.

(The common thread is one of market processes, such as the George
Mason U. folks are interested in, the economic theories of F. Hayek
that underly modern libertarian economics, and the very common
sensical notion that things have costs and that agent who want things
more than other agents should expect to pay more. "Computational
ecologies" is another buzzword, and there are obvious resonances with
"ariticial life." In fact, it was at the first A-LIFE conference, in
1987, that I met Mark Miller--I already knew Drexler.)

* Software payment schemes, including "superdistribution" and the
various ideas of Brad Cox, Peter Sprague, etc., are very much related
to fine granularity digital cash.

* The amazing new book by Kevin Kelly, "Out of Control," has a chapter
devoted to digital money. Pick it up at your local bookstore--it
should be in even the tiniest of stores--and at least skim the chapter
on digital money. Don't be scared off by the opening line of the
chapter, in which yours truly compares strong crypto to a
shoulder-fired Stinger missile! (For the curious, Kevin used his
"Whole Earth Review" article from last summer as the basis for this
chapter.)

* In a related note, we discussed this book at the most recent
"Assembler Multitudes" gathering in Palo Alto. This group meets to
discuss the implications of technology, with a historical focus on
nanotechnology. Ted Kaehler, one of the creators of Smalltalk at Xerox
PARC in the 70s, and now working with Alan Kay at Apple, says this
book is the most exciting thing he's seen in many years. I mostly
agree.

* I also described my ideas on a "protocol ecology," a soup of agents
(named after our crypto friends Alice, Bob, Charles, Eve, and so on)
interacting with cryptographic primitives and combining methods and
behaviors. (Basically, Koza-style genetic programming, but done with
method combination on primitives, rather than LISP- or C++-style
mutation and rewriting of code.)

I suspect this short description is not enough to make clear what I
have in mind...it took me an hour to flesh out the explanation to Ted
(and to others present, including Nick Szabo). It may have relevance
to digital cash schemes, and attacks and defenses, in terms of
evolving complex interactive protocols. (Think of Doug Lenat's
Eurisko, from the early 1980s.) I'll write more on this, and the work
I've been doing with SmalltalkAgents, when it's further along.

* Finally, some of our attendees at the local Cypherpunks
meetings--I'm thinking specifically of Scott Collins and Fen
LeBalme--have experience at General Magic and Apple with "Telescript"
and agents. Little word is leaking out on Telescript--our own Peter
Wayner could say little concrete about it in his article for "Byte"
several months back. But it could be very important.

So, there's a lot of exciting stuff going on. I'm convinced that the
vaunted tongue-twister of the 1960s and 70s, "mutually suspicious
cooperating agents," will come to the fore again. (If you don't get
this reference, sorry.)

Reputations, agents, agorics, and digital money. Living in perfect
harmony. I hope.

(I now return control of the Cypherpunks Channel to its normal
programming schedule of insults, babes, political correctness
lectures, rants about, to, and from Detweiler, and, on tonight's viewing
schedule, "Cayman Islands H.E.A.T."(*).

--Tim May

(* Who else considers it not a coincidence that the babelicious Alison
Armitage shares a last name--or close--with a denizen of Bill Gibson's
world? The cypher/cyberpunk connection we've all been hunting for?
Cyphermancer?)


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Fri Jul 22 00:16:13 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 22 Jul 94 00:16:13 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <199407220644.XAA26141@netcom.netcom.com>
Message-ID: <199407220716.AAA23701@netcom8.netcom.com>



> Is it just me, or has the administration just delivered the knock-out puch?
> 
> It seems that by abandoning the Clipper proposal for a software based
> system they managed to convince key industry groups (and soon the public?)
> to end their opposition to the fascist key escrow proposal. Cypherpunks, we
> are in deep trouble.

> -- Lucky Green <shamrock at netcom.com>  PGP public key by finger

I don't think so. Like others, I thing a stall is a stall...backing
off from the Capstone/Skipjack/Tessera/etc. Escrowed Encryption
Standard things will delay them while they regroup.

(It may also throw a monkeywrench into plans by Mykotronx, National,
and others to ramp up production....some more "incentivization" may be
needed.)

Others here will have a clearer idea than I have, but I don't think a
"software standard" is what is now being planned. Software-only
solution cannot possibly have the security that's needed (e.g., it's
too easy to go in and rewrite the offending portions, diddle with the
fields, etc.).

And stalling is good. The FBI guy Kallstrom was quoted as saying that
Digital Telephony had better be passed soon, because in a year to two
it would be too expensive to make mandatory!

The longer we monkeywrench these schemes, the more "degrees of
freedom" are out there, the more there is just no way to implement
either key esrow or centralized wiretapping.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Fri Jul 22 00:24:44 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 22 Jul 94 00:24:44 PDT
Subject: Please unsubscribe vtw-announce from com-priv list!
In-Reply-To: <199407220559.WAA10364@is.internic.net>
Message-ID: <199407220725.AAA24226@netcom8.netcom.com>


(Don't worry, I'm not including all 500 lines of the forwarded message
here!)

Could people *please* take care on what they forward to all of us?

Kent England either is sending us a message that's stale (action was
due two days ago), or he was sending a message to Shabbir and copied
both Shabbir and all of us on it, or....

In any case, the barrage of press releases, CPSR alerts, EPIC alerts,
and EFF bulletins are beginning to resemble "MAKE.MONEY.FAST" in their
volume and shrillness ("Sign this petition! Do it today! Do it now!").

I know many solid, serious Cypherpunks who used to read and post and
who now mostly don't. I can't say I blame them.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From thad at pdi.com  Fri Jul 22 00:28:31 1994
From: thad at pdi.com (Thaddeus Beier)
Date: Fri, 22 Jul 94 00:28:31 PDT
Subject: Gore's new and improved key escrow proposal
Message-ID: <9407220725.AA05372@fulcrum.pdi.com>


To: cypherpunks at toad.com
Subject: Re: Gore's new and improved key escrow proposal
>> Is it just me, or has the administration just delivered the knock-out puch?
>> 
>> It seems that by abandoning the Clipper proposal for a software based
>> system they managed to convince key industry groups (and soon the public?)
>> to end their opposition to the fascist key escrow proposal. Cypherpunks, we
>> are in deep trouble.
>> 

I feel the same way.  I posted an article from the Mercury News to here about
three weeks ago, reporting on a conference between the White House and
several private cryptography companies, where they were trying to work
out some kind of private sector EES.  So, this has been in the works for
some time.  I can dig up the article for anybody that would like to see it.

I'd buy stock in TIS, if it were a public company, I'd guess that they will
have the inside track on this.

thad
Thad Beier  Pacific Data Images  408)745-6755  thad at pdi.com






From bart at netcom.com  Fri Jul 22 02:00:42 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Fri, 22 Jul 94 02:00:42 PDT
Subject: WWW> Cryptography/PGP/Privacy Web page (fwd)
Message-ID: <199407220900.CAA22324@netcom10.netcom.com>


    I had never heard of this group, so though I'd forward the notice.
    The page looked pretty good too at first glimpse.

Forwarded message:
> From: franl at centerline.com (Fran Litterio)
> Newsgroups: comp.infosystems.announce
> Subject: Cryptography/PGP/Privacy Web page (via Centerline Software)
> Date: 16 Jul 1994 18:36:38 GMT
> 
> -----BEGIN PGP SIGNED MESSAGE-----
>  
> I've put together a World Wide Web page containing some interesting
> information for PGP users (and anyone else who's interested in crypto
> and privacy).  Some highlights:
>  
>   o A link to the PGP FAQ (in hypertext form) maintained at
>     Quadralay Corp..
>  
>   o Links to forms for looking up public keys from the public
>     keyserver network (and for submitting your own key).
>  
>   o PGP 2.6 and 2.3a documentation and quick reference pages.
>  
> The URL is:
>  
>   http://draco.centerline.com:8080/~franl/crypto.html
>  
> Let me know if you like it or have suggestions for how to improve it.
>  
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
>  
> iQCVAgUBLfeFJneXQmAScOodAQF3WgP8D8PyrasDkpBbUmK5yiL2+vmLhsAmyzdx
> LlM1cYrYmjbr9Fp7hfyvTiB5tT7mK9+wEC1PXQZNw+mV7asbd2GA9ZrbHV6wLYU7
> Hi14KMN4aPawneWRaZGGRmXNRh/kY+UaRTpCw8xNsw2dzMfD/xL5yLp9eNulHOXk
> a1tWLIM+210=
> =eSHm
> -----END PGP SIGNATURE-----
> --
> Fran Litterio                   franl at centerline.com (617-498-3255)
> CenterLine Software             http://draco.centerline.com:8080/~franl/
> Cambridge, MA, USA 02138-1110   PGP public key id: 1270EA1D
> 
> 
> 
> 
> 





From ebrandt at muddcs.cs.hmc.edu  Fri Jul 22 03:32:45 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Fri, 22 Jul 94 03:32:45 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <199407220716.AAA23701@netcom8.netcom.com>
Message-ID: <9407220946.AA12779@muddcs.cs.hmc.edu>


Tim May said:
> Others here will have a clearer idea than I have, but I don't think a
> "software standard" is what is now being planned. Software-only
> solution cannot possibly have the security that's needed [...]

My reading of the BSA blurb was that software key escrow really is
being planned: "software implementable [and] based on a non-classified
encryption formula".  Yes, this sounds pretty silly.  I don't see how
you could possibly prevent a rogue phone from interoperating with a
fascistic one.  Guess I need to snarf the original document.

   Eli   ebrandt at hmc.edu




From DAVESPARKS at delphi.com  Fri Jul 22 04:06:29 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Fri, 22 Jul 94 04:06:29 PDT
Subject: (Fwd) RE: Computer snoopers
Message-ID: <01HEZY4L92MA8ZFAD3@delphi.com>


John Young <jya at pipeline.com> asked:

> Want to play a game?

Sure, how about "Global Thermonuclear War", Joshua?  Just as soon as I
figure out how to make my acoustic coupler AUTODIAL like it did on the
movie. <g>

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From perry at imsi.com  Fri Jul 22 05:39:01 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 22 Jul 94 05:39:01 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul21.164935pdt.14430(3)@alpha.xerox.com>
Message-ID: <9407221238.AA06570@snark.imsi.com>



Mike_Spreitzer.PARC at xerox.com says:
> (1) I'm not an anarchist.  Does that make me out of place here?

No. This is not a list for anarchists. There are some prominent people
here that happen to be anarchists -- others are socialists,
conventional liberals, conventional conservatives, and every other
stripe. Hell, even the 700 Club folks hate key escrow.

Perry





From perry at imsi.com  Fri Jul 22 05:41:01 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 22 Jul 94 05:41:01 PDT
Subject: comeon**
In-Reply-To: <9407220038.AA04732@toad.com>
Message-ID: <9407221240.AA06578@snark.imsi.com>



"Gary Jeffers" says:
>    Lefty says I don't have the wit to speak for him. It would take no
> wit - just a person with the tastes of a bottom feeder.

Just to be clear, no one but me speaks for me, either.

Perry





From cme at tis.com  Fri Jul 22 06:04:19 1994
From: cme at tis.com (Carl Ellison)
Date: Fri, 22 Jul 94 06:04:19 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul21.164935pdt.14430(3)@alpha.xerox.com>
Message-ID: <9407221303.AA00981@tis.com>


if you really want to propose an escrow system we can live with,
I would demand that it include:

1.	unambiguous ID of the person being tapped in the LEAF-equivalent
2.	multiple escrow agencies, at least one of which is the NSA HQ
	(for its superior physical security)
3.	watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR,
	EFF, NYTimes, ...) with authorization to look for abuses of
	authority and to refuse to release keys in such cases and to
	publicize such cases as well as bringing them to the attention
	of law enforcement for prosecution.
4.	user-generated escrow keys, to reduce the chance of anyone having a
	backdoor way to get the whole escrow key database.





From adwestro at ouray.Denver.Colorado.EDU  Fri Jul 22 06:27:17 1994
From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope)
Date: Fri, 22 Jul 94 06:27:17 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221303.AA00981@tis.com>
Message-ID: <GTyBkaa0icK4067yn@ouray.denver.colorado.edu>


> if you really want to propose an escrow system we can live with,
> I would demand that it include:
[...]

Sorry, but there is NO escrow system I can live with -- I don't
care if John Gilmore is selected to head the escrow agency.


Alan Westrope                  <awestrop at nyx.cs.du.edu>
__________/|-,                 <adwestro at ouray.denver.colorado.edu>
   (_)    \|-'                  finger for pgp 2.6 public key
PGP fingerprint:  D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23





From perry at imsi.com  Fri Jul 22 06:37:48 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 22 Jul 94 06:37:48 PDT
Subject: Come On
In-Reply-To: <m0qRCdr-000tzpC@io.org>
Message-ID: <9407221337.AA06635@snark.imsi.com>



Cyber City says:
> CypherPUNKs is an offshoot of the cyberpunk paradigm, which can be
> stated as "high tech/lowlife".

Huh?

Where did you get that idea?

So far as I know, the name was picked because it was catchy because
the word "cyberpunk" was already in use. Most of us are not "punks" in
any real sense of the word (although of course some might be; there
are people on this list with dozens of different points of view and
lifestyles). I'm not an "offshoot" of anything, certainly not of a
William Gibson novel, and beyond all that, the notion that "cyberpunk"
was something real and not just a term for a style of SF novel has
very little support to it outside of certain cheap flashy magazines.

Perry





From perry at imsi.com  Fri Jul 22 06:41:40 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 22 Jul 94 06:41:40 PDT
Subject: by the way...
Message-ID: <9407221341.AA16126@webster.imsi.com>


For those who believe "the NSA can do ANYTHING" or some such, an
article in the New York Times claims the annual black budget now seems
to be hovering around $28 Billion per year, for ALL secret government
work. All the spy planes, CIA bribes, etc, come out of that pool. Its
a lot of money, but not enough to pay for really outlandish things,
like disk drives the size of Seattle to store exhaustive listings of
all possible DES encryptions.

Perry





From perry at imsi.com  Fri Jul 22 06:52:53 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 22 Jul 94 06:52:53 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221303.AA00981@tis.com>
Message-ID: <9407221352.AA06655@snark.imsi.com>



Carl Ellison says:
> if you really want to propose an escrow system we can live with,
> I would demand that it include:

I cannot conceive of an escrow system I could live with. I respect
some of the people broaching the concept, but I object to the very
idea. I will no more escrow my communications than I will agree to
speak only next to the microphones.

Perry





From Mike_Spreitzer.PARC at xerox.com  Fri Jul 22 07:50:28 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Fri, 22 Jul 94 07:50:28 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <199407220100.SAA08895@netcom8.netcom.com>
Message-ID: <94Jul22.075007pdt.14472(10)@alpha.xerox.com>


> > "Key escrow" is an attempt to implement the
> > cyberspatial analog of search.

> Nope. "Key escrow" is far broader...

The result is certainly broader.  Arguably too broad.  I was simply trying to
say that someone with the narrower motive of trying to implement warranted
searches in cyberspace might reach for key escrow as a solution.  Mainly for
lack of a narrower mechansim.

As I tried to say in paragraph (3), I don't think key escrow has to be
mandatory to have some value (whether it's enough to make it worthwhile is the
essence of the debate).  Nor do I think there's any point in outlawing
unbreakable cryptography --- your worst outlaws would use it anyway.  Also,
outlawing it would be more intrusive than required to implement warranted
searches --- aren't there some relationships (doctor/patient, lawyer/client,
priest/churchgoer) that the courts recognize as sacrosanct?  The only arguable
strategy, I think, would be for society to say "we're going to subsidize the
escrowed key infrastructure so that it will be enough cheaper and more
available that most criminals will opt for it for most usage" --- and rely on
the power of human stupidity to make it pay off.  This requires a comparison of
the cost of that public subsidy against the law enforcement payoff (and a
design for the distribution of who pays how much of that subsidy).  And depends
on being able to make a price and/or availability difference that's
significant.  And while Heinlein warns against underestimating the power of
human stupidity, I must say I wonder how long we could expect that most
criminals will remain insufficiently funded, educated, or motivated to avoid
using the escrowed key infrastructure for incriminating activities.  I'm not
sure how to evaluate any of these.





From Mike_Spreitzer.PARC at xerox.com  Fri Jul 22 08:29:06 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Fri, 22 Jul 94 08:29:06 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407220236.AA13439@ua.MIT.EDU>
Message-ID: <94Jul22.082855pdt.14405(2)@alpha.xerox.com>


Eight pieces seems too few to me.  It's too easy for gov't agencies to "lean
on" eight individuals or organizations (someone else suggested "watchdog"
groups as fragment holding agencies, but that doesn't seem very good.  Groups
can change over time, respond to pressure.  Putting a lot of fragments in a few
hands seems fairly fundamentally flawed).  I'd rather see thousands.  That way,
if Richard Nixon II launched a secret intimidation campaign against a group of
enemies (e.g., the Democrats, or the Republicans, or the Libertarians, or the
ACLU, or Sierra Club, or people opposed to the Haitian operation, or ...) ---
well, it couldn't be secret, because a lot of people would have to know about
it.  This also requires that key fragment holders know what their fragments are
for (the current Capstone architecture associates keys with devices, not
people; whether that should be so is another discussion).  Of course, this also
diminishes the secrecy of the wiretap: if a wiretap is warranted on The
Godfather's office phone, what are the odds that someone the FBI doesn't know
is working (indirectly) for him will hold a fragment?  Maybe that's just a
price that has to be paid.

What incentive can be given to the fragment holders to get them to take strong
measures to protect the secrecy of those fragments?  Also, if a key is split
into N fragments, and there are k keys per capita (how many telephones do we
have today per capita?), each person needs to hold kN fragments (even more if
we restrict holders to, say, adult citizens).  Can we expect everybody to spend
what it takes to hold kN fragments securely?

I've also wondered about another way to protect against abuse.  There's been
some discussion on this list about cryptographically strong time locks: a way
to reveal something at a predetermined time in the future.  I didn't follow it
closely at the time, and don't know how feasible they are (in general, or for
this application).  But if they could be implemented, how about requiring the
fact of a wiretap to be published M months after it's started?  Again, I mean
in a cryptographically strong way: you couldn't get the key you need for the
wiretap without committing to revealing, M months hence, the fact that you've
done so.

I've also tried to pursue the analogy to current mechanisms with regard to
physical searches.  This analogy breaks down in a fairly important way:
physical searches generally reveal to the searchee the fact that they've taken
place; this means Nixon can't conduct a secret campaign against a group of
people --- they'd notice they're all subjects.  But a good feature of the
current system that *could* be carried over to cyberspace is that the physical
privacy of my house is under the jurisdiction of a local court --- and the
physical privacy of *your* house is under the jurisdiction of a *different*
court.  We don't have just a few "escrow agencies" that protect everybody; we
have lots of agencies, each of which protects a small fraction of us.  This
also works against being able to keep widespread abuse secret.





From lefty at apple.com  Fri Jul 22 08:34:17 1994
From: lefty at apple.com (Lefty)
Date: Fri, 22 Jul 94 08:34:17 PDT
Subject: Come On
Message-ID: <9407221533.AA18029@internal.apple.com>


Ray writes:
>
>   I'm not going to fall into the trap, so I won't bother responding.

Spider Robinson was right!  God _is_ an iron.

Too late, Ray.

>> Off by a millimeter at the arrow's point; off by a mile at the target.
>
>  You shouldn't think out loud. But your reflections on your own 
>behavior are quite on the mark.

"I know you are, but what am I?"

_Very_ impressive.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From lefty at apple.com  Fri Jul 22 08:34:22 1994
From: lefty at apple.com (Lefty)
Date: Fri, 22 Jul 94 08:34:22 PDT
Subject: comeon**
Message-ID: <9407221533.AA18026@internal.apple.com>


>   Lefty says I don't have the wit to speak for him. It would take no
>wit - just a person with the tastes of a bottom feeder. Lefty, aren't
>you the little shit who brutally flamed  Nobody for using a pseudonym?

Er, no, I'm not, which renders the rest of your posting even more
content-free than it would otherwise have been, if such a thing were
possible.

>Lefty? is that your first or last name? Do you have a last name? Are
>you sure? Say, hero, what is your true name?

I'd tell you, but you haven't demonstrated a need to know.  Or a capacity
to understand.

>   Lefty, do I have you all wrong, or are you one of those guys who
>hang back from a fight till you see your opponent is outnumbered?

Given that you're your own worst enemy, being outnumbered would seem to be
a chronic situation for you.  You don't qualify as an "opponent", Mr.
Jeffers.  Or even an hors d'oeuvre.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From solman at MIT.EDU  Fri Jul 22 08:38:08 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 22 Jul 94 08:38:08 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul22.082855pdt.14405(2)@alpha.xerox.com>
Message-ID: <9407221537.AA15026@ua.MIT.EDU>


> Eight pieces seems too few to me.  It's too easy for gov't agencies to "lean
> on" eight individuals or organizations (someone else suggested "watchdog"
> groups as fragment holding agencies, but that doesn't seem very good.  Groups
> can change over time, respond to pressure.  Putting a lot of fragments in a
> few hands seems fairly fundamentally flawed).  I'd rather see thousands.

The point here is that if the evil government wants to go busting in on
your conversations without a warrant, it can't. Even if they cheated and
looked in the escrow for the names of you secret holders, they'd have to
show them a warrant. The government couldn't try pressuring that many people
before one of them blabbed and that would lose those folks doing the
pressuring their jobs and quite probably result in prison time and political
ramifications.

I still don't like the idea of escrows because it assumes that I have
something to hide, but if you have to do an escrow, I thing eight people
is fine.

JWS





From Mike_Spreitzer.PARC at xerox.com  Fri Jul 22 08:52:37 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Fri, 22 Jul 94 08:52:37 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407220236.AA13439@ua.MIT.EDU>
Message-ID: <94Jul22.085205pdt.14526(9)@alpha.xerox.com>


> ...The cost of conducting these negotiations in the
> physical world is enourmous.
>
> The cost of conducting these negotiations in the real world is negligible...

Is "the real world" a typo?  I suspect you mean something like "in cyberspace".
I'm not familiar with the line of reasoning you're referring to here.  I suspect
it's a large topic.  Does it rest on the assumption that cyberspace and the physical
world are largely disjoint?  I think they're not.  Activities in cyberspace often
"are about" or "have influence on" the real world.  Sometimes vice versa.
Doesn't this mean laws can't be divided into those about the physical world
vs. those about cyberspace, but must in fact be about both?





From hfinney at shell.portal.com  Fri Jul 22 08:52:46 1994
From: hfinney at shell.portal.com (hfinney at shell.portal.com)
Date: Fri, 22 Jul 94 08:52:46 PDT
Subject: Voice/Fax Checks
Message-ID: <199407221554.IAA02325@jobe.shell.portal.com>


Robert Hettinga writes:

>As someone who's been thrashing this a little bit, I've gotten stuck on
>exactly how to "*undercut*" the transaction costs of existing methods.  Got
>any ideas?  Are those transaction costs as a percentage of total cost
>meaningful enough to embue digital cash with the rocket-like competitive
>advantage we hope for?

It's pretty clear that credit cards don't work for some of the transactions
people want to do:

1) one-cent and fractional-cent charges for connecting to a useful Web
page or ftp site.  A useful resource like this wouldn't have to charge much
on a per-user basis to fund the equipment and people.

2) Transactions with individuals or small companies who are not VISA clients.
It's not that easy for a mail-order shoestring startup to get the ability to
accept VISA cards.  Because of the danger of fraud, the credit card companies
like to see a storefront and/or some previous history.  Someone who writes a
nifty PGP shell and wants to sell it for $10 per will have this problem.

3) People who don't like giving out their credit card numbers to an unknown
email address.  This is the flip side of the above.  The danger of fraud is
always present, and the more people I've given my card number to, the more
chance that I'll get burned.  Of course most states have protection laws in
place, but it's still going to be a major hassle.

Now, 2 and 3 can probably be addressed by electronic checks, and I think the
secure Mosaic announcement included that possibility.  I suspect that echecks
are a considerably stronger competitor to ecash than today's credit-card
infrastructure.  For one thing, an echeck can be sent in the clear, while
ecash has to be sent encrypted; an eavesdropper can spend ecash but not an
echeck.

Example 1, the fractional-cent transaction, will be tough to address by any
technology IMO.  Even with ecash, there are a lot of questions.  Is it on-
line or off-line?  Does the server actually try to validate each half-cent
or does it just trust people?  If the latter, how much fraud is likely, and
how would we track down and penalize the half-cent counterfeiters?  Solving
these problems is going to add overhead which will make it hard to deal with
such small sums efficiently.  How many cash businesses sell low-value items
for pennies today?  Not many.

>Light dawns on Marblehead. (Massachusetts joke).  Isn't the point of
>digital cash that you *can* send it through unsecure mail and buy things?

No, I don't think you can.  Ecash can generally be cashed by the bearer
so it has to be sent through secure mail.  That is why I was saying that
echecks might be better for those purposes.

I don't understand the Telescript agent world well enough to judge whether
it would drive a market for ecash.  I have the impression that at least with
the initial implementations the agents will not be on the Internet as we
know it but rather on a separate AT&T network of special servers.  So they
may not have much impact for a while on the "net" as we know it.

Hal





From hfinney at shell.portal.com  Fri Jul 22 09:04:11 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 22 Jul 94 09:04:11 PDT
Subject: Double DES calculations
Message-ID: <199407221605.JAA03638@jobe.shell.portal.com>


I missed the start of this double-des thread due to system problems and
being gone, and I've never been able to pick up the main point since.  It
sounds like some kind of meet-in-the-middle attack is being discussed.
It is true that with current technology MITM generally seems more costly
in terms of space than time.  However, I have seen references to techniques
which shift this tradeoff some, costing more time and less space.  Un-
fortunately, I can't remember where I saw them!

I'll give you one similar example, though.  I think this is the technique
used in Pollard "rho" factoring.  You have an iterated series, x=f(x), and
you want to know if it has any cycles, any values which are eventually
repeated.  At first glance you might think that to look for a cycle of
length N you would have to store N values of the series and check each
value for a match, taking order of N in time and space.  The Pollard tech-
nique instead runs two copies of the iteration at once, one twice as fast
as the other: x=f(x) and y=f(f(y)).  Each time you just compare x and y
for a match.  This takes about twice as long but uses no memory.

The moral is, be cautious about feeling safe against MITM attacks purely
because of memory limitations.  If you don't have protection on the time
costs as well there may be a tradeoff which can kill you.

Hal





From sandfort at crl.com  Fri Jul 22 09:14:20 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 22 Jul 94 09:14:20 PDT
Subject: Come On
In-Reply-To: <m0qRCdr-000tzpC@io.org>
Message-ID: <Pine.3.87.9407220843.A1642-0100000@crl2.crl.com>


C'punks,

Okay, I'm getting just a little tired of this thread.  I've addressed 
several posts in private e-mail, but I think one public statement is 
required.

On Fri, 22 Jul 1994, Alex Brock, addressing Connie Sadler, wrote:

> . . .
> CypherPUNKs is an offshoot of the cyberpunk paradigm, which can be
> stated as "high tech/lowlife".  There are no claims of professionalism
> as far as I know.  If cypherpunks share a common attribute, it is
> probably their enjoyment of the _practice_ of encryption and related
> disciplines.

Yet another list member volunteers to speak for the group.  If Alex want 
to be a "low life," so be it.  Just don't drag the rest of us along.  I 
thought Cypherpunks were interested in taking positive steps to protect 
privacy.  Connie has told us she shares that goal, so I think that makes 
her just as much a Cypherpunk as the rest of us "lowlifes."

> I did not notice anyone insult you personally.  Surely if you find the
> language offensive, the solution is to filter your mail, or else 
> unsubscribe.

By the same token, Alex, nobody personally pulled your chain, either. 
Maybe you should filter Connie from your mail, or else unsubscribe. 

My fellow Cypherpunks, "can't we all just get along?"  Let's continue to
focus on privacy.  Isn't that what we're here for?


 S a n d y

P.S.  I've exchanged e-mail with Connie.  She's very nice and very much 
      on our side.  A good recruit for Cypherpunks.









From jgostin at eternal.pha.pa.us  Fri Jul 22 09:17:10 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 22 Jul 94 09:17:10 PDT
Subject: (None)
Message-ID: <940722112306v8tjgostin@eternal.pha.pa.us>


adwestro at ouray.Denver.Colorado.EDU (Alan Westrope) writes:

> Sorry, but there is NO escrow system I can live with -- I don't
> care if John Gilmore is selected to head the escrow agency.
     Here Here! I don't care if I'M selected to head the escrow agency. I
don't (or wouldn't) trust any of my underlings with my security.

                                             --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From berzerk at xmission.xmission.com  Fri Jul 22 09:28:09 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 22 Jul 94 09:28:09 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221303.AA00981@tis.com>
Message-ID: <Pine.3.89.9407221006.A14286-0100000@xmission>



On Fri, 22 Jul 1994, Carl Ellison wrote:
> if you really want to propose an escrow system we can live with,
> I would demand that it include:
> 1.	unambiguous ID of the person being tapped in the LEAF-equivalent
WHAT!

Why in the hell would you want to do that.  Just identify the piece of 
equipment that is sending it.  Let the wiretap guys sort throught it like 
they do now.

Berzerk.





From berzerk at xmission.xmission.com  Fri Jul 22 09:33:09 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 22 Jul 94 09:33:09 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul22.082855pdt.14405(2)@alpha.xerox.com>
Message-ID: <Pine.3.89.9407221055.A14286-0100000@xmission>




On Fri, 22 Jul 1994 Mike_Spreitzer.PARC at xerox.com wrote:
> Eight pieces seems too few to me.  It's too easy for gov't agencies to "lean
> on" eight individuals or organizations (someone else suggested "watchdog"
> groups as fragment holding agencies, but that doesn't seem very good.  Groups
> can change over time, respond to pressure.  Putting a lot of fragments in a few
> hands seems fairly fundamentally flawed).  I'd rather see thousands.  That way,
NO, what you really need to do is tackle the issue of the government 
rounding up keys in mass, and instituting an orwellian system of spying.  
To do this, simply make it legal for the escrow agencies to distroy their 
database as a whole, in fact, make it a REQUIREMENT that they distroy 
their database if necessary and enact measures to protect it from abuse.

Berzerk.





From solman at MIT.EDU  Fri Jul 22 09:43:15 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 22 Jul 94 09:43:15 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <94Jul22.085205pdt.14526(9)@alpha.xerox.com>
Message-ID: <9407221642.AA15351@ua.MIT.EDU>


> > ...The cost of conducting these negotiations in the
> > physical world is enourmous.
> >
> > The cost of conducting these negotiations in the real world is 
negligible...
> 
> Is "the real world" a typo?  I suspect you mean something like "in
> cyberspace".

:) It is most certainly a typo.

> I'm not familiar with the line of reasoning you're referring to here.  I
> suspect it's a large topic.  Does it rest on the assumption that cyberspace
> and the physical world are largely disjoint?

> I think they're not.  Activities in cyberspace often
> "are about" or "have influence on" the real world.  Sometimes vice versa.
> Doesn't this mean laws can't be divided into those about the physical world
> vs. those about cyberspace, but must in fact be about both?

You are entirely missing my point. The superior efficiency of cyberspace,
its low transaction costs, have created possibilities there that can not
exist in the physical realm.

In both realms people have different wants and desires. Because they interact
with each other, the actions of one individual can have an impact upon the
actions of other individuals. Without any form of social agreement, there
would be no security, no certainty about anything. This can be highly
inefficient. There is no point in starting a big project today, if there
is a high probability that somebody will kill you tomorrow. There is no
point in doing something that other people would find useful if there is
no mechanism for you to exchange it with them for services that you find
useful.

To circumvent this inefficiency, individuals enter into contracts with one
another. A and B might agree not to kill each other. In exchange for giving
up this element of their freedom, they get security. Security has value.
It enables them to undertake long term projects that might otherwise not have
been possible. But a contract like this is not useful without some mechanism
of enforcement, so A and B have to agree to pay for some sort of policeman.
This policeman would receive compensation for enforcing the contract between
A and B.

HERE IS THE DIFFERENCE BETWEEN THE PHYSICAL WORLD AND CYBERSPACE.

In the physical realm, in order for a contract like this to work, large
numbers of people have to be bound to it. This is true for the following
reasons:

A) The number of people bound under the contract must be large enough to make
it unlikely that the policeman can control them or break his contract.

B) Negotiating a contract like this takes alot of time. The compensation for
the policeman has to be determined. The mechanisms for disciplining murderers
(and determining guilt) have to be determined. The mechanisms for enforcing
the contract between the police and the people have to be determined. The
mechanisms for determining how much each person will be required to pay have
to be determined.

This is an extraordinarily inefficient procedure in the physical world. To
deal with this inefficiency we have developed laws. Laws specify that all
sentient individuals within a given area have to agree to a specific contract.
There is no contract negotiation, there is just a contract that automatically
applies and because a substantial majority of the individuals within a given
locality respect the laws, this system works. In fact legal systems are highly
inefficient artifacts in the physical world.

In cyberspace, the two motivations for extending contracts to all
participants (i.e. having uniform laws) are no longer present. Point A
is no longer true. You don't need to have an enforcing policeman whose
power is balanced by the large number of people he protects, cryptography
can take the policeman's place as the contract enforcer. Point B is no
longer valid because the entire negotiation process can be automated by
computer with negligible transaction costs.

Without any motivation for laws, individuals can get their security through
personal contracts with other individuals. If you don't want to worry about
fraud, subscribe to a fraud protection agency that you like. Any individual
agent that wants to make you an offer will have to first be approved by the
fraud protection agency. In exchange for this approval, the agent will pay
the protection agency money and then pass along that cost to consumers that
required the approval. Alternatively, the agent can agree not to violate the
rules of the FPA, and give the FPA a deposit. If the agent screws up, victims
of fraud could collect recompense via the method of adjudication specified
by the FPA. If the agent isn't willing to agree to the fules of the FPA,
then the user and that agent just won't do business. There can be thousands
upon thousands of FPAs in a scheme like this and individual FPAs can offer
all sorts of protection plans.

In the real world a system like this could never be implemented, the cost
of administering it would be too great. How could stores know what standard
of honesty was required for each individual customer if different customers 
lived under different laws? The store has to be notified of the specific
rules governing a specific customer. The store has to pay a tiny amount
to the FPA. It has to be verified that this amount is collected. The store
must then alter its sales strategy for the customer.

This would clearly no work in the real world. If I wanted to buy a 
watermelon slush outside of the Kendal T (something I am about to do)
it would cost me about $200 in transaction costs beyond the $1 for the
slush. This is where the difference lies. It simply becomes feasible to
have individually tailored social contracts once you enter cyberspace.
Individuals with incompatible social contracts simply can't communicate
with one another. You get absolute freedom AND absolute security.

JWS





From ben at Tux.Music.ASU.Edu  Fri Jul 22 09:46:56 1994
From: ben at Tux.Music.ASU.Edu (Ben Goren)
Date: Fri, 22 Jul 94 09:46:56 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221303.AA00981@tis.com>
Message-ID: <Pine.3.89.9407220929.A3538-0100000@Tux.Music.ASU.Edu>


On Fri, 22 Jul 1994, Carl Ellison wrote:

> if you really want to propose an escrow system we can live with,
> I would demand that it include:
> 
> [four "features" deleted]

And just who is going to pay for this system? And why should they? And 
why should anybody else use it when there're so many other alternatives?

Heck, for that matter, how are you going to get all users of Norton 
Encrypt to escrow their DES keys? After all, they might have the disarm 
codes for their homebuilt nuke encrypted with that.

Just say NO to key escrow.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): We won! Clipper is dead!
 But be sure to oppose escrowed keys. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.





From gtoal at an-teallach.com  Fri Jul 22 10:03:02 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 22 Jul 94 10:03:02 PDT
Subject: Gore's "new and improved" key escrow proposal
Message-ID: <199407221703.SAA26235@an-teallach.com>


: From: Eli Brandt <ebrandt at muddcs.cs.hmc.edu>
: Tim May said:
: > Others here will have a clearer idea than I have, but I don't think a
: > "software standard" is what is now being planned. Software-only
: > solution cannot possibly have the security that's needed [...]

: My reading of the BSA blurb was that software key escrow really is
: being planned: "software implementable [and] based on a non-classified
: encryption formula".  Yes, this sounds pretty silly.  I don't see how
: you could possibly prevent a rogue phone from interoperating with a
: fascistic one.

... except by legislation.  Make no bones about it, this is the start of
the final attack to outlaw non-escrowed encryption.

G





From solman at MIT.EDU  Fri Jul 22 10:09:44 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 22 Jul 94 10:09:44 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407221554.IAA02325@jobe.shell.portal.com>
Message-ID: <9407221709.AA15468@ua.MIT.EDU>


Well here are the answers that I'm working with in my model:

> Example 1, the fractional-cent transaction, will be tough to address by any
> technology IMO.  Even with ecash, there are a lot of questions.  Is it on-
> line or off-line? Does the server actually try to validate each half-cent
> or does it just trust people?  If the latter, how much fraud is likely, and
> how would we track down and penalize the half-cent counterfeiters?  Solving
> these problems is going to add overhead which will make it hard to deal with
> such small sums efficiently.  How many cash businesses sell low-value items
> for pennies today?  Not many.

First, what you set up has to work off-line. At the same time, validation,
by its very nature, is a process that can only be accomplished online. The
part of my code that I am in the middle of right now (and strugling with)
uses a distributed dynamic hashing scheme (with some attempt at periodic
space minimalization [this is what is making it tricky]) whereby information
is recorded in the public system such that if one part of a bill is used
twice, the cheat's identity is revealed. If two people try to record the
same payment, the person who records it first (according to a distributed
byzantine agreement algorithm) gets the money. Now if its a small amount,
you can feel comfortable dealing with it off-line. If its a large amount,
you want to hold off closing the transaction until you get confirmation
that the payment which you recorded has been accepted by the majority as
the first. Clearly this is not at all simple, but it is provably do-able.
And its my attempt to do this that led me to join this list (although
the complex parts have turned out to be dealing with the perfect hashing
that makes things scalable and not cryptography.)

For types of small transactions that will be executed frequently, the
best idea is to establish accounts. In my system, when ever an agent
enters somebody else's computer, it gives the local wizard (the agent
with the final say on computational cycles, storage space, and
communications) a deposit which neither the agent nor the wizard can
cash without agreement by both [do public validation and recording
but hold off on the last steps which allow the wizard to use the money].
The money is thus recorded globally as having been spoken for. Then, for
all transactions on the local machine, the agent simply uses its local
account, just as anybody would in a much simpler bank-based protocol,
like the ones we have now.

So effectively, tiny transactions are taken care of differently (although
there is no reason why this has to be the case other than efficiency [you
actually have to pay the global community for validating everything so
it is simply cheaper to use account based ecash]).

> >Isn't the point of
> >digital cash that you *can* send it through unsecure mail and buy things?

> No, I don't think you can.  Ecash can generally be cashed by the bearer
> so it has to be sent through secure mail.  That is why I was saying that
> echecks might be better for those purposes.

I don't agree on this point. I prefer license based e-cash which is modified
on each transaction (and unfortunatelly gets slightly bigger -- the downside
of this method). If we're going to make the conversion to ecash, we might
as well make it as powerful as mathematics will allow.

> I don't understand the Telescript agent world well enough to judge whether
> it would drive a market for ecash.  I have the impression that at least with
> the initial implementations the agents will not be on the Internet as we
> know it but rather on a separate AT&T network of special servers.  So they
> may not have much impact for a while on the "net" as we know it.

Where can I find information about telescript?

JWS





From hughes at ah.com  Fri Jul 22 10:27:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 22 Jul 94 10:27:22 PDT
Subject: Small transaction amounts
In-Reply-To: <9407211652.AA09087@ua.MIT.EDU>
Message-ID: <9407221704.AA29638@ah.com>


   Not yet. But I'm just a few weeks away from Alpha testing a very
   large web-based project which has all sorts of agents interacting
   with each other and dealing in very small amounts of money. It
   includes a second rate (but effective) digital cash protocol.

In a closed computational environment, there is no need for
cryptographic digital cash.  Telescript, for example, is a closed
computational environment, at least now.  Inside such an environment,
one can rely upon the fact of closure for security in money transfer.
The operators of the closed place provide an assurance that running
the agents will be done as expected, and that funds will flow as
expected.

I can't tell from the above quotation whether the project is closed in
this way or not.  Verbum sapienti ...

The cost of cryptographic computation, database lookups, and amortized
staff time (the most expensive, and not getter cheaper nearly as fast
as the others) for each transaction has some characteristic minimum
value.  The transactions cleared through such a system will have their
own minimum, which will be on the order of the cost of provision.

One can create closed environments expressly for the purpose of doing
this kind of low-cost low-level transaction.  These systems have
reduced resource requirements and will always be cheaper to operate
than a full scale digital cash scheme.

The closure, however, of these systems means that they don't scale.
That's bad, fatal, in fact.  That doesn't mean that closed systems
will disappear, merely that the largest systems must be open.

What is desirable economically is that the boundary between closed
clearance systems and open clearance systems be porous enough that the
market can find an optimal distribution between the two varieties.

Eric





From cme at tis.com  Fri Jul 22 11:17:39 1994
From: cme at tis.com (Carl Ellison)
Date: Fri, 22 Jul 94 11:17:39 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <Pine.3.89.9407221006.A14286-0100000@xmission>
Message-ID: <9407221816.AA24181@tis.com>


>Date: Fri, 22 Jul 1994 10:27:30 -0600 (MDT)
>From: Berzerk <berzerk at xmission.xmission.com>
>Subject: Re: "Key Escrow" --- the very idea

>On Fri, 22 Jul 1994, Carl Ellison wrote:
>> if you really want to propose an escrow system we can live with,
>> I would demand that it include:
>> 1.	unambiguous ID of the person being tapped in the LEAF-equivalent
>WHAT!
>
>Why in the hell would you want to do that.  Just identify the piece of 
>equipment that is sending it.  Let the wiretap guys sort throught it like 
>they do now.

1.	I'm not a fan of key registration

2.	If it were forced down my throat, I want to make sure that
	the escrow agents can form a list of people being tapped so that
	they can detect abuses and possibly notify those tapped that
	they've been compromised.  They can't do that without either an
	ID of the equipment owner or some communciations/routing path
	which can map from equipment ID to my addr/phone/e-mail (to
	notify me).

	In other words, I want to see this hypothetical escrow agent
	(or one of the many) as someone protecting my rights against the
	interests of a tapping agency.

 - Carl







From jrochkin at cs.oberlin.edu  Fri Jul 22 11:32:01 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 22 Jul 94 11:32:01 PDT
Subject: clipper and export
Message-ID: <199407221831.OAA10336@cs.oberlin.edu>


Is anyone else distrubed by the way that encryption export policy and the
clipper chip seem to be linked {in administration policy, and in the
press?
The letter from Gore to Cantwell certainly indicates this. He got her
to refrain from trying to liberalize export by saying that he'd look
into relaxing clipper. 
This seems awfully insidious, for a variety of reasons. I think everyone
has got to make greater efforts to seperate these two issues in the public
s mind. If we need to prevent encryption export for national security
reasons, as the administration alleges, then that doesn't neccesarily
have any relation on whether we need to adopt key escrow too.And if 
key escrow is neccesary for law enforcement, as they allege, that doesn't
say _anything_ about whether encryption export should be liberalized
or not. 
Of course, scrutinizing administration policy revelas the link without
too much dificulty. They want to make clipper a de facto standard, and
the only way they're going to be able to accomplish this is by 
refusing to allow exportation of anything _but_ clipper. But the 
administration isn't publically giving this line of reasoning, because
it makes them look bad, and shows that they are mis-using the legislation
that allows them to ban exportation of encryption for their own pro-Clipper
strategies. But they still manage to link the two issues, as in the 
"compromise" with Ms. Cantwell, without giving any good reason
for the two issues to be related!
I don't think we should let them get away with this. If the two
issues are going to be linked like this, we the public have got to demand
and explanation or rational for doing this. Why did the administration
basically offer to re-think clipper _if_ Cantwell didn't try to 
liberalize export? And when they can't give a good answer, we the cypherpunks
have got to offer our explanation.
 
As it is, they're getting a tactical olitical freebie. They've managed to 
link the issues of export restrictions and clipper such that Joe Public
sees how the policies are linked, _without_ giving any actual reasons
for the link, because those reasons would make them look so bad.





From cactus at bb.com  Fri Jul 22 11:34:34 1994
From: cactus at bb.com (L. Todd Masco)
Date: Fri, 22 Jul 94 11:34:34 PDT
Subject: No Subject
In-Reply-To: <199407221826.OAA14481@bb.com>
Message-ID: <199407221840.OAA14598@bb.com>



hfinney at shell.portal.com writes:
 > It's pretty clear that credit cards don't work for some of the transactions
 > people want to do:
 > 
 > 1) one-cent and fractional-cent charges for connecting to a useful Web
 > page or ftp site.  A useful resource like this wouldn't have to charge much
 > on a per-user basis to fund the equipment and people.

True.  This is a big problem that can't be addresses through credit cards,
 due to per-transactions costs.  However, one could cache transactions,
 perhaps even through a central agent, until the amounts were great enough
 (say, $5) to use the mechanism.

 > 2) Transactions with individuals or small companies who are not VISA
 > clients. It's not that easy for a mail-order shoestring startup to get
 > the ability to accept VISA cards.  Because of the danger of fraud, the
 > credit card companies like to see a storefront and/or some previous
 > history.  Someone who writes a nifty PGP shell and wants to sell it for
 > $10 per will have this problem.

Not true.  Teleflora is a company that sells automatic processing software
 and also will be a front-end to credit card companies.  You pay 'em, you
 get your merchant ID and go, and start getting checks every so often.

Additionally, more and more agents are appearing out there who are perfectly
 willing to serve as intermediaries.  Bibliobytes, for example, is soon
 going to expand its services to offer not just books but any software that
 people wish to sell (once we have our processing fully automated and the
 bugs cleared out -- books are just a boot-strap mechanism).

I see a lot of great ideas for e$ out there, but I think they all suffer
 from a central fault: there's no easy transition from the way people do
 business in the real world to an e$ model.  IMO, you've got to base a system
 in the way people are used to working and make a gentle transition, or
 it's simply going to fail purely on the learning curve.
--
L. Todd Masco  |  Books on computer available through any UNIX host with e-mail
cactus at bb.com  |  "Information wants to be free, but authors want to be paid."





From collins at newton.apple.com  Fri Jul 22 11:47:20 1994
From: collins at newton.apple.com (Scott Collins)
Date: Fri, 22 Jul 94 11:47:20 PDT
Subject: catalyst remailer closed
Message-ID: <9407221846.AA06194@newton.apple.com>


Cypherpunks,

For those of you who have not seen my public policy on the use of the
catalyst remailer, this excerpt:

  >  - 3 -  I do not own the machine my remailer is running on.  In fact it is
  >         a commercial system.  Be nice.  If they ask me to stop running my
  >         remailer on their system... I will.  Additionally, you implicitly
  >         accept all the risks associated with trusting somebody elses
  >         machine.

After a rash of abuses, I received a polite notification from NETCOM that
it is now their policy to prohibit the running of remailers out of user
accounts, and a request to close down my remailer.

  >Therefore, you are hereby directed to disable your anonymous
  >remailer immediately.

That particular sentence may sound harsh, but it was set in very civil
message.  I just think they wanted me to get the point.

The catalyst remailer has been shut down.  While NETCOMs policy prohibits
remailers, it will not open again on NETCOM hardware.

Scott Collins     | "Invention, my dear friends, is 93% perspiration,
                  |  6% electricity, 4% evaporation, and 2% butter-
  collins at acm.org |  scotch ripple."                   -- Willy Wonka
..................|..................................................
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
408.862.0540   fax:974.6094   R254(IL5-2N)   collins at newton.apple.com
.....................................................................
408.257.1746  1024:669687                         catalyst at netcom.com







From hfinney at shell.portal.com  Fri Jul 22 12:13:21 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 22 Jul 94 12:13:21 PDT
Subject: Voice/Fax Checks
Message-ID: <199407221914.MAA18128@jobe.shell.portal.com>


JWS writes:

>Well here are the answers that I'm working with in my model:

>First, what you set up has to work off-line. At the same time, validation,
>by its very nature, is a process that can only be accomplished online. The
>part of my code that I am in the middle of right now (and strugling with)
>uses a distributed dynamic hashing scheme (with some attempt at periodic
>space minimalization [this is what is making it tricky]) whereby information
>is recorded in the public system such that if one part of a bill is used
>twice, the cheat's identity is revealed.
>[...]
>For types of small transactions that will be executed frequently, the
>best idea is to establish accounts. In my system, when ever an agent
>enters somebody else's computer, it gives the local wizard (the agent
>with the final say on computational cycles, storage space, and
>communications) a deposit which neither the agent nor the wizard can
>cash without agreement by both [do public validation and recording
>but hold off on the last steps which allow the wizard to use the money].
>The money is thus recorded globally as having been spoken for. Then, for
>all transactions on the local machine, the agent simply uses its local
>account, just as anybody would in a much simpler bank-based protocol,
>like the ones we have now.

This seems like a good approach for a lot of cases.  You end up having
three classes of transactions: small, medium, and large, with slightly
different strategies for each.  For large, you do on-line checking; for
medium, you detect double-spending after the fact and use crypto to find
his identity; and for small you set up an account and dip into that a bit
at a time.  I am curious about whether you are focussing more on some size range
in your plans.

One problem I still see is the small transaction where you don't tend to
use the same provider again and again.  On the net there are a few sites
(well, quite a few, I suppose) which are heavily used, but there are a
lot of places I might like to just browse through.  Paying a penny per
site isn't going to bother me much, but if I have to set up an account
for each one ahead of time I'm probably not going to bother.  So I still
think there are problems with the fractional-cent-per-web-site model
which I have been hearing about.

>I don't agree on this point. I prefer license based e-cash which is modified
>on each transaction (and unfortunatelly gets slightly bigger -- the downside
>of this method). If we're going to make the conversion to ecash, we might
>as well make it as powerful as mathematics will allow.

Is this an approach where you determine to whom you will be sending the cash,
then make it into a "check" which can only be spent by that recipient?
Doesn't that require the bank's (cash issuer's) help?  Or is this something
else?

Hal





From tcmay at netcom.com  Fri Jul 22 12:34:13 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 22 Jul 94 12:34:13 PDT
Subject: clipper and export
In-Reply-To: <199407221831.OAA10336@cs.oberlin.edu>
Message-ID: <199407221934.MAA03997@netcom4.netcom.com>


Jonathan Rochkind wrote:

> Is anyone else distrubed by the way that encryption export policy and the
> clipper chip seem to be linked {in administration policy, and in the
> press?

Well, we helped made this connection happen! We, in the sense of the
overall letter-writing campaign...all those exhortations for us to
please get the Cantwell Bill moved along, those daily updates, etc.
EFF, CPSR, EPIC, and messages here on Cypherpunks and in other fora
(or forums).

> The letter from Gore to Cantwell certainly indicates this. He got her
> to refrain from trying to liberalize export by saying that he'd look
> into relaxing clipper. 
> This seems awfully insidious, for a variety of reasons. I think everyone

To be expected, given the nature of the lobbying effort.

> I don't think we should let them get away with this. If the two
> issues are going to be linked like this, we the public have got to demand
> and explanation or rational for doing this. Why did the administration

I agree with Jonathan's sentiments, though I get nervous hearing
buzzwords like "demand" and "let them get away with this." The will do
what states always do, accomodate interests. Maria Cantwell has,
partly by our actions, become a "player" in this high-stakes game. Her
motivations and goals may or may not agree with some of ours, and
certainly they collide with some views (e.g., I doubt she's an
anarchist).

Though I sent the obligatory "I oppose Clipper" and "I support the
Cantwell Bill" messages, I think we as Cypherpunks have a more
powerful hand to play than getting involved too deeply in the
Washington lobbying that's obviously going on here.

I reject key escrow, and I don't worry overmuch about export of crypto
or what it does to the competitiveness of Novell and Microsoft. (By
this I mean that end-to-end encryption is usually a big win over
product-integrated, officially-sanctioned crypto....and no export laws
will stop powerful, unofficially-sanctioned end-to-end crypto from
being used.)

Sure, support open export. But don't make it the cause celebre of
Cypherpunks, or the outcome that Jonathan bemoans will be inevitable.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From rah at shipwright.com  Fri Jul 22 12:55:30 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 22 Jul 94 12:55:30 PDT
Subject: e$: a long enough lever...
Message-ID: <199407221953.PAA19415@zork.tiac.net>


>
>Not true.  Teleflora is a company that sells automatic processing software
> and also will be a front-end to credit card companies.  You pay 'em, you
> get your merchant ID and go, and start getting checks every so often.

This is kind of like the "internet drive-up window" ATM gateway idea my
cronies and I were throwing around.  The funds transfer happens between the
vendor and buyer's banks through an ATM/internet gate, probably owned by a
bank. The WWW/secure mosaic "wallets" and "cash registers" would be given
away.

>I see a lot of great ideas for e$ out there, but I think they all suffer
> from a central fault: there's no easy transition from the way people do
> business in the real world to an e$ model.  IMO, you've got to base a system
> in the way people are used to working and make a gentle transition, or
> it's simply going to fail purely on the learning curve.

I keep insisting that an ATM gate offer the option of ecash in the
transaction, with us as the underwriter of the cash, even though my more
"practical" associates offered your rationale for not doing it...

They seem to be winning the argument at the moment. ;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From fnerd at smds.com  Fri Jul 22 12:57:35 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Fri, 22 Jul 94 12:57:35 PDT
Subject: Small transaction amounts
Message-ID: <9407221954.AA14906@smds.com>


Eric speaks of the two kinds of electronic money systems--
closed ones where crypto doesn't have to be done because the system
guarantees security, and open ones where crypto has to be used.

> The closure, however, of these systems means that they don't scale.
> That's bad, fatal, in fact.  That doesn't mean that closed systems
> will disappear, merely that the largest systems must be open.
> 
> What is desirable economically is that the boundary between closed
> clearance systems and open clearance systems be porous enough that the
> market can find an optimal distribution between the two varieties.

Right...I think.  What has to scale is the "semantics of money."
Within a small area ("box"), security is guaranteed by how the enclosing
system works, and over a larger area it's done by crypto (*).  But
for the programs, the difference is transparent, except for a cost
that resembles communications cost.

(*) There's also an issue of, "Can that box over there guarantee me
that I can run programs securely within it?"  There are ways to
do this with tamperproof boxes and such.  Or looser ways to do it
with reputations.

-fnerd
- - - - - - - - - - - - - - -
nutritional information per serving:
   less than one (1) bit
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From Richard.Johnson at Colorado.EDU  Fri Jul 22 13:01:47 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Fri, 22 Jul 94 13:01:47 PDT
Subject: clipper and export
In-Reply-To: <199407221831.OAA10336@cs.oberlin.edu>
Message-ID: <199407222001.OAA08066@spot.Colorado.EDU>


Jonathan Rochkind wrote:
| Is anyone else distrubed by the way that encryption export policy and the
| clipper chip seem to be linked {in administration policy, and in the
| press?
| ... If we need to prevent encryption export for national security
| reasons, as the administration alleges, then that doesn't neccesarily
| have any relation on whether we need to adopt key escrow too.

>From the beginning, it has been clear to me that the whole thing about
crypto export prohibitions enhancing national security is just a smoke
screen.  While there may be a germ of truth to those kinds of statements,
the _real_ reason for propping export controls up when they are no longer
effective, and no longer make sense, is to fragment the worldwide market
and give weakened state-sponsored encryption a window of opportunity to
become a standard.

As such, I'm not upset at how the administration finally is publicly
acknowledging their abuse of export control law for anti-democratic ends.
I'm just upset at their abuse, and consider it highly unethical, even
criminal.

It's ironic that those who are engaging in these unethical, anti-
democratic acts are also asking us to trust them with access to our most
private conversations...


Rich

-- 
Loudyellnet: Richard Johnson | Sneakernet: ECNT1-6, CB 429, CU Boulder
Phonenet:    +1.303.492.0590 | Internet:   Richard.Johnson at Colorado.EDU
   RIPEM and PGP public keys available by server, finger or request
   Speaker to avalanche dragons.   Do you really think they listen?




From solman at MIT.EDU  Fri Jul 22 13:04:47 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 22 Jul 94 13:04:47 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407221914.MAA18128@jobe.shell.portal.com>
Message-ID: <9407222004.AA16058@ua.MIT.EDU>


> This seems like a good approach for a lot of cases.  You end up having
> three classes of transactions: small, medium, and large, with slightly
> different strategies for each.  For large, you do on-line checking; for
> medium, you detect double-spending after the fact and use crypto to find
> his identity; and for small you set up an account and dip into that a bit
> at a time.  I am curious about whether you are focussing more on some size
> range in your plans.

Well I've only got small implemented right now, so I guess that's where
things are focused now. Whether there is more medium or large depends on
how comfortable vendors feel with their customers. I imagine that
certification agencies will develope using my primitives, that will
certify (by betting money on it) that certain people are likely not trying
to double spend. Economics will sort things out. People will chose
whatever form makes them the most money.

> One problem I still see is the small transaction where you don't tend to
> use the same provider again and again.  On the net there are a few sites
> (well, quite a few, I suppose) which are heavily used, but there are a
> lot of places I might like to just browse through.  Paying a penny per
> site isn't going to bother me much, but if I have to set up an account
> for each one ahead of time I'm probably not going to bother.  So I still
> think there are problems with the fractional-cent-per-web-site model
> which I have been hearing about.

Well, I'm expecting a major shift in how people view transactions once the
agents are available to obscure the details. The account based money is
intended to support a market based system whereby competing bits of
information and advertisements vie for the user's attention. In this sort
of system there are LOTS of tiny transactions on one system. Also, I don't
expect the large scale money transactions to wind up costing more than
a penny or less after everything is set up. The problem is that initially
there will be few transactions to amortize processing and communications
costs over. When there are large numbers of transactions occuring, even the
medium/large scale transactions will be cheap.

> >I don't agree on this point. I prefer license based e-cash which is modified
> >on each transaction (and unfortunatelly gets slightly bigger -- the downside
> >of this method). If we're going to make the conversion to ecash, we might
> >as well make it as powerful as mathematics will allow.
> 
> Is this an approach where you determine to whom you will be sending the cash,
> then make it into a "check" which can only be spent by that recipient?
> Doesn't that require the bank's (cash issuer's) help?  Or is this something
> else?

In systems like this, a bank initially issues the user a license. The bank
verifies the identity of the user and issues him a license authenticated
by the bank in a manner that prevents the bank from knowing which license
the user got... unless the user cheats at a latter time in which case the
vendor which knows the license and the bank which knows the ID will each
find out the other and track down the user. Okamoto and Ohta proposed a
centralized one of these in Crypto '91. I'm using some results from
papers on minimalist and dynamic hashing functions (two groups that
do not normally get along well) to create a truly distributed analog to
this system.

JWS





From jrochkin at cs.oberlin.edu  Fri Jul 22 13:06:18 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 22 Jul 94 13:06:18 PDT
Subject: clipper and export
Message-ID: <199407222006.QAA12198@cs.oberlin.edu>


> > Is anyone else distrubed by the way that encryption export policy
> and the > clipper chip seem to be linked {in administration policy,
> and in the > press?
> 
> Well, we helped made this connection happen! We, in the sense of the
> overall letter-writing campaign...all those exhortations for us to
> please get the Cantwell Bill moved along, those daily updates, etc.
> EFF, CPSR, EPIC, and messages here on Cypherpunks and in other fora
> (or forums).
 
WEell, sure. And we all know that there _is_ actually a connection; liberalized
export policies will make it hard for them to impose clipper as a standard
without prohibiting other crypto. And I would assume they know this, 
and that's why {they wont' do it. And I would assume the privacy-freaks
know this too, and that's why they support liberalizing export. 
 
But my concern is that no one seems to bring up the point that this is 
really _bad_ reasons for determining national policy regarding encryption
export. The legislation that allows them to restrict export only does so on
the basis of national security. _Not_ on the basis of "it'll make it
easier to implement our domestic encryption policy". Everyone involved
with the debate extensively realizes that this _is_ the basis on
which the administration is determining export policy. But there seems
to be no outcry abou{t it. I haven't even seen it brought up in 
any media, digital or print. And this is what I see is a problem. {Not
only is {the government messing around with us here, but we seem to 
expect it so much that we dont' even bother to point it out or complain
about it. I think we should be doing that. 
 
The public debate about export restriction should center on "is it actually
a national security risk, and if it isn't, why not liberalize things?"   
Instead, there really is no debate, it's ob{vious that actual         
national security isn't even an issue in the Administration decision
to {keep encryption export restrictions tight, and no one seems to think
this is a problem! That's what I find disturbing.





From tcmay at netcom.com  Fri Jul 22 13:16:03 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 22 Jul 94 13:16:03 PDT
Subject: Stalling the crypto legislation for 2-3 more years
In-Reply-To: <9407221352.AA06655@snark.imsi.com>
Message-ID: <199407222015.NAA09556@netcom4.netcom.com>



> Carl Ellison says:
> > if you really want to propose an escrow system we can live with,
> > I would demand that it include:
> 
> I cannot conceive of an escrow system I could live with. I respect
> some of the people broaching the concept, but I object to the very
> idea. I will no more escrow my communications than I will agree to
> speak only next to the microphones.
> 
> Perry

I echo Perry's concern. I hope that the "community" will not get
caught up in a game of "help us make key escrow better" and thus get
co-opted (as we used to call it) into the system.

I'm sure Carl and others are just exploring the intellectual ideas
involved, especially as we exchanged personal mail over this topic
a few minutes ago, but there is still the danger that all the various
ideas will result in this co-opting.

In my opinion, the worse danger comes from having the Washington
crypto-lobbyists co-opted into a system they can "live with" (as in
"we can live with this"). The Administration has probably concluded
that they failed to get "buy-ins" from the various influential
lobbying groups prior to dropping Clipper on us like a bombshell on
that fateful April day in 1993. 

I'd hate to see EFF, CPSR, and EPIC all "brought into the tent" on
this one, having seen how Kapor and others got so enthralled by the
Digital Superduperhighway that a bad idea got pushed along more than a
little bit by them.

But it may be inevitable. We "rejectionists," who reject crypto
legislation of nearly any sort, are very poor negotiating partners, as
we have nothing to deliver, nothing to make deals with.

But like I said in a recent message, we have a stronger hand to play:
the widespread deployment of many crypto systems, making regulation of
crypto effectively impossible. We may already be at this point, given
the "cryptodiversity" (after "biodiversity") of multiple programs,
multiple platforms, and many communications paths. And in 2-3 more
years, we'll surely be there.

If we can stall and sabotage until then, we should be home free.

--Tim May

(Sorry for using so many buzz phrases, like "buy ins" and "inside the
tent"; these are used as shorthand for the bureaucratic mind-set,
which has a whole glossary of these phrases.)

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From sandfort at crl.com  Fri Jul 22 13:33:21 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 22 Jul 94 13:33:21 PDT
Subject: UNRELATED ABUSE OF BANDWIDTH
Message-ID: <Pine.3.87.9407221305.A29771-0100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

This is not a crypto post.  It is a personal request, primarily
directed to Cypherpunks in the San Jose area.  It also skates
perilously close to having "commercial" content.  Please tune out
now if any of this bothers you.

My son-in-law wants to barter services in exchange for a good
second-hand computer.  He is an RC (Radio Controlled) airplane
flight instructor.  He can also offer other RC related services.

His preference would be a Mac, but he would consider a PC clone.
It doesn't have to be the most up-to-date model.  He wants to use
it for business applications, CAD and video editing.  I also want
him to have a modem so he and I can keep in touch.  (I guess the
crypto tie-in is that I'll expect him to use PGP.)

If you are interested in the swap, send me e-mail, or call him
directly.  His name and number are:

                         Walter Berggren
                          408-971-0110


Thanks for reading this message,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From jya at pipeline.com  Fri Jul 22 14:28:00 1994
From: jya at pipeline.com (John Young)
Date: Fri, 22 Jul 94 14:28:00 PDT
Subject: by the way NSA...
Message-ID: <199407222127.RAA18590@pipe1.pipeline.com>


This amplifies Perry's post on the annual intelligence black 
budget of $28 billion.

NY Times, November 25, 1993:

. . . the black budget is estimated to be nearly $28 billion 
this year.  The money is hidden under falsified line items in 
the Pentagon's budget.

The secret budget finances the National Security Agency, which 
conducts electronic eavesdropping; the National Reconnaissance 
Office, which builds spy satellites; the Central Intelligence 
Agency, and a host of military intelligence activities.

. . . the CIA spends less than 15 per cent of the total 
espionage budget.  Pentagon agencies spend almost all the rest.

At the CIA, Mr. Woolsey voiced doubts about disclosing the sum, 
saying it would lead to a debate over its constituent elements.

End quotes.


And there is more than this budget covers.  For all kinds of 
intelligence costs (and crypto business opportunities) see 
Jeffrey T. Richelson's The US Intelligence Community, 1989, 
ISBN 0-88730-226-2.






From ebrandt at muddcs.cs.hmc.edu  Fri Jul 22 15:21:08 1994
From: ebrandt at muddcs.cs.hmc.edu (Eli Brandt)
Date: Fri, 22 Jul 94 15:21:08 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221537.AA15026@ua.MIT.EDU>
Message-ID: <9407222220.AA06482@muddcs.cs.hmc.edu>


> The point here is that if the evil government wants to go busting in on
> your conversations without a warrant, it can't.

Not through the front door.  But if the system is anything like the
present proposal, there's a lot of room for the key-generating entity
to undetectably keep the keyspace to 40 bits, or whatever it can
comfortably crack.

   Eli   ebrandt at hmc.edu





From mech at eff.org  Fri Jul 22 16:27:18 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 22 Jul 94 16:27:18 PDT
Subject: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
Message-ID: <199407222324.TAA26048@eff.org>


EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
-------------------------------------------------------------------

July 22, 1994

Two days ago, Vice-President Al Gore signaled a major setback in the
Administration's Clipper program, and a willingness to engage in serious
negotiations leading to a comprehensive new policy on digital privacy and
security.  Many questions remain about the future, but one thing is
certain: Clipper is a dead end, and those of us who are concerned about
digital privacy have won a new opportunity to shape a better policy.

The Vice-President's letter to Rep. Maria Cantwell (D-WA) made it clear
that while Clipper might have a small place in the telephone security
market, it has no future in the digital world.  "...[T]he Clipper Chip is
an approved federal standard for telephone communications and not for
computer networks and video networks.  For that reason, we are working with
industry to investigate other technologies for those applications....  We
welcome the opportunity to work with industry to design a more versatile,
less expensive system.  Such a key escrow system would be implementable in
software, firmware, hardware, or any combination thereof, would not rely
upon a classified algorithm, would be voluntary, and would be exportable." 
Clipper does not meet most of these criteria, so, according to the Vice-
President, it is a dead end.

END OF THE LINE FOR CLIPPER -- LONG-RUN EFFORT TO DRIVE MARKET WILL FAIL

The premise of the Clipper program was that the government could drive the
market toward use of encryption products which incorporated
government-based key escrow agents.  A series of subtle and not so subtle
government actions would encourage private citizens to use this technology,
thus preserving law enforcement access to encrypted communications. 
Clipper was originally announced as the first element of a family of
hardware-based, government key escrow encryption devices that would meet
security needs for both voice and data communications on into the future. 
Clipper itself was purely a voice and low-speed data product, but other
members of the Skipjack family, including Tessera and Capstone, were to be
compatible with Clipper and were intended to lead the way from escrowed
encryption in voice to escrowed encryption for data.  Plans are already
announced, in fact, to use Tessera and Capstone in large government email
networks.  At the time, the hope was that government use of this technology
would push private sector users toward key escrow systems as well.

Now, the announcement that the Administration is re-thinking plans for data
encryption standards leaves Clipper a stranded technology.  No one wants to
buy, or worse yet, standardize on, technology which has no upgrade path. 
As a long-run effort to force the market toward government-escrowed
encryption standards, Clipper is a failure.

WE STILL MUST WORK FOR VOLUNTARY, OPEN, EXPORTABLE STANDARDS

The fight for privacy and security in digital media is by no means over. 
Though the Administration has backed away from Clipper, and expressed
willingness to talk about other solutions, we are pursuing serious progress
on the following issues:

        * Improved telephone encryption standards

For the reasons listed by the Vice-President, in addition to the inherent
problems of making copies of all your keys available, Clipper is a poor
choice for telephone encryption.  Industry should develop a standard for
truly secure and private telephones, make them available from multiple
manufacturers worldwide, and make them interoperate securely with audio
conferencing software on multimedia PC's.

        * Truly voluntary standards

Any cryptographic standard adopted by the government for private sector use
must be truly voluntary.  Voluntary means, to us, that there are statutory
guarantees that no citizen will be required or pressured into using the
standard for communications with the government, or with others.  No
government benefits, services, or programs should be conditioned on use of
a particular standard, especially if it involves government or private key
escrow.

        * Open standards

Standards chosen must be developed in an open, public process, free from
classified algorithms.  The worldwide independent technical community must
be able to create and evaluate draft standards, without restriction or
government interference, and without any limits on full participation by
the international cryptographic community.

        * No government escrow systems

Any civilian encryption standard which involves government getting copies
of all the keys poses grave threats to privacy and civil liberties, and is
not acceptable in a free society.

        * Liberalization of export controls

Lifting export controls on cryptography will make the benefits of strong
cryptography widely available to our own citizens. U.S. hardware, software
and consumer electronics manufacturers will build encryption into
affordable products once they are given access to a global marketplace. 
Today's widespread availability of "raw" cryptographic technology both
inside and outside the United States shows that the technology will always
be available to "bad guys".

The real question is whether our policies will allow encryption to be built
into the fabric of our national and international infrastructure, to
provide significantly increased individual privacy, improved financial
privacy, increased financial security, enhanced freedom of association,
increased individual control over identity, improved security and integrity
of documents, contracts, and licenses, reduced fraud and counterfeiting,
the creation of significant new markets for buying and selling of
intellectual property, and a lessened ability to detect and prosecute
victimless crimes.

These benefits are not free, however.  EFF does recognize that new
communications technologies pose real challenges to the work of law
enforcement.  Just as the automobile, the airplane, and even the telephone
created new opportunities for criminal activity, and new difficulties for
law enforcement, encryption technology will certainly require changes in
traditional investigative techniques.  We also recognize that encryption
will prevent many of the online crimes that will likely occur without it. 
We further believe that these technologies will create new investigative
tools for law enforcement, even as they obsolete old ones.  Entering this
new environment, private industry, law enforcement, and private citizens
must work together to balance the requirements of both liberty and
security.  

Finally, the export controls used today to attempt to control this
technology are probably not Constitutional under the First Amendment; if
the problems of uncontrolled export are too great, a means of control must
be found which does not restrict free expression.

CONGRESSIONAL LEADERSHIP TOWARD COMPREHENSIVE POLICY FRAMEWORK IS CRITICAL

The efforts of Congresswoman Maria Cantwell, Senator Patrick Leahy, and
other members of Congress, show that comprehensive policies on privacy,
security and competitiveness in digital communication technologies can only
be achieved with the active involvement of Congress.  Unilateral policy
efforts by the Executive branch, such as Clipper and misguided export
control policies, will not serve the broad interests of American citizens
and businesses.  So, we are pleased to see that the Vice-President has
pledged to work with the Congress and the private sector in shaping a
forward-looking policy.  We see the Vice-President's letter to
Congresswoman Cantwell as an important opening for dialogue on these
issues.

The principles of voluntariness and open standards announced in the Vice-
President's letter, as well as those mentioned here, must be incorporated
into legislation.  We believe that under the leadership of Senator Leahy,
Reps. Cantwell, Valentine, Brooks and others, this will be possible in the
next congress.  EFF is eager to work with the Congress, the Administration,
along with other private sector organizations to help formulate a new
policy.  EFF is also pleased to be part of the team of grass roots
activism, industry lobbying, and public interest advocacy which has yielded
real progress on these issues.

FOR MORE INFORMATION CONTACT:

Jerry Berman, Executive Director <jberman at eff.org>
Daniel J. Weitzner, Deputy Policy Director <djw at eff.org>

For the full text of the Gore/Cantwell letter, see:

ftp.eff.org, /pub/Alerts/gore_clipper_retreat_cantwell_072094.letter
gopher.eff.org, 1/Alerts, gore_clipper_retreat_cantwell_072094.letter
http://www.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter







From mpjohnso at nyx10.cs.du.edu  Fri Jul 22 16:49:15 1994
From: mpjohnso at nyx10.cs.du.edu (Michael Johnson)
Date: Fri, 22 Jul 94 16:49:15 PDT
Subject: Gore's "new and improved" key escrow proposal
Message-ID: <9407222348.AA18125@nyx10.cs.du.edu>




Just think how easy it would be to comply with software key escrow requirements:
imagine a new PGP option -- +encrypt_to_escrow_agents=on

The escrow agent's PGP public key could be shipped with every copy of PGP...
naturally, every PGP user will be required by law not to override this
option if the Vice President gets his way.

 --- sound of tongue being removed from cheek ---

I have tried to think of a positive use for key escrow.  The only  thing that I
have come up with so far is kind of like having local key escrow within one 
company, or something like that.  Kind of like having a master key that fits
all the offices in one wing of a building, or something like that.  That could
be good in some business uses, provided you could pick your own trusted master
key holder.  I don't think that is what Al Gore has in mind.






From claborne at microcosm.sandiegoca.NCR.COM  Fri Jul 22 17:45:17 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris)
Date: Fri, 22 Jul 94 17:45:17 PDT
Subject: by the way...
Message-ID: <2E2FFB18@microcosm.SanDiegoCA.NCR.COM>





Perry writes:
<<
For those who believe "the NSA can do ANYTHING" or some such, an
article in the New York Times claims the annual black budget now seems
to be hovering around $28 Billion per year, for ALL secret government
work.
>>

That's all the money that you KNOW about :)

     2
 -- C   --





From C331673%LBVM6.profs at mdcgwy.mdc.com  Fri Jul 22 17:52:21 1994
From: C331673%LBVM6.profs at mdcgwy.mdc.com (C331673%LBVM6.profs at mdcgwy.mdc.com)
Date: Fri, 22 Jul 94 17:52:21 PDT
Subject: No Subject
Message-ID: <9407230052.AA08487@toad.com>


 
This is my first post, so please be kind. I have what I
I think, IMHO, is a simple question. If the government
"outlawed" non-escrow keyed encryption, how would they get
a conviction for a supposed violation? How could they prove
in a court of law (assuming we would still have courts...)
that a note that looks like nonsense, is in fact encrypted?
If they decyphered it, how would they know/prove that the new
"plaintext" is in fact plaintext that you started with?
Could they write code that could fabricate notes from giberish?
What if you encrypted a love letter and they 'decrypted' a drug deal?
 
 
Also, on the national ID card issue, I was involved in bar codes
(machine readable labels) and came across really small (grain of
rice sized) transponders with ID number encoded. These could then be
machine (transducer) readable. They were glass coated and had
various industrial applications. I have since read that they have
implanted them in pets to identify them if they run away. Next step
would be implanting them in people. You would then have an absolute
way to ID people (short of surgery).
 
Police could carry transducers, wave it in your direction and know
who you are. Cellular terminal could get whatever data they had on you.
No way you could impersonate LD. No way to stay 'private'. Hang the
transponder on the doorway of a bldg to monitor traffic. (OJ coulda
proven his alibi....) Use it in the local supermarket to do biz with.
Better then an ATM card, cuz you'll never lose it.
 
A brave, new world awaits.
 
Wadda you think?
 
Conrad Walton
Cwalton at delphi.com
 






From solman at MIT.EDU  Fri Jul 22 18:02:52 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 22 Jul 94 18:02:52 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407222348.AA18125@nyx10.cs.du.edu>
Message-ID: <9407230102.AA17231@ua.MIT.EDU>


> Just think how easy it would be to comply with software key escrow
> requirements: imagine a new PGP option -- +encrypt_to_escrow_agents=on

I think that this is an exceellent idea, not one to be laughed at. Voluntary
compliance is a good thing. Something I'm toying with is the possibility of
putting a voluntary tax in my program. 1% of all transactions would go to
paying for educational access and access for poor people. If you don't want
to contribute, just turn it off. As long as either the vendor or the customer
has the option on, 1% will find its way to those groups. Vendors and
customers would even be able to charge groups that do not participate extra
as a penalty for not being socially conscious. Government intervention with
guns is not necessary for warm fuzzy things to occur.

Voluntarilly participating in things like escrow and "warm fuzzy liberal
taxes" has the potential to take the bite out of legilation intended to
regulate us. (And remember, another name for secret-split key escrow is
KEY BACKUP, a very important function in any cryptographic system that's
intended to last and be reasonably universal.)

Cheers,

JWS





From shamrock at netcom.com  Fri Jul 22 19:14:08 1994
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 22 Jul 94 19:14:08 PDT
Subject: Gore's "new and improved" key escrow proposal
Message-ID: <199407230214.TAA07844@netcom.netcom.com>


Michael wrote:

>
>I have tried to think of a positive use for key escrow.  The only  thing that I
>have come up with so far is kind of like having local key escrow within one
>company, or something like that.  Kind of like having a master key that fits
>all the offices in one wing of a building, or something like that.  That could
>be good in some business uses, provided you could pick your own trusted master
>key holder.  I don't think that is what Al Gore has in mind.

I think there is a use for key escow in our society. As someone else has
suggested on this list, all internal communication of the government should
use escowed keys. I propse us Cypherpunks as one of the escow agents.
Defininity not what Gore had in mind.


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From shamrock at netcom.com  Fri Jul 22 19:14:13 1994
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 22 Jul 94 19:14:13 PDT
Subject: 
Message-ID: <199407230214.TAA07850@netcom.netcom.com>


Conrad wrote:

>Could they write code that could fabricate notes from giberish?
>What if you encrypted a love letter and they 'decrypted' a drug deal?
>

That would be rather easy to acomplish with a secret algorithm. Still
possible, but not quite as easy with a published one. I am sure it will be
done.

>Also, on the national ID card issue, I was involved in bar codes
>(machine readable labels) and came across really small (grain of
>rice sized) transponders with ID number encoded. These could then be
>machine (transducer) readable. They were glass coated and had
>various industrial applications. I have since read that they have
>implanted them in pets to identify them if they run away. Next step
>would be implanting them in people. You would then have an absolute
>way to ID people (short of surgery).
>

I think this is the real problem that awaits us. While I do not believe
that society is quite ready for it to be broadly deployed, I think that it
inevitably will happen. First to monitor conviced criminals (to make sure
that rapist really stays away from schools), then children (in case they
get abduced), soon afterwards everyone else. And you know what? The public
will _ask_ for it.

Picture of happy shopper. "Citibank transducer (TM). Now nobody can use my
account without my knowledge and best of all -- I don't have to remember to
bring a card. I can't understand why not everyone is doing it." Jingle.


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From rishab at dxm.ernet.in  Fri Jul 22 19:32:06 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 22 Jul 94 19:32:06 PDT
Subject: Cypherpunks = soc.women.... ?
Message-ID: <gate.RT9VPc1w165w@dxm.ernet.in>



The Newsweek cover on sexism on the Net may have basis; there may be a need
to discuss these issues; an occassional post on the subject may be useful
on this list -- but 40k? Please move this to soc.women.attitudes or
alt.fan.true-lies or something.

Funny. Our resident editor, Perry, is usually pretty quick on the draw with
scathing "what's this to do with crypto" messages. 

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Fri Jul 22 19:32:14 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 22 Jul 94 19:32:14 PDT
Subject: Gore to Cantwell
Message-ID: <gate.Hu9VPc1w165w@dxm.ernet.in>


I hope you've all seen the latest EPIC bulletin. Gore's letter to Cantwell:

>        "On the other hand, we agree that we need to take action this
> year to ensure that over time American companies are able to include
> information security features in their program in order to maintain
> their international competitiveness.  We can achieve this by entering
> into a new phase of cooperation among government, industry
> representatives and privacy advocates with a goal of trying to develop
> a key escrow encryption system that will provide strong encryption, be
> acceptable to computer users worldwide, and address our national
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> security needs as well.

Horses have blinkers on the sides of their eyes so that they look straight.
Do politicians have eyes at all?

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Fri Jul 22 19:32:20 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 22 Jul 94 19:32:20 PDT
Subject: Accessing the Cpunk WAIS archive
Message-ID: <gate.5u9VPc1w165w@dxm.ernet.in>


"Gary Jeffers" <vikram!CCGARY at MIZZOU1.missouri.edu>
> http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src
> is the location of all the Cypherpunks' posts with index. I can
> get to this place by placing a "www" in front of this instruction.

Do an archie search for lynx or mosaic or some other decent browser.
This is a WAIS indexed archive; no hyper links; you type in a keyword,
and get a list of matching articles, and select one (or more) of them to
look at.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From paul at hawksbill.sprintmrn.com  Fri Jul 22 19:46:20 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Fri, 22 Jul 94 19:46:20 PDT
Subject: Gore to Cantwell
In-Reply-To: <gate.Hu9VPc1w165w@dxm.ernet.in>
Message-ID: <9407230348.AA17162@hawksbill.sprintmrn.com>



> 
> Horses have blinkers on the sides of their eyes so that they look straight.
> Do politicians have eyes at all?
>

Octupus. Octopus have eyes, yet no backbone.  And not much for brains, 
either. 

Oh, and don't forget the tentacles. 

- paul
 




From sommerfeld at orchard.medford.ma.us  Fri Jul 22 20:02:07 1994
From: sommerfeld at orchard.medford.ma.us (Bill &)
Date: Fri, 22 Jul 94 20:02:07 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407230102.AA17231@ua.MIT.EDU>
Message-ID: <199407230249.WAA10431@orchard.medford.ma.us>


Actually, that should be

+encrypt_to_escrow_agent=vice-president at whitehouse.gov
or
+encrypt_to_escrow_agent=prz at acm.org

(You get to choose your own escrow agent :-) ).

This should be trivial to implement; just treat it as an implicit
recipient in all PK-encrypted messages.

						- Bill







From hughes at ah.com  Fri Jul 22 20:06:00 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 22 Jul 94 20:06:00 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407221914.MAA18128@jobe.shell.portal.com>
Message-ID: <9407230243.AA00502@ah.com>


   This seems like a good approach for a lot of cases.  You end up having
   three classes of transactions: small, medium, and large, with slightly
   different strategies for each.

There are more categories than these, actually.  There's already a
banking distinction between large and very large.  One of the high end
funds transfer systems in the world has a _minimum_ transaction size
of about two million dollars.  You can bet that these are handled
differently than a one thousand dollar check (still "large").

In addition to direct costs of provision, there are also effective
costs of collection risk.  At each level, these collection risks have
to be estimated and taken into account.  Since the real desire is for
a known upper bound, some fraud or other form of transaction failure
can be expected.

When credit is being offered (even intra-day), the risk increases
proportionally.  Every off-line system offers some amount of credit,
however small.

   Paying a penny per
   site isn't going to bother me much, but if I have to set up an account
   for each one ahead of time I'm probably not going to bother.  

You can still use an account mechanism, but with an intermediary whose
business it is to aggregate small amounts as these proposed and clear
the total periodically.  That's now one account setup for the
customer.

Eric





From hughes at ah.com  Fri Jul 22 20:16:40 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 22 Jul 94 20:16:40 PDT
Subject: Small transaction amounts
In-Reply-To: <9407221954.AA14906@smds.com>
Message-ID: <9407230254.AA00519@ah.com>


   Right...I think.  What has to scale is the "semantics of money."
   Within a small area ("box"), security is guaranteed by how the enclosing
   system works, and over a larger area it's done by crypto 

There are several ways to make the boundary porous.

1.  Differing rates of clearing a smaller system to a larger.  I can
clear to a larger system once an hour, once a day, once a month, etc.
One can keep a risk bound steady in a system with increasing
transaction flux simply by increasing the rate of clearing.

2.  Probabilistic verification.  In a system where verification is
used, the transactions at the low end might be certified in real time
at some rate.  This decreases the cost of provision while keeping an
eye out for the upper bound on risk.

3.  Net settlement.  A system where one can both add and subtract
value can clear periodically only the net difference in funds.  Net
settlement works really well for small scale systems, but systemic
risk increases proportional to system size.  

4.  Exposure caps.  In a net settlement system, there might be a
maximum positive or negative balance that would be permitted before
clearing to another system was required.  Futures markets have rules
similar to this.

5.  Intraperiod overdraft loans.  A "daylight overdraft" is a running
net negative balance in between clearing times.  By charging for this
money as a short term loan, there is an incentive to minimize its use.

There are more, certainly, and any student of financial markets could
name another five without too much thought.  There are some
interesting and significant issues involved in verification of some of
these policies.

Eric





From hfinney at shell.portal.com  Fri Jul 22 20:35:48 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 22 Jul 94 20:35:48 PDT
Subject: Voice/Fax Checks
Message-ID: <199407230337.UAA12523@jobe.shell.portal.com>


Eric Hughes writes:

>You can still use an account mechanism, but with an intermediary whose
>business it is to aggregate small amounts as these proposed and clear
>the total periodically.  That's now one account setup for the
>customer.

How, though, would the ftp site which wants to know whether I'm "good for"
the one cent charge to download PGP do so?  Does it have to check with an
agent on the net somewhere which will vouch for me?  Aren't the communica-
tion costs then the same as an online system?  Or does it extend me the
one cent as credit and hope that I really do have an account with that
agent (or bank)?  Then that seems like a basic off-line system.  So I don't
understand the role of agents in solving this problem.

I find it confusing to imagine a situation where large numbers of goods
are sold for very low prices.  Will people tend to cheat, since it's easy
to get away with it (all those systems offering you one cent credits), or
will they tend to be honest, since the per-use cost is so low (but perhaps
adds up over a month)?  I suspect that nobody will pay if there is a way
they can use the servers without paying, even though they are only saving
a fraction of a cent each time.  Maybe that's just my jaundiced view of
human nature.

Hal





From roy at sendai.cybrspc.mn.org  Fri Jul 22 20:47:07 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 22 Jul 94 20:47:07 PDT
Subject: Voice/Fax Checks
In-Reply-To: <9407221709.AA15468@ua.MIT.EDU>
Message-ID: <940722.183524.4a8.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, solman at MIT.EDU writes:

> I don't agree on this point. I prefer license based e-cash which is modified
> on each transaction (and unfortunatelly gets slightly bigger -- the downside
> of this method).

I'm not clear on this point.  Is this an audit trail built into the
e-cash?  I'm not so sure that's a Good Thing.
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjBYHRvikii9febJAQHbzAP7BtK0oS6oO78/J9781IyA5mQQv7Jjl1SP
D/M8pLSHco4q6OhHHEa2qLUOzMeh2v1CArFvXjZjx2Yg3AmmWCR3E0prCO0ZgQmh
iPOttdfue4W788rwpBtHVkOBPUjf5ilB7aifWXYxTgzwbGotbjILtBnvUvcQPSzi
+UYOmErloEY=
=e8lz
-----END PGP SIGNATURE-----






From pierre at shell.portal.com  Fri Jul 22 20:56:20 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Fri, 22 Jul 94 20:56:20 PDT
Subject: Voice/Fax Checks
Message-ID: <199407230357.UAA13442@jobe.shell.portal.com>


A couple of pointers on current outfits trying to undercut the "transaction
cost", none of them the ultimate we all root for, but nonetheless.

hfinney at shell.portal.com writes
> Robert Hettinga writes:
> 
> >I've gotten stuck on
> >exactly how to "*undercut*" the transaction costs of existing methods.  Got
> >any ideas?
> 
> It's pretty clear that credit cards don't work for some of the transactions
> people want to do:
> [...]
> It's not that easy for a mail-order shoestring startup to get the ability to
> accept VISA cards.  Because of the danger of fraud, the credit card companies
> like to see a storefront and/or some previous history.  Someone who writes a
> nifty PGP shell and wants to sell it for $10 per will have this problem.

It's actually getting easier. Small card service outfits have noticed the
problem. They have looked at the danger of fraud, and when accepting a new
company, still conduct a sufficient investigation (so they claim :-). They
have also looked at the way small outfits operate. The result is that it
seems it is now possible for "home businesses" like BBS's or software
sellers to get cheaper service than store fronts. It comes out to something
like $25 a month + 2.5-3% per charge ($0.20 minimum per charge, $25 minimum
per month) + equipment, roughly, for VISA and Mastercard.

As an example, in the San Francisco area, try ... errr... <grumble>...
 (Darn it, I buried that guy's card... try the phone book :-)

> 3) People who don't like giving out their credit card numbers to an unknown
> email address.

Or to a small random unknown business... Which is a problem even if
everybody could accept VISA, as you mentioned. 

Others already mentioned on the list the 1-900 phone based "netcash" <shrug>
service described in July 1994 Boardwatch Magazine. You call the 900
number with your modem, you get a random string for it, and your phone
company bills you $10 (info at netbank-info at agents.com). You then can get
change (down to $0.25 strings), do on-line validation of transactions,
and eventually redeem the strings, minus a 20% redemption fee.
In addition to that one service, I already heard
of two others that cater in particular to BBS's, similar system where
you get billed $10 for a 900 call, and get a random string to use as a
voucher. These two don't let you "get change" or any similar facility,
but they let small businesses get rid of the "collection" process, for
a fee. In all these cases, the fee is around 20-25%, so there may be
space for competition (I don't have the coordinates for these, just
know where to ask).

That was/is actually the strong point of the French Minitel system
(as much as I can't stand that piece of plastic ****):
Minitel services are accessed (mostly) through 900 style numbers, and
France Telecom handles all the billing and collection for the Minitel
service providers, allowing charges as low as 7 cents per call to a
service (most are much higher, WAY higher).

We already discussed the "phone check" idea, even Western Union
advertised it, and maybe even provides it :-)

Clearly all these systems have disadvantages, and are some way from what
some of us want, but they show that the current "billing" services
are not standing still, and are working on this access barrier to credit
card payment. Clearly too, they don't seem to be working in the direction
we want.

Pierre.
pierre at shell.portal.com






From warlord at MIT.EDU  Fri Jul 22 21:12:30 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 22 Jul 94 21:12:30 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407222348.AA18125@nyx10.cs.du.edu>
Message-ID: <9407230412.AA11150@toxicwaste.media.mit.edu>


> I have tried to think of a positive use for key escrow.  The only
> thing that I have come up with so far is kind of like having local key
> escrow within one company, or something like that.  Kind of like
> having a master key that fits all the offices in one wing of a
> building, or something like that.  That could be good in some business
> uses, provided you could pick your own trusted master key holder.  I
> don't think that is what Al Gore has in mind.

Actually, I can think of one major use.  If I encrypt my personal
files, I might want my heirs to be able to recover them after my
death.  For example, I might keep my electronically-encrypted will in
escrow, such that upon my death the keys can be obtained and the
document opened.

This does not mean that I implicitly trust the government to escrow my
keys.  However it does mean that there are legitimate uses for
escrowed technology.  I just think that the government shouldn't be in
charge of it, and that citizens have the right to choose the level of
privacy and security that they desire for themselves.

Just to quickly change the topic, and answer someone's question for
earlier today or yesterday (sorry, I've been really hosed and haven't
had a chance to really delve into the flurry of email that I've
received recently)...  Not everyone on this list is an anarchist.  For
example, I do not consider myself an arachist.  I think some
leadership is needed, since not everyone is capable of being a leader,
and I wouldn't trust just anyone to make decisions for me.  I'm on
this list because I value electronic privacy and encryption
technologies, and I believe that the power of encryption will better
enable the common man to hold his (or her) privacy in the electronic
information world.

Anyways, enough spewing.  Enjoy!

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord at MIT.EDU    PP-ASEL     N1NWH    PGP key available





From DAVESPARKS at delphi.com  Fri Jul 22 21:24:45 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Fri, 22 Jul 94 21:24:45 PDT
Subject: Double DES calculations
Message-ID: <01HF0WQ4C8DK95NB4U@delphi.com>


Hal Finney wrote:

> I'll give you one similar example, though.  I think this is the technique
> used in Pollard "rho" factoring.  You have an iterated series, x=f(x), and
> you want to know if it has any cycles, any values which are eventually
> repeated.  At first glance you might think that to look for a cycle of
> length N you would have to store N values of the series and check each
> value for a match, taking order of N in time and space.  The Pollard tech-
> nique instead runs two copies of the iteration at once, one twice as fast
> as the other: x=f(x) and y=f(f(y)).  Each time you just compare x and y
> for a match.  This takes about twice as long but uses no memory.

The thread was concerning the vulnerability of Double-DES with an
intermediate layer of IDEA in the middle.  It was proposed that if IDEA
could ultimately be TRIVIALLy cracked, then DES-IDEA-DES was no stronger
than Double-DES.  At that point I did some "back of the envelope"
calculations on the cost of breaking Double-DES using a MITM attack.

I'm not sure how "cycles" fit into DES.  The brute-force technique I was
hypothesizing involved trying all possible keys on the encrypt and decrypt
sides, storing them the resultant 64 bit blocks (all 2^60 bytes of them),
then comparing them.  How would Pollard rho speed that up?

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From berzerk at xmission.xmission.com  Fri Jul 22 21:37:07 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 22 Jul 94 21:37:07 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407222348.AA18125@nyx10.cs.du.edu>
Message-ID: <Pine.3.89.9407222201.A14911-0100000@xmission>




On Fri, 22 Jul 1994, Michael Johnson wrote:
> all the offices in one wing of a building, or something like that.  That could
> be good in some business uses, provided you could pick your own trusted master
> key holder.  I don't think that is what Al Gore has in mind.
So lets deliver this before he can deliver his.

What we need to do is use the concepts of fair key escrow.  This can be 
done using the pgp as a framework, just as you said.


Berzerk





From jamesd at netcom.com  Fri Jul 22 21:57:43 1994
From: jamesd at netcom.com (James A. Donald)
Date: Fri, 22 Jul 94 21:57:43 PDT
Subject: GUT and P=NP
In-Reply-To: <9407220444.AA20360@geech.gnu.ai.mit.edu>
Message-ID: <199407230457.VAA19186@netcom13.netcom.com>


Ray writes
> 1) By definition, if something can be computed by a turing machine,
> then it is an algorithm (Lewis and Papadimitriou)

Suppose we have a spatial transform performed by light flowing
through a grid.  Is that an algorithm?   Perhaps it is, but I
am about to describe a case that will stretch your definition
of algorithm rather more drastically.


> 2) a quantum computer can be simulated by a TM with exponential 
> slowdown. (claimed by you on the Extropians list, but also
> claimed by Feynmann I believe, not about qm computers, but qm systems
> in general)

True.

> then by (1) and (2), it follows that
> 3) quantum computers are algorithmic (if not, it would contradict
> 2) and possibly 1)

Suppose our quantum system has thirty two bytes.

Then a classical simulation of our quantum system would require
2^257 words of memory

The computer would require more matter than exists in the universe.

Each step of the simulation would require 2^514 steps by the computer,
which even for a computer constructed of very tiny components out
of all the matter in the universe would still require vastly longer
than the entire lifetime of the univers.

> 
>    It doesn't matter how slow the turing machine runs the simulation
> because we allow an arbitrary time along with the infinite tape
> to complete the computation. 
> -Ray

It does not sound like a very useful algorithm, nor is it one
that is easy to describe.

The difference is like the difference in my example of light
flowing through a grid, as against a fourier transform etc,
but the difference is enormously greater.

You say it makes no difference by definition.  I say such
definitions are misleading when we discuss how problems are
to be solved.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From pkm at maths.uq.oz.au  Fri Jul 22 22:17:14 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Fri, 22 Jul 94 22:17:14 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221303.AA00981@tis.com>
Message-ID: <9407230516.AA14079@axiom.maths.uq.oz.au>


Carl Ellison wrote:
> 
> if you really want to propose an escrow system we can live with,
> I would demand that it include:
> 
> 1.	unambiguous ID of the person being tapped in the LEAF-equivalent
> 2.	multiple escrow agencies, at least one of which is the NSA HQ
> 	(for its superior physical security)
> 3.	watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR,
> 	EFF, NYTimes, ...) with authorization to look for abuses of
> 	authority and to refuse to release keys in such cases and to
> 	publicize such cases as well as bringing them to the attention
> 	of law enforcement for prosecution.
> 4.	user-generated escrow keys, to reduce the chance of anyone having a
> 	backdoor way to get the whole escrow key database.
> 

I think you missed one important condition:

  5.    Make it optional, with no strings attached. Furthermore, make the
        system designed so that the "default" option is no key escrow. In
        other words, the government would have to get permission for key
        escrow.

Condition 5 would of course not apply to government employees. Nor would it
apply to the office communication equipment inside the more "paranoid" business
associations. Of course, it would be the company, not government, who would
hold the keys, and of course the company should have the choice in deciding
whether key escrow is really necessary.

Of course, with this extra condition, key escrow seems fairly pointless. :-)
But I don't mind. It's not as if I'm exactly looking forward to it Down
Under.

Peter Murphy.






From rarachel at prism.poly.edu  Fri Jul 22 22:17:35 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Fri, 22 Jul 94 22:17:35 PDT
Subject: Anti-Clipper Article in "THe Computer Applications Journal"
In-Reply-To: <Pine.3.07.9407182130.C5407-f100000@gold.chem.hawaii.edu>
Message-ID: <Pine.3.05.9407230107.A11719-9100000@prism.poly.edu>


Thank you for posting this article.  While it contained materials we are
all aware of, I'm sure the Newbies on this list will appreciate it.  I've
saved it incase someone who isn't too familiar with crypto asks me to give
him/her some info.  Your service to this list is well worth while.  Keep
up the good work. :-)







From rarachel at prism.poly.edu  Fri Jul 22 22:21:32 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Fri, 22 Jul 94 22:21:32 PDT
Subject: Anti-Clipper Article in "THe Computer Applications Journal"
In-Reply-To: <9407191113.AA09296@toad.com>
Message-ID: <Pine.3.05.9407230144.A11719-a100000@prism.poly.edu>




On Tue, 19 Jul 1994 smb at research.att.com wrote:

> Might I suggest that this is not the right newsgroup for anti-Clipper
> articles?  I've never seen *any* Cypherpunk defend it; what's the
> point?  Preaching to the choir?  Repeat doses of brainwashing?

Not at all.  Keep in mind that newbies join this list often enough to
warrant such information being readily available to them.  Also, not
everyone is elequent in their attacks against CLIPPER, ITAR, DT2, etc. 
Such articles provide well needed analogies and situation examples for
common use.  No cypherpunk should be without such resources.  Just because
you find it superflous doesn't mean others won't find it interesting
and/or useful.  I personally didn't find any >NEW< information, but that
doesn't make for a needless post.








From hfinney at shell.portal.com  Fri Jul 22 22:46:23 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 22 Jul 94 22:46:23 PDT
Subject: Double DES calculations
In-Reply-To: <01HF0WQ4C8DK95NB4U@delphi.com>
Message-ID: <199407230547.WAA21262@jobe.shell.portal.com>


DAVESPARKS at delphi.com writes:

>The thread was concerning the vulnerability of Double-DES with an
>intermediate layer of IDEA in the middle.  It was proposed that if IDEA
>could ultimately be TRIVIALLy cracked, then DES-IDEA-DES was no stronger
>than Double-DES.  At that point I did some "back of the envelope"
>calculations on the cost of breaking Double-DES using a MITM attack.

>I'm not sure how "cycles" fit into DES.  The brute-force technique I was
>hypothesizing involved trying all possible keys on the encrypt and decrypt
>sides, storing them the resultant 64 bit blocks (all 2^60 bytes of them),
>then comparing them.  How would Pollard rho speed that up?

I don't know how to speed this up.  Pollard rho was a cautionary tale of
how sometimes time/space tradeoffs exist.  If the main cost of double-DES
is in space but the time cost isn't that bad, then if there were such a
tradeoff it could be dangerous to use it.

Most of the time-space tradeoffs that I can think of for a basic MITM
attack like this are pretty costly.  For example, instead of trying all
the keys on both sides you could try just half the keys each time.  This
would take only half as much space but up to four times the time.  You
could also do some hashing to save space at the cost of false positives and
more time.  Again, the point is not so much that double DES is weak, but
more that if its strength is solely due to space costs that gives much
less of a good feeling than if you had an algorithm that was strong both
in space and in time.

Hal





From rarachel at prism.poly.edu  Fri Jul 22 23:02:11 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Fri, 22 Jul 94 23:02:11 PDT
Subject: Card Playing Protocol? (fwd)
Message-ID: <Pine.3.05.9407230153.A11719-d100000@prism.poly.edu>






---------- Forwarded message ----------
Date: Sat, 23 Jul 1994 01:19:02 -0400 (GMT+4:00)
From: Arsen Ray Arachelian <rarachel at prism.poly.edu>
To: "Roy M. Silvernail" <roy at sendai.cybrspc.mn.org>
Subject: Re: Card Playing Protocol?



On Wed, 20 Jul 1994, Roy M. Silvernail wrote:

> The effect could be different.  I use i there because I want to traverse
> the deck from one end to the other, and exchange each card with a
> randomly selected card from the unprocessed remainder.  This algorithm
> goes back to my 8-bit days, when speed was everything.  Although some
> cards might be handled twice (probably about 35%, but I haven't done the
> math), each position in the deck is filled only once (except the last
> one, which is forced from the other 53).
> 
> A card in position X will, in its turn, be moved to a random position
> between itself and one end of the deck.  But that card is also subject
> to being 'picked from behind' when an earlier card is exchanged.  So any
> given card may end up on either side of its beginning location.
> 
> But I think there's something to what you're saying.  I can't articulate
> it, but I get a sense that the single-pass algorithm might have a
> definable shape

The issue is this:  at the start a card has a 1/54 chance of being swapped
with >ANY< card.  The second card has a chance of 1/53 of being swapped
with >ANY< card, the third, a chance of 1/52... the 50th card has a chance
of 1/4, ... the 53rd card has a 1/2 chance of being swaped with the last
card or remains in its place (swapped with itself.)

So what I'm getting at is that the cards at one end of the deck have more
"mobility" than the cards in the other end of the deck.  The 1st cards
have a more spread out distribution so they have LESS of a chance of being
swapped out with the cards at the back of the deck.  The cards at the back
of the deck have a very tight space from which to be swapped. Therein lies
the problem of sorting.  As for SPEED, in the eight bit days, it would be
faster to do a MOD with a CONSTANT number than with a variable.  Why? 
Because the compiler can find ways of optimizing the MOD via right shifts
and substractions rather than using repeated substraction alone.

There was some challenge somewhere to come up with ways of dividing
numbers via shifting and substraction some time ago.  I'm sure the
division for 54 is faster than a general integer divide by substraction. 
It's hard to figure out how to divide by 54 via shifting, however, it
would do wonders for an eight bit machine. These days, some machines have
integer/floating division right in the CPU that's just as fast or almost
as fast.  With FPU's, even faster than shifting. :-)

Let's see... how do I break 54 down.... hmmm..  Okay, if we trash the
jokers it becomes easier:  52/4 == 52>>2.  This equals 13.  Now 13 being a
prime can't be divided...  I guess this is one way of looking at the card
value and stripping off the suite.  However, having divided by 4, you
saved yourself four times the work already.

So you take your picked card C and substract C>>2 from it.  If the result
is positive, you've got a remainder to a division by 4.  You then
substract 13 until you would get a negative value if you did one more
substraction.  The left over value is the mod 54 (I think.  Someone
correct me if I'm wrong.)

Anyhow, this is moot as you don't need to do this by hand anymore anyway.. :-)
Besides, if you want to cheat a bit, you can always take lrand() &0x0000003F
which would give you a range from 0 to 63, and if you should get a value
larger than 53, you substract 54 from it. :-)  Since all you want is a
random number from 0 to 53, it doesn't much matter.  I guarantee that this
is faster than division on most of the common machines anyway. :-)

> An interesting thought.  Guessing a card's location is pretty tough,
> though.  I was thinking more of seasoned players noticing the absence of
> patterns they had become accustomed to.  I know I saw some definite
> trends when I was an avid Cribbage player.

Yes, but an AI could also be trained with these patterns.  A neural
network attached to a tracking engine that keeps track of his hand and
guesses at his opponents hand and the "odds" of what cards can come up
next against the odds of what he needs to win with isn't easy, but if done
right, it can prove a formidable opponent for the beginer poker player. :-)

It would be matched by seasoned players undoubtedly.  However, what I'm
getting to here is an automated digital cash paying/payed casio dealer. 
That is you could set up a telnet site where others can gamble against
your computer.  (I'll leave the legalities of this to others :-)  If this
machine is done the right way, even with mental poker and even if it can't
cheat you, it's still a very good card shark.  You could charge say, half
a ghostmark or whatever per 10 games just to play, plus a minimum bet of
one ghostmark per hand with doubling/raising/etc being allowed.

Hell, if you really want to get sick, you can have the AI keep databases
of the player's past patterns and how he ticks.  Unless players use random
anonymous packet bouncers, such AI's could be properly used to run a real
cypherspace <g> casino.  I'm sure if we look up some mobsters and give
them this idea they'd be happy to implement it once digital cash appears
in wide use.

Of course we're talking about ten years in the future, or never if digi
cash never makes it...

Don't however think that this can't be done.  There are chess games that
"think" ahead.  If programmed with the right set of fuzzy rules and given
extensive databases as to the opponents past moves/prefrences/bluffs/etc,
such an AI would be a great card shark.

Of course our player may decide to write a better auto-player and have it
play against another AI. :-)  But hey, if we're going to have smart
agents, their owners can be "backers" as there are for real gamblers out
there already. :-)

> In poker, each hand gets a fresh shuffle.  Blackjack will exhaust the
> deck to a certain point and then shuffle.  Depending on the house,

Yep.. the reason I asked was because in high school we played by almost no
rules. We'd have games where the "odd" numbered cards were wild, picture
cards wild, etc.... shit like that was common place...  I guess it's
bastardisation, but hey, it was fun and not for money.  And we didn't
reshuffle often.

BTW: Idea to prevent dealer cheating while shuffling the deck: Alice
Builds the deck from Ace of Spades to King o'Diamonds, encrypts it,
shuffles it herself, passes it to Bob, who shuffles it again, and encrypts
it, then passes it to Alice who picks her hand, etc.

If the cards are shuffled between every hands, this would prevent an AI
from keeping tack of the odds of unplayed cards.







From nobody at shell.portal.com  Fri Jul 22 23:23:19 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 22 Jul 94 23:23:19 PDT
Subject: 900 Mhz. cordless phone with encryption
Message-ID: <199407230624.XAA24093@jobe.shell.portal.com>


Can anyone recommend a good 900 Mhz. cordless phone with some
sort of voice encryption or scrambling?  My most important 
objective is maximum range from the base unit, but I'd also like 
some privacy, too.  Thanks.





From rarachel at prism.poly.edu  Fri Jul 22 23:58:35 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Fri, 22 Jul 94 23:58:35 PDT
Subject: Who Detweiler is *really* posting as
In-Reply-To: <199407210405.VAA07049@zero.c2.org>
Message-ID: <Pine.3.05.9407230205.A12523-9100000@prism.poly.edu>


Sorry, I've met Perry and he's real.  Unless L. Detweiler lives in New
York and works in New York and only posts from Colorado, you're barking up
the wrong tree.

I've also met Dave Mandl and he's met Perry.  (Unless of course you wish
to imply that I'm Perry and Detweiler and Dave Mandl...  But I submit that
you may be paranoid enough to make such an assumption...)







From rarachel at prism.poly.edu  Sat Jul 23 00:07:10 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sat, 23 Jul 94 00:07:10 PDT
Subject: wanted SueDNym messages
Message-ID: <Pine.3.05.9407230234.A12523-a100000@prism.poly.edu>


If you have copies of the posts posted by Sue D Nym, please pass them my
way.  I have a new toy I'm working on and I just fed it D*weiler's
messages to it as archived by Rishab Aiyer Ghosh.  I'd like to feed it
Sue's message and see what it comes up with.  Also send any other
suspected or actual D*weiler messages.

BTW: This new toy is now in Alpha testing. It's called 
M E D U S A's  T E N T A C L E S.  (I'm deliberatly munging up the names
with spaces and such to get around your kill files as I belive this
program may be of use to you, especially if you have our friend Det in
your kill file.

(I feel like I can't say the name of demon for fear of summoning it. :-) 
This is more like for the fear of killing this message. <g>)

Thanx for your time....

Ain't Fuzzy Logic Grand?







From pkm at maths.uq.oz.au  Sat Jul 23 00:33:52 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Sat, 23 Jul 94 00:33:52 PDT
Subject: wanted SueDNym messages
Message-ID: <9407230733.AA15015@axiom.maths.uq.oz.au>


But what's this MEDUSA's TENTACLES program meant to be? An artificial
intelligence modelled on the personality of LD? <yeegawdz!>

Peter.






From rjc at gnu.ai.mit.edu  Sat Jul 23 02:56:45 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Sat, 23 Jul 94 02:56:45 PDT
Subject: GUT and P=NP
In-Reply-To: <199407230457.VAA19186@netcom13.netcom.com>
Message-ID: <9407230956.AA28103@geech.gnu.ai.mit.edu>


James A. Donald writes:
> Ray writes
> > 1) By definition, if something can be computed by a turing machine,
> > then it is an algorithm (Lewis and Papadimitriou)
> > 2) a quantum computer can be simulated by a TM with exponential 
> > slowdown. (claimed by you on the Extropians list, but also
> > claimed by Feynmann I believe, not about qm computers, but qm systems
> > in general)
> 
> True.

  Therefore it is an algorithm.
 
> > then by (1) and (2), it follows that
> > 3) quantum computers are algorithmic (if not, it would contradict
> > 2) and possibly 1)
> 
> Suppose our quantum system has thirty two bytes.
> 
> Then a classical simulation of our quantum system would require
> 2^257 words of memory
> 
> The computer would require more matter than exists in the universe.
> 
> Each step of the simulation would require 2^514 steps by the computer,
> which even for a computer constructed of very tiny components out
> of all the matter in the universe would still require vastly longer
> than the entire lifetime of the univers.

   We are not talking about physical computers, we are talking about
turing machines. If there is some *finite* deterministic process to
get from the initial data to the final result, no matter how long it
takes, it is an algorithm. I'm sure I could hand you a composite
number that would require a computer larger and older than the
universe to factor. Does that prove that none of our current factoring
algorithms are actually algorithms, or that brute force isn't an
algorithm?

   If you have a different definition of "algorithm" then perhaps your
argument is right, but to me, an algorithm is a process to
get from A to B, regardless of how long it takes.

> > 
> >    It doesn't matter how slow the turing machine runs the simulation
> > because we allow an arbitrary time along with the infinite tape
> > to complete the computation. 
> > -Ray
> 
> It does not sound like a very useful algorithm, nor is it one
> that is easy to describe.

  Usefulness is a matter of time complexity, not a condition for
membership in the set of algorithms.
 
> The difference is like the difference in my example of light
> flowing through a grid, as against a fourier transform etc,
> but the difference is enormously greater.
> 
> You say it makes no difference by definition.  I say such
> definitions are misleading when we discuss how problems are
> to be solved.

  Those definitions were invented to solve problems in the first
place.

  I can't think of a single thing which is non-algorithmic
except true randomness or non-determinism. Since no finite axiom
system can prove whether a string is truly random, no algorithm is
possible for generating nor proving them.  (anything with
infinite logical depth would also probably suffice) Err, I may
be mistaken since I recall that Chaitin said that you need
N bits of formal axioms to prove that an N-bit string is
"elegant" (the smallest representation), but I also recall
somewhere that a truely random string needs an infinite
set of axioms. Perhaps Tim can shed some light.

  Perhaps another example is a physical process able to solve the
halting problem. Imagine a time traveling UTM. Call it as a
subroutine. All it does is run your algorithm program and wait. If the
program ever halts, it sends the signal back in time, otherwise it
runs forever.  Thus, you feed the TT-UTM the algorithm you want to
check. If the program halts, the signal travels back in time from the
far future to arrive during the next "tick" of your current program.
If you receive no such signal, then either the universe died before
the algorithm halted, the machine broke down, or the algorithm doesn't
halt.

  The traditional "proof by contradiction" of the insoluability of the
halting problem doesn't work here. The algorithm used to test the
contradiction simply doesn't halt. It calls the TT-UTM recursively forever,
and creates an infinite number of them. In fact, this questions
the validity of the halting proof itself since the
contradiction derived isn't a valid input to the halt checking
machine in the first place, or, the halting proof disproves
logically the existence of time travel! Inputing an algorithm
to the halt checker which calls the halt checker should be
considered an exception like "division by zero" In which case,
the halt checking TT-UTM returns "exception: input algorithm  
recurses forever"  Thus, two new classes of algorithms are
developed. Those checkable by a TT-UTM and those which are not.
Those which are not should be left up to an even more
powerful machine. ;-)

(this violates the conditions of Church's thesis since the machine
can perform an infinity of calculation at each step. Oh well.)

-Ray
"Everything is an algorithm, even you!"






From DAVESPARKS at delphi.com  Sat Jul 23 04:03:53 1994
From: DAVESPARKS at delphi.com (DAVESPARKS at delphi.com)
Date: Sat, 23 Jul 94 04:03:53 PDT
Subject: Double DES calculations
Message-ID: <01HF1CC26L6Q8ZFRBV@delphi.com>


Hal Finney wrote:

> Most of the time-space tradeoffs that I can think of for a basic MITM
> attack like this are pretty costly.  For example, instead of trying all
> the keys on both sides you could try just half the keys each time.  This
> would take only half as much space but up to four times the time.  You
> could also do some hashing to save space at the cost of false positives
> and more time.  Again, the point is not so much that double DES is weak,
> but more that if its strength is solely due to space costs that gives much
> less of a good feeling than if you had an algorithm that was strong both
> in space and in time.

Agreed, Hal.  I was just pointing out the fallacy of saying that 2-DES
would only take *TWICE* as long to break as 1-DES.  While there are some
tradeoffs that trade space for time, the one virtually constant factor is
monetary cost. Whether it's 300 million drives running for 10+ days to crack
the key, or 10 million for a year or so, the total energy consumed will be
virtually the same. By my calculations, the energy costs alone would be over
half a billion dollars per key.  Not only that, but one of these
hypothetical $1.5 TRILLION "monster crackers" can still only break 30 keys a
year.  (Good reason to generate temporary session keys!)
 
Also, I neglected the "overhead" costs associated, such as periodic
maintenance on all those drives.  Drives in nearly constant use will need
frequent maintenance, especially head cleaning, which is not a trivial task
on 300 million drives.

The only way I can see that this would be cost-effective is to locate it
near a prison (for cheap convict labor) with a cheap power source nearby.
That, or invent a cheaper storage medium than DAT.

In the final analysis, though, you're right.  I'd hate to calculate the cost
to break 3-DES.  Unless you're encrypting a high speed data link in real
time, where utmost throughput is essential, I see no reason to not use that,
or something equally strong.

 /--------------+------------------------------------\
 |              |  Internet: davesparks at delphi.com   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/





From m5 at vail.tivoli.com  Sat Jul 23 06:29:32 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sat, 23 Jul 94 06:29:32 PDT
Subject: GUT and P=NP
In-Reply-To: <9407230956.AA28103@geech.gnu.ai.mit.edu>
Message-ID: <9407231321.AA00766@vail.tivoli.com>


>    We are not talking about physical computers, we are talking about
> turing machines. If there is some *finite* deterministic process to
> get from the initial data to the final result, no matter how long it
> takes, it is an algorithm.

I don't see the need for determinism; it depends on the underlying 
computational model.

>   I can't think of a single thing which is non-algorithmic
> except true randomness or non-determinism. 

The "essence" of nondeterminism may not be algorithmic, but I don't
see why that's important.  If nondeterminism can be sufficiently
characterized that I can express an algorithmic process involving
it (and of course we can; that's how NP problems are expressed) then
my boat floats.





From rishab at dxm.ernet.in  Sat Jul 23 06:54:49 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sat, 23 Jul 94 06:54:49 PDT
Subject: Dialogue With Detweiler
Message-ID: <gate.1VHwPc1w165w@dxm.ernet.in>



Blanc,

While your conversation with LD may be too much for the whole list (I for
one have been ambushed by this sudden spurt in activity) as his posts are
rarely less than 15k, I'd request you to archive them, so that they can
be added to The Detweiler Files, available on ftp from someplace on Robert
Hayden's site.

They should be interesting. After all, students of information society unable
to find a topic for their theses can always choose The Proliferation Of 
Pseudospoofing Tentacles, or The Sniffer Of Medusas. 

Seriously.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  




From rishab at dxm.ernet.in  Sat Jul 23 06:54:49 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sat, 23 Jul 94 06:54:49 PDT
Subject: Schneier
Message-ID: <gate.gaHwPc1w165w@dxm.ernet.in>


tim werner <vikram!werner at mc.ab.com>:
> I ordered [Schneier's] book, when it first came out, from the local Borders book
> store.  When I went to pick it up, they told me that if I decided to buy it
> I could not return it, since it was not a book that they would otherwise
> not stock it
> Today I was there checking out the computer books, and they had a copy on
> the shelf, so I guess it was in enough demand that they decided to stock it.

I found a few copies in a local bookshop the other day. When it first came out,
I thought I'd have to order it, and was pleasantly surprised to find it already
in stock. But then I buy books on discount from an academic distributor, so
that was probably to be expected.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Sat Jul 23 06:54:49 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sat, 23 Jul 94 06:54:49 PDT
Subject: Cypherpunks = alt.tentacles
Message-ID: <gate.RFiwPc1w165w@dxm.ernet.in>



C'punks,

I hate to do this yet again, I'm all for free speech etc, but today
I got 600k of c'punk mail. I don't mind paying for the extra garbage
that comes over my SLIP link, but when there's so much of it, I have
to protest.

I propose the creation of a new news group: alt.tentacles 
(and alt.medusa.detweiler) to discuss what's occupied 70% of the past
few days mail.

Take care, and avoid too much seafood.

Rishab

ps. I _am_ enjoying the discussion on alternatives to 3DES. When I can find
it, that is.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From jbotz at orixa.mtholyoke.edu  Sat Jul 23 08:30:09 1994
From: jbotz at orixa.mtholyoke.edu (Jurgen Botz)
Date: Sat, 23 Jul 94 08:30:09 PDT
Subject: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
In-Reply-To: <199407222324.TAA26048@eff.org>
Message-ID: <199407231427.KAA11154@orixa.mtholyoke.edu>


Stanton McCandlish wrote:
> EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
>[...]
> Many questions remain about the future, but one thing is certain:
> Clipper is a dead end, and those of us who are concerned about
> digital privacy have won a new opportunity to shape a better policy.

The EFF appears to have decided to declare victory... they say they
have "won" the opportunity to shape a better policy.  But almost
nobody else who is on the side of privacy feels the same way.  Even
Senator Patrick Leahy (D-VT) has officially stated that:

        I have read the July 20th letter from the Vice President about
   the Administration's current thinking on Clipper Chip and, to my
   mind, it represents no change in policy.  In fact, when this letter
   was sent, I would be surprised if the Administration even thought it
   was news.

Is the EFF growing seriously out of touch that an ordinary Senator's
assesment is so obviously more realistic?
--
Jurgen Botz, jbotz at mtholyoke.edu | Communications security is too important to
Northampton, MA, USA             | be left to secret processes and classified
                                 | algorithms.  -- USACM





From hfinney at shell.portal.com  Sat Jul 23 08:30:44 1994
From: hfinney at shell.portal.com (Hal)
Date: Sat, 23 Jul 94 08:30:44 PDT
Subject: Card Playing Protocol? (fwd)
Message-ID: <199407231531.IAA16454@jobe.shell.portal.com>


I thought of a simpler way to attack the blackjack protocol proposed
by Karl, where the dealer shuffles the cards, commits to a hash, and
then the player checks the hash at the end of the deck.  Simply, this
allows the dealer to stack the deck.  He can put the cards in any order
he wants, claiming he is shuffling them, commit to that, and the player
will confirm that the hash matches at the end.  Meanwhile the dealer wins
every hand.  So this won't do.

An easy fix would be for the player and dealer to mutually choose a random
seed for a PRNG that is then used in a specified algorithm to choose the
cards of the deck.  The dealer would commit to the hash of his part of
the seed but would not reveal his part until after the deck is played out.
The player's seed and the dealer's are then combined and the player can
reconstruct the sequence of cards which should have been played.

Again, this is only suitable for a one-dealer-one-player game since other-
wise the dealer can collude with some subset of the players and tip them
off to what cards are coming up.

Hal





From jrochkin at cs.oberlin.edu  Sat Jul 23 09:01:07 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 23 Jul 94 09:01:07 PDT
Subject: leahy and the eff on clipper "reversal"
Message-ID: <199407231559.LAA25939@cs.oberlin.edu>


I am amused to see that Senator Leahy's press release was in fact more
"radical", and closer to the typical position of a cypherpunk then the
EFF press release was. An actual politician simply read the Gore letter
for what it was: no significant change in their policy whatsoever. 
While the "public interest" or "advocacy" group that the EFF is supposed
to be appearantly decided it would be more politic to make friends
with the administration by pretending they've made some progress. 
 
I'm sure Leahy (or one of his aides) assumed the EFF would be saying
the same thing as Leahy was. He's probably berating one of his aides right
now for releasing a statement that was more radical and likely to anger
the administration then even the EFF statement. 
 
Sigh.





From berzerk at xmission.xmission.com  Sat Jul 23 09:19:45 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sat, 23 Jul 94 09:19:45 PDT
Subject: Card Playing Protocol? (fwd)
In-Reply-To: <199407231531.IAA16454@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9407231003.A1643-0100000@xmission>




On Sat, 23 Jul 1994, Hal wrote:
> I thought of a simpler way to attack the blackjack protocol proposed
> by Karl, where the dealer shuffles the cards, commits to a hash, and
> then the player checks the hash at the end of the deck.  Simply, this

How about if the dealer sends out the hash of the original deck, then 
each player sends back a permutation(first a hash, for disclosure and 
commitment, then the open value).  The permutations are then applied 
to the deck as shuffled by the dealer, distroying his order.  The 
"goodness" of the original shuffle would allow security from colusion 
among all the players, and the presence of any one good permutation will 
shuffle the deck.

Berzerk.
**********************************************************************
Berserker n.,
 1)a devotee of Odin in early Norse society who fought with a frenzied rage 
in battle.







From solman at MIT.EDU  Sat Jul 23 09:47:51 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Sat, 23 Jul 94 09:47:51 PDT
Subject: Voice/Fax Checks
In-Reply-To: <940722.183524.4a8.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <9407231647.AA20693@ua.MIT.EDU>


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In list.cypherpunks, solman at MIT.EDU writes:
> 
> > I don't agree on this point. I prefer license based e-cash which is 
modified
> > on each transaction (and unfortunatelly gets slightly bigger -- the 
downside
> > of this method).
> 
> I'm not clear on this point.  Is this an audit trail built into the
> e-cash?  I'm not so sure that's a Good Thing.

When properly implemented, nobody can deduce anything from the "audit trail"
other than the validity of the e-cash. If somebody cheats, only the cheater
(and people who reuse his money without checking first) is revealed. I should
note that the Japanese system that I started with does not quite cut it in
this reguard. A tiny bit of probabilistic encryption goes a long way
towards imporving their system. (Vendors and banks could otherwise deduce
things when they saw the same license).

On a more important note, I believe that in one of the papers on my to-read
list for this weeked, Chaum demonstrates that e-cash can not be transferable
unless it grows bigger. Otherwise you have to give it back to the bank and
get a new one each time it is used. Given this, I think that it is highly
desireable for us to accept the increasing size of the e-cash and maintain
its transferability.

JWS





From ben at Tux.Music.ASU.Edu  Sat Jul 23 10:31:13 1994
From: ben at Tux.Music.ASU.Edu (Ben Goren)
Date: Sat, 23 Jul 94 10:31:13 PDT
Subject: Travelling ants
Message-ID: <Pine.3.89.9407231054.B6362-0100000@Tux.Music.ASU.Edu>


A recent RISKS digest had an article that described a computer that 
simulated a colony of ants with independent software units that 
interacted in certain ways. The article said that the "ants" were able to 
find an efficient solution to the traveling salesman problem.

Wouldn't such a system be perfect for a public key cryptosystem? It seems 
that mechanisms already designed for knapsack algorithms would work; it 
would remain to be worked out if the traveling salesman problem has the 
same cryptographic problems as the knapsack problem.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): We won! Clipper is dead!
 BUT! Just say no to key escrow. And stamp out spamming, too.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.


du says to finger remailer-list at chaos.bsu.edu and
> that account does not exist.

Chael Hall changed operating systems on chaos and hasn't reinstalled the
finger thing yet.  You can get the list by sending mail to
mg5n+remailer-list at andrew.cmu.edu






From sglass at netcom.com  Sat Jul 23 11:30:00 1994
From: sglass at netcom.com (Sheldon Glass)
Date: Sat, 23 Jul 94 11:30:00 PDT
Subject: Travelling ants
Message-ID: <199407231820.LAA07482@netcom4.netcom.com>


Operating System: SunOS 4.1.3
Site: netcom4
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1796      

-----BEGIN PGP SIGNED MESSAGE-----

| From:    Ben Goren <ben at Tux.Music.ASU.Edu>
| Date:    Sat, 23 Jul 1994 10:24:48 -0700 (MST)
| Subject: Travelling ants
| 
| A recent RISKS digest had an article that described a computer that 
| simulated a colony of ants with independent software units that 
| interacted in certain ways. The article said that the "ants" were able to 
| find an efficient solution to the traveling salesman problem.

I bought Rudy Rucker's Hacker and the Ants (0-688-13416-5) in May.
Jerzy Rugby's an artificial life hacker who battles millions of "strange
viral pests appearing from out of nowhere to wreak havoc throughout the
net" in his quest for truly intelligent robots.  I really enjoyed the
story.  Like Stephenson, Rucker makes cyberspace a blast.  Recommended
buy.

Remember folks, don't allow 0xdef6 as the Godel sentence if you're into
this kind of thing.

| Wouldn't such a system be perfect for a public key cryptosystem? It seems 
| that mechanisms already designed for knapsack algorithms would work; it 
| would remain to be worked out if the traveling salesman problem has the 
| same cryptographic problems as the knapsack problem.

I wonder if e$ fundraising could support grants to investigate good
ideas?

| b&

Sheldon
- -- 
sheldon glass             | "... if you think ah *enjoy* steppin an fetchin an
sglass at netcom.com         | talkin this way, you crazy."
#include <std.disclaimer> |
   finger for PGP key                       from _Wetware_ by Rudy Rucker

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjFfPDl9PRHQ3ZZVAQHJvQP+ILCjhhJ8wixQum85yGzEVU8/R69ZGBXl
RuOgLIIaVf/uajgl3B3/ILBRUR3n2W7iZpniTX4zQaTtkkcJPINE9iLHpVK+D0jK
40dkxeLP2q4Iz42NetBlvd4Ud+AXO5rl9lc1KUbOUY2O5SpEEV74XL72cNiXF0bd
ESk0gUda4TU=
=TOrZ
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Sat Jul 23 11:42:58 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 23 Jul 94 11:42:58 PDT
Subject: Stalling the crypto legislation for 2-3 more years
In-Reply-To: <199407231802.MAA06494@misc.glarp.com>
Message-ID: <199407231840.LAA23600@netcom13.netcom.com>


Brad Huntting wrote:

> The right to free speech is protected by the US constitution.  We
> need only show that encryption software == speech.
> 
> This shouldn't be to difficult (a bit painful perhaps, but not
> difficult).
> 
> The act should involve a published work (preferably in the printed
> sense).  It should be clear of any gross patent infringements as
> they might cloud the issue.
> 
> Since the hardware will be confiscated it should probably be a
> cheap PC.  Also, it should probably be in a house with no other
> computer equipment.  That way when it's confiscated, they wont take
> anything besides the ftp server.

I _like_ this idea! Explicitly calling the site a "Free Speech" or
"First Amendment" site, and publishing all sorts of things could help.

I think we ought to think this out some more. 

Publishing encrypted stuff, etc.

Of course, lots of sites already publish encrypted stuff, have
PGP-encrypted files on them, etc., and the Feds have not moved to shut
them down, so it may be real hard generating a test case.

But I do like the explicit emphasis of the connection between
encyption and free speech; this is the line I use with people. To wit,
"Nobody can tell me what language I have to write or speak in."

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hfinney at shell.portal.com  Sat Jul 23 15:15:37 1994
From: hfinney at shell.portal.com (Hal)
Date: Sat, 23 Jul 94 15:15:37 PDT
Subject: Voice/Fax Checks
Message-ID: <199407232216.PAA03381@jobe.shell.portal.com>


solman at MIT.EDU writes:

>On a more important note, I believe that in one of the papers on my to-read
>list for this weeked, Chaum demonstrates that e-cash can not be transferable
>unless it grows bigger. Otherwise you have to give it back to the bank and
>get a new one each time it is used. Given this, I think that it is highly
>desireable for us to accept the increasing size of the e-cash and maintain
>its transferability.

I had the impression from that paper that with transferred ecash, a person
earlier on the trail could always recognize the cash even at a later point.
This followed, Chaum claimed, from the need to detect double-spending.
I'd be interested to hear whether you get this from that paper as well.

In the real world, I'd guess that most cash is not transferred very much
before it goes back to the bank.  I get money from the ATM and spend it
at the grocery store, which takes it to the bank every day.  The smaller
bills may circulate a few times because they go back out as change, but
even there I'd guess there are not many transfers.  So there are two
possible lessons from this: one is that perhaps transferrable cash is not
very necessary; or the other is that it's not a significant problem if
cash grows somewhat each time it is transferred because it probably won't
get very big.

Hal






From berzerk at xmission.xmission.com  Sat Jul 23 16:04:29 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sat, 23 Jul 94 16:04:29 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221816.AA24181@tis.com>
Message-ID: <Pine.3.89.9407231616.A13229-0100000@xmission>




On Fri, 22 Jul 1994, Carl Ellison wrote:
> 1.	I'm not a fan of key registration
Good, but DONT make comprimises that screw the other guy.

> 2.	If it were forced down my throat, I want to make sure that
> 	the escrow agents can form a list of people being tapped so that
Ok, so what you are saying is you don't want your phone taped just 
because your coworker is under investigation.  This is a reasonable 
objcetive, but...

> 	they can detect abuses and possibly notify those tapped that
> 	they've been compromised.  They can't do that without either an
Wait a second, they would notify those that have been victimized?  Are 
you serious?  Do you have one case in the history of the united states 
where they have done this?  I think it is better to keep it out of their 
hands totally, and it would be beter to identify the person doing the 
taping, not the person being taped.

> 	ID of the equipment owner or some communciations/routing path
> 	which can map from equipment ID to my addr/phone/e-mail (to
> 	notify me).
Ok, so you would, if you had to register your key, also demand that all 
communication devices be registered also?  I don't like this idea, I have 
a right to communicate and I don't need the governments permision to use 
the phone.  I think you are selling away everything with this proposal.

> 	In other words, I want to see this hypothetical escrow agent
> 	(or one of the many) as someone protecting my rights against the
> 	interests of a tapping agency.
I fail to see how you identifying yourself every time you have to use a 
pay-phone could possibly lead to a protection of your rights.

Berzerk.






From kevin at beach.com  Sat Jul 23 17:04:08 1994
From: kevin at beach.com (kevin at beach.com)
Date: Sat, 23 Jul 94 17:04:08 PDT
Subject: Traceless Communications
Message-ID: <940718225304.1956AAC7M.kevin@beach>


For anyone interested in private communications:

We have a way to make untraceable phone, fax and modem calls!

We've negotiated with a reseller to pre-pay a (huge)chunk of minutes at a set
price. No information is taken. My company simply gives them the money and
they give us an 800 number and a ton of random access codes to get into their
network...from anywhere in the world(it can also be used as a travel card). We
then make the number and codes available with no record of ownership. As well,
by the time we distribute the access codes, they have been sequestered through
3 levels of distribution.

Payment is made up front in cash or by money order and no record is kept of
who gets which access code. No records, no invoicing, no auditing by Uncle
Sam. Just complete communications privacy.

Trial access codes are available in a block of 100 minutes for $75. Large
volume discounts apply thereafter. FYI, another company is providing this same
service at 90
minutes for $99.

Call or email:

Kevin T. Smith, President


TeleSource
(408) 247-4782 voice
(408) 247-1070 fax
ksmith at beach.com

*****************NeXTMail Preferred********************





From smb at research.att.com  Sat Jul 23 17:12:24 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sat, 23 Jul 94 17:12:24 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <9407240012.AA02552@toad.com>



	 > 	they can detect abuses and possibly notify those tapped that
	 > 	they've been compromised.  They can't do that without either an
	 Wait a second, they would notify those that have been victimized?  Are
	 you serious?  Do you have one case in the history of the united states
	 where they have done this?

In point of fact, U.S. law has required after-the-fact notification of
wiretaps since 1968.  There's a statutory period within which
notification must take place, unless extended by a judge on the
grounds.

This is 18 USC 2518(8)(d):

	     (d)  Within a reasonable time but not  later than ninety
	days after the filing of an application for an order of approval
	under section 2518(7)(b) which is denied or the termination of
	the period of an order or extensions thereof, the issuing or
	denying judge shall cause to be served, on the persons named in
	the order or the application, and such other parties to inter-
	cepted communications as the judge may determine in his discre-
	tion that is in the interest of justice, and inventory which
	shall include notice of-

		  (1)  the fact of the entry of the order or the applica-
	     tion;

		  (2)  the date of the entry and the period of autho-
	     rized, approved or disapproved interception, or the denial
	     of the application, and

		  (3)  the fact that during the period wire, oral, or
	     electronic communications were or were not intercepted.

	The judge, upon the filing of a motion, may in his discretion
	make available to such person or his counsel for inspection such
	portions of the intercepted communications, applications and
	orders as the judge determines to be in the interest of justice.
	On an ex parte showing of good cause to a judge of competent
	jurisdiction the serving of the inventory required by this
	subsection may be postponed.

This is for domestic surveillance, not for intercepts pursuant to the
Foreign Intelligence Surveillance Act.





From jamesd at netcom.com  Sat Jul 23 17:27:45 1994
From: jamesd at netcom.com (James A. Donald)
Date: Sat, 23 Jul 94 17:27:45 PDT
Subject: GUT and P=NP
Message-ID: <199407240028.RAA12119@netcom7.netcom.com>


Ray wrote:
> Everything is an algorithm
 
This does not appear to be a very useful concept of what
an algorithm is.
 
>   I can't think of a single thing which is non-algorithmic
> except true randomness or non-determinism. 
 
How about any process where the state and the change
between one state and another state can be described
tolerably simply in some language that is not explicitly
algorithmic, but which is enormously difficult, complex,
and expensive to describe in explicitly algorithmic
language, for example water pouring through a channel?
 
 
-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we     James A. Donald
are.  True law derives from this right, not from     jamesd at netcom.com
the arbitrary power of the omnipotent state.





From solman at MIT.EDU  Sat Jul 23 17:34:06 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Sat, 23 Jul 94 17:34:06 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407232216.PAA03381@jobe.shell.portal.com>
Message-ID: <9407240033.AA22975@ua.MIT.EDU>


> solman at MIT.EDU writes:
> 
> >On a more important note, I believe that in one of the papers on my to-read
> >list for this weeked, Chaum demonstrates that e-cash can not be transferable
> >unless it grows bigger. Otherwise you have to give it back to the bank and
> >get a new one each time it is used. Given this, I think that it is highly
> >desireable for us to accept the increasing size of the e-cash and maintain
> >its transferability.
> 
> I had the impression from that paper that with transferred ecash, a person
> earlier on the trail could always recognize the cash even at a later point.
> This followed, Chaum claimed, from the need to detect double-spending.
> I'd be interested to hear whether you get this from that paper as well.

Well I've skimmed the paper because this is non-intuitive to me, and I'm
impressed by the level of security that Chaum requires from his protocols.
He treats the absolutely impossible and the computationally infeasible
seperately. Determining whether the coin is one of yours falls into the
second category. In order to determine whether you have used a coin
previously (in a maximally secure scheme) you need the bank's secret key.
So you just wind up your 4096 bit number factoring machine, dump in the
modulus, and presto, out come your factors from which you compute the
secret key.

Now I don't know about you, but if I had the bank's key, figuring out
if I've seen a digital coin before is NOT the first thing I would do.

JWS





From wcs at anchor.ho.att.com  Sat Jul 23 23:53:50 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sat, 23 Jul 94 23:53:50 PDT
Subject: Travelling ants
Message-ID: <9407240652.AA08911@anchor.ho.att.com>


Tim May writes:
> * By the way, there has been little progress in taking known
> NP-complete decision/computation problems and making cryptosystems out
> of them. I'm not sure why this is, and I get the impression that not
> many others understand this either.
> 
> In fact, I'll close with a nagging questio. Except for some work on
> elliptic functions, there has been no real alternative to RSA for
> public key crypto. Why? One would think that in 16-18 years of work,
> some alternatives based on something other than the difficulty of
> factoring or taking discrete logs would have been developed. Why not?

Good one-way transformations are hard to find.
Merkle & Hellman's knapsack-based cryptosystem predated RSA;
it depended on transforming an easy subproblem of a NP-hard general problem
into the general case.  Shamir and others found ways to reverse the
transformation that was used, reducing it to the easy problem.
In general, a symmetric cryptosystem needs to have one easy path through it
(using the key); an asymmetric system needs two (encryption & decryption),
and that's much harder to find.  The inter-relatedness of NP-complete
problems probably doesn't help much.  

There may be some deep mathematical truth hiding somewhere in here,
but I'm more of an applied-math type than a real theoretician :-)

A separate problem is that signature and encryption are both useful,
and it's hard to find a system that can do both securely.

> "National borders are just speed bumps on the information superhighway."
Lately they've been more like speed limits...

			Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From wcs at anchor.ho.att.com  Sun Jul 24 00:07:27 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 24 Jul 94 00:07:27 PDT
Subject: Cordless phones with encryption
Message-ID: <9407240706.AA09003@anchor.ho.att.com>


Nobody asks:

> Can anyone recommend a good 900 Mhz. cordless phone with some
> sort of voice encryption or scrambling?  My most important 
> objective is maximum range from the base unit, but I'd also like 
> some privacy, too.  Thanks.

If all you're looking for is "some privacy", any of the digital 
systems will give you some, and spread-spectrum systems should do more.
That'll do better than simple analog scrambling to keep scanner-users
from listening in on your calls; spread-spectrum systems will continue
to be useful after the scanner-users get basic digital capability.
Neither one will really keep the NSA out, but they can tap the wireline
your phone's base unit is connected to anyway :-)

If you want to know whether a set is using spread-spectrum or just
vanilla digital, you'll get better information at a specialty
telephone or electronics store than at the large discount warehouse-place
where you'll probably eventually buy it (:-), but it may take you
a few contacts with manufacturers to find out more than what's on the box.

(Shameless plug follows:)  I think I remember reading that AT&T was
doing a spread-spectrum cordless with a range of about a mile,
and a price in the $400 range, but I haven't really kept track.

(List-traffic-reduction plug follows:)
I would have replied by email instead of sending this to all 700 people
on the list, but you used a remailer without return message capability.
anon.penet.fi gives you an anonymous account, and some of the cypherpunks
remailers like soda.berkeley.edu now support encrypted return-blocks.

		Bill





From wcs at anchor.ho.att.com  Sun Jul 24 00:59:22 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 24 Jul 94 00:59:22 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <9407240758.AA09433@anchor.ho.att.com>


Carl Ellison, who should know better (:-), writes:

> if you really want to propose an escrow system we can live with,
> I would demand that it include:

Arrrgh!  I'll try not to flame much here, but this is *wrong*!
Please don't buy in to the government's claims of legitimacy
for this nonsense merely because they've backed down on the less
practical implementations of their abusinve proposal!

First of all, _escrow_ systems are something that two contracting parties
use when they want a trusted third party to perform a service for them.
Holding deposits in real estate transactions is a classic example.
Built-in wiretaps are *not* escrow, unless the government is a party
to your contract.  As somebody on the list once said, just because
the Mafia call themselves "businessmen" doesn't make them legitimate;
calling extorted wiretaps "escrow" doesn't make them a service.

The government has no business making me get their permission
to talk to anybody about anything in any language I choose,
and they have no business insisting I buy "communication protection service"
from some of their friends to do it, any more than the aforenamed
"businessmen" have any business insisting I buy "fire insurance" from *them*.

If you want to talk about escrow systems, the proper contexts are 
things like contract fulfillment between anonymous parties...

Meanwhile, back to conditions for built-in phone wiretap systems:

> 1.	unambiguous ID of the person being tapped in the LEAF-equivalent

No!  I agree that having the government prove your phone was used
for a given conversation that you weren't part of is bad,
but the only way to have unambiguous ID for wiretappees is to have
unambiguous ID for everybody - I certainly don't want to have
to insert my National Real American ID Card into a phone to make
a call, or into my computer to send email, and in case people start
noticing that they can't make phone calls after their wallets are stolen,
I don't want to have to wave my arm-tattoo over the scanner either.
(Ok, I said I'd *try* not to flame :-)

> 2.	multiple escrow agencies, at least one of which is the NSA HQ
> 	(for its superior physical security)

They're the *last* people I want involved with routine communications
between ordinary people.  They're an agency that should probably be
abolished, but at most they should stick to providing secure communications
for the military; I don't want military police agencies or even Federal
civilian police agencies getting involved in civil commerce, 
(especially when they're doing it to find new businesses now that we don't
have Commies to kick around any more.)  I shouldn't need *anybody's*
permission to have a private conversation with anybody,
but least of all a secret organization that classifies their
activities rather than working out in the open.

> 3.	watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR,
> 	EFF, NYTimes, ...) with authorization to look for abuses of
> 	authority and to refuse to release keys in such cases and to
> 	publicize such cases as well as bringing them to the attention
> 	of law enforcement for prosecution.

Realistically, if the government starts allowing non-government agencies
as keymasters, it'll probably be banks or phone companies, since they're
large cooperative subpoenable organizations that are involved in the
communications the government most cares about wiretapping,
and they're hard to avoid since they're providing your services.
In particular, it'll help set precedents.  Bad ones.

I'd also worry about the effects on a watchdog group of taking government
money for helping the government wiretap people.  Wiretap keymastering
is likely to be an expensive activity, if done competently,
and involves major questions of liabilty.  What happens when
the government says to your group that they'll cut your funding
by $1Million if you don't keep this one quiet?  Even if you're honest
enough for that not to work, what about the moral effects of being on
the government's side in a court case (as keymaster) when you
used to be the group that defended the Steve Jacksons and Craig Neidorfs?


> 4.	user-generated escrow keys, to reduce the chance of anyone having a
> 	backdoor way to get the whole escrow key database.

That's a minor technical detail :-)  It's also quite possible,
and the all-software wiretap version that Dorothy Denning and friends
are talking about supports it just fine.  A more important detail
would be to use genuinely separate master keys instead of one master key
split into multiple parts for the keymasters by the trusted NSA,
as in the current Clipper system.


				Bill 
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From wcs at anchor.ho.att.com  Sun Jul 24 01:31:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 24 Jul 94 01:31:36 PDT
Subject: Gore's "new and improved" key escrow proposal
Message-ID: <9407240830.AA09655@anchor.ho.att.com>


Eli writes:

> Tim May said:
> > Others here will have a clearer idea than I have, but I don't think a
> > "software standard" is what is now being planned. Software-only
> > solution cannot possibly have the security that's needed [...]
> 
> My reading of the BSA blurb was that software key escrow really is
> being planned: "software implementable [and] based on a non-classified
> encryption formula".  Yes, this sounds pretty silly.  I don't see how
> you could possibly prevent a rogue phone from interoperating with a
> fascistic one.  Guess I need to snarf the original document.

Whit Diffie gave a talk at a recent Bay Area Cypherpunks meeting
about the software-only master-key system that Dorothy Denning
and friends are working with.  He'd talked about it earlier,
and it was discussed at a workshop at Univ.Karlsruhe they went to.

Essentially, it's a fairly clean protocol for sending a session key and
a master key, encrypted with a keymaster's public key, in a way that the 
recipient of the message (who knows the separately-negotiated session key)
can duplicate the public-key-encrypted access-field chunk to verify it.
The wrinkle that was noticed at the workshop was that you can use 
anybody's ID in the ID field, so there's a need for your master-key
(which is already digitally signed by the keymasters)
to include some verification; I don't remember the details,
though it was fixable after some mild embarassment for the statists.

As far as communications between rogue phones and conformist phones,
it's actually stronger than Clipper turned out to be - if the conformist
receiver *wants* to verify that the access-field is correct, it can,
so you have to generate it correctly, while you could generate a
fake Clipper checksum in ~2**16 tries and the receiver wouldn't know.
For end-to-end communications, that's ok; if you and your friend
are both non-conformists, you don't need to check access fields,
and you gain a small setup-time advantage by not checking.
But your cellular phone company will probably be Conformist,
as required by Digital Telephony Initiative #N, and your bank
may be as well (assuming the government continues to regulate banks.)

Unlike tamperproof secret-design hardware, an open wiretap protocol
can't force you to be conformist - but traditional government regulations
have worked to keep banks and phone companies conforming in the past.

Will they be able to get us to accept this abuse?  Maybe.
I hope Clipper put a bad enough taste in the public's mouth that
they won't get away with it, but a hardware chip is a lot more concrete
than "telecommunications software protocol standards" for many people.
Depends on whether the government looks like they're "compromising"
(which looks good and nice) or "continuing to push this trash
even after they've lost" (which looks obnoxious, but they seems to be
getting away with it quite well with National ID cards - they're on 
about their 5th attempt.)

				Bill
				
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From cyber1 at io.org  Sun Jul 24 01:54:41 1994
From: cyber1 at io.org (Cyber City)
Date: Sun, 24 Jul 94 01:54:41 PDT
Subject: Emacs + PEM|PGP
Message-ID: <m0qRzKN-000tyqC@io.org>


I noticed a beta of this "mew" program in gnu.emacs.sources.  Perhaps
someone on this list can assist in the PEM/PGP part.

-Alex

...............
>			  Kazuhiko Yamamoto
>			    July 15, 1994
>		       kazu at is.aist-nara.ac.jp
>
>Mew(Message interface to Emacs Window) is a message interface to
>Emacs/Mule(Epoch someday) that integrates structured message such as
>MIME, PEM(PGP someday). Mew is now based on MH but will support USENET
>news soon.
>
>Currently, following features are supported.
>
>* Selective MIME part viewer.
>* User friendly MIME composer that maps directory structure to multipart.
>* PEM auto decryption and functions for encrypting and signing.
>* LRU message cache engine.
>
>...
>
>I'm very interested in support of numerous PEM implimentation and PGP.
>Integration of MIME and PEM/PGP also interests me.
>
>If you use PEM other than FJPEM, please tell me
>	the overview of your PEM,
>	command line options for each PEM command, 
>	the way to get public key.
>
>If you know PGP 2.5 excluding RSAREF 2.0 that Japanese may obtain from
>the US, let me know.
>





From 0x7CF5048D at nowhere  Sun Jul 24 02:30:31 1994
From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere)
Date: Sun, 24 Jul 94 02:30:31 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 000
Message-ID: <199407240908.AA19968@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

released to the public domain.

The legal kludge makes output from PGP 2.6 from an Eastern University
incompatible with earlier versions after Sept 1 1994.

A Usenet article has documented a discovery by Paul Elliott that the
pgp 2.6 legal kludge can be disabled by invoking it with the following
parameters:

pgp +CERT_DEPTH=0 +LEGAL_KLUDGE=OFF +CERT_DEPTH=real_desired_value others

This program invokes pgp with the above
parameters. "real_desired_value" is taken from the CONFIG.TXT
file. This will cause the legal kludge that makes PGP from an Eastern
University incompatible with earlier versions of PGP to be turned
off. This program does not address the incompatible signature format
problem. This does not modify the code or the executable of PGP in any
way. It simply invokes it with unusual parameters.  Therefore it
should be legal.


The program searches your config.txt file for the default value of
CERT_DEPTH. It will run slightly faster if this variable is at the top
of that file.



The program to be invoked may be controlled by the environment
variable "PGPEU". EU stands for Eastern university.  This variable may
specify the file name or a complete path.  If this variable is
undefined, the program indicated by the hard coded string "PGPEXE"
will be invoked this string may be defined with a -DPGPEXE= flag at
compile time.


By default (that is if PGPEU is undefined) PGPNOKLG.EXE
will search your path for a program called "PGP.EXE".

Thus the command:

PGPNOKLG -e file

will call PGP 2.6 in a way so that the result will be
compatible with earlier versions of PGP.

The program PGPNOKLX.EXE invokes (by default) a program called "PGP26.EXE".
So you could take the original program "PGP.EXE" from an Eastern
University and rename it to "PGP26.EXE" somewhere in your path.
You could the rename "PGPNOKLX.EXE" to "PGP.EXE" then when
PGP is invoked normally it will really be PGPNOKLX which
will invoke the original pgp (AS PGP26) in a way that output
will be compatible with earlier versions. Thus scripts, shells and mail
programs that are designed to invoke pgp could continue to work,
but in a way that the output is compatible with earlier versions
of PGP.

This program has been ported to MSDOS and OS/2. Somebody please port
to all other platforms.

I have posted a zip file which contains source, makefiles and binaries
as a pgp signed binary, in 3 posts.

The following is the source for the programs pgpnoklg and pgpnoklx.
- ----------------------------------------------------------------------
/*

Released to public domain!

works dos os/2, please port to all other platforms

It has been recently discovered by paul elliott
that the PGP26 (eastern University) legal kludge can be disabled by invoking
pgp with the following parameters:

pgp +CERT_DEPTH=0 +LEGAL_KLUDGE=OFF +CERT_DEPTH=real_desired_value others

This program invokes pgp with the above parameters. "real_desired_value"
is taken from the CONFIG.TXT file. This will cause the legal kludge
that makes PGP from an Eastern University incompatible with earlier
versions of PGP be turned off. This program does not address
the incompatible signature format problem.


The program to be invoked may be controled by the environment
variable "PGPEU". EU stands for Eastern university.
this variable may specify the file name or a complete path.
If this varriable is undefined, the program indicated
by the hard coded string "PGPEXE" will be invoked
this string may be defined with a -DPGPEXE= flag
at compile time.

The program searches your config.txt file for the default
value of CERT_DEPTH. It will run slightly faster if this
variable is at the top of the file.

deveolped for borland c++ compilers for msdos and os2
to compile

bcc pgpknolg.cpp

*/


// necessary include files.
#include <stdlib.h>
#include <string.h>
#include <dir.h>
#include <iostream.h>
#include <fstream.h>
#include <strstrea.h>
#include <iomanip.h>
#include <process.h>

// define executable path to invoke pgp.
#ifndef PGPEXE
#define PGPEXE "pgp"
#endif
#if defined(__OS2__) || defined(__MSDOS__)
#define SEP '\\'
#define SEPSTR "\\"
#else
#define SEP '/'
#define SEPSTR "/"
#endif
int main(int argc,char  *argv[])
{

 // path to invoke pgp.
 char pgpexe[MAXPATH];

 // if environment variable PGPEU is defined use it
 // as the program to invoke as pgp!
 char * pgpeust=getenv("PGPEU");
 if (pgpeust) strcpy(pgpexe,pgpeust); else *pgpexe=0;

 // If no such environment variable use hard coded PGPEXE macro!
 if (*pgpexe == 0 ) strcpy(pgpexe,PGPEXE);
 char path[MAXPATH];


 // get the path where the config.txt file is supposed to be
 strcpy(path,getenv("PGPPATH") );

 // and get its length
 int len=strlen(path);

#if defined(__OS2__) || defined(__MSDOS__)
 // convert all '/' to backslashes for dos os/2
 char *w;
 for(w=path;*w;w++) if(*w=='/') *w=SEP;
#endif
 
 // if there some chars and last one is not \ then add one.
 if (len)
 {
   if ( path[len-1] != SEP ) strcat(path,SEPSTR);
 };

 // add the filespec.
 strcat(path,"CONFIG.TXT");

 // default value if can not get from config.txt file
 // this is the value in the pgp26 executable
 int cert_depth=4;

 // parse the config file for the value of CERT_DEPTH
 {
   // open the file
   ifstream config(path);

   if ( config.good() )
   {
   	
   // read till eof
    while( !config.eof() )
    {
     char buf[512];

     // read a line
     config.getline(buf,sizeof(buf));

     // if not commented.
     if ( *buf != '#' )
     {
       istrstream line(buf);
       char field[80],equ[80];
       int depth;

       // parse line to first field equal char and value
       line >> field >> equ >>depth;
       if ( line)
       {
       	 // upcase the field
	 strupr(field);

	 // if we have a "CERT_DEPTH=val" LINE
	 if ( (strcmp(field,"CERT_DEPTH") == 0) &&
	      (strcmp(equ  ,"=") == 0 ) )
         {
           // save stored depth
           cert_depth =depth;

           // abort search of rest of file
           // this program will go faster if CERT_DEPTH is
           // at top of file!
           break;
         }
       }
     }
    }
   }
 }

 // create a parameter string fo the form "CERT_DEPTH=val"
 // where val was found in the config.txt file!
 char reset_par[20];
 {
    ostrstream reset_file(reset_par,sizeof(reset_par));
    reset_file << "+CERT_DEPTH=" << cert_depth << ends;
 }
 typedef char * string;

 // list of arguements!
 string list[200];

 // leading arguemnts
 int out_idx = 0;
 // name of program
 list[out_idx++] = "PGP.EXE";

 // we do this to set the variable "value" in pgp 2.6 to =0
 // the value of CERT_DEPTH is not really needed to be 0
 list[out_idx++] = "+CERT_DEPTH=0";

 // this will set pgp varriable "legal_kludge" =value=0
 // works because value is zero because of above.
 list[out_idx++] = "+LEGAL_KLUDGE=OFF";

 // set value of CERT_DEPTH back to its proper value.
 list[out_idx++] = reset_par;

 // add all the rest of the parameters from the command line!
 for( argc--, argv++; argc; argc--,argv++,out_idx++)
   list[out_idx] = *argv;
 // termintate the line!
 list[out_idx]=NULL;

 // replace the current program with an execvp call
 // never returns from execvp
 return execvp(pgpexe,list);
}


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLi2sYw2Gnhl89QSNAQFAGwQAsYh2fCaK9y9ssONU6k9VMDKQLmc5Qz9L
7FdNOl3Qj5Kd7mudMLU/e0tsSPL9Sr4i629bKVFOlFXUXloYn5xRBsz+Ura4pgZD
X2H5bzMAldrwdSN0zfjYX6G8NnvkcpXAZ0BFqw7tBWsflSx3wOjOXLxRDrfKvVvC
DNx7M3uD3vg=
=xdD6
-----END PGP SIGNATURE-----





From 0x7CF5048D at nowhere  Sun Jul 24 02:30:47 1994
From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere)
Date: Sun, 24 Jul 94 02:30:47 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 003
Message-ID: <199407240909.AA20010@xtropia>


part 3/3 of a pgp signed zip file=kludge.zip
not encrypted.


-----BEGIN PGP MESSAGE, PART 03/03-----

SPAi93zPJHaCy2Qm13gOFppFRyZMae56jIMTHPyKgyEWYc5VQOPMwuOlgKZmcSYk
KLKIywDcaqEoOzg4DvMVonxkETdmWYSfSEKFQIykGWLeJQg/ngi0SqSY3Ry0SmIU
wty8RWM5qEkTFQC3cNCUKXYDqOXg8SxxAWS9xCpMgaydPJdDkujPgoYZhZ+WQD0l
cS+4bjISUI1iBKJcMAqvQti3LGIPIqZF+CO4nrEIXwAYlyZc64KuSxP3Q4LaNPFB
AC1p4mEAz6WJBwD8PE18FEAaUFgAY9Kp2Lp0kdloyvigDW9xsDeDgNMqjAB2m20V
ps8HnmgVC2ECDc+kdJszxaOQy7pMMRuSr84UW7JoBuSBqzRTPA6uRZkiAw5yS6Z4
FlwHeTqYCMsgyhuZ4jYAw7PI8wYOVmYJm241syeyhJcBPJQl/HixmQ21UViGTXwU
ElzDXZU28TS4XrMJPWWAS9zzezbxlB36xSbcAZ4xm8jsll3jzcI5i7DCLAwB4vuK
WRgJ4KccPEJg13iL8IFF6LAIg5E8pwv3AtiMAFrHKP8yLlNMZuKHkL+TUf6AEdPB
FeVRwjxKK0htg2BMeJR1AqH6dwWOVxw8LYgeSJctii2YHAg6gGruulUU6wA8Joq7
AbwqUvKoKB4H16ei2AzgY1HcByDfIB4GUGGgdPcbKKZHEp8Cl5uDSiDhAFZycDeQ
dwB3cvBvEmX2TQ5+IlEJ/8HBoxw8x8HvJCrhNQ6GGmn6GI3CnQBKjQJbZGaNHONb
jcKzMMOuNFGUdJNwI3TBfD5rf849v2MS2spIFkFPI5+Zz5jFq6DPgmYxF8CwNM4E
OYBZhBRrGwePpokOK+ExgjfTiLYtTqewuzhYycGedNGOlCddWPMNmNjpotVKsggm
GJxB4CoOVmeIBVDsbRniTsDVTRnEif3ctSODKnE2Q1wDguLVmeICwImpmZRZLXdt
466fZwrHyoE0Zgrd5UjehXcBHM8UPipHKi+8CeBYpnAaQG8m5VmZJVZCnjuyxCoA
P8gS7wDwUpZYB+BvWaIfgGSjmE6buAtco2xiI4Dl3LPWRsLZ97nrORsIdRZhBBNG
Ae5+zoTpAD4RhNsBfCoI6wD0CsBALMJZUfghgO2ScDeAR41CPoB2ozAZgN1EYDbI
mQDqTJTLMZMwAoDEp8pcM06Vn5tBmrfskmjS/NgCgr1FGJUuDILuqGFUoR1M2L0G
2A4TjgDYx4QDAB5gwpMA9nDXbibsX0PzBvnwIIHACA7mCNS6cu5aKNBwV3DQKNDI
PsGj/EEgVv177votB3ZRPAZd9apBfGAwiT4ILpfI08q5nYu71kniHgBNHNwpCZNu
BxyQSML+vkRNeUmi5Ec5iHJws1E8B2CWkVybzRTzUTOh3ikz4dUiC7n2Wcj1GZep
l6cRy9WQ9OF0HQNjkMuJDJoNH3DXLCtngRxUWMlzCmfHRkksGWJmXxjEmQAWcs81
3HO5RJ7b+ZRsAM0DXHcYxQoA64zicgCP8bBmHnaUhx3hYR6T8Plh4IsmwbgTUN0k
VGwhrWSfHxDYJITuBsmcR3nAJBT5gBwBO4Z0g/hUngpyWw7Umru2gzAHroNxPvzA
KOqeZvD8mHv+wyyeBc/hnPOOt4hOCHNz1zcsYjW4tnLX+9z1loUS/NZCmZ20UGbH
ebpfcNdPeMwDFir9ezzBv1moZkGe7gue4FMe9gl3fchd2WkEbk6jBDemiaccIHen
USXuTaM893HX02lU3q+4qzCdip2UTpmNTadcHOlUnpQulgwlOoSueh5WyWMu5+le
TRdCB4AYpguejUiqqK8/TxdKYRxyMoRXQ4ATGRTlSY4oB4FGQZ7fBVYN4N8zxGoA
gzi+WKwUxqwUFuVh23hYLQ9bz8NWWynsMR7WzMOO8rAjPMyTyXEik+NEplDyGOBE
prBvO3AHztRfzRQfhZgvZor7ABRwbj40izwzs8hzC/fclCU2DyXy9xSAcs6462wU
s9pGMV/knu02innaRjFnM6rERCZ4dsDs567vMqpSIxOOgqdXIIl5sUjgPAdPGjiQ
CCgcRDm420igOE3sGEojfQbAdWniaQB380Ht4GFneVg7D3NwyenudAqD0cSwmnQK
+xkP+y0HCo/SwaOc5VF2ZlDl6zIEfwg1XOpPT4bQstfMLvKx/W8AEPOTDDEC4GY+
ONOs5AliGHo+zD1Bp80eBhTMKloBvMg923nM0zzmRD5GRZkUc3omxfwFH9THMoWj
DwDdzSJXWhZV6ZNMwRkijjMBYubaxBwAjIkzAQxm4o0AVoAiAqCCiXOHIUkXiwGc
Z2IJAJWJtwCYLIi3AigDcQfA7w2E5W8YCPVPcQHgZyaxAsI2cFrgM5PrHG/DM1bx
KLh+ahUPA/iCe9ozyRN0MfR8NFM4Al33AG9KXaYQeRS6PJMmSXumsOYREKo51i3P
ElsgwXIupK1j5AIhzQMxf8Tp535JdADVP81d/8VdVxiFFsj6F0YxCgle4AAUmB4A
v+XgLFBTAB9wMJOJ2ZCuiInLhpOehqCEEUNZxoQ9uIrEhDU3Aw8ANghgDS5HUkfu
Q3mdiRjlGBO3ATjCxGpGDDNPhunLhCjMuGoAQIy3i8IBFIw48HHQaaJcPGZxWxro
qNCfAErM4hIA84A7ASgyi9cAmGkWLwMw3Sza04hsMwAFZvFdi5lNMIu/AZBnFl8C
kGsWnwbgNIuPA8gxi/8GINss3gPAYRZXAbCbxQUArGbxegAWEOcASGZxKABmFgUA
MZP4qZmWnc4C6AGNDkDEJDYDOAoME1T4p8ziXABHzOJUAIdBGgRwwCwOyyDWygDs
N4sfpINYYRZfBbAPagbgAbO4H8Aes7gHwG6zWAdgJ9QsnTjQfADbzOKMdEKwfAB1
ZnFMOq042AFUm8UL0PYKs/gJgDVm8XcAVprFVgDLzeLPASwzizIAX4awFYbRahXW
XAGdZaXxm2Cl0dxnFSuAsddZSXXcaCVxvMJK+usaq3A0F/K0ijPBcyb3hCl6FFwt
VvGIFQkueR7hAEgsCssFmaIESpgEomUedGSmeAZinrGSqy5TnAdh83jYzExxaibi
vLg/E4VQcRuAA5nCuGuhJzKF96dAnllC540wYlnCWwCkLPEsROnIFD6ZCvXMEq1Z
NEkmANibRYrkvVmkVj6VJZy4ARptEzsgTMkSBFAIT2eRXngqi/TC5ixh1kKkEwSW
2cQFoJktsFFTHrSJ1TZaxVhpQwIvLAPFbo1N+BDat5JHiXB1rdNGXXeOu84C1bcR
8T8MoJl7PsWjHOauR23ifhvNI3TBrMLMPExcYKcZlwNgOhMdAPJ4lBxGyR3cZWdi
p43I2jkAh5m4H1UfRjXbzzPbx8QH7CipitsAbOdh23hYHcxpO83b5QAmGAT741CQ
QXjkR9ATBmEfAKdBKLoTijUIzkMwZQxCRy2UbhCOAn+3A/gBdKtBAPGIWQxCXT2M
ikGIQC7MIHggZkwkSSAikiRQYhD2g7g100BSV4GBBLM6g9CyBZVA4TdbaHkaxbQF
BiIQZwyC4x4YIw6OcXDYIHx2Ny4HCe8D2M2Bj4MCSXwQJLlsSdwNgEmiD8CDkjAN
0u2TxDPg2iaJp4aQqHkMQIkkHh5CzPQwSEgdkBzAMZ7gMAfLjaJjKK0iIvGfbiQx
ZqqR5J4J3JVnJI7g5K4cI0lIDiPJPXajeAzy3GkUKhqhnkahFkC1kSSPlUYih6DC
PAa8f5+R5ILdRhIImo3CiwCeMpJccIBn1mEUHgQyesYo/ADAaSPx2+NGoq0xo2CF
0iNG4oadRmKD2SZh4rdgjEzEDZmJKvigSeh4GMozCecOkBD8OwB7TELk+7R6hSO9
E8D3AF9MQt1+6DMTjbTPRCMNWhUQM7bRRCNdDeC7MH4m4lXLTcTOjkKUx0nMRna2
30TiQcRECNbNi1V4sZ0m4cAhXNKnYs9BFABnIR2EneHFtvNiX4MowMdO82JPQUzw
bDER/0Ox/gDScmJ1FjMx05Fm4UoTUn2hA4bqSrMw6TZkDMIBoJhTzMJRB/IOIQMF
ZLNQMw7Zi9CxBlmP8MVdoPWDawsu4wo3oU5uFl4Yh5RWWAZ4drtZmHqXZd6ipXNn
L1iwlP3r+dfzr+frPq9f+NuJv5346R9wD/ivtwhszty5tEnvrKRt1w21m53VazdX
bNyweb1zS2V9A3pMnlTAblN9uVb9J8/LtR5COwJPNcirbEnFenmYhclzooeuBac8
J3boeoCBv0jBobGRIqthSuAWxr6h1N7MWNdLI7Aep0+lsaXeMtlvbd4PcZWVEFR9
Ct/etTDW1BJ0xXyDQk3Ri6qq+mMeJTKKsbC5lTzYXgK7W/xajOpfY12U1yBOqKnn
C/BoB49gUwRelb2Qn0d9ht6fjMfwKLeNZhClG965T7BJgb/h0TJB2wkWiF7jT+Ou
VrZSpRfu3Mug7HcCL2Ji5rsy1PQZBj3UTekkMRBdiXWnipylmj08Ml6zd8mjCTza
mjrBQ4LOqGprOgOvFogzFevzEMZUp3UPhr4TltRA/MoGxmQKDGyzMtuDLbZnW5pa
bLtHwzh2GQXMfRulnPq5qtakV+Pe/xKPcrGJMduJJvQMRK+w7X4vUZgDkhy5oCeh
Qgruwnz+TJ7L4S9kUL4DvB6ycIeHHBJ3rNuJNcIceous34R8fda2JnYBbUpgpKw8
KEg+gRfJ37ck1ITZepT1OVgQvlf/ibrjwxE45v7JoSYsqjpCnr/lnjlyk0RVwgxr
xCVB6jblFahseCxvQ43oUf7zLr2HoD6I3bbdykUcW/TCCN+uj7fdid31D8yz4h8Y
WOOg9rc3YRad1I/PQsALnzJE3qVQ5BpwKkf3YbUxRH0GPTyK+AAO40p4L/qWwDwy
vartPHcsdOH9jE1Wm0GjZSHHi9g1ocdmnoeOkUa6m83CQL5DB/INNWFN+3mrCy2B
Vik8Sjb1DeIhcps70Ghh/g9CEg9+CIPbJLL04HOHe8GA3g4oIz90ClpfERyK4atW
r/jVybj5hvaUyt3VeVBD5VrgvDUG5Y+QqvwV8K0Zpty5hjHlPeiA8leS48Msb7TA
RK/qdQ+WmM+ibpWUChMMxq71gz9T29xWqox7eNAtBc2BRrvomxdodLAtN7YZfaLI
6sYIrOm8f6TqdygWqI4caTrvM1cFFg2WwsbAaTWcHbw+uFWSXY6g2wrJBb8RAy2T
W1atLj9pZ1/+dN1zO2P3v7fvUuFQf9llkdksIJxZfqOS64IBbaEW6+2SzbMEJuz0
DwnMWgn1Zb706jUAlTuXMBaYVTccvXKg9qrfXuY9iG61PXDKHoiqfqr/tMCsjX0i
bewXya6HKTXQwRACjaNKQB3aUAthzSVAB6APvYq0Ego+JUHrJay/6rco51eQl+ZD
lZBLLcGh+KJ5thnRUQCZUMZtxo2as09AYNapkVjbDHUavijfowEfIGBVKibE+7NG
qGGq3wrVqhEVwQv4k4RlEE6ZLcaGNan+aeHL1Mw66M6D+OflDvF5H9ZdsgODkF0x
6KRZGMD8v1e+6WDsIGIMeDZamf8aSJ51cBt5HNzOwYMjMRPD8w9mg3OqXblqNYO6
2JX3IO1q+U/lJ61aj9Ug1/JhC+KdCF6CsjbhhW6ItEhvP7kF5aaUZmNTlhKmQG3S
lC9GIfqEG6tkt6NKfqdqxkkfDe9G2W1patl+Nc4RmK9psjnkHT7jpH9om5v6Rncb
ZZwkk8+HZ8huq8FtKRrvtthOeIfJq6XgGPn0YqBVrpiyArhLITDQwZgdE/3pOCHs
gdfVsDj5vNwKExubKsXnwPpR8TnA8f1Qp4njBboD3RZi1HKjnVfPNyfoh863BF3R
8DjZFQVe6QX6ClMa0dU8uaXrJ5CTuhDiROX2IogWaIwx/+/k1q5vY3EhbJDb2tTi
8wCYEam/GVovvy20Qw84qSP8GdAp+W5r0G0JZ3mV54BOQWwJem6ZbC6DsfAo3zFj
JhYhAnHkVsEst4anh6/j2Q6lTHyQsjGRcqTthHsYT1sInGVG6xYT+EphETuEDz1L
ai8OmG+aV7l2qEZyxsutgLUer9LF80y3PTvvehW6O2xuA0SEB/ARuwScURozV5Rn
nExDiW7gjESMkyPyrN2jRBa+TDbLby+hun3gIK4HGLBXKpg5y5cWaJNkM/icw78+
8BciRWFTGJvEVq1OGkbWp/6h+9HUr0SO7voYRkOVp3XDoOZPU+AvNGfijN4GUe4t
U8lDeXwFFUvIWKN7Pg98VKDXGb1bloRcsVBpdAn0wPVJkWcdxGxnuGJ+cXyvF2Q1
ZWlS6BjyqRewN2Ihx/TgUMzN4IoewlRIolMwkerffAAmqdx+6CkAwaFH4O9B/NNW
FMMIbUXUueQVLJKCkMkhnNVtxnxgsjiv24zX4Bv4cbLU7YAJiGzQtvsIDgsQ7a2x
3lYuIzwMfwN/vggjSEPmjj6B/jCMfjth7/h3hFYIRE/AsqjsifWe5DF6gqURf57s
6pE9kpwtW4LpcokUvEUqNFLFS7v9FtnVTa0w+COYOFgXDW6N4VwIurr9Y6gJkJg3
ZZsU9Gqv5uANkDw+S5NYza6LOKRb0pqxCuHs8DDMtmRy9AkcYJAKx6H0xdHCkiA9
1oBqb7DAcHShYWvg45jst2gNDufCuMjtL39oeAG7TnaMBOr4wn58lbKFkzM+9WWq
rhiRTRji7W/pbz7onRgSUowqzLSHXYFZGFTEh/02ipfINzh1ZJIPpgnOHKka0Svw
NxBULG3FUeritsBpIVgck9uEiPxO4NdC0BOFccegMqUA5h1izAo+p2hos/nQWhrS
oEHI68NQMUugRSoJdMQCLRbOJQJR+3YTCUJInN5EbJyF46JPVHesEKduj+2+nQLy
A4tXuZ8muW33/UR8Za8kl/fkl8cCnwPjicDoBMuVhgIYX7k0EpwjBe2FlGFiyBEv
2oUL2Jw50aA7BknC11Nfh6YOx0T1UnAaRSzvDl4bXCUFh8mlivxr4e/UA5RkcTRY
Fgsu7JbbulDO1+dzZNefaT67eoTojIjtm68RrYlBj5X2CBdmnLTd9zxh6/gotDvo
UhoKgWnIw5OqCeiHyJuorDsa6Lg4Ptp7FvDbUKoEy6JBD3RIJJwmuxReGypOviiX
xrAB7eM/DVywUz5Kw2Dsh/bxF/h4Bb2x8HQqXW8I5CFDj0E/FMdSkb5OCpZpr6bg
FOgjuS08Td4hab05LtAYFf1Ipp3hEaorirRk1Odxip7BR7FrJoxVMk/rMn8jmZ+h
KGHd67Lsgd73WgIX1MYbVeAZZmRN5r2u2B5RY2uX7WyMpftM8DfTP9irzI5SSTRx
nkVi8awr1vVTeMHo+5g/w/ace/ATaGTtz+QMFiIib6vatWgwEzgrKuWsyOZVPu2l
7DiFhcDes8EBazEqqRaQ7IWkZNdiFcITw/nIykKlMVAOPcrmwch3hb7MHqJLGF3j
QF1zl1OfaCKjvND+kX2vyxr79Gd+S8itrkb2d21LuDeJ2IQde803mPySuzgMvM5s
e3bY+PbwcNlll9tLmt4Kuuz+D2zPulXbs2Xq+PZVqzkDhfRlVEAbSgwL7fKbb3a9
2RX77D/kXwf+aPjs8OpVfeJpsQov1o/1Tfwi5MtSQ9ttKsWVf41pA381BP5m+Ow/
YuGsGLrjWcFE57lpbYLm7O2oAhLTYa+STyaV/ROe4ElMgPG73vEm4we19+AxMxA2
43IQExtHBWYhZNsHH1yuCZ0R4FbyVHvYeKIsA9in6hu717y7xTeq+ihE8CqtMEjN
FRBCbo/yLLjptUz5CQatTwR9vxeRlTC1qzGrn+4RZ1hIxhqtSMAazCeIsmXKLqtG
2UJ1IPNoVM3KqdpIzmPlohhM5RmtyMFgflu6RPAv9Ee3zgZ2Nj5CFKGnfoLcChNZ
aAeiJv8mNNMivx74lRAsiQbnxwK/EYKro8HlMQ/Mf+V4FAmNpes4CnQos8eUTf/g
lPHHXMSRG2NCG1BQjW/22Jq+RQE9wORntNru30kENE53/BkwvYPkChvglUfUK9bg
BFKCrNBs8PdQHUMzQT5DSuKOBufEwgXxincH50I0jJs9QCt4E6AFUHkQegfkGtBx
NpTEzvYiX+laCQ0gHpEJDVUeh1Z23SxorbYoFVzooy6dQjGtqUzHegmmow3PRewG
GJFiHB65LCq/G/jo4vjPet/TxYlosLQnWB6xNT0V7z5gSrb7HtN7PqJ81st7fi+P
IV8c3/ZVlF31R0Fl/DcQT+VepOAwXq5oPlUOOcNQknGETzU2VUxs6mrOpmYSQ3pX
+Fzrfag50PelSN+9wfJu5eB5yLQ1nIe9VYdoEoVpkQ0ZBhSLh3hoNkrF0HdbMWZb
8hCQdhdsjIFOhITcGkdcSJsqEULkXd24ngMjNus11C9tu98XUIk6dBRch5pJ9Ds2
kp91OYgxQg/FYLCWVEs4etM8tBKIKx0KxgicsoaaMLxG8ChvUQxMoyxIY6xI4OuN
z1DsG9DHozxEnR5s6gE/f3r1NpjJyiNzYPLmYi3UsEmlRDL93ctmOn1/jb+n+T4M
i+E/6O7dMHaEB89gZl0BfNWjXu5384zCQ0JUVughdAF9/++UaD5rIjfQqBLJtXrA
DNH9rk7EnXmT3/gS4lmfvL+bnLfTl5NUc3tSrZtKUbuhpK3QKU0q7w5fetlBXwbq
1WFQjsuU5AYBcRyW2jOYz2vY8ahZ4yksNRNH8CANYzu+4SgeOgN/SCvQllgAlxut
oAyxmSv9QwAWCdDYdNnUyi4PmMVwOgbJw/aIqlk1xeVeWlm2HETkmGHEAvyTAkZ0
2ckPKLpHnYbFKd0kThzCdxjd7+Ho/rKIpjfzXVmmTDMTEuz7b47fEOUURnkYosC8
WmGEuS/KF6kNIUcTCZOjMa/gzCFFhKCA9VqdcNHDoqzW1g+S9UGcQZ1/10owvqRg
l/rtXoyeCVE0ztpXv7MTgnuhM5uLSOGSJp8Pw6y7z4SKZat0PWp5OXvn3ajOXLkH
V9NBorjGl1HdnYEcS5I0QfdzA4MB8SpDFmEmPmATVsItY6uZhZdDljb0se9xXF8k
v10cdFkpwsxC0ES1mB9oLz6D6rKGvxmv1r/fxBfyo75BQIa8ykQqMqpUf4ocUNO4
aZADsyxWXMO5RnlxIVb+pXQkqoPl1lybNPv5CFR4jzT85YuSO6AO3t7VZsTYiM3N
GKQthC32KkcRS6OgptYYvB59tqMmCuQlPAn9h1TjubR4oF0TJAeTNw5QTPl5Lyny
OgZCZ4dIrVeWQO41Bg+2IJ61D2VTc5gKYPEUTs5dfJYq0rLCpipaIKiCWJrGMfl8
FXC7LuSUIekZQptSizxPlDAdcC1fhgysqwg4SXfYgq9I2IGm82BFC7YGXZ0oocOr
BK8y/G9Ugq6O8AQUTvxXgHQm2J4r7QGV4HGuGha6rH5rFfoHG6NYhUCbqbCxo8Es
u0XoqNPFwN4KC2wPrMc1xsYoI+oMJURbQZ4tEvXlDM5E+eR08Z0gpRfIZfVNY5Cg
LsPVzxfALRfnqFucHgpTt+QpP/hEVduM50by0QtO60BdoDj3UCdOH1f0EC0bPh3G
AXAcOk1aVPYhIs/TrmFMGXZR4zIrZDNM4bZ5ZgmXXbD7e9R2RGK+3APt8ne3uSKk
4IKGHtGn5rLhkrwkG5LKmLTOUYNqOnSr2q5CJ5pnuCLb39Ryaz5HG1ce5ep4lh/L
xdnqtLPIVaedob/txHEV0G/Udo/ySljD61f0SRoW1Xd4RsBs/viFNsPD5H1c8/51
3FsJ4SsuNc3HGDVCmfJTPTCi6+t5tI6iNWdYvDkmao4QLEX+js2JySZU2N+MVwhG
1lMjaKhr0dYVKITk8F9iT05pAX0gtFUFikvuT3/W+2b+P+7v7SvEa5K3RaNfKMa/
k8ig9035AsjiCc3CQpqFJvPHrm2R25Gk98aLAK3Sb/nsR3uL1b1eNf+knrWuI+hR
9cxJuRhArbDE6aN9qRc487iQtCMkvYq+z+8ElBTaQ44dIcfv0OOFB8GjCrdQAqph
+9sv4ZHe8PSkBA9DeKtkV79WHnJbobEINIT6E7YTxoc1lWEeePRKdjxF609v/jbG
3eVUv4CBxIyqeo3oxUQfCJG09hFfN6TNOyAznB698GfcVDT+bMBcn0zk2rOf5/pk
PNeIqOUaSco1grn2KJWQK8ljA6zP6+uHqAKK7mLbCbNH+RPDjcRhS4CRKL+H9xtA
YQUNA7VU5n/PdgIk1ROlUVQDtQVPDS+SBy40W12trykDHtDAojZ5+qPRcvuUlk9/
lv+m/GsNFxBJkvFBX5slmlOmPA65hmaawmmFvX4JkMu6aK95b6n1hnb/X1HQTFpy
jQsRF8OCm5qCB7r3IH2M4MLvAOunS7HiAVXbeLlKbrM92/7CYkFk56WRFl8WuQMn
O+ST4QygjeiCV4Z8HnW6D8QUnY7Kn3z+JRzzsANVdAPzmbxK58eqWiy3BdqyAxcN
2z9GJpbofyuqf1ZgCaDoXJB7uT4xPuKpySxTCiOcHkHn8/Vm0uuAPs3o9aXD0IJY
si1CLKyk0BXdmi635bssBldPOEP2R4tRB2gL/yKFkDtI2dQw2FpzQckuhHbcQPqk
vSgQFRtQgbma3JZkHASxwz8MJBVNRZpdjHpMrAuPyveJKdL2MCdhXe9jeKNVw3ZS
LaGgfFfUgyIPtETpdaEUELgIGWtL6124ctt03rb7ewDLakZ6lWv/xvsh4hudVNgu
KxUGNH98lEjpphBgkWSemem/DN6EKJBcrOtDLr5ZkablH74F+m0nkHrQkAr9PcBt
Gxx92oAzzhpojDA/aHXdzCeGBwHrAN3XZZ/hitrum047AFE+WMnyDdEjFNhwTO0G
YPTlDuHzNhpurU+AbgdBiXVZZJhEJ5fUpHuUpX/V2gfCLqpsFjlCogC9wTCOj86I
NIyhFzlSRqLczr9iDaxCAarInwJSLuT+1ejfKrRh5X3plARGtTErJe7YVnOmu9Wc
7g4ViwLwmGJBcFngr1xqFcQu3PbSFDg718n2Q7X5xlac+iHunJsOQxpmqbjzHsk5
tAMd704LbpTWiMi1j7j6ByNuOThueZXr53HM2kf5WmW/HfdZ7pFbQ6U9ocdwl656
J1ZnCVBNxJ/7ScdBf88Sb7CpDl6Uz+aC+EOvwaaN8Nc3JfAiQsSxpmqVPyBzYl9b
DRQlSP4y/cV9Hgdf1IUham06v3UXtFAf7BXJ+0d859JnAAF6cktfAkOSapm+3TAN
+y2VNqR5ldMfQYGgo7dly623glj2Jx2hXtHTc+pcpjyMhhEeYUmZF7f9dnbTvBeS
t51wtzcPxOXediAnvW8Fh6IDGPBJrV4QHqq8+P33Gy9+/70Pbc+5Lmo8gfxj3/99
I270yQutV7zc++b3QZiMXfFmxkmQHGO/3xTTC/n+ex9VqwnJ72WoffL+J+4nTsBS
QVQssIop2736/vSyP2tqkeb+k5pwB7onLG1eAAmV68fRjHl/mcBApO62gNB4pnqq
FZfVqmDWH5xuRXns7EE0OlJZqPRMqPzMLw9fKbAa/s+4uIYtRaZ6exZjKzTB6OAa
q7YZvsYa3wznfTz5PIyjMdjIt/hogwLfKYXa7lXu+pgLbP60wKw1pMF06puJEq95
XvNOrPi9uWh74opYoPrnsMIh19nqB6ni+XkMXSBqqv5zSiPjLtGjLBmPyN5RcYgw
RasrtczyPGZRw5YonQJaX/TBL+y/GXr/yR/JXWrH0jLvkmojdERcLVq9agVk2KUO
6SMBaPhL0+4An8ZBt6T1qNy2WltvxTHxNrdg2354RZ9Bwa1H1xlQst7C9G7pa41I
O8yeATa8gCo/gLkUS8m1SOLwvJexys2dWBsH1KZGUmZcpCmLe22+8Vgth758ec+V
gCiYkWyfH7RrNUZGejbMGepZ2XU2aNbLKj2nWcNA25N4Ji/RkYntv5xKbPsiUWI+
LxEQXi3AMs3/hDKxQG34ASnH6HGH1xiWKFddhZsSQM1JtHgCONrqRE2bZ2ItY2Np
lB4vFVDTop3ma1GIckWfn3NVYjiWEB7GlNkZhHNxNNbHo3kZZvZzyGzGRd+ylEr8
8Erqh5diiX7I03r+OsxSHPe1OkF2ndNQvk0nY0io7MzKJkLlG3z1aJp4tU5bCL3j
ljCgKZmbN2YBOTXZnnObhCiR39MOYlUVBxFn5KIoaM4yw4XU22D6aL6eqLzE3jZn
Auab6pWX5AVpcaVlQmoMhyUlRpFFt03p+kdKwPSuP+IbbeOD9INWOyT0m1KT20EI
CHoce93zdrf4QIUqBpaG8XpYv3g9QU82zDDIMBOtqs4T1kfiMn9yNeXySPC23NSK
O/vlWJcbtiV7qEVOEKIsxSCLg8T8p+TkwbtzUtvMNWn5pibV1jScywu/euW0NS4m
+K0zLsLwkK5zexVUu6qwWAIp1lxoolWYW8kvo1iqemInI5+ZfBBtz5WZhE+hU0m9
BU3DXiSXR20nMubOeJN8e4LlUb4jGGjsAX2EytDM105n49oxaAC254oHg86A3Q+J
bLt3Q5xeN1qUMX8DGpzZHuJWlbhiNVh2WwIdhkDUwG0tuZwNaAxUBCWMcSptB9ix
PF86ldf1HJHLWG+RFRHWNwaEcV04jil+nkCLijQt0GbtqgVfqJc9Xq+Irz61Kt0D
VIU62h+hqijK9/jORGagUWE+rXuvAUFRr0eO6lf0ekSUT3hsLZ4ZKhFuwu2RX4Fc
d1qirmq0FDZa/VpNh8Nf23NoXme1PVckyW+PPdlLRnVooLt115/x9NmuyhiCQn/M
tzDQaGf+Irl1HPqAbLnrQ3yZcdI3AbqGPHvbx0aewBcfiobYabtep1wWxnPBgMcZ
Eiw7Md0duMxEOGbtWoMiWesVrtgTSBd8N8huUJSshXOsvuFUdib3yJhj1Rb3lg+U
y0gu+XmVlV8k98eE3lZUmn2X93J27xvR6+a9aK8RyAIPkjyJZsKi3mk6s/Iqd3yg
SQM37FJ3Qpqtg+Pzo7dIouyMyltvq2p8FgXmS0LSHMrjtkg6C4RM44GF2/L8iYkZ
WCNdDAOlv+x9lavU+sjhKINEjRLANReTEY5v1llwCHE0e1ud2hCWAHZhIq4WXUjp
DT90GY+NA05rgbcnCng9Je7NPJLvpl6Xg5qq+U/u5VtklDq3t7UIw0bquCC/reMH
x229Wx2kh0NWuC7rq5FdjkCHucRnL/GNKfHlBxTRN63ENzu8iGqj4iqkHc0lreFZ
umkh+YQnTW4BXJDLcb9bfTM8JiU+2lRS21k8+aqkkkaX+K7Ckq4p8c0Iu5JyDZyy
hKfxpDyfPFLcrLyMUcnlZ6UmW4HaE1JEfV8D5zrygpi+VMPVAlesQh5KY70EKK1V
Hozb7VHfdX3YjqEPiQ/enZ1KkXtoKRNK19s0AjoQ23RFiW98eDJQNE+Z+g62Z5z2
Hs7BHcG34WWI7oPqZ5mHoqVivEzt17MeWgITELLOLvGNDF/mVd8OnJLCwwCCmtwG
fzPw1cT9ubHA6WXEGpqbUaRYOUJDUI9JOFkhj6Zm3BINLs7Vu+K2qLzQGbzFmdQ1
5bnB23KQ2dptzy2Xel8RWdJOKi6SR2mRvBt7tpv3bHevK1JA0RTcwYjp3Lon0FLs
Ua4B4SWpvFHB7ERpQZH4siSX5gQ9VuK99irgqlXB5dkAFYAj5fJYcLlDLrcHl1va
ikhyaCsimeKFH08UWHB5jlzuDC6fijVfPl0udwSXO+Xy7ODy3NYiF2stmieElheD
FmtdGnR1Kkf/EKcVSUILyhDK+F5coJ/AbE1vsf+hDKNjj9BPQMgL3padKl90Bj05
uOHx2PmUfllhD879SlGiKBe3IvpKE4HGDoY2ZR2g2uwtQqHiD6k4ew4EQLW916UQ
FZnDJUbU6kBiPI0SYyeMlOrP5tTYo/zX56qKQTB/0pVvDoe++SUtAJ2V6exJUMRu
8l8PGRJln4RxHWS44MkDcjgBKB92uFIZS8rnRsznTjGlRdCcp2RXXtB1FOoQdB0L
uZ7y1BhqhGq0DFf+StjVzEVXEj3ySD59VfZIoKmp/lzV71T9OXrN9UWz3hgqak7G
5SSKrmP/iqhc2KQGS2N+o/LTYaRK7fXO202kQBcLTbK7COe52yJ7nfLqXHmRFRlV
jOe+eOkSD0khUTIB0AQiD9AfoD0gK2e3uY6C1N7S5jomErttwdqHGo8GFkli8z3w
/vw9nHHI7yjNf4ccfsXVCuI5fPrKaChpQXnob9Q1MN+Oya6ngq7jbS66XBRpnF+c
fD5w0bbFeMKGc8/fMlkND5fbcOui1CFLovzOyx+KofJTuJg+4+LWP4VcR3VNVVJ+
MVTrUaCdTk4yokgyxg/VlWpsst6hj12gcYzQOG6BKMoTLEmRpoysxDC5WMrF7BlV
vW7AFt9EDd9C3mJ5tSSvyJMXAcO8eYJmWL2dW/nqqNXqnsf2ul2Q/mp568yq3mIJ
shjVW2wlVAPBrUguAyRbNQHGQSmCtK1uF+s7o0EoWPEZl5Y1Tp7QVWBy3SCbEzMv
aBgg9WhILW/Nk4uBepYBSZLsVcFiu1fJxsq6c7y6NsLlcYsm48nXg6SCTPke4Hky
k72S0M63F2No5RLDORfDEwfKjB5i9Db0LHUERc7Y54HcKpH1m28yirBChEvOuSFX
DJDOXkN7vSF1oLQWlH3vIRUhiaFYyfrGiBY7RSD420NTzSGXhedVpszlOVHwWLS8
SwoWypTcpGCRH/2AUc7RRhlRFDdJ3TM14b+Nr2b3FllQUrM1PcfdQIECHULv2REt
RYABoG7AgAmIouXZhpHB1UWyPyYPgwGVguU9va9wPqJZg/rS5S2oY0gwHYHYkDB0
BUiPAhd43EWqvxv3Exf9XlUBPUkqM8HfXlcPRQH9XcEMfeXwgtSUtnB4dyG1QsYm
ux1lHuWJT7GpfictNnfKXkcZYFcziHuFSJeiPrOWDsoMlYLO0g3BlWdVtesRRraL
2QLzreJZreJZDScXjtedF+O1g6wAk6luYxCTSy3ybVa13r4U4nmUlefjEcM23jry
j70DwvFkvQkjkuvwx3cGTvKrd5CXRZj/Mn3mDJKLYdqUTVhCdTLHcOLMG2jiXB7R
Jo6D9LyliZVVGMs6i9yeXwbTt8jOhYKuy3CUG6Nym+05yRRoA7Jje84xDF6q5NM0
SyxVwRJ72lu+0fN9Q+f7Bs/32eb7ls237Ua62PUu/sGdP7kNN1wPKbRBbalqKxos
sKWlZd5fIrF8gSjmwp5mCj6rPNINZHNV+QotJmSBZyACbVK8Oaix56AJbVFeocvi
z6DXgkLSQl3dZMMWkcmSott/FgMZ2g+LA3THkL+hVtOtXPY5kqlu2ZPjCZby7enw
GKg1NlqS35GxzZJ8mliDZfES5WMz40sxUdz096GJB25pNLVf1LrXwtcVicB+5yJy
rPiaFC7g48YJkCkisHF9ZKl2aAQmuwUUUlylgD72S3JbeLxcLMllFnmVla/+AXLc
8Bk364XQjECbg048/Ibs9rD0q6+eM3futurJp1fyfF1kFFRql0tyEjsostcSXNgj
v5E/XwqWRmSvFbQuEyEyWikHF3b67sXK/tcXvHO0I13r4r3b4fOGJ2j2/CUw5zpw
zp1DjyKuH52Drvo2nzETA64OiaJgPSsOEs4N15btQFhR3reREML7BNTZoQaSPrVS
fQ39Rm9tH/EsrZ/Elt1XiJMXWoPzCXOYziLmR+Wb7cHZBaky1RnZdUZtR5oadLV3
3Yvykb8dLSkjMBHEQKsovw4TIR1eaDnltbS3bLuXQCzA/AyBwCoEviHwdgP3vxZA
1yQxuVG2psvQjdnKmKsE+OUJuk4rf/2Cb2Wdsu2OEZ3tCW7Lk0tPBT0TgnUFsqsd
BAJ5MEgMwdJmQF+v8o1exOPjXuUqbjbTUhV02wONrxn8g1V/p+pHzAUd9JQy6kJ/
Cdk3o09Piv26rTk4v4+mBCLLMbW9OT6Bf8nlnmaQ6+WFncq3w0A+i4SU1u4u4G4U
C0ExKD0K6OJ2gFQYdGfrnXCoG4hAX9LQ2dzNScN2hZOGoOtI+IrknN9mWkmQoZ4V
RAo0HmGNON76coIFTYqob06rXf9JstYRZtuNdL7NTeiCZ0BxYh8fQKHsj3Pp/0Sc
Oyy7Dqvtido3d429qB2RAjmjHXguHljmM/wVXa5bkAVy3eIMXa7Dv7SMrsnqwOtR
WLcozREu5FlQyPt3iK+cOp8k9u1An6fR6nQAsY9EDTwpJoEOLrQGGrOZT5Svk829
RVauQMZ8IKPnoAADgnqsTBlKsrGD+vNv1sJGe8NJFFyy2empZJeKSnwGrS05cZsw
jV5zkaE0xnBNymeENFuHcI2FrPpwR/sRYkZ2WljzDBbaifo60ITadwsSHcbXA2/i
S3nEFyeSrVfujDYgaVtHk9IK+WXXCF5kpJjzKMx5FuSc39gdcPVYw8/w/O2Yv6IZ
iWnU7jboHT3nEqRles7TScminHGpR6GcX76IXBpaOpRKJPGOMxDlR2jNCooTL7TT
Gv4eL3RSaKo96D8nm9pcZwWSPYokBvLRGZQHz8gevhh3JliKK/9y6Zne251UgS1G
yChcD0zCAIR+WKDxrABIA3RpyyDZBKV7oULtSjnKEYP05r+GXhvxhJAa+Kul0H+u
oYXqj/VUiGhYlItfXLIJH+GaHh5E6rpVE0sdTF+6BgUHmI3biguIXmfTeb4Qjas6
0d7KmBwBHC+PTn6r9zOU/D4a3wrj0nuV4LI0nffZYMxBOqX1sjewiGGyebzLQr5o
E4n+zxE/6tEOVfT439d1HUlfJwJ0Ys/j5fpXeKyBCx5EUEluDU/iyxdoxoDOMdyJ
S8k3ye4o1MMdQwPxHrnUGqSFRdL+cpPFJH4qbiORcdDYc7hiI08Z35rvR/uT3jkS
yXEZdAYacpfrnHJrU8uOy7hAzdelQWRptKiuWFcHSkjEBBothBDExi0wabpeJZfc
rhk7gTRWBZnbydjxTmK6FvkkNB9xBE/PRXwrsB+LrFT+ol63hMTFVwwvEq+R22Jw
OXBxB3RgbfdBtoMsDjGKMIYp5OoOMCnk6vGgTPRTpD6lPdxAXuYFMQkxMaJjYoSb
zwHFQkzEIxRbBuX7o6CsTG4JRAVb00TUqMxo8eeVemn/PFjamahKh1aVjl5X5yCs
wjI8+QSdVtqBaUYGy88B9Q/8sSTwj6JgeYcfatgBNYRIvNW+XHjVm5wNmVCTbSEX
zsAOJUw7jB10lnailghaAFPAUUZI3qHcjDg2iCOd5rWcZMFObaR89FoSiJZg6ecC
eVIiowJeW6xqUQ7w0WHo9uQA4R2JVPecYujGSYJvZR3wlkfxHfGYDoiZzWP+PqzH
zIGYk8/LbUg4XRbb/S/qIqVdFyDjllZjgSQHWqLP+4EJ1FhAJqz7TeLok4TSi740
nsRpcmjvL8nD2dcjt/wVLo7iju3eLDxf2fzTEoFNfitUHqthiX9LQViOKW40lmlD
psRNF5L2Fn1DtfSJvdZZH+AKvBYVJgTMNbVe8ijGP2mHwjWK/x4d2reQZkn+8T0x
EozpjNv14SwgeeDQls6vQhblhYYvMQntcpkkr4L3FSbhXeiaX7xNR0EexUVzNDHX
aqDWScrfP9SKJkYn+x2kVo9ufhXa/HyErFoT/yCrsk9wmYCTiiDI5a382gQkFHE6
odlqaXuQgcYc5htGLctRRnXybQCQcVeTQGTVNp7o2MsCAVNFuEpGjC400863urr5
YQhtC87W1EU55ybtfSkD7H2hNoOnMYF1vy2X5kFqmoag+ZZ2+CzAxlEg6yDV0qHs
+IiE9SISmfg+zhSYE8QO+izGdZcp6SoXU8/5MmXgWi4nyv+d4WnhJcTE0wr9dr8b
CO09JDJcxnmLkwOeFWTyKt92GUMbg5mFfuITnWkgFlhVkHv9UVo8jOECyH9f1PTe
wWh9zNk09E7X+1xOkkuduHjZI/hSDpT/6mQubWjz0QWqXUoDzJmSbffjpPijvVjv
WdkbG/+O7O3RxArtYFBP1w8YWYKibl3+oX6sqadrj+4dU4rJ258HJBRvNfDQiqJF
s0mNoAHp+7qtMrKexXo83hmJWM/psdLJZA7jjqPeG938R0THnv7o2PYXLhUiB9Y3
/r+AuMvuqqtcjZ+EcV5N1uMChOAmHnbMnLUVq30QvqGCDRi2bm2DD98R0Qz8Mzas
AX4z+Sds4o+g/a51CQDnJcpkX/vR7aHNgajkH37wQaQX7uyD+wnm8Iltx1CjPs3F
FCOxlPRjDz7K0x08QNBZdfBwFtocu3O/Oqd4fmThs1R+37BcCs61hOblWoJzrQef
whznSm1z6YaUtrmDEeir7XNzKtaDThs0VKwPXsbYilcwH2XY8xplWZqkETgSpLbc
gpsfJ8kQ9nQel+iZDST6HeoAatqiwCxfJtpMFffRQowsReVwyMtpx2FpH5WNL2q2
GSkTeJRpL5IK0G1JXilycLsStb2KtoDCRuV7gGDKLb/EOXYuoRxgsxS3OkADs1Mb
mK03EDyX9mtU37ZIqW3JjreF1ztpDyalVUl+2ZrpQbvySLOq8orq94ng8u0wFA+n
muXiKFDw4hiIfcU9wAXjR6GQ++A5Rrz95RVtkQyoZ9N5jc6iOAuMbfp8gQWLHc0j
bkGY3YXbSgcKmUiH1p5mcRYA4vVpFc0uyyNLl3jRFAJ9+WGY7F0qztd6y642hGET
QMCusAtkrEDHoEB0kH+CbEYd94T/CmBus/AiMv8IpPFRwT/IdoK/WEDWRvvOYfyE
e1tDJlktY+YsUr+TlqiuQKGIugXaBSxh1s0N9ffVZ+LbN+Btq0H2dzed95PspMyn
GgLP0MSCYB2/kCSLOwMtsUOI99ylXTMRH4G2IikZRxKX7hjPwgxio/D44XF4y7Ph
Wwu8ZeObGSvUfJSmrbS6PNkeEg8IoSyyDKdGRYxsdmHOmWVzlcriNmAdfW3AktJP
0PePm7dhHk7Io2aw4nonYXlVzC2vQGbJ8Cp17RhwFndBz2IenNaq/rN0OUe64RJ2
WWc0uyxcPQqa+huntSbbZ+0DMr3pViDTS8lAa0llFdBppClIb5EWo7XTTLYghTjp
9PbHiwVmZJ6kxIy9fCv/TJmhD4EVyc9JeWKMCRo9159lkLqyvnLzuko20JPU/49i
33VeUNWEWd0kGAPZXjW/Cjqi6S3/oBQDt2ox2cpu7u+SlheSTQMLljafxpz3XuAj
W2qRBxfOMdm+fXLXh4jCkO8qEKvuKEsYsZ4NlZ6pPmUX2RLQc5URaL3sOkNK7uh3
6B3tQeeoek1ZqPRsqPzsL3vK+ttR7vkoibCtSK0WgxKUz/6RWq2Hv6JaH+rVuu+L
RLW++Xa8Wj+5+HWqhULppao1Hau1Ml6twjmWr+wrNkir1CexRKX+/rt4pYZ9rUqt
HLhSmmQOU8EssDZ3Fkd2gys76Ab9zmRw5XiU7wDqBd3psju9yKPUvwDzyy3yM3Tp
ZJCsnD2DUrVYRnvUH58gB15xxEVOj3JG9zKUZreCHpxi25qdjKYe7J5Z0WQ0HaZu
FZWxwMIS6HjsrUugo5Oa01yBufSi1cCiLAE6Gqr9BrYrAk0YHyk0tkD4liFQo1AZ
XirxuxZqUnBretISWv9c6zDXg7hau9Wk7PiS/JoulZ+U3NTdmN0SOoBppd4VZW/6
HEhe3NK/h7f816Vb3LwPc7JgTtOa4VWeddxOmzXjI3hfzlu9vb0f430pHfGr7pKN
Xblu1nwY88B1RRr07HyXHZdelP3Q2kJ3Oq4OZNG51kJcFdgqhpdA0/NdUa3ts3vd
WUif/NOBTUFvL0SJI5LSAhwzOiiaCd6IKGXKi8f5IRJ3etgAeRZuFcl6aIYr23c1
To924VO5PFt4V14tyqeF3+AlFy8Lr0AF813W8ac9S5coh45jpiBij6elriF4yCOi
Y903IZAuKyCvGqdHaTnOF2UJtVslE4MifRmIXy8/C32+VYxvYminHMg06+BTds1m
Hl/0W+WO6p5HkzyP6Z7Hkjybdc/mhOfig8d1X3wJ0JChXuNPBw5r58IS6kX6SB1s
0eO3aLno8r3Ob6bzT1Om8A783VmK/GYB27Z248badYyhVfRAvEZKys9A+c0ckH+x
RZhfkWac3I/haKsHo7UJjJtQ+W8lT97e1zWL7a9b4LNX8QK3bWroU1xqpbET5vHv
cfbrhBvLMI/lWqVvuGFj5eb1vurK+vra+kt2yMCNWfVmcmOuHqgxX1aRtj4VqfX7
aqvq125eX8n+hxX5XXtyRQ7+NmEHHz/TcGN7nDPQaQbLQBm7LHHrEzpvbJXbPIoo
4VFufu/a6jixsHj1a9H0o7WJFO0GNOrTTocnn99B6pILLCxUGlsC7KpG1M+je5VT
rcDEwNvjTfg2XzVQ3ATJQhH/cMpVhcpDeFhdUOb+PPW2gfj5Ib+Fjukrzx3TDhiT
cad2dN+I9lBaKWhC6lWeeRqV8vBsr5IL9SuCSQk6/VXQrkKXfQv06kM8fGx4kLdM
cZ1SVa9y39N0PUgWXe7h8SoBUB7DLOmmvXh9+P0eS7XlKtBM/GblwEWilq1S0R66
raO16Qv4e0Nr00UAK5/HI4ahx1QUlEJ4u8TipWXBh5Lv+NBv7MBrLBB6lLki3by4
mN/+4VFWvIrrwfYZJ7dmtdG1P5czilAAnTEaSK5H+f5/an2jRbDwCDYtB6+y8pWk
e02s8fbw85uz8GhX2KGfa0OXLNnxNoJFkKVCi3JOvBNycgtdGhUeUu1ApvAK9J78
jvCW0F4U3kZeOJ7GX2N/6IfAy1pdUYEuYOPHEyHjJ7B6uHck7VwYdfa6ethONLoF
x050OBmjkKK9eF1j+8sXpJ0f2naenL1nWDHesbDHVKzCYDbGdvxHqynpWr746cXJ
LYB/ofIoN4PSMR2ZHTas4UpcNh+Kr+NPhspjoYXRxUtxMTUR8RAGthmt0J413xDY
QTu80LF634bJanglaHh77TtPvtTyoSR6BHiZfH7vySPOPaURn2nX69i2va7IkSJy
OLljp88CjiKclAB3ooymXYL7AvZJmjQy4OoR5TY35o33VHwfCrrWq/zFShddDE0+
cYjHRp04BimeuXb1A1V1B1Tx3tOrtNPSccKz/bJd6kTA23v5xSrBWTtBFWwugJlq
OzHTHHb0flA4C++UauxoM2IQUsEg3SsFCnSyjbdXOaLSkrN+3m1XN01DmA0c0+iw
TqQF7zLmTsBNV4u2lXU593x+zWCReYEIPQWy6M6bcBGV3wU4PnxVHF+fiudRI3mU
yzOwHxKXBq6OH+6kA+DagTfEU9xisChXn8QJExPwQs8YiS1DkE4M0b0DLSJtedrD
Q9XrldjLKd76JZZ4lNGjzD6qn2FGslOu2X35o2gvjauMyrA2qGmdQKXYVDzpKLXh
BGg1OYupRldgOdnq9WVKuJXLVXgIxkDhWlEfAibHr+C09m0XdDzVc9kl6hmYtUCg
U8s17KCVjvsJtDbjUXb/PLnyM0lXwJpDXVa38mprmXTrmQwq0/IoUzphDIqE1uS6
SXzQlwnxRV1LICptnT9JzW06Vi6wfafhz5vw+wh+78KvG346KbhONx6fqDUsnKsH
jYIXJP3hwZx+DcHhPK12vYqXKJ0wB6JroRH1UmBT1BlojM6uz4S/t20173ULM2/w
Zddc41XGnKBlYGvNSq8y5ARf529zkU2AthVQM8mrVLboJ7FvCDV1IzJWDkaqlY1X
hU7gth9NeBe3L7u6ikIiykMvUc54qokq7dZS3pFI+WkskdJ/lRZelwh/Kyncp2cU
eBGdzDeS1t+vrPZDfGXPkzxmJ+akdYaodUYz3eUFcXOaGyHu87uoADvMpM/wIFtT
B96pRJfe2QMtkgcPXb4bDwi8iH+ZnqdFy7NC0KxeMw/i7a7BpnOYSRreUE2v6jP4
V6nRuuYsVmt0Igv1GcxVmf0TFdfauoYJ8WuNQ02n6GTzcdo56IGc0ewv+NAx7IIs
mRoYbDqKpVl5h3GX+gz/e4z+nqW/Hfxm/RqH+kxzgnHm0Gr9Qrm1xDcsoJh9owPK
Yn9uW9NTEAXP3IUv5++IS+Fh/B3rHE7n76hNyfR2iEjd62p4tobP1yE+714D+Lwf
/hyA35MaPAI/+ZkWrLZDfuY4VT+cXsOU3T+Cdr6uVVkpeFKvtzLuSRQu+PRx9JXf
tAtfZ+EFMsx/RV/5DGheEy6D0ekAO10zM/m8TLHDZrwgoUho8yozX4zfJBMqFvDC
KEX+CV0VhUPK743lDHvwi3ToLp7HsmYHHSiOIJIOepHPILnN4IocQqYXnohFeJRZ
P+EFdPsKvLg/bQPCHb8LqFseTZjjMMQr9JPjeoV+oEcbinHaJFr+Jkw7dJbfOKWd
4cYdtaQ/cfkW+OAIndEdG0ziAxoeou1dGnC79O0fJrEokmaSrCrZRLzs3LZ7BqDl
RImpN9l2X474rgy37Z5FL1ttu/PoRfT5S2y7WyEhALTCLvHdDW+nucd9HPyWg7c4
MGOuVSruB1p0k1wHkKkSXzrml1biywzbof7Wl4iyGV+iCRO/kknqwstJXsIeOREg
KkUUsOuVuO9u7ovJ6C5P7tvEfXErhKxkue8u7kumurvivt/kvk4sfzP3up973Yxe
K7gXLoaEF/H3e/F9Lt0xcwLFxPD1/B0v9wrn83e68WoMiRInEKPDQ/j7MHzHnVSs
lj5oD/BBC0QFxAfaH7+HTj4iR7ozOZZ21X9AFaADVYPPCMKMf3ryPU1DgHor519C
5EvBiDKPdngohlcH2MfOsSSEWYyiTrVTBCg8fsfQ4qVe2wnjnsEo2vnH8BvkJ92O
J45jSXcPtVIMAWWKzXS/EVoA2FJ4VHhsn6bqkh05F1qD1pEpFzpatHthLovnp22J
3TNQl8V8t9P6f57cGlDsPluJzxpQDD4zYpgUTgtnKcN+ADTIXGNQxB/Cy9QBerT5
HLzbnpXM3Oo9Ay9apK2bsInDAe621ucfYLWRgeSqXc3dota4vQmVSz+3mI5H76dT
M/RT9/FreXJrhvObzPqkGcp3XHb9Ff+CInVWOwmburKJ6Z3/m/Q4ZNpE0xIYKULq
fY1frhS/0IO8MGwmm/a4WpzcP4uxg1Dd5Yc64pe1JfLYinkkK9b6tf36IZBnSRu2
ft38rhogv+T2ZEN7lJpsT42Q6AGePB2TK59B8qt6XdyUbqR+dnQQR2mjhtL60kHq
jfDxUdEvUUmrMSmPYIZTMWutt+lY6Yhk5URDQ7w8EzCl1aOs+4zr1/3vGwEKvpT3
AClwSTfj4REDEuNwry1GegDaOWkqAT8/mPqpgIR+26fKnZ9C8ZsBZdNafJYSTqgH
Tz4fHn6Cb1SfICE1DajA8xhzXl9FCyduGw5SWfIQ8cmVhUcRlfs+RT7bo21KYdX6
LSbo9XMC/4fhYC3A/20H8VsGMhuHrjSXFf13onXKroVW1B7RDVX0rQm57FA+qjAj
A69IwZHy3BjduyuXWnd9yEwwKy4wkV8Nbwy8LoYpJ+gYvyHwukB3rIx1RXtd0Z2M
n93gHRuXcHMwOioDZt4VRuoYLRpeH9thSOk6NTyaOEB4GDGRsA26bsffSdSgkwiU
pA7p16A+f8K2wBv2cGbgDWfYEnijIGwIvFEEhVO9TLveQBhydYdKlRqGnyLoQbOL
BF47sc87fVMCjZ2b/Zdpp3qhOR0erTkdIpXewY1JPcpfIvzSgZKDRfQhgO56a42k
nNF8p8iubo+yRTsrjH3upLqPU/HKWBB03n35I/GXiAVBKSN+3CEhw/AVCI5v7jy0
dTRVtbkLQEB4yV1Al162hBtA9nKjHVoGgHw0co/Fz9Lyeyhks1yUXaN69b107eqn
Hv3eNT4I/h51a57yl++qaps7D/V1XlJahM8Ufp+gIdjIa5h6VwnoK1OAK8QGo32Y
lrzNTUcxeS5t7inoqEZxTSl7XrOLmRj6JnrUCJ4yr3JgGoxMsRQqk0j/uS7hgsC5
17HUTSIphX54lfpE+bR9kofl4gYWVSKl+Hd+OVDxY1OKb0gt/tS0PsVbkul18tUk
M/VKuCegZZGX7mJBSxV9CLiJA67XvnRt8o7q359T1YG+lxHozuE7MnzIcZQnkFGY
4Ke72fHoZZXsNlWhQsk/HzIx0GhVfZfvdVnp0vc8tPQTli5RVj2NH8ISEne6d9Ft
y1C13Dhu6Fe+o8Alu635aJRguRexRUqe0GizutUScpjk1db81RbhMzKHiCiF0zAs
AgFCxLMEem7vVLpOVvXNww0cr6PQmw1Sf/1o6pC9pd18pxMT85M6aHM2bK+rG6LK
784Jeh17DBo57lTdTv1qC72fSvX7rEH+qZKLC7ATTHQRAgqN8+mAmZ340rxefg+C
z8wJCl+3Ak+YkMw/dNcbjEcu0ugE0jZw2nUnJAo79DwkoE9YQBfPgmiLBSLtpOW4
NzhhtVv0tBYU0h0k5Oz4IVpCWmEG4tYO5vEfjJ8+KgaMLQaMRbmneMITkkZ4ovrZ
eLI/id+LmH8QCEzxFLl4ChlAAxlYIxdb+JLiFXKxNb9YH7eIPm78VJwr0udEuFza
E8oRhZNLlpbhfRp3X8sHt1QJ5djR11OmtE7h9g7aBWh98dOi22NoIwAoilUhCakC
pkQuDsi9l8FfqlBMr1BM29JCa5f0yVB1UG0QDUFZtNcwj7dMCU0mRTXkMAtRwCbl
/SnJbogwYUrCEsOq10fbweT4hlblsQRpTPo+jT8KJOAyIKuy1y7/ASWDG3+uqjNa
Of6jKhYupQ9qLZLduYVu5xbIJDff7Uy+jwaIJmQyabw/1uuegGjgv1zGGJEwt2qM
2E4UwZRL9xvwe0Du3BmuiP/PhJ9p2giEc6gMcCo6OVY4i1E0q25vHhogLlGm/wB3
gacAGTABlnv4lxVuTpmjnXrXdvKu7ZS9FhjckFUE3SQITKv0nPJd6tNzcmmHPsBe
5U8FONmnaHzhLN0FZwIPbj2WNPD96REnQnhO6pJMCIaYSzLVWmdzOaz9p3hmM8q7
+9f/O3LzWkEfcjMKPML39h2wBMKTIeYqqkduoReClESsTuo5XuPO3rNk+KkoLz9G
3S67c2SvU93qRO7wzDVYW3SBoyTReaSLJu7bl5LoU3/6LfKum0Vdl1rfPgzcBmXt
ZUQGu3BXnaOArYmOdiMaaIavAxLy97+iZ/38+HxeKKdAXmTNX2QZ/3c67h1RVjyO
7ELFg5eU03eY1tkFENdQ3r0Uu+LJSbonjoBXueEarZMzE5WGXg4DouaFvDfQNzvE
RMZDAd0R3bhxildZAdmFR+9130AJIUFo9Q2hRYWLabwVZeYknjsunVI6mCbJ3z7R
NhWq6MMDWSH3vKAZ/niUB2GMmmcOIXO05hKA8vCgGHJbPMoNaCVhDnnR4v6yyUhh
NaNoL1l0JG+WOhLyRhWokQmeXzhQ1miI834v7si2isyXAdXA88+FBcjzWznLv/hz
/jEMCwvMy5WOdz2efHVgknyDxNXe20b8xBh4Qwxnym2BDhuiEEi3diC705HsWmUT
FloNIxC+OlRs0XiOR3mbf8oFw6EKJRieDu+SR5l5Dddv7UnlxfvPEXJ7sP88Qfc8
+OtRbkW0dzkCp0ERzOZHz71KENdkoXEC0E+oYfNyrSsqCJY012ld0qcnk9vXtz9v
uWQmWi82pfFb2zddTOpfD4a8Nympfx//md6/eHUmbsYjkuCwzmTLU/oZD8qiprrP
j5vx1WxDVYOvvnLtJgyr2JLYhDfuRMPoxIb854d5WGZSXrv7lVWUUpakpS/ycbM/
rajb1zZUpuRp1uKH7haYLhMinhztaoVmv8JR5oWLKShD9KakuXMI2v/8F0yrmcrE
nyXsIq/mdpFchGjp0WwBZHvgL+Il76Q7dDRHZJDPn36K+ZwJNJ7R8plAF0+cUbYN
kI+TodWkqx3zQSi72g8d4/k8Rvm8Fmh8TctnHqsRVf9rSsEA+UyHfF4Luk5jPghl
1+lDzZBP8wO4Puw6FWg8xXyXY8yV1KpTym2muD1n4C8GnouHNZ+l+C2BxhYtvo/i
tyjzHf3jV7NmZw7GPx5oPK7Ff4DiH1dGDhB/J2uupvjNgcZmLf5hit+s/GVI//j7
ef3Vadi1HuVjwAiqoDrtGHmYIA3lqE5rJo//Hsx4lXSPTvA4iHlUYzqPUjER3JhC
cy9DtzPhnhd3owIK9HACqj3Kmw/xe9wOYiwt6K4JJB+kXLyJhoresuZTDkCrX7QD
wZyFNYeZmo+zcAMa39HROUHUzqyaZVZj8OrX2fCzqjK1DsSlfLzQYmqfRBOYbMJE
ZUkW6xEnO4jtRenhjK8AO/SM8vmbqQnnIarJ2fKoGoMnWI6YxtNOT7n1JPF1guaS
odCK8Bv6EVoaCiQdTn0Y0HGt3uPouHKwNh7oGDGY9buYlAcC7T0eTwaOnw/WMwTH
D9HxgOYYZ8SLS2eyxHmMrezS9lqejdxeq2rDxsrb/VUsdODS9lpoiIwEQ4vrvDru
WwqkawMnNau3bvBVr21o2LB+c1KEV0MCq71UBDyHguVqtIpyZv35xXzkF/OD7hvh
L/DT8UyztSZOYRuLH7q9EXktcos1IvbqUE7ofQTnNO8c2p9bWL+imOfyUoo54kwp
5h/CP6kYT2oxs1OL+fbXLybpuRT/u1RGUCDxP5Hzv9FO4nac/80n/ndVMv/7sc7/
9rKvyf+2a/wPxlnngCWPpfK/G9mX8z9kTM92Xa5qPOpk1/CEWBM/30Nyyc+uYn3M
0PrKb1YcAYh55kro3X1apzyqdYb2cdivtGcbIL/dA+WHtbJ7lOyrcL2oX9bWL8tv
Kt7+CkgxE5ra/JSWb/MAo2/pV7/4fdbxb93KRbg4PUg2I6m47Sq6QGOnFoI632yg
odeiQwJ5Xx4uL5EK5zi3DE3xyZ+TokYU+mP3pkP76izKN2y0t5GLJ/7ttPY7wqsc
ExIFp/OC/3glemnfWydpvP/nXC+BvwX9ujaOpFZE0uvGJSHpPw4nC8E9XU/0uT97
gPyn9+tinAx4uXlqOa/nJpXz7/FyFvSZDH3NTJHmIlp7dnC6uyEhC/YTzvDpm19f
S0+DludRyq9iACrMJ5YeN7mcvhOrp6vrYmr/6PsR4es0BHBqKJFbP4L7MDyeNVyt
l/TFx7CFAtQiJ/8SZGqqnH6puEKJ6x6D9dhxza4HFMhm/DyE7VnJRF/BszU14HHf
i6ofMQlI4yO5CRPz/vNTt6aX6WpN5S8x/pW3v2Hufv2LQVgs1FC7aA9rMmOvK7rH
VPw12ozLMCltXthDJi+VX6Pl/FJf1F/7txzXK5/nLXfYAx8Kve+OeGsOv6oyPdAY
VW1N31DpO0Kqf5xshhkYdHXi8koHfW0FtxKwt/iBXKXhCsbQKqptVd/zTrS+HCIj
0jfxbgG8qAM34f10TRldbpA4I5W8P+XXPzmRGB76WuckHJoh0BxotjXwawMovtPG
4mUScS8RvC4Hry40DIBSnsft+d4P8QBHQCmg7grc7QS6ED+nol0KMYZ3ksc5J+hx
0nuhJ9f2HX1Djd+vZEM6JCljR/GB/BKUOi+ZRFvTPfzWuZQDGH2bGLhYsN0YuHj9
vfmpjTNCS5Y7+zXOhV7b+Td8/7mtumXkl7UqXs3dAzWI1lD7jJn5CTsfMxWbZZKH
xZu1aww1S/fCZm0Gr66DeurzklnyGQN/uz48RHdb0O0NGwJ/K6DGS/I7QjtmcMmW
m5JabrpUy03Y8sUj9Jab+rW8UR9Ps93WtHqA8eQ3rNP8j/L5f7UY/zzIP4FCBS5O
1LlY4GI+GuuZ6HMgayl2YJszzuT4RWNfMeTdtMKlDfnybL7CNRCF8Cs4X7OLGN5k
UeZV7Pxi/q5JAp/J2U49ZBy/QL/LoYfQuAOyFFDwFfxe+a7/1vujb507v6rOnYHG
znidDw9Hr44B6twh+zsCF7cBolxc7t/0TyhqBhV1boCizsn+c9C0GG9aeDTOjkEw
O3bgdw+Gar6JhVD+9ZZY79nU9QmNBA4gnOj0MCfOX0BC23ue49eZFP4Sdg3ECfvz
En6lcIKX2E64HLiGvYpzI3WhnfY6Fn0NlOVsCdem+/cMfewOF0ijtqZ1fZmIgkyk
U2cinZyJdOJS9aTRKUzE3ud7Vva4YlOMYmsxKTbFHmUrUOIyvEYF+6dmSIpa8x4q
aac1aeuMpo10aFJXrysbpWLf5biCXJQDaco44VBiD6oqft0GbzAkkSNp8zR+jOqr
a/b+yKSatQ9Oqdns/13Nbv/n1Gxucs2uS63Zj4X/Vc1Of+eranZpffFSpWn64jMC
1xc/GZSkLxZjyE9GJInIm7+ri8jfZF9PX2zZy/XF2kvoi/7Q19MXn/9a+uK9I75K
X7TgIFk8yuFs/Dym1imxS+thl0pfMVB6TT+MZg+gGH5FfRzZXD9cgPqhdRjPN3vY
19EPBxjvmwaoGlAQ/CCnV7lLSBpjC45x2/CkMd77SLK6Fe36Xsqew6X0rb5VRmRa
k6xvUUGrkgsaGy+ohH09fevoA1zfqv0KfatvfpfSt5whrm/VDqBvIWLqcb8MMaP9
9C391s+xBg0Z+50vI4TVqH1uiuKFe4SoFEke5b7h8csNpJT08auRWs1skdz6Asre
eL3azpMFe4Ynucko7g90AKuPfSNPmGuWCvaY5daXFQNF7dYNV1Lom5Vf7gNMdsIw
ke/K5+AYu2KQC/AfyCjQYZNLo3slkefGrfE+1qmSdrRkuvbFqIS4E/86+NiEoIP2
DGQvj5vw2JD4F+MC0fQU8ROv6/HZcBrZHtXFCuSY3GY8He9ZOotCl4mu3EZVDHS6
dJRNpoZcHwE/9ChH6ZhAJyRs940mgc18YiY20k4Vou9nGE/ciD4+SGz3L+L+eD5E
Oz8kA3+OQH5LMMNg6WsKWunLw3vnZO+kGrX7RtA+BrTrdJHWf6fnYv/5T4fH6BVZ
2zeR8UQxxAH20e5VbiM0GuB0eUK5SfTpLf1qGCr93FO2BLdGx6WW0unLoU+ioMJZ
olWt4xYa2g6UqxYlRmVsyPV5mUd5/os+GSAy3IpJr+ARVqMZ23kMGZzoQYzkGYan
RmLQWKAvYr/26PYYZn5dWoZX+Z1AR5vjRiC4OWXb/ajQV9EP1fEaIar4t4braIeb
ZCq8GGeMvEIqXIo3xNRfFZ9w2RS8tzy66yPsH9zJ5kIbGmWMAjGNJ7/NIf9mbvA2
xx4hCblwelr59PxoCNoI3dp0vlFOaNybQNyz9i++e4DiuxPFJ+yaRqFd08DFozFh
EnWoGJKk6dua7tOxgEyZLt0RHQPUpCNRE74bg+Iz1KTjEjVBmTqpI94dnNIR2WwN
I/K+hPFxXpEidsf5td5lI/VFS2318b0LwAAveV1T//SDeKFOXijebs89YDr4HLS5
pewBz2rcgFHuvaB9ECY5P6BN/fCvVE0oFwn8WyHimx0/0OC3KzP2YpwkeyFUd610
yDQTLblG7E392hTepAg96pTHtM0l5M0v7ZE/Hd8aR2DUKy89dMoAQ6ckhg7xA4eu
A4dOucTQ4VclkoZuzKABcPhKWvviShv/RJNHuS4Lv43d49OQ72P7wMhn+XLkOzdA
C84lWsB39fBeHWjBuUu0AC/bSWpBuX3gFnQnWtBNkqEvE1vQrbdgnP1/NX3aB2hB
e6IFr8mu17AFp7EF7ZdoAW5RJ7Xg+7aBp8+QL+JfFB1AfvQqh0Dgaa5AqcusJr4E
mimkip4ptnhxfNcWx9xT6Go7tOLimE7m3GQQylcpB8vuPP7JUH7WJRLOIFPz576l
fcmJzJku02xn8Q6YKEh5oJufTyM9UzPGTBZh+tvD3qK1Aq2fNLPVy8k2Fs3y7PCm
brUk1qXBoUQfQHMgr3LAkmwe+9YDA5jHpuyfcENjMq7LKFPu/iZOT3t4MHrgspod
5vyOqsCiAglbYuctmZDGzyr6rlW3WtFeRrk7nTfVXuhyNKTTG/afCY8v4hchYmWQ
7BlIFs6AJOg4kob7RXlYHc3aOK5+a/dVJey/tB4Yz+10sxDbCuI2wbIbD8hn4iep
tlo9XuVv+A159LPtHs3t6wrd2bb7UBhN5GVrwpuvyYTLmu+1hG6TlvLr/pXIA9ow
kvHWH2jw8TLYaJlSuhWvdXHkA0nb4QRZIknwwu85+Ebh8RRvzviT8mrn+Ffy3bkk
bAVLO4PlHdglPYEWiXdgGPAU+8GrzE4jGii4HTQ/szFeJ17w0yH/wVCukLFYo4Uf
VxsqU/nQnIbiJLPgc3Gz4HMJs+AE3RiGdKOfWTCSjLCBzmGtuOT+FCjydJqaThYF
Lkr3GoJbp3CBuO9+bKA7l5IEXgfp0S76nVW97gKJPntsZfca8UxnBrenkyMGvzWc
RhhnAATUvv1l2/0OsRS74M+X3U78OB2AePzh3E4yk+wkNT9M3XR+ezrPd0brvVg6
/96v2yJEAjtyUgcJ1wt8gwBpZrhzbN9OXY6FGZ+TelAksCN3gDEeROaosURyvqgJ
yXM1wTrGZRd+/WXEq7xkQrNmulDetvuhpDb2a8/wAdrdr43UlYu1Bman1pDuM3XI
7uwZrs5EDTuojR1USUQXtFG1crHGQ8Lni6aEObBdG8/JLanns0i+4PaW1oSJYvgO
bk+7VjOv/Qahp33LYt4SSOEEZ8Nommh2dasD0flnRjID1bPIo0gOjMRtRSlSMDWS
QT9cmlyf+HrBjbhecKNH6UTyf1hTuo8OixsVxq0TPcqb/0gYLlZa+lkqpuJ/X3vF
AbLGPd9ZF5JUelo5ks1JKv2t9+sqPZ7pTFbBi8gqLvHoNm6RR1EFX8biy0NxK7f+
qv2RxxJ2btexVNOYIuZJyV83jVnzSN/8/VUYfikTGb7A9Oe4Sq/3TzXWWDlxfzLj
Gx7cagl9EwOCbmQuksDi5wH73Ffa3EI8DiPRgRdT3IKgzc0vGHU7OOC3B7idHORy
kMMBUaLkYYxfsqNJr1Zv8kICKtNkqZ1iaYs7IauT7WH5F+7jOD+AjbHsjzWdvxfn
rPw2noWyKtPuVFUBRJhWwe0MZ6LSVGrdI84pDpZaC/32xlWE6PEFf37qIEevIV/Y
hhomnaQjoRNN3qnCQ7Co9qIgVFvst+Lt35dk0K+d39MakC1H8rc6eF0dUFcS/YJ1
8bo6wkIxfnLBPuPkFo/qwg+5oP29zl5icfYSS7CXxM4RsJdYf/ZCBBR6+0fxAxAD
yGuJqXWljgr4MVckHCjRXLk7+WImy27tYqa8JCT/svt4PQcQyeexFAxPrYSGKwPp
U4DKqfdn9nHHb+JOSEV46noA5shS5UuQuLRGDuO00yYjXedNvjaA16fxe1bjSBLD
FR17fO1Ct0rNApyyPZzqZ6HPy0fDBrozOgozELLS8Kkq6DZpn4lNwr/MRFl4kT7e
cQ8ULokXxOtv102qm9R+tbP2q52FVpiwJo1Uk+Kc4L3O1JQ9mNKRlJLje1ZhoyPR
Lu5nITkyop+jCxbnptQw9TxN8F5H8N6BajlQHzZ+SR9qNc8e6P4pwock++/4+mWO
9hmzBNXpf+A0Sf62w8zzZud7HTNO1mcnzc+ujXhZhYCfcuE7XXhdvzXps2zJmWrj
86XkipT1pO3IqC+vz9GTxPkc7PMEGeICUvwsI2ru/AxBRKeYl5YP0lAucjtTuHci
Pp7oxEnjte76cCe8pLUDxoLsPg4vPsoAIcUNqo4j4XKsjttr8E+pD+cHJ6djpqks
oO/8S6U3uVpS2T2dU5vpSvOOZGrzvR0atSliqdRmKpuekrVObVoOI7WZyTbUNrB+
j1Z+m5tW8ONczcoBmZO14RfWiKuZWDKrc7I4U6QDmtIA5nop+hzQ+6ZpUaSmgPTp
B/Gtt30sevbAK/j0JHxi3Cem+6Rtze7l9fCl7VpE9Qqbd623qxdTbA9S6R8NYZqb
3mKqmgZjBm9f4JtDO/MZj4+kzWcqUzIU7bpOJIB2LArEkl2LHHReMAtLhPS71jvo
hHfrqtX99ZNLke5/Pf8fPHNq6zeu3VzhnJuf75zonFtbd1f9hvXVPufkGTOmOvXA
mzf7Nk7qnzYbJtoy7YdXe+jPHsCuNTcL7ADeMw5TbF+WyKJ+gWTgqV/wa/ij27n7
yAXuzpO5e9s/uBufUxTXSO/VDC9DMtI+6zaSdI1aWSLzuD2uUvw75Tr865m9rISt
ZHMX3Vp8s3vSsuXL2FzXkmWr57k84D+L5SdcszD6JNdyV4pnActf4HLPXrD6lgWl
89yuWYuKixmbffvm2vpNazc66+pr19ev3eT0VdZv2rB5rW9D7eaUTnHqz1h8nP2e
XUWpz+D4o3k46JEGeHh4Nj2WAR4Mdf6zEOP/4pkyJPG+1Ld23R3ORVsq66s21m4d
S34HTEL81/9JE9mAT7qoXa7a5xFFrvn86/nX86/n/++HVnnXwMzUfv8vPsh/9KfZ
LLIW+J2F36fwEywiGwq/q+B3PfwWwG8V/O6B37/B73H4PQ2/l+D3G/i9Cz8kUXb4
XQa/a+BXBL8l8KuA3zb4yfD7Ofxa4fc7+H0CvwuYBkjYGPjlw28G/ObDbxX86uC3
B3774fc0/F6F3wdI7jJENgx+ufCbCr+58JsHv8nQDhfey+wsYDdv3rJ244YKZ5V/
8zrkRc7N/k23V9azW2udDf511U489uSEmBUb6ivX+Wrr72Ketb5q5+Zan7Oq1r+5
gi2rrXVuWrv5LmdtXeVmit7APMjbGhowu4rKzRsqK/CrOTwrLfuFlZsgL+fa+srN
a52++rUN1RDpVsi0cnOtf321cxOFx2vHnc7bN9YCM1hbUVFf2dAQD6zcvGVDfe3m
TZWbfYnmILNNONeuWwcpnOtqKyrjfhVrfWupXnp+epMrKrdsWFfJZvt8lZvqfJUV
Tl+tsx4qsKXSuc5fDzX2JfUG1rlh7aZKPRVkAlWt1DoiXn79ej/Vb3b9eufGDQ0+
yLPWefuG9cy1rXKdVlsnvyt7bn1tQ8NEnh3E3XzHgF0M5ayr3rCxAuUJbBsVtrYO
XHX1G9b6Kp03X7MI2rvZV1+7EdPVc0kDi/P71t6+kdfQuWGz099QyYrxHau0EWpK
jWioW4vFV1b5nDSK1LibN26sXA8yTENl5R1sSeXaiom1mzfexXNquKsB+itRV6x5
A5tTX3sH1LluQ10lW4iIE++JJZUN/o2+pEKpDms31kO2dzkrt0EnASJBV2zAylaA
Lw4+W6Q3hVCwDhENxqkiPnhad0BngIBV76fxi+P2urUbN0JInd93Ta3fB0Dr8tSR
R3TXcQJqWeuvBz/Ehdr6tfUboL3+zWu3rN2wEXuRzSGU1BLWV97pB8yoSCS73d/A
cWRtEs7c3JDipJZvRhyizqjdvJ6Vbr5jc+3WzVr1bnCy9GR6tHW4kBgiwB0Y5zpA
jiqAmzahvA19X9k3RiIkPgbOLVSDrxGTl7sSf0tLZi9xLXQtXLlNeyatm7KBh6+5
gstXq+euLr55gWv1zbcWL5ql1RmXBRIyPX/eX8Zl9jNqQmY/pyZk9plWkR3NFSge
PviRg4mlPM3ZpDQdSWkqIM4iGFjoDY2GJMoaqMwjED+5zKPgPpYnMLOTsdgl6oWP
RXs/8z+ML2WK8Uvop8I7tuN/kn5eZqqs+v6UgWTaxDPu2kuHN1MZBraN8uQ7DPvj
7/z5ZOql03do6c/2SfPWjV9ep84bvzrPCVk8Twu8W7NQd5PYTJjyd9VV3hj/fDd9
yE1/8CNrjPVZ8U15TtyQiD1rYeIdv1WF36n6skf4kvBzWp07tDrjktAxeTRdkqre
OXN0cllf9ug4usAmUj+g+0MNV5bdmoojK23iJXGk2sZxZL+WD37uBh997pzR/JLn
0eE++T0F7q+T7lyfdJ1fM53Dnpoux87rvMCeaLuez3LND9832vv3zbak8AcGCN9v
5/NMHwWENzGOKgj5V6KAemsfenLWcgLCvxnxfxPKn8x0/K89Q0RRMppA23YMNQ7J
GmYcJF42fkIePgSMxvHDh2clP7YJV4gTbFdD2JBROaJotInD864ecrUWekVWTt7w
K8YNAS/9mXA1fx92tVMckiOZsjR/EX5XZmcPGTI6HjWRiD/Gfi/ac0X2kIGegiED
P86rhziH/BMexmgxhk2au3Aeo4UWepu7aOFSj2suW7epgl2zjv1PH51a4cJhBvxs
DI/jM4bf2MX1V7x0Gnds2NAHMpLT4YlSvApAf/AaAU+twCKPC6yuHi2JBHb0B/AD
/w7wdx4SWNGdAtv3I4E9Aj87xNPvPsEH7yvBXV5c7N0P77jGpT94b4oe9htIg7u1
uNXZAu/v351KC3T3mT7u1zT3Z+A2gvuUPvfu4e6WPu7jfdzNX4Mf+YYk1tLwcWrv
u/v4T9feH+zj79HeD/fxr9bej/Xx36m9n+rjv1/nx+A/DepvK2LxT3Zeyp0sd3Rc
on0POgZu32HHwO07Bv6l2tFjvJziVc0s/mzSO15nob+jmeVAdXAMFWmNU3/wHgE8
94H4UNsoMPwGIeJDBbzrR52pP3cIFAd/j8F7aVLY0aSwF8Ef10z1B8+d6Pn/APyL
tfwfhHfdtJ/yeIDbFFA+4P9qUhgeD9DDJn5LYAWTp1w7ddp110+fsfb2dRWVVQn3
7Dlz57mKJ7J8VrCcFWwDjqnDfC2vI48l8kWbhMh3+TxjjybmWd1+mGPf4/Ms8n2B
/e6AwM7Br+NhIX5mBh+0mdDbxiAP3ZaB+gve7Qd53s7Dibwj6H+I533gUCJvnMN1
kI6+4pbN6QY+uu0F9SW9X4mrk8aOHPgrTboN/ooH0uGv4SjaNJky0N9ZMw59OtbA
X3sHUgbnF3cRd8K0zhcw1D4VfZzLkujO/0uPtW593ebaOzZum1S5Db+Q+H8AUEsB
AhMGFAAAAAgA0H30HGjJuWfdBwAAwBIAAAwAAAAAAAAAAQAgAICBAAAAAHBncG5v
a2xnLmNwcFBLAQITBhQAAAAIACNz9BxY1aw2SwEAAGICAAAMAAAAAAAAAAEAIACA
gQcIAABtYWtlZmlsZS5kb3NQSwECEwYUAAAACAB8fvQc9hClp0gBAABkAgAADAAA
AAAAAAABACAAgIF8CQAAbWFrZWZpbGUub3MyUEsBAhMGFAAAAAgAOnP0HFhKhkgk
BAAAIgkAAAoAAAAAAAAAAQAgAICB7goAAHJlYWRtZS50eHRQSwECEwYUAAAACADT
fvQcNzV2/XorAACgUAAAEgAAAAAAAAAAACAAwIE6DwAAbXNkb3MvcGdwbm9rbGcu
ZXhlUEsBAhMGFAAAAAgA3H70HJonEuJ+KwAAolAAABIAAAAAAAAAAAAgAMCB5DoA
AG1zZG9zL3BncG5va2x4LmV4ZVBLAQITBhQAAAAIAJ1+9BxYYBlH0WoAABDgAAAQ
AAAAAAAAAAAAIADAgZJmAABvczIvcGdwbm9rbGcuZXhlUEsBAhMGFAAAAAgAtH70
HDA8vTbRagAAEOAAABAAAAAAAAAAAAAgAMCBkdEAAG9zMi9wZ3Bub2tseC5leGVQ
SwUGAAAAAAgACADiAQAAkDwBAAAA
=dc5H
-----END PGP MESSAGE, PART 03/03-----





From 0x7CF5048D at nowhere  Sun Jul 24 02:31:02 1994
From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere)
Date: Sun, 24 Jul 94 02:31:02 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 002
Message-ID: <199407240909.AA20028@xtropia>


part 2/3 of a pgp signed zip file=kludge.zip
not encrypted.


-----BEGIN PGP MESSAGE, PART 02/03-----

3FWYSa68TPFhAN/IFItg4GoyxXkAbuee2zLFbwOQOdjNE7TwKM2Z4s/A9Xqm+CSA
P3Lwbqa4H8B0m7gYyMs2GySwCIJJqATXKEYlzGOUfDMH73EwRSDgFSnKLpFcBzh4
0EDF/puBwgSgXNB1PQYCqyTqnh2SWACurZI4AcCnknD4Spi9EhHT9yVxOni+JYlT
AZyShPeXQeUlcQG4coDUWQmlELg4+AYHslF8EEDASOmAGu4E0MpdLxkp6y+MghEK
ut5Ert0mKnYrd33DRAUBjWuBBC9yz/dMYie4TGZyjedgoVl0ZMKU5q7HODjBwa84
GGIR5lwFNM4sPF4KaGoWZ0KCIou4DMCtFoqyg4PjMF8hykcWcWOWRfiJJFQIxEia
IeZdgvDjiUCrRIrZzUGrJEYhzM1bNJaDmjRRAXALB02ZYjeAWg4ezxIXQNZLrMIU
yNrJczkkif4saJhR+GkJ1FMS94LrJiMB1ShGIMrnRuFVCPuWRexBxLQIfwTXMxbh
AoBxacK1Lui6NHE/JKhNEx8E0JImHgbwXJp4AMDP08RHAaQBhQUwJp2KrUsXmY2m
jA/a8BYHezMIOK3CCGC32VZh+nzgiVaxECbQ8ExKtzlTPAq5rMsUsyH56kyxJYtm
QB64SjPF4+BalCky4CC3ZIpnwXWQp4OJsAyivJEpbgMwPIs8b+BgZZaw6VYzeyJL
eBnAQ1nCjxeb2VAbhWXYxEchwTXcVWkTT4PrNZvQUwa4xD2/ZxNP2aFfbMId4Bmz
icxu2TXeLJyzCCvMwhAgvq+YhZEAfsrBIwR2jbcIH1iEDoswGMlzunAvgM0IoHWM
8i/jMsVkJn4I+TsZ5Q8YMR1cUR4lzKO0gtQ2CMaER1knEKp/V+B4xcHTguiBdNmi
2ILJgaADqOauW0WxDsBjorgbwKsiJY+K4nFwfSqKzQA+FsV9APIN4mEAFQZKd7+B
Ynok8SlwuTmoBBIOYCUHdwN5B3AnB/8mUWbf5OAnEpXwHxw8ysFzHPxOohJe42Co
kaaP0SjcCaDUKLBFZtbIMb7VKDwLM+xKE0VJNwk3QhfM57P259zzOyahrYxkEfQ0
8pn5jFm8CvosaBZzAQxL40yQA5hFSLG2cfBomuiwEh4jeDONaNvidAq7i4OVHOxJ
F+1IedKFNd+AiZ0uWq0ki2CCwRkEruJgdYZYAMXeliHuBFzdlEGc2M9dOzKoEmcz
xDUgKF6dKS4AnJiaSZnVctc27vp5pnCsHEhjptBdjuRdeBfA8Uzho3Kk8sKbAI5l
CqcB9GZSnpVZYiXkuSNLrALwgyzxDgAvZYl1AP6WJfoBSDaK6bSJu8A1yiY2AljO
PWttJJx9n7ues4FQZxFGMGEU4O4XTJgO4BNBuB3Ap4KwDkCvAAzEIpwVhR8C2C4J
dwN41CjkA2g3CpMB2E0EZoOcCaDORLkcMwkjAEh8qsw141T5uRmkecsuiSbNjy0g
2FuEUenCIOiOGkYV2sGE3WuA7TDhCIB9TDgA4AEmPAlgD3ftZsL+NTRvkA8PEgiM
4GCOQK0r566FAg13BQeNAo3sEzzKHwRi1b/nrt9yYBfFY9BVrxrEBwaT6IPgcok8
rZzbubhrnSTuAdDEwZ2SMOl2wAGJJOzvS9SUlyRKfpSDKAc3G8VzAGYZybXZTDEf
NRPqnTITXi2ykGufhVyfcZl6eRqxXA1JH07XMTAGuZzIoNnwAXfNsnIWyEGFlTyn
cHZslMSSIWZ2wSDOBLCQe67hnssl8tzOp2QDaB7gusMoVgBYZxSXA3iMhzXzsKM8
7AgP85iELw4DXzQJxp2A6iahYgtpJfv8gMAmIXQ3SOY8ygMmocgH5AjYMaQbxKfy
VJDbcqDW3LUdhDlwHYzz4QdGUfc0g+fH3PMfZvEseA7nnHe8RXRCmJu7vmERq8G1
lbve5663LJTgtxbK7KSFMjvO0/2Cu37CYx6wUOnf4wn+zUI1C/J0F3iCT3nYJ9z1
IXdlpxG4OY0S3JgmnnKA3J1Glbg3jfLcx11Pp1F5v+KuwnQqdlI6ZTY2nXJxpFN5
UrpYMpToELrqeVglj7mcp3s1XQgdAGKYLng2Iqmivv4iXSiFccjJEF4NAU5kUJQn
OaIcBBoFeX4XWDWAf88QqwEM4vhisVIYs1JYlIdt42G1PGw9D1ttpbDHeFgzDzvK
w47wME8mx4lMjhOZQsljgBOZwr7twB04U381U3wUYr6YKe4DUMC5+dAs8szMIs8t
3HNTltg8lMjfUwDKOeOus1HMahvFfJF7ttso5mkbxZzNqBITmeDZAbOfu77LqEqN
TDgKnl6BJObFIoHzHDxp4EAioHAQ5eBuI4HiNLFjKI30GQDXpYmnAdzNB7WDh53l
Ye08zMElp7vTKQxGE8Nq0insZzzstxwoPEoHj3KWR9mZQZWvyxD8IdRwqT89GULL
XjO7yMf2vwFAzE8yxAiAm/ngTLOSJ4hh6Pkw9wSdNnsYUDCraAXwIvds5zFP85gT
+RgVZVLM6ZkU8xd8UB/LFI4+AHQ3i1xpWVSlTzIFZ4g4zgSImWsTcwAwJs4EMJiJ
NwJYAYoIgAomzh2GJF0sBnCeiSUAVCbeAmCyIN4KoAzEHQC/NxCWv2Eg1D/FBYCf
mcQKCNvAaYHPTK5zvA3PWMWj4PqpVTwM4AL3tGeSJ+hi6PlopnAEuu4B3pS6TCHy
KHR5Jk2S9kxhzSMgVHOsW54ltkCC5VxIW8fIBUKaB2L+iNPP/ZLoAKp/mrv+i7uu
MAotkPUvjGIUErzAASgwPQB+y8FZoKYAPuBgJhOzIV0RE5cNJz0NQQkjhrKMCXtw
FYkJa24GHgBsEMAaXI6kjtyH8joTMcoxJm4DcISJ1YwYZp4M05cJUZhx1QCAGG8X
hQMoGHHg46DTRLl4zOK2NNBRoT8BlJjFJQDmAXcCUGQWrwEw0yxeBmC6WbSnEdlm
AArM4rsWM5tgFn8DIM8svgQg1yw+DcBpFh8HkGMW/w1Atlm8B4DDLK4CYDeLCwBY
zeL1ACwgzgGQzOJQAMwsCgBiJvFTMy07nQXQAxodgIhJbAZwFBgmqPBPmcW5AI6Y
xakADoM0COCAWRyWQayVAdhvFj9IB7HCLL4KYB/UDMADZnE/gD1mcQ+A3WaxDsBO
qFk6caD5ALaZxRnphGD5AOrM4ph0WnGwA6g2i59D2yvM4icA1pjF3wFYaRZbASw3
iz8HsMwsygB8GcJWGEarVVhzBXSWlcZvgpVGc59VrADGXmcl1XGjlcTxCivpr2us
wtFcyNMqzgTPmdwTpuhRcLVYxSNWJLjkeYQDILEoLBdkihIoYRKIlnnQkZniGYh5
xkquukxxHoTN42EzM8WpmYjz4v5MFELFbQAOZArjroWeyBTenwJ5ZgmdN8KIZQlv
AZCyxLMQpSNT+GQq1DNLtGbRJJkAYG8WKZL3ZpFa+VSWcOIGaLRN7IAwJUsQQCE8
nUV64aks0gubs4RZC5FOEFhmExeAZrbARk150CZW22gVY6UNCbywDBS7NTbhQ2jf
Sh4lwtW1Tht13TnuOgtU30bE/zCAZu75FI9ymLsetYn7bTSP0AWzCjPzMHGBnWZc
DoDpTHQAyONRchgld3CXnYmdNiJr5wAcZuJ+VH0Y1Ww/z2wfEx+wo6QqbgOwnYdt
42F1MKftNG+XA5hgEOyPQ0EG4ZEfQU8YhH0AnAah6E4o1iA4D8GUMQgdtVC6QTgK
/N0O4AfQrQYBxCNmMQh19TAqBiECuTCD4IGYMZEkgYhIkkCJQdgP4tZMA0ldBQYS
zOoMQssWVAKF32yh5WkU0xYYiECcMQiOe2CMODjGwWGD8NnduBwkvA9gNwc+Dgok
8UGQ5LIlcTcAJok+AA9KwjRIt08Sz4BrmySeGkKi5jEAJZJ4eAgx08MgIXVAcgDH
eILDHCw3io6htIqIxH+6kcSYqUaSeyZwV56ROIKTu3KMJCE5jCT32I3iMchzp1Go
aIR6GoVaANVGkjxWGokcggrzGPD+fUaSC3YbSSBoNgovAnjKSHLBAZ5Zh1F4EMjo
GaPwAwCnjcRvjxuJtsaMghVKjxiJG3YaiQ1mm4SJ34IxMhE3ZCaq4IMmoeNhKM8k
nDtAQvDvAOwxCZHv0+oVjvROAN8DfDEJdfuhz0w00j4TjTRoVUDM2EYTjXQ1gO/C
+JmIVy03ETs7ClEeJzEb2dl+E4kHERMhWDcvVuHFdpqEA4dwSZ+KPQdRAJyFdBB2
hhfbzot9DaIAHzvNiz0FMcGzxUT8D8X6A0jLidVZzMRMR5qFK01I9YUOGKorzcKk
25AxCAeAYk4xC0cdyDuEDBSQzULNOGQvQscaZD3ChbtA6wfXFlzGFW5CndwsvDAO
Ka2wDPDsdrMw9S7LvEVL585esGAp+9fzr+dfz9d9Xv/8byf+duKnf8A94L/eIrA5
c+fSJr2zkrZdN9Rudlav3VyxccPm9c4tlfUN6DF5UgG7TfXlWvWfPC/XegjtCDzV
IK+yJRXr5WEWJs+JHroWnPKc2KHrAQb+IgWHxkaKrIYpgVsY+4ZSezNjXS+NwHqc
PpXGlnrLZL+1eT/EVVZCUPUpfHvXwlhTS9AV8w0KNUUvqqrqj3mUyCjGwuZW8mB7
Cexu8Wsxqn+NdVFegzihpp4L4PE6eASbIvCq7IX8POoz9P5kPIZHuW00gyjd8M59
gk0K/A2PlgnaTrBA9Bp/Gne1spUqvXDnXgZlvxN4ERMz35Whps8w6KFuSieJgehK
rDtV5G2q2cMj4zU7Sx5N4NHW1AkeEnRGVVvTGXi1QJypWJ+HMKY6rXsw9J2wpAbi
VzYwJlNgYJuV2R5ssT3b0tRi2z0axrHLKGDu2yjl1C9UtSa9Gvf+l3iUi02M2U40
oWcgeoVt93uJwhyQ5MjnehIqpOAuzOfP5Lkc/kIG5TvA6yELd3jIIXHHup1YI8yh
t8j6TcjXZ21rYp+jTQmMlJUHBckn8CL5+5aEmjBbj7I+BwvC9+qPqDs+HIFj7p8c
asKiqv9Knr/lnjlyk0RVwgxrxCVB6jblFahseCxvQ43oUf7zLr2HoD6I3bbdykUc
W/TCCN+uj7fdid31D8yz4h8YWOOg9rc3YRad1I/PQsALEYbIuxSKXANO5eg+rDaG
qM+gh0cRH8BhXAnvRd8SmEemV7Wd546FLryfsclq8wXIKOR4Ebsm9NjM89Ax0kg3
CBkD+Q4ZyDfUhDXt560utARapfAo2dQ3iIfIbe5Ao4X5PwhJPPghDG6TyNKDzx3u
BQN6O6CM/NApaH1FcCiGr1q94lcn4+Yb2lMqd1fnQQ2Va4Hz1hiUP0Kq8lfAt2aY
cucaxpT3oAPKX0mOD7O80QITvarXPVhiPou6VVIqTDAYu9YP/kxtc1upMu7hQbcU
NAca7aJvXqDRwbbc2Gb0iSKrGyOwpvP+karfoVigOnKk6bzPXBVYNFgKGwOn1XB2
8PrgVkl2OYJuKyQX/EYMtExuWbW6/KSdffnTdc/tjN3/3r5LhUP9ZZdFZrOAcGb5
jUquCwa0hVqst0s2zxKYsNM/JDBrJdSX+dKr1wBU7lzCWGBW3XD0yoHaq357mfcg
utX2wCl7IKr6qf7TArM29om0sV8kux6m1EAHQwg0jioBdWhDLYQ1lwAdgD70KtJK
KPiUBK2XsP6q36KcX0Femg9VQi61BIfii+bZZkRHAWRCGbcZN2rOPgGBWadGYm0z
1Gn4onyPBnyAgFWpmBDvzxqhhql+K1SrRlQEL+BPEpZBOGW2GBvWpPqnhS9TM+ug
Ow/in5c7xOd9WHfJDgxCdsWgk2ZhAPP/Xvmmg7GDiDHg2Whl/msgedbBbeRxcDsH
D47ETAzPP5gNzql25arVDOpiV96DtKvlP5WftGo9VoNcy4ctiHcieAnK2oQXuiHS
Ir395BaUm1KajU1ZSpgCtUlTLoxC9Ak3VsluR5X8TtWMkz4a3o2y29LUsv1qnCMw
X9Nkc8g7fMZJ/9A2N/WN7jbKOEkmnw/PkN1Wg9tSNN5tsZ3wDpNXS8Ex8unFQKtc
MWUFcJdCYKCDMTsm+tNxQtgDr6thcfJ5uRUmNjZVis+B9aPic4Dj+6FOE8cLdAe6
LcSo5UY7r55vTtAPnW8JuqLhcbIrCrzSC/QVpjSiq3lyS9dPICd1IcSJyu1FEC3Q
GGP+38mtXd/G4kLYILe1qcXnATAjUn8ztF5+W2iHHnBSR/gzoFPy3dag2xLO8irP
AZ2C2BL03DLZXAZj4VG+Y8ZMLEIE4sitglluDU8PX8ezHUqZ+CBlYyLlSNsJ9zCe
thA4y4zWLSbwlcIidggfepbUXhww3zSvcu1QjeSMl1sBaz1epYvnmW57dt71KnR3
2NwGiAgP4CN2CTijNGauKM84mYYS3cAZiRgnR+RZu0eJLHyZbJbfXkJ1+8BBXA8w
YK9UMHOWLy3QJslm8DmHf33gL0SKwqYwNomtWp00jKxP/UP3o6lfiRzd9TGMhipP
64ZBzZ+mwF9ozsQZvQ2i3Fumkofy+AoqlpCxRvd8HvioQK8zercsCbliodLoEuiB
65MizzqI2c5wxfzi+F4vyGrK0qTQMeRTL2BvxEKO6cGhmJvBFT2EqZBEp2Ai1b/5
AExSuf3QUwCCQ4/A34P4p60ohhHaiqhzyStYJAUhk0M4q9uM+cBkcV63Ga/BN/Dj
ZKnbARMQ2aBt9xEcFiDaW2O9rVxGeBj+Bv58EUaQhswdfQL9YRj9dsLe8e8IrRCI
noBlUdkT6z3JY/QESyP+PNnVI3skOVu2BNPlEil4i1RopIqXdvstsqubWmHwRzBx
sC4a3BrDuRB0dfvHUBMgMW/KNino1V7NwRsgeXyWJrGaXRdxSLekNWMVwtnhYZht
yeToEzjAIBWOQ+mLo4UlQXqsAdXeYIHh6ELD1sDHMdlv0RoczoVxkdtf/tDwAnad
7BgJ1PGF/fgqZQsnZ3zqy1RdMSKbMMTb39LffNA7MSSkGFWYaQ+7ArMwqIgP+20U
L5FvcOrIJB9ME5w5UjWiV+BvIKhY2oqj1MVtgdNCsDgmtwkR+Z3Ar4WgJwrjjkFl
SgHMO8SYFXxO0dBm86G1NKRBg5DXh6FilkCLVBLoiAVaLJxLBKL27SYShJA4vYnY
OAvHRZ+o7lghTt0e2307BeQHFq9yP01y2+77ifjKXkku78kvjwW+AMYTgdEJlisN
BTC+cmkkOEcK2gspw8SQI160C59jc+ZEg+4YJAlfT30dmjocE9VLwWkUsbw7eG1w
lRQcJpcq8q+Fv1MPUJLF0WBZLLiwW27rQjlfn8+RXX+m+ezqEaIzIrZvvka0JgY9
VtojfD7jpO2+5wlbx0eh3UGX0lAITEMenlRNQD9E3kRl3dFAx8Xx0d6zgN+GUiVY
Fg16oEMi4TTZpfDaUHHyRbk0hg1oH/9p4HM75aM0DMZ+aB//OR+voDcWnk6l6w2B
PGToMeiH4lgq0tdJwTLt1RScAn0kt4WnyTskrTfHBRqjoh/JtDM8QnVFkZaM+iJO
0TP4KHbNhLFK5mld5m8k8zMUJax7XZY90PteS+BztfFGFXiGGVmTea8rtkfU2Npl
Oxtj6T4T/M30D/Yqs6NUEk2cZ5FYPOuKdf0UXjD6PubPsD3nHvwEGln7MzmDhYjI
26p2LRrMBM6KSjkrsnmVT3spO05hIbD3bHDAWoxKqgUkeyEp2bVYhfDEcD6yslBp
DJRDj7J5MPJdoS+zh+gSRtc4UNfc5dQnmsgoL7R/ZN/rssY+/ZnfEnKrq5H9XdsS
7k0iNmHHXvMNJr/kLg4DrzPbnh02vj08XHbZ5faSpreCLrv/A9uzbtX2bJk6vn3V
as5AIX0ZFdCGEsNCu/zmm11vdsU++w/514E/Gj47vHpVn3harMKL9WN9Ey+EfFlq
aLtNpbjyrzFt4K+GwN8Mn/1HLJwVQ3c8K5joPDetTdCcvR1VQGI67FXyyaSyf8IT
PIkJMH7XO95k/KD2HjxmBsJmXA5iYuOowCyEbPvgg8s1oTMC3Eqeag8bT5RlAPtU
fWP3mne3+EZVH4UIXqUVBqm5AkLI7VGeBTe9lik/waD1iaDv9yKyEqZ2NWb10z3i
DAvJWKMVCViD+QRRtkzZZdUoW6gOZB6Nqlk5VRvJeaxcFIOpPKMVORjMb0uXCP6F
/ujW2cDOxkeIIvTUT5BbYSIL7UDU5N+EZlrk1wO/EoIl0eD8WOA3QnB1NLg85oH5
rxyPIqGxdB1HgQ5l9piy6R+cMv6YizhyY0xoAwqq8c0eW9O3KKAHmPyMVtv9O4mA
xumOPwOmd5BcYQO88oh6xRqcQEqQFZoN/h6qY2gmyGdISdzR4JxYuCBe8e7gXIiG
cbMHaAVvArQAKg9C74BcAzrOhpLY2V7kK10roQHEIzKhocrj0MqumwWt1Ralggt9
1KVTKKY1lelYL8F0tOG5iN0AI1KMwyOXReV3Ax9dHP9Z73u6OBENlvYEyyO2pqfi
3QdMyXbfY3rPR5TPennP7+Ux5Ivj276Ksqv+KKiM/wbiqdyLFBzGyxXNp8ohZxhK
Mo7wqcamiolNXc3Z1ExiSO8KX2i9DzUH+r4U6bs3WN6tHDwPmbaG87C36hBNojAt
siHDgGLxEA/NRqkY+m4rxmxLHgLS7oKNMdCJkJBb44gLaVMlQoi8qxvXc2DEZr2G
+qVt9/sCKlGHjoLrUDOJfsdG8rMuBzFG6KEYDNaSaglHb5qHVgJxpUPBGIFT1lAT
htcIHuUtioFplAVpjBUJfL3xGYp9A/p4lIeo04NNPeDnT6/eBjNZeWQOTN5crIUa
NqmUSKa/e9lMp++v8fc034dhMfwH3b0bxo7w4BnMrCuAr3rUy/1unlF4SIjKCj2E
LqDv/50SzWdN5AYaVSK5Vg+YIbrf1Ym4M2/yG19CPOuT93eT83b6cpJqbk+qdVMp
ajeUtBU6pUnl3eFLLzvoy0C9OgzKcZmS3CAgjsNSewbzeQ07HjVrPIWlZuIIHqRh
bMc3HMVDZ+APaQXaEgvgcqMVlCE2c6V/CMAiARqbLpta2eUBsxhOxyB52B5RNaum
uNxLK8uWg4gcM4xYgH9SwIguO/kBRfeo07A4pZvEiUP4DqP7PRzdXxbR9Ga+K8uU
aWZCgn3/zfEbopzCKA9DFJhXK4ww90X5IrUh5GgiYXI05hWcOaSIEBSwXqsTLnpY
lNXa+kGyPogzqPPvWgnGlxTsUr/di9EzIYrGWfvqd3ZCcC90ZnMRKVzS5PNhmHX3
mVCxbJWuRy0vZ++8G9WZK/fgajpIFNf4Mqq7M5BjSZIm6H5hYDAgXmXIIszEB2zC
SrhlbDWz8HLI0oY+9j2O64vkt4uDLitFmFkImqgW8wPtxWdQXdbwN+PV+veb+EJ+
1DcIyJBXmUhFRpXqT5EDaho3DXJglsWKazjXKC8uxMq/lI5EdbDcmmuTZj8fgQrv
kYa/fFFyB9TB27vajBgbsbkZg7SFsMVe5ShiaRTU1BqD16PPdtREgbyEJ6H/kGo8
lxYPtGuC5GDyxgGKKT/vJUVex0Do7BCp9coSyL3G4MEWxLP2oWxqDlMBLJ7CybmL
z1JFWlbYVEULBFUQS9M4Jp+vAm7XhZwyJD1DaFNqkeeJEqYDruXLkIF1FQEn6Q5b
8BUJO9B0HqxowdagqxMldHiV4FWG/41K0NURnoDCif8KkM4E23OlPaASPM5Vw0KX
1W+tQv9gYxSrEGgzFTZ2NJhltwgddboY2Fthge2B9bjG2BhlRJ2hhGgryLNFor6c
wZkon5wuvhOk9AK5rL5pDBLUZbj6+QK45eIcdYvTQ2HqljzlB5+oapvx3Eg+esFp
HagLFOce6sTp44oeomXDp8M4AI5Dp0mLyj5E5HnaNYwpwy5qXGaFbIYp3DbPLOGy
C3Z/j9qOSMyXe6Bd/u42V4QUXNDQI/rUXDZckpdkQ1IZk9Y5alBNh25V21XoRPMM
V2T7m1puzedo48qjXB3P8mO5OFuddha56rQz9LedOK4C+o3a7lFeCWt4/Yo+ScOi
+g7PCJjNHy9oMzxM3sc171/HvZUQvuJS03yMUSOUKT/VAyO6vp5H6yhac4bFm2Oi
5gjBUuTv2JyYbEKF/c14hWBkPTWChroWbV2BQkgO/yX25JQW0AdCW1WguOT+9Ge9
b+b/4/7evkK8JnlbNPqFYvw7iQx635Q/B1k8oVlYSLPQZP7YtS1yO5L03ngRoFX6
LZ/9aG+xuter5p/Us9Z1BD2qnjkpFwOoFZY4fbQv9QJnHheSdoSkV9H3+Z2AkkJ7
yLEj5PgderzwIHhU4RZKQDVsf/slPNIbnp6U4GEIb5Xs6tfKQ24rNBaBhlB/wnbC
+LCmMswDj17Jjqdo/enN38a4u5zqBRhIzKiq14heTPSBEElrH/F1Q9q8AzLD6dEL
f8ZNRePPBsz1yUSuPft5rk/Gc42IWq6RpFwjmGuPUgm5kjw2wPq8vn6IKqDoLrad
MHuUPzHcSBy2BBiJ8nt4vwEUVtAwUEtl/vdsJ0BSPVEaRTVQW/DU8CJ54EKz1dX6
mjLgAQ0sapOnPxott09p+fRn+W/Kv9ZwAZEkGR/0tVmiOWXK45BraKYpnFbY65cA
uayL9pr3llpvaPf/FQXNpCXXuBBxMSy4qSl4oHsP0scILvwOsH66FCseULWNl6vk
Ntuz7S8sFkR2Xhpp8WWRO3CyQz4ZzgDaiC54ZcjnUaf7QEzR6aj8yedfwjEPO1BF
NzCfyat0fqyqxXJboC07cNGw/WNkYon+t6L6ZwWWAIrO53Iv1yfGRzw1mWVKYYTT
I+h8vt5Meh3Qpxm9vnQYWhBLtkWIhZUUuqJb0+W2fJfF4OoJZ8j+aDHqAG3hX6QQ
cgcpmxoGW2s+V7ILoR03kD5pLwpExQZUYK4mtyUZB0Hs8A8DSUVTkWYXox4T68Kj
8n1iirQ9zElY1/sY3mjVsJ1USygo3xX1oMgDLVF6XSgFBC5CxtrSeheu3Dadt+3+
HsCympFe5dq/8X6I+EYnFbbLSoUBzR8fJVK6KQRYJJlnZvovgzchCiQX6/qQi29W
pGn5h2+BftsJpB40pEJ/D3DbBkefNuCMswYaI8wPWl0384nhQcA6QPd12We4orb7
ptMOQJQPVrJ8Q/QIBTYcU7sBGH25Q/iijYZb6xOg20FQYl0WGSbRySU16R5l6V+1
9oGwiyqbRY6QKEBvMIzjozMiDWPoRY6UkSi3869YA6tQgCryp4CUC7l/Nfq3Cm1Y
eV86JYFRbcxKiTu21ZzpbjWnu0PFogA8plgQXBb4K5daBbELt700Bc7OdbL9UG2+
sRWnfog756bDkIZZKu68R3IO7UDHu9OCG6U1InLtI67+wYhbDo5bXuX6eRyz9lG+
Vtlvx32We+TWUGlP6DHcpaveidVZAlQT8ed+0nHQ37PEG2yqgxfls7kg/tBrsGkj
/PVNCbyIEHGsqVrlD8ic2NdWA0UJkr9Mf3Gfx8EXdWGIWpvOb90FLdQHe0Xy/hHf
ufQZQICe3NKXwJCkWqZvN0zDfkulDWle5fRHUCDo6G3ZcuutIJb9SUeoV/T0nDqX
KQ+jYYRHWFLmxW2/nd0074XkbSfc7c0Dcbm3HchJ71vBoegABnxSqxeEhyovfv/9
xovff+9D23OuixpPIP/Y93/fiBt98kLrFS/3vvl9ECZjV7yZcRIkx9jvN8X0Qr7/
3kfVakLyexlqn7z/ifuJE7BUEBULrGLKdq++P73sz5papLn/pCbcge4JS5sXQELl
+nE0Y95fJjAQqbstIDSeqZ5qxWW1Kpj1B6dbUR47exCNjlQWKj0TKj/zy8NXCqyG
/zMurmFLkanensXYCk0wOrjGqm2Gr7HGN8N5H08+D+NoDDbyLT7aoMB3SqG2e5W7
PuYCmz8tMGsNaTCd+maixGue17wTK35vLtqeuCIWqP45rHDIdbb6Qap4fh5DF4ia
qv+c0si4S/QoS8YjsndUHCJM0epKLbM8j1nUsCVKp4DWF33wC/tvht5/8kdyl9qx
tMy7pNoIHRFXi1avWgEZdqlD+kgAGv7StDvAp3HQLWk9Kret1tZbcUy8zS3Yth9e
0WdQcOvRdQaUrLcwvVv6WiPSDrNngA0voMoPYC7FUnItkjg872WscnMn1sYBtamR
lBkXacriXptvPFbLoS9f3nMlIApmJNvnB+1ajZGRng1zhnpWdp0NmvWySs9p1jDQ
9iSeyUt0ZGL7L6cS2y4kSsznJQLCqwVYpvmfUCYWqA0/IOUYPe7wGsMS5aqrcFMC
qDmJFk8AR1udqGnzTKxlbCyN0uOlAmpatNN8LQpRrujzc65KDMcSwsOYMjuDcC6O
xvp4NC/DzH4Omc246FuWUokfXkn98FIs0Q95Ws9fh1mK475WJ8iucxrKt+lkDAmV
nVnZRKh8g68eTROv1mkLoXfcEgY0JXPzxiwgpybbc26TECXye9pBrKriIOKMXBQF
zVlmuJB6G0wfzdcTlZfY2+ZMwHxTvfKSvCAtrrRMSI3hsKTEKLLotild/0gJmN71
R3yjbXyQftBqh4R+U2pyOwgBQY9jr3ve7hYfqFDFwNIwXg/rF68n6MmGGQYZZqJV
1XnC+khc5k+uplweCd6Wm1pxZ78c63LDtmQPtcgJQpSlGGRxkJj/lJw8eHdOapu5
Ji3f1KTamoZzeeFXr5y2xsUEv3XGRRge0nVur4JqVxUWSyDFmgtNtApzK/llFEtV
T+xk5DOTD6LtuTKT8Cl0Kqm3oGnYi+TyqO1ExtwZb5JvT7A8yncEA409oI9QGZr5
2ulsXDsGDcD2XPFg0Bmw+yGRbfduiNPrRosy5m9AgzPbQ9yqElesBstuS6DDEIga
uK0ll7MBjYGKoIQxTqXtADuW50un8rqeI3IZ6y2yIsL6xoAwrgvHMcXPE2hRkaYF
2qxdteAL9bLH6xXx1adWpXuAqlBH+yNUFUX5Ht+ZyAw0Ksynde81ICjq9chR/Ype
j4jyCY+txTNDJcJNuD3yK5DrTkvUVY2WwkarX6vpcPhrew7N66y254ok+e2xJ3vJ
qA4NdLfu+jOePttVGUNQ6I/5FgYa7cxfJLeOQx+QLXd9iC8zTvomQNeQZ2/72MgT
+OJD0RA7bdfrlMvCeC4Y8DhDgmUnprsDl5kIx6xda1Aka73CFXsC6YLvBtkNipK1
cI7VN5zKzuQeGXOs2uLe8oFyGcklP6+y8kJyf0zobUWl2Xd5L2f3vhG9bt6L9hqB
LPAgyZNoJizqnaYzK69yxweaNHDDLnUnpNk6OD4/eoskys6ovPW2qsZnUWC+JCTN
oTxui6SzQMg0Hli4Lc+fmJiBNdLFMFD6y95XuUqtjxyOMkjUKAFcczEZ4fhmnQWH
EEezt9WpDWEJYBcm4mrR5ym94Ycu47FxwGkt8PZEAa+nxL2ZR/Ld1OtyUFM1/8m9
fIuMUuf2thZh2EgdF+S3dfzguK13q4P0cMgK12V9NbLLEegwl/jsJb4xJb78gCL6
ppX4ZocXUW1UXIW0o7mkNTxLNy0kn/CkyS2AC3I57nerb4bHpMRHm0pqO4snX5VU
0ugS31VY0jUlvhlhV1KugVOW8DSelOeTR4qblZcxKrn8rNRkK1B7Qoqo72vgXEde
ENOXarha4IpVyENprJcApbXKg3G7Peq7rg/bMfQh8cG7s1Mpcg8tZULpeptGQAdi
m64o8Y0PTwaK5ilT38H2jNPewzm4I/g2vAzRfVD9LPNQtFSMl6n9etZDS2ACQtbZ
Jb6R4cu86tuBU1J4GEBQk9vgbwa+mrg/NxY4vYxYQ3MzihQrR2gI6jEJJyvk0dSM
W6LBxbl6V9wWlRc6g7c4k7qmPDd4Ww4yW7vtueVS7ysiS9pJxUXyKC2Sd2PPdvOe
7e51RQoomoI7GDGdW/cEWoo9yjUgvCSVNyqYnSgtKBJfluTSnKDHSrzXXgVctSq4
PBugAnCkXB4LLnfI5fbgcktbEUkObUUkU7zw44kCCy7PkcudweVTsebLp8vljuBy
p1yeHVye21rkYq1F84TQ8mLQYq1Lg65O5egf4rQiSWhBGUIZ34sL9BOYrekt9j+U
YXTsEfoJCHnB27JT5YvOoCcHNzweO5/SLyvswblfKUoU5eJWRF9pItDYwdCmrANU
m71FKFT8IRVnz4EAqLb3uhSiInO4xIhaHUiMp1Fi7ISRUv3ZnBp7lP/6QlUxCOZP
uvLN4dA3v6QFoLMynT0JithN/ushQ6LskzCugwwXPHlADicA5cMOVypjSfnciPnc
Kaa0CJrzlOzKC7qOQh2CrmMh11OeGkONUI2W4cpfCbuauehKokceyaevyh4JNDXV
n6v6nao/R6+5vmjWG0NFzcm4nETRdexfEZULm9RgacxvVH46jFSpvd55u4kU6GKh
SXYX4Tx3W2SvU16dKy+yIqOK8dwXL13iISkkSiYAmkDkAfoDtAdk5ew211GQ2lva
XMdEYrctWPtQ49HAIklsvgfen7+HMw75HaX575DDr7haQTyHT18ZDSUtKA/9jboG
5tsx2fVU0HW8zUWXiyKN84uTzwcu2rYYT9hw7vlbJqvh4XIbbl2UOmRJlN95+UMx
VH4KF9NnXNz6p5DrqK6pSsovhmo9CrTTyUlGFEnG+KG6Uo1N1jv0sc9pHCM0jlsg
ivIES1KkKSMrMUwulnIxe0ZVrxuwxTdRw7eQt1heLckr8uRFwDBvnqAZVm/nVr46
arW657G9bhekv1reOrOqt1iCLEb1FlsJ1UBwK5LLAMlWTYBxUIogbavbxfrOaBAK
VnzGpWWNkyd0FZhcN8jmxMwLGgZIPRpSy1vz5GKgnmVAkiR7VbDY7lWysbLuHK+u
jXB53KLJePL1IKkgU74HeJ7MZK8ktPPtxRhaucRwzsXwxIEyo4cYvQ09Sx1BkTP2
eSC3SmT95puMIqwQ4ZJzbsgVA6Sz19Beb0gdKK0FZd97SEVIYihWsr4xosVOEQj+
9tBUc8hl4XmVKXN5ThQ8Fi3vkoKFMiU3KVjkRz9glHO0UUYUxU1S90xN+G/jq9m9
RRaU1GxNz3E3UKBAh9B7dkRLEWAAqBswYAKiaHm2YWRwdZHsj8nDYEClYHlP7yuc
j2jWoL50eQvqGBJMRyA2JAxdAdKjwAUed5Hq78b9xEW/V1VAT5LKTPC319VDUUB/
VzBDXzm8IDWlLRzeXUitkLHJbkeZR3niU2yq30mLzZ2y11EG2NUM4l4h0qWoz6yl
gzJDpaCzdENw5VlV7XqEke1itsB8q3hWq3hWw8mF43XnxXjtICvAZKrbGMTkUot8
m1Wtty+FeB5l5fl4xLCNt478Y++AcDxZb8KI5Dr88Z2Bk/zqHeRlEea/TJ85g+Ri
mDZlE5ZQncwxnDjzBpo4l0e0ieMgPW9pYmUVxrLOIrfnl8H0LbJzoaDrMhzlxqjc
ZntOMgXagOzYnnMMg5cq+TTNEktVsMSe9pZv9Hzf0Pm+wfN9tvm+ZfNtu5Eudr2L
f3DnT27DDddDCm1QW6raigYLbGlpmfeXSCxfIIq5sKeZgs8qj3QD2VxVvkKLCVng
GYhAmxRvDmrsOWhCW5RX6LL4M+i1oJC0UFc32bBFZLKk6PafxUCG9sPiAN0x5G+o
1XQrl32BZKpb9uR4gqV8ezo8BmqNjZbkd2RssySfJtZgWbxE+djM+FJMFDf9fWji
gVsaTe0Xte618HVFIrDfuYgcK74mhQv4uHECZIoIbFwfWaodGoHJbgGFFFcpoI/9
ktwWHi8XS3KZRV5l5at/gBw3fMbNeiE0I9DmoBMPvyG7PSz96qvnzJ27rXry6ZU8
XxcZBZXa5ZKcxA6K7LUEF/bIb+TPl4KlEdlrBa3LRIiMVsrBhZ2+e7Gy/3WBd452
pGtdvHc7fN7wBM2evwTmXAfOuXPoUcT1o3PQVd/mM2ZiwNUhURSsZ8VBwrnh2rId
CCvK+zYSQnifgDo71EDSp1aqr6Hf6K3tI56l9ZPYsvsKcfJCa3A+YQ7TWcT8qHyz
PTi7IFWmOiO7zqjtSFODrvaue1E+8rejJWUEJoIYaBXl12EipMMLLae8lvaWbfcS
iAWYnyEQWIXANwTebuD+1wLomiQmN8rWdBm6MVsZc5UAvzxB12nlrxf4VtYp2+4Y
0dme4LY8ufRU0DMhWFcgu9pBIJAHg8QQLG0G9PUq3+hFPD7uVa7iZjMtVUG3PdD4
msE/WPV3qn7EXNBBTymjPu8vIftm9OlJsV+3NQfn99GUQGQ5prY3xyfwL7nc0wxy
vbywU/l2GMhnkZDS2t0F3I1iISgGpUcBXdwOkAqD7my9Ew51AxHoSxo6m7s5adiu
cNIQdB0JX5Gc89tMKwky1LOCSIHGI6wRx1tfTrCgSRH1zWm16z9J1jrCbLuRzre5
CV3wDChO7OMDKJT9cS79n4hzh2XXYbU9UfvmrrEXtSNSIGe0A8/FA8t8hr+iy3UL
skCuW5yhy3X4l5bRNVkdeD0K6xalOcKFPAsKef8O8ZVT55PEvh3o8zRanQ4g9pGo
gSfFJNDBhdZAYzbzifJ1srm3yMoVyJgPZPQcFGBAUI+VKUNJNnZQf/7NWthobziJ
gks2Oz2V7FJRic+gtSUnbhOm0WsuMpTGGK5J+YyQZusQrrGQVR/uaD9CzMhOC2ue
wUI7UV8HmlD7bkGiw/h64E18KY/44kSy9cqd0QYkbetoUlohv+wawYuMFHMehTnP
gpzzG7sDrh5r+Bmevx3zVzQjMY3a3Qa9o+dcgrRMz3k6KVmUMy71KJTzyxeRS0NL
h1KJJN5xBqL8CK1ZQXHihXZaw9/jhU4KTbUH/edkU5vrrECyR5HEQD46g/LgGdnD
F+POBEtx5V8uPdN7u5MqsMUIGYXrgUkYgNAPCzSeFQBpgC5tGSSboHQvVKhdKUc5
YpDe/NfQayOeEFIDf7UU+s81tFD9sZ4KEQ2LcvHCJZvwEa7p4UGkrls1sdTB9KVr
UHCA2bituIDodTad5wvRuKoT7a2MyRHA8fLo5Ld6P0PJ76PxrTAuvVcJLkvTeZ8N
xhykU1ovewOLGCabx7ss5Is2kej/HPGjHu1QRY//fV3XkfR1IkAn9jxern+Fxxr4
3IMIKsmt4Ul8+QLNGNA5hjtxKfkm2R2FerhjaCDeI5dag7SwSNpfbrKYxE/FbSQy
Dhp7Dlds5CnjW/P9aH/SO0ciOS6DzkBD7nKdU25tatlxGReo+bo0iCyNFtUV6+pA
CYmYQKOFEILYuAUmTder5JLbNWMnkMaqIHM7GTveSUzXIp+E5iOO4Om5iG8F9mOR
lcpf1OuWkLj4iuFF4jVyWwwuBy7ugA6s7T7IdpDFIUYRxjCFXN0BJoVcPR6UiX6K
1Ke0hxvIy7wgJiEmRnRMjHDzOaBYiIl4hGLLoHx/FJSVyS2BqGBrmogalRkt/rxS
L+2fB0s7E1Xp0KrS0evqHIRVWIYnn6DTSjswzchg+Tmg/oE/lgT+URQs7/BDDTug
hhCJt9qXC696k7MhE2qyLeTCGdihhGmHsYPO0k7UEkELYAo4ygjJO5SbEccGcaTT
vJaTLNipjZSPXksC0RIs/VwgT0pkVMBri1UtygE+OgzdnhwgvCOR6p5TDN04SfCt
rAPe8ii+Ix7TATGzeczfh/WYORBz8nm5DQmny2K7/0VdpLTrAmTc0moskORAS/R5
PzCBGgvIhHW/SRx9klB60ZfGkzhNDu39JXk4+3rklr/CxVHcsd2bhecrm39aIrDJ
b4XKYzUs8W8pCMsxxY3GMm3IlLjpQtLeom+olj6x1zrrA1yB16LChIC5ptZLHsX4
J+1QuEbx36ND+xbSLMk/vidGgjGdcbs+nAUkDxza0vlVyKK80PAlJqFdLpPkVfC+
wiS8C13zi7fpKMijuGiOJuZaDdQ6Sfn7h1rRxOhkv4PU6tHNr0Kbn4+QVWviH2RV
9gkuE3BSEQS5vJVfm4CEIk4nNFstbQ8y0JjDfMOoZTnKqE6+DQAy7moSiKzaxhMd
e1kgYKoIV8mI0YVm2vlWVzc/DKFtwdmauijn3KS9L2WAvS/UZvA0JrDut+XSPEhN
0xA039IOnwXYOApkHaRaOpQdH5GwXkQiE9/HmQJzgthBn8W47jIlXeVi6jlfpgxc
y+VE+b8zPC28hJh4WqHf7ncDob2HRIbLOG9xcsCzgkxe5dsuY2hjMLPQT3yiMw3E
AqsKcq8/SouHMVwA+e+Lmt47GK2POZuG3ul6n8tJcqkTFy97BF/KgfJfncylDW0+
ukC1S2mAOVOy7X6cFH+0F+s9K3tj49+RvT2aWKEdDOrp+gEjS1DUrcs/1I819XTt
0b1jSjF5+/OAhOKtBh5aUbRoNqkRNCB9X7dVRtazWI/HOyMR6zk9VjqZzGHccdR7
o5v/iOjY0x8d2/7CpULkwPrG/wWIu+yuusrV+EkY59VkPS5ACG7iYcfMWVux2gfh
GyrYgGHr1jb48B0RzcA/Y8Ma4DeTf8Im/gja71qXAHBeokz2tR/dHtociEr+4Qcf
RHrhzj64n2AOn9h2DDXq01xMMRJLST/24KM83cEDBJ1VBw9noc2xO/erc4rnRxY+
S+X3Dcul4FxLaF6uJTjXevApzHGu1DaXbkhpmzsYgb7aPjenYj3otEFDxfrgZYyt
eAXzUYY9r1GWpUkagSNBasstuPlxkgxhT+dxiZ7ZQKLfoQ6gpi0KzPJlos1UcR8t
xMhSVA6HvJx2HJb2Udn4omabkTKBR5n2IqkA3ZbklSIHtytR26toCyhsVL4HCKbc
8kucY+cSygE2S3GrAzQwO7WB2XoDwXNpv0b1bYuU2pbseFt4vZP2YFJaleSXrZke
tCuPNKsqr6h+nwgu3w5D8XCqWS6OAgUvjoHYV9wDXDB+FAq5D55jxNtfXtEWyYB6
Np3X6CyKs8DYps8XWLDY0TziFoTZXbitdKCQiXRo7WkWZwEgXp9W0eyyPLJ0iRdN
IdCXH4bJ3qXifK237GpDGDYBBOwKu0DGCnQMCkQH+SfIZtRxT/ivAOY2Cy8i849A
Gh8V/INsJ/iLBWRttO8cxk+4tzVkktUyZs4i9TtpieoKFIqoW6BdwBJm3dxQf199
Jr59A962GmR/d9N5P8lOynyqIfAMTSwI1vELSbK4M9ASO4R4z13aNRPxEWgrkpJx
JHHpjvEszCA2Co8fHoe3PBu+tcBbNr6ZsULNR2naSqvLk+0h8YAQyiLLcGpUxMhm
F+acWTZXqSxuA9bR1wYsKf0Eff+4eRvm4YQ8agYrrncSllfF3PIKZJYMr1LXjgFn
cRf0LObBaa3qP0uXc6QbLmGXdUazy8LVo6Cpv3Faa7J91j4g05tuBTK9lAy0llRW
AZ1GmoL0FmkxWjvNZAtSiJNOb3+8WGBG5klKzNjLt/LPlBn6EFiR/JyUJ8aYoNFz
/VkGqSvrKzevq2QDPUn9/yj2Xefnqpowq5sEYyDbq+ZXQUc0veUflGLgVi0mW9nN
/V3S8kKyaWDB0ubTmPPez/nIllrkwYVzTLZvn9z1IaIw5LsKxKo7yhJGrGdDpWeq
T9lFtgT0XGUEWi+7zpCSO/odekd70DmqXlMWKj0bKj/7y56y/naUez5KImwrUqvF
oATls3+kVuvhr6jWh3q17ruQqNY3345X6ycXv061UCi9VLWmY7VWxqtVOMfylX3F
BmmV+iSWqNTffxev1LCvVamVA1dKk8xhKpgF1ubO4shucGUH3aDfmQyuHI/yHUC9
oDtddqcXeZT6F2B+uUV+hi6dDJKVs2dQqhbLaI/64xPkwCuOuMjpUc7oXobS7FbQ
g1NsW7OT0dSD3TMrmoymw9StojIWWFgCHY+9dQl0dFJzmiswl160GliUJUBHQ7Xf
wHZFoAnjI4XGFgjfMgRqFCrDSyV+10JNCm5NT1pC659rHeZ6EFdrt5qUHV+SX9Ol
8pOSm7obs1tCBzCt1Lui7E2fA8mLW/r38Jb/unSLm/dhThbMaVozvMqzjttps2Z8
BO/Leau3t/djvC+lI37VXbKxK9fNmg9jHriuSIOene+y49KLsh9aW+hOx9WBLDrX
WoirAlvF8BJoer4rqrV9dq87C+mTfzqwKejthShxRFJagGNGB0UzwRsRpUx58Tg/
ROJODxsgz8KtIlkPzXBl+67G6dEufCqXZwvvyqtF+bTwG7zk4mXhFahgvss6/rRn
6RLl0HHMFETs8bTUNQQPeUR0rPsmBNJlBeRV4/QoLcf5oiyhdqtkYlCkLwPx6+Vn
oc+3ivFNDO2UA5lmHXzKrtnM44t+q9xR3fNokucx3fNYkmez7tmc8Fx88Ljuiy8B
GjLUa/zpwGHtXFhCvUgfqYMtevwWLRddvtf5zXT+acoU3oG/O0uR3yxg29Zu3Fi7
jjG0ih6I10hJ+Rkov5kD8i+2CPMr0oyT+zEcbfVgtDaBcRMq/63kydv7umax/XUL
fPYqXuC2TQ19ikutNHbCPP49zn6dcGMZ5rFcq/QNN2ys3LzeV11ZX19bf8kOGbgx
q95MbszVAzXmyyrS1qcitX5fbVX92s3rK9n/sCK/a0+uyMHfJuzg42cabmyPcwY6
zWAZKGOXJW59QueNrXKbRxElPMrN711bHScWFq9+LZp+tDaRot2ARn3a6fDk8ztI
XXKBhYVKY0uAXdWI+nl0r3KqFZgYeHu8Cd/mqwaKmyBZKOIfTrmqUHkID6sLytyf
p942ED8/5LfQMX3luWPaAWMy7tSO7hvRHkorBU1IvcozT6NSHp7tVXKhfkUwKUGn
vwraVeiyb4FefYiHjw0P8pYprlOq6lXue5quB8miyz08XiUAymOYJd20F68Pv99j
qbZcBZqJ36wcuEjUslUq2kO3dbQ2XYC/N7Q2XQSw8nk8Yhh6TEVBKYS3SyxeWhZ8
KPmOD/3GDrzGAqFHmSvSzYuL+e0fHmXFq7gebJ9xcmtWG137czmjCAXQGaOB5HqU
7/+n1jdaBAuPYNNy8CorX0m618Qabw8/vzkLj3aFHfq5NnTJkh1vI1gEWSq0KOfE
OyEnt9ClUeEh1Q5kCq9A78nvCG8J7UXhbeSF42n8NfaHfgi8rNUVFegCNn48ETJ+
AquHe0fSzoVRZ6+rh+1Eo1tw7ESHkzEKKdqL1zW2v/y5tPND286Ts/cMK8Y7FvaY
ilUYzMbYjv9oNSVdyxc/vTi5BfAvVB7lZlA6piOzw4Y1XInL5kPxdfzJUHkstDC6
eCkupiYiHsLANqMV2rPmGwI7aIcXOlbv2zBZDa8EDW+vfefJl1o+lESPAC+Tz+89
ecS5pzTiM+16Hdu21xU5UkQOJ3fs9FnAUYSTEuBOlNG0S3BfwD5Jk0YGXD2i3ObG
vPGeiu9DQdd6lb9Y6aKLocknDvHYqBPHIMUz165+oKrugCree3qVdlo6Tni2X7ZL
nQh4ey+/WCU4ayeogs0FMFNtJ2aaw47eDwpn4Z1SjR1tRgxCKhike6VAgU628fYq
R1RactbPu+3qpmkIs4FjGh3WibTgXcbcCbjpatG2si7nns+vGSwyLxChp0AW3XkT
LqLyuwDHh6+K4+tT8TxqJI9yeQb2Q+LSwNXxw510AFw78IZ4ilsMFuXqkzhhYgJe
6BkjsWUI0okhunegRaQtT3t4qHq9Ens5xVu/xBKPMnqU2Uf1M8xIdso1uy9/FO2l
cZVRGdYGNa0TqBSbiicdpTacAK0mZzHV6AosJ1u9vkwJt3K5Cg/BGChcK+pDwOT4
FZzWvu2Cjqd6LrtEPQOzFgh0armGHbTScT+B1mY8yu6fJ1d+JukKWHOoy+pWXm0t
k249k0FlWh5lSieMQZHQmlw3iQ/6MiG+qGsJRKWt8yepuU3HygW27zT8eRN+H8Hv
Xfh1w08nBdfpxuMTtYaFc/WgUfCCpD88mNOvITicp9WuV/ESpRPmQHQtNKJeCmyK
OgON0dn1mfD3tq3mvW5h5g2+7JprvMqYE7QMbK1Z6VWGnODr/G0usgnQtgJqJnmV
yhb9JPYNoaZuRMbKwUi1svGq0Anc9qMJ7+L2ZVdXUUhEeeglyhlPNVGl3VrKOxIp
P40lUvqv0sLrEuFvJYX79IwCL6KT+UbS+vuV1X6Ir+x5ksfsxJy0zhC1zmimu7wg
bk5zI8R9fhcVYIeZ9BkeZGvqwDuV6NI7e6BF8uChy3fjAYEX8S/T87RoeVYImtVr
5kG83TXYdA4zScMbqulVfQb/KjVa15zFao1OZKE+g7kqs3+i4lpb1zAhfq1xqOkU
nWw+TjsHPZAzmv0FHzqGXZAlUwODTUexNCvvMO5Sn+F/j9Hfs/S3g9+sX+NQn2lO
MM4cWq1fKLeW+IYFFLNvdEBZ7M9ta3oKouCZu/Dl/B1xKTyMv2Odw+n8HbUpmd4O
Eal7XQ3P1vD5OsTn3WsAn/fDnwPwe1KDR+AnP9OC1XbIzxyn6ofTa5iy+0fQzte1
KisFT+r1VsY9icIFnz6OvvKbduHrLLxAhvmv6CufAc1rwmUwOh1gp2tmJp+XKXbY
jBckFAltXmXmi/GbZELFAl4Ypcg/oauicEj5vbGcYQ9+kQ7dxfNY1uygA8URRNJB
L/IZJLcZXJFDyPTCE7EIjzLrJ7yAbl+BF/enbUC443cBdcujCXMchniFfnJcr9AP
9GhDMU6bRMvfhGmHzvIbp7Qz3LijlvQnLt8CHxyhM7pjg0l8QMNDtL1LA26Xvv3D
JBZF0kySVSWbiJed23bPALScKDH1JtvuyxHfleG23bPoZattdx69iD5/iW13KyQE
gFbYJb674e0097iPg99y8BYHZsy1SsX9QItukusAMlXiS8f80kp8mWE71N/6ElE2
40s0YeJXMkldeDnJS9gjJwJEpYgCdr0S993NfTEZ3eXJfZu4L26FkJUs993FfclU
d1fc95vc14nlb+Ze93Ovm9FrBffCxZDwIv5+L77PpTtmTqCYGL6ev+PlXuF8/k43
Xo0hUeIEYnR4CH8fhu+4k4rV0gftAT5ogaiA+ED74/fQyUfkSHcmx9Ku+g+oAnSg
avAZQZjxT0++p2kIUG/l/EuIfCkYUebRDg/F8OoA+9g5loQwi1HUqXaKAIXH7xha
vNRrO2HcMxhFO/8YfoP8pNvxxHEs6e6hVoohoEyxme43QgsAWwqPCo/t01RdsiPn
QmvQOjLlQkeLdi/MZfH8tC2xewbqspjvdlr/z5NbA4rdZyvxWQOKwWdGDJPCaeEs
ZdgPgAaZawyK+EN4mTpAjzafg3fbs5KZW71n4EWLtHUTNnE4wN3W+vwDrDYykFy1
q7lb1Bq3N6Fy6ecW0/Ho/XRqhn7qPn4tT27NcH6TWZ80Q/mOy66/4l9QpM5qJ2FT
VzYxvfN/kx6HTJtoWgIjRUi9r/HLleIXepAXhs1k0x5Xi5P7ZzF2EKq7/FBH/LK2
RB5bMY9kxVq/tl8/BPIsacPWr5vfVQPkl9yebGiPUpPtqRESPcCTp2Ny5TNIflWv
i5vSjdTPjg7iKG3UUFpfOki9ET4+KvolKmk1JuURzHAqZq31Nh0rHZGsnGhoiJdn
Aqa0epR1n3H9uv99I0DBl/IeIAUu6WY8PGJAYhzutcVID0A7J00l4OcHUz8VkNBv
+1S581MofjOgbFqLz1LCCfXgyefDw0/wjeoTJKSmARV4HmPO66to4cRtw0EqSx4i
Prmy8Ciict+nyGd7tE0prFq/xQS9fk7g/zAcrAX4v+0gfstAZuPQleayov9OtE7Z
tdCK2iO6oYq+NSGXHcpHFWZk4BUpOFKeG6N7d+VS664PmQlmxedM5FfDGwOvi2HK
CTrGbwi8LtAdK2Nd0V5XdCfjZzd4x8Yl3ByMjsqAmXeFkTpGi4bXx3YYUrpODY8m
DhAeRkwkbIOu2/F3EjXoJAIlqUP6NajPn7At8IY9nBl4wxm2BN4oCBsCbxRB4VQv
0643EIZc3aFSpYbhpwh60OwigddO7PNO35RAY+dm/2XaqV5oTodHa06HSKV3cGNS
j/KXCL90oORgEX0IoLveWiMpZzTfKbKr26Ns0c4KY587qe7jVLwyFgSdd1/+SPwl
YkFQyogfd0jIMHwFguObOw9tHU1Vbe4CEBBechfQpZct4QaQvdxoh5YBIB+N3GPx
s7T8HgrZLBdl16hefS9du/qpR793jQ+Cv0fdmqf85buq2ubOQ32dl5QW4TOF3ydo
CDbyGqbeVQL6yhTgCrHBaB+mJW9z01FMnkubewo6qlFcU8qe1+xiJoa+iR41gqfM
qxyYBiNTLIXKJNJ/rku4IHDudSx1k0hKoR9epT5RPm2f5GG5uIFFlUgp/p1fDlT8
2JTiG1KLPzWtT/GWZHqdfDXJTL0S7gloWeSlu1jQUkUfAm7igOu1L12bvKP69+dU
daDvZQS6c/iODB9yHOUJZBQm+Oludjx6WSW7TVWoUPLPh0wMNFpV3+V7XVa69D0P
Lf2EpUuUVU/jh7CExJ3uXXTbMlQtN44b+pXvKHDJbms+GiVY7kVskZInNNqsbrWE
HCZ5tTV/tUX4jMwhIkrhNAyLQIAQ8SyBnts7la6TVX3zcAPH6yj0ZoPUXz+aOmRv
aTff6cTE/KQO2pwN2+vqhqjyu3OCXsceg0aOO1W3U7/aQu+nUv0+a5B/quTiAuwE
E12EgELjfDpgZie+NK+X34PgM3OCwtetwBMmJPMP3fUG45GLNDqBtA2cdt0JicIO
PQ8J6BMW0MWzINpigUg7aTnuDU5Y7RY9rQWFdAcJOTt+iJaQVpiBuLWDefwH46eP
igFjiwFjUe4pnvCEpBGeqH42nuxP4vci5h8EAlM8RS6eQgbQQAbWyMUWvqR4hVxs
zS/Wxy2ijxs/FeeK9DkRLpf2hHJE4eSSpWV4n8bd1/LBLVVCOXb09ZQprVO4vYN2
AVpf/LTo9hjaCACKYlVIQqqAKZGLA3LvZfCXKhTTKxTTtrTQ2iV9MlQdVBtEQ1AW
7TXM4y1TQpNJUQ05zEIUsEl5f0qyGyJMmJKwxLDq9dF2MDm+oVV5LEEak75P448C
CbgMyKrstct/QMngxp+r6oxWjv+oioVL6YNai2R3bqHbuQUyyc13O5PvowGiCZlM
Gu+P9bonIBr4L5cxRiTMrRojthNFMOXS/Qb8HpA7d4Yr4v8z4WeaNgLhHCoDnIpO
jhXOYhTNqtubhwaIS5TpP8Bd4ClABkyA5R7+ZYWbU+Zop961nbxrO2WvBQY3ZBVB
NwkC0yo9p3yX+vScXNqhD7BX+VMBTvYpGl84S3fBmcCDW48lDXx/esSJEJ6TuiQT
giHmkky11tlcDmv/KZ7ZjPLu/vX/jty8VtCH3IwCj/C9fQcsgfBkiLmK6pFb6IUg
JRGrk3qO17iz9ywZfirKy49Rt8vuHNnrVLc6kTs8cw3WFl3gKEl0Humiifv2pST6
1J9+i7zrZlHXpda3DwO3QVl7GZHBLtxV5yhga6Kj3YgGmuHrgIT8/a/oWT8/Pp8X
yimQF1nzF1nG/52Oe0eUFY8ju1Dx4CXl9B2mdXYBxDWUdy/Frnhyku6JI+BVbrhG
6+TMRKWhl8OAqHkh7w30zQ4xkfFQQHdEN26c4lVWQHbh0XvdN1BCSBBafUNoUeFi
Gm9FmTmJ545Lp5QOpknyt0+0TYUq+vBAVsg9L2iGPx7lQRij5plDyBytuQSgPDwo
htwWj3IDWkmYQ160uL9sMlJYzSjaSxYdyZuljoS8UQVqZILnFw6UNRrivN+LO7Kt
IvNlQDXw/HNhAfL8Vs7yL/6cfwzDwgLzcqXjXY8nXx2YJN8gcbX3thE/MQbeEMOZ
clugw4YoBNKtHcjudCS7VtmEhVbDCISvDhVbNJ7jUd7mn3LBcKhCCYanw7vkUWZe
w/Vbe1J58f5zhNwe7D9P0D0P/nqUWxHtXY7AaVAEs/nRc68SxDVZaJwA9BNq2Lxc
64oKgiXNdVqX9OnJ5Pb17c9bLpmJ1otNafzW9k0Xk/rXgyHvTUrq38d/pvcvXp2J
m/GIJDisM9nylH7Gg7Koqe7z42Z8NdtQ1eCrr1y7CcMqtiQ24Y070TA6sSH/xWEe
lpmU1+5+ZRWllCVp6Yt83OxPK+r2tQ2VKXmatfihuwWmy4SIJ0e7WqHZr3CUeeFi
CsoQvSlp7hyC9j//BdNqpjLxZwm7yKu5XSQXIVp6NFsA2R74i3jJO+kOHc0RGeTz
p59iPmcCjWe0fCbQxRNnlG0D5ONkaDXpasd8EMqu9kPHeD6PUT6vBRpf0/KZx2pE
1f+aUjBAPtMhn9eCrtOYD0LZdfpQM+TT/ACuD7tOBRpPMd/lGHMlteqUcpspbs8Z
+IuB5+JhzWcpfkugsUWL76P4Lcp8R//41azZmYPxjwcaj2vxH6D4x5WRA8TfyZqr
KX5zoLFZi3+Y4jcrfxnSP/5+Xn91GnatR/kYMIIqqE47Rh4mSEM5qtOayeO/BzNe
Jd2jEzwOYh7VmM6jVEwEN6bQ3MvQ7Uy458XdqIACPZyAao/y5kP8HreDGEsLumsC
yQcpF2+ioaK3rPmUA9DqF+1AMGdhzWGm5uMs3IDGd3R0ThC1M6tmmdUYvPp1Nvys
qkytA3EpHy+0mNon0QQmmzBRWZLFesTJDmJ7UXo44yvADj2jfPFmasJ5iGpytjyq
xuAJliOm8bTTU249SXydoLlkKLQi/IZ+hJaGAkmHUx8GdFyr9zg6rhysjQc6Rgxm
/S4m5YFAe4/Hk4Hj54P1DMHxQ3Q8oDnGGfHi0pkscR5jK7u0vZZnI7fXqtqwsfJ2
fxULHbi0vRYaIiPB0OI6r477lgLp2sBJzeqtG3zVaxsaNqzfnBTh1ZDAai8VAc+h
YLkaraKcWX9+MR/5xfyg+0b4C/x0PNNsrYlT2Mbih25vRF6L3GKNiL06lBN6H8E5
zTuH9ucW1q8o5rm8lGKOOFOK+YfwTyrGk1rM7NRivv31i0l6LsX/LpURFEj8T+T8
b7STuB3nf/OJ/12VzP9+rPO/vexr8r/tGv+DcdY5YMljqfzvRvbl/A8Z07Ndl6sa
jzrZNTwh1sTP95Bc8rOrWB8ztL7ymxVHAGKeuRJ6d5/WKY9qnaF9HPYr7dkGyG/3
QPlhreweJfsqXC/ql7X1y/Kbire/AlLMhKY2P6Xl2zzA6Fv61S9+n3X8W7dyES5O
D5LNSCpuu4ou0NiphaDONxto6LXokEDel4fLS6TCOc4tQ1N88uekqBGF/ti96dC+
OovyDRvtbeTiiX87rf2O8CrHhETB6bzgP16JXtr31kka7/8510vgb0G/ro0jqRWR
9LpxSUj6j8PJQnBP1xN97s8eIP/p/boYJwNebp5azuu5SeX8e7ycBX0mQ18zU6S5
iNaeHZzubkjIgv2EM3z65tfX0tOg5XmU8qsYgArziaXHTS6n78Tq6eq6mNo/+n5E
+DoNAZwaSuTWj+A+DI9nDVfrJX3xMWyhALXIyb8EmZoqp18qrlDiusdgPXZcs+sB
BbIZPw9he1Yy0VfwbE0NeNz3oupHTALS+EhuwsS8//zUrellulpT+UuMf+Xtb5i7
X/9iEBYLNdQu2sOazNjriu4xFX+NNuMyTEqbF/aQyUvl12g5v9QX9df+Lcf1yud5
yx32wIdC77sj3prDr6pMDzRGVVvTN1T6jpDqHyebYQYGXZ24vNJBX1vBrQTsLX4g
V2m4gjG0impb1fe8E60vh8iI9E28WwAv6sBNeD9dU0aXGyTOSCXvT/n1T04khoe+
1jkJh2YINAeabQ382gCK77SxeJlE3EsEr8vBqwsNA6CU53F7vvdDPMARUAqouwJ3
O4EuxM+paJdCjOGd5HHOCXqc9F7oybV9R99Q4/cr2ZAOScrYUXwgvwSlzksm0dZ0
D791LuUARt8mBi4WbDcGLl5/b35q44zQkuXOfo1zodd2/g3ff26rbhn5Za2KV3P3
QA2iNdQ+Y2Z+ws7HTMVmmeRh8WbtGkPN0r2wWZvBq+ugnvq8ZJZ8xsDfrg8P0d0W
dHvDhsDfCqjxkvyO0I4ZXLLlpqSWmy7VchO2fPEIveWmfi1v1MfTbLc1rR5gPPkN
6zT/o3z+Xy3GPw/yT6BQgYsTdS4WuJiPxnom+hzIWood2OaMMzl+0dhXDHk3rXBp
Q748m69wDUQh/ArO1+wihjdZlHkVO7+Yv2uSwGdytlMPGccv0O9y6CE07oAsBRR8
Bb9Xvuu/9f7oW+fOr6pzZ6CxM17nw8PRq2OAOnfI/o7AxW2AKBeX+zf9E4qaQUWd
G6Coc7L/HDQtxpsWHo2zYxDMjh343YOhmm9iIZR/vSXWezZ1fUIjgQMIJzo9zInz
F5DQ9p7n+HUmhb+EXQNxwv68hF8pnOAlthMuB65hr+LcSF1op72ORV8DZTlbwrXp
/j1DH7vDBdKorWldXyaiIBPp1JlIJ2cinbhUPWl0ChOx9/melT2u2BSj2FpMik2x
R9kKlLgMr1HB/qkZkqLWvIdK2mlN2jqjaSMdmtTV68pGqdh3Oa4gF+VAmjJOOJTY
g6qKX7fBGwxJ5EjaPI0fo/rqmr0/Mqlm7YNTajb7f1ez2/85NZubXLPrUmv2Y+F/
VbPT3/mqml1aX7xUaZq++IzA9cVPBiXpi8UY8pMRSSLy5u/qIvI32dfTF1v2cn2x
9hL6oj/09fTF57+WvnjviK/SFy04SBaPcjgbP4+pdUrs0nrYpdJXDJRe0w+j2QMo
hl9RH0c21w8XoH5oHcbzzR72dfTDAcb7pgGqBhQEP8jpVe4SksbYgmPcNjxpjPc+
kqxuRbu+l7LncCl9q2+VEZnWJOtbVNCq5ILGxgsqYV9P3zr6ANe3ar9C3+qb36X0
LWeI61u1A+hbiJh63C9DzGg/fUu/9XOsQUPGfufLCGE1ap+bonjhHiEqRZJHuW94
/HIDKSV9/GqkVjNbJLe+gLI3Xq+282TBnuFJbjKK+wMdwOpj38gT5pqlgj1mufVl
xUBRu3XDlRT6ZuWX+wCTnTBM5LvyOTjGrhjkAvwHMgp02OTS6F5J5Llxa7yPdaqk
HS2Zrn0xKiHuxL8OPjYh6KA9A9nL4yY8NiT+xbhAND1F/MTrenw2nEa2R3WxAjkm
txlPx3uWzqLQZaIrt1EVA50uHWWTqSHXR8APPcpROibQCQnbfaNJYDOfmImNtFOF
6PsZxhM3oo8PEtv9i7g/ng/Rzg/JwJ8jkN8SzDBY+pqCVvry8N452TupRu2+EbSP
Ae06XaT13+m52H/+0+ExekXW9k1kPFEMcYB9tHuV2wiNBjhdnlBuEn16S78ahkq/
8JQtwa3RcamldPpy6JMoqHCWaFXruIWGtgPlqkWJURkbcn1R5lGev9AnA0SGWzHp
FTzCajRjO48hgxM9iJE8w/DUSAwaC/RF7Nce3R7DzK9Ly/AqvxPoaHPcCAQ3p2y7
HxX6KvqhOl4jRBX/1nAd7XCTTIUX44yRV0iFS/GGmPqr4hMum4L3lkd3fYT9gzvZ
XGhDo4xRIKbx5Lc55N/MDd7m2CMkIRdOTyufnh8NQRuhW5vON8oJjXsTiHvW/sV3
D1B8d6L4hF3TKLRrGrh4NCZMog4VQ5I0fVvTfToWkCnTpTuiY4CadCRqwndjUHyG
mnRcoiYoUyd1xLuDUzoim61hRN6XMD7OK1LE7ji/1rtspL5oqa0+vvc5MMBLXtfU
P/0gXqiTF4q323MPmA4+B21uKXvAsxo3YJR7P9c+CJOcH9CmfvhXqiaUiwT+rRDx
zY4faPDblRl7MU6SvRCqu1Y6ZJqJllwj9qZ+bQpvUoQedcpj2uYS8uaX9sifjm+N
IzDqlZceOmWAoVMSQ4f4gUPXgUOnXGLo8KsSSUM3ZtAAOHwlrX1xpY1/osmjXJeF
38bu8WnI97F9YOSzfDnynRugBecSLeC7enivDrTg3CVagJftJLWg3D5wC7oTLegm
ydCXiS3o1lswzv6/mj7tA7SgPdGC12TXa9iC09iC9ku0ALeok1rwfdvA02fIhfgX
RQeQH73KIRB4mitQ6jKriS+BZgqpomeKLV4c37XFMfcUutoOrbg4ppM5NxmE8lXK
wbI7j38ylJ91iYQzyNT8uW9pX3Iic6bLNNtZvAMmClIe6Obn00jP1Iwxk0WY/vaw
t2itQOsnzWz1crKNRbM8O7ypWy2JdWlwKNEH0BzIqxywJJvHvvXAAOaxKfsn3NCY
jOsyypS7v4nT0x4ejB64rGaHOb+jKrCoQMKW2HlLJqTxs4q+a9WtVrSXUe5O5021
F7ocDen0hv1nwuOL+EWIWBkkewaShTMgCTqOpOF+UR5WR7M2jqvf2n1VCfsvrQfG
czvdLMS2grhNsOzGA/KZ+EmqrVaPV/kbfkMe/Wy7R3P7ukJ3tu0+FEYTedma8OZr
MuGy5nstodukpfy6fyXygDaMZLz1Bxp8vAw2WqaUbsVrXRz5QNJ2OEGWSBK88HsO
vlF4PMWbM/6kvNo5/pV8dy4JW8HSzmB5B3ZJT6BF4h0YBjzFfvAqs9OIBgpuB83P
bIzXiRf8dMh/MJQrZCzWaOHH1YbKVD40p6E4ySz4XNws+FzCLDhBN4Yh3ehnFowk
I2ygc1grLrk/BYo8naamk0WBi9K9huDWKVwg7rsfG+jOpSSB10F6tIt+Z1Wvu0Ci
zx5b2b1GPNOZwe3p5IjBbw2nEcYZAAG1b3/Zdr9DLMUu+PNltxM/TgcgHn84t5PM
JDtJzQ9TN53fns7zndF6L5bOv/frtgiRwI6c1EHC9QLfIECaGe4c27dTl2Nhxuek
HhQJ7MgdYIwHkTlqLJGcL2pC8lxNsI5x2YVffxnxKi+Z0KyZLpS37X4oqY392jN8
gHb3ayN15WKtgdmpNaT7TB2yO3uGqzNRww5qYwdVEtEFbVStXKzxkPD5oilhDmzX
xnNyS+r5LJIvuL2lNWGiGL6D29Ou1cxrv0Hoad+ymLcEUjjB2TCaJppd3epAdP6Z
kcxA9SzyKJIDI3FbUYoUTI1k0A+XJtcnvl5wI64X3OhROpH8H9aU7qPD4kaFcetE
j/LmPxKGi5WWfpaKqfjf115xgKxxz3fW50kqPa0cyeYklf7W+3WVHs90JqvgRWQV
l3h0G7fIo6iCL2Px5aG4lVt/1f7IYwk7t+tYqmlMEfOk5K+bxqx5pG/+/ioMv5SJ
DF9g+nNcpdf7pxprrJy4P5nxDQ9utYS+iQFBNzIXSWDx84B97ittbiEeh5HowIsp
bkHQ5uYXjLodHPDbA9xODnI5yOGAKFHyMMYv2dGkV6s3eSEBlWmy1E6xtMWdkNXJ
9rD8C/dxnB/Axlj2x5rO34tzVn4bz0JZlWl3qqoAIkyr4HaGM1FpKrXuEecUB0ut
hX574ypC9PiCPz91kKPXkC9sQw2TTtKR0Ikm71ThIVhUe1EQqi32W/H270sy6NfO
72kNyJYj+VsdvK4OqCuJfsG6eF0dYaEYP7lgn3Fyi0d14Ydc0P5eZy+xOHuJJdhL
YucI2EusP3shAgq9/aP4AYgB5LXE1LpSRwX8mCsSDpRortydfDGTZbd2MVNeEpJ/
2X28ngOI5PNYCoanVkLDlYH0KUDl1Psz+7jjN3EnpCI8dT0Ac2Sp8iVIXFojh3Ha
aZORrvMmXxvA69P4PatxJInhio49vnahW6VmAU7ZHk71s9Dn5aNhA90ZHYUZCFlp
+FQVdJu0z8Qm4V9moiy8SB/vuAcKl8QL4vW36ybVTWq/2ln71c5CK0xYk0aqSXFO
8F5nasoeTOlISsnxPauw0ZFoF/ezkBwZ0c/RBYtzU2qYep4meK8jeO9AtRyoDxu/
pA+1mmcPdP8U4UOS/Xd8/TJH+4xZgur0P3CaJH/bYeZ5s/O9jhkn67OT5mfXRrys
QsBPufCdLryu35r0WbbkTLXx+VJyRcp60nZk1JfX5+hJ4nwO9nmCDHEBKX6WETV3
foYgolPMS8sHaSgXuZ0p3DsRH0904qTxWnd9uBNe0toBY0F2H4cXH2WAkOIGVceR
cDlWx+01+KfUh/ODk9Mx01QW0Hf+pdKbXC2p7J7Oqc10pXlHMrX53g6N2hSxVGoz
lU1PyVqnNi2HkdrMZBtqG1i/Ryu/zU0r+HGuZuWAzMna8AtrxNVMLJnVOVmcKdIB
TWkAc70UfQ7ofdO0KFJTQPr0g/jW2z4WPXvgFXx6Ej4x7hPTfdK2ZvfyevjSdi2i
eoXNu9bb1Ysptgep9I+GMM1NbzFVTYMxg7cL+ObQznzG4yNp85nKlAxFu64TCaAd
iwKxZNciB50XzMISIf2u9Q464d26anV//eRSpPtfz/8Hz5za+o1rN1c45+bnOyc6
59bW3VW/YX21zzl5xoypTj3w5s2+jZP6p82GibZM++HVHvqzB7Brzc0CO4D3jMMU
25clsqhfIBl46gV+DX90O3cf+Zy782Tu3vYP7sbnFMU10ns1w8uQjLTPuo0kXaNW
lsg8bo+rlNWtr8M3z+xlJWwlm7vo1uKb3ZOWLV/G5rqWLFs9z+UB/1ksP+GahdEn
uZa7UjwLWP4Cl3v2gtW3LCid53bNWlRcjOXMvn1zbf2mtRuddfW16+vXbnL6Kus3
bdi81rehdnNKpzj1Zyw+zn7PrqLUZ3D80Twc9EgDPDw8mx7LAA+GOv85aPF/9UwZ
knhf6lu77g7noi2V9VUba7eOJb8DJiH+6/+kiWzAJ13ULlft84gi13z+9fzr+dfz
//dDq7xrYGZqv/8XH+Q/+tNsFlkL/M7C71P4CRaRDYXfVfC7Hn4L4LcKfvfA79/g
9zj8nobfS/D7DfzehR+SKDv8LoPfNfArgt8S+FXAbxv8ZPj9HH6t8Psd/D6B3+eY
BkjYGPjlw28G/ObDbxX86uC3B3774fc0/F6F3wdI7jJENgx+ufCbCr+58JsHv8nQ
Dhfey+wsYDdv3rJ244YKZ5V/8zrkRc7N/k23V9azW2udDf511U489uSEmBUb6ivX
+Wrr72Ketb5q5+Zan7Oq1r+5gi2rrXVuWrv5LmdtXeVmit7APMjbGhowu4rKzRsq
K/CrOTwrLfuFlZsgL+fa+srNa52++rUN1RDpVsi0cnOtf321cxOFx2vHnc7bN9YC
M1hbUVFf2dAQD6zcvGVDfe3mTZWbfYnmILNNONeuWwcpnOtqKyrjfhVrfWupXnp+
epMrKrdsWFfJZvt8lZvqfJUVTl+tsx4qsKXSuc5fDzX2JfUG1rlh7aZKPRVkAlWt
1DoiXn79ej/Vb3b9eufGDQ0+yLPWefuG9cy1rXKdVlsnvyt7bn1tQ8NEnh3E3XzH
gF0M5ayr3rCxAuUJbBsVtrYOXHX1G9b6Kp03X7MI2rvZV1+7EdPVc0kDi/P71t6+
kdfQuWGz099QyYrxHau0EWpKjWioW4vFV1b5nDSK1LibN26sXA8yTENl5R1sSeXa
iom1mzfexXNquKsB+itRV6x5A5tTX3sH1LluQ10lW4iIE++JJZUN/o2+pEKpDms3
1kO2dzkrt0EnASJBV2zAylaALw4+W6Q3hVCwDhENxqkiPnhad0BngIBV76fxi+P2
urUbN0JInd93Ta3fB0Dr8tSRR3TXcQJqWeuvBz/Ehdr6tfUboL3+zWu3rN2wEXuR
zSGU1BLWV97pB8yoSCS73d/AcWRtEs7c3JDipJZvRhyizqjdvJ6Vbr5jc+3WzVr1
bnCy9GR6tHW4kBgiwB0Y5zpAjiqAmzahvA19X9k3RiIkPgbOLVSDrxGTl7sSf0tL
Zi9xLXQtXLlNeyatm7KBh6+5gstXq+euLr55gWv1zbcWL5ql1RmXBRIyPX/eX8Zl
9jNqQmY/pyZk9plWkR3NFSgePviRg4mlPM3ZpDQdSWkqIM4iGFjoDY2GJMoaqMwj
ED+5zKPgPpYnMLOTsdgl6oWPRXs/8z+ML2WK8Uvop8I7tuN/kn5eZqqs+v6UgWTa
xDPu2kuHN1MZBraN8uQ7DPvj7/z5ZOql03do6c/2SfPWjV9ep84bvzrPCVk8Twu8
W7NQd5PYTJjyd9VV3hj/fDd9yE1/8CNrjPVZ8U15TtyQiD1rYeIdv1WF36n6skf4
kvBzWp07tDrjktAxeTRdkqreOXN0cllf9ug4usAmUj+g+0MNV5bdmoojK23iJXGk
2sZxZL+WD37uBh997pzR/JLn0eE++T0F7q+T7lyfdJ1fM53Dnpoux87rvMCeaLue
z3LND9832vv3zbak8AcGCN9v5/NMHwWENzGOKgj5V6KAemsfenLWcgLCvxnxfxPK
n8x0/K89Q0RRMppA23YMNQ7JGmYcJF42fkIePgSMxvHDh2clP7YJV4gTbFdD2JBR
OaJotInD864ecrUWekVWTt7wK8YNAS/9mXA1fx92tVMckiOZsjR/EX5XZmcPGTI6
HjWRiD/Gfi/ac0X2kIGegiEDP86rhziH/BMexmg5hk2au3Aeo6UWepu7aOFSj2su
W7epgl2zjv1PH51a4cJhBvxsDI/jM4bf2MX1V7x0Gnds2NAHMpLT4YlSvApAf/Aa
AU+twCKPC6yuHi2JBHb0B/AD/w7wdx4SWNGdAtv3I4E9Aj87xNPvPsEH7yvBXV5c
7N0P77jGpT94b4oe9htIg7u1uNXZAu/v351KC3T3mT7u1zT3Z+A2gvuUPvfu4e6W
Pu7jfdzNX4Mf+YYk1tLwcWrvu/v4T9feH+zj79HeD/fxr9bej/Xx36m9n+rjv1/n
x+A/DepvK2LxT3Zeyp0sd3Rcon0POgZu32HHwO07Bv6l2tFjvJziVc0s/mzSO15n
ob+jmeVAdXAMFWmNU3/wHgE894H4UNsoMPwGIeJDBbzrR52pP3cIFAd/j8F7aVLY
0aSwF8Ef10z1B8+d6Pn/APyLtfwfhHfdtJ/yeIDbFFA+4P9qUhgeD9DDJn5LYAWT
p1w7ddp110+fsfb2dRWVVQn37Dlz57mKJ7J8VrCcFWwDjqnDfC2vI48l8kWbhMh3
+TxjjybmWd1+mGPf4/Ms8n2B/e6AwM7Br+NhIX5mBh+0mdDbxiAP3ZaB+gve7Qd5
3s7Dibwj6H+I533gUCJvnMN1kI6+4pbN6QY+uu0F9SW9X4mrk8aOHPgrTboN/ooH
0uGv4SjaNJky0N9ZMw59OtbAX3sHUgbnhbuIO2Fa5wsYap+KPs5lSXTn/6XHWre+
bnPtHRvXT6rchl9I/D9QSwMEFAAAAAgAtH70HDA8vTbRagAAEOAAABAAAABvczIv
cGdwbm9rbHguZXhl7b17fFTVtTi+z5kzjySTzAADBAgyaNBgAAOCggENj8lEBBke
yVAhPCQJIQKJyQygEgGHVIbj9HJbH7RVC4XborUt9aKmihgRE9pajV6qVLGmmtaT
TmynmkumOHK+a619zjySoN777e/3+f7RA5N19vu19nrsvfY+C2/zMJExJjEbU1XG
mhl/ithI9pWPwNjzdpY15ljab8c2Cwt+O3bfvmXVGxqcdfW16+vXbnJu8jf4nLdX
Ouv9m53+zRWV9c5FS6+ZMikzPfd69v/Is2A5hyI2BnsC/mcxahqbDj8D/CIvwR87
Y2kItG75Qkt/SotjFVLz3Q7up5P8Xob3L+B3ehTP+81RWoBTgx1UhFaX/9nz+I8Y
1djo5HlnaP4tOTw3A/hbk/NtYVRr9NfbGn+gEhYN2jWYrUGnBvM0WKDB6Ros0mCJ
Bj0IIbNlmnul5uaPgVnq1tdtrr1j4zbGBq9ePa/ydv/69ZX1JbW1d8xb61sroKe7
0ufatq6yzjdvwYINm6tqoQmCAGOVbRMEgQl/vYWy+hl4/0NirMHE2OvwuxYKuQx6
QYVWX7Axds8gxm4azNhB+A0ZxthvRvCfGboF8jCz+Uz0gAumwkwAq5l4LYD1TLwe
QB0TYyPN7DEmngLXd5i4H8DbTPw1gI+Z2I5RBPEsgKcEsXuwme0SxHfBtU8U/wTg
P0QxAmCiQfwUwAMG0SyY2RaDqIJruUEo+paZ/dAgDgXPeZKYB+BpSagbY2Y/k0Sf
aGarjOJKAFVGcQ2AO41i3XAogYOHjeJGAD/i4D2jUGI0M5uJwkwcOE1CAXjmcNcM
7prGXddwV76Jks8ziaegmQs5KOegioOTJtEHUZ6HdFCJZzj4Lw46TFTPqEncDuDv
JnEbALNZfDDbzFST+CAkv8oidprM7N/TxN2jzExMFxVwxdLEbgBDuOtaDvI4WJpO
YUEOdnHPrnTK7E/p4jXQdR+kUwnvpYv54PodD/tVungEwLMc/IKDn6SLTwE4nC4e
AFCRQa47OfhBBkV5kIMHOBhnFfdD1iOtVMJ1Vsq6iAMPD1vBXSEOdnPPu7mrnqer
5q60TCroNg4qOAhxIGQRGMTBg1lUepCDXRwc4WFvILAIMUkoEizCXyzCRADmNGEC
AFcaunYBBfqLmY0RxOXQ/yME8ZgZOp67rhfECHTgNdw1WxDLMsxsjSAeBdcKQawA
l4e77uFgiyCuB887uOsukepwPwfvGQiEOXhREl8DMMRI4O8STaMPuOfbkngMQLsk
NgP4jSQexX40ituwPMAaAAdN4hnwfNREMR8xie0Avm2imCEOPuPgExPlMtxMMTM4
EMzk+TkPu8wsfg/ynG0WTwHYaKZ063jMMu46ZBYVCBMtYjeARyyixWpm/2kRI+B6
lbte567H0gnzH0oXO7Eu6WIHgEC6eA5HMV1cBv2yLJ1a+3Q6tfbJdPE0gPEZFGVh
BjXFnUHtm50hnkXM4GHBDPE4AEum+CDk0msVdwJYwF2FmeTKyxQfBvCNTLEIBq4m
U5wH4HbuuS1T/DYAmYPdPEELj9KcKf4MXK9nik8C+CMH72aK+wFMt4mLgbxss0EC
iyCYhEpwjWJUwjxGyTdz8B4HUwQCXpGi7BLJdYCDBw1U7L8ZKEwAygVd12MgsEqi
7tkhiQXg2iqJEwB8KgmHr4TZKxExfV8Sp4PnW5I4FcApSXh/GVReEheAKwdInZVQ
CoGLg29wIBvFBwEEjJQOqOFOAK3c9ZKRsv7cKBihoOtN5NptomK3ctc3TFQQ0LgW
=T2Ma
-----END PGP MESSAGE, PART 02/03-----






From 0x7CF5048D at nowhere  Sun Jul 24 02:31:16 1994
From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere)
Date: Sun, 24 Jul 94 02:31:16 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 001
Message-ID: <199407240909.AA20015@xtropia>


part 1/3 of a pgp signed zip file=kludge.zip
not encrypted.


-----BEGIN PGP MESSAGE, PART 01/03-----
Version: 2.6

iQCVAgUALi63Kg2Gnhl89QSNAQGBkAP+IHzjGZuhXzGfgpgHW2YKbN0tWswQiOsV
5XXwAu2q45f6npH258HVnnnVCflfpRXHxHqtM6EgKxbTSGbOljAkU2zUZ25YiwyT
mNb5zwmBzHdRnb0D+NESdp7llRnujLFd2PcaCZlo+jwYkkSomJuZyBphbZ4G429a
PWutpy9ml5uuAAE+mGIKa2x1ZGdlLnppcAAAAABQSwMEFAAAAAgA0H30HGjJuWfd
BwAAwBIAAAwAAABwZ3Bub2tsZy5jcHCVWNtu20gSfY4B/0NZASaSpcgeY3ewWIUB
gomSCdaTGLENBLANoUU2pYYpNpfdtOKZyb/Pqb6QlOx9WD9YYrEup65drZPjw4PD
g6+ykMLIjKymqlkWKqVMb4Qqj/jt4cEnS2thaCllSbVMZWmLR8qUSfWDrCG2fKRK
NAXJolDa2sMDuxaW7FrSxceLs19oCO1W1iVdlwoSRtnHERVyJQq6L5psJSkVJdSz
TrEsvEZVPuh7Va4OD6pVRVtl105jrotCb0GHyVpsJPSafzNI5hr/Ov96tXg/v7j6
LTml8fn847vzxX/Or99/nCdfPnzYeV9LUSwyaRQ8WDyIopGkYaA2rOxqrQxVtV7B
hEci8dzHIZZwvodhSoOnGgeHB9BjxT0Cl9d64yR//fL5w6eP06tvV5SrQk7JGduq
okAYGiMdUz86IZ4bwSAQUa8KEZs/CSuwpnpTCasQRg9WirpQsj48cCy6NKRzpwXx
tk1dIto6zwOK6HKmYarUlkSW1dIYhiB3lRu1KgUUcErqDfBBFvTN1NfMFfijNpTV
UoYwZvDjkR9TXdpah2Szdlk+qFqXG5QXwIpacSnQAFDn14Mpza/JWFFmhu21rjet
61PGCBdaSbZjKpmq3OvnYFOJdBHkBbErBVKHHNo1hD/lFOWDAjw0ZSZzhRhNnIqu
IjKVCiuzw4MAfi3qDCozuGNszeXpgH+bD3xmO/8DzMAVghGs+IwJev3eCyeUFwId
gOgyXHbAqo2c7gfYIMnpGil71E3Nkc3Vamq/W+8zx4sxwgi61AXXVXtOXTtMCU3u
kNZNSaZQqzU3ee7CTMrHppcWeBBa3OqKVcUIO2yZfJC6qOAQ217qukDiKB2Poxu1
z+LGZBqK8E6bMwRGx/esZJmm3HL3pS5W07SqmHZ84qvr5IRKDCJjRO1qHn3izRvY
fxkJb4zNCrWcrt/uEjnye8RM1XsUpcEoxWaPnD9LBdHRn+jYiFJVe1RkjaE7qnPF
Z5/kd5k21oWXa5LbxtcMh8H5lXM5kq8NPAc5/0wDcGHgvJQoztxxx7IaLhZfLs8W
ixH99VeP9vvl+y+XoHaaLucX9Or29tUO5fLqKw1ub53qwsg97pNnmE96MFTJk0uV
Q/4i6lU6SdErRMf4/nBzB+N/chQIYXjWaXLs+I7o3Pz+7tvFu6vf7mZRBD72xkbX
+25ocJHGxuK5qqwXwlFmd6dTsCjcjD+KRo+d2cbYZIU5UT4MwywawTxbHobXI27m
tHocepSTSJ4Rx4uOPTk5bVFj1JSaTJOun0fPYHsDJeR3I9JaHwXTQSklCZ3SPgAv
4GD66CGwu7HzOOCWjwQHfouzz589+/ODp1VTVTpsCEuUQGsQkpNedNjCYESj1lXu
bTajrMGZVq7smh2As3hIoAQfTomX+H9qlrUDKaY/6gpzC5Xo0In03hTC8DTkEcMD
RpuTszapWw4L3gy3CRuegbAdj0eI6vB4myRQMwJTglqedVVMbblZFyajcYywPj+9
YM+SLl2o+NS8ZbaSD0+mTkPO4CvjRr0TOYJPDMivf76jo8Q1lM+lsD60vqNcJn90
MYXaOG75gJuGfEShQbdhDLpMhOlPfvjDPO9cDJbT4zaKvbx7MXdYKd8xQbT0RbOq
sNp1MyvkNUU+sARVdp38Y9Z1dm36tbV7Lj1zHLVhgrCuZNn6G2Lnh3DQ1iugGNjg
ykrrbIhydC+8whdRLRQgjHziSZ07IloAFoZ0FKRBb4WDNPkiWjb5zT9/PruLNjuF
ggpUauQNKKRl4hBSE6P+YLX4OhrtSKvcJQPnH88CmU3DK+fOMfi5QF69fBXxtIDA
Ek+fDUU7rmKoA5wrWWQ3/zq9m8j/NvzZveekuXx1cKjLGSvktsoVTHg1BBXYTZ1e
Ln6XvlbSCbx9G1jxBdz4iBaiUfaKWUctqfPnBZtvqlSEmnGqDg9ecJE3VT10zz56
L0LotjwwsY8LGvRWfCAb0Pmnz3NmdCaH3CebyquY9HgxtHiUjuinn5jZ/UVm9oAm
gyTwUFsTe7hD4AwDMVbzzci5vcPQ9QclT8IeNOBugaHmlzruC2zglj/bBujx2v7a
7ha4le6tbZ2HxPvbnh0btzfWfLTzeol6up/1SD/a7/Fb+PQf/P9H7PcUwpaz0d6P
4r6b63CLqzdPUuVl/TmEZ9oKHuFYwePI2RtQ7UGN+Ei7gK2bM1/ZISe6awzPwlLD
ljs2Y0sYxbbpuOnNGxr0r40DpvSSiCecEWbm3Sf7iK0XO1pYILzX7RwslE8kdp9G
cp+bIz+7OTT8Eg6cdtsNbuUZv/Hs4A4zVjd2obLvhGKceU5/rcljIYDotAXG8fgO
vHw+T/lG0upH12TaVxBa3IRtoLt6+TssR5+vvmfTX5gtOY0Hw7OTOx6BfBnGBaKU
MotrA50+j2vn1t6hs+21mJExgu5qNnD344W/Hw8ocUAisq2u7/nXCn+bDoeWoT9k
rVsqJ4Fv8NP/AWn/p4MOFoN5zm9ePNwuaV0/Vqh5x/a8hbbmdk513mM4rrHh/XIW
f2LofkLgU8LtHZigR2Gdccv169cT/nwYj2fueRapnjhpMfgJ1sfFqNxSHkoKFjco
Nu5j94NEMLUjkny+Pj9vPahlVYg0nPNNXfNO200mvtiWbl94qLB7FEWoXFwVuYP5
p4jgoefBa08Nz3G5ZQDcp27Y/A1QSwMEFAAAAAgAI3P0HFjVrDZLAQAAYgIAAAwA
AABtYWtlZmlsZS5kb3N1kMFugkAQhs+S7DtMxQQ5YNIeemjCAdnVkCKYIrUHE4K6
CHVliZLWx+8ui82atMkcZnb++Wb+NeGNhMRLCIZVDMt0GgY+4HjhBdEEGQ9VAdZo
nGWLBMdJltmW61qPFjIWMSah65wuQkPZhd5eZFnvqwIZmEzTuaiRYa4J+F4EmMyC
iMByviQfBFoOWwptKUbNJm9LyOs9FBWjUOcnCryQPWjO/HDOT726qr/4ke7FRFtW
FxBxpynzFr4rxjQpCANyYSpmggSieNWfgYU7U6WJ62B1lLsZiuTpeTOU8hmkUS+G
dRCGEETv8WtnQNpTo8jw/VnozRNwYTTuPsEWSefeBmk/Z+xl0Byamh/ZYUKv4mBV
XGWBDL2lCXdNg4zBdrcTtH6FAnd7bbgX/mKuE779/BPjiLj5VDaHOtrhOuF/vH5l
J1X4gYa67/4AUEsDBBQAAAAIAHx+9Bz2EKWnSAEAAGQCAAAMAAAAbWFrZWZpbGUu
b3MydZBBb4JAEIXPbrL/YSomyAGT9tBDEw7IroYUwRSpPZgQ1EWoK0uUtP787gJt
1rRN9jDDfPPePAx4oQF1Y0pgFcEymQa+ByRauH44weiuzMEcjdN0EZMoTlPLdBzz
3sRoEREaOPbpIhnGL+z7i2qrfZljROg0mcseI2NNwXNDIHTmhxSW8yV9o9AI2DJo
Crlq1FlTQFbtIS85gyo7MRC5mkF9FodzdurpsvoQR7aXG01RXkC+G6bIGvgsOddQ
kAGUYSJ3/BjCaNWfQWQ6oytjxybdUc5mKIuHx81Q4TNIwh6GtR8E4Iev0XMbQMXr
VjHyvFngzmNwYDRuf4Iliza9BSp+xvnToD7UlTjyw4Rd5cFdc1UNRvpIA3d1jdFg
u9tJtd6iE259LbgFf2SuE7F9/1PGlu9XTl3cFrrG/wb6nS3aGQw0qdvpF1BLAwQU
AAAACAA6c/QcWEqGSCQEAAAiCQAACgAAAHJlYWRtZS50eHSNVk1v20YQvRPgfxjo
ZCOO2hhFgBTwwY1l14gbG5UNuCdjRS6lhZe7xO7Sjv5938ySlOQUTS6C+DEzb957
M9ygrVZR15Q8pY2mrl9ZU1HtW2XcvCzK4h53rV4rS8+2r9eaWvWsI/k+dX2iJviW
7q7u6HT+MV8oRwsVkw6OHpx50SGatC0L4yrfdiqZldX0atKGtArW6EDyineRVIMo
Wuou0Qf68OnTb1L/nB6idjqRCslUCN6oCHxV32qXAFxRbWLlkWVLqy3dqd7Swlrj
U0JHin90WXTrTiAedFIB60pzvAKqmsONe/HPxq3JpIySSWm8tf4Vd5FHBdVq4Iy/
MzhO++7z4u/7p4vF3f2fZ7/Su5vF1fnN05ebh4urxdnt5eXB86CVfap1NEHXTy/K
9po8KoSYmTaRuuDXKJGBgGeuMAFRK/S5D2JOs+9Tzgh5ElRyWRGO/Hz79fL6an7/
eF8WjbF6TlLt1VgLGvqo5a0DdoS8LDYL/EbcstipSz8hrm8kC2wGxlMfnK7LwjfN
AGRsu/Yo5zzUruugYxRYB+mjWTuFBCxLaFUCHcHjQTtkmjK0vjbNVhJUvgbRQf7r
b7rqEws+YjIOfcGir2o7p+uECm1nt5MCoxN618ce9Oyzj5I6aAABSCCJG9/bmjsU
JsW/eYLG/iKIqTbIuvV9AC7XmPU8fcMgQRTuSDDWuoGNEw0Oacpi5yGBKLqF3lG0
Zr1JQNuILGQaJAALLyoY6RH/8wyA+o4Zz7qKBzK8Q4BZoNx7Dfm3fAmcKWAI8owI
i+7FBO94BstiKjYDnYuH2ZwWDxSTcnWUlsZ90E+OEeb2YaIQ6Ot0NUomfDgQzbop
YgNYkA720wbR19/3WRa9A3EGzjrJu2wapdpUKu3Ab1SoxRM1UAaedgH+uJjBBMzs
HgNSZXhrYGMokl2h6P1FDj6jxqo1sSMZLeNPph1Z/mM7qXokCiCtEf+BK/yfsB/z
va+3X26u5kg6AMq2yaZhBoRWNXVYKdGGu+Cg2bC4+zi4v22hhSysMTe9zxTzvWEJ
4Gdc5DwRhHGg6KcdShhHRj8QlJv8iZGfv3XYAOGRkU5DdrSa+Dn+78ZOP46tLT0T
gbZ41njPCTwfzNo4ns8hdmLjf1cXiEFnYjQMOty/Vwvtt/qVJ5wZmcgHhH929YUZ
iZ/tdzYbcw0XG2xjpHIigYg/GMzxFrO8b8ax1nIJo435EGiqzSBUjnvTMj4SR+dL
EujHO/lEu/yl3jn7R7rxHoVzYhVMl+IJxY22NgpROBRY2bdMcMzpVeCJ4K2cTxED
PoaUGeLlYVzPC4hefXg+KYsVTg6HIKWdfKQANz+CKHts56297wcfDlYaXHc+pAzo
r+XF7VLg3y5/OZ3TEqKufL2lTo4+8mZZ4EWeAPka44lK/HWJKPAvUEsDBBQAAAAI
ANN+9Bw3NXb9eisAAKBQAAASAAAAbXNkb3MvcGdwbm9rbGcuZXhl7XwNeFTVmfCZ
e+/cmcxMJmEIIQQICZDwMxqR0SCGQIDJDbQ2jBgnjEAQV+vSVaRhJtg+MUw6FZgc
glXbKl1lpeCudW2Xfs12B2wlJjUjWiwERYgtWLB646VrBMyEMJn7ve+58xdIt+23
u88+3/N9g7lzft7znve85/09545fuecFMovoSCEZT1T1iuAn2mch/OnIVdfXGsh/
8NGR///5v/tzaIdQGsxt49rnHC2ipRyhBTeQXb37niI7xe+QYMFOEix9icgtul8t
bCU0TE8dVLdGL/7k/PqlJbfpfQP+o/7I6aC1lRzUkRPnA13GwPnBYMEusrPX/ild
+BHfohJus+Ew4YJYCRsMDTP5hd/mG6b+VDjxWXX5Zw0TAtBBvIYAtBKf9TDJLv9s
i4EOK3zfb3X0LN8bLHgByNhP9n6H2E/t6mj/Ut3RonUnPhna1UM/ueroKN0ltnGH
C8WDBoP9N9FLLwcWuvmcxmr/wqcI31C5xeBf+DQpaJgX0q16lSNHixpmtz9IC9w8
lArbl72qw6bxlfteIssA9XKomBCSQPNmvm+1rp0czQ/mfp8Erc8SU4fXEqokuzpe
3URKug06xx/Z3K8N6A/niPIxopbtgL9t8PdtIs/XueT7RAbgrnstRwQK5R+TdfVd
7jrW6Oig/QdvIiWc4H+XSOciN67J9GYcnEAO3UTk3yIcvdB+R6vEHS06aCWHlpG+
90hBiNx6tChY4IWdaSQhgVUehco3SUjPKk1QaSYhkVX8UPkWCZHinW/t6j30gu5o
0ZQuQFH8Rq4XVjelICRA8VGtqIdik1YUoejHYldLbEDvFeZ+pHDtKn2fnik/651W
4l+kevNYj1hy+4M6RSi57UHdFrGk9UEdPRHoEpXT5e97J9JeAEQmqaLXUKKu4wzK
T0vUOvh6uau9km1E18ECcshNSncVtHHyp2qIJy65Uo8G5W56oeVCq95dF3oZ2j6z
eYJSLNAcI16r2hhrk/a75NsmeDyK0C3tJ/7m/cSXGTpAXKxjCnSE2mHUQZvH1bat
VnXJFmjSStMnAKYoloPSkDKG1g/5F93kE+G727BGlYZYA/F9EmiOEu+ktm13qbQ+
yp/yL1rjtYZ+QeL4avNgitcSNQlqYWlQgE3/tRDSxZsdHfB977BL/tfpgV+Z6J57
hwNbReLTA4ACO2/u8PF9x0lfBzlgcoUIh8BX4bEDRuhLA78y+l+79+o0gPkHwnoY
utyrLrm+OPArsU0agGrjEDy68XEbdHw+0+NxyQp7ds3yeOie3KuRanEb8QqODkWg
MNrc4V3KRsj35XlCR4g2XH5tvMcD9MwMvUs0rPIrWksulQaC0mCII/HJHy4Gpk9K
1dcW4zz3DsM8OgLEzlW1Plz3sunAJKiFcrClMs6Rv4Ue5UbgCNRCJ7GnFVqkW2BR
VBoMSgMw5e6V8eaWm6E5KF1WGy/L7+R7NNyI4b5Sj8eh0rPHz7dtOzDMnwobzpPq
9KoysnolvYrEBA3Vao0QkEROmZDqoY0iFYKGeE91oFkgvt+n4yEES5qcPZ4BvAAt
pX9Y2wXiGlho0RVq2zuWFlh0x89TSQhuLxRV0aJzdDAYtVGQp5o8GvwFMAphKaYj
tFGg3bA1Dnom0M0FFhHvLGUiK6vz5M25nkp6jEoxvrNiK9myTueOBRaAqaSTUE5P
q1IMFEJ+zuShg4CislWKCTF6tnqHASzVDMAMWJSx3frC6jjCOvmfBNizwTQkv+/W
Z1bTsF2KoWCyBXVyqIHuusNInZFRV+BQFWuCqt+N81Ty6Tg+BmaJxGtRG0W5Y5xH
zxN+EMx+YQPf5wePoc8CfYxkeOgxwLSJ1gvB8YHOrMC5/gT22YirWBkXn2ClrEMq
j9HebgNZgn1Z2jxnFVFri/fgpPm0N2zQkUAnB7OvlMN8aiTttIe1Ra3tFHFJBe03
HS0S72rPp27j0aL2GlojUrdwtOg5z9Pt+fdMOVp05/NTGpi+3CV/qmMblTYEANtX
jA78Sw3YDSxvnwBgpDIo1CeaxFa3EHur3YrtrDnebjQP+AoUq2q16DSRUZ8pFFGQ
iE+Ru6+oudmcvGJI/s0VXKdvLEAb1Vwbp+bmcChKZ694EusCbXJh0z+qbE60QtCE
Ld+FFtQ1rUV+XO3CIit/Q+3yWO90HFFy4Qt8t2LFb44oIn7z5G53Hb1Ar1DJRN0W
Wm+lNdnmIz6juce7wfyB94FIGOicZO75hinSGzkV6CWB31jMR6B2OvJB4DQJRATa
d7CQ1DlUx8DxD4/3HD95/P3y4QbzFqH8UoPefmnicOW5T1ZHujjiFWk3ff+4EukS
QKLi2GDP3jKSyKVIGAB0Tzl6lD+utt7lv5K9OZueOvHhiXMDp/2vZ59QzCfe9vdl
P+XoOHHu7fgOmAeaxgViq5r51+pIsGwb3/rtHfyztF/JjJwJxKZt7QuL23hVDZZ9
l4RUtT4h7TDQLf9Cpd2JlhBxgqgeLXqq2E8YW6F2/HzLP63i1eH2Ja3AlnqB1hip
W4SYgVP0LrlZ3Z1Q7r3nePBZYAP2neNBfRNWArSeEegFnVd42AogS1Bzz/Fu+X0R
vRyYXYiDzkEc1AfDmHVxf/+pxzu8XOT8ef2TkY/5178fOc+frE8SFNm+ikcehvTE
pdjaF42kSnDJcmxt1yE9Kc9185vttPf4+TCMIIT2Qvx1vnt7PqfSzhMf6nM52nvi
fHD7dG4Jgja890I+96xL/iKGrkBsKcnj1GH0VBExjyOcN+HJUJRCuZxLdlvBbb0w
G8e8nhgzMzlmpjaGS40pgTFTcUyaxGoiG4NGTXfqaLOANuWhMR7aXwm9Yp1caUZn
Eea712kKBjym77Z8Srjyzs2Gfc8RUMiMsPhdYsTdTUK4RV58jgR6CH3T3OPLbnmd
cA2m8l9vFrdD87UDkIr9qicxGByS/G+qB+r/86H6/+jHoe58cxcE4EO7jrW9+AS5
eufKEP/ltuevkrbvPQnx3D2ehhsd6tCu731O6IuXyFVml+jjTxAcUxLM5UhJ0HoD
KaWP/56UqqURwuLAg1nE0XO0KMTdcbRIZdPomKZYou6COnHvTlK6r80SIhXM/oKG
QFA+rNsFiUnpTjFkLtl7A4EQ4TC4mUbxFXryZceR1jcXX9of0s2iFw+vAapKf2iy
tAoLCr3mBRlew4JMLy8pn0H34YdYp9nS/qVXVfVoEUsXNgstip8L1kepZDR37Oz1
6XbTU+ZenwjB+qAyeVcnHaw7qKqOjos/wdznyvJAmL/4k+X09cipdcHmgZ3SIPi6
gwI5IUOASct2kppd3SXlIk8aM0pj1icslbOkKBgAq+HwIfMrL5s6fBByxqjzqv/X
hdYph2eZK0r/xmdV7nW1L4T2o0Wr+my69kUH84DB5zFN+aTll+fJV+4JmYnvt/Tx
T4Bxre+2fji3A+0r//gfUL5h8uOfHj91bqjS/rhC+Mf/SJ7GLdBnE93jV+Dvc/K0
MjvELXEcQa6noBlUEEDCj0dgC4IACGOeDsLuBp8fJvpcUi5FQ0bSyPfdq8bJ2wVD
2r8EITJLlZar/PNPEEgBlPGlwQJq2dV18AB5bZbZoV56cZd0mdYMlfoXPmEhPlP7
MnoaVjNPEUr3tll2dTjUNxoH+CP479KLYoGWECy7MiUOn4HpkgVTMw+ITdBiWDel
3iWPGYob1aS3E0FvQ9+xuOQbCESYmva6je3OVklkRtEEc1qYLxVopyKibfz1lbhd
NoKtgfCv2eSmkiUTIk05bz7tBytmRtPAoWlQ1quNRnnJgGaljZrJUD42q4Bu4RBf
526TIHZ+A/qj0J+l9WN4Vko8ymH05mpjFOpu1S2wwHZQbRySxxAPwpiIBwJgLZwE
Ui7TNWJAERqs5QUy79XLS4jCyzwmhfMLPua90+gWbkDQecVgmcwrheVl0JZJz8i1
hFZz+6AJKo6OfR/zUN73KX+XfHJodZeaVY5j82AsFV7S+bJ4Q1Cgi/irQR9HzwD+
uQRrVP+Szqvr0hlohO8PruHoWbpVhMTPGlz4KU+3CEGfEGwSu8Lip+BEumjZpzy4
s2zaJAbXiMG1QnCrGNwidAULPuWD64TgOlFbjlOEMG+lXk8ayopjaoWRbOZBmAIL
P4bEfwoFYAgpMumJ+YbN+XSdWN7r+0L+KlGK5FaiTJInEWU8mPWxtD/QbZw/b3Of
/HeqaqBdegE5whyHnDu0enWxjngzHD1gro1QW+VyfHCXSx6+snp1hap6c+ipIKw/
CAxdVRk0BLoE2tW12tHRpYGdjIPl0lN7ZT5YzY0EXAWAswz0Ej+PxvhBiO6AM8C3
QDc4ckjU73Ld6ZLHqavBWHR4pxQYonSQNsaoBfrdgT798b5LL4LYyNNjq0FxYPO7
aGeg01h+fMut9DhusS8L8g4D3wWE2IEQpYBe5QeDazn7sVnjYR8uBpu4JcFx9G16
Vp4Xo6eBJmAriwCMEJ/BnPOAfzeCxNCs5fRYoFMfOBcLDBk384eMpPytBssWPQxR
jPJ2FfZ5hUq7lEyX/EBMEe+SvzPs6Fi9FvhIyBNiP/+EeBH+LvOlOwtEW7BsgA8u
HOSjaG9f85O5H5W8Urnzje0nn6ZlrUSSIGrUTlnG7BJ3Ehr76da5YBnPb/R/vtVF
X+e7KmGvadQ+2LCGfiJOyTXcufzS/rkdL+/63faL20/TLnpsqTyBbDE0VMo2suUK
2Ggj2GdhQYZPntuhfATLMixBI6lbug2M3JXz415ZfsNUb5YwdcEan8G/YKqPe2W5
eaCr7+efefi3wGoAwQUX+KX8ByBwF+xKw8f0D8HSf+fPW4ONJPAGV/aKqePDIW+/
oyMoEQZOYX0U1qeWXYa/i/zeC/y+b5O9/87v20bUkn4eRNfaSu6Uy4e1BGtqQYFh
V8FO4hiIXto/hQ6KatkuIk8ehn037BviWVY/6zNHB7gIfwXkQ8FFgS5OcxWXg4Z1
9XuH+H07CDNMNcb2pWiY0Ks18E+iMVr0RdxmCSwAywiJYIZmf6FkpYK2lWAEtLgE
TTAOtSS6MBFxyVcvpyInsEx6eSNRvjr/MSvEXmDB6gMVpGlWpIozghWGvExP5leZ
fFJYT0iydhutMgarTMocpZRWiby+kvbPutWlNbpaqwSI75YaQYTLu72ZgIlwPjHw
FS5b+QeWZ6XntoB0oZt/LZdTbBEnB4pudMv3qR5IWgPd2TS8Atj1CQS5yRwaTbAA
2d5jJlor8jlL6JBipsJuR6e9EzK6QcBRSXw30DtMCDNZyVhOT/sXmXy6atr5JcDV
r2TT04tHtNDwumR8j8jRvstnMTrV+FEdUHW+bEDXbHbLTeruWZI4wW1suZ9bFwsL
QL7TGHSa6sDsg3NpdeLSI5cgOA0MqT4TGAsfQ8KlLVzA8F6DnPmFJ+iOgTNAaD2a
lslId6ZbHqvu1knRMe6YArOKOGt0gjtG4T8pWp+WKeAeFhjMqjf/AGktBpmKXvxJ
5PhyrxndjVkNNsd8Ztj12QEpxtHmGK0A0M9a9ZD6993+IeQPp/3zK3zngKBL/7j9
bd/pauRGktUFBsCOLq/GeLwveunFzbr9EOomYuoaoX1BWgrx4sW1nQLRMg77EXtP
e+XRojhfcc2a6zRGugn4xb1+vph0mPvjCaht2IN5DfTpvI9OW/gtnoZ/5Nf5DOi1
5a9cDDTHVN+0wMJtPOc1qZCsyfMv9v2RRMJ+7eAKcyQYrlgAgeCdF3JBkvPbSHc/
8U4A7JjGgjUD1XyM7/tXUif/IepRbNCBLrVM63io7zniRkqeJx6mxU33wLA6+cMI
Ehb9EUxU0PIOKYQJ/N6CYpVkFhKWL9fJv4yAnCsm6OG8Qp0ci0XwwMabzxaTw6iw
snQa0c+KArBZbboJesFlh0g2SgY92XJOHTQfW6kN1ZZEdPeYj+HBUvCZVXzarsCm
H9DRGjHyOgf6eYCLvC4QH3eAgEX4af/UGtH0ensFbEk+yyzFYjWUSfzgTwAPWADQ
JNyqof4kMtwYSSgXwZaYmC0509/3TwQi28oKjjRkJrNHzMwcHX07iSbouJi9n7MI
JXYtZKVPj/PcR2tisOcgQzF6JvrKgnzvjWC49S+fu6xMOtcv3sWOQaVhxhc3olpt
iLZKwy+XX/Vxym6lkAFETk/scN2JID/sB6XSsusnkJzV9qvPaEzpu1VN0935XqsP
Ajgjt1VsUdWtjSKoX99+iCJieG/QEivhMCyL8XgIF1gYhUZLSywXDFRYjEIjO0hK
ZJpuue8qzApGBQ8dVC/4xgFP4H7uUtgpguZ3gzUMMvXH+bwLzWrj7WExm/v5ZBZA
5tXJMyIgPiIz+VvUwB2coPB9G1XYFxiDI5tEGKnzCdBlTFoIXImRNosQMk2vk7/H
ecoloWEs8KDOLe/lMLGtF7oJUQxQv5vzeJInV/GTA3+TWurT1dTQM62GZ2F/IH5/
9ZMJpdRQLsW8EKpw5y4pWaXqg0Z/Uyx12hw/0yPkJnI7WUNOTzg94QT8MbTuuKlm
Z2kwvdhtgLKRlY2sbGJlEytbWNkC5bbGlxVehcy6XvAvKvR+cZcc1oF6VbhIM3/Y
RboFIoHhFNzyWzpYFh+BBoeaoDt60EBeXTGR0R1N0H0O6LaCz7L4m3TEJ7plAyqw
6nsLVAf0oStQE4MI2uIOCSDK/ysGCJV/aZNeKe/2vQSGb7JEz/gXgYYBGEix0R1a
DGAUwWqUakATqE6DAANhckMA6pI3MAg/iMZU/4LbvXzfPSpDCiWXqgA9UKhWYYiu
r1IFCF+ev/mfNSTZoCxt0j+78GBaLoolXRkhs0kp4/Ui4Pbr+RMn0vxz+Yfg+1w+
O12wwOwpXdsSS2Qr7rooM/n0/bkYQlz8SZtPBWFhxchx+5XtkUg3GBFu/3IMKMFi
P5UUq52QYkfB3JwCeBqJD48cB/1E89/qVFvXqvauJDhGqCMBm4VLaQ6A4YM2R0eU
ATwZObZsXfpU8dEYf7598Sf20wC7/W3A8Pall1NY3Jjr0pOK+Yb1CyZs0QuLdzjV
V6aCX35K62+5sIMwLwe2pHxh0kzNu9B3NmGmNqNlOk7QWDIDZAQN5jQNrpO/dgHt
xtmkbbLivtfJL0H6J4LVxx7tuC7YOAT40I98RQXLVT+kSkOthh3S8AKTT+gWMiUw
TjsEqW3boyo9aT/WMuQnTTPs/W6YYzUio8dAIGzMkaPHrwBkeF5+c9vPH1XxXsr3
Ixxq78fD7MYiN1ZgaGFyqBWGet+AUXynvVsBU21M2vykbdUlzvCmtFemn+FluVKW
MXsVmvjxChjGwzF33WGBYHSVrUVXercsDHhWQGwF0n4BAnqWF70MVmTfD4TEAfDf
Y/U5Ic5DeSdW96AfDRHA/AuLx4PlmVCelquVa3DGeNkLZTOU1TLAiAPeNGMF8OGI
28ZhZY/AwOyJCo4vgAqCqGVEkBfMSFS8gnxTslIjyFNn4DSHSKFrJas7S4CBLFB4
5FOM2cYkO2cK8gzs7Aos/AHY7xy8O0SiaAH8TVHH491MYOFzqa7noOu5tK49qa49
0LUn2dWV4MUBc4oX48eleGEel+KFmuPxdLFbLqx9d1z8ygvBticqOP6biQoi3gRM
TlwWHCDgiB7Ig8CkOy12xjC4KReELezMB8vclE98GDjc6VADTWCBjdRpsTtN2j2i
Nx8k0uWmk9Q6wKsFpZrVp4OQzco/voThV9iZq6oMGw2bwVUgOo52jwy9zQM+a2g6
cLu2z4NnH94NbnlroScsvCDEx+cRwpCEnQX4mERISOBc8vQ+DKxU73zcK0gkoA38
17SpqJ1Q09pwpT+dys5uU00Atp6Bdac5yBQhb8saIV9zywNTgJCfC8y/5gIROhIn
ZwQlP5BHo2R30XWUzBiFkveLrqNEc9U3h4V3YEfyIFBwy56YR7Gk8xyEwS0fL/R4
8EYEtXDsR570TAjsW+CxfAJhe1VeMU8q0Llh4PIuCTwG8Z0YeAwCitngf1UIJX5B
ICncIalaBKW6VF+ubMPIsoLdsD5PlF8FHmMyUGWxVzEZAA4NeMcApAmB/3CV5Wa+
5yFjs1eJFUbSrAePmQikqU/UOuhJ/thK2s1LMbBUE4qQG6yiPcGKHinETAeo8s4C
QwTTlVdZG7JaO9uBV3QyW7lioWstapWltXOHoZ2oVTaYY93IDAZZaNQkGNNRMOYX
CLvSsWvc0kjjoK0QorVMoouEK4mXzyRCJJxNvLZMwimZDPRXTKyVX7LUQA+RrwJQ
lZGwkYGDMzXhEaD8d5eY0UWD+1SwVpOUYFNeBPK5EfcPrpWy/WNYYbC2IOicFGgq
UH0ZgaZJuAcelTZBJO8dB/mf3TmShTgc2RhmvGJPt9w7RbuSSDaBMLVOiQvTdeyA
nJ9xxGsKNIlaSrAGZss19zSDizGO2C4lQ5vumEPFs/Qw34m4jxQweU4noW4UEgzX
kWDUSJDQtQDaoDt6rUFh2pPvUiEZA+Px7BUUprD3jkOqiiLbi+GgzldBnTnlTluj
3u60xQd1eGfG89iIM89PfPm01gb5eO8SzMeNgY1RXaA+RubX5vgUjCiZPbMyZMxc
oQgEpSHYwRgeksLUuz5K2xxQE4kxq3KULQlKg7BfuOpBl/Z0y8sK4uxINAE7Biej
QONGW9lGG7VFKSKtLaDOSSlbyMzvdXY291o7+7c4+IFrWAGALHm8pjlyavdKFy7r
384nl6V6bey/bLe8FknT6m55J1RERqeIdHqfhQA+vn9i3Dcwa+Jk1oSLW5MZuusp
MdE1tlbQzD6TDnkIkey/EGQjyPg/klF3fkxi5/dE2M779o/K8Ch1injBwfrsUtRF
pSEevnDkly8i6wcDKqrS/arWw4eTII1DbvnhSSiZWkP8yy1/dxJLoL0r41Sj+EuM
l936qYTh/uzzJG4zZC14EeNyKRNanVMZOABOS4BrT7fM4VRoehj8dcdNzMCDt/kS
eJu15zRvg9nCGBg/kwQF9uWSSyZ7wk7uI4FOChs+xkbMQboHPVpJvUVePRnCnURg
75Y3kKQrob8tC1Rzp/oIGelU5gNCmSH8lIVjcaTfvoKOBAykFRVem/03k1LO5ee/
86RjfVmNSywYlUgn2EJ94C2wmLSzOIvJBh94KxtkKW77CoC+lWAl43OtGkLedMRP
JbSFGGGu+uv54wLwit9r/KkF/kwAFKUaf+DLOZN9u+TYROQClUyZsG/ACdw+t/wk
ZjjxncT1vKTzIDsvQFgx+98ZC/qFdGb19JnIn2KbBAMv4sDLbOCAkGLTMS7ujL8X
G8lDpIxOTPGw4bee9MmeVxOTPa2OJhdVH2rrvju+7qRcBJ1T41OLEz3a9XV8xXfl
4ltfjMspCZY5TIWB/kGgf/oQoz8qjJSSxMLPjLrwGA4kehzI6bW1Id73dfGFfzn3
euF5Kj+18G98MEJ4Egs/E184xYMzEYSgLT8VkY5gByIsO6uxoziuJqLGDszc1Am4
rwIjUIToFc9Q05Y31HejbjSMH53RMJZej/HHDKORYTTpgb93yf0TUHquQ91DRkMd
jKOefT3qlRM82mZNUJk4WtgkVv1ItJ3paLVpJ+GrfExpVmMZDOtcMFvFdB1Hq3Po
JPgur7Y1ZrESe9irmUUuDz+WAf5jiyAfyvAAPVY6KVJtJDrcmX8mHg1vMny/Pgyd
DURmMyJt+vRdxsW8kpfa5adPe9JXcHCkUHsdgCaHocnVM6l5Vh0pNYhvTRq+pSPx
HUjiU27U1lhti686pyEbF8hh4xS1TvQoRtajVttUp/BngS0axDpm/ulg6+NZumeL
dcTc4XuGmXyWr90in8zzpAJsY2JlbCkrY+zNRTwMDjbHwlIUtwumhBghXG0jGGMo
c1ql6A599V9Bes2Q98t/HfHoIuujrdu1BUROTeyoBCEUA81R1ednz3HlzTHYa15z
qbgszD+79WREwCYkVtfGXGQ1WDgUGnEbwYPYaFA/OjQ70WOrZzz8ETiCIuQgUl8t
ZmpsLABjoTyitYBvuIBnuvVRR0/IROTWDyBuWrl7tYd/c2xvoG9O4AMSrI8Fa6Js
kYGtNgLRcZw96UwxM6bIz9uu28wBIITz/b12y/Ef0xxQ5zTpA+q85nSa9Yzmr427
hmaG7qe8fO70f4rgC2OuIzhJxV9Es8ZnG/FNRZrHptP88xyPp6+FJIlWkBUCOOrP
5ilZWDZiuU7hA5/Nia9HkG3p6/lrVjJ1zKist/mCf2IZTG/yr8b1xq9Lremv1FfI
uW5MO3wIDNm9AqbifxndX8u+Dh9KugWyweyVbnkbKLZ2nQYpMusoxHh2j1bOBnUI
DM3xGgDyclR59y+bMpI1yhIehc0YWuVb8JehaL8eRZ9LBVKaMgND87YagZ684b6l
aoqpwJEsbSfiLzpC/sGqtF4M1nFBw+garXmqzVfi2/Rc0rwpC/4Sy5q0Za2S6Vk8
c1+sGUG1xthc9lebNsx+gn/Cis0fe60VS/PJY0LLwLd8cZL5ZFjGVhIPqUo0t1wS
D6lKAOpnYzzsjNyUDKpiltGCquJ4UJUH8cb0fObXJukjkgWym6L4MSe+tzOrz4Nv
hmjD6RpBrbMybCnP1vtngq8CnKCQTTA1LfhamQi+3rGMdKO4iHFjUm40etyTPtmf
DL6yx/yJ4AsRHnxPi2cK4/GMoDEOo/lvZWMUM50RWDIiion2/ZiMhuyhOLJZ1yO7
lSGbyZDN1uKuR7ORrnSsdaNizX1vZMiVhvVsVjzkmqaFXDcw/KXXEHvHNcy/CSDn
MMi5wMZmMoLLiPZfslJc/v4xTzqu9lGCn1sYrjIt+Hn6muAH8a1LwyeNxHcgmW+l
qYiNnQeY4xnUvOy0/QNIvF9ydBwyEddK7dJH3tMjzNkhjGz7Zk/QbcQLRcnoO3bt
8FZJnG6IjzGmxkhpYz5IP0HGQwK8t9OHlulBM2/TQ3KMePDWOIvQ+hh/qtXAsGWn
sA0eT2F7D7AljVCe5ifUhD3Wh7KJMiZhhPUhI2o/6M6pwFWTbyxeHm7NxNtPkWzW
p47M2O93wPRB3i+mmT6sBt1RCMxw9M1qY9TVJkXwHWJ2jkelITOYq8fYaP3hVXql
gU1MBO+Gw/folfsDV7N9i7Wm1EvJEO652Mt2QwyXjG8Ux/2Jn3jnBJoHke41yJt1
ejqIeXESeHt84jgwf/g+fR2Y8R/q2BFpmm22XcOWRdfSEHNpnMWbcPn+kTSs1xYU
uh9peBBpWJFgaGHaqKHhEcTYD39Nr5Sk9f99vJ/tmteSYA1/+CFG9B/JSKK1y7bJ
ga0gG4Y6+RHiYXYblHUFiNizgGgycwUW9l1ebW3IZQe+dHJK2PHcd4wGt8WiVuPh
r9BOUgpwq1yWCQowGSm5F2eZA7MQ9iZOV1J3tBDWxpInA2ZEL0U9icvq68AsiKoQ
lfFbUY+2xEpvNrtY+ToMw6uXDVFPekKQvshWNbFIcDidOna3nYEeYfx5T1I0RdYm
ynyiLQorTKUNdilml1BG2bJMxHe3UgMAdTn/CW5lxrllRBA95BiP/Rix44KLmXBM
YYehRgwzTmTgaZwU8yZYfMKssRih1wBJsKb/QpJ85tFIijKSouikgKRKjaRokqTK
a0ji/ktJOmcaQVJctN4bTv8NljtxdVQANvw772heaIJbflXvCQsb9clLd7f8M+14
7tort0mgkdQ5CcQlG48TA025xGvCg9taTJUM+FLR/HfYBZN2DzyJXTxpB/PakftN
BkAM4U/6RUia97ktLHwbZsiPXwONY3dKRtUrqrV5igjf8vtHtGCiRUy5oK4jnmsO
A7R7wWZ8i69OXvGhJygZlSysP5YRlozq1sAd+UKcLCOS9azI7nJAIaarXoyp3HKJ
IX5CbiyXTJsNrIQ30yaXwgNMHYwK46iwM5doV23JlDtbIyO5jEJ2pmxgZ+M5nkAT
6Eemypbllg+L7DDbhGfOVwl1Wsqd1s18XxdJDvdiss7Ok2PaeTIoH/PC7/xaYzVo
LdHenK6Tl55Gqp0WUMigdDnQZCNp9vZioPki8U6kzmzWPUSdNlYYpM4cVhiI8yQa
v/Br0bNjdyMUx4vsJ4iXg1K/zmlhiCYg6IArdYswBPvyMzYEX+p+0xNfTTF1i/Ad
vxtL3BBA0LzGojrjd2MgUqo6QlDxEqg5foxkCgwJzXywdlJKJBPHGiZ2bA2RvqoG
VM5XFnHmC8Rnxb1uytnKnGyjJQWjFGs83M1L4ljw5ixjUvCFAEv6rQ+Ex+w68QWC
L0DOZXwch+y6duR4dksAImtRzo+4NgID1TTRhwcapGFsfM5yd2zr2CY9GIXN6SQt
wLc58aYpG7Rpfm32ZkCXrXC0E31+Uw5rzGmExhytcRAjkiG3vEzA97MkC55i9wUT
lFoYpZbRKLUxSm3/55QWJyi1MqKsSJQVlMJpxLsp8Kef8yglI/NoKgnx33eybdUu
YTLidxjKMnZttYhdYc1nAmNqvJmRagRSobbZpnot7NIFtOVuwG9UuliPZXMG9LhU
b7byMfud2nX5gBOU5EdHNDO3JB5sT9WCbUxMGgQMsX/Agt3n9MnLiXiM+84QM4Hx
64vnhJGx/ZlRryv2MFwv6NOuKwqujgyfceJCIWW7DG940rEmryvYmxAX3sSfhPZo
xnRssFaknXoiBJ1gdDgd2tD6kXY9F5CH3tQWXBYWfggJGYfGScCHiA8TPiz4sOLD
ho8cfGTjw4hnximcTFVFT/JFXkN809Jv2yCSqMopr8JrtSpbPDRAUWqe5VJ9NgwZ
DrzLLEdUJ+GVmA6grJDKt0qxHQZVElWIJKRouWR8zE6rbOVVOQ1j2O152rQmutam
ViWuvLD58PXnNEiH1V5liQfSzQXs9y4+i3yzNn2MTR/VVVnwrTx8Fw3ndAAlQESr
AUO7P3+Dj3N3jn5F5p0UFkL6QBPHXpYU5Zu6kls8vSvhnkAV0n5zlyhq1g7PZ2kn
+iPQI2O6/01MwpDbmL5Y5jeJ2jzhTk+QXcZns8DNNL/Z2KAH/QZTEQZBMadedwk6
tZwnA4BTbVx62FnP8o0ak7nHazR/4BVoF7M4zuxgrQ3aLOYjXmP5Ww0CfV1rz6lP
XwC+kQWNlqDTNBqwNckD7V45ORTUTjuDwNADRQ4PHkaGHoi9GQyC1Q4WItyUV7cS
VF929+BLuM24meCTaFgxQ0yPCEzQPtKZXHv168u7/gbbp13zJU3JKNYqAxqCTttI
GHzTmIBlbDnnJ2ZYKPhfYzFRzeCpnTCBKVE2XaOtaApMb2jamhEW3tGzd3WuP9lA
0fpIzy4pYcsL5Hc7kqJ1pMOTtn9hZyFGW+z9WhG1WRdXc3Bm2GyDnQR1L9QsAntT
iBvxYj4wmNZaNL+g+Yhpue/qp4kn9eZj3jF7T+opVCM9kWNFtZYigI2DHAOQHg2k
B0COjQJyCkB6NZBeADl1HUhGrSXDaY0gqV5Dyx1Au6Jvud+oXvPaf0LUOoHlGU72
Hc0ALsP3cEaSw4x1TXi4qq+TN37mYUsVtJ/gI26u5Q4T4RQTTjDccr9JHU6lX3G2
RwsMryxY3yAu+OYW7oZC/JFN/4pn8G1j9pq/u726FahoxB+YoNSQREfgQilgcFsg
MKGNVtqLP8o3tUHsK5PXPYqZ9oKpKZ6Cdgz/VwSVOwSpW7hd8les8c72V9zkLe4W
1kj4Ezh5t8p+g8ETZbVbbnuP+QGvyF9EAHedXKvSfn+TusZrgudNXoE1Y9JWDh1s
oQb2ts8NapvU44pIAoeB4AyMs+bhxbNVzu5IKEmnJe7KaoyH/010DDh6zEd8Bvzt
CMR4oXtFV+ir8LcJ/n4muu6U5R48FzwGLNeTCnxpyNHRJ+oikghT5LArdiHwVTEW
6eS00jB06Vj6KMhVmHTUIR6GD/ECfiS0M4b/8wMIZA6SwBDvrdbwVY6E/VjPYL+f
gG1jsBNHAika0NdjwMCHQXv0/gX4Oo2q3Ovo8TfpbvfltAq0d8f2n4nSklSJ9nbD
N3H0KDbYtcObxHKfsXv7JpFISvYSekZqNSDkJhEE4WyNfyF0QFx+i9otbhLXdItf
F0nfDFX7NQ17HT3+Y8t+vUv+YSwpG3jwZMR2dvkvyttj2m8l9fiudgbbd/8Jjyf+
kvTIz5JHGh5av/H+wqV2e+GNhUsf2fSNhg0P/q238Ob5828uTHQu3+h9qJTU+B56
qHDTIxs2eh9oKFy/efOGBzc+/MBGb6bJuaFxw/0PFD7Q0PBIQ6Zp8X0bH2l4eD2A
NjzyYMP6hwsB/OENG9d7NzyyMdP0l/3i2QCf9Lqr2lV1N9n04CYsuRbXLiNryNIV
NdLy6tLaVbVkadXK2nXOKhe0VxB7qlaB4KVVq6pGNM4h9juqqhffse7Ld9ztrK6q
WCFJbJLCxKcIP4XXfXSVIz9c8hNvyGEfYZSP1p/HPsZRPthbSP6nP5sM+I+QDC7V
lgtlE5f6f42VQB1WnKyXQXEpxyfrEtSXcEKy7k7D9f/GJ4fo7uXgn/AC98KfAa1U
tV/ej+U4QS+CHOSM049Vc/VjODX9o9er13yy1GkcPOAzVlU5Tp/FaUXtM017jGXI
s/+bl/vf+LEVrZ9mW7y/2LXkB4vdRR9Nq1tqLn6ocvRWv2709gdnrJ3x4Iyfzdgz
87szW2fumambFZn5zKy2WYFZz8wamtU/a7f9vtm77b+c/aE9x77bftL+ob3khhyH
yUEcOY4tjocdT97SC39zbvndLdtvefKWE/A97dY5N8913HJr2bzb5q+/72/uf+Cr
qfriJUudVdKNxE7mrCJzHiVzkt92srr84QrbYucipG/2gl0VdUtvX3T19tFbcyst
lbmV91XmLlm9xLb44lLsrVqyfGnd0kNLH/oTrV93bgKeWZFxealt/7qzdOmKrxBm
BJnhBPU9lwHPbKMNnxPG4vP9yfAszJyC5VcLsLwQyv8bUEsDBBQAAAAIANx+9Bya
JxLifisAAKJQAAASAAAAbXNkb3MvcGdwbm9rbHguZXhl7XwNeFTVmfCZe+/cmcxM
hjCEEEIICZDwMxqR0SCGQIDJDbQ2jIgTRiCIq7V0FW0yE2yfGCadKkwOwaptlV11
QbC1ru3Sr2l3wK3EpGZEi4WgCNGCBas3XlwjYCaEydzvfc+dv0C6bb/dffb5nu8b
zJ3z8573vOc97+85d/zaHc+TWURHCskEoqqXBD/RPgvhT0cuu75ZT/6Dj478/8//
3Z8D24TSYE4b1z7ncBEt5QgtuIbs6N3zBNkufp8EC7aTYOmLRG7R/XZhK6FhemK/
uiV6/udnNywtuUnvG/Af9kdOBq2tZL+OHDsb6DIGzg4GC3aQ7b32T+nCj/kWlXAN
hoOEC2IlnGGon8kvfJSvn/oL4djn1eWf108MQAfxGgLQSnzWgySr/PPNBjqs8H0f
6OhpvjdYsAvI2Et2f5/YT+zoaP9K7eGi9cc+GdrRQz+57Ogo3SG2cQenivszDPbf
Ry+8FFi4ms9urPYvfILw9ZWbDf6FT5KC+nkh3epXOHK4qH52+720YDUPpcL2Za/o
sGlC5Z4XyTJAvRwqJoQk0NzA963RtZPDecGcH5Gg9Wli6vBaQpVkR8crD5KSboPO
8Rmb+9VB/cEcUT5C1LJt8Pco/H2PyPN1LvkukQG4a1/NEYFC+WdkfV2Xu5Y1Ojpo
//7rSAkn+N8h0pnItWszvRn7J5ID1xH5A4Sj59pvaZW4w0X7reTAMtL3LikIkRsP
FwULvLAzjSQksMpDUPkOCelZpQkqzSQksoofKt8lIVK8/c0dvQd26Q4XTekCFMWv
53hhdVMKQgIUH9KKeig2aUURin4sdrXEBvVeYe5HCteu0vfoqfLT3mkl/kWqN5f1
iCU336tThJKb7tVtFkta79XRY4EuUTlZ/p53Eu0FQGSSKnoNJep6zqD8okStha+X
utor2UZ07S8gB9ykdEdBGyd/qoZ44pIr9WhQbqfnWs616t21oZeg7XObJyjFAs0x
4rWqjbE2aa9Lvmmix6MI3dJe4m/eS3yZoX3ExTqmQEfo1zBqv83jant0leqSLdCk
laZPBExRLAelIWUsrRvyL7rOJ8J3t2GtKg2xBuL7JNAcJd78tkdvU2ldlD/hX7TW
aw29SuL4VuXCFB2JmgS1sDQowKa/LYR08WZHB3zfOeySfzU98FsTfe7O4cAWkfj0
AKDAzps7fHzfUdLXQfaZXCHCIfBleGyDEfrSwG+N/lfvvDwNYP6JsB6GLueyS64r
DvxWbJMGoNo4BI9ufNwEHV/M9HhcssKeXbM8HvpczuVItfgo8QqODkWgMNrc4V3K
Rsh35XpCbxFtuPzqBI8H6JkZOk40rPLLWksOlQaC0mCII/HJ7y8Gpuen6uuKcZ47
h2EeHQFi56paH6572XRgEtRC2dhSGefIN6BHuRY4ArXQCexphRbpBlgUlQaD0gBM
uXNlvLnlemgOShfVxovy23keDTdiuKvU43Go9PTRs22P7hvmT4QNfyLV6dXPRlYv
p1eRmKChWq0RApLIKRNTPbRRpELQEO+pDjQLxPfHdDyEYEmTs0cygBegpfRP67pA
XAMLrbpCbXvH0QKr7uhZKgnBrVNFVbTqHB0MRm0U5KkmjwZ/DoxCWIrpCG0UaDds
jYOeCnRzgUXEO0uZxMrqPLkhx1NJj1ApxndWbCGb1+vcscACMJU0H+X0pCrFQCHk
Z0weOggoKlulmBCjp6u3GcBSzQDMgEUZ160vrI4jrJV/IsCeDaYh+WO3PrOahu1S
DAWTLaiTQw101x5E6oyMugKHqlgTVP1hvKeST8fxMTBLJF6L2ijKHeM9ep7wg2D2
C+v5Pj94DP0Y0MdIhoceAUwP0johOCHQOSZwpj+BfTbiKlbGxydYKeuQyiO0t9tA
lmDfGG2e04qotcV7cNI82hs26Eigk4PZV8phPjWSdtrD2qLWdYq4pIL26w4Xibe1
51G38XBRew2tEalbOFz0jOfJ9rw7phwuuvXZKfVMX26TP9WxjUobAoDtK0YH/o0G
7AaWt08EMFIZFOoSTWKrW4i92W7FdtYcbzeaB3wFilW1WnWayKhPTRVRkIhPkbsv
qTk2Tl4xJP/+Eq7TNw6gjWpONqfm5HAoSqcveRLrAm1yYdOPVTYnWiFowpYfQAvq
mtYiP6J2YZGVv612eay3Og4pOfAFvlux4jdHFBG/eXK7u5aeo5eoZKJuC62z0pos
8yGf0dzj3Wh+33tPJAx05pt7vm2K9EZOBHpJ4PcW8yGonYy8HzhJAhGB9u0vJLUO
1TFw9MOjPUePH32vfLjevFkov1Cvt1+YNFx55pM1kS6OeEXaTd87qkS6BJCoODbY
szeNJHIhEgYA3ROOHuWzNdbb/JeyGrLoiWMfHjszcNL/WtYxxXzsLX9f1hOOjmNn
3orvgHmgaXwgtrqZf7WWBMu28a3fa+Wfpv1KZuRUIDZtS19Y3MararDsBySkqnUJ
aYeBbvnfVNqdaAkRJ4jq4aIniv2EsRVqR8+2/OQOXh1uX9IKbKkTaI2RukWIGThF
75Kb1Z0J5d79EQ8+C2zAno94UN+ElQCtZwR6QecVHrYCyBLUnI94t/yeiF4OzC7E
QR9BHNQHw5h1cf/oiUc6vFzk7Fn945GP+dd+FDnLH69LEhTZegePPAzpiUuxtS8a
SZXgkuXYuq4DelKes5pvsNPeo2fDMIIQ2gvx19nurfmcSjuPfajP5WjvsbPBrSXc
EgStf3dXPve0S/4yhq5AbCnJ49Rh9FQRMY8jnDfhyVCUQrmcS3ZbwW3tugbHvJYY
Mzs5ZrY2hkuNmQljpuKYNInVRDYGjZru1NJmAW3KfWM9tL8SesVaudKMziLMd6/X
FAx4TN9p+ZRw5Z0Nhj3PEFDIjLD4A2LE3U1CuEVefIYEegh9w9zjy2p5jXD1pvLf
NYhbofnKAUjFXtWTGAwOSf5X1QP1//lQ/X/041C3v7EDAvChHUfaXniMXL51ZYj/
atuzl0nbDx+HeO4OT/21DnVoxw+/IPSFC+Qys0v0kccIjikJ5nCkJGi9hpTSR/5I
StXSCGFx4P4xxNFzuCjE3XK4SGXT6JimWKLuglpx93ZSuqfNEiIVzP6ChkBQPqzb
AYlJ6XYxZC7ZfQ2BEOEguJlG8WV6/CXHodY3Fl/YG9LNoucPrgWqSp83WVqFBYVe
84IMr2FBppeXlM+h++B9rNNsaf/KK6p6uIilCw1Ci+LngnVRKhnNHdt7fbqd9IS5
1ydCsD6oTN7RSQdr96uqo+P8zzH3ubQ8EObP/3w5fS1yYn2weWC7NAi+br9AjskQ
YNKy7aRmR3dJuciTxozSmPUxS+UsKQoGwGo4eMD88kumDh+EnDHqvOz/XaF1ysFZ
5orSv/NZlTtd7Quh/XDR6j6brn3R/lxg8FlMUz5p+c1Z8rU7Qmbi+4A+8gkwrvWd
1g/ndqB95R/5E8o3TH7006MnzgxV2h9RCP/IZ+RJ3AJ9FtE9cgn+viBPKrND3BLH
IeR6CppBBQEk/EgEtiAIgDDmySDsbvDZYaLPIeVSNGQkjXzfnWqcvB0wpP0rECKz
VGm5yj/7GIEUQJlQGiyglh1d+/eRV2eZHeqFF3ZIF2nNUKl/4WMW4jO1L6MnYTXz
FKF0d5tlR4dDfb1xgD+E/y68IBZoCcGyS1Pi8BmYLlkwNfOA2AQthvVT6lzy2KG4
UU16OxH0NvR9i0u+hkCEqWmv29jubJVEZhRNMKeF+VKBdioi2sbfXYrbZSPYGgj/
mk1uKlkyIdKUc+fTfrBiZjQNHJoGZYPaaJSXDGhW2qiZDOVjswroFkb5WnebBLHz
69Afhf4xWj+GZ6XEoxxEb642RqHuVt0CC2wH1cYheSzxIIyJeCAA1sJJIOUiXSsG
FKHeWl7wKe/Vy0uIwss8JoXzC2TeO41u5gYEnVcMln3KK4XlZdCWSU/Jqwit5vZA
E1QcHXtkHsp7zvG3yceH1nSpY8pxbC6MpcKLOt8Y3hAU6CL+ctDH0VOAfy7BGtW/
qPPqunQGGuH7g2s5eppuESHxswYXnuPpZiHoE4JNYldYPAdOpIuWnePBnWXRJjG4
VgyuE4JbxOBmoStYcI4PrheC60VtOU4RwryVej2pLyuOqRVG0sCDMAUWwqK8UygA
Q0iRSY/NNzTk0fViea/vS/nrRCmSW4mSL+cTZQKY9XG0P9BtnD+voU/+e1U10C69
gBxhjkPOGVqzplhHvBmOHjDXRqitdjnev80lD19as6ZCVb3Z9EQQ1h8Ehq6uDBoC
XQLt6lrj6OjSwI7HwXLoid2f8sFqbiTgagCcZaAX+Hk0xg9CdAecAb4FusGRQ6J+
m+tWlzxeXQPGosM7pcAQpYO0MUYt0O8O9OmP9l14AcRGnh5bA4oDm99FOwOdxvKj
m2+kR3GLfWMg7zDwXUCIHQhRCuhlfjC4jrMfmTUB9uF8sIlbEhxP36Kn5XkxehJo
ArayCMAI8RnMOQ/4dy1IDB2znB4JdOoDZ2KBIWMDf8BIyt+st2zWwxDFKG9VYZ9X
qLRLyXTJ98QU8Tb5+8OOjjXrgI+EPCae5x8TL8LfAF+6vUC0BcsG+eDCIT6K9vZV
P5n7UcnLldtf33r8SVrWSiQJokbtlGXsDnE7obFfbJkLlvHsJv8XW1z0Nb6rEvaa
Ru2D9WvpJ+KUHMOtyy/sndvx0o4/bD2/9STtokeWyhPJZkN9pWwjmy+BjTaCfRYW
ZPjkuR3KR7AswxI0krqlj4KRu3R2/MvLr5nqHSNMXbDWZ/AvmOrjXl5uHujq+/Xn
Hv5NsBpAcMG/80v590HgztmV+o/pn4Kl/fxZa7CRBF7nyl42dXw45O13dAQlwsAp
rI/C+tSyAfi7yO/+d37P98jufn7Po0QtOc+D6Fpbya1y+bCWYE0tKDDsKNhOHAPR
C3un0EFRLdtB5MnDsO+GPVGeZfWzPnd0gIvwV0A+FFwU6OI0V3ExaFhftzvK79lG
mGGqMbYvRcOEXq2efxyN0aIv4zZLYAFYRkgEMzT7S2VMKmhbCfqixSVognGoJdGF
iYhLvnwxFTmBZdLLm4jy9fkPWyH2AgtWF6ggTbMiVZwRrDDkZXoyv8rkk8J6QpK1
m2iVMVhlUuYopbRK5PWVtH/WjS6t0dVaJUB8t9QIIlze7c0ETITziYGvcVnKP7E8
Kz23BaQLV/Ov5nKKLeLkQNGNbvku1QNJa6A7i4ZXALs+gSA3mUOjCRYg23vYRFeJ
fPYSOqSYqbDT0WnvhIxuEHBUEt819BYTwkxWMpbTk/5FJp+umnZ+BXD1K1n05OIR
LTS8PhnfI3K07/JpjE41flQHVJ0vC9A1m91yk7pzliROdBtb7ubWx8ICkO80Bp2m
WjD74Fxanbj0yAUITgNDqs8ExsLHkHBpCxcwvNcgZ37pCbpj4AwQWo+mZTLSnemW
x6k7dVJ0rDumwKwizhqd6I5R+E+K1qVlCriHBQaz6s3bR1qLQaai538eObrca0Z3
Y1aDzTGfGXZ9dkCKcbQ5RisA9PNWPaT+fTd/CPnDSf/8Ct8ZIOjCj7e+5TtZjdxI
srrAANjR5dUYj/ZFL7zQoNsLoW4ipq4R2hekpRAvnF/XKRAt47Afsve0Vx4uivMV
16y5TmOkm4Bf3P1dvph0mPvjCaht2IN5DfTpvA9NW/g9noZ/6tf5DOi15a+dDzTH
VN+0wMJtPOc1qZCsyfPP931GImG/dnCFORIMVyyAQPDOC7kgyfkg0t1PvBMBO6ax
YM1ANR/m+35FauU/RT2KDTrQpZZpHff1PUPcSMmzxMO0uOkOGFYrfxhBwqI/hYkK
Wt4mhTCB31tQrJLMQsLy5Vr5NxGQc8UEPZxXqJVjsQge2Hjz2GKyGRVWlk4j+llR
ADarTddBL7jsEMlCyaDHW86og+YjK7Wh2pKI7g7zETxYCj51B5+2K7Dp+3S0Roy8
xoF+7uMirwnEx+0jYBF+0T+1RjS91l4BW5LHMkuxWA1lEj/4E8ADFgA0CbdqqD+J
DDdGEspFsCUmZktO9ff9hEBkW1nBkfrMZPaImZmjo2870QQdF7P7CxahxK6ErPTp
cZ67aE0M9hxkKEZPRV9ekOe9Fgy3/qUzF5X8M/3ibewYVBpmfHEjqjWGaKs0/FL5
ZR+n7FQKGUDk5KQO160I8nw/KJWWXT+G5KyxX35KY0rfjWqa7s73Wn0QwBm5LWKL
qm5pFEH9+vZCFEGAT9aW2EwOwzIi4CFcYGEMkmhLSywXDFRYjPE6wg6SEpmmW+67
DLOCUcFDB9ULvnHAE7ibuxB2iqD53WANg0z9cT7vQrPaeHNYtHG/nswCyNxaeUYE
xEdkJn+zGriFExS+b5MK+wJjcGSTCCN1PgG6jEkLgSsx0mYRQqbptfIPOU+5JNSP
Ax7UuuXdHCa2dUI3IYoB6rdzHk/y5Cp+cuBvUkt9upoaeqrV8DTsD8Tvr3wysZQa
yqWYF0IV7swFZUypeq/R3xRLnTbHz/QIuY7cTNaSkxNPTjwGfwytO26q2VkaTC92
G6BsZGUjK5tY2cTKFla2QLmt8SWFVyGzrhP8iwq9X94mh3WgXhUu0swfdJFugUhg
OAW3/KYOlsVHoMGhJuiO7jeQV1ZMYnRHE3SfAbqt4LMs/iYd8Ylu2YAKrPreBNUB
fegK1MQggra4QwKI8v+KAULlX9qkl8u7fS+C4Zss0VP+RaBhAAZSbHSHFgMYRbAa
pRrQBKrTIMBAmNwQgLrkjQzCD6Ix1b/gZi/fd4fKkELJpSpADxSqVRii66tUAcKX
62/+Zw1JFihLm/TPLjyYlotiSVdGyGxSyni9CLj9Wt6kSTTvTN4B+D6Tx04XLDB7
Stc2xxLZirs2ykw+fW8uhhDnf97mU0FYWDFy1H5payTSDUaE27scA0qw2E8kxWo7
pNhRMDcnAJ5G4sMjR0E/0fy3OtXWdaq9KwmOEepIwGbhQpoDYPigzdERZQCPR44s
W58+VXw0xp9vnf+5/STAbn0LMLx14aUUFjfmuvS4Yr5mw4KJm/XC4m1O9eWp4Jef
0Ppbzm0jzMuBLSlfmDRT8871nU6YqQa0TEcJGktmgIygwZymwbXyN8+h3TidtE1W
3Pda+UVI/0Sw+tijHdcFG4cAH/qRr6lgueqGVGmo1bBNGl5g8gndQqYExmmbILU9
+pBKj9uPtAz5SdMMe78b5liDyOgREAgbc+To8SsAGZ6XX9/264dUvJfy/RSH2vvx
MLuxyI0VGFqYHGqFod7XYRTfae9WwFQbkzY/aVt1iTO8Ke2V6Wd4Y1wpy5i1Gk38
BAUM48GYu/agQDC6ytKiK71bFgY8KyC2Amk/BwE9y4teAiuy5xkhcQD8j1h9Tojz
UN6O1V3oR0McYP43i8eD5dlQnpajlV04Y7zcCGUzlNUywIgD3jBjBfDhiJvGY2WX
wMDsiQqOL4AKgqhlnCAvmJGogPBfl6y4BHnqDJzmACl0rWR1ZwkwkAUKD3yKMdvY
ZOdsQZ6BnV2Bhc+A/c7Gu0MkihbA3xR1At7NBBY+l+p6DrqeS+valeraBV27kl1d
CV7sM6d4MWF8ihfm8SleqNkeTxe75cLaD8bHr7wQbGuiguO/k6gg4geByYnLgn0E
HNE9uRCYdKfFzhgGN+WAsIWdeWCZm/KIDwOHWx1qoAkssJE6LXanSbtH9OaBRLrc
NF+tBbxaUKpZfToI2az8swsYfoWdOarKsNGwGVwFouNo98jQ2zzgs4amA7dX9Xnw
7MO70S1vKfSEheeF+PhcQhiSsLMAH/mEhATOJU/vw8BK9c7HvYJEAtrAf02bitoJ
Na0NV/qLqezsNtUEYBsYWHeag0wR8pasEfJNtzwwBQgJCcy/5gAROhInZwQl/yCP
RsnOoqsomTEKJe8VXUWJ5qqvDwtHYEdyIVBwy56YR7Gk8xyEwS0fLfR48EYEtXDc
R570TAjsW+DhPAJhe1VuMU8q0Llh4PIOCTwMcYsYeBgCitngf1UIJf6NQFK4TVK1
CEp1qb4c2YaRZQW7YX2WKL8NPMxkoMpir2IyABwa8I4FSBMC/+kyy818z0LGZq8S
K4ykWQ8eMxFIU5+oddDj/JGVtJuXYmCpJhYhN1hFe4IVPVSImQ5Q5Z0FhgimK6+y
1o9p7WwHXtHJbOWKha6zqFWW1s5thnaiVtlgjvUjMxhkoVGTYExHwZifI+xKx65x
SyONg7ZCiNYyiS4SriRePpMIkXAW8doyCadkMtDfMrFWfsNSAz1EvgpAVUbCRgYO
ztSER4Dy319gRhcN7hPBVZqkBJtyI5DPjbh/cK2U7R/DCoOrCoLO/EBTgerLCDTl
4x54VNoEkbx3POR/dudIFuJwZGOY8Yo93XLvFO1KItkEwtQ6JS5MV7EDcn7GEa8p
0CRqKcFamC3H3NMMLsY4YruUDG26Iw4Vz9LDfCfiPlTA5DmdhNpRSDBcRYJRI0FC
1wJog+7olQaFaU+eS4VkDIzH05dQmMLeWw6oKopsL4aDOl8FdWaXO22NervTFh/U
4Z0Zz2Mjzlw/8eXRVTbIx3uXYD5uDGyK6gJ1MTJ/VbZPwYiS2TMrQ8bMFYpAUBqC
HYzhISlMveOjtM0BNZEYsypH2ZKgNAj7hasedGlPt7ysIM6ORBOwY3AyCjRutJVt
tFFblCLSVQXUmZ+yhcz8XmVnc660s9/AwfdcwQoAZMnjFc2REztXunBZ/3o2uSzV
a2P/ZbnldUiaVnfL26EiMjpFpNP7NATw8f0T476BWRMnsyZc3JrM0F1NiYmutbWC
ZvaZdMhDiGT/hSAbQcZ/TEbd+bGJnX8uwnbet3dUhkepU8QLDtZnl6IuKg3x8IUj
v3oeWT8YUFGV7la1Hj6cBGkccsv356Nkag3xL7f8g3yWQHtXxqlG8ZcYL7v1UwnD
/fkXSdxmyFrwIsblUia2OqcycACclgDXnm6Zw6nQ9DD4q46bmIEHb/MV8Dbrzmje
BrOFsTB+JgkK7Msll0z2hJ3cxwLNDxtkbMQcpHvQo5XUG+Q1kyHcSQT2bnkjSboS
+kFZoJo70UfISKcyHxB+yhCeY+FYHOn3LqEjAQNpRYXXZv99fsq5/PoPnnSsL6lx
iQWjEukEW6gPvAkWk3YWj2GywQfezAJZitu+AqBvJVjJ+Fyrh5A3HfFTCW0hRpir
7mr+uAC84o8af1YBfyYCilKNP/DlnMm+XXJsEnKBSqZM2DfgBG6fW34cM5z4TuJ6
XtR5kJ3/DmHF7H7GgvNCOrN6+kzkz7FNgoEXceAAGzgopNh0hIs74x/GRvIQKaOT
Ujys/8CTPtmzamKyJ9XR5KLqQ23dt8fXnZSLoHNqfGpxkke7vo6v+LYcfOuLcTkl
wTKHqTDQPwT0T48y+mPCSClJLPzUqAsnEBFO5/Q4UNBra0O87+niC/9qztXC80Re
auHffn+E8CQWfiq+cIoHZyIIQVteKiIdwQ5EWHZaY0dxXE1EjR2YuakTcV9FRqAR
aMUz1LTlDfVdqxsN40enNIylV2P8GcNoYhgteuDvbXL/RJSeq1D3kNFQB+OoZ1+N
euVEj7ZZE1UmjlY2SZZ+JNrOdLTatPn4Kh9TmjVYBsM6F8xWMV3P0epsmg/f5dW2
xjGsxB72amaRy8MPZ4D/2CzIBzI8QI+V5keqjUSHO/PPxKPhTYbvV4ehs4FIGyMy
W5++y7iYl3NTu/zkSU/6CvaPFGqvA9DkMDS5eiY1T6sjpQbxrU3Dt3Qkvn1JfMq1
2hqrbfFVZ9dn4QI5bJyi1ooexch61Gqb6hT+IrBFg1jPzD8dbH1krO7pYh0xd/ie
Yiaf5Ws3yMdzPakA25hYGVvKyhh7cxEPg4PNsbAUxe2CKSFGCFfbCMYYypxWKbpN
X/03kF4z5P3q30Y8usi6aOtWbQGRE5M6KkEIxUBzVPX52XN8eXMM9prXXCouC/PP
bj0ZEbAJidW1MRdZDRYOhUZ8lOBBbDSoHx2aneix1TMe/hQcQRFyEKmvFjM1NhaA
sVAe0FrAN5zDM926qKMnZCJy6/sQN63cucbDvzGuN9A3J/A+CdbFgjVRtsjAFhuB
6DjOnnSmmBlT5GdtV23mABDC+f5Ru+X4j2kOqHOa9AF1XnM6zXpG8zfHX0EzQ/cL
Xj5z8j9F8LmxVxGcpOKvolnjs434piLN49Jp/nW2x9PXQpJEK8gKARz15/OUMVg2
YrlW4QOfz4mvR5Bt6ev5W1YydeyorLf5gn9mGUxv8i7H9cavS63pb9RXyLmuTTt8
CAzZvQKm4n8d3d/MugofSroFssGslW75UVBs7ToNUmTWUYjx7HNaOQvUITA0x2sA
yItR5Z2/bsrImFGW8BBsxtBq34K/DkX71Sj6XCqQ0pQZGJq3xQj05A73LVVTTAWO
jNF2Iv6iI+QfrErrxGAtFzSMrtGap2q4FN+mZ5LmTVnw11jWpC1rlUxP45n7Ys0I
qjXG5rK/2bRh9hP8M1Zs/rgrrViaTx4bWga+5cvjzCfDMraQeEhVornlknhIVQJQ
vxzrYWfkpmRQFbOMFlQVx4OqPIyN8plfK9BHJAtkN0XxY058b2dWnwffDNGG07WC
Wmtl2FKerfcvBF+FOMFUNsH0tOBrZSL4etsy0o3iIsaPTbnR6FFP+mR/NvjKGvtn
gi9EuP9dLZ4pjMczgsY4jOa/m4VRTAkjcOaIKCba9zMyGrL74shmXY3sRoZsNkN2
jRZ3PZSFdKVjrR0Va867I0OuNKynx8RDrmlayFXK8M+5gthbrmD+dQA5l0HeAGxs
JiO4jGj/ZUyKyz864knH1T5K8FPGcN2kBT9PXhH8IL71afikkfj2JfOtNBWxsfMA
czyDmpeVtn8AifdLjo4DJuJaqV36yM/1CHO2CSPbvtMTdBvxQlEy+o5cObxVEqcb
4mOMqTFS2pj300+Q8ZAA7+30oa/oQTNv1kNyjHjw1ngMoXUx/kSrgWHLSmEbPJrC
9i5gSxqhXM1PqAl7rA9lEWVswgjrQ0bUftCdE4HLJt84vDzckom3nyJp0KeOzNjv
d8D0Qd4vppk+rAbdUQjMcPT1amPU1SZF8B1ido5HpSEzmKuH2Wj9wTv0Sj2bmAje
jQfX6pW7A5ezfIu1ptRLyRDuudjLdkMMl4xvFMf9iZ945wSaB5HuOuTNBj0dxLw4
Cbw1PnEcmD94t74WzPjzOnZEmmabbVewZdGVNMRcGmfxJly+eyQNG7QFhb6ONGxE
GlYkGFqYNmpoeAQx9oP36ZWStP5/jPezXfNaEqzhD25iRH9GRhKtXbZNDmwB2TDU
yg8QD7PboKwrQMSeBkSTmSuwsO/yamt9DjvwpZNTwo7nvmM1uM0WtRoPf4V2klKA
G+WyTFCAyUjJnTjLHJiFsDdxupK6o4WwNpY8GTAjejHqSVxWXwVmQVSFqIzfjXq0
JVZ6s9jFyrdgGF69bIx60hOC9EW2qolFgsPp1LG77Qz0CBPOepKiKbI2UeYTbVFY
YSptsEsxu4QyypZlIr7blRoAqM3+T3ArM84tI4LoIcd4+GeIHRdczIRjCjsMNWKY
cSwDT+OkmDfB4mNmjcUIvRZIgjX9F5LkM49GUpSRFEUnBSRVaiRFkyRVXkES919K
0hnTCJLiovXucPpvsNyJq6MCsOHff1vzQhPd8it6T1h4UJ+8dHfLv9SO5668cssH
jaTOfBCXLDxODDTlEK8JD25XYapkwJeK5r/NLpi0e+B8dvGkHcxrR+7XGQAxhD/p
FyFp3uemsPAozJAXvwYaz+6UjKpXVFflKiJ8y+8d0oKJFjHlgroOea44DNDuBZvx
Lb5aecWHnqBkVMZg/eGMsGRUtwRuyRPiZBmRrKdFdpcDCjFd9WJM5ZZLDPETcmO5
ZGowsBLeTJtcCg8wtTAqjKPCzhyiXbUlU+4sjYzkMgrZmbKBnY1newJNoB+ZKluW
Wz4ossNsE545XybUaSl3Whv4vi6SHO7FZJ2dJ8e082RQPuaF3/6dxmrQWqK9OV0r
Lz2JVDstoJBB6WKgyUbS7O35QPN54p1EnVmse4g6bawwSJ3ZrDAQ50k0fuHXomfH
7kYoThDZTxAvBqV+ndPCEE1E0AFX6hZhCPbll2wIvtT9hie+mmLqFuE7fjeWuCGA
oHmtRXXG78ZApFR1hKDiJVBz/BjJFBgSmvngqvyUSCaONUzs2BoifVUNqJyvLOLM
w3edcK+bsrcwJ9toScEoxRoPd/KSOA68OcuYFHwhwJJ+6wPhMbtO3EXwBci5jI/j
kV1XjpzAbglAZC3K2RHXRmCgmib58ECD1I+Lz1nujm0Z16QHo9CQTtICfJsTb5qy
QJvmr8pqAHRZCkc70ec3ZbPG7EZozNYaBzEiGXLLywR8P0uy4Cl2XzBBqYVRahmN
Uhuj1PZ/TmlxglIrI8qKRFlBKZxGvJsCf/oFj1IyMo+mkhD/fSfbVu0SJiN+h6Es
Y9dWi9gV1nwmMKbG6xmpRiAVag021Wthly6gLbcDfqPSxXosDRnQ41K9WcrH7Hdq
V+UDTlCSnx7SzNySeLA9VQu2MTGpFzDEfoYFu8/pk5cT8Rj37SFmAuPXF88II2P7
U6NeV+xiuJ7Xp11XFFweGT7jxIVCynYZXvekY01eV4QIeO1zb+BPQns0YzouuEqk
nXoiBJ1gdDgd2tC6kXY9B5CH3tAWXBYW9urxSJywQ1n21l7YacKHBR9WfNjwkY2P
LHwY8cw4hZOpquhJvshriG9a+m0bRBJV2eVVeK1WZYuHBihKzbNcqs+GIcO+d5jl
iOokvBLTAZQVUvlWKbbNoEqiCpGEFC2XjA/baZWtvCq7fiy7PU+b1kTX2dSqxJUX
Nh+8+pwG6bDaqyzxQLq5gP3exWeRr9emj7Hpo7oqC76Vh++i4ZwOoASIaDVgaPeX
b/Bx7s7Rr8i8+WHhgD7QxLGXJUX5uq7kFk/vSrgnUIW039wlipq1w/NZ2on+CPTI
mO5/E5Mw5DamL5b5TaI2T7jTE2SX8VkscDPNbzbW60G/wVSEQVDMqdddgk4t58kA
4FQblx521rF8o8Zk7vEaze97BdrFLI4zK7jKBm0W8yGvsfzNeoG+prVn16UvAN/I
gkZL0GkaDdia5IF2r5wcCmqnnUFg6IEihwcPI0MPxN4MBsFqBwsRbsqtXQmqL7t7
8CXcZtxM8Ek0rJghpkcEJmgf6UyuvPr15V59g+3TrvmSpmQUa5UBDUGnbSQMvmlM
wDK2nPETMywU/K+xmKhm8NROmMCUKJuu0FY0BabXNW3NCAtH9OxdnatPNlC0Ptaz
S0rY8gL5nY6kaB3q8KTtX9hZiNEWe79WRG3WxdUcnBk222AnQd0LNYvA3hTiRryY
DwymqyyaX9B8xLSc4/pp4gm9+Yh37O4TegrVSE/kSNEqSxHAxkF6AOQdDeQdAOkZ
BaQXQD7QQD4AkN6rQDJWWTKc1giS6jW03AK0K/qWu43qFa/9J0StE1ie4WTf0Qzg
MnwPZyQ5zFjXhIer+lp50+cetlRB+wk+4uZabjERTjHhBMMtd5vU4VT6FWd7tMDw
8oIN9eKC72zmrinEH9n0r3gK3zZmr/m726tbgYpG/IEJSg1JdATOlQIGtwUCE9po
pb34o3xTG8S+MnnNo5hpL5ia4ilox/B/RVC5TZC6hZslf8Va72x/xXXe4m5hrYQ/
gZN3quw3GDxR1rjltneZH/CK/HkEcNfKq1Ta729S13pN8LzOK7BmTNrKoYMt1MDe
9rlGbZN6XBFJ4DAQnIFx1jy8eLbKWR0JJem0xF1ZjfHgftEx4OgxH/IZ8LcjEOOF
7hJdoW/AXz38/Up03SrLPXgueARYricV+NKQo6NP1EUkEabIZlfsQuDrYizSyWml
YejSsfRRkKsw6ahFPAwf4gX8SGhnDP/nBxDI7CeBId5breGrHAkr6xnsjxKwbQx2
0kigzzSgb8WAgfeD9uj9C/B1GlW509Hjb9Ld7MtuFWjvtq2/EqUlqRLt7YZv4uhR
bLBrB+vFcp+xe2u9SCQlawk9JbUaELJeBEE4XeNfCB0Ql9+gdov14tpusUEkfTNU
7dc07HX0+I8tz+td8vOxpGzgwZMR29nlvyhvjWm/ldTju9oZbN/9xzye+EvSIz9L
Hqi/b8OmuwuX2u2F1xYufeDBb9dvvPcb3sLr58+/vjDRuXyT975SUuO7777CBx/Y
uMl7T33hhoaGjfduuv+eTd5Mk3Nj48a77ym8p77+gfpM0+K7Nj1Qf/8GAK1/4N76
DfcXAvj9Gzdt8G58YFOm6a/7xXOGIcOQXndVu6pux+fcMny6Fq9aRtaSpStqpOXV
patWryJLq1auWu+sckF7BbGnahUIXlq1umpE4xxiv6WqevEt6796y+3O6qqKFZLE
pilMfIrwU3jVR1c58sMlP/GGbPYRRvlo/bnsYxzlg72F5H/686AB/wH/uVRbLpRN
XOr/NjYT6rDiZP0mKC7l+GR9GdSXcEKyvjoN1/8bn2yiu5ODf8IubtdfAK1Utd/e
j+M4QS+CHGSP149Tc/RjOTX9o9erV3zGqNM4eMBnnKpynH4MpxW1zzTtMY4hz/pv
Xu5/48dWtGGabfHeYteSf1jsLvpoWu1Sc/F9laO3+nWjt987Y92Me2f8csZzM38w
s3XmczN1syIzn5rVNisw66lZQ7P6Z+203zV7p/03sz+0Z9t32o/bP7SXXJPtMDmI
I9ux2XG/4/EbeuFvzg1/uGHrDY/fcAy+p9045/q5jhtuLJt30/wNd/3d3fd8PVVf
vGSps0q6ltjJnNVkzkNkTvLbTtaU319hW+xchPTNXrCjonbpzYsu3zx6a06lpTKn
8q7KnCVrltgWn1+KvVVLli+tXXpg6X1/pvVbzgeBZ1ZkXG5q27/lLF264muEGUFm
OEF9z2TAM8tow+fEcfh8bzI8CzOnYPmVAiwvhPL/BlBLAwQUAAAACACdfvQcWGAZ
R9FqAAAQ4AAAEAAAAG9zMi9wZ3Bub2tsZy5leGXtvXt8VNW1OL7PmTOPJJPMAAME
CDJo0GAAA4KCAQ2PyUQEGR7JUCE8JAkhAonJDKASAYdUhuP0clsftFULhduitS31
oqaKGBET2lqNXqpUsaaa1pNObKeaS6Y6cL5rrX3OPJKg3vvt7/f5/tEDk3X2+7X2
euy99j4Lb/MwkTEmMRtTVcaaGX+K2Ej2lY/A2PN2ljXmWNpvxzYLC347dt++ZdUb
Gpx19bXr69ducm7yN/ict1c66/2bnf7NFZX1zkVLr5kyKTM993r2/8izYDmHIjYG
ewL+ZzFqGpsOPwP8Ii/BHztjaQi0brmgpT+lxbEKqfluB/fTSX4vw/sF+J0exfN+
c5QW4NRgBxWh1eV/9jz+I0Y1Njp53hmaf0sOz80A/tbkfFsY1Rr99bbGH6iERYN2
DWZr0KnBPA0WaHC6Bos0WKJBD0LIbJnmXqm5+WNglrr1dZtr79i4nrHBq1fPq7zd
v359ZX1Jbe0d89b61gro6a70ubatq6zzzVuwYMPmqlpogiDAWGXbBEFgwl9voax+
Bt7/kBhrMDH2OvyuhUIug15QodWf2xi7ZxBjNw1m7CD8hgxj7Dcj+M8M3QJ5mNl8
JnrABVNhJoDVTLwWwHomXg+gjomxkWb2GBNPges7TNwP4G0m/hrAx0x8HaMI4tsA
nhLE7sFmtksQz4Jrnyh+BOA/RPGvACYaxAiABwyiUTCzLQbxAriWG4Sib5nZDw3i
EPCcJ4l5AJ6WhLoxZvYzSfSJZrbKKK4EUGUU1wC40yjWDYcSOHjYKG4E8CMO3jMK
JUYzs5kozMSB0yQUgGcOd83grmncdQ135Zso+TyTeAqauZCDcg6qODhpEn0Q5XlI
B5V4hoP/4qDDRPWMmsTtAP5uErcBMJvFB7PNTDWJD0Lyqyxip8nM/j1N3D3KzMR0
UQFXLE3sBjCEu67lII+DpekUFuRgF/fsSqfM/pQuXgNd90E6lfBeupgPrt/xsF+l
i0cAPMvBLzj4Sbr4FIDD6eIBABUZ5LqTgx9kUJQHOXiAg3FWcT9kPdJKJVxnpayL
OPDwsBXcFeJgN/e8m7vqebpq7krLpIJu46CCgxAHQhaBQRw8mEWlBznYxcERHvYG
AosQk4QiwSL8xSJMBGBOEyYAcKWhaxdQoL+Y2RhBXA79P0IQj5mh47nrekGMQAde
w12zBbEsw8zWCOJRcK0QxApwebjrHg62COJ68LyDu+4SqQ73c/CegUCYgxcl8TUA
Q4wE/i7RNPqAe74ticcAtEtiM4DfSOJR7EejuA3LA6wBcNAkngHPR00U8xGT2A7g
2yaKGeLgMw4+MVEuw80UM4MDwUyeX/Cwy8zi9yDP2WbxFICNZkq3jscs465DZlGB
MNEidgN4xCJarGb2nxYxAq5Xuet17nosnTD/oXSxE+uSLnYACKSL53AU08Vl0C/L
0qm1T6dTa59MF08DGJ9BURZmUFPcGdS+2RniWcQMHhbMEI8DsGSKD0IuvVZxJ4AF
=3Los
-----END PGP MESSAGE, PART 01/03-----






From wcs at anchor.ho.att.com  Sun Jul 24 03:15:01 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 24 Jul 94 03:15:01 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <9407241013.AA10389@anchor.ho.att.com>



			Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From wcs at anchor.ho.att.com  Sun Jul 24 03:25:33 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 24 Jul 94 03:25:33 PDT
Subject: Clipper Chip retreat
Message-ID: <9407241024.AA10461@anchor.ho.att.com>


Rick writes:
>     From: "david d `zoo' zuhn" <zoo at monad.armadillo.com>
>        The administration is willing to consider alternatives to
>        Clipper that are based upon nonclassified algrithms, and where
>        the escrow agents are not government agencies.
>     Hmm.  If the escrow agent isn't a government entity, then what sort of
>     coercion will they have over that agent in order to get the keys in a
>     timely fashion?
> 
> My guess is that this means that a ``quasi-government corporation''
> would be acceptable to the administration.  In other words, they're
> willing to play word games in an attempt to placate people as long as
> they get what they were after in the first place.

You don't need the Post Office or Federal Reserve to do it;
banks are perfectly good at keeping information mostly private
and giving it to the government when they want it - they do that
with your financial records now, assuming you use US banks.
They may also be in the business of providing genuine key escrow
for people who want it, e.g. backup copies of corporate data and keys,
as well as government keymaster subcontracting.

Phone companies could also do the job, but if the Information Superhighway
has Information Police running speed traps like Louis Freeh wants,
or Friendly Platform-Opening Regulacrats like some other folks want,
they'll be cooperative enough about keeping their own copies of the keys
in case they're subpoenaed.

			Bill





From wcs at anchor.ho.att.com  Sun Jul 24 03:30:56 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 24 Jul 94 03:30:56 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <9407241029.AA10506@anchor.ho.att.com>


Keywords: ranting, crime in cypherspace
X-Oops: let's try including the contents file this time:-)

Mike_Spreitzer.PARC at xerox.com writes

> (1) I'm not an anarchist.  Does that make me out of place here?  
No problem, as long as you can handle surprising rhetoric on occasion :-)
> I'm willing to live with some amount of government, 
I don't see that there's much choice, and after we get rid of the first 90%
of the government I'll be happy to debate theory for the other 10% :-)

> My biggest problem with Capstone is that it
> changes the balance of power too much.
It's more than a change - it's a declaration that the government
already had the *right* to control all your communications,
and is just now getting around to implementing it.
But aside from the arrogance, I'll agree that it's too much power for them.

By the way, you used the term "social contract" in your letter.
Somehow, the government has gotten the idea that the "social contract"
is between them and us, rather than between us and us.  It's not,
or at least none of the copies *I* signed included them...


> (2) I think crimes can be committed in cyberspace.  Substantially, if not
> entirely, in cyberspace.  Maybe not so many now.  

I have to agree, and I distinguish between "real crimes" vs. "laws".
a) Untraceable payments for physical violent crimes (e.g. kidnap ransom)
b) Better communications for conspiring to do violence (murder contracts...)
c) Bank Robbery (any respectable digibank can protect itself technically,
   but we're already seeing Teller Machine card forging in Britain,
   and other banks will probably have weaknesses as we learn digibanking.)
d) Forgery - digital signatures are great, if they're long enough,
   but protecting your keys is more critical than it used to be.
e) Fraud - you'll probably have to do a better job checking reputations
   for a digital stockbroker living behind anonymous remailers paid with
   digicash than you currently do for physically traceable brokers like
   Ivan Boesky.  
f) Extortion - it's hard to break somebody's legs in cyberspace,
   but you can send the threat that way, and tell where to send the money;
   you can also threaten to publish their private key which you stole.

Of course, the big "crimes" that the government usually wants to
use wiretapping for are things like drugs and money laundering,
both of which are none of their business.

> I accept the terms of the 4th amendment: search and seizure allowed
> when due process followed.  

The 4th amendment's terms aren't for you - they're for the government
to obey.  While I suspect the authors of the amendment assumed the
government would seize criminals and search for them, they don't
claim that power as their right, they only place limits on it.

> "Key escrow" is an attempt to implement the cyberspatial analog of search.
No, it's not.  Wiretapping, electromagnetic eavesdropping,
and demands for records you were already keeping are search.
Ordering you not to have private conversations without recording them
for the government and not to have locks without giving them the keys
first are the analogs of so-called "key escrow".

> to be worth it.  Note that's a comparison of their money and success rate
> against our privacy; no wonder they got it so wrong.
Well said...


> 
> (4) If you accept points (1) and (2) above, you're left wanting a way to
> implement searches in cyberspace when due process is followed.  
> I hope anarchists won't be the only people opposing changing the 
> balance of power greatly in the government's favor 

As a moderate not-quite-pacifist anarchist, I still understand
people's desire to protect themselves and their property,
though I'm not sure that I agree that revenge after the fact
has a real moral justification, but if it does, then you'd
probably want to hire some police to get your stolen stuff back 
or avenge injuries done to you, or at least detectives to find out
who injured you so you can publish bad reputations about them.
The government aren't always *my* police force of choice,
but I certainly have no intention of imposing my spy service on all
your conversations.

> (by poorly designed key escrow).  What are the rest of us left to answer with?
> Perhaps a much better key escrow design.

"Escrow" is an arrangement between two parties to hire a trusted
third party to keep something for them, typically down payments in contracts.
If you want to escrow keys in conversations between the two of us,
feel free.  If the people who work for the government think
that *they* are one of the parties to my conversations with other people,
when I wasn't talking to them, they're rude and arrogant :-)
If they think they *own* my conversations and can limit them,
it's time to see how the Bill of Rights limitations on "takings"
apply in cyberspace....

> One that integrates the search with the due process in a cryptographically
> strong way; one that can't be subverted by a few people in a few organizations.
> For example, who says an escrowed key must have only two parts?  

The Clipper chip only has one master key per chip; the fact that they
store it in multiple pieces is a political charade designed to
increase its chance of acceptance by focussing on the details.
It certainly wouldn't have been hard to design a chip that really
*did* have two separate master keys input by separate agencies.
Or more.


> And again, remember where we're weighing money against freedom.  
> It may be that we just have to spend more to stay a reasonably free society.  
> Also, it's worth debating just how strong the protections have to be.

Money is part of the issue; the more important part is weighing
restrictions on people's freedom against the benefits of order.
The government has essentially announced that *they* get to do the
weighing and deciding.  And the technical issues are all classified,
thank you :-)  But you can trust the NSA; they're competent professionals.

There really *are* benefits to order, and there are real crimes
that may be less likely to happen if order is imposed on us.

Freedom has risks.  I think they're worth it.  And unlike the folks
who've decided they're in charge of order, I think it's wrong
to make that decision for others, at the cost of their freedom,
which mandatory escrow does.

			Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From ifarqhar at macadam.mpce.mq.edu.au  Sun Jul 24 03:57:34 1994
From: ifarqhar at macadam.mpce.mq.edu.au (Ian Farquhar)
Date: Sun, 24 Jul 94 03:57:34 PDT
Subject: GSM and A5
Message-ID: <9407241056.AA13796@macadam.mpce.mq.edu.au>


I last week had a chat with someone at Austel, mainly to try and
chase down the full protocol specifications for AMPS, GSM and pagers.
During the conversation, the subject of A5 was raised.  Here is a
quick summary of what was said:

1. A5 and A5X are no longer the current names of the algorithms.  Here
   are the new names:

	A5 is now A5/1 (purportedly "military grade" crypto)
	A5X is now A5/2 ("we export to anyone" crypto)

   A5/2 is unsupported by any existing equipment, and there is a LOT
   of discontent within the international Telco community from the
   countries who are being told they will be given A5/2.  Personally,
   I rather sympathise with them.

   Note that A5/[12] is only ever used between the GSM phone and the
   local cell station anyway, and once it gets to the carrier's network
   it's in the clear anyway.  This is public information.

2. The argument reported by the CPSR (and others) between the Australian
   (ASIO, AFP etc) who wanted A5/2 and the telcos who wanted A5/1 did
   not, according to the person I spoke to, bear much relation to reality.
   All three Telcos are using A5/1 (although Vodophone, when I rang them
   to ask which they were using called this information "classified".
   I will not comment. :)  Unfortunately, everyone is keeping VERY
   quiet about what did happen.  Time to speak to my local member of
   parliament, I think.

3. (HERE'S THE BIG ONE).  The description of the A5 algorithm which was
   released to the network was a VERY early design, and I am told bears
   little relationship to A5/1 as implemented now in GSM.

Just thought people might be interested...

							Ian.




From m5 at vail.tivoli.com  Sun Jul 24 06:43:23 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sun, 24 Jul 94 06:43:23 PDT
Subject: GUT and P=NP
In-Reply-To: <199407240028.RAA12119@netcom7.netcom.com>
Message-ID: <9407241343.AA03758@vail.tivoli.com>


> How about any process where the state and the change
> between one state and another state can be described
> tolerably simply in some language that is not explicitly
> algorithmic, but which is enormously difficult, complex,
> and expensive to describe in explicitly algorithmic
> language, for example water pouring through a channel?

So are you suggesting that the definition of "algorithm" has
an "as long as it's not too hard" clause?










From tc at phantom.com  Sun Jul 24 07:43:33 1994
From: tc at phantom.com (Dave Banisar)
Date: Sun, 24 Jul 94 07:43:33 PDT
Subject: Stalling the crypto legislation for 2-3 more years
In-Reply-To: <199407222015.NAA09556@netcom4.netcom.com>
Message-ID: <Pine.3.89.9407241042.A25001-0100000@mindvox>


> 
> I'd hate to see EFF, CPSR, and EPIC all "brought into the tent" on
> this one, having seen how Kapor and others got so enthralled by the
> Digital Superduperhighway that a bad idea got pushed along more than a
> little bit by them.
> 

I cant speak for the other organizations mentioned but I can guarantee
that EPIC is not in the least bit interested in supporting key escrow
systems. For a privacy advocate to determine to best way to do key escrow
is like a death penalty opponent choosing between gas or electricity.

I'd keep my eyes out for of the other players tho....






From werner at mc.ab.com  Sun Jul 24 07:49:08 1994
From: werner at mc.ab.com (tim werner)
Date: Sun, 24 Jul 94 07:49:08 PDT
Subject: No Subject
Message-ID: <199407241448.KAA16868@sparcserver.mc.ab.com>


>From: tcmay at netcom.com (Timothy C. May)
>Date: Sat, 23 Jul 1994 11:40:19 -0700 (PDT)

>But I do like the explicit emphasis of the connection between
>encyption and free speech; this is the line I use with people. To wit,
>"Nobody can tell me what language I have to write or speak in."

This is a neat way of expressing a good idea, but I wouldn't count on it.
A language can probably be construed as something that can be understood by
anyone who learns it.  Even though I speak PGP, I still can't understand
what you say without a key.  There's probably no legal precedent for that
yet, but look what they've done with the rest of the Constitution so far.

Depending on technicalities to get the authoritarians to leave us alone
will not work.  We elect these people to serve us, but they think they are
our keepers.  If we actually had freedom of religion in the U.S. there
would be no laws against the use of sacramental drugs, for instance.

Sorry I don't have a better argument than yours for the legitimacy of
government-proof encryption, but I think we need one.

tw





From solman at MIT.EDU  Sun Jul 24 08:40:41 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Sun, 24 Jul 94 08:40:41 PDT
Subject: Pantent archive?
Message-ID: <9407241540.AA27280@ua.MIT.EDU>


Is there an archive of important cryptographic patents any where on the net?

JWS





From rah at shipwright.com  Sun Jul 24 08:53:17 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 24 Jul 94 08:53:17 PDT
Subject: 
Message-ID: <199407241550.LAA10919@zork.tiac.net>


At 10:48 AM 7/24/94 -0400, tim werner wrote:
>>From: tcmay at netcom.com (Timothy C. May)
>>Date: Sat, 23 Jul 1994 11:40:19 -0700 (PDT)
>
>>But I do like the explicit emphasis of the connection between
>>encyption and free speech; this is the line I use with people. To wit,
>>"Nobody can tell me what language I have to write or speak in."
>
>This is a neat way of expressing a good idea, but I wouldn't count on it.
>A language can probably be construed as something that can be understood by
>anyone who learns it.  Even though I speak PGP, I still can't understand
>what you say without a key.

SophistMode(on)

Hate to pick nits here, but isn't the acquisition and use of a public key
"teaching" your machine to read Tim's "language"?

Holmes and Blackstone are probably spinning in their graves (in
counterrotation, to boot).

Bob



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From hfinney at shell.portal.com  Sun Jul 24 09:47:33 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 24 Jul 94 09:47:33 PDT
Subject: Voice/Fax Checks
Message-ID: <199407241648.JAA26711@jobe.shell.portal.com>






From hfinney at shell.portal.com  Sun Jul 24 09:54:46 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 24 Jul 94 09:54:46 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 000
In-Reply-To: <199407240908.AA19968@xtropia>
Message-ID: <199407241656.JAA07061@jobe.shell.portal.com>


One thing I haven't understood with this "LEGAL_KLUDGE" business, where
the command line is kind of cumbersome.  Can't you get the same effect
by setting the parameters in the config.txt file?  If so you just add
two lines and forget it.  I haven't looked at PGP 2.6 so I don't know
why this wouldn't work.  It would certainly seem to simplify things.

Hal





From adam at bwh.harvard.edu  Sun Jul 24 09:57:23 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Sun, 24 Jul 94 09:57:23 PDT
Subject: Raytheon as Big Brother, Inc.
Message-ID: <199407222025.QAA01037@walker>


	(Excerpted & paraphrased from todays (22 July 1994) Boston Globe:)

	Raytheon won an 800 billion dollar, six year contract with the
government of Brazil to provide monitoring of the Amazon vs. drug &
mineral smugglers.

	System will employ telecomm, satelite imagery, ground & air
based monitoring to monitor an area more than 1/2 the size of the US.
System will use unspecified defense converted technologies.

	System will reduce deforestation & wildlife destruction,
combat illegal mining & drug trafficing, protect indigenous tribes,
*monitor traffic*, stengthen border controls.

	Team members include IBM/Brasil, INFRANAV, a Brasilian
militray contracter, MacDonald Dettwiler (hmmm) of canada, and others.


	The article fawns about how nice it will be for Raytheon not
to go out of buisness.  Raytheon has been having difficulty recently,
since the Army decided to go with a longer range anti-missile system,
bypassing future Patriot missile purchases.

	"If Brazil wins the world Cup, the government will be able to
pass the most repressive legislation ever, and no one will care." 
 -- Pele 


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From adam at bwh.harvard.edu  Sun Jul 24 09:58:16 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Sun, 24 Jul 94 09:58:16 PDT
Subject: clipper and export
In-Reply-To: <199407221934.MAA03997@netcom4.netcom.com>
Message-ID: <199407222015.QAA01010@walker>


Tim May:

| I reject key escrow, and I don't worry overmuch about export of crypto
| or what it does to the competitiveness of Novell and Microsoft. (By
| this I mean that end-to-end encryption is usually a big win over
| product-integrated, officially-sanctioned crypto....and no export laws
| will stop powerful, unofficially-sanctioned end-to-end crypto from
| being used.)

	The benifit to product integrated crypto is that if Microsoft
puts RSA into Chicago, there are suddently 60 mil. RSA users.  OTOH,
if Microsoft puts A5 into Chicago, there are suddenly zillions of A5
users.  There is a benefit to having big companies like IBM, HP, or
Sun provide strong crypto, and that is it makes it look more
respectable to the large corporation.

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From solman at MIT.EDU  Sun Jul 24 10:09:59 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Sun, 24 Jul 94 10:09:59 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407241648.JAA26711@jobe.shell.portal.com>
Message-ID: <9407241709.AA27533@ua.MIT.EDU>


> From solman at MIT.EDU  Sat Jul 23 17:35:33 1994
> > Well I've skimmed the paper because this is non-intuitive to me, and I'm
> > impressed by the level of security that Chaum requires from his protocols.
> > He treats the absolutely impossible and the computationally infeasible
> > seperately. Determining whether the coin is one of yours falls into the
> > second category. In order to determine whether you have used a coin
> > previously (in a maximally secure scheme) you need the bank's secret key.
> > So you just wind up your 4096 bit number factoring machine, dump in the
> > modulus, and presto, out come your factors from which you compute the
> > secret key.
> 
> Yes, I remember that now.  My interpretation, though, was that with the
> bank's help you could tell when a coin had been re-used.  This could
> impair the anonymity of the cash.

So the problem we are now looking at is when a prior user and the bank team
up, the person who finally redeems the cash at the bank can be identified
as handling cash that the colluding user previously had. There is a simple
solution to this, if you are this paranoid, don't redeem the cash yourself,
just pass it to a non-bank. Once you do this NOTHING can be determined
about you unless you double spend. (Unless the bank's private key is
recovered.)

JWS





From rjc at gnu.ai.mit.edu  Sun Jul 24 10:41:49 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Sun, 24 Jul 94 10:41:49 PDT
Subject: Raytheon got a great deal
Message-ID: <9407241741.AA03043@geech.gnu.ai.mit.edu>




   Wow, an 800 billion dollar contract! Someone put me in
contact with the government of Brazil!


;-)





From hfinney at shell.portal.com  Sun Jul 24 11:00:22 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 24 Jul 94 11:00:22 PDT
Subject: Voice/Fax Checks
Message-ID: <199407241801.LAA08249@jobe.shell.portal.com>






From berzerk at xmission.xmission.com  Sun Jul 24 11:03:30 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sun, 24 Jul 94 11:03:30 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407240758.AA09433@anchor.ho.att.com>
Message-ID: <Pine.3.89.9407241144.A15200-0100000@xmission>




On Sun, 24 Jul 1994 wcs at anchor.ho.att.com wrote:
> > 2.	multiple escrow agencies, at least one of which is the NSA HQ
> > 	(for its superior physical security)
> 
> They're the *last* people I want involved with routine communications
> between ordinary people.  They're an agency that should probably be
> abolished, but at most they should stick to providing secure communications
> for the military; I don't want military police agencies or even Federal
> civilian police agencies getting involved in civil commerce, 
Remember, any 1 key gets nuked, you are safe.  I personaly would use the 
NSA as one of them if I was running a buisness where key escrow made 
sense, for exactly the reasons they gave, and would trust it even more if 
they had a mandate to distroy them on mass seazure.  This is not a mater 
of puting absolute trust in one agancy, but trusting one agency to act 
*in* *one* *case* as a great protector, namely, if we are invaded, they 
would no doubt distroy their database, and your privacy would be protected.

Long shot, but so is 2^128.

Berzerk.





From berzerk at xmission.xmission.com  Sun Jul 24 11:13:08 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Sun, 24 Jul 94 11:13:08 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407241029.AA10506@anchor.ho.att.com>
Message-ID: <Pine.3.89.9407241252.A15200-0100000@xmission>




On Sun, 24 Jul 1994 wcs at anchor.ho.att.com wrote:
> I have to agree, and I distinguish between "real crimes" vs. "laws".
> a) Untraceable payments for physical violent crimes (e.g. kidnap ransom)
A leo solicits a payment for the murder of someone and busts you.  The 
murderer is caught and testifies.  This is the standard way murders are 
solved.  Name a case where a wiretap has done it.  I dare you.

> b) Better communications for conspiring to do violence (murder contracts...)
So talk to people and narc on them.

> c) Bank Robbery (any respectable digibank can protect itself technically,
>    but we're already seeing Teller Machine card forging in Britain,
>    and other banks will probably have weaknesses as we learn digibanking.)
Ahm, all the more reason for people to use strong crypto.  You don't 
protect yourself by not having a gun, but by having a biger one that the 
rober.

> d) Forgery - digital signatures are great, if they're long enough,
>    but protecting your keys is more critical than it used to be.
True, again see c)

> e) Fraud - you'll probably have to do a better job checking reputations
>    for a digital stockbroker living behind anonymous remailers paid with
>    digicash than you currently do for physically traceable brokers like
>    Ivan Boesky. 
True.
 
> f) Extortion - it's hard to break somebody's legs in cyberspace,
>    but you can send the threat that way, and tell where to send the money;
>    you can also threaten to publish their private key which you stole.
At which point they sign a retraction of their private key.

> The 4th amendment's terms aren't for you - they're for the government
> to obey.  While I suspect the authors of the amendment assumed the
> government would seize criminals and search for them, they don't
> claim that power as their right, they only place limits on it.
Amen.  I think we need to throw out the concept of fruits of a poisioned 
tree and start puting criminals that break the 4th amendment in prision.
(ok, flame me.)

Berzerk.






From rarachel at prism.poly.edu  Mon Jul 25 19:31:47 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 25 Jul 94 19:31:47 PDT
Subject: wanted SueDNym messages
In-Reply-To: <9407230733.AA15015@axiom.maths.uq.oz.au>
Message-ID: <9407260155.AA09417@prism.poly.edu>


> But what's this MEDUSA's TENTACLES program meant to be? An artificial
> intelligence modelled on the personality of LD? <yeegawdz!>

It's a Detweiler Detector(tm) :-)  It's a fuzzy logic database that keeps
track of a user's posts and does stats on it.  Afterwards, once a database
is established, an anonymous, unknown post can be fed to Medusa.  It will
see how well the message matches to the poster's past spam. 





From berzerk at xmission.xmission.com  Mon Jul 25 19:34:54 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Mon, 25 Jul 94 19:34:54 PDT
Subject: crime and snitches
In-Reply-To: <m0qRNGX-0004nuC@roslyn.gasco.com>
Message-ID: <Pine.3.89.9407251815.A10590-0100000@xmission>




On Fri, 22 Jul 1994, Patrick J. May wrote:
>      I've heard of incidents where a group of people dressed in white
> sheets hung other people with dark skin.  Not one of those
> white-sheeted people snitched, in many cases.
True, however the INFORMATOIN that something like this happened did leak 
out.  I would assert that this was not a case of a blockage of 
information but a lack of will on the part of those who did know to take 
action.  

>      If you were limiting your assertion to crime over the net, I
> suggest that the long, interesting history of confidence men is a
> refutation.  Done correctly, in many cases the victim doesn't even
> know he has been conned.
Then have they?  Can you give an example?

Berzerk.






From sandfort at crl.com  Mon Jul 25 19:39:15 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 25 Jul 94 19:39:15 PDT
Subject: LITTLE BROTHER INSIDE
Message-ID: <Pine.3.87.9407251517.A3557-0100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I was just thinking about computer seizures and thefts.  I think
I've come up with a couple of interesting solutions.

REMOTE CONTROL--In addition to denying access to your files by
encrypting, you might want to *change* them in some way *after*
your computer has been seized/stolen.  Pagers are cheap.  They
can be pinged no matter where they are located in their service
area.  They can be accessed from any phone (even a jailhouse
payphone).  And they are small enough to be wired into your
computer.  It souldn't be too difficult to fix it so your
computer can read transmitted numbers from the pager's memory.
Code numbers could be used to tell your computer to take various
actions.  Depending upon your circumstances, you could tell your
computer to decrypt this or that set of files, to reformat the
hard drive, to fry the CPU, etc.

LITTLE BROTHER INSIDE--Even better than a pager, would be a cell
phone.  It would be more expensive, but also more versatile.  In
addition to giving instructions to your computer, a cell phone
could be used to *eavesdrop* on the location where your computer
is being held.  By disabling the ringer and remounting the
mouthpiece, you could surreptitiously call your computer, any
time, from any phone and monitor conversations in the area.  (To
paraphrase an old military curse, "bug the bugging buggers.")  As
long as the computer is plugged in, the cell phones batteries
will continue to be topped off.  (For the truly thorough privacy
advocate, a GPS unit could be hooked into the cell phone to give
you its location.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From norm at netcom.com  Mon Jul 25 19:40:49 1994
From: norm at netcom.com (Norman Hardy)
Date: Mon, 25 Jul 94 19:40:49 PDT
Subject: Double DES calculations
Message-ID: <199407252223.PAA15416@netcom.netcom.com>


At 09:05 1994/07/22 -0700, Hal wrote:
>I missed the start of this double-des thread due to system problems and
>being gone, and I've never been able to pick up the main point since.  It
>sounds like some kind of meet-in-the-middle attack is being discussed.
>It is true that with current technology MITM generally seems more costly
>in terms of space than time.  However, I have seen references to techniques
>which shift this tradeoff some, costing more time and less space.  Un-
>fortunately, I can't remember where I saw them!
...
There may be more than one way that MITM (meet in the middle) may be used
to attack Double block cyphers. I assume the following attack. You know
some block of plain-text P and corresponding cypher text C. You believe
that C = E(k, E(j, P)) where E(k, p) is the encypherment of p with key k.
D(k, E(k, p)) = p. You need to find keys k and j. Classic MITM is to
produce a file A with records: <k, E(k, P)> for each k, and file B with
records <j, D(j, C)> for each j. Sort both A and B on the second field.
Pass over the sorted files looking for a record from file A whose second
field is the same as a record in file B.

To substantially shorten the ammount of tape used by a factor 2^n at the
expense of evaluating C and D 2^n more often do the following:

For m from 0 to 2^n-1 Do
  Produce file A with records: <k, E(k, P)> for each k where
    (the right n bits of E(k, P)) = m. (discarding other records)
  Produce file B with records <j, D(j, C)> for each j where
    (the right n bits of D(j, C)) = m
  Sort files A and B on second field.
  Pass over files looking for records from A that match records from b in the
  second field.
Enddo.

This is still a daunting job and evaluating its magnitide requires several
assumptions. The most obvious is the cost of evaluating C and D. Next is
the cost of reading and writing tape.







From sandfort at crl.com  Mon Jul 25 19:41:30 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 25 Jul 94 19:41:30 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <Pine.3.87.9407251452.A16249-0100000@crl2.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On the noon news in San Francisco, there was an item of crypto
interest.  It was about something I think they called the "Code
Grabber."  It is a device which receives and records the coded
RF signals used to remotely unlock car and garage doors.

The hand-held unit is a little larger than a paperback book.  It
has a half dozen switches on it.  After you intercept someone's
code, you can play it back anytime to control that person's car
lock or garage door.  It's kind of like a TV universal remote.

Some politicos have already started talking about banning it, but
I think just the publicity will guarantee a healthy black market
in such devices.  The public will be clamoring for a solution.
Enter the Cypherpunks.

How can this nifty burglary tool be outsmarted?  How about a
replacement system that uses strong crypto?  The Code Grabber
represents a great opportunity for an inventive Cypherpunk to
make some money AND promote crypto awareness.

The questions are:  Could standard auto and garage door openers
easily be retrofitted?  Could a "crypto remote" with its own CPU
be made small enough to fit into a hand-held unit?  Could such a
system be made for a reasonable cost?


 S a n d y

P.S.  I bet there are some other interesting uses to which such a
      device could put.  Any ideas?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From pjm at gasco.com  Mon Jul 25 19:42:12 1994
From: pjm at gasco.com (Patrick J. May)
Date: Mon, 25 Jul 94 19:42:12 PDT
Subject: crime and snitches
In-Reply-To: <Pine.3.89.9407211908.A6907-0100000@xmission>
Message-ID: <m0qRNGX-0004nuC@roslyn.gasco.com>


Berzerk writes:
 > On Thu, 21 Jul 1994, Robert Hettinga wrote:
 > > I would like to propose, probably not the first time on this list, an
 > > acceptable, time-honored method of determining the contents of a secure
 > > conversation.  Snitches.
 > ABSOLUTELY!  The fact is if you can't get someone to snitch, IT IS NOT A 
 > CRIME(moraly)!  I dare anyone to come up with a counterexample.
 > 
 > Berzerk.

     I've heard of incidents where a group of people dressed in white
sheets hung other people with dark skin.  Not one of those
white-sheeted people snitched, in many cases.

     If you were limiting your assertion to crime over the net, I
suggest that the long, interesting history of confidence men is a
refutation.  Done correctly, in many cases the victim doesn't even
know he has been conned.

Regards,

Patrick May

------------------------------------------------------------------------
                              "A contract programmer is always intense."
pjm at gasco.com





From hughes at ah.com  Mon Jul 25 19:43:08 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 25 Jul 94 19:43:08 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407230357.UAA13442@jobe.shell.portal.com>
Message-ID: <9407251941.AA04153@ah.com>


   A couple of pointers on current outfits trying to undercut the "transaction
   cost", none of them the ultimate we all root for, but nonetheless.

One very important point to remember, however, is the following.  When
money of any form is electronic, you can use it to purchase your
favorite cryptocash certificates from.

Eric





From hughes at ah.com  Mon Jul 25 19:43:29 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 25 Jul 94 19:43:29 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407230337.UAA12523@jobe.shell.portal.com>
Message-ID: <9407251946.AA04170@ah.com>


   Eric Hughes writes:
   >You can still use an account mechanism, but with an intermediary whose
   >business it is to aggregate small amounts as these proposed and clear
   >the total periodically.  That's now one account setup for the
   >customer.

Hal:
   How, though, would the ftp site which wants to know whether I'm "good for"
   the one cent charge to download PGP do so?  Does it have to check with an
   agent on the net somewhere which will vouch for me?  Aren't the communica-
   tion costs then the same as an online system?  

Your agent would purchase the service and immediately resell to you.
This legal arrangement need not be the same as the communications
flows.  The service provider is selling to a large trusted customer;
they clear transactions once a day, say.  The intermediary provides
small amounts of credit to the individual customers, who clear with
the intermediary when, say, they go over a limit, like $10.

What you have here is a liability transfer from a small customer to a
larger intermediary.

Eric





From hughes at ah.com  Mon Jul 25 19:45:03 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 25 Jul 94 19:45:03 PDT
Subject: Forward secrecy
In-Reply-To: <199407241550.LAA10919@zork.tiac.net>
Message-ID: <9407251923.AA04133@ah.com>


   Hate to pick nits here, but isn't the acquisition and use of a public key
   "teaching" your machine to read Tim's "language"?

I agree.  Each public key creates a different encoding, or a different
language, as it were.  These encodings/languages are all related, but
mutually incomprehensible.  Encryption software has the capability to
read any of these languages because it is multi-purpose software.

Because the software is multipurpose, however, there is a greater need
for forward secrecy.  Forward secrecy is the property that an
intercepted communication cannot be read because the secret keying
material, however generated, has been destroyed by the time such
keying material is sought after.  For example, in a secure telephone,
forward secrecy begins when you hang up the phone, because the key
inside it, generated, say, by a D-H key exchange, is destroyed when
you put down the receiver.

For PGP and PEM, forward secrecy begins when you destroy all copies of
your private key.  This will leave you without a private key, of
course, and so should be done only after a key change.  The forward
secrecy also applies to the (previous) holder of the private key.  If
your only copy of encrypted email, for example, that you have after
you destroy your private key is just the encrypted email, then you
won't be able to read your own mail.  Therefore, all old traffic
addressed to a public key needs to be re-encrypted or kept in
plaintext.

This is one of the main reasons for periodic key changes, to achieve
forward secrecy for email.  After I change keys and destroy my old
private key, now the _only_ way to decrypt the messages is to derive
the private key from the public key--in RSA, to factor the modulus.
This is computational forward secrecy.  

Diffie-Hellman key exchange also yields computational forward secrecy,
because the session key generated can be derived assuming a device to,
say, take discrete logs on the order of the size of the modulus.

If messages have been intercepted and logged, no seizure of equipment
will yield the private key.  Forward secrecy protects you, therefore,
from violence, be that the procedurally mitigated violence of the
courts or the arbitrary violence of another party.

Here, then, is the connection back to the original issue.  The courts
distinguish between acts of speech (fifth amendment protection) and
supplying objects, such as a subpoena provide the key to a safety
deposit box.  As Marc Rotenberg once put it to me, the court cannot
require you to incriminate yourself, but they can require you to
participate in your own downfall.  Forward secrecy protects you
against court order, because you cannot be held in contempt of court
for not providing something that doesn't exist.  If you destroy your
keys in a timely fashion, your exposure is limited to the time since
the last key change.

Needless to say, there's no real standard software support for forward
secrecy for email.  A good cryptographic system should store the
plaintext of an encrypted communication in a separately encrypted
place.  On Unix, one can use Matt Blaze's CFS to keep all of one's
mail on, but even then there's no support for keeping encrypted mail
around in such a way that allows you to prove, _without using the
private key_, which will be destroyed at some time, that a particular
ciphertext matches any particular plaintext.

Consider PGP, where the outer wrapper can only be decrypted with a
private key.  Once that public key is gone, that message is now
useless even as verification for anything, unless the session key is
also stored separately.  If you have the session key, the encrypted
session key can be generated by an application of the public key, and
verified to match.

Assuming you have the public key, that is.  If the public key has been
published, then you can safely assume that it can be retrieved.  To
achieve unconditional forward secrecy, however, requires that the
public key _never_ be published, but only given to correspondents.  In
this situation, one achieves unconditional forward secrecy when you
destroy both private and public keys and all your correspondents
destroy the public keys.

An aside: in a two cipher system, you only get the unconditional
security with respect to the public key cipher.  The secret key cipher
(like IDEA) is still only computationally protected, since the entropy
of the plaintext is not maximal.  This, however, is still an
advantage, since there's more uncertainty about the long term security
of the algebraically based public key ciphers than there is about the
secret key ciphers.

Now, as far as I know, there's _NO_ support anywhere for preventing
the correspondent to publishing the private key.  Even software which
was not informationally secure, which simply flagged a public key as
"not for further distribution", would be a help, since it would then
require custom software in order to distribute.  At the very least it
would allow mutually trusted parties to prevent accidents.

Another technique would be to develop a keying system in which
distribution of public keys were tied to the public keys of the
correspondent.  This might not prevent (informationally) the key from
being distributed, but one would want to it identify the distributor.

Eric






From will at thinkmedia.com  Mon Jul 25 19:45:18 1994
From: will at thinkmedia.com (thinkmedia.com)
Date: Mon, 25 Jul 94 19:45:18 PDT
Subject: No mail?
Message-ID: <199407251910.MAA24098@scruz.net>


I haven't recieved the usual deluge in the last 24 hours. Wassup? Is the
server down or have I been exorcised?

______________________________________________________________________________
Opinion is a flitting thing,                           Thinking Media Research
But Truth, outlasts the Sun--                          will at thinkmedia.com
If then we cannot own them both--                      (408) 423 3720
Possess the oldest one--

                  Emily Dickinson







From whitaker at dpair.csd.sgi.com  Mon Jul 25 19:46:09 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Mon, 25 Jul 94 19:46:09 PDT
Subject: Det./tmp/Nym on Netcom
Message-ID: <9407251205.ZM8240@dpair.csd.sgi.com>


Noon 25 July 1994

Prepended disclaimer: I do not speak for Netcom or SGI.

I have spoken to Bryant at Netcom's operations center in San Jose,
California, and he has asked me to pass along the following to the
Cypherpunks list and anyone else concerned with L. Detweiler and system
user accounts:
	nym at netcom.com
	tmp at netcom.com

Both of these accounts have been suspended.  The "nym" account was
suspended as of late last week.

Although it is not Netcom's policy to give out account user information
which includes names, addresses, and other such personal data, Bryant was
at liberty to say that the user accounts "tmp" and "nym" were the same
person.  I approve of this company policy, by the way.

The accounts department at Netcom has been made aware by Bryant that
trouble has been generated by the singular person writing checks in
payment of both the "nym" and "tmp" accounts, and has been told not to accept
any new orders from anyone suspected to be the same person.  Particular
attention is being paid to orders made from the Denver area.

Bryant has asked me to add that Netcom's way of handling such trouble
is strictly complaint-driven.  If you have a complaint about a particular
user, your best bet is to call Netcom.  Bryant can be reached directly at
Netcom by calling 408-983-1510.

[bcc: Bryant at Netcom (not email address; call phone)]

Appended disclaimer: I do not speak for Netcom or SGI.

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From CCGARY at MIZZOU1.missouri.edu  Mon Jul 25 19:47:13 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Mon, 25 Jul 94 19:47:13 PDT
Subject: CEB 7 - Cypherpunks' Electronic Book - its still alive!
Message-ID: <199407251857.LAA05342@cygnus.com>


         CEB 7 CYPHERPUNKS' ELECTRONIC BOOK - its still alive!

   Not long ago someone sent me private email volunteering a workstation
to handle the CEB. I have stupidly lost the post. After several hours of
hunting thru my unindexed Cypherpunk archives - no luck. Will that
person please email me again with CEB in the header?
   Also, I have a very well qualified volunteer to do the editing of
CEB. Hopefully, he may know how to program it as well. I am going to
maintain a list of people with different skills who would like to work
on the CEB. Anybody would would like to help please post either to me
or to Cypherpunks with CEB in the header.
   Also, would the people who have archieved Cypherpunks' lists please
respond as well.
                                  PUSH EM BACK! PUSH EM BACK!
                                  WWWAAAYYY  BBBAAACCCK!
                                  BBBEEEAAATTTT  STATE!
                                  Yours Truly,
                                  Gary Jeffers





From karn at qualcomm.com  Mon Jul 25 19:47:50 1994
From: karn at qualcomm.com (Phil Karn)
Date: Mon, 25 Jul 94 19:47:50 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407230102.AA17231@ua.MIT.EDU>
Message-ID: <199407251802.LAA10432@servo.qualcomm.com>


I think we need to distinguish between encrypted *storage* and
encrypted *communications*.  Voluntary key escrow may make sense for
encrypted stored business files, but communications is a different
story. Since there should be nobody out there recording packets, there
is no need to back up or escrow the keys used to encrypt them.

Phil







From gtoal at an-teallach.com  Mon Jul 25 19:48:47 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 25 Jul 94 19:48:47 PDT
Subject: My anonymous remailer
Message-ID: <199407251645.RAA15981@an-teallach.com>


[is cypherpunks down again?  Haven't seen any traffic in 24 hours...]

: From: ghio at kaiwan.com (Matthew Ghio)
: Newsgroups: alt.anonymous,alt.privacy.anon-server,alt.current-events.net-abuse
: Subject: My anonymous remailer

: For the second time in one week someone has again mailbombed my remailer.
: Last weekend it was the infamous Detweiler, and now some lamer from ysu.edu
: just mailbombed someone on one of the freenets by sending copies the same
: post from comp.binaries.mac over and over...  I guess the freshmen have
: arrived early this year.

: Maybe it is just coincidence but I am starting to get somewhat pissed off.
: I've been running anonymous remailers for quite a while now and have never
: had to deal with crap like this.  As the remailer is a vaulable service for
: many people, I don't want to shut it down or start putting burdensome
: restrictions on its use... Suggestions appreciated.

I've been pondering this for some time.  I think it's time to try a
new experiment in anonymous remailing.  I think that all remailers
should close down, then open up with new addresses and a single shared
new policy... the new policy being that each individual remailer will
do his best to 'out' all posters - complete disclosure, log files
available, posts available, summaries show up via finger etc etc.

Give *us* the same access to the info that the LEAs have, and let us
try to work out who is posting what.  This puts the onus on the posters
to use the encryption and chaining features, and on us to generate
our spoofing traffic and delay mail and whatever else it takes to
foil traffic analysis.

Also, we automatically bounce submissions in plaintext at the point
of entry - the only cleartext should be at the point of exit (and not
even that if it's personal mail rather than news postings).

And we should not guarantee service.  Postings can get lost for whatever
reason.  If someone wants to kill postings in cleartext at the point of
delivery to newsgroups or mailing lists, let them.  That should stop the
Detweilers and place the responsibility of abusing the remailers on
the shoulders of the remailer operators.  If an abusive posting is
sent to news from remailer X, it's clear remailer X was the one that
passed it on and had the cleartext available.  And with a new policy
of outing everyone automatically, people *know* we'll read the
cleartext at the point of delivery.

This seems to me more consistent with the cypherpunk ideal of users
securing their own privacy, rather than trusting someone.

G





From jamesd at netcom.com  Mon Jul 25 19:53:11 1994
From: jamesd at netcom.com (James A. Donald)
Date: Mon, 25 Jul 94 19:53:11 PDT
Subject: GUT and P=NP
In-Reply-To: <9407251237.AA08406@vail.tivoli.com>
Message-ID: <199407251630.JAA29418@netcom8.netcom.com>


James A. Donald writes:
>  > The new operator is a unitary transformation on a single bit. 

Mike McNally writes
> Ok, great.  So why is it that a description of a process to be
> followed by a quantum copmputer in order to produce some desired
> result not an algorithm just because it involves this operator?

Obviously one could choose to call these algorithms if one wished,
but such a name, if adopted, will obfuscate the fact that 
such things have very different properties, capabilities, and
limitations to conventional algorithms.

In particular the results of conventional complexity theory
obviously are largely irrelevant to quantum complexity theory,
which is why I made my original statement that the development
of quantum computers with capabilities that are impossible
for conventional computers cannot falsify existing complexity
theory and existing complexity theory cannot "disprove"
the alleged capabilities of quantum computers.

Very likely the name will be adopted but with a qualifier
"quantum algorithm".  In the event that quantum computers
become common (which I do not expect to happen for thirty
years or so)  I expect the phrase "quantum algorithm" will
be replaced by something shorter, so that we have one
word for algorithms, and another word for quantum algorithms.

We have wandered seriously off topic, and I will make
future replies in private email.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From perry at imsi.com  Mon Jul 25 19:53:33 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 25 Jul 94 19:53:33 PDT
Subject: by the way...
In-Reply-To: <9407251341.AA20198@focis.sda.cbis.COM>
Message-ID: <9407251525.AA00295@snark.imsi.com>



Paul J. Ste. Marie says:
> > For those who believe "the NSA can do ANYTHING" or some such, an
> > article in the New York Times claims the annual black budget now seems
> > to be hovering around $28 Billion per year, for ALL secret government
> > work.
> 
> Actually, I believe that number was for DOD only.

That number is ALL black budget items. Its a lot of money, but its
very bounded, and very finite.

Perry





From jrochkin at cs.oberlin.edu  Mon Jul 25 19:53:37 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 25 Jul 94 19:53:37 PDT
Subject: Voice/Fax Checks
Message-ID: <199407251518.LAA22599@cs.oberlin.edu>


> I had the impression from that paper that with transferred ecash, a person
> earlier on the trail could always recognize the cash even at a later point.
> This followed, Chaum claimed, from the need to detect double-spending.
 
That makes sense, and I don't see it as being too much of a problem either. 
Physical cash works that way too; if I write down the serial numbers of all
money that goes through my hands, then if it ever comes back into my hands
I'm going to recognize it. It would be nice if ecash could not have this
"flaw", but it doesn't seem vital, or even particularly important, to me.





From cme at tis.com  Mon Jul 25 19:54:59 1994
From: cme at tis.com (Carl Ellison)
Date: Mon, 25 Jul 94 19:54:59 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407240830.AA09655@anchor.ho.att.com>
Message-ID: <9407251429.AA28002@tis.com>


>Date: Sun, 24 Jul 94 04:30:20 EDT
>From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204)
>Subject: Re: Gore's "new and improved" key escrow proposal

[Software Key Escrow details omitted]

>Will they be able to get us to accept this abuse?  Maybe.
>I hope Clipper put a bad enough taste in the public's mouth that
>they won't get away with it, but a hardware chip is a lot more concrete
>than "telecommunications software protocol standards" for many people.

I doubt anyone would get you and me to buy this -- but the danger is that
Microsoft and company might buy it.  That leaves us ok, because we have PGP
but my friend Lolly is vulnerable.  Given a choice between a cheap public
access UNIX system and America OnLine, she chose AOL because it was icon-
driven and had a simple-to-learn mailer.  I was even tempted to switch
because of the off-line mail (flash sessions).

The lesson is clear.

We who write code have a few weeks (maybe a month or two) in which to
write simple-to-learn mailers.  Crypto algorithm code or even PGP-phone
is far less important than Mac and Windows applications which tie together
offline/online mail for various systems (MCIMAIL, ATTMAIL, PAunices, AOL?, ...)
with PGP and RIPEM.


 - Carl






From pstemari at bismark.cbis.com  Mon Jul 25 19:55:34 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Mon, 25 Jul 94 19:55:34 PDT
Subject: by the way...
In-Reply-To: <9407221341.AA16126@webster.imsi.com>
Message-ID: <9407251341.AA20198@focis.sda.cbis.COM>


> For those who believe "the NSA can do ANYTHING" or some such, an
> article in the New York Times claims the annual black budget now seems
> to be hovering around $28 Billion per year, for ALL secret government
> work.

Actually, I believe that number was for DOD only.





From hart at chaos.bsu.edu  Mon Jul 25 19:58:06 1994
From: hart at chaos.bsu.edu (Jim Hart)
Date: Mon, 25 Jul 94 19:58:06 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407210323.AA23357@panix.com>
Message-ID: <199407250943.EAA12046@chaos.bsu.edu>



> At 09:19 AM 7/20/94 UTC, j.hastings6 at genie.geis.com wrote:
> 
> >"Attention Businesses...Accept Personal and Business Checks Over The
> >Telephone (or by fax) for Your Orders, Payments, Collections and
> >Donations!"

Dunan Frissell elaborates: 
> "Don't bother.  Take out the check you were going to send me, read me the
> routing code and check number on the bottom.  Give me your name and address
> and the bank's name and address as they appear on the check, the amount you
> will pay and the date.  I'll collect that check electronically without you
> having to bother to send it."

Isn't this kind of like writing them a blank check?  If I tell
them to make the check out for $20 and they make it out for
$100, how do I repudiate that?  Not only that, how do I prevent
them from writing and cashing more checks by increasing the
sequence number?

On the flip side, what happens if I make out a check for $100
and later claim it was only $20, accusing them of cheating?
How does the judge determine who cheated?

Since the check doesn't contain my signature, why does
the bank honor the check?

Jim Hart
hart at chaos.bsu.edu




From nobody at soda.berkeley.edu  Mon Jul 25 20:00:52 1994
From: nobody at soda.berkeley.edu (Tommy the Tourist (Anon User))
Date: Mon, 25 Jul 94 20:00:52 PDT
Subject: X-signatures
Message-ID: <199407250755.AAA26072@soda.berkeley.edu>


I see these postings with X-Signed headers... What program produces
those as opposed to begin and end PGP signed message?

Thanks in advance,



------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%U_^P;+]AB?X=];G11Z)9;K(Z[;P22_TM9]%$@YRYIS?>+W\7VO<--Y
MH#;CYJ#79DJN+`O2)^&8KOPV(V^K7,$(K4J<<8A)<T4L/_5MJZS[+&#EV'(\
(JK\(RJ,,;\H`
====Encrypted-Sender-End====





From thumper at kaiwan.com  Mon Jul 25 20:02:59 1994
From: thumper at kaiwan.com (thumper)
Date: Mon, 25 Jul 94 20:02:59 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 000
In-Reply-To: <199407240908.AA19968@xtropia>
Message-ID: <Pine.3.89.9407242114.B17771-0100000@kaiwan.kaiwan.com>



[Much deleted...]

I was fortunate to talk with Phil about the legal kludge bug at DefCon II 
in Las Vegas this past weekend. Basically the point he gave to me about 
not bothering to bypass it is that it only gives more ammunition to the 
patent holders. It took quite a bit of time and money to agree upon the 
RSAREF licensing for PGP 2.6, bypassing the feature because of the bug 
only recreates more tension for Phil. 

In his presentation saturday morning at the DefCon convention, he said 
that like all free software, it's pretty much beyond anyone's control 
to prevent it from getting exported anyways, just like pirated software, 
and it had unfortunately arrived in Europe already. IMHO, I figure they 
already got it, what's to stop them from using version 2.6 outside of the 
U.S. My main point is to just use 2.6 and let 2.3a use die off since 
everyone basically already HAS 2.6 inside AND outside of the U.S. and not 
give the patent holders any more reasons to come down harder on him and 
cause tighter restraints put on cryptography in general since this has 
been an obvious example that cryptography software cannot be kept within 
the U.S. no matter how many precautions they took to not let it get out.
He told me that there's nothing wrong with 2.6 and just encouraged me to 
use 2.6 as it was intented to be used. After talking with him face to 
face, seeing the kind of person he is, it sorta opened my eyes. I mean 
while talking to him about this, I could tell how much he has been 
through over this, and how he really wishes that every joe blow doesn't 
come up with "NEW" versions of it. This is just a situation where too 
many cooks can spoil the soup.

Now I see this message about PGPEU. I know this is probably an open 
invitation to get flamed but let's give it a break. Yes, PGP is freeware 
and able to be modified and distributed, but bypassing features requested 
by the patent holder is only going to cause trouble for a such a nice guy 
like Phil. He did us all a great service by creating a program like PGP, 
and it cost him alot. Distribution of modified versions of PGP only puts 
us back to where we were with 2.3a. Everything we do affects each other's 
futures, and I think during the battlecry of "Down with clipper" and 
modified copies of PGP, some of us tend to forget how this will all 
affect the person who opened up our eyes and showed us that we did need 
strong encryption for the average user.

[Please direct all flames to /dev/null]

Thumper (yeah, just Thumper) =-=-=-=-=-=-=-=-=- GREP THIS NSA! =-=-=-=-=-=-=-
thumper at kaiwan.com           - PGP NSA ViaCrypt 2600 Phrack EFF #hack LOD/H =
Finger for PGP 2.6 Pub Key   = 950 FBI MindVox ESN KC NUA QSD Hacker DEFCON -
Big Brother *IS* watching!   - SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS =






From nobody at kaiwan.com  Mon Jul 25 20:03:03 1994
From: nobody at kaiwan.com (Anonymous)
Date: Mon, 25 Jul 94 20:03:03 PDT
Subject: Steve Winter Declares War in Cyberspace
Message-ID: <199407250533.WAA24620@kaiwan.kaiwan.com>


I just FTPed this from the Fidonet archives over at ftp.fidonet.org.  It 
looks as if, if this nut case has his way, we may have a "Waco in 
cyberspace".  For those of you who "enjoyed" Ralph Stokes' Ruckmanite spam 
entitled "Beware of Roman Catholic Corruption" which brewed in the bowels 
of Fidoland for years before spilling over into Internet/Usenet, Steve 
Winter has the *POTENTIAL* to do far more damage.  He owns not only a Fido 
node, but the entire "PRIME Net" structure, as well.  His Internet address, 
BTW, is "Steve.Winter at f98.n18.z1.fidonet.org".  Yes, the ".n18" means he's 
in Fidonet region 18, just like our old "friend" Ralph (the Mouth) Stokes 
<Ralph.Stokes at f1611.n375.z1.fidonet.org>.  If those two were ever to team 
up...

If you doubt the truthfulness of this, because of my need to post 
anonymously, feel free to FTP the file for yourself and have a look.  The 
file can be obtained via anonymous FTP from ftp.fidonet.org as
/pub/fidonet/fidonews/fnewsb29.lzh and you can verify this for yourself.

Anyway, enjoy, beware, learn, or whatever:

**********************************************************************
F I D O  N E W S --                   Vol.11  No.29    (18-Jul-1994)
----------------------------------------------------------------------

The FIDO Crucifixion
by Steve Winter (1:18/98)

 Some of you out there have been giving me a lot of bad press
lately. I don't really care because the bible tells me that false
christian scum will try to deter me from my mission to correct the
lies and Satan-influenced false teachings of deviant so-called
pastors. I don't care. They can flay my skin, draw and quarter me
and even take steps to censor me in FIDO, but I will carry on.

 Recently, I became aware of a new threat to the true church of
Jesus,that being these people who call themselves "Pagans". They
should more properly call themselves Heathens or even Satanists.
Yes, I have investigated many of these new age BBSs and I have only
one thing to say. THEY MUST GO!!

 The devil will not be allowed to exert domain where Jesus rules
King. We shall persue these godless satanic groups until the last
one has been exorcised or given over to the Lord for disposal. We
must seek them out and destroy their places of depravity and
destroy their rings of stone and their alters where babies are
sacrificed to appease their lord and master Satan himself. Good
Christians everywhere must join together to eradicate this
unwholesome threat to the very fibre and existance of mankind, and
we must do it NOW!

 I am asking the following of every Christian FIDO reader that
can see this message to disrupt, destroy and do away with every
pagan BBS in their area. Crash their their boards, and upload
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
viruses, what ever you need to do. These are scum of the earth
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and if I had MY way these idiots would be swinging from lamp posts
like Mussolini did after World War II. Let the dogs eat their flesh
and the bones be crushed under the feet of the legions of God's
people.

 If we all can get together on this ONE thing, we can eradicate
this threat to mankind within 6 months. Call your local police and
report these deviants. Report their crimes against children and if
possible, infiltrate them so that we can accumulate a listing of
these disgusting pawns of Satan. We must act now or surrender FIDO
to the Satan controlled minions of the dark side of man. Crush them
like the vermin they are. THIS IS WAR!
FidoNews 11-29                 Page:  7                    18 Jul 1994





From CCGARY at MIZZOU1.missouri.edu  Mon Jul 25 20:04:02 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Mon, 25 Jul 94 20:04:02 PDT
Subject: CEB 7 - its alive! Cypherpunks' Electronic Book.
Message-ID: <199407250450.VAA13514@cygnus.com>


         CEB 7 CYPHERPUNKS' ELECTRONIC BOOK - its still alive!

   Not long ago someone sent me private email volunteering a workstation
to handle the CEB. I have stupidly lost the post. After several hours of
hunting thru my unindexed Cypherpunk archives - no luck. Will that
person please email me again with CEB in the header?
   Also, I have a very well qualified volunteer to do the editing of
CEB. Hopefully, he may know how to program it as well. I am going to
maintain a list of people with different skills who would like to work
on the CEB. Anybody would would like to help please post either to me
or to Cypherpunks with CEB in the header.
   Also, would the people who have archieved Cypherpunks' lists please
respond as well.
                                  PUSH EM BACK! PUSH EM BACK!
                                  WWWAAAYYY  BBBAAACCCK!
                                  BBBEEEAAATTTT  STATE!
                                  Yours Truly,
                                  Gary Jeffers





From perry at imsi.com  Mon Jul 25 20:06:40 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 25 Jul 94 20:06:40 PDT
Subject: Travelling ants
In-Reply-To: <9407240652.AA08911@anchor.ho.att.com>
Message-ID: <9407250153.AA10304@snark.imsi.com>



bill.stewart at pleasantonca.ncr.com +1-510-484-6204 says:
> Tim May writes:
> > In fact, I'll close with a nagging questio. Except for some work on
> > elliptic functions, there has been no real alternative to RSA for
> > public key crypto. Why? One would think that in 16-18 years of work,
> > some alternatives based on something other than the difficulty of
> > factoring or taking discrete logs would have been developed. Why not?
> 
> Good one-way transformations are hard to find.
> Merkle & Hellman's knapsack-based cryptosystem predated RSA;
> it depended on transforming an easy subproblem of a NP-hard general problem
> into the general case.  Shamir and others found ways to reverse the
> transformation that was used, reducing it to the easy problem.
> In general, a symmetric cryptosystem needs to have one easy path through it
> (using the key); an asymmetric system needs two (encryption & decryption),
> and that's much harder to find.  The inter-relatedness of NP-complete
> problems probably doesn't help much.  
> 
> There may be some deep mathematical truth hiding somewhere in here,
> but I'm more of an applied-math type than a real theoretician :-)

There are the finite automata systems that were developed in China and
have been floating around in privately circulated papers. I have no
idea when these will be "officially" published. The systems in
question are quite exciting because they are far, far faster than RSA.
On the other hand, public key system after public key system has been
broken in the last fifteen years, so I'm not holding my breath.

Perry





From hayden at vorlon.mankato.msus.edu  Mon Jul 25 20:06:44 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 25 Jul 94 20:06:44 PDT
Subject: CEB 7 - Cypherpunks' Electronic Book - its still alive!
In-Reply-To: <199407251857.LAA05342@cygnus.com>
Message-ID: <Pine.3.89.9407252243.A168-0100000@vorlon.mankato.msus.edu>


On Mon, 25 Jul 1994, Gary Jeffers wrote:

>    Not long ago someone sent me private email volunteering a workstation
> to handle the CEB. I have stupidly lost the post. After several hours of
> hunting thru my unindexed Cypherpunk archives - no luck. Will that
> person please email me again with CEB in the header?

That was me.  I won't run the project, but I can set up a majordomo 
mailing list for you.  That's all.

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**







From perry at imsi.com  Mon Jul 25 20:07:04 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 25 Jul 94 20:07:04 PDT
Subject: GUT and P=NP
In-Reply-To: <199407230457.VAA19186@netcom13.netcom.com>
Message-ID: <9407250125.AA10242@snark.imsi.com>



James A. Donald says:
> Ray writes
> > 1) By definition, if something can be computed by a turing machine,
> > then it is an algorithm (Lewis and Papadimitriou)
> 
> Suppose we have a spatial transform performed by light flowing
> through a grid.  Is that an algorithm?   Perhaps it is, but I
> am about to describe a case that will stretch your definition
> of algorithm rather more drastically.

Suppose I have a frog. Is that an algorithm? Obviously not.

On the other hand, suppose I define something that takes an input tape
and turns it into an output tape. Is that something in the space of
things we are talking about? Yes.

The Church-Turing thesis is that if you are talking about the space of
"things that turn input tapes into output tapes and end in particular
states", turing machines are capable of doing any sort of
transformation other things can, although perhaps taking longer to do
so. I can believe that (possibly) quantum computers are faster, but it
would be truly shocking to discover that they did some things that
turing machines couldn't given enough time.

Perry





From perry at imsi.com  Mon Jul 25 20:07:04 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 25 Jul 94 20:07:04 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <9407230412.AA11150@toxicwaste.media.mit.edu>
Message-ID: <9407250131.AA10250@snark.imsi.com>



This area of research has been explored by Matt Blaze in some detail
-- he's done some "good" key escrow systems for just the case of "your
chief programmer is hit by a bus." However, let us never confuse
voluntary key management techniques used in an organization with
mandatory national key escrow big-brotherism.

Perry


Derek Atkins says:
> > I have tried to think of a positive use for key escrow.  The only
> > thing that I have come up with so far is kind of like having local key
> > escrow within one company, or something like that.  Kind of like
> > having a master key that fits all the offices in one wing of a
> > building, or something like that.  That could be good in some business
> > uses, provided you could pick your own trusted master key holder.  I
> > don't think that is what Al Gore has in mind.
> 
> Actually, I can think of one major use.  If I encrypt my personal
> files, I might want my heirs to be able to recover them after my
> death.  For example, I might keep my electronically-encrypted will in
> escrow, such that upon my death the keys can be obtained and the
> document opened.





From hal at martigny.ai.mit.edu  Mon Jul 25 20:08:59 1994
From: hal at martigny.ai.mit.edu (Hal Abelson)
Date: Mon, 25 Jul 94 20:08:59 PDT
Subject: comments by Ron Rivest on Government crypto policy
Message-ID: <9407260308.AA04886@toad.com>



These are some thoughts by Ron Rivest on government crypto policy and
the recent statement on Clipper.  I'm forwarding them to this list
with Ron's permission.

-- Hal Abelson

		    ******************************

The original intent of Clipper was to make available government (i.e.,
NSA) crypto technology (i.e., SKIPJACK) in a way that could not be
exploited by criminals or foreign nationals.  NIST and NSA wanted to
help out by making some of their technology available to US industry,
but wanted to do so in a way that didn't hurt other US government
operations (intelligence, law enforcement).  Key-escrowed clipper is
the result.  This is what Brent Morris and Mark Unkerholtz of NSA said
in a public lecture at MIT in spring '94.  They stressed the point
that their main goal was not to catch crooks or do foreign
intelligence better, but only to help out in a way that was not
hurtful to these other operations.  They didn't really expect that
Clipper would catch a lot of crooks.  (As is widely believed, any
sensible crook will avoid using Clipper equipment.)  The goal is to 
get their technology out, and a secondary requirement is that it be done
in a way that doesn't hurt their other operations.

Note that the above position is entirely consistent with an entirely
voluntary use of other cryptographic techniques by industry.  Trying
to force industry to use Clipper, or to use key-escrowed techniques,
would be equivalent to an assertion that the primary goal IS to assist
law enforcement and foreign intelligence in their operations, and is
thus contrary to the above position.

I now concerned that the administration's recent announcement represents a
serious revision of the above position.  Probably the reasoning for NIST and
NSA is going something like this:
	-- Congress (and parts of industry) wants the government to propose
	   crypto standards.
	-- NIST, the FBI, and the NSA can't push forward with a standard 
	   that is non-escrowed, because their jobs are on the line if any
	   significant use of government standards is made by "bad guys".
	-- They propose Skipjack/Clipper, which attempts to be "helpful"
	   (it has a new algorithm) in a way that doesn't hurt (key escrow).
But then, we have
	-- Significant opposition to escrowed standards by almost everyone
	   except Dorothy Denning.  Also, opposition to secret algorithms
	   in standards.

So, what do they do?

	-- Announce that they are reconsidering their policy on Clipper, while
	   keeping their commitment to escrowed crypto standards.  Invite
	   proposals from industry for escrowed crypto standards suitable for
	   software.  The crypto algorithms could be public, etc.

At this point, we have lost the only real contribution of the original proposal
(the secret Skipjack algorithm is shelved), and the role of the government is
now back just to trying to set some sort of standard.  That is, they are no
longer contributing technology, but only acting as a standard-setting body.
However, the fixation on escrow techniques persists; no bureaucrat wants to
have his job on the line for helping some "bad guy" that someday chooses to
use the US crypto standard.

But at this point, we have a government position that doesn't hang
together.  (The original position made more sense, although it didn't
result in a reasonable policy.)  Without government technical contributions
to protect (e.g. Skipjack), the only motivations for preserving key-escrow are

	(1) protecting the jobs of the policy-makers should some fairly visible
	    bad guy use government standard crypto someday, or

	(2) a reversal of the original policy: catching crooks and assisting 
	    foreign intelligence are now elevated from secondary constraints 
	    (due to reason (1)) to a primary goal.  

But it is well-recognized that catching crooks and assisting foreign
intelligence in such a manner requires the *mandatory* use of an
escrowed standard.  Without legal requirements to do so, most
manufacturers won't bother with the escrow capability.  Moreover, with
an adoption of public crypto standards, anyone (e.g. foreign
businesses) would be free to produce their own non-escrowed
implementations of the adopted crypto algorithms, and sell them in the
US.  It has been well argued that key escrow technology is not an
effective or cost-effective means of law enforcement, etc.  I think
that mandating the use of key escrow technology would be unacceptable
to most of the country (viz the current debate, which is running 1000
to 1 against even voluntary key escrow standards), too expensive, and
too much sticky tar spread on our nascent information highway.  I think
everyone realizes that mandating key escrow is not desirable or realistic.

Thus, we have a situation where there are four apparent choices left:
	(1) No government-approved crypto standards.
	(2) Government-approved public crypto standards with key-escrow
		mandatory for government use and voluntary elsewhere.
	(3) Government-approved public crypto standards with key-escrow
		voluntary for all users.
	(4) Government-approved public crypto standards with no key escrow.

The other choices, involving secret algorithms, are not viable.  I
also think that (1) is not viable, although one might suspect that
many government actions (and non-actions) were really directed at that
goal.  This leaves (2)--(4).  

Policy (2) makes no sense.  Given the freedom to easily use the
standard algorithms in non-escrowed manners (since they are public);
policy (2) is not effective for law-enforcement, etc.  It has
considerable cost, and no justification other than the attempt of the
policy-makers to try to do something that pretends not to hurt other
government activities.

Policy (3) might be workable.  There is no mandated use of escrowed
technology (even for government purchases) but manufacturers and users
may voluntarily implement escrowing capabilities if they wish.
Government agencies (NIST, the FBI, and the NSA) may develop and
publish escrowing techniques, and support and encourage escrowing
activities, as long as escrowing is not required by standards,
government purchases, or routine export control policy.   

(I haven't mentioned export control policy before, but think that it
falls in the same general category as requiring escrow for government
purchases---it is an attempt to affect the (foreign) market by
limiting what (US) manufacturers can do, rather than by affecting what
products are offered through government purchasing power.  In both
cases, the government's power to affect the market is limited by the
activities of other manufacturers and purchasers.  Export control in support
of specific policies against hostile countries (e.g., Libya?) is, in my
opinion, not unreasonable, but telling our information highway manufacturers
they can't export crypto is like telling our automobile manufacturers that
they can export cars, but only if they contain no bolts, fasteners, or 
opaque trunk lids: for crypto is the "nuts and bolts" of an information 
system -- it links together separate components in a secure manner, and is
also the means of protecting your information goods from prying eyes.)

Finally, there is policy (4) -- no escrowing at all.  This is, in the end,
the most workable.  It makes explicit that trying to achieve law-enforcement
and foreign intelligence objectives by affecting government crypto standards is
misguided and ultimately, harmful.

Comments appreciated....

	Cheers,

	Ron























--TAB24284.775191964/cygnus.com--







From jamesd at netcom.com  Mon Jul 25 20:09:06 1994
From: jamesd at netcom.com (James A. Donald)
Date: Mon, 25 Jul 94 20:09:06 PDT
Subject: GUT and P=NP
In-Reply-To: <9407242215.AA06910@vail.tivoli.com>
Message-ID: <199407242334.QAA28120@netcom13.netcom.com>


> James A. Donald writes:
> > One can reduce all classical operations to "and", "or", and "not"
> > operations on bits.   Quantum computers include an additional 
> > operation that cannot be so reduced.
> 
Mike McNally writes
> Could you break the suspense and let us know what this special new
> operator is?

The new operator is a unitary transformation on a single bit.

Note that I am using the word "unitary" in the sense of
quantum physics, not in the sense of C language syntax
(That is unitary, not unary)

Actually this a three dimensional continuous class of
transformations.  Because it is continuous, quantum
computers tend to rapidly lose precision.

Just as any classical physical system can be simulated in
polynomial time by a Turing machine using only the operations
of boolian arithmetic, in the same way any quantum physical
system can be simulated in polynomial time using only the
operations of boolian arithmetic plus unitary transformations
on individual bits.

Of course actually building a quantum computer using only these
operations would be rather silly.  In practice one would need
to use unitary three bit operations for reasons of efficiency.

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From jya at pipeline.com  Mon Jul 25 20:09:27 1994
From: jya at pipeline.com (John Young)
Date: Mon, 25 Jul 94 20:09:27 PDT
Subject: (Fwd) Re: GUT and P=NP
Message-ID: <199407242250.SAA19286@pipe1.pipeline.com>



Forwarding mail by: sondheim at panix.com (Alan Sondheim) on Sun, 
24 Jul  3:39 AM
-------------------
>From fiction-of-philosophy-approval at world.std.com Sun Jul 24 
04:08 EDT 1994
Reply-To: fiction-of-philosophy at world.std.com


I would say that an algorithm is also a rigidly constructed 
framework 
consisting of well-defined formula within a stabilized 
potential well; as 
such it has limited operability in situations which possess 
fuzzy 
heuristics - such situations would include ordinary-language 
parsing, by 
the way, if a theoretical full-accountability is to be given. 
Eliminating 
indeterminacy and `true randomness' is eliminating the 
lifeworld itself, 
with its fuzzy heuristics not always reducible to natural law, 
even of 
the trajectory-bundles of chaos theory. So we are thrown back 
to a 
quantum computer which is reduced in the quoted text as well to 
a 
theoretical 
positioning; this is suspect since such a computer also 
functions in the 
lifeworld. If the brain in Penrose's text functions as _a_ 
quantum com- 
puter, what is the source of the singularity (_a_)? It seems to 
me that 
there is, in the real, deep fuzziness all the way around. Are 
we dealing 
with a group of logicians who have ignored Schutz? I think so, 
_precisely._

Alan







From rah at shipwright.com  Mon Jul 25 20:09:59 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 25 Jul 94 20:09:59 PDT
Subject: e$: Spamorama:  Downtown Anywhere
Message-ID: <199407242213.SAA14247@zork.tiac.net>


If you're not interested in yet another e-commerce vendor, delete away.

My POP newsgroup just put this up.  Looks like CommerceNet has some
competition.  These folks claim that they're doing something different
from secure mosaic.

I'm going web diving in DA now, and I'll tell you what I find out.

Cheers


> Path: sundog.tiac.net!max.tiac.net!cjwoods
> From: cjwoods at max.tiac.net (Chris Woods)
> Newsgroups: tiac
> Subject: Downtown Anywhere
> Date: 24 Jul 1994 20:27:59 GMT
> Organization: The Internet Access Company
> Lines: 139
> Message-ID: <30uisf$bir at sundog.tiac.net>
> NNTP-Posting-Host: max.tiac.net
> X-Newsreader: TIN [version 1.2 PL2]
> 
> This is an interesting tidbit you can check out using your WWW browser 
> (Mosaic, Chimera, Cello, Lynx, etc.). IMHO, this is laid out MUCH better 
> than many of the "popular" Web servers, such as NCSA and GNN. Check it out!
> 
> http://www.awa.com/
> 
> Here's a "Press Release" type of document:
> 
> Date: Fri, 22 Jul 1994 00:23:31 -0400 (EDT)
> From: Sandy Bendremer <sandy at awa.COM>
> To: cjwoods at tiac.net
> 
>                                      Contact:   Jonathan Schull
> For Immediate Release                           (716) 242-0348
> 
>                                                 Sanford Bendremer
>                                                 (617) 522-8102
> 
>  
> 
>    DOWNTOWN ANYWHERE BRINGS ONLINE COMMERCE TO THE INTERNET
> 
> Downtown Anywhere Inc. announced its World Wide Web-based online
> environment known as "Downtown Anywhere(sm)."  Laid out like a
> thriving metropolis, Downtown Anywhere's Museums, Libraries, and
> Newsstands provide free and friendly access to global Internet
> resources, while its Main Street allows visitors to browse goods
> and innovative services that can be purchased with a few
> keystrokes.  Downtown Anywhere boasts the first real-time
> consumer-oriented credit card processing on the Internet, and
> its innovative Personal Payment system eliminates the need for
> transmitting sensitive credit card numbers over the Internet.
> 
> The Downtown Anywhere economy integrates the technologies of its
> parent companies.  AnyWare Associates' telecommunications
> technologies, coupled with SoftLock Services' proprietary
> telephone-based purchasing systems and patent-pending password
> technologies, provide the unique capability to offer true
> electronic commerce on the Internet.  In minutes, anyone with a
> credit card and a touch-tone telephone can acquire a Personal
> Payment Password(sm) that can be used easily for online purchases
> in Downtown Anywhere, and at other participating sites.  In
> seconds, information about online purchases of physical goods or
> services is transmitted automatically by electronic mail or fax
> to the merchants offering those products.  And, if the product
> is a SoftLock-secured document or program, the purchase can be
> fulfilled instantly with the online delivery of a SoftLock
> Password, which unlocks the product on the user's system.
> 
> According to company co-founder Jonathan Schull, "We have tried
> to eliminate the technical and financial barriers that have
> tended to leave would-be merchants and consumers hitch-hiking
> beside the information superhighway.  Visitors will find
> themselves in a comfortingly familiar environment that is
> interesting and diverse."
> 
> Sanford Bendremer, co-founder of Downtown Anywhere, said, "We've
> already seen tremendous interest from small and large
> organizations, that will be joining us in Downtown Anywhere. 
> Advertisers and merchants are looking at the dramatic size and
> growth of the Internet, and they are seeing this media as a
> powerful tool to reach customers."
> 
> Bendremer added that setting up shop in Downtown Anywhere can be
> inexpensive because the company has a stake in the success of
> its clients. "We will certainly rent advertising space and prime
> virtual real estate to those who want to pay for it, but since
> we provide the transaction processing and communication services
> that can make virtual businesses succeed, we will accept
> commissions in lieu of up-front payments.  We are also committed
> to offering inexpensive accommodations to people and
> organizations that can help us increase the richness and value
> of our environment." 
> 
> The following are among the early attractions in Downtown Anywhere:    
> 
>  o  Digital Data Express: Complete Internet Training Kit
>  o  Environmentally Sound Products Inc.
>  o  The National Association for the Self-Employed
>  o  The Convention Center:  Site of the ComOnLine consumer trade shows
>  o  W.W. Norton & Company Inc.:  Sponsors of the Psychology Lab at
>        Anywhere University      
>  o  Kroch's and Brentano's Bookstore, with over 80,000 books
>  o  Reiter's Scientific and Professional Books
>  o  Waypoint Technologies Inc.:  Astrophysics and education
>  o  Chapter One Books:  A truly virtual bookstore
>  o  Digital Print Services
>  o  The Virtual Newsroom:  A special exhibit by the San Francisco
>        Examiner and Radius Inc.
>  o  Webster's Weekly:  The web's first weekly magazine of news and views
>  o  John Zakour's The Doomsday Brunette
>  o  Stories of the Virtual City:  A collaborative hypertext novel, set 
>        in Downtown Anywhere
>  o  Tom Jackson's Pro Football Update
>  o  Corinth Video
>  o  Jacobs Publishing Limited
>  o  Education Research Laboratories Inc.:  Knowledge-engineered
>        electronic references 
>  o  Lighthouse Press and the Interactive Yellow Pages
>  o  Nomad Press and Colin Haynes, author of McGraw-Hill's forthcoming 
>        Paperless Publishing
>  o  The Electronic Publishing Association
>  o  Technical Learning Resources 
>  o  Association for Library Information Management
>  o  ElectricSpace Co.:  Sound for cyberspace
>  o  Marrakesh Express: Moroccan rugs, pillows, and edification
>  o  The Downtown Anywhere Souvenir Shop
> 
> SoftLock Services Inc. and AnyWare Associates Inc. are the
> parent companies of Downtown Anywhere Inc.
> 
> SoftLock Services provides Tools and Services for electronic
> publishing, software marketing, and digital commerce.  AnyWare
> Associates provides telecommunications services, including
> FAXiNET(sm), a service that enables Internet electronic mail
> users to send and receive fax messages.
> 
> Downtown Anywhere can be accessed at http://www.awa.com/ on the
> World Wide Web using a browser such as Mosaic, Lynx, or Cello.  
> The World Wide Web is an Internet-based global hypertext network
> that is being widely acclaimed for its versatility and ease of
> use.
> 
> For more information about Downtown Anywhere and how to access
> the service, send E-mail to Downtown at awa.com, or contact
> Downtown Anywhere Inc. at 32 Woodland Road, Boston, MA
> 02130-3018, TEL: 716-242-0348, FAX: 617-522-5734.
> 
>                         - end -
> 
> 
> HAVE FUN ON THE WEB!
> 
> 
> --
>   Chris Woods         TIAC Support     cjwoods at tiac.net       support at tiac.net
>   The Internet Access Company      7 Railroad Ave.       Bedford, MA 01730 USA
>   Affordable Unix Shell, SLIP, PPP, Dedicated, Leased 56 kbps for Metro Boston
>                         email info at tiac.net for details!

-- 
Robert Hettinga (rah at shipwright.com)  "There is no difference between  
Shipwright Development Corporation     someone who eats too little
44 Farquhar Street                     and sees Heaven and someone
Boston, MA 02331 USA                   who drinks too much and sees 
(617) 323-7923                         snakes."   -- Bertrand Russell





From m5 at vail.tivoli.com  Mon Jul 25 20:10:02 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 25 Jul 94 20:10:02 PDT
Subject: GUT and P=NP
In-Reply-To: <9407241343.AA03758@vail.tivoli.com>
Message-ID: <9407242131.AA06662@vail.tivoli.com>



Mike McNally writes:
 > However, I fail to udnerstand why you do not consider the
 > programming of the quantum computer to be a non-algorithm.  

Oops.  Make that:

However, I fail to understand why you do not consider the programming
of the quantum computer to be an algorithm.

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From jgostin at eternal.pha.pa.us  Mon Jul 25 20:10:03 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Mon, 25 Jul 94 20:10:03 PDT
Subject: How to legit encryption
Message-ID: <940724171435A8Ljgostin@eternal.pha.pa.us>


tim werner <werner at mc.ab.com> writes:

> This is a neat way of expressing a good idea, but I wouldn't count on it.
> A language can probably be construed as something that can be understood by
> anyone who learns it.  Even though I speak PGP, I still can't understand
> what you say without a key.  There's probably no legal precedent for that
> yet, but look what they've done with the rest of the Constitution so far.
     Ok, what if PGP-encyphered text were argued to be COMPILED? In that
case, the original SOURCE CODE was being shared, and the COMPILER being
held secret. Source-reading keys are available upon request. Or some twist
like that. :-) What do you think? All of a sudden, we have compiled source
code being pushed around that is VERY difficult to reverse engineer
without the proper authorization.

                                        --jeff







From m5 at vail.tivoli.com  Mon Jul 25 20:10:15 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 25 Jul 94 20:10:15 PDT
Subject: GUT and P=NP
In-Reply-To: <9407241343.AA03758@vail.tivoli.com>
Message-ID: <9407242129.AA06656@vail.tivoli.com>



James A. Donald writes:
 > An algorithm is a method of solving problems.  Not everything in
 > the universe is an algorithm or equivalent to an algorithm.

Ok.

 > Suppose we have a quantum computer that solves some NP (incomplete) 
 > problem in polynomial time with order one probability..
 > 
 > A numerical simulation of that computer...

Indeed, a numerical simulation would be quite complex.  However, I
fail to udnerstand why you do not consider the programming of the
quantum computer to be a non-algorithm.  Clearly, if somebody can make
the quantum computer solve the NP problem, there must be some
technique of expressing the process.  If it's not an algorithm, what
do you call it?  (Hint: it is an algorithm.)

 > The quantum computer is not equivalent to the mindless brute
 > force algorithm for solving the problem.

Right; it executes a different algorithm.

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From jamesd at netcom.com  Mon Jul 25 20:10:46 1994
From: jamesd at netcom.com (James A. Donald)
Date: Mon, 25 Jul 94 20:10:46 PDT
Subject: GUT and P=NP
In-Reply-To: <9407241343.AA03758@vail.tivoli.com>
Message-ID: <199407242126.OAA14188@netcom13.netcom.com>


Mike McNally writes
> So are you suggesting that the definition of "algorithm" has
> an "as long as it's not too hard" clause?

No.

I said what I meant.

An algorithm is a method of solving problems.  Not everything in
the universe is an algorithm or equivalent to an algorithm.

Suppose we have a quantum computer that solves some NP (incomplete)
problem in polynomial time with order one probability..

A numerical simulation of that computer very likely involves 
evaluating every possible solution of that NP problem as
one of a great many steps, thus to describe that numerical
simulation as an algorithm for solving the problem is
meaningless or obfuscatory.  

The simulation is equivalent the mindless brute force algorithm 
for solving the problem, plus an enormous amount of garbage.  
The quantum computer is not equivalent to the mindless brute
force algorithm for solving the problem.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From Richard.Johnson at Colorado.EDU  Mon Jul 25 20:10:50 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Mon, 25 Jul 94 20:10:50 PDT
Subject: The Clipper Chip Proposal
In-Reply-To: <9407220224.AA12751@supra.comm.mot.com>
Message-ID: <199407242114.PAA04742@spot.Colorado.EDU>


  From the keyboard of:  rittle at comm.mot.com (Loren James Rittle) in an
  open letter to our Gorewellian vice president:

  I also support completely voluntary (i.e. no outside government coercion)
  encryption key escrow for all private individuals and private-sector
  companies, if they themselves so chose it.

There is, however, no reasonable reason what-so-ever for government to be
involved in this escrow.  Just as with escrow of funds during property
transactions, those involved will choose their own non-governmental
escrow agents.

A simple analogy may serve to illustrate this crucial concept for Gore:
If I wish to leave a spare house key with my neighbor while I'm on
vacation, there's no reason I have to also leave a spare key with the
cops.


Rich

--
Loudyellnet: Richard Johnson | Sneakernet: ECNT1-6, CB 429, CU Boulder
Phonenet:    +1.303.492.0590 | Internet:   Richard.Johnson at Colorado.EDU
   RIPEM and PGP public keys available by server, finger or request
   Speaker to avalanche dragons.   Do you really think they listen?





From s009amf at discover.wright.edu  Mon Jul 25 20:12:10 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Mon, 25 Jul 94 20:12:10 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <Pine.3.87.9407251452.A16249-0100000@crl2.crl.com>
Message-ID: <Pine.3.89.9407252320.A9758-0100000@discover>


On Mon, 25 Jul 1994, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On the noon news in San Francisco, there was an item of crypto
> interest.  It was about something I think they called the "Code
> Grabber."  It is a device which receives and records the coded
> RF signals used to remotely unlock car and garage doors.
> 
> The hand-held unit is a little larger than a paperback book.  It
> has a half dozen switches on it.  After you intercept someone's
> code, you can play it back anytime to control that person's car
> lock or garage door.  It's kind of like a TV universal remote.
> 
> Some politicos have already started talking about banning it, but
> I think just the publicity will guarantee a healthy black market
> in such devices.  The public will be clamoring for a solution.
> Enter the Cypherpunks.
> 
> How can this nifty burglary tool be outsmarted?  How about a
> replacement system that uses strong crypto?  The Code Grabber
> represents a great opportunity for an inventive Cypherpunk to
> make some money AND promote crypto awareness.
> 
> The questions are:  Could standard auto and garage door openers
> easily be retrofitted?  Could a "crypto remote" with its own CPU
> be made small enough to fit into a hand-held unit?  Could such a
> system be made for a reasonable cost?
> 
> 
>  S a n d y
> 
> P.S.  I bet there are some other interesting uses to which such a
>       device could put.  Any ideas?
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sandy, 
  
 When I saw that commercial for the remote control deal with the minivan 
and that nice big luxury car I thought about someone being able to 
figurethe frequency and be able to open that door and start the engine. 
Makes you think about getting one of those systems for your car. And, I'm 
sure if someone can come up with a way to encrypt those cars, they could 
make some money. The only thing is you have to hope the person who makes 
it doesn't put a back door in the crypto and that car manufacturers won't 
try and do the Clipper Stunt themselves (ie. they put in a back door)...

Aaron


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=







From rah at shipwright.com  Mon Jul 25 20:17:49 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 25 Jul 94 20:17:49 PDT
Subject: e$: NetBank
Message-ID: <199407260317.XAA17443@zork.tiac.net>


There's an outfit called NetBank, which is selling e-cash-like *certificate
numbers*, through a dial-up BBS on a 900 line, in any denomination you
want, which you can e-mail to vendors to buy stuff with. In fact all the
interactions with the bank (deposits, breaking "bills" into smaller
denominations, etc.) are done with switch codes in e-mail.

It's extremely ungainly, and it looks userous too, to the extent that they
charge 20% (each way?) to cash you in and out.  I hoovered out all the
stuff in their infobot (netbank-info at agents.com), and I really haven't
plowed through it all yet. If you folks are interested I'll summarize it
for the group and/or redirect my dumpster-divings on the subject to you
individually in e-mail. Just let me know. 'Course you're welcome to play
with their infobot yourselves, I suppose ;-).

It looks like someone did some serious work on this, folks. That's just a
philosophy major from Missouri talking, of course.  I wonder who they are?
I heard some discussion about them here, but I can't seem to find the
thread in my e$ article stash....

Cheers,
Bob Hettinga



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From nelson at crynwr.com  Mon Jul 25 20:45:10 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Mon, 25 Jul 94 20:45:10 PDT
Subject: My anonymous remailer
In-Reply-To: <199407251645.RAA15981@an-teallach.com>
Message-ID: <m0qSdTN-000I8XC@crynwr.com>


   Date: Mon, 25 Jul 1994 17:45:07 +0100
   From: Graham Toal <gtoal at an-teallach.com>

   I've been pondering this for some time.  I think it's time to try a
   new experiment in anonymous remailing.  I think that all remailers
   should close down, then open up with new addresses and a single shared
   new policy... the new policy being that each individual remailer will
   do his best to 'out' all posters - complete disclosure, log files
   available, posts available, summaries show up via finger etc etc.

Cool idea.  Looks to me like Nate's remailer does most of this already.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From hfinney at shell.portal.com  Mon Jul 25 20:51:10 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 25 Jul 94 20:51:10 PDT
Subject: Voice/Fax Checks
In-Reply-To: <199407251518.LAA22599@cs.oberlin.edu>
Message-ID: <199407260352.UAA26992@jobe.shell.portal.com>


Jonathan Rochkind <jrochkin at cs.oberlin.edu> writes:

>Physical cash works that way too; if I write down the serial numbers of all
>money that goes through my hands, then if it ever comes back into my hands
>I'm going to recognize it. It would be nice if ecash could not have this
>"flaw", but it doesn't seem vital, or even particularly important, to me.

OK, but one of the main characteristics of electronic cash is its anonymity.
If we don't care about serial numbers we can just use an RSA-signed message
from the bank saying "I'm worth $1.00" as the cash (at least in an on-line
system).  The whole reason we go through the blinding rigamorole is to make
it so that the cash is unrecognizable after transfer.  That is why I keep
raising the issue about recognizability.  You are probably right that most
people wouldn't care, though.

Hal





From frissell at panix.com  Mon Jul 25 20:55:32 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 25 Jul 94 20:55:32 PDT
Subject: "Key Escrow" --- the very idea
Message-ID: <199407260354.AA08507@panix.com>


At 09:55 PM 7/21/94 -0400, Rick Busdiecker wrote:

>One problem with what you've said is that the fourth amendment is not
>phrased in the sense in which you refer to it.  Specifically, it
>proscribes unreasonable searches and seizures.  It does not require
>the people to actively facilitate the government in `reasonable'
>searches and seizures. 

Important point to note about the Bill of Rights.  It was designed to
restrict the guvment not the peepul.

DCF

"Finally a Third Amendment violation after all these years of waiting --
Note that the DTI will require that you provide appropriate technologies to
the FBI, NSA and Military Intelligence (aka "soldiers") to spy on your
electronic activities for the good of the State.  Once you build a house in
a VR community, the only way that the Feds can spy on you is to adopt VR
"personalities" and live in that community and in everyone's houses so they
can see what's happening behind every "door."  After all, you can't find out
what's happening in a VR environment by reading a printout.  Under the DTI
you will have to support them in these "personalities." Thus you will be
forced to quarter them in your houses in peacetime.  Third Amendment
violation.  Question -- if you "kill" a Fed in a VR environment, is it a
crime?" 






From analyst at Onramp.NET  Mon Jul 25 21:09:56 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Mon, 25 Jul 94 21:09:56 PDT
Subject: e$ : NetBank
Message-ID: <199407260411.XAA28669@ns.onramp.net>


>There's an outfit called NetBank, which is selling e-cash-like *certificate
>numbers*,


8 digit numbers only. No internal checksums or verification. Merchants must
send an email message to verify that the money is previously unspent and
receive fresh bills.


>It's extremely ungainly, and it looks userous too, to the extent that they
>charge 20% (each way?) to cash you in and out.  I hoovered out all the
>stuff in their infobot (netbank-info at agents.com).

>Bob Hettinga
>


Agree about ungainliness. They aren't yet set-up with PGP or PEM, although
they say they are looking into it, so they currently suggest that if you
want to send encrypted mail, that you generate a key to be XOR'd with all
messages to and from. They do provide the C code for the encryption, though
;)

>From reading all of the info from the above infobot, it looks like they
only charge the 20% once, to the merchant when he tries to redeem
e-certificates for $USD, which they will pay out at the end of each month.
They claim in their docs that the 20% is the cost of their 900 number
service, so I suppose their business plan is to make money on the float,
since they are not charging transaction fees for making change, verifying
e-cash, etc.

If they accepted credit cards they might be in much better shape.

I would much rather see real Chaum-style electronic money, but have not yet
received a response after signing up for their beta test.

I wonder if NetBank's style of serialized e-certificates provide the 75% of
the functionality that most people need to ignore better alternatives,
especially if, as with Pr0duct Cypher's money, their is a big learning
curve to go up before they can use it.

Any pointers to other near-term e-cash systems? I am very interested in
setting this up for relatively small transactions (<$50) in the
not-to-distant future.

Thanks for info.







--
Benjamin McLemore  <analyst at onramp.net>







From rfb at lehman.com  Mon Jul 25 21:26:11 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Mon, 25 Jul 94 21:26:11 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 000
In-Reply-To: <Pine.3.89.9407242114.B17771-0100000@kaiwan.kaiwan.com>
Message-ID: <9407260424.AA11720@fnord.lehman.com>


    Date: Sun, 24 Jul 1994 22:34:43 -0700 (PDT)
    From: thumper <thumper at kaiwan.com>
    
    My main point is to just use 2.6 and let 2.3a use die off since
    everyone basically already HAS 2.6 inside AND outside of the
    U.S. . . . .

Is anyone running a remailer that uses a version of PGP that will
*NOT* deal with post-July-PGP2.6?

			Rick





From rfb at lehman.com  Mon Jul 25 22:25:06 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Mon, 25 Jul 94 22:25:06 PDT
Subject: legally circumvent the Sept 1,94 Legal Kludge, Program Part 000
In-Reply-To: <9407260424.AA11720@fnord.lehman.com>
Message-ID: <9407260523.AA12831@fnord.lehman.com>


    From: Rick Busdiecker <rfb at lehman.com>
    Date: Tue, 26 Jul 1994 00:24:56 -0400
    
    Is anyone running a remailer that uses a version of PGP that will
    *NOT* deal with post-July-PGP2.6?
    
Ummm...  I guess I meant post-August.  Whenever the legal_kludge
thingy kicks in.

			Rick





From hfinney at shell.portal.com  Mon Jul 25 22:51:08 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 25 Jul 94 22:51:08 PDT
Subject: My anonymous remailer
In-Reply-To: <199407251645.RAA15981@an-teallach.com>
Message-ID: <199407260552.WAA03454@jobe.shell.portal.com>


Graham Toal <gtoal at an-teallach.com> writes:

>I think it's time to try a
>new experiment in anonymous remailing.  I think that all remailers
>should close down, then open up with new addresses and a single shared
>new policy... the new policy being that each individual remailer will
>do his best to 'out' all posters - complete disclosure, log files
>available, posts available, summaries show up via finger etc etc.

This is a pretty radical idea, but it is tempting.  Like other remailer
operators, I get tired of fielding complaints.  I don't look at the messages
when they go through, but incorrect ones end up in my mailbox, and I may
see them by accident.  So many are obscene, name-calling, etc., that it
kind of makes you wonder after a while whether the service is worthwhile.
Of course, I do tend to see the "dregs", users who are clueless about using
the service.  Hopefully the more capable users are doing something a
little more worthwhile with it.

Then there are the constant moral dilemmas.  I got flamed pretty well
for outing Detweiler on his "Death to Blacknet" spam.  I try hard not to
look at the messages, deleting bounced mail just from the headers, etc.,
but it gets to be a pain.  In some ways Graham's suggestion to just say,
screw you, I'm going to feel free to publicize everything that goes through
my remailer, is tempting.

Still, though, I think this would do more harm than good.  I get about
20 to 40 messages a day through my remailer, and only 5 or 10 of those are
encrypted.  Switching to a policy that would require chaining and encrypt-
ing to make it useful would make it a lot harder to use the remailer.  If
I have faith that the remailer is doing some good for someone, somewhere,
then it would be bad to take that away from the people who are using it
now.  (I just did a complete search of the news spool directory here for
postings from my remailer, and found only four, two of which were duplicates
of a claim that cable companies can listen to what you are saying in your
living room.  I wonder what the traffic through my remailer is?)

The other problem I see with Graham's idea is that I'm not sure the
technology is there to provide good security in the face of this much
information.  Not many of the remailers add delay, and a lot of people don't
like it when they do.  In that case it may be easy to figure out what
path even a chained encrypted message took.  Even the delaying remailers,
if they published message sizes, would usually reveal their in-to-out
correspondance.  So I think it is premature to do this.  Until we have
remailers which can support cryptographically strong message padding
with standard message sizes, running on un-hackable systems with delays
and batching to confuse the in-out relationships, it would be counter-
productive to do what Graham suggests.

Even once we have it, there is still the question of what the remailer
network is for.  I think news posting is responsible for a large fraction
of the complaints.  But does it also provide much of the utility of the
technology?  Do people use remailers for ordinary email, or just for
broadcast-type messages?  Unless we understand what the market is for the
service it's hard to know what features to provide.  In particular, if
cleartext output is prevented, how much does that impair the usefulness of
the network?  My instinct is that it hurts a lot, although it would be nice
for the operators since it would eliminate most sources of complaints.

Hal





From berzerk at xmission.xmission.com  Mon Jul 25 23:12:32 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Mon, 25 Jul 94 23:12:32 PDT
Subject: GUT and P=NP
In-Reply-To: <9407242131.AA06662@vail.tivoli.com>
Message-ID: <Pine.3.89.9407260010.A21354-0100000@xmission>



One last word on this.  Try and represnet a continum of states by an 
infinite turing machene.  Go ahead, I dare you.  You can't.<=big period.

So, It *WOULD* *NOT* supprise me that something that is a continum 
phenomona can do something that an ordinal(descrete) machene can't do.

Berzerk.





From tcmay at netcom.com  Mon Jul 25 23:52:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 25 Jul 94 23:52:30 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <199407251802.LAA10432@servo.qualcomm.com>
Message-ID: <199407260652.XAA14458@netcom8.netcom.com>


> 
> I think we need to distinguish between encrypted *storage* and
> encrypted *communications*.  Voluntary key escrow may make sense for
> encrypted stored business files, but communications is a different
> story. Since there should be nobody out there recording packets, there
> is no need to back up or escrow the keys used to encrypt them.
> 
> Phil

But I leave nearly all PGP-encrypted messages to me in encrypted form,
using the "decrypt to screen" option. So communicated and stored
messages are largely the same.

I'm not supporting key escrow, mind you.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From norm at netcom.com  Tue Jul 26 00:11:38 1994
From: norm at netcom.com (Norman Hardy)
Date: Tue, 26 Jul 94 00:11:38 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <199407260711.AAA10426@netcom.netcom.com>


At 14:43 1994/07/25 -0700, Sandy Sandfort wrote:
>The questions are:  Could standard auto and garage door openers
>easily be retrofitted?  Could a "crypto remote" with its own CPU
>be made small enough to fit into a hand-held unit?  Could such a
>system be made for a reasonable cost?
...
Sounds like an application for a "challenge-response" system. But that
would require transmission from garage unit to car unit.

If there were syncnronized clocks then the signal could be a function of
time so that the above replay would fail. That requires only a PRNG.

Both units could compute the next password from the same PRNG but this
would require a "backspace" button on the car unit for those occasions
where the garage unit failed to hear a broadcast signal. A "reset to new
known state" for both units would be required for when the state became
hoplessly confused.







From j.hastings6 at genie.geis.com  Tue Jul 26 00:34:53 1994
From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com)
Date: Tue, 26 Jul 94 00:34:53 PDT
Subject: List Dead Again!??
Message-ID: <199407260734.AA137448079@relay2.geis.com>


Wow man.  No letters waiting?  No way.
Could be GEnie, or majordomo again. Anyone get this?
Please respond.
Kent - j.hastings6 at genie.geis.com





From tcmay at netcom.com  Tue Jul 26 00:57:19 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 26 Jul 94 00:57:19 PDT
Subject: Radio-activated locks...and protecting them
In-Reply-To: <199407260711.AAA10426@netcom.netcom.com>
Message-ID: <199407260757.AAA20761@netcom7.netcom.com>


(I've changed the thread title from "CYPHERPUNKS TO THE
RESCUE"...after all, doesn't that describe _most_ of our threads?)

Norm Hardy wrote:

> At 14:43 1994/07/25 -0700, Sandy Sandfort wrote:
> >The questions are:  Could standard auto and garage door openers
> >easily be retrofitted?  Could a "crypto remote" with its own CPU
> >be made small enough to fit into a hand-held unit?  Could such a
> >system be made for a reasonable cost?
> ...
> Sounds like an application for a "challenge-response" system. But that
> would require transmission from garage unit to car unit.
> 

This is also the motivating idea behind "zero-knowledge interactive
proof systems." Systems in which interception of the sent information
is useless to the attacker.

As Norm mentions, the "lock" (which can be many things besides garage
door openers, e.g., proximity-based door locks, or auto locks
themselves, or gun locks, etc.) needs to "do something" that
essentially creates a problem that only the key can solve. A simple
example is public key-private key: the lock demands that a message be
decrypted, or signed, or whatever, by the key.

A good project for Cypherpunks as a group to work on, which I took to
be Sandy's meaning? Well, we don't have any real group projects, and
this is unlikely to be one.

A good project for some particular Cypherpunk? Maybe. I understand the
electronic lock folks (card locks, hotels, etc.) have crypto expertise
of varying extents (and bluntly, probably more than most of us have)
and they certainly have the expertise in other areas.

Maybe an existing chip could be added to "Genie"-type openers.

But let's not forget that such a project, if it succeeded, would
result in legislation requiring Garage Door Opener Escrow.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From gtoal at an-teallach.com  Tue Jul 26 03:31:13 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 26 Jul 94 03:31:13 PDT
Subject: My anonymous remailer
Message-ID: <199407261030.LAA14216@an-teallach.com>


: Still, though, I think this would do more harm than good.  I get about
: 20 to 40 messages a day through my remailer, and only 5 or 10 of those are
: encrypted.  Switching to a policy that would require chaining and encrypt-
: ing to make it useful would make it a lot harder to use the remailer.  If

Agreed, but it would also force us to get off our butts and make integrated
remailer-aware mailers work properly, as opposed to the broken kludges
we have at the moment.  In the long term it would be for the better.
(Every single time I've tried anything fancy with chaining and encryption,
it hasn't been delivered.  And I don't consider myself incompetant.)

: The other problem I see with Graham's idea is that I'm not sure the
: technology is there to provide good security in the face of this much
: information.  Not many of the remailers add delay, and a lot of people don't
: like it when they do.  In that case it may be easy to figure out what

Again, fixing this up would be for the better good.  You can just imagine
that the FBI is already watching all remailers closely under arm-twisting
from the Software Publishers Association, not to mention the NSA doing
likewise for their own reasons.  I think we *should* force ourseles to make
traffic analysis visibly impossible.  If we can crack an anon posting
path with the same information available to an attacker who can monitor
all the lines, our system is broken.  We should put it up for peer-group
testing just like a new encryption algorithm.  I believe the security
of current remailers is a joke against a real attack.  It's *only*
good enough to hide identity from other usenet readers.  We might
as well all use only one-hop remailers and stop kidding ourselves
that the multi-hop stuff does any good at all.

(I don't believe the anti-traffic analysis support of the current remailers
is any good, which is why any postings I've made through remailers have
been single-hop in clear.  I just don't post anything that would get me
in legal trouble.  OK, maybe a couple of posts I've made would be
personally embarrassing if I were outed, but I wouldn't be by any LEAs
that were watching.  They'd just be able to use logged postings in
criminal cases)

: path even a chained encrypted message took.  Even the delaying remailers,
: if they published message sizes, would usually reveal their in-to-out
: correspondance.  So I think it is premature to do this.  Until we have
: remailers which can support cryptographically strong message padding
: with standard message sizes, running on un-hackable systems with delays
: and batching to confuse the in-out relationships, it would be counter-
: productive to do what Graham suggests.

Precisely my point.  Except I see it the other way - as long as we're
not forced to implement these measures properly, they'll never happen.

: service it's hard to know what features to provide.  In particular, if
: cleartext output is prevented, how much does that impair the usefulness of
: the network?  My instinct is that it hurts a lot, although it would be nice
: for the operators since it would eliminate most sources of complaints.

I meant that cleartext *input* should be prevented.  Cleartext output
however can be 'outed' in accordance with policy, even if it's personal
mail.  Also it can be silently dropped on the floor by the last-hop admin
without any comeback, for whatever egregious reason he chooses, or even
randomly.  It's up to the sender to pick a route that works.  If some remailer
admin (like JGdeA, or was it John Stanley?) choses to allow M.M.F postings,
then he can take the heat for them personally.

It's impossible to tell an email recipient apart from a mail to news
gateway, so we can't enforce encrypted output only, if we allow
posting.  However, the 'outing' policy makes it in people's best
interests to encrypt to the destination user if they can.

Unencrypted *mail* as well as news is also fair game for the
last-hop remailer admin to delete on his personal whim.

G

PS When I say we should out all information, I'm only talking about
information that's visible going in and out.  If we ever get my
earlier idea of chained encrypted reply-addresses to work, with
time-sensitive keys that are deleted after a few days, I'm not
suggesting publishing those keys.  Certainly, we should assume
that a few sites will be broken into, or even many sites, but
as long as one site remains uncompromised, there's a strong link
in the chain that holds up the entire chain.





From gtoal at an-teallach.com  Tue Jul 26 03:55:13 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 26 Jul 94 03:55:13 PDT
Subject: My anonymous remailer
Message-ID: <199407261054.LAA16232@an-teallach.com>


: From: Hal <hfinney at shell.portal.com>

: service it's hard to know what features to provide.  In particular, if
: cleartext output is prevented, how much does that impair the usefulness of
: the network?  My instinct is that it hurts a lot, although it would be nice
: for the operators since it would eliminate most sources of complaints.

I said in my previous post that that wasn't what I had meant, but thinking
about it, it's worth considering.  After all, if anyone really missed
the functionality of anon posting to news, people could set up news
gateways that accepted encrypted articles for posting, decrypted them,
and injected them.  Again, whoever did that would be taking direct
responsibility for what was injected, and it would cleanly decouple
the posting function from the anon remail function for those who didn't
want to do both.

G





From Anonymous  Tue Jul 26 04:49:32 1994
From: Anonymous (Anonymous)
Date: Tue, 26 Jul 1994 04:49:32 -0700
Subject: Majordomo results
Message-ID: <9407260905.AA16108@toad.com>


>>>> who cypherpunks





From Anonymous  Tue Jul 26 04:49:33 1994
From: Anonymous (Anonymous)
Date: Tue, 26 Jul 1994 04:49:33 -0700
Subject: Majordomo results
Message-ID: <9407260731.AA15144@toad.com>


>>>>     who cypherpunks





From werner at mc.ab.com  Tue Jul 26 05:05:14 1994
From: werner at mc.ab.com (tim werner)
Date: Tue, 26 Jul 94 05:05:14 PDT
Subject: Det./tmp/Nym on Netcom
Message-ID: <199407261204.IAA00679@sparcserver.mc.ab.com>


>From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
>Date: Mon, 25 Jul 1994 12:05:04 -0700
>
>	nym at netcom.com
>	tmp at netcom.com
>
>Bryant was
>at liberty to say that the user accounts "tmp" and "nym" were the same
>person.

I noticed that both tmp and nym mentioned in one of their early posts that
they had read up about cypherpunks in the archives at soda, or some such,
and that it was ok to launch right into the discussion, since he/she was up
to date with the issues.  This was followed, of course, by the usual long
and boring happy horseshit.

I also noticed a common net phenomenon: since Sue D. Nym appeared from
his/her name to be female, some men were more likely to come to his/her
defense when he/she was flamed.  This reminded me of the blurb I read in
Wired (bad magazine, I've since stopped subjecting my eyes to the green
print on red background) about men using names like "Janet" trying to
sweet-talk lesbians on IRC and eventually finding out that "Karen" was also
a man.

tw





From m5 at vail.tivoli.com  Tue Jul 26 05:36:24 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Tue, 26 Jul 94 05:36:24 PDT
Subject: GUT and P=NP
In-Reply-To: <9407242131.AA06662@vail.tivoli.com>
Message-ID: <9407261235.AA00455@vail.tivoli.com>



berzerk at xmission.xmission.com writes:
 > One last word on this.  Try and represnet a continum of states by an 
 > infinite turing machene.  Go ahead, I dare you.  You can't.<=big period.

Could I not let each position on the tape represent a real value in
[0...1]?

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From rarachel at prism.poly.edu  Tue Jul 26 06:06:04 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Tue, 26 Jul 94 06:06:04 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <Pine.3.87.9407251452.A16249-0100000@crl2.crl.com>
Message-ID: <9407261252.AA19317@prism.poly.edu>


8086's are very cheap these days.  They have enough computing power to run
something like IDEA, albeit very slowly.  I'd use a challenge/response method
with something like this, because you have to keep in mind that encrypted
signals can just as easily be captured.

You'd need a clock on the garage controller.  CMOS clock chips
anyone?  It doesn't have to be acurate to the second, but certainly to the
minute, and have date, month and year available to it.   The garage opener
would receive a signal from the remote, issue a challenge code based on a
hash of the time/date + some random numbers.  The remote would encrypt this
hash with the owner's IDEA key and send back the response.

Both units would need some sort of keypad to program the codes into them.  A
backup batery for both sides is also important along with a warning that
the main battery has failed.  You wouldn't want to lose access to your garage.

I suppose some backup entry system would also help... a two key system (using
physical keys with high security mushroom pin locks, etc.)  Remember that should
the remote opener fail, the driver would be damned pissed at crypto and we
want him very happy.





From ravage at bga.com  Tue Jul 26 06:06:26 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 26 Jul 94 06:06:26 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <Pine.3.87.9407251517.A3557-0100000@crl.crl.com>
Message-ID: <199407261305.IAA03020@zoom.bga.com>


> 
> REMOTE CONTROL--In addition to denying access to your files by
> encrypting, you might want to *change* them in some way *after*
> your computer has been seized/stolen.  Pagers are cheap.  They
> can be pinged no matter where they are located in their service
> area.  They can be accessed from any phone (even a jailhouse
> payphone).  And they are small enough to be wired into your
> computer.  It souldn't be too difficult to fix it so your
> computer can read transmitted numbers from the pager's memory.
> Code numbers could be used to tell your computer to take various
> actions.  Depending upon your circumstances, you could tell your
> computer to decrypt this or that set of files, to reformat the
> hard drive, to fry the CPU, etc.
>
This would of course assume that the police were silly enough to
use the disk and such from your machine in your machine. From my 
experience w/ Mentor and Erik Blookaxe during Operation Sun Devil this
is not very realistic. As I understand it they took the floppies and the
hard drives out of the original machines and used them on their own. This
was in case their was any 'time-bombs' installed. Another aspect would
be that the machine would have to be turned on. Also it would only work
once. Thereafter they would either examine the equipment in a Farady Cage
or else start doing pager rental scans prior to seizure.

> LITTLE BROTHER INSIDE--Even better than a pager, would be a cell
> phone.  It would be more expensive, but also more versatile.  In
> addition to giving instructions to your computer, a cell phone
> could be used to *eavesdrop* on the location where your computer
> is being held.  By disabling the ringer and remounting the
> mouthpiece, you could surreptitiously call your computer, any
> time, from any phone and monitor conversations in the area.  (To
> paraphrase an old military curse, "bug the bugging buggers.")  As
> long as the computer is plugged in, the cell phones batteries
> will continue to be topped off.  (For the truly thorough privacy
> advocate, a GPS unit could be hooked into the cell phone to give
> you its location.)
>
There is a move here in Austin, TX to put GPS rcvrs. in our police cars
and then transmit the data back to base over their laptop channels.






From ravage at bga.com  Tue Jul 26 06:13:50 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 26 Jul 94 06:13:50 PDT
Subject: Forward secrecy
In-Reply-To: <9407251923.AA04133@ah.com>
Message-ID: <199407261313.IAA03263@zoom.bga.com>


> 
> I agree.  Each public key creates a different encoding, or a different
> language, as it were.  These encodings/languages are all related, but
> mutually incomprehensible.  Encryption software has the capability to
> read any of these languages because it is multi-purpose software.
>
One possible hole here is that since they share a commen algorith then
the algorithm is the 'language' and not the actual messages. This would
mean that you are each using the same language. There is also the aspect
of once discovered you could be charged with obstructing justice which
has very stiff penalties.

> 
> Here, then, is the connection back to the original issue.  The courts
> distinguish between acts of speech (fifth amendment protection) and
> supplying objects, such as a subpoena provide the key to a safety
> deposit box.  As Marc Rotenberg once put it to me, the court cannot
> require you to incriminate yourself, but they can require you to
> participate in your own downfall.  Forward secrecy protects you
> against court order, because you cannot be held in contempt of court
> for not providing something that doesn't exist.  If you destroy your
> keys in a timely fashion, your exposure is limited to the time since
> the last key change.
>
They make you participate by giving you immunity in which case you have no
choice but to reveal it or go to jail. Either way somebody is going to jail.
As to self-incrimination, gee, I thought that was the whole purpose of calling
witnesses and such, either to discredit themselves (which is equivalent to
incriminating oneself if you are the defendant) or to incriminate others (and
here we are back to immunity). 

While it is true you can't be held in contempt of court for not providing 
something that doesn't exist they can get you for destroying evidence.






From nelson at crynwr.com  Tue Jul 26 06:49:00 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Tue, 26 Jul 94 06:49:00 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <199407260711.AAA10426@netcom.netcom.com>
Message-ID: <m0qSmuj-000I8XC@crynwr.com>


   Date: Tue, 26 Jul 1994 00:11:34 -0700
   From: norm at netcom.com (Norman Hardy)

   At 14:43 1994/07/25 -0700, Sandy Sandfort wrote:
   >The questions are:  Could standard auto and garage door openers
   >easily be retrofitted?  Could a "crypto remote" with its own CPU
   >be made small enough to fit into a hand-held unit?  Could such a
   >system be made for a reasonable cost?

   Sounds like an application for a "challenge-response" system. But that
   would require transmission from garage unit to car unit.

   If there were syncnronized clocks then the signal could be a function of
   time so that the above replay would fail. That requires only a PRNG.

Why not generate a random number, checksum it, and sign it using a
public key?  Or is that overkill?

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From rarachel at prism.poly.edu  Tue Jul 26 06:51:49 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Tue, 26 Jul 94 06:51:49 PDT
Subject: My anonymous remaile
In-Reply-To: <199407261030.LAA14216@an-teallach.com>
Message-ID: <9407261338.AA19987@prism.poly.edu>


Again, the best way to build a secure remailer is to have one that sends a
fixed "remailer-packet" to other mailers for internal communication with other
remailers on the "network"

These packets should all be super-encrypted and of a fixed size.  This size
should be as small as possible.  Say around 200K or so.  Why?  Because this
serves to prevent email spamming by severly delaying a message.   Also if there
is some quota of say, no more than 100 messages a day from a user, it serves
to limit spamming quite a bit.

Basically all incoming mail is spooled on the remailer's hard drive in encrypted
form by the remailer.  When a new message is sent to the remailer, the remailer
will go through all the received messages and look for duplicate messages and
also count the number of messages sent by the user who just submitted another
one.

At the end of the day, at a certain hour agreed upon by the remailer operators,
the remailer will split up its cached messages and split them among several
remailers with a RANDOM number of hops set in the message.  These packets will
then be randomly padded inbetween messages with null messages which would be
eaten by the receiving remailer.  The padding serves to limit traffic analysis
and the automatic hop number helps idiot users from being caught.

The packets will then be compressed and then would be encrypted with the 
respective public key of the target remailer and sent as a fixed sized block
again with rand padding at the end... perhaps via ftp or some other protocol,
but not necessarily via sendmail.  Having them as binary makes them easier to
handle than by sendmail...

When the packet is received by a remailer it would first decrypt it, then
decompress it, then remove null messages, then decrement the number of hops
and if it's zero, it would invoke sendmail to send them.

I strongly suggest that the remailer packet protocol be openly published so that
users can build their own packets to forward to remailers in encrypted form
rather than using sendmail.  I suppose that using sendmail to a remail should
still be allowed, but slowly phased out so as to force users to encrypt their
email.  Client software can be written for Windoze and Macs to use TCP/IP or
even Zmodem a packet into a remailer.

You may think that spamming can still occur by allowing users to send packets
themselves, however if the recepient remailer will limit the size of a packet
it will receive to a very small size (especially if it's coming from an unknown
site,) and refuse to receive more than one packet per day from that site, it
would prevent a lot of spamming and creeping detweilerism.

Perhaps remailers can work out a set of special private keys which they share
between them to speed up mail, or the size of the packet can be increased for
remailer-remailer transfers.

Anyhow, the system has to be balanced so that mail gets there in at most a
day or so, at best only a few hours depending on how often remailers talk to
each other.  If traffic at a remailer should suddenly increase, the remailer
should issue instructions to the other remailers that it'll send larger packets
or send more often.  But only after it receives permissions from the other
remailers should it send.

Perhaps if a remailer is too filled it should bounce a message to the sender
(if it knows his/her address...) or perhaps they can be polled to see if they're
busy, or better yet, the message can be forwarded to another remailer in the
old fashioned way (losing some security I guess)





From wrevans at oceanus.mitre.org  Tue Jul 26 06:53:46 1994
From: wrevans at oceanus.mitre.org (Ward R. Evans)
Date: Tue, 26 Jul 94 06:53:46 PDT
Subject: GUT and P=NP
Message-ID: <9407261352.AA07140@oceanus.mitre.org>


>berzerk at xmission.xmission.com writes:
> > One last word on this.  Try and represnet a continum of states by an 
> > infinite turing machene.  Go ahead, I dare you.  You can't.<=big period.
>
>Could I not let each position on the tape represent a real value in
>[0...1]?
>
Nope,
        You'd still have only a countable number of states and the
cardiality of [0..1] is not countable.  I think that a simple
diagonalization argument would show that one would need an uncountable
number of infinite turing machines to represent a continum of states.
Ward R. Evans

wrevans at mitre.org
voice: (703) 883-7631
fax:   (703) 883-1363






From rarachel at prism.poly.edu  Tue Jul 26 07:16:05 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Tue, 26 Jul 94 07:16:05 PDT
Subject: Steve Winter Declares War in Cyberspace
In-Reply-To: <199407250533.WAA24620@kaiwan.kaiwan.com>
Message-ID: <9407261402.AA20504@prism.poly.edu>


> **********************************************************************
> F I D O  N E W S --                   Vol.11  No.29    (18-Jul-1994)
> ----------------------------------------------------------------------
> 
> The FIDO Crucifixion
> by Steve Winter (1:18/98)
> 
>  Some of you out there have been giving me a lot of bad press
> lately. I don't really care because the bible tells me that false
> christian scum will try to deter me from my mission to correct the
> lies and Satan-influenced false teachings of deviant so-called
> pastors. I don't care. They can flay my skin, draw and quarter me
> and even take steps to censor me in FIDO, but I will carry on.

This isn't the middle ages bub, nobody is going to flay you, nor will
anyone draw and quarter you.  However you may face bars infront of you
if you spread viruses or incite others to hack and spread viruses.  Do
you remember what happened to Rob Morris Jr?  He's the guy who unleashed
the internet worm.  Although his intentions weren't as evil as yours, he
did spend some jail time + lots of comunity time.

>  Recently, I became aware of a new threat to the true church of
> Jesus,that being these people who call themselves "Pagans". They
> should more properly call themselves Heathens or even Satanists.
> Yes, I have investigated many of these new age BBSs and I have only
> one thing to say. THEY MUST GO!!

Sorry Bub, but yer too late.  One of the niceties of living in this
country is that you can be a demented Christian as easily as a demented
[fill in any religion] as well as a non-demented [fill in any religion.]

Christianity may be one of the most popular of religions in the world,
however it isn't the only one out there, and your demands that Pagan
BBS's be removed is unconstitutional.  Now that you've foolishly asked the
whole of Fidonet to break in and upload viruses to these systems, you've
opened yourself up for some serious jail time.   Now any hacker who is
busted can say "Oh, I was simply doing the work of God as inspired in me
by Steve Winter."

Now, lest we forget, viruses spread quite nicely.  Keep in mind that your BBS
may also be hit by the self same viruses you ask others to install.  
Unlike you, viruses, human or electronic, do not discriminate by religion or
anything other than whether or not they can execute their malicious instructions

>  The devil will not be allowed to exert domain where Jesus rules
> King. We shall persue these godless satanic groups until the last
> one has been exorcised or given over to the Lord for disposal. We
> must seek them out and destroy their places of depravity and
> destroy their rings of stone and their alters where babies are
> sacrificed to appease their lord and master Satan himself. Good
> Christians everywhere must join together to eradicate this
> unwholesome threat to the very fibre and existance of mankind, and
> we must do it NOW!

If you have proof that certain pagan organizations have sacrificed babies as
you claim, feel free to report them to the proper authorities.  If this is just
speculation on your part of "Oh, they ain't Krishtuns, so they must be
deveel wurshipurs" take a chill.  I have found that if anything Christians are
far  more dangerous folks than the "satanists" you suppose exists.

Keep in mind that Satanism is a Christian concept.  Very few religions have any
such concept as a "devil" or even of a malicious entity which could be called
a devil.  Also, I'd like to point out that several Christian holidays didn't
start out that day.  Christ wasn't born on December 25.  Dec 25 was chosen
because it coincided with the Roman Saturnalia festival, a festival for Saturn.
The reason they chose to pick Dec 25 is so they would not be persecuted by
the non-Christian Romans who were in power.  Later they used this date to 
help conver Romans over to Christianity.

Also, may I remind you Christ's message was not one of waging war against other
religions, it was to spread love and brotherhood.

There are and have been enough religious crusades that have ended up in
severe bloodshed.  Most of these in the past were done by Christians.  These
days you have religiously overzealous fanatic terrorists.  You might not have
realized it but >EVERY< religion claims to be the only "valid" one, and every
country which is zealously religeous believes that they are the "chosen ones"

Now, how do you suppose it is possible for ALL of them to be right when they
are all spewing the same old shit?  Now before you state Christianity IS the
only one, let me point again, they all share the same views.  So it's part of
the same pile.

 
>  I am asking the following of every Christian FIDO reader that
> can see this message to disrupt, destroy and do away with every
> pagan BBS in their area. Crash their their boards, and upload
>                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> viruses, what ever you need to do. These are scum of the earth
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> and if I had MY way these idiots would be swinging from lamp posts
> like Mussolini did after World War II. Let the dogs eat their flesh
> and the bones be crushed under the feet of the legions of God's
> people.
> 
>  If we all can get together on this ONE thing, we can eradicate
> this threat to mankind within 6 months. Call your local police and
> report these deviants. Report their crimes against children and if
> possible, infiltrate them so that we can accumulate a listing of
> these disgusting pawns of Satan. We must act now or surrender FIDO
> to the Satan controlled minions of the dark side of man. Crush them
> like the vermin they are. THIS IS WAR!

Yes, this perhaps is a very similar speech the Turks heard when they decided to
decimate all Armenians in the early part of this century, ditto for the
Nazi's, the KKK, and undoubtedly the same kind of speech given to ALL soldiers
including those in the USA before they stormed in some enemy and exterminated
them.  Don't believe me?  I have a friend who was in Desert Storm.  His training
included daily doses of "Let's kill them desert niggers."

Such despicable nonsense cannot be tolerated.  Chill out or you may find yourself
in big trouble with the law.





From nzook at math.utexas.edu  Tue Jul 26 08:24:22 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Tue, 26 Jul 94 08:24:22 PDT
Subject: GUT and P=NP
Message-ID: <9407261520.AA11661@vendela.ma.utexas.edu>


>berzerk at xmission.xmission.com writes:
> > One last word on this.  Try and represnet a continum of states by an 
> > infinite turing machene.  Go ahead, I dare you.  You can't.<=big period.

>Could I not let each position on the tape represent a real value in
>[0...1]?

>| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
>| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
>|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |

HAHAHAHAHAHAHAHAHAHAHA  ROFL HAHAHAHAHAHAHAHAHAHAHA

Okay.  So I should be so rude.  People please.  When someone, especially
like berzerk or tcmay makes a strongly definitive statement, PLEASE try
not to show your ignorance to the whole group.

Cantor demonstrated, near the turn of the century, that no such system
can represent all reals in [0,1].  Boring technical explanation follows.

Let f be a function from the integers to [0,1].  Note that the Turing
tape has precisely one space for each integer, so this function cooresponds
to your idea.

I claim that f is not onto.  (ie: you cannot represent all reals this way.)
Write a decimal expansion for each elment in the range of f, and order
them as follows:

f(0) = .d(1,1) d(1,2) d(1,3) d(1,4) ....
f(1) = .d(2,1) d(2,2) d(2,3) d(2,4) ....
f(-1)= .d(3,1) d(3,2) d(3,3) d(3,4) ....
f(2) = .d(4,1) d(4,2) d(4,3) d(4,4) ....
f(-2)= .....

construct a, in [0,1], as follows:
let g be a function from {0,1,2,3,4,5,6,7,8,9} to {5,6} s.t. g(x) = 5 if
x>5, g(x) = 6 if x < 6.
Let a = sum for i = 1 to infinity of g(di,i)/10^i.

I claim that a is not in the range of f.
Is f(0) = a?  No, the first digits differ.
Is f(1) = a?  No, the second digits differ.
Is f(-1)= a?  No, the third digits differ.

You get the picture.  There are a couple of small details left out, you
should be able to fill them in.

Historical note:  I believe that is the original construction.
Further historical note:  You can see the germ of Godel's work here.

Nathan






From MaraW at fs-gate.uchicago.edu  Tue Jul 26 08:30:17 1994
From: MaraW at fs-gate.uchicago.edu (Whitney, Mara)
Date: Tue, 26 Jul 94 08:30:17 PDT
Subject: Local Cypherpunks (?) group
Message-ID: <2E3529CD@FS-GATE.UCHICAGO.EDU>


Is there any interest in establishing a local (Chicago area) equivalent of 
the bay area Cypherpunks which meets in physical (as opposed to cyberspace ) 
form. Topics to be addressed include issues of privacy, security, 
cryptography and ....

Anyone interested please respond to this email address. I may not get back to 
your immediately. I will be out of town 7/29 - 8/10. Oh, please pass this 
along to anyone you think would be interested.

Mara





From m5 at vail.tivoli.com  Tue Jul 26 08:43:22 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Tue, 26 Jul 94 08:43:22 PDT
Subject: GUT and P=NP
In-Reply-To: <9407261520.AA11661@vendela.ma.utexas.edu>
Message-ID: <9407261542.AA03740@vail.tivoli.com>



nzook at fireant.ma.utexas.edu writes:
 > Let f be a function from the integers to [0,1].  Note that the
 > Turing tape has precisely one space for each integer, so this
 > function cooresponds to your idea.

Can you (without being an asshole) explain why exactly each tape
position may contain only a simple integer?  It's perfectly reasonable
to define the tape alphabet to be an arbitrary set; can the set not
be uncountably infinite?  If not, why not?

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From sandfort at crl.com  Tue Jul 26 08:44:08 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 26 Jul 94 08:44:08 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <9407261252.AA19317@prism.poly.edu>
Message-ID: <Pine.3.87.9407260818.A728-0100000@crl2.crl.com>


C'punks,

On Tue, 26 Jul 1994, Arsen Ray Arachelian wrote:

> 
> You'd need a clock on the garage controller....The garage opener
> would receive a signal from the remote, issue a challenge code based on a
> hash of the time/date + some random numbers.  The remote would encrypt this
> hash with the owner's IDEA key and send back the response.

Am I missing something here?  Why would you need a clock?  What I had in 
mind was something like:

	1--The owner presses the "open" button on the remote.
	2--The remote sends an "ask me" signal to the door unit.
	3--The door unit transmits a random number in the clear.
	4--The remote encrypts and signs the random number using
	   its unique private key.
	5--The door unit decrypts and compares the numbers, using
	   the remotes public key.
	6--If the numbers match, the door opens.  QED.

Adjusting my flame retardant underwear,


 S a n d y

P.S.  For most car and garage doors, relatively short (32 bit?) keys 
      should be more than sufficient, I would think.
 










From sandfort at crl.com  Tue Jul 26 08:49:42 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 26 Jul 94 08:49:42 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <199407261305.IAA03020@zoom.bga.com>
Message-ID: <Pine.3.87.9407260827.A728-0100000@crl2.crl.com>


C'punks,

On Tue, 26 Jul 1994, Jim choate wrote:

> . . .
> This would of course assume that the police were silly enough to
> use the disk and such from your machine in your machine. From my 
> experience w/ Mentor and Erik Blookaxe during Operation Sun Devil this
> is not very realistic....Also it would only work
> once. Thereafter they would either examine the equipment in a Farady Cage
> or else start doing pager rental scans prior to seizure.

I'm not so sure.  Operation Sun Devil was a more sophisticated operation 
than the average cops run.  Cops, for the most part, are incredibly lazy 
and stupid.  I think you could count on lots of them not doing it right.


 S a n d y








From hfinney at shell.portal.com  Tue Jul 26 09:08:13 1994
From: hfinney at shell.portal.com (Hal)
Date: Tue, 26 Jul 94 09:08:13 PDT
Subject: e$ : NetBank legality
Message-ID: <199407261609.JAA09522@jobe.shell.portal.com>


I'm curious about the legality of NetBank in the context of our earlier
discussions about demand deposits and Chaum cash.  These people will take
your money and give you electronic tokens, and they will take the tokens
and give you cash (minus 20%).  Does this sound legal?  Are they a bank?

I wonder what their tax liabilities are.  Sales tax on selling the tokens?
Is this a barter system?  If so, they're supposed to get SS#'s and such.
Maybe you have to give that information if you sign up as a vendor, but
legally I'd think ordinary users would have to be reported to the IRS
as well, and it doesn't sound like they're doing that.

This whole thing sounds pretty questionable legally.  It will be interesting
to see how it comes out.

Hal






From huntting at glarp.com  Tue Jul 26 09:26:45 1994
From: huntting at glarp.com (Brad Huntting)
Date: Tue, 26 Jul 94 09:26:45 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <199407260711.AAA10426@netcom.netcom.com>
Message-ID: <199407261607.KAA02397@misc.glarp.com>



> Sounds like an application for a "challenge-response" system. But that
> would require transmission from garage unit to car unit.

> If there were syncnronized clocks then the signal could be a function of
> time so that the above replay would fail. That requires only a PRNG.

> Both units could compute the next password from the same PRNG but this
> would require a "backspace" button on the car unit for those occasions
> where the garage unit failed to hear a broadcast signal. A "reset to new
> known state" for both units would be required for when the state became
> hoplessly confused.

I think a simple key seeded MD5 work work fine for garage doors:

The remote can transmit: (n, M(n^k))

Where n is random (and so doesn't repeat often), k is a shared key
known only to the remote and the door opener, and M is a reasonably
strong hash function.  k could be set by a bank dip switches, but
to get a large enough key space would require alot of switches.


brad





From norm at netcom.com  Tue Jul 26 09:27:08 1994
From: norm at netcom.com (Norman Hardy)
Date: Tue, 26 Jul 94 09:27:08 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <199407261626.JAA19501@netcom.netcom.com>


At 09:51 1994/07/26 -0400, Russell Nelson wrote:
>Why not generate a random number, checksum it, and sign it using a
>public key?  Or is that overkill?
...
Seems good. But to thwart replay of the signed message the garage unit must
never accept the same signed number twice. How about the car unit signing
successive numbers. The garage unit would remember the last number that it
accepted and only accept signed numbers larger than that. Garbled
transmissions would then cause no problems. They would be fixed by yet new
transmissions, just as with current units.







From norm at netcom.com  Tue Jul 26 09:37:56 1994
From: norm at netcom.com (Norman Hardy)
Date: Tue, 26 Jul 94 09:37:56 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <199407261637.JAA21688@netcom.netcom.com>


At 09:51 1994/07/26 -0400, Russell Nelson wrote:
>Why not generate a random number, checksum it, and sign it using a
>public key?  Or is that overkill?
...
Seems good. But to thwart replay of the signed message the garage unit must
never accept the same signed number twice. How about the car unit signing
successive numbers. The garage unit would remember the last number that it
accepted and only accept signed numbers larger than that. Garbled
transmissions would then cause no problems. They would be fixed by yet new
transmissions, just as with current units.

P.S. Better yet: There is no need of Public key technology. It suffices for
the car unit to send DES(k, n) on the nth transmission. k is a constant
secret key shared between car unit and garage unit. Garage unit decodes and
verifies that n is greater than it has seen before.







From baum at apple.com  Tue Jul 26 09:44:24 1994
From: baum at apple.com (Allen J. Baum)
Date: Tue, 26 Jul 94 09:44:24 PDT
Subject: Hotel locks (was:Radio-activated locks, RESCUE...)
Message-ID: <9407261643.AA12460@newton.apple.com>


> I understand the
>electronic lock folks (card locks, hotels, etc.) have crypto expertise
>of varying extents (and bluntly, probably more than most of us have)
>and they certainly have the expertise in other areas.

I've been told that the way that hotel locks work is simple LFSR type
technology.

The chip recognizes some key pattern, and generates a sucessor key.
If a card is inserted that doesn't match the primary key, it checks the
sucessor key. If that matches, the successor becomes the primary, and a new
successor is generated.

The machine at the front desk knows where in the sequence the a particular
lock is, and simply generates a sucessor whenever a new key is asked for.
So, there doesn't need to be any communication between the desk and the
lock when a new key is generated. Note that after you get a new key, the
old one will still work until the new key is used.

Note that there is more than one primary key; there are 'master' keys for
the staff, and presumably that can be used to reset the key if the sequence
gets
lost. Of course, who knows what happens if the master sequence get lost to
a battery burp- maybe a separate ID number/lock? (as opposed to the huge
back door of a permanent, single, masterkey...)

Clever little system, yes?

**************************************************
* Allen J. Baum              tel. (408)974-3385  *
* Apple Computer, MS/305-3B                      *
* 1 Infinite Loop                                *
* Cupertino, CA 95014        baum at apple.com      *
**************************************************







From ravage at bga.com  Tue Jul 26 09:51:09 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 26 Jul 94 09:51:09 PDT
Subject: Garage Door opener, etc...
Message-ID: <199407261650.LAA12122@zoom.bga.com>


Hi all,

Seems to me the way to do this is to 'dock' the receiver and xmitter prior
to leaving (could rationalize it by also doing battery charging at this
time) and each time they share a unique one-time pad.

Plug-N-Play so to speak...

Take care.






From juola at suod.cs.colorado.edu  Tue Jul 26 09:54:05 1994
From: juola at suod.cs.colorado.edu (Patrick Juola)
Date: Tue, 26 Jul 94 09:54:05 PDT
Subject: GUT and P=NP
Message-ID: <199407261653.KAA22721@suod.cs.colorado.edu>


  > > One last word on this.  Try and represnet a continum of states by an 
  > > infinite turing machene.  Go ahead, I dare you.  You can't.<=big period.
  
  >Could I not let each position on the tape represent a real value in
  >[0...1]?
  
  Cantor demonstrated, near the turn of the century, that no such system
  can represent all reals in [0,1].  Boring technical explanation follows.
  ['cept it doesn't 'cause I edited it out.]

Perhaps I misunderstood the original poster, but I assumed that
s/he was suggesting simply encoding a particular real number into
the infinite tape using standard binary encoding.  There's no
cardinality problem there at all -- but of course the tape will only
hold a single real number.  Standard tape compression techniques
will buy you enough space for a countably infinite set of reals.

Of course, the dead hand of Cantor forbids a continuous set of reals
encoded onto a TM, but we all know that he's just a Dead White Male
and therefore can be ignored.... 8-)

	- kitten
  





From rah at shipwright.com  Tue Jul 26 09:58:11 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 26 Jul 94 09:58:11 PDT
Subject: Steve Winter Declares War in Cyberspace
Message-ID: <199407261656.MAA26560@zork.tiac.net>


At 10:02 AM 7/26/94 -0400, Arsen Ray Arachelian wrote:

uh, Ray?...

You just sent mail, cc'd to cypherpunks, so he knows where we are for
spamming purposes, to what appears to be king-hell spammer of the
universe...

The original posting seems to be from someone who was warning us about him,
and included it as a public service for reference purposes, though I'm not
sure what it has to do with the cypherpunks' charter...

Sending a reply to that vitriol back to the list probably won't do any harm
(you may get ribbed for not reading the headers in the message, maybe), but
sending it to *him* with a "cc:cypherpunks at toad.com" on the message might
have been a bad idea, yes?

Pissfights with Detweiller about the central purposes of this list were bad
enough, but a fundamentalist jihad we probably don't want.

Be careful with that "reply to all" function...

Cheers,
Bob


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From juola at suod.cs.colorado.edu  Tue Jul 26 10:03:03 1994
From: juola at suod.cs.colorado.edu (Patrick Juola)
Date: Tue, 26 Jul 94 10:03:03 PDT
Subject: GUT and P=NP
Message-ID: <199407261700.LAA22817@suod.cs.colorado.edu>


  
  nzook at fireant.ma.utexas.edu writes:
   > Let f be a function from the integers to [0,1].  Note that the
   > Turing tape has precisely one space for each integer, so this
   > function cooresponds to your idea.

  m5 at vail.tivoli.com (Mike McNally) responds
  Can you (without being an asshole) explain why exactly each tape
  position may contain only a simple integer?  It's perfectly reasonable
  to define the tape alphabet to be an arbitrary set; can the set not
  be uncountably infinite?  If not, why not?

Well, the "standard" in all the language stuff precludes infinite alphabets
just as it precludes infinite-length programs.  In fact, it's fairly
easy to demonstrate an equivalence betweeen the two.  I've been working
off-and-on (mostly off) for the past ten years or so trying to rewrite
Hopcroft and Ullman for the case of infinite alphabets of various
sizes, and in general, *none* of the theorems hold for problems
describably in a single input symbol.

>From a practical standpoint, of course, it's even harder to build an
infinite tape with an uncountable alphabet than to build an infinite
binary tape.  More generally, the problems of *programming* such a
machine are immense -- there are some very important real world
continuity/expressability properties about what sort of symbols can
be transformed into what other symbols.  Without highly discontinuous
and chaotic transformations that are informationally incompressible,
you don't get any more computational power than a standard TM.

	- kitten







From hughes at ah.com  Tue Jul 26 10:05:00 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 10:05:00 PDT
Subject: GUT and P=NP
In-Reply-To: <9407261520.AA11661@vendela.ma.utexas.edu>
Message-ID: <9407261643.AA05818@ah.com>


   Okay.  So I should be so rude.  People please.  When someone, especially
   like berzerk or tcmay makes a strongly definitive statement, PLEASE try
   not to show your ignorance to the whole group.

Famous last words?

   Cantor demonstrated, near the turn of the century, that no such system
   can represent all reals in [0,1].  Boring technical explanation follows.

I think you've completely missed the point.  The proposed
computational device had as its symbol alphabet an uncountable set.
It's a perfectly good mathematical abstraction.  It's doesn't matter
that it can't be implemented.

And let's not call such a machine a Turing machine, OK?  Turing goes
on at great length in his original paper about how the symbols can't
be too similar to each other.

And to answer the point of another writer, this machine may have only
finitely many states, but the state transition table, being the
cartesian product of the states and the symbols, is also uncountable.
In fact, I would suspect that such a machine only needs a single
state; an interesting bit of research, to be sure.

Eric





From nzook at math.utexas.edu  Tue Jul 26 10:05:22 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Tue, 26 Jul 94 10:05:22 PDT
Subject: GUT and P=NP
Message-ID: <9407261702.AA11795@vendela.ma.utexas.edu>






From hughes at ah.com  Tue Jul 26 10:10:51 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 10:10:51 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <m0qSmuj-000I8XC@crynwr.com>
Message-ID: <9407261649.AA05830@ah.com>


   Why not generate a random number, checksum it, and sign it using a
   public key?  Or is that overkill?

That's overkill.  For an affordable microprocessor for the price point
of an electronic lock, you can't do a modular exponentiation in a
reasonable amount of time.  A two-second delay is likely too long for
_mass_ market, even if certain markets would bear it.  Sandy also
suggest public key.

A shared secret key for a symmetric cipher is sufficient, since the
binding between a single garage and a single opener is usually not
broken.  If your opener had to work with multiple doors, and if the
usual case pertained where two people share the permission to open
some doors but not others, then public key woudl be needed.

So you can do challenge/response, but there's no need to use public
key.  DES would be sufficient.

Eric





From gtoal at an-teallach.com  Tue Jul 26 10:38:01 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Tue, 26 Jul 94 10:38:01 PDT
Subject: My anonymous remaile
Message-ID: <199407261736.SAA25510@an-teallach.com>


: At the end of the day, at a certain hour agreed upon by the remailer operators,
: the remailer will split up its cached messages and split them among several

All sounds reasonble *except*... this is the internet, man!  We can afford
to do this once every 15 minutes, can't we?

G






From hughes at ah.com  Tue Jul 26 10:41:05 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 10:41:05 PDT
Subject: Forward secrecy
In-Reply-To: <199407261313.IAA03263@zoom.bga.com>
Message-ID: <9407261719.AA05920@ah.com>


   One possible hole here is that since they share a commen algorith then
   the algorithm is the 'language' and not the actual messages. 

The algorithm does _not_ completely specify the encoding of plaintext
into ciphertext.  Therefore the algorithm cannot be considered a
language, since it's incomplete.

   There is also the aspect
   of once discovered you could be charged with obstructing justice which
   has very stiff penalties.

I am baffled as to what you could possibly mean here.  It sounds
ridiculous to me.

   They make you participate by giving you immunity in which case you have no
   choice but to reveal it or go to jail. 

This is not what immunity is.  Immunity is given for testimonial
evidence that would be self-incriminating.  By immunizing the witness
before testimony, the testimony, which would then be tantamount to a
confession, is no longer incriminating, that is, the testimony no
longer turns the witness into a criminal in the eyes of the law.  With
the presumption of innocence, it is _conviction_ that makes one a
criminal, not commission of a criminal act.

   While it is true you can't be held in contempt of court for not providing 
   something that doesn't exist they can get you for destroying evidence.

"Destroying evidence" only happens when the materials are destroyed
after they are considered evidence.  If you shred papers that contain
incriminating conversations before anybody asks for them, that's not
destroying evidence, because at the time of destruction the papers
weren't evidence.  This is true even if you think you are under
investigation.  You have no responsibility to cooperate in advance.

Since court proceedings are a highly structured form of social
epistemology (finding out the truth), if there is no proof that
destruction occurred, or insufficient proof that you did the
destruction, there is no conviction.

Consider Sandy's "little brother inside" idea.  What he left out was
the two-hour UPS battery, also inside, so that when seizure happens
the machine can't be turned off.  You'd have to disable the off
switch, of course.

Now, immediately after seizure, you call up the pager inside and
instruct the computer to start wiping disk.  This would be considered
destruction of evidence were it able to be proved that there was data
on it when it left your house, but not when it arrived at the station.
Since when the disk is _first_ looked at, it will be completely
random, there's no proof of alteration.

"What was all that disk activity the whole time?"  "Oh, factoring numbers
takes large amounts of scratch space."

Eric





From hughes at ah.com  Tue Jul 26 10:44:02 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 10:44:02 PDT
Subject: more forward secrecy
In-Reply-To: <199407260652.XAA14458@netcom8.netcom.com>
Message-ID: <9407261722.AA05924@ah.com>


   But I leave nearly all PGP-encrypted messages to me in encrypted form,
   using the "decrypt to screen" option. So communicated and stored
   messages are largely the same.

This is exactly the situation I referred to yesterday.  It's extremely
common, I suspect.  Tim does it, I do it, and I've no reason to
believe that most people do it differently.

Keeping the messages around encrypted with your private key does _not_
have forward secrecy.  Forward secrecy is a valuable property, and it
behooves us to think about how to achieve it.

Eric





From pjm at gasco.com  Tue Jul 26 11:09:08 1994
From: pjm at gasco.com (Patrick J. May)
Date: Tue, 26 Jul 94 11:09:08 PDT
Subject: crime and snitches
Message-ID: <m0qSqve-0004nQC@roslyn.gasco.com>


Berzerk writes:
>>> ABSOLUTELY!  The fact is if you can't get someone to snitch, IT IS NOT A
>>> CRIME (morally)!  I dare anyone to come up with a counterexample.
>>      If you were limiting your assertion to crime over the net, I
>> suggest that the long, interesting history of confidence men is a
>> refutation.  Done correctly, in many cases the victim doesn't even
>> know he has been conned.
> Then have they?  Can you give an example?

     I recently moved to Portland, OR (any cypherpunks up here?), and
haven't yet unpacked all my books, but from memory one variation used
in the movie "Grifters" is:

     - Convince the mark that you have an undetectable method
       to make money from the stock market that, while technically
       illegal, "won't hurt anyone".

     - Get seed money from the mark to run the scam.

     - Stage a bust by the police and allow the mark to escape.

     - The mark feels lucky to have gotten away, the front man
       and faux police split the money.

It shouldn't be too hard to come up with ways of doing this on the
net, given ecash and the rest of the infrastructure.

Regards,

Patrick May
pjm at gasco.com





From jim at bilbo.suite.com  Tue Jul 26 11:18:48 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 26 Jul 94 11:18:48 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <9407261815.AA00490@bilbo.suite.com>




You don't even need encryption.

1) Initialize the garage unit and hand unit with a secret initialization  
vector for a crypto-hash function.

2) Push hand unit button to send "open" signal in clear.

3) Garage unit send a large random number in the clear.  While waiting for  
reply, garage unit calculates hash of the random number it just sent.

4) Hand unit hashes random number and sends result to garage unit.

5) Garage unit opens door if the received hash matches the local hash.

6) And best of all...YOU CAN EXPORT IT!


Jim_Miller at suite.com






From jimn8 at netcom.com  Tue Jul 26 11:19:22 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Tue, 26 Jul 94 11:19:22 PDT
Subject: Garage Door opener, etc...
In-Reply-To: <199407261650.LAA12122@zoom.bga.com>
Message-ID: <199407261819.LAA03524@netcom13.netcom.com>


I'm in favor of a one-way transmission system, even though a challenge-
response system is more fun.  The costs are much higher for a remote with
both transmitter and a receiver sensitive enough to work without a decent
antenna.
 
That said, Jim Choate writes:

> Seems to me the way to do this is to 'dock' the receiver and xmitter prior
> to leaving (could rationalize it by also doing battery charging at this
> time) and each time they share a unique one-time pad.

The remote and opener could exchange a list of OTP entry codes.  The list
could be sufficiently large that docking would be unnecessary for months.
With a public key system, the remote could transmit its OTP by radio,
eliminating the need for docking hardware.

The opener should not accept codes out of order.  If it accepts code 'n'
from the OTP list, it should ignore codes 1..n thereafter.  That helps to
reduce the risk of having your remote "borrowed" for awhile to acquire
codes.

I like the OTP because the message size can be set arbitrarily small
as a tradeoff of transmission time against security level.  With full
message encryption, the minimum message is necessarily bulky.

For example, the minimum DES block size is 64 bits.  With a OTP, though,
a 48 bit number might suffice.  Assume the OTP is 2^7 entries long, and
transmission takes a second.    A hacker can generate abouabout 2^22 tries
in a full month if he's broadcasting continuously.  The odds of succeeding
in finding a 48 bit OTP entry would be about (48-22-7), or 1 in 2^19,
in that time.  Again, transmission speed is an important issue.  The
overall responsiveness and convenience of a system can hinge on trivial
details like the number of bits in a message sent by slow radio.

If you're uncomfortable with a 1 in 500,000 chance of being hacked by
a persistent criminal who'd rather not break into your car or find another
point of entry, by all means bump up the OTP entry size to 64 bits.

I could be wrong about transmission time, but it's my impression that
it's a lot easier to shovel a few dozen bits per second through a cheap
transmitter than a few thousand.  It makes sense not to redesign the
transmitter anyway (FCC approval can be a pain sometimes!)

- Jim Nitchals





From tcmay at netcom.com  Tue Jul 26 11:49:58 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 26 Jul 94 11:49:58 PDT
Subject: GUT and P=NP
In-Reply-To: <9407261542.AA03740@vail.tivoli.com>
Message-ID: <199407261849.LAA12086@netcom8.netcom.com>



> Can you (without being an asshole) explain why exactly each tape
> position may contain only a simple integer?  It's perfectly reasonable
> to define the tape alphabet to be an arbitrary set; can the set not
> be uncountably infinite?  If not, why not?
> 
> | GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |

Sorry for jumping in here, despite promising myself not to. I've been
deleting all of the circular debate on quantum computers, Turing
machines, etc. But for some reason my tape stopped on this one.

Turing machines are what they are: storage for finite symbols on a
tape, read by some gadget that looks at what a storage site has in it
and makes some decision, possibly moving to another site, writing a
new symbol, etc. This, by the way, echoes reality pretty well: all
actual machines store finite symbols in actual locations.

Steven Smale of Berkeley has studied what happens if a machine can
store *real numbers* in the memory locations. Amazing things happen. 

But this ain't the real world.

And it ain't crypto.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From wb8foz at nrk.com  Tue Jul 26 11:56:37 1994
From: wb8foz at nrk.com (David Lesher)
Date: Tue, 26 Jul 94 11:56:37 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <9407261252.AA19317@prism.poly.edu>
Message-ID: <m0qSrax-000Gn6C@nrk.com>


A challenge /response may make sense crypto-wise, but not $$-wise.
The car would then need a receiver too, & the house a transmitter.
More things to buy & break.

A one-way solution is needed to make it fly here.
-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close............(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From pierre at shell.portal.com  Tue Jul 26 12:05:44 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Tue, 26 Jul 94 12:05:44 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <199407261851.LAA22277@jobe.shell.portal.com>


Let's not go overboard!!! I hear things like "public/private key",
"battery backup", "the door unit transmits", "a keypad on both sides"

Hey! This is a garage door opener! You think you can add $20 of stuff
and still have a profit margin?

How about no keypad, no battery backup on the remote, just a (random)
secret key, no door unit transmitter, normal batteries in the remote
and door unit:

1 - Plug the remote into the door unit. The door unit writes a roughly
random number (electronic noise), into the remote, and remembers the
same. Units synchronize time, while they are at it.

2 - Take the remote for a drive. When you come back press the "open"
button.

3 - The remote send the current time (as per its 1 min (im)precise
real time clock), encrypted with the secret key. See later real
message because of replay attacks.

4 - The door unit decrypts and checks against time, time +1, or
time - 1. If valid, it opens the door, and synchronizes its time
to the time stamp.

POWER LOSS. This is a garage door opener. What do you do when your
garage door remote fails, you try again, then you use your key and
replace the **** battery (start again at step 1). In my area, power
outages are so rare that I wouldn't even need a battery on the door
unit (your milage may vary).

REPLAY ATTACK. To foil an attacker who would record the time stamp
and replay it within a minute: After a time stamp opens the door, a
bare time stamp will only work again after something like 2 minutes.
Instead, when you push the remote "open" several times within the same
protected period, you issue "timestamp, tag1", then "timestamp, tag2",
etc... say you are allowed 6 "opens" in the same protection period.
The door unit has to check against time - 1, time, time +1, and the
corresponding 6 tags. When a tagged stamp worked, all the previous ones
are disabled for the protection period, whether the door unit
received them or not (to avoid the reuse of messages that failed to
open the door.) If you push the remote "open" and it fails to open the
door, and you simply give up on the idea of opening the door, you are
susceptible to replay attack for something like 2 minutes... that's life.

"CLOSE" ACTION. Just close the door, no crypto.

Any problem with this SIMPLE solution? Considering there is no point
in spending zillions on the garage door opener if your windows do not
have alarms.

The reason some current units may not be secure is probably the
usual: the manufacturers are not interested in what the customers
don't want and the customers don't want what the manufacturers have
never told them could (or should) be done. And politicians are more
interested in legislative action than in suggesting their constituents
do not buy junk.

Pierre.
pierre at shell.portal.com

ObQuotesFromPreviousMessages:

Sandy Sandfort <sandfort at crl.com> said something like:

> On Tue, 26 Jul 1994, Arsen Ray Arachelian wrote:
> 
> > You'd need a clock on the garage controller....The garage opener
> > would receive a signal from the remote, issue a challenge code based on a
> > hash of the time/date + some random numbers.  The remote would encrypt this
> > hash with the owner's IDEA key and send back the response.
> 
> Am I missing something here?  Why would you need a clock?  What I had in 
> mind was something like:
> 
> 	1--The owner presses the "open" button on the remote.
> 	2--The remote sends an "ask me" signal to the door unit.
> 	3--The door unit transmits a random number in the clear.
> 	4--The remote encrypts and signs the random number using
> 	   its unique private key.
> 	5--The door unit decrypts and compares the numbers, using
> 	   the remotes public key.
> 	6--If the numbers match, the door opens.  QED.
> 
> Adjusting my flame retardant underwear,
> 
> 
>  S a n d y
> 
> P.S.  For most car and garage doors, relatively short (32 bit?) keys 
>       should be more than sufficient, I would think.
>  
> 
> 
> 
> 
> 





From ruf at osiris.cs.uow.edu.au  Tue Jul 26 12:08:31 1994
From: ruf at osiris.cs.uow.edu.au (Justin Lister)
Date: Tue, 26 Jul 94 12:08:31 PDT
Subject: LITTLE BROTHER INSIDE
Message-ID: <199407261902.AA14756@osiris.cs.uow.edu.au>


> C'punks,

> On Tue, 26 Jul 1994, Jim choate wrote:

> > . . .
> > This would of course assume that the police were silly enough to
> > use the disk and such from your machine in your machine. From my 
> > experience w/ Mentor and Erik Blookaxe during Operation Sun Devil this
> > is not very realistic....Also it would only work
> > once. Thereafter they would either examine the equipment in a Farady Cage
> > or else start doing pager rental scans prior to seizure.

Why not just use an encrypted partition. I guess then it is a problem of
not being persuaded to reveal the key. What laws/rights does the user have 
as to revealing the key ? And if the user says "I forget"  what would be 
likely response ? 

How many users would hold tight, from cases I have heard they usually give
in when the stakes are raised.

> I'm not so sure.  Operation Sun Devil was a more sophisticated operation 
> than the average cops run.  Cops, for the most part, are incredibly lazy 
> and stupid.  I think you could count on lots of them not doing it right.

A while back a local BBS system was investigated, it was amazing to find
that the police had little knowledge of the software (MSDOS and OS/2 - Remote
Acess RA and Front Door) and hardware being used. Apparently the sysop had
the system setup so that he could quickly delete the drives FAT and do random
zeroing of the drives. Although it wasn't performed as they weren't even 
familar with hidden (attrib) directories or using non-printable dir names.
Essentially they relied on information from the sysop to carry out the 
investigation.

-- 
+---------------------+--------------------------------------------------+
|  ____       ___     | Justin Lister                 ruf at cs.uow.edu.au  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-835-114 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |
+---------------------+--------------------------------------------------+




From pierre at shell.portal.com  Tue Jul 26 12:08:36 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Tue, 26 Jul 94 12:08:36 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <199407261909.MAA23007@jobe.shell.portal.com>


Sorry for following up on my own post, but when I said:

> The reason some current units may not be secure is probably the
> usual: the manufacturers are not interested in what the customers
> don't want and the customers don't want what the manufacturers have
> never told them could (or should) be done. And politicians are more
> interested in legislative action than in suggesting their constituents
> do not buy junk.

On the other hand, our leaders may be interested in promoting
technology and the American Way. To this end, NIST (in close collaboration
with NSA and the FBI) could be mandated to assign a committee to prepare
a report detailing the need for further study on the Information
Highway Garage Door Opener Voluntary Standard (IHGDOVS, sorry).

Clearly National Security would mandate the use of an escrow system,
and of secret algorithms, but as phone coverage of the country (and
soon cellular coverage) if pretty good, key escrow would not impose
that much of a burden on the taxpayer.

The door unit would be a tamper proof, reverse engineering proof unit
back-end programmed in Fort Meade to hold the escrow serial number.
Its full alphanumeric keyboard (anything less would be un-american)
could not be used to enter a new pass-phrase unless a phone connection
exists back to headquarters. 

Because of the escrow system, there would then be no objection to
the use of a really secure system (with full length 500 bit keys). And
because "compute cycles are cheap" voice recognition could be added
on the remote to foil crude attacks in the line of stealing the silly
thing. All this resulting in a definite strategic and economic advantage
for the US and US companies.

Pierre.
pierre at shell.portal.com





From mab at research.att.com  Tue Jul 26 12:18:32 1994
From: mab at research.att.com (Matt Blaze)
Date: Tue, 26 Jul 94 12:18:32 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <9407261914.AA24348@big.info.att.com>


norm at netcom.com (Norman Hardy) writes:

>At 09:51 1994/07/26 -0400, Russell Nelson wrote:
>>Why not generate a random number, checksum it, and sign it using a
>>public key?  Or is that overkill?
>...
>Seems good. But to thwart replay of the signed message the garage unit must
>never accept the same signed number twice. How about the car unit signing
>successive numbers. The garage unit would remember the last number that it
>accepted and only accept signed numbers larger than that. Garbled
>transmissions would then cause no problems. They would be fixed by yet new
>transmissions, just as with current units.
>

As Eric Hughes points out (a couple of messages after these), you don't
need public-key signatures for this; any secret key cipher or hash function
will do, since the  base and remote trust each other unconditionally
(at least for garage doors; nuclear weapons may be a different story).

Both base and remote need to store a shared key and a counter; the remote 
needs a transmitter and the base needs a receiver.  To authenticate
itself, the remote sends {counter, hash(key,counter)} and then increments
its counter.  The base calculates the hash for the received counter value,
verifies that it matches the received hash value, verifies that the counter
increases the stored counter value, stores the new value,  and opens
the door.  A practical system system also probably include some mechanism
for rekeying and for zeroizing the counters.

There is no need for public key cryptography, two way communication (except
for key setup), synchronized clocks, or extensive storage at either side.

This protocol as described is very simple, almost trivial; given the right
constraints it follows almost directly from the problem.  I mention
it because very small variations and poorly chosen parameters render
it vulnerable to several classic protocol failures.

First, observe that this system has a work factor to break of no more than
the SMALLER of the secret hash key and the size of the hash output.  Clearly,
a single {counter, hash(key,counter)} message contains enough information to
permit an conventional exhaustive search for key.  If the hash space is
too small (say, 16 bits or so), the adversary can select an unused counter
value and probe the receiver with random hash values until the door opens.
Worse, if the bad guy selects a counter value that is much larger than the 
remote's counter value, it has the added bonus of denial-of-service to the
real user.

Also, note that the order of operation on the receiver's part is critical.
If the received counter value is stored BEFORE the hash is received, we
are also vulnerable to denial-of-service (but at least not false
authentication).

Finally, there is the "man in the middle" attack, in which the bad guy
intercepts a message intended for but never received by the base,
records it, and plays it back later (but before the real owner returns
to increment the counter again).  A likely scenario involves pushing the
button twice on return home, but where only the first message is received by
the base. One way to deal with this is to encourage frequent resyncs between
the base and remote; for example, the remote, when in the garage, could send
periodic "null" commands that increment the counters without actually
opening the door.  (Of course, you'd need to make sure that these messages
themselves cannot be used to construct spoofed open-door messages.)  Basing
the counter in part on a real-time clock would also help here, but again,
this complicates the protocol greatly and increases the opportunities for
both denial-of-service (if the clocks get too far out of sync) and false
authentication (if the clocks get reset - say at daylight savings time...)

My point is not that this is a particularly hard problem, only that
even simple cryptographic protocols can have serious bugs.

-matt





From tcmay at netcom.com  Tue Jul 26 12:33:47 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 26 Jul 94 12:33:47 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <199407261933.MAA17765@netcom8.netcom.com>


At the June Cypherpunks meeting, Whit Diffie (co-inventor of
public-key crypto, as you should all know) filled us in on a workshop
on "key escrow" held in Karlsruhe, Germany. All the usual suspects
were there, and I gather that part of the purpose was to bring the
Europeans "into the tent" on key escrow, to deal with their objections
to Clipper, and so on.

Diffie described in some detail a software-based scheme developed by
NIST (and Dorothy Denning, if I recall correctly) that, as I recall
the details, avoids public key methods. Perhaps this was also
described here on the list. I know Bill Stewart has recently discussed
it in sci.crypt or talk.politics.crypto.

What has me worried about it now is evidence from more than one source
that this program is actually much further along than being merely a
"trial balloon" being floated. In fact, it now looks as though the
hardware-based key escrow systems will be deemphasized, as Al Gore's
letter seems to say, in favor of software-based schemes.

While I've been skeptical that software-based schemes are secure (the
bits are hardly secure against tampering), the addition of negotiation
with another site (a lot like online clearing of digital cash, it
seems) can make it nearly impossible for tampering to occur. That is,
I'm now more persuaded that the NIST/NSA(?) proposal would allow
software-based key escrow.

Here's the rub:

* Suppose the various software vendors are "incentivized" to include
this in upcoming releases. For example, in 30 million copies of
Microsoft's "Chicago" (Windows 4.0) that will hit the streets early in
'95 (betas are being used today by many).

* This solves the "infrastructure" or "fax effect" problem--key escrow
gets widely deployed, in a way that Clipper was apparently never going
to be (did any of you know _anybody_ planning to buy a "Surety"
phone?).

(Granted, this is key escrow for computers, not for voice
communication. More on this later.)

* Once widely deployed, with not talk of the government holding the
keys, then eventual "mandatory key escrow" can be proposed, passed
into law by Executive Order (Emergency Order, Presidential Directive,
whatever your paranoia supports), an act of Congress, etc.

I don't claim this scenario is a sure thing, or that it can't be
stopped. But if in fact a "software key escrow" system is in the
works, and is more than just a "trial balloon," then we as Cypherpunks
should begin to "do our thing," the thing we've actually done pretty
well in the past. To wit: examine the implications, talk to the
lobbyist groups about what it means, plan sabotage efforts (sabotage
of public opinion, not planting bugs in the Chicago code!), and
develop ways to make sure that a voluntary key escrow system could
never be made mandatory.

(Why would _anyone_ ever use a voluntary key escrow system? Lots of
reasons, which is why I don't condemn key escrow automatically.
Partners in a business may want access under the right circumstances
to files. Corporations may want corporate encryption accessible under
emergencyy circumstances (e.g., Accounting and Legal are escrow
agencies). And individuals who forget their keys--which happens all
the time--may want the emergency option of asking their friends who
agreed to hold the key escrow stuff to help them. Lots of other
reasons. And lots of chances for abuse, independent of mandatory key escrow.)

But there are extreme dangers in having the infrastructure of a
software key escrow system widely deployed.

I can't see how a widely-deployed (e.g., all copies of Chicago, etc.)
"voluntary key escrow" system would remain voluntary for long. It
looks to me that the strategy is to get the infrastructure widely
deployed with no mention of a government role, and then to bring the
government in as a key holder.

(The shift of focus away from telephone communications to data is an
important one. I can see several reasons. First, this allows wide
deployment by integration into next-gen operating systems. A few
vendors can be "incentivized." Second, voice systems are increasingly
turning into data systems, with all the stuff surrounding ISDN,
cable/telco alliances, "set-top" boxes, voice encryption on home
computers, etc. Third, an infrastructure for software key escrow would
make the backward extension to voice key escrow more palatable. And
finally, there is a likely awareness that the "terrorist rings" and
"pedophile circles" they claim to want to infiltrate are more than
likely already using computers and encryption, not simple voice lines.
This will be even more so in the future. So, the shift of focus to
data is understandable. That it's a much easier system in which to get
40-60 million installed systems _almost overnight_ is also not lost on
NIST and NSA, I'm sure.)

In other words, a different approach than with Clipper, where
essentially nobody was planning to buy the "Surety" phones (except
maybe a few thousand) but the government role was very prominent--and
attackable, as we all saw. Here, the scenario might be to get 40-60
million units out there (Chicago, next iteration of Macintosh OS,
maybe Sun, etc.) and then, after some series of events (bombings,
pedophile rings, etc.) roll in the mandatory aspects.

Enforcement is always an issue, and I agree that many bypasses exist.
But as Diffie notes, the "War on Drugs" enlistment of corporations was
done with various threats that corporations would lose
assets/contracts unless they cooperated. I could see the same thing
for a software-based key escrow.

A potentially dangerous situation.

I was the one who posted the Dorothy Denning "trial balloon" stuff to
sci.crypt, in October of 1992, six months before it all became real
with the announcement of Clipper. This generated more than a thousand
postings, not all of them useful (:-}), and helped prepare us for the
shock of the Clipper proposal the following April.

I see this software-based key escrow the same way. Time to start
thinking about how to stop it now, before it's gone much further.

Putting Microsoft's feet to the fire, getting them to commit to *not*
including any form of software-based key escrow in any future releases
of Windows (Chicago or Daytona) could be a concrete step in the right
direction. Ditto for Apple. 

I'm sure we can think of other steps to help derail widespread
deployment of this infrastructure.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From berzerk at xmission.xmission.com  Tue Jul 26 12:35:20 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 26 Jul 94 12:35:20 PDT
Subject: GUT and P=NP
In-Reply-To: <9407261235.AA00455@vail.tivoli.com>
Message-ID: <Pine.3.89.9407261308.A28058-0100000@xmission>




On Tue, 26 Jul 1994, Mike McNally wrote:
>  > One last word on this.  Try and represnet a continum of states by an 
>  > infinite turing machene.  Go ahead, I dare you.  You can't.<=big period.
> Could I not let each position on the tape represent a real value in
> [0...1]?
No, the continuium can not be maped onto an ordinal infinity.  It is a 
greater infinity.

Berzerk.






From collins at newton.apple.com  Tue Jul 26 12:44:50 1994
From: collins at newton.apple.com (Scott Collins)
Date: Tue, 26 Jul 94 12:44:50 PDT
Subject: No, each tape position cannot... (was Re: GUT and P=NP)
Message-ID: <9407261943.AA02688@newton.apple.com>


  >Could I not let each position on the tape represent a real value in
  >[0...1]?

You could try!  But you would always omit values.  You can demonstrate this
with the `diagonal rule' or similar proofs.  Here's a simple one:

Take any two adjacent `positions' on the tape; Write out the decimal (or
binary) notation for the real values they represent (note, the
representations may be infinite).  Given two such strings that are not
identical, you can always find a string numerically `between' them (even if
both are infinite) as long as they are not identical.  E.g.,

      "0.12345"
  --->"0.123455"<----
      "0.12346"

Such a string is a real value you omitted.  Your tape, even if it is
infinite, is not the right order of infinity to model the Real numbers.

Scott Collins     | "Invention, my dear friends, is 93% perspiration,
                  |  6% electricity, 4% evaporation, and 2% butter-
  collins at acm.org |  scotch ripple."                   -- Willy Wonka
..................|..................................................
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
408.862.0540   fax:974.6094   R254(IL5-2N)   collins at newton.apple.com
.....................................................................
408.257.1746  1024:669687                         catalyst at netcom.com







From fnerd at smds.com  Tue Jul 26 12:57:49 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Tue, 26 Jul 94 12:57:49 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <9407261944.AA04628@smds.com>


I think Norm gets the prize for the best garage door opener:

> ...How about the car unit signing successive numbers....

But this raises an idle question: how much easier is it to break 
a DES key given a sequence of (n, DES(n)) where the n's are 
successive numbers, than it is if the n's are random (but still
known)?  I doubt this is a practical threat for garage doors.

- -Steve
- - - - - - - - - - - - - - -
nutritional information per serving:
   less than one (1) bit
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From sidney at taurus.apple.com  Tue Jul 26 13:42:09 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Tue, 26 Jul 94 13:42:09 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <9407261836.AA07639@federal-excess.apple.com>


Sandy Sandfort <sandfort at crl.com> wrote:

>Am I missing something here?  Why would you need a clock?

I recently used a smart card system for secure remote access to a network.
It looked like both the card and the remote system had clocks that were in
synch and both ran the same PRNG to produce a new number every minute. Part
of the login procedure was to enter the number currently being displayed on
the card.

A garage door opener built on this principle would not need the ability for
the base to transmit any codes, for the remote to receive any, nor to
encrypt or decrypt anything. Just a continuously running, clocked PRNG, the
ability for the base to receive signals sent by the remote and compare the
numbers, and some provision for synching up the clock and state of the PRNG
with that of the remote, probably using a physical connection. The remote
would transmit a code to the opener. The code would be available to someone
listening in, but it would only be valid for the current clock period. The
length of the clock period would be a trade off: Too long, and someone
could listen in and enter the garage after you have left but before the
current code has expired. Too short, and you will have to synch up the
remote and the receiver too often to be convenient. (I.e., if the clocks
drift by four seconds per year, you can go quite a while with one number
per minute, but less than a month at one number per second, before the
system becomes unuseable without resynching.) There also has to be some
provision for a retry if you happen to signal close to the transition time,
within the period where they are out of synch.

 -- sidney <sidney at apple.com>








From mab at research.att.com  Tue Jul 26 13:53:29 1994
From: mab at research.att.com (Matt Blaze)
Date: Tue, 26 Jul 94 13:53:29 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <9407262040.AA25807@big.info.att.com>


Tim May writes:
>Diffie described in some detail a software-based scheme developed by
>NIST (and Dorothy Denning, if I recall correctly) that, as I recall
>the details, avoids public key methods. Perhaps this was also

If it's the same scheme that I'm thinking of (that Dorothy Denning
presented at the Karlshrue workshop), it was developed by Stephen
Walker and David Balenson of Trusted Information Systems, in
cooperation with NIST.

It's a cute scheme - it doesn't involve secret hardware or algorithms, but
does involve public key cryptography, roughly in place of the clipper
unit and family keys.  You can thwart the system with cooperation at both
ends, but you can't interoperate with legal users; in this sense it's
more robust against abuse than the Clipper hardware-based system

The basic idea is that each user gets a unique public key from the
government, which is used to encrypt the session key.  You encrypt the
session key with this key and send both it and the certified public key
to the reciever, who verifies the signature to confirm that it really was
issued by the government.  Now the receiver also encrypts the session key
and compares the result with what you sent, refusing to operate if they
don't match.

Of course, two parties can cheat by patching their verification routines.
But it's very hard to interoperate with non-rogues.

-matt





From hfinney at shell.portal.com  Tue Jul 26 13:53:40 1994
From: hfinney at shell.portal.com (Hal)
Date: Tue, 26 Jul 94 13:53:40 PDT
Subject: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407261933.MAA17765@netcom8.netcom.com>
Message-ID: <199407262054.NAA00151@jobe.shell.portal.com>


Look at the success RSA has had with Apple building their certification
structure into System 7 Pro.  There was discussion on sci.crypt about
whether PGP (or any non-hierarchical certification structure) could be
used, and the consensus seemed to be that the hooks aren't there.  If you
want to inter-operate with this software, which will presumably be widely
available in the future, you will have to join the official certification
hierarchy.  So long, web of trust.

Now, this approach does seem vulnerable to reverse-engineering the OS,
getting in below the software layers which you are supposed to use, to
defeat the restrictions the software is trying to place on you and have
built-in encryption of your choice.  But this will be a big job.  Still,
maybe the best approach when MSoft comes out with this encryption built-
in will be to get software out which will bypass it while still using
the other value-added features like hot links, automatic encryption/
decryption, etc.  Otherwise they may well succeed in getting a de facto
standard into place which does not protect individual privacy.

Hal






From jgrasty at pts.mot.com  Tue Jul 26 14:12:16 1994
From: jgrasty at pts.mot.com (Joey Grasty X3697 P6611)
Date: Tue, 26 Jul 94 14:12:16 PDT
Subject: Encryption Algorithm for Pagers
Message-ID: <9407262110.AA06774@mserv1.pts.mot.com>


Hello, all:

I am looking for a simple encryption algorithm suitable for use
in pagers.  Ideally, the algorithm would need to have the following 
characteristics in order to be useful in pagers:

1.  key size no larger than 64 to 128 bits;
2.  decryption firmware 4k to 8k bytes in size for typical
    8-bit microcontrollers (e.g. 68HC05);
3.  decryption firmware able to run in near real-time with 
    bit rates to 2400 bps with microcontrollers running no 
    faster than 2 MHz;
4.  encryption algorithm should run in real-time on 68000
    class processors with capacity to support 8 2400 bps
    channels;
5.  EXPORTABLE <-- yeah, I know

First, a bit of basic information on how pagers and paging systems 
work.  This is a gross oversimplification, but it'll do for this 
discussion.  All protocols commonly used are all sent in the clear.

A paging terminal collects the page, converts the PIN number
into a pager capcode (address), encodes the message into the protocol
used by the pager and sends the page over a phone line to one or 
more transmitters that transmits the page at the appropriate time
(this depends on whether the protocol is synchronous or asynchronous).
The paging protocol consists of a sync word (fixed string of bits), a
capcode (address), and a message.  In an encrypted paging system, all
but the sync word would be encrypted.  Each pager would have a single
key for itself and a group key for group pages (pages that are sent
to a group of pagers -- each group has a group capcode).  The pager 
would decrypt each capcode and check to see if it matched that of the 
pager.  If so, the message would be decrypted and displayed.

The purpose of this request is to see if any existing encryption
algorithms would fit this requirement, and if so, the amount of effort
required to put this system into place.  It is very important that
the system be exportable.

Let me know your ideas; post to cypherpunks or e-mail as you wish.  If
the information above is not adequate to suggest an algorithm, let me
know and I can supply more information.

Regards,

Joey Grasty (jgrasty at pts.mot.com)
Staff Engineer
Asia Pacific Pager Development
Motorola Paging and Wireless Data Group
-------------------------------------------------------------------------------
I don't speak for the Circle-M | In memory of the 55.9 million victims of gun
Ranch.                         | control this century.  E-mail for details.
-------------------------------------------------------------------------------





From Eric_Weaver at avtc.sel.sony.com  Tue Jul 26 14:14:30 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Tue, 26 Jul 94 14:14:30 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <m0qSrax-000Gn6C@nrk.com>
Message-ID: <9407262113.AA23798@sosfc.avtc.sel.sony.com>


   From: wb8foz at nrk.com (David Lesher)
   Date: Tue, 26 Jul 1994 18:51:19 +0000 (GMT)

   A challenge /response may make sense crypto-wise, but not $$-wise.
   The car would then need a receiver too, & the house a transmitter.
   More things to buy & break.

   A one-way solution is needed to make it fly here.

Okay, here's my "bright" "idea"...

A 32-bit counter, a 32-bit somewhat-random "salt", a 32-bit fixed
authenticator and a 32-bit checksum, two DES blocks.  The transmitter
just counts up each time the button is pressed, and the whole thing is
DES'd in CBC mode with the symmetric key or what have you.

The receiver decrypts, verifies the checksum and perhaps the
authenticator and just checks for the count to be greater than the
last time it received a signal.  This handles replays and doesn't
require exact sync between remote and base.

The receiver can have a reset button inside so the owner can push it
and click the remote if somehow the receiver gets skipped way ahead.

Counterexamples, anyone?





From Eric_Weaver at avtc.sel.sony.com  Tue Jul 26 14:18:49 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Tue, 26 Jul 94 14:18:49 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <m0qSrax-000Gn6C@nrk.com>
Message-ID: <9407262117.AA23816@sosfc.avtc.sel.sony.com>


   From: wb8foz at nrk.com (David Lesher)
   Date: Tue, 26 Jul 1994 18:51:19 +0000 (GMT)

   A challenge /response may make sense crypto-wise, but not $$-wise.
   The car would then need a receiver too, & the house a transmitter.
   More things to buy & break.

   A one-way solution is needed to make it fly here.

Okay, here's my "bright" "idea"...

A 32-bit counter, a 32-bit somewhat-random "salt", a 32-bit fixed
authenticator and a 32-bit checksum, two DES blocks.  The transmitter
just counts up each time the button is pressed, and the whole thing is
DES'd in CBC mode with the symmetric key or what have you.

The receiver decrypts, verifies the checksum and perhaps the
authenticator and just checks for the count to be greater than the
last time it received a signal.  This handles replays and doesn't
require exact sync between remote and base.

The receiver can have a reset-to-zero button inside so the owner can
push it and click the remote to re-sync if somehow the receiver gets
skipped way ahead.  This DOES, however, require different counters and
authenticators for different remotes.

It can also be done with a one-way hash if the salt is omitted and the
receiver can try, say, the next few dozen sequence numbers against the
received string.

Counterexamples, anyone?

Eric Weaver  Sony AVTC  3300 Zanker Road, MS 4B1  SJ CA 95134  408 955-4904
& Chief Engineer, KFJC 89.7  Foothill College  Los Altos Hills, CA 94022





From eichin at paycheck.cygnus.com  Tue Jul 26 15:01:52 1994
From: eichin at paycheck.cygnus.com (Mark W. Eichin)
Date: Tue, 26 Jul 94 15:01:52 PDT
Subject: Steve Winter Declares War in Cyberspace
In-Reply-To: <9407261402.AA20504@prism.poly.edu>
Message-ID: <9407262118.AA29887@paycheck.cygnus.com>



>> the internet worm.  Although his intentions weren't as evil as yours, he
>> did spend some jail time + lots of comunity time.

For the record -- 1 year probation, 400 hrs community service, large
fine ($10K if I recall right.) *NO* actual jail time... it wasn't at
all clear that the vendors weren't guilty too :-)

Crypto relevance? Well, he *did* keep his files encrypted -- but they
got them in cleartext from backups that ran during times he was
working on them -- ie, human error :-) It wouldn't have helped him to
use PGP. Oh, and all the strings in the program were encrypted with
"XOR 0x81", not all that hard to crack.

				_Mark_ <eichin at paycheck.cygnus.com>

ps. For technical info on the Morris program, see
http://www.mit.edu:8001/people/eichin/virus/main.html for a start...
still in draft form, I'm missing some edits from the final printing.





From jef at ee.lbl.gov  Tue Jul 26 15:13:41 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Tue, 26 Jul 94 15:13:41 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <199407262213.PAA06890@hot.ee.lbl.gov>


>The basic idea is that each user gets a unique public key from the
>government, which is used to encrypt the session key.  You encrypt the
>session key with this key and send both it and the certified public key
>to the reciever, who verifies the signature to confirm that it really was
>issued by the government.  Now the receiver also encrypts the session key
>and compares the result with what you sent, refusing to operate if they
>don't match.
>
>Of course, two parties can cheat by patching their verification routines.
>But it's very hard to interoperate with non-rogues.

I don't see any defense in this description against using someone
else's public key.  The feds could still decrypt such messages,
but wouldn't know who was talking.  At least not from the envelope.
This could defeat casual mass traffic analysis by agencies who have
the private keys, because they'd have to look inside the messages for
identity cues.  It could also defeat *all* traffic analysis by
parties who don't have the private keys.  That would make it
preferable to Clipper.

Or does the proposed system also have some authentication component?
---
Jef





From clewton at netcom.com  Tue Jul 26 15:57:15 1994
From: clewton at netcom.com (charles lewton)
Date: Tue, 26 Jul 94 15:57:15 PDT
Subject: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407261933.MAA17765@netcom8.netcom.com>
Message-ID: <Pine.3.89.9407261500.A26493-0100000@netcom5>


T.C. May wrote:

 > including any form of software-based key escrow in any future releases
 > of Windows (Chicago or Daytona) could be a concrete step in the right
 > direction. Ditto for Apple. 
 > 
 
 	Seems like Microsoft was just allowed to wiggle out from
 	under a gov't action recently.  I wonder if there was a
 	quiet deal done?


Chuck





From rarachel at prism.poly.edu  Tue Jul 26 15:59:38 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Tue, 26 Jul 94 15:59:38 PDT
Subject: My anonymous remaile
In-Reply-To: <199407261736.SAA25510@an-teallach.com>
Message-ID: <9407262246.AA02924@prism.poly.edu>


> 
> : At the end of the day, at a certain hour agreed upon by the remailer operators,
> : the remailer will split up its cached messages and split them among several
> 
> All sounds reasonble *except*... this is the internet, man!  We can afford
> to do this once every 15 minutes, can't we?
 
That depends on whether or not you want to prevent spamming, and are willing
to waste bandwidth.  If you've got it, it's not a problem.  If you're running
your remailer on a system you don't own whose admins aren't going to be happy
about the extra traffic, you won't.





From jim at bilbo.suite.com  Tue Jul 26 16:08:19 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 26 Jul 94 16:08:19 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <9407262304.AA05483@bilbo.suite.com>



Matt Blaze describes a couple of possible attacks against the simple  
one-way authenticating garage door opener.  The attacks are basically the  
ones that are often suggested against one-way login authentication  
protocols.  However, I think the garage door opener scenario is just  
different enough that the attacks he describes can be ignored or  
eliminated without overly complicating the devices.

(The following idea is a combination of ideas stolen from earlier posts.  
plus a couple of new ones.  Anyone following this thread should recognize  
the earlier ideas and hopefully mentally credit the original posters.)


The transmission is one-way, from hand unit to base.  There is no  
encryption involved, no hash functions, no counter values to transmit, no  
loosely synchronized clocks.  The hand unit consists a transmitter, a  
memory chip, a simple cpu chip, and some kind of jack or plug used to  
initialize the unit.

Initialize the hand unit and base with identical sets of large random  
numbers using a wall mounted panel.  The random numbers will be arranged  
in groups of, say, ten.  I'll call each group a "family".  Since memory is  
cheap, load hundreds of families of random numbers.

Both the hand unit and the base will maintain an internal counter of the  
"current family number".  As numbers from a family are used, the "current  
family number" is incremented.  If the two "current family numbers" get  
off, then the hand unit and base will have to be re-initialized.

To open the door, push the button on the hand unit (duh) to send the first  
random number from the "current family".  The base unit opens the door if  
the received number is in the "current family" of random numbers.  If the  
door opens, the "current family number" counter in the base unit is  
incremented and the remaining numbers in the previous "current family"  
become invalid for opening.  The "current family number" in the hand unit  
automatically increments after about a minute from the time of the button  
push.

If the first button push/transmission didn't get received, a second button  
push (within a minute) will send another number from the same family,  
activating the door.  If the first transmission is successful, but the  
driver continues to push the button, the subsequent transmissions are  
useless to an interceptor/man-in-middle because the numbers transmitted  
are from a family that has just become invalid for opening.

To close the door (within a minute of opening): pushing the button sends  
another random number from the original family (i.e. the same family used  
to open the door, now invalid for opening).  Since the door is in the open  
position, the base unit interprets the transmission as a request to close  
the door.  NOTE: the base unit ignores all button pushes while the door is  
in the process of opening.

WRINKLE: If you wait more than a minute before trying to close the door,  
the hand unit increments to the next family number.  Therefore, when the  
door is in the open position, the base unit will actually check the  
received random number against both the previous "current family" and the  
current "current family".

The major flaw I see in this scheme is that the "current family number" in  
the hand unit may become off frequently due to accidental button pushes.

...

Now that I've gotten to the end of the description, I'm not so sure this  
scheme is practical.  I get the feeling that the delayed auto-increment of  
the hand unit will create situations that violate the principle of "Least  
Surprise".  In other words, the hand unit may not always do what you  
expect it to do.

Oh well, I'll post my description anyways in case it induces some better  
ideas in others.


Jim_Miller at suite.com






From nowhere at chaos.bsu.edu  Tue Jul 26 16:25:00 1994
From: nowhere at chaos.bsu.edu (Chael Hall)
Date: Tue, 26 Jul 94 16:25:00 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <9407261836.AA07639@federal-excess.apple.com>
Message-ID: <199407262322.SAA04283@chaos.bsu.edu>


>I recently used a smart card system for secure remote access to a network.
>It looked like both the card and the remote system had clocks that were in
>synch and both ran the same PRNG to produce a new number every minute. Part
>of the login procedure was to enter the number currently being displayed on
>the card.

     We use this for accessing our Ameritech database.  What I recall 
overhearing when they were training the CENTREX people on the smart cards 
was that it looks at how far off the numbers are over a period of time 
and determines how much faster or slower your card is, then figures that 
into its calculations when you call.  So after, say, twenty sessions over 
a two-week period, it knows not to accept the code from two minutes ago.

Chael

-- 
Chael Hall, nowhere at chaos.bsu.edu




From ravage at bga.com  Tue Jul 26 16:45:55 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 26 Jul 94 16:45:55 PDT
Subject: Garage Door opener, etc...
In-Reply-To: <199407261819.LAA03524@netcom13.netcom.com>
Message-ID: <199407262343.SAA01475@zoom.bga.com>


> That said, Jim Choate writes:
> 
> > Seems to me the way to do this is to 'dock' the receiver and xmitter prior
> > to leaving (could rationalize it by also doing battery charging at this
> > time) and each time they share a unique one-time pad.
> 
> The remote and opener could exchange a list of OTP entry codes.  The list
> could be sufficiently large that docking would be unnecessary for months.
> With a public key system, the remote could transmit its OTP by radio,
> eliminating the need for docking hardware.
>
The problem with this scenario is that in order to keep the security you 
must keep the door-opener in your possession for the entire time limit
the key-list is used. All it would take to circumvent it would be to have
somebody gain access to the hardware. Shoot, if you let somebody have 
access to the opener then it is possible they might put some kind of ghost
on the ram and make it possible for them to do all kinds of stuff to 
circumvent the list. If you dock each time then you don't need that kind
of security. For them to get at the opener they would need to gain access
to your house in which case they would attack the base-unit.

As to the suggestions relating to sync'ed clocks. This would be ok for   a 
day or so but longer than that and the clocks will be far enough out of 
sync such that they will no longer match keycodes. Clock chips just aren't 
that accurate. 






From tcmay at netcom.com  Tue Jul 26 16:45:58 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 26 Jul 94 16:45:58 PDT
Subject: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407262054.NAA00151@jobe.shell.portal.com>
Message-ID: <199407262345.QAA16546@netcom13.netcom.com>


Cypherpunks,

Sorry I haven't been able to participate in the thread I started, but
my own post has yet to make it here to "Notcom," and later posts are
dribbling in out of order, without prior context, etc. (I suspect the
problem is at Netcom's end, e.g., refusing mail, and not at Toad's
end.)

Hal Finney wrote:

> used, and the consensus seemed to be that the hooks aren't there.  If you
> want to inter-operate with this software, which will presumably be widely
> available in the future, you will have to join the official certification
> hierarchy.  So long, web of trust.

I think this is happening. I just got a forwarded response from a
Microsoft paralegal, and he confirms that Microsoft is working on
various aspects of key escrow, software key escrow, etc. Mostly, he
says, for export to countries with key escrow (!!). I don't feel at
liberty to post his response here, but I encourage Blanc Weber, who
handled the intermediary exchange, to get permission to do so, or to
just do so on his own authority.

I should also note that the Microsoft legal guy claimed I was "off a
little" (which could be "a lot" if he was being facetious) in my
speculations about Chicago, in '95. We'll see in 1995, I guess. In
any case, getting confirmation that Microsoft is working on key escrow
_at all_ is a simply amazing development, I would say.

(I don't know if they're planning to use the algorithm that Matt Blaze
described, the one from Trusted Information Systems. Others may know.)


> built-in encryption of your choice.  But this will be a big job.  Still,
> maybe the best approach when MSoft comes out with this encryption built-
> in will be to get software out which will bypass it while still using
> the other value-added features like hot links, automatic encryption/
> decryption, etc.  Otherwise they may well succeed in getting a de facto
> standard into place which does not protect individual privacy.

I agree with Hal completely. Everything is pointing to the existence
of a heretofore unknown cooperationg between Microsoft and NIST on a
software key escrow system. The TIS work looks to be the key.

More than this morning, I stand by my speculation that a serious
proposal exists to implement some form of key escrow in software.
This could establish a "de facto standard" faster than anything
connected with Clipper ever could.

Vigilance!

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ianf at simple.sydney.sgi.com  Tue Jul 26 16:46:47 1994
From: ianf at simple.sydney.sgi.com (Ian Farquhar)
Date: Tue, 26 Jul 94 16:46:47 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <9407261914.AA24348@big.info.att.com>
Message-ID: <9407270943.ZM12100@simple.sydney.sgi.com>


On Jul 26,  3:23pm, Matt Blaze wrote:
> Both base and remote need to store a shared key and a counter; the remote
> needs a transmitter and the base needs a receiver.  To authenticate
> itself, the remote sends {counter, hash(key,counter)} and then increments
> its counter.  The base calculates the hash for the received counter value,
> verifies that it matches the received hash value, verifies that the counter
> increases the stored counter value, stores the new value,  and opens
> the door.

You'll need to allow support for multiple transmitters, as many doors need
such support.  This is a trivial modification:

	{unit_id, counter, hash(key, counter[unit_id])}

The base station will need to keep the current key counter for each transmitter
it stores, indexed by unit_id.

Of course, one could also argue that the presence of the counter is
unnecessary,
as the receiver and transmitter both should KNOW what it's value/acceptable
range is, and transmitting it in the clear is unnecessary.

I would still argue that some sort of very coarse (~5 minute accuracy would be
sufficient) timestamp would be very useful here, although clock drift is still
a
problem (unless the base station tracked and recorded the drift).

>A practical system system also probably include some mechanism
>for rekeying and for zeroizing the counters.

Preferably NOT over an air-interface of any kind.

> permit an conventional exhaustive search for key.  If the hash space is
> too small (say, 16 bits or so), the adversary can select an unused counter
> value and probe the receiver with random hash values until the door opens.

Bear in mind, folks, that almost all current systems are cleartext-to-air
passwords, usually 8 or 10 bits in length.  I have pulled apart enough units
to know, and it's amazing how many of their passwords are set to 0000000000!

							Ian.








From ravage at bga.com  Tue Jul 26 16:50:49 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 26 Jul 94 16:50:49 PDT
Subject: Continum of numbers and Turing Machines
Message-ID: <199407262350.SAA01647@zoom.bga.com>


Hi all,

Just a thought,

Seems to me that a Turing Machine can't simulate a continous section of
R for a simple reason, computers can only work on rational numbers and 
a continous section would have irrationals in it.

Take care.






From sidney at taurus.apple.com  Tue Jul 26 17:02:50 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Tue, 26 Jul 94 17:02:50 PDT
Subject: CYPHERPUNKS TO THE RESCUE
Message-ID: <9407270002.AA09136@colossus.apple.com>


Jim_Miller at suite.com wrote:
>The major flaw I see in this scheme is that the "current family number" in
>the hand unit may become off frequently due to accidental button pushes.

I think that a practical scheme has to be able to work when the button on
the remote can be activated away from the garage door: What about kids
using the remote as a phaser while playing a game of Star Trek, showing off
your new cryptographic garage door remote to a friend, dropping a book on
top of the remote in the car, being a little too hasty and pressing the
button while still a few feet out of range of the garage door, a fidgety
passenger picking up the remote and playing with it while in the car, etc.?

 -- sidney <sidney at apple.com>







From rarachel at prism.poly.edu  Tue Jul 26 17:09:55 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Tue, 26 Jul 94 17:09:55 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
Message-ID: <9407262356.AA04215@prism.poly.edu>


I just uploaded a short program I wrote called XSPLIT to ftp.wimsey.bc.ca.
this is a simple crypto tool that splits a file into many files for secure
distribution.  A simple way of escrowing your data to the parties >YOU< only
trust and who don't know each other.

Whenever Gibson's idea of swiss like databanks will occur, you could encrypt
your file, split it with XSPLIT and upload it to several such databanks.

XSPLIT takes a file, generates n-1 random numbers, writes those random numbers
out to each of the n-1 files, and for the nth file it takes the XOR of all N
random numbers, and XORs it with the plaintext.  This way, you get to split
your file in such a way as to require all pieces of it in order to rebuild it.

This is certainly not earth shattering, and is similar to what clipper uses,
only its something you have available to you and something I wrote on a whim.

Enjoy.  (Source is included as usual and should be unix portable.)





From sandfort at crl.com  Tue Jul 26 17:11:00 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 26 Jul 94 17:11:00 PDT
Subject: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407262213.PAA06890@hot.ee.lbl.gov>
Message-ID: <Pine.3.87.9407261750.A28889-0100000@crl.crl.com>


C'punks,

On Tue, 26 Jul 1994, Jef Poskanzer wrote:

> . . . [description of key escrow scheme]
> I don't see any defense in this description against using someone
> else's public key.  The feds could still decrypt such messages,
> but wouldn't know who was talking.  At least not from the envelope.

What a business opportunity for the "homeless." They could repeatedly sell
their key pair for hooch.  "The gift that keeps on giving" (the keys, that
is, not the hooch). 


 S a n d y








From jgostin at eternal.pha.pa.us  Tue Jul 26 17:12:04 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 26 Jul 94 17:12:04 PDT
Subject: (None)
Message-ID: <940726191522R6Qjgostin@eternal.pha.pa.us>


gtoal at an-teallach.com (Graham Toal) writes:

> All sounds reasonble *except*... this is the internet, man!  We can afford
> to do this once every 15 minutes, can't we?
     Unless the messages are given a delivery latency of <insert random
time>, Traffic Analysis will allow for the tracking of messages. If, OTOH,
messages _are_ given a latency, but are garaunteed to be out of the
remailer in, say, 12 hours, it makes the task of tracking messages
anywhere from one degree more difficult to exponentially more difficult,
depending on how many messages flow in 12 hours. If you allow for dummy
messages to pad traffic, TA could be avoided almost entirely except by the
most anal of attackers.

                                        --jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From roy at sendai.cybrspc.mn.org  Tue Jul 26 18:07:08 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 26 Jul 94 18:07:08 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <199407261305.IAA03020@zoom.bga.com>
Message-ID: <940726.190002.8k8.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

Jim Choate writes:

> There is a move here in Austin, TX to put GPS rcvrs. in our police cars
> and then transmit the data back to base over their laptop channels.

I don't know whether to cheer or cringe.  On one hand, it's belling the
cat.  On the other, it's a budgeted installation of the infrastructure
to track everyone.
- -- 
       Roy M. Silvernail         [ ]  roy at sendai.cybrspc.mn.org
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org
         These are, of course, my opinions (and my machines)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjWsCxvikii9febJAQE78gQAopJRVUy+RPuaDN5ILGHJYrHSOwJ37jXK
/ZmH7xTBQ4lGpHDDhRc8F/O42wyoz/vt714ulUXeBD/BUkoLE/TEVURdem31hYDQ
S1nCXvTxNPkOqm+cflFiAZejbfeYp+oNO3W0SR3kLXkMLbUWc8Q2MnYIBfkwJHoP
EDZyZqky9eg=
=Vq/U
-----END PGP SIGNATURE-----






From markh at wimsey.bc.ca  Tue Jul 26 18:48:11 1994
From: markh at wimsey.bc.ca (Mark C. Henderson)
Date: Tue, 26 Jul 94 18:48:11 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
Message-ID: <m0qSy2v-0000RSC@vanbc.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: XSPLIT now own ftp.wimsey.bc.ca

> I just uploaded a short program I wrote called XSPLIT to ftp.wimsey.bc.ca.
> this is a simple crypto tool that splits a file into many files for secure
> distribution.  A simple way of escrowing your data to the parties >YOU< only
> trust and who don't know each other.
I've placed it in
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/Misc

Thanks for the upload,
Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.7

iQBVAgUBLjW77mrJdmD9QWqxAQHSPAH/RX3f06P/SazTILG1ylSBxpN5yEkO0ALo
e93PFbenwVLeOaC1+R+lXvvgC52Rg1cvqDswkuAc29NQTRXkCDVtzA==
=E1mS
-----END PGP SIGNATURE-----

-- 
Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433
ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
low security key fingerprint: EC E7 C3 A9 2C 30 25 C6  F9 E1 25 F3 F5 AF 92 E3
cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto





From hughes at ah.com  Tue Jul 26 19:04:25 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 19:04:25 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <199407261902.AA14756@osiris.cs.uow.edu.au>
Message-ID: <9407270142.AA06673@ah.com>


   Why not just use an encrypted partition. I guess then it is a problem of
   not being persuaded to reveal the key. What laws/rights does the user have 
   as to revealing the key ? 

If the court order you to produce something, you have to or be in
comptempt.  The court will not order you to testify against yourself.
The court can make you show up with the electronic storage that holds
your keys, for example, because this is a physical device.  So the
issue hinges upon the question of whether uttering a passphrase which
makes the device usable counts as giving testimony.  

Is explaining how something works (aka giving a passphrase) testimony?
Quite possibly not.  The explanation or passphrase is not
incriminating by itself; it says nothing and claims nothing.

One solution to this is to give the passphrase (or other access
information) to someone who won't give it back to you if you are under
duress, investigation, court order, etc.  One would desire that this
entity be in a jurisdiction other than where an investigation might
happen.

Eric





From berzerk at xmission.xmission.com  Tue Jul 26 19:07:34 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 26 Jul 94 19:07:34 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
In-Reply-To: <9407262356.AA04215@prism.poly.edu>
Message-ID: <Pine.3.89.9407262029.A6257-0100000@xmission>




How about doing this with n of m?  Anyone have code?

Berzerk.






From hughes at ah.com  Tue Jul 26 19:17:27 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 19:17:27 PDT
Subject: (None)
In-Reply-To: <940726191522R6Qjgostin@eternal.pha.pa.us>
Message-ID: <9407270155.AA06683@ah.com>


	Unless the messages are given a delivery latency of <insert random
   time>, Traffic Analysis will allow for the tracking of messages. 

For the Nth time, it's not latency, it's reordering which is important.

If you have a large enough message flow, adding latency gives you
sufficient reordering.  If your message flow is small, latency doesn't
sufficiently reorder.  Large and small here are message interval times
relative to added latency times.

Random reordering induces random added latencies.  The converse does
not always hold.

Eric





From berzerk at xmission.xmission.com  Tue Jul 26 19:20:03 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Tue, 26 Jul 94 19:20:03 PDT
Subject: Continum of numbers and Turing Machines
In-Reply-To: <199407262350.SAA01647@zoom.bga.com>
Message-ID: <Pine.3.89.9407262048.A6257-0100000@xmission>




On Tue, 26 Jul 1994, Jim choate wrote:
> Seems to me that a Turing Machine can't simulate a continous section of
> R for a simple reason, computers can only work on rational numbers and 
> a continous section would have irrationals in it.
Ok, I am kicking myself for saying this, but it is not the data on the tape, 
it is the information of the machene itself.  It is at most a cardinal 
infinity, and even if there are irrational numbers there can't be a 
continum of these.  It has more to do with there being "steps" than what 
the steps are.  In a continum machene, you would not have steps or 
states.  It is not clear if the quantization of time could do anything to 
this(like make it bogus).  The quantization of spacial objects certainly 
makes a limit forbiding continum tapes.

<warning, sci fi follows, don't even start to criticize this, it is too 
easy!>
I was thinking you could get a quantum computer with an continum of 
states if you did not bind them, which could lead to :

AP nwes: Today sientists at mega labs detonated a quantum computer with 
the intent of solving the recorded history of light recieved here on the 
earth at that instant back to the distribution of mater at approximatly 
10-15 seconds after the big bang.  This complements nicely the forward 
computation done by a similar explosion of smaller magtude.
How is that for a wacky idea?






From blancw at microsoft.com  Tue Jul 26 19:46:53 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 26 Jul 94 19:46:53 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <9407270246.AA06724@netmail2.microsoft.com>


From: Timothy C. May

Putting Microsoft's feet to the fire, getting them to commit to *not*
including any form of software-based key escrow in any future releases
of Windows (Chicago or Daytona) could be a concrete step in the right
direction. Ditto for Apple.
................................................

I'm afraid you can't do that, Tim.   You're just going to have to take 
Sandy & Duncan's Seminar on Hard-core Privacy.

:>)
Blanc
(I'm checking on getting permission to post an official word from MS)





From hayden at vorlon.mankato.msus.edu  Tue Jul 26 20:01:11 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Tue, 26 Jul 94 20:01:11 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <9407270142.AA06673@ah.com>
Message-ID: <Pine.3.89.9407262206.A5701-0100000@vorlon.mankato.msus.edu>


On Tue, 26 Jul 1994, Eric Hughes wrote:

> Is explaining how something works (aka giving a passphrase) testimony?
> Quite possibly not.  The explanation or passphrase is not
> incriminating by itself; it says nothing and claims nothing.

What if the passphrase was something like "I do not pay income taxes"?
(half-joking, half-serious)

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**







From adam at bwh.harvard.edu  Tue Jul 26 20:11:25 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Tue, 26 Jul 94 20:11:25 PDT
Subject: XSplit & N/M alternatives
In-Reply-To: <Pine.3.89.9407262029.A6257-0100000@xmission>
Message-ID: <199407270310.XAA11583@duke.bwh.harvard.edu>



| How about doing this with n of m?  Anyone have code?

You can also get shade from
ftp.dsi.unimi.it:/pub/security/crypt/code/shade.tar.gz


From: hebrais at mirkwood.CAM.ORG (Philippe Hebrais)
Newsgroups: alt.sources
Subject: shade -- split a file with shadows
Message-ID: <hebrais.0xu4 at mirkwood.CAM.ORG>
Date: 13 Dec 92 07:57:05 GMT
Organization: Secte des adorateurs des semiconducteurs
Lines: 675
X-Newsreader: MeNews 2.8.0


                SSSSS   HH   HH    AAA    DDDD     EEEEEEE
               SS   SS  HH   HH   AA AA   DD DD    EE
              SSS      HH   HH  AA   AA  DD  DD   EE
               SSS     HH   HH  AA   AA  DD   DD  EE
               SSS    HHHHHHH  AAAAAAA  DD   DD  EEEE
                SSS   HH   HH  AA   AA  DD   DD  EE
                SSS  HH   HH  AA   AA  DD  DD   EE
            SS   SS  HH   HH  AA   AA  DD DD    EE
            SSSSS   HH   HH  AA   AA  DDDD     EEEEEEE

`shade' is a file splitting and merging utility.  It takes a large
file and splits it into uniformly sized blocks.  It can also output
extra blocks (called shadows).  These shadows can be used to recover
missing sections if they get corrupted or it they are lost.  With a
single shadow, `shade' can recover ANY single missing block.  As many
shadows are needed as there are blocks missing.  If too few blocks
and shadows are available, nothing can be recovered.

For example, foo.bar (259042 bytes) is split into 5 sections
of 45000 bytes, 1 section of 34042 bytes and 2 shadows of
45000 bytes.  Each of these 8 parts is sent through email.
Even if any two of these eight parts gets lost, the original
foo.bar can be reconstructed.

`shade' is a simple application of the chinese remainder theorem
for polynomials with coeficients modulo two.  For more information
see the comments at the beginning of project.c.



SAMPLE USAGE

Split "bar" (111042 bytes) into 20000 byte chunks and output 2
shadows.  All these parts will be uuencoded and output to
foo.uu.001, foo.uu.002, etc.

    % shade -u -k 2 -l 20000 -o foo bar
    [001] [002] [003] [004] [005] [006] [aaa] [aab] Done.

Merge these parts back together:

    % rm foo.uu.003 foo.uu.005
    % cat foo.uu.* | shade -m -u
    Merging bar (111042 bytes)
    Got section 4 (20000 bytes)
    Got section 1 (20000 bytes)
    Got section 2 (20000 bytes)
    Got section 6 (11042 bytes)
    Got shadow 1 (20000 bytes)
    Got shadow 2 (20000 bytes)

    Missing: [003] [005]

    Recovering 2 sections:
    [001] [002] [aaa] [004] [aab] [006]



DISTRIBUTION

Shade is copyright Philippe Hebrais 1992.  You have the permission
to use this code is anyway you feel appropriate as long as you give
credit where it is due.  There is no warranty of any kind.  I am not
responsible for any damage caused directly or indirectly by this
program.


AUTHOR
          ,
Philippe Hebrais <hebrais at mirkwood.cam.org>

--
      Philippe Hebrais   hebrais at mirkwood.cam.org
   Voix: (514)731-9146   uunet!philmtl!altitude!mirkwood!hebrais



-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From jpb at gate.net  Tue Jul 26 20:12:02 1994
From: jpb at gate.net (Joseph Block)
Date: Tue, 26 Jul 94 20:12:02 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <199407261637.JAA21688@netcom.netcom.com>
Message-ID: <199407270309.XAA39796@inca.gate.net>


Re:
> P.S. Better yet: There is no need of Public key technology. It suffices for
> the car unit to send DES(k, n) on the nth transmission. k is a constant
> secret key shared between car unit and garage unit. Garage unit decodes and
> verifies that n is greater than it has seen before.

The only problem with this is that you are limited to one remote per base
station.

jpb




From rjc at access.digex.net  Tue Jul 26 20:30:38 1994
From: rjc at access.digex.net (Ray Cromwell)
Date: Tue, 26 Jul 94 20:30:38 PDT
Subject: GUT and NP
Message-ID: <199407270329.AA19374@access3.digex.net>



  Bezerk's original comment makes two assumptions.

1) continuum phenomena are real and space is not merely quantized
at a level which is undetectable by experiment (just because
physics models it as a continuum doesn't mean it is so)

2) all of this precision actually makes a difference

   For instance, at the level of brain chemistry, who cares
about quantum precision when thermal noises will swamp it anyway?
(the Penrose argument even goes as far as assuming quantum gravity, a force
pitifully weak, as a signficant factor)

   One of the reasons digital manipulation became popular was 
because analog data was too prone to error. Why will a quantum
computer, which seems even more sensitive to external perturbation,
be any different?

  And regardless of whether quantum computers work or not, they are
still algorithmic if they can be simulated (however slowly) by
a turing machine. It's a rigorous mathematical definition.  Claiming
otherwise uses algorithm in a manner different than was intended. 
It's like the way Ludwig Plutonium solves all those famous problems
in sci.math by assuming different definitions of primality, etc.
Quantum computers might be faster than classical computers, but
non-algorithmic, I don't think so.








From analyst at Onramp.NET  Tue Jul 26 20:47:52 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Tue, 26 Jul 94 20:47:52 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <199407270349.WAA26974@ns.onramp.net>


>From: Timothy C. May
>
>Putting Microsoft's feet to the fire, getting them to commit to *not*
>including any form of software-based key escrow in any future releases
>of Windows (Chicago or Daytona) could be a concrete step in the right
>direction. Ditto for Apple.
>................................................
>
>I'm afraid you can't do that, Tim.   You're just going to have to take
>Sandy & Duncan's Seminar on Hard-core Privacy.
>
>:>)
>Blanc
>(I'm checking on getting permission to post an official word from MS)


Any word from Apple? Given their past relationship with RSA (built in to
PowerTalk) and without the threat of an antitrust suit, are they going to
sell out as well?

(I define sell-out to mean unavoidable key escrow built-in to the operating
system--the gov will eventually require that they get a copy in this case,
as others have mentioned)

Tim, it looks like it may not take 6 months after all. When is the Hard
core privacy seminar, anyway?


--
Benjamin McLemore  <analyst at onramp.net>







From yusuf921 at raven.csrv.uidaho.edu  Tue Jul 26 21:02:27 1994
From: yusuf921 at raven.csrv.uidaho.edu (Yarkumila)
Date: Tue, 26 Jul 94 21:02:27 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <Pine.3.89.9407262206.A5701-0100000@vorlon.mankato.msus.edu>
Message-ID: <Pine.3.87.9407262050.A20495-0100000@raven.csrv.uidaho.edu>




On Tue, 26 Jul 1994, Robert A. Hayden wrote:

> > Is explaining how something works (aka giving a passphrase) testimony?
> > Quite possibly not.  The explanation or passphrase is not
> > incriminating by itself; it says nothing and claims nothing.
> 
> What if the passphrase was something like "I do not pay income taxes"?
> (half-joking, half-serious)
> 

Apparently the only way you would not get contempt of court is if
it were against the law for you to be in possetion of the password

say for example a friend of yours works for NASA and happens to give you 
the password. you store drug shipment info/kiddy porn (whatever)

and they want it (what they want to do with it after the investigation is
beside the point)

the phrase isn't incriminating, it could be "The judge is a bed-wetter"

what we NEED is a 2 passphrase program,
1 password decrypts your infor for you, the other formats your hard drive
or prinst out a fake diary or something.

the best defense is to say you forgot it, it was some program you didn't 
want your children editing at the time,

then again whats a year in jail for contempt of court compared to 
20-30 (or whatever) years for child pornography

--
Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui

"When I was crossing the border into Canada, they asked if I had any
firearms with me.  I said, `Well, what do you need?'"
		-- Steven Wright







From hughes at ah.com  Tue Jul 26 21:19:36 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 26 Jul 94 21:19:36 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <Pine.3.89.9407262206.A5701-0100000@vorlon.mankato.msus.edu>
Message-ID: <9407270358.AA06874@ah.com>


   What if the passphrase was something like "I do not pay income taxes"?
   (half-joking, half-serious)

Since this comes up frequently, I'll comment.

When, under oath, you utter the words "I do not pay income taxes", you
are less abbreviatedly say "I testify under oath that I do not pay
income taxes".

When, under oath, you tell the judge that the passphrase is "I do not
pay income taxes", the less abbreviated version is "I testify under
oath that the passphrase is 'I do not pay income taxes'."

The second statement is not testimony that you do not pay income
taxes.

This distinction between the performative and the descriptive was used
by one of the video game companies to try to prevent compatible
cartridges from being manufactured.  Part of the protocol required
that the cartridge send back the string "(c) Slimy Video Games, Inc.".
The company then argued an unfair trade practice, claiming that a
compatible cartridge written by another party was asserting a false
designation of origin.

In fact, the sending of the string as part of the protocol is a merely
syntactic use of these characters for purposes of interoperation.  In
the same way that the meaning of a passphrase is immaterial as a
passphrase, so the transmission of the (c) copyright sign is not a
claim of copyright nor a designation of origin.

Eric





From lcottrell at popmail.ucsd.edu  Wed Jul 27 00:08:17 1994
From: lcottrell at popmail.ucsd.edu (Lance Cottrell)
Date: Wed, 27 Jul 94 00:08:17 PDT
Subject: LITTLE BROTHER INSIDE
Message-ID: <199407270707.AAA23234@ucsd.edu>


yusuf921 at raven.csrv.uidaho.edu said:
>the best defense is to say you forgot it, it was some program you didn't 
>want your children editing at the time,
>
>then again whats a year in jail for contempt of court compared to 
>20-30 (or whatever) years for child pornography
>

So, does anyone know what the record stay on comtempt charges is?

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







From wcs at anchor.ho.att.com  Wed Jul 27 00:12:39 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 27 Jul 94 00:12:39 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <9407270710.AA24548@anchor.ho.att.com>


> From: Timothy C. May
> Putting Microsoft's feet to the fire, getting them to commit to *not*
> including any form of software-based key escrow in any future releases
> of Windows (Chicago or Daytona) could be a concrete step in the right
> direction. Ditto for Apple.
> ................................................

Does anybody have any experience doing stockholder resolutions?

Even though they seldom pass, they are one way of pressuring a company
to do things, and if well written can have a big impact (e.g. a
resolution that Microsoft/AT&T/Apple/Network23 "never compromise
the privacy of their customers data by using key escrow" puts management
in a position of either supporting the resolution (yay!) or
saying "no, sometimes we're willing to compromise our customer's privacy",
followed by weasel words about how it's Good For America and therefore
Good For General Motors or whatever.

			Thanks;  Bill
			





From wcs at anchor.ho.att.com  Wed Jul 27 00:21:02 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 27 Jul 94 00:21:02 PDT
Subject: New Threat on the Horizon: Software Key Escrow
Message-ID: <9407270719.AA24619@anchor.ho.att.com>


> On Tue, 26 Jul 1994, Jef Poskanzer wrote:
> > . . . [description of key escrow scheme]
> > I don't see any defense in this description against using someone
> > else's public key.  The feds could still decrypt such messages,
> > but wouldn't know who was talking.  At least not from the envelope.

That was one of the main objections pointed out by the folks at the
Karlsruhe workshop.  The solution is to have some component, I forget
which but probably the session key, public-key signed with the sender's
private key, and have that key include a key certificate signed by
the Authorities.  Did cause some minor embarassment for the statists,
who hadn't apparently noticed it, but works fine.

On the other hand, if you lose your wallet and your National ID SmartCard II,
which has your signed IsNotACrook Citizen Credentials on it, and your 
card PIN is still set to 1200 like your VCR, and somebody guesses it,
well it's a real shame that you have to get it replaced and change
your Security Number.

			Bill





From wcs at anchor.ho.att.com  Wed Jul 27 01:02:09 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 27 Jul 94 01:02:09 PDT
Subject: Encryption Algorithm for Pagers
Message-ID: <9407270800.AA25030@anchor.ho.att.com>


> From: jgrasty at pts.mot.com (Joey Grasty X3697 P6611)
> I am looking for a simple encryption algorithm suitable for use in pagers.
[small, fast, low CPU needs, small keys]

> 5.  EXPORTABLE <-- yeah, I know

Exportable is easy - you just need to get a *license*.  Since you're
at Motorola, you're a big enough company to talk to NSA and have
some clue of having them approve it, as long as you give them an
algorithm simple enough for them to crack, or dependent on a 
key you give them, or whatever.

An alternative is to develop the code overseas and import it;
I don't know where you're doing your pager hardware, but this
does mean installing firmware overseas (not a major problem if you use
flash eproms, though still annoying.)  But you can use any algorithm
you want, and get to complain to the COmmerce Department about how
your US firm had to use overseas labor because of hostile export laws.

Also, exportable doesn't mean you import it to the country you want to
sell it in; Singapore may not be willing to let you import there something
that the NSA let you export from here, and China may not either.

As far as protocols go, you need to look at your threat model -
are you worried only about random eavesdropping, or do you want
something secure enough the NSA can't crack?  Ron Rivests's RC2/RC4
protocols are export-licenseable, as long as you limit them to
40-bit keys, and are willing to license the code from RSADSI.
It has the advantage that your data will probably be only readable by
professionals for the next few years, though I don't know if it's small
enough for your application; speed should be fine.

On the other hand, the basic wimpy Linear Feedback Shift Register random 
number stuff, while not highly secure, may be adequate for your needs;
use a mode like 32-bit randoms of which you use the bottom 8 bits
to XOR with your data, and start it with an initialization vector
you send with the message so the address message isn't always constant
for a given user.  

I guess I really hate to suggest putting wimpy encryption
in an important global system like a pager net, though it's better than
the current totally non-private version.  The big advantage you have
for current pager applications is that most messages are short,
max 80 or 256 characters with averages probably 20 characters,
so there's not much known plaintext (assuming you do the important
step of using a 1-character abbreviation for the pager system's
own phone number, which is otherwise transmitted on a large
percentage of pages...)  On the other hand, you *do* have the known 
plaintext of the pager address in each message, which is serious risk.

Actually, Blum-Blum-Shub looks like it should be a fairly small
program, but I don't know how long a number you need to use
to make it reasonably secure - if it's in the 128-bit range you're fine.
(it's probably less likely to be exportable than DES, I suppose :-).
It's slow, but you may be able to pre-compute.

Also, you can gain some efficiency by splitting up the pagers into
128/256 groups, send an unencrypted group-id as the first byte, and 
only decode if that matches.  That means you don't need to watch most 
of the messages that go by, and have extra slack time to decode the messages
in your buffer that may be meant for you while ignoring the rest; this 
does imply that the transmitter would queue up messages so that
messages from the same group don't go out within N messages of each other.

			Bill





From bart at netcom.com  Wed Jul 27 04:37:33 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Wed, 27 Jul 94 04:37:33 PDT
Subject: Netcom mail delays
In-Reply-To: <199407262345.QAA16546@netcom13.netcom.com>
Message-ID: <199407271137.EAA10756@netcom13.netcom.com>


    Tim wrote:

> Cypherpunks,
> 
> Sorry I haven't been able to participate in the thread I started, but
> my own post has yet to make it here to "Notcom," and later posts are
> dribbling in out of order, without prior context, etc. (I suspect the
> problem is at Netcom's end, e.g., refusing mail, and not at Toad's
> end.)

    Last night noting an absence of list mail I pinged and found
    toad.com live but got no response (then) from majordomo on a
    "who cypherpunks" query. Tried first at 00:30 then again at
    02:00.  Netcom allowed the responses to be received at 04:49
    within two seconds of each other!  I append the headers to
    document this amazing disservice.

    Since 47 of the 530 cypherpunks are netcom users, I think
    the rest of the list should understand the difficulties we
    face in getting posts in any timely fashion.  It does make
    discourse difficult. 



From bart at netcom.com  Wed Jul 27 04:43:11 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Wed, 27 Jul 1994 04:43:11 -0700 (PDT)
Subject: EMAG> TJOAUC (E-Zine) (fwd)
Message-ID: <199407271143.EAA10938@netcom13.netcom.com>

>  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%




From gtoal at an-teallach.com  Wed Jul 27 05:48:25 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 27 Jul 94 05:48:25 PDT
Subject: LITTLE BROTHER INSIDE
Message-ID: <199407271247.NAA27536@an-teallach.com>


	So, does anyone know what the record stay on comtempt charges is?

i think it was 2 years.  It was that famous case of the woman who wouldn't
disclose her daughter's wherebouts.  She kept getting slammed back until
a higher court declared it unconstitutional to do indefinitely.  However
two years is two years too long in my opinion to spend in a state pen.

G





From rarachel at prism.poly.edu  Wed Jul 27 05:59:17 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 27 Jul 94 05:59:17 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
In-Reply-To: <Pine.3.89.9407262029.A6257-0100000@xmission>
Message-ID: <9407271246.AA16713@prism.poly.edu>


> How about doing this with n of m?  Anyone have code?


What do you mean?  The sources are included with XSPLIT.  The algorithm is
very very simple.

For all chars in input file:
I read a character from the infile called C.
I pick a number MOD the number of files.  I call this X
SUM=0
FOR FILES=0 TO N 
 IF FILES!=X
   Pick Random Number Q
   Write Randome Number Q to File #FILES
   SUM=SUM XOR Q
NEXT FILES
 WRITE C XOR Q to File #X

What exactly did you mean by n of m?  Since at each byte the numbers are picked 
randomly, the stream which holds the XOR'ed sum is random for each character.
So none of the parties holds any more information than any of the others and
it is all useless unless all of the files are joined together.





From rarachel at prism.poly.edu  Wed Jul 27 06:03:22 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 27 Jul 94 06:03:22 PDT
Subject: XSplit & N/M alternatives
In-Reply-To: <199407270310.XAA11583@duke.bwh.harvard.edu>
Message-ID: <9407271250.AA16759@prism.poly.edu>


Very cool.  I wasn't aware that such a splitting program already existed,
although XSPLIT is different than shade in that you need all the parts to
put the file back together and if you miss a part, you don't have anything.

Also, XSPLIT will produce N files of the same size as the original file you
feed it.
W

What exactly is SHADE useful for?  Distributing a file where some of it can get
damaged?  Some software RAID implementation?  Can it be used for encryption?





From rjc at powermail.com  Wed Jul 27 06:22:24 1994
From: rjc at powermail.com (Ray)
Date: Wed, 27 Jul 94 06:22:24 PDT
Subject: Cryptosplit
Message-ID: <199407271318.JAA01471@powermail.com>



  The recent postings about crypto sharing/spliting programs
renewed my interest, so I dusted off cryptosplit (a Shamir
secret sharing program I wrote around November of last year)
and fixed up the bugs which made it unusable. Here it is,
less bugged, about 10 times faster than before, but still ugly.


# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	README
#	Makefile
#	cryptosplit.c
#	gf.h
#
echo x - README
sed 's/^X//' >README << 'END-of-README'
X
XHow to use
X----------
XTo encode:
X
Xcsplit -g <number of pieces> -q <minimum number required for decode> [filename]
X
Xtake filename and split it into the number of pieces given by -g. Each
Xpiece is "filename.0", "filename.1", ..., "filename.(n-1)" if
Xfilename isn't supplied, it operates like kinda like a filter taking the
Xincoming data and spliting it into files "piece.0", "piece.1", ...
X
Xto decode:
X
Xprovide atleast the number of pieces specified by -q when you encoded.
XIf you specify less than the minimum number, it will not decode.
X
Xexample:
X
Xcsplit -g 5 -q 3 file
X[split file into 5 pieces, any 3 of which will reconstruct it]
X
Xcsplit file.0 file.1 file.2
X[put them together in the decoded file and output to stdout]
X
Xif you want to put it into a file, redirect it using the shell, or
Xuse "-o filename"
X
X-Ray
X
X
END-of-README
echo x - Makefile
sed 's/^X//' >Makefile << 'END-of-Makefile'
X
XCFLAGS=-O
X
X
Xcsplit: cryptosplit.c gf.h
X	cc $(CFLAGS) cryptosplit.c -o csplit
X
END-of-Makefile
echo x - cryptosplit.c
sed 's/^X//' >cryptosplit.c << 'END-of-cryptosplit.c'
X/*
X * Cryptosplit 2.03 An implementation of Shamir secret sharing over GF(2^8)
X * 
X * written by Ray Cromwell <rjc at gnu.ai.mit.edu> Version 2.01 - fixed bug and
X * make it generate a different polynomial for each byte
X */
X
X/* Pay no attention to the sloppy code, this is only a first draft */
X
X#include "gf.h"
X#include <sys/types.h>
X#include <sys/stat.h>
X#include <ctype.h>
X#include <stdio.h>
X
Xwrite_pieces(char **, char **, int);
Xwrite_key(char *, char *, int);
Xint             read_key(char *, int);
Xint             read_pieces(char **, int);
Xgenerate_key(char *);
X
Xint             quorum = 2;
Xint             pieces = 3;
X
Xint             generate = 0;
Xchar           *key = 0;
Xchar           *tmpkey = 0;
Xchar          **keypieces;
Xchar           *keyfiles[256];
Xchar           *outputfile = (char *) 0;
X
X#define CHUNKSIZE 8192
X#define RANDINIT(x) srand(time(0))
X#define RAND rand
X
Xmain(int argc, char *argv[])
X{
X	int             c = 1, k = 0;
X
X	RANDINIT(0);
X
X	if (argc == 1)
X		print_help();
X	keyfiles[0] = (char *) 0;
X
X	while (c < argc) {
X		if (argv[c][0] == '-') {
X			if (argv[c][1] == 'g') {
X				generate = 1;
X				c++;
X				if (c >= argc)
X					print_help();
X				pieces = atoi(argv[c++]);
X			} else if (argv[c][1] == 'q') {
X				c++;
X				if (c >= argc)
X					print_help();
X				quorum = atoi(argv[c++]);
X			} else if (argv[c][1] == 'o') {
X				c++;
X				if (c >= argc)
X					print_help();
X				outputfile = argv[c++];
X			}
X		} else {
X			keyfiles[k++] = argv[c++];
X		}
X	}
X	if (generate) {
X		if (k > 0) {
X			init_buffers();
X			if(quorum > pieces) pieces=quorum;
X			generate_keys(keyfiles[0]);
X		}
X	} else {
X		if (k < 2) {
X			fprintf(stderr, "You didn't supply enough pieces.\n");
X			exit(1);
X		}
X		quorum = pieces = k;
X		init_buffers();
X		rebuild_key(k);
X	}
X}
X
Xinit_buffers()
X{
X	int             i;
X	keypieces = (char **) malloc(sizeof(char *) * pieces);
X	for (i = 0; i < pieces; i++)
X		keypieces[i] = (char *) malloc(CHUNKSIZE);
X	key = (char *) malloc(CHUNKSIZE);
X	tmpkey = (char *) malloc(CHUNKSIZE);
X}
X
Xint 
Xread_pieces(char **files, int offset)
X{
X	int             i, s;
X	FILE           *f;
X	for (i = 0; i < quorum; i++) {
X		if (!(f = fopen(files[i], "r"))) {
X			perror("Cryptosplit");
X			exit(1);
X		}
X		fseek(f, offset, SEEK_SET);
X		if (feof(f)) {
X			fclose(f);
X			return 0;
X		}
X		s = fread(keypieces[i], 1, CHUNKSIZE, f);
X		fclose(f);
X	}
X	return s;
X}
X
Xrebuild_key(int ksize)
X{
X	unsigned char **coeffs;
X	unsigned char  *consts;
X	int             i, j, k, p, t, sr, ip, klen, off = 0;
X	unsigned char   x, y, z, r;
X	coeffs = (unsigned char **) malloc(sizeof(char *) * quorum);
X	t = 1;
X	x = 0;
X	for (i = 0; i < quorum; i++) {
X		coeffs[i] = (char *) malloc(quorum);
X	}
X	consts = (char *) malloc(quorum);
X	while (klen = read_pieces(keyfiles, off)) {
X		off += klen;
X		t = 1;
X		while (t < klen) {
X			for (i = 0; i < quorum; i++) {
X				x = keypieces[i][0];
X				y = keypieces[i][t];
X				consts[i] = y;
X				coeffs[i][quorum - 1] = 1;
X				z = x;
X				for (j = quorum - 2; j >= 0; j--) {
X					coeffs[i][j] = z;
X					z = GFMUL(z, x);
X				}
X			}
X			sr = 0;
X			ip = 0;
X/* Invert quorum x quorum matrix to obtain the constant factor */
X/* We can use lagrange interpolation or something better later.
X   Shamir says there is an O(n^2 log n) method, I'll code it when
X   I see it.                                                      */
X
X			for (i = sr; i < quorum; i++) {
X/*				print_matrix(coeffs, consts); */
X				r = GFINV(coeffs[i][i]);
X				consts[i] = GFMUL(consts[i], r);
X				coeffs[i][i] = 1;
X				for (j = sr + 1; j < quorum; j++) {
X					coeffs[i][j] = GFMUL(coeffs[i][j], r);
X				}
X				for (ip = i + 1; ip < quorum; ip++) {
X					r = coeffs[ip][sr];
X					for (j = sr; j < quorum; j++) {
X						z = GFMUL(coeffs[i][j], r);
X						coeffs[ip][j] = GFADD(coeffs[ip][j], GFMUL(coeffs[i][j], r));
X					}
X					consts[ip] = GFADD(consts[ip], GFMUL(consts[i], r));
X				}
X				sr = sr + 1;
X			}
X/*			print_matrix(coeffs, consts); */
X			key[t - 1] = consts[quorum - 1];
X			t++;
X		}
X		write_key(outputfile, key, klen - 1);
X	}
X}
X
Xint 
Xread_key(char *file, int offset)
X{
X	int             size;
X	FILE           *f;
X	if (file)
X		f = fopen(file, "r");
X	else
X		f = stdin;
X	fseek(f, offset, SEEK_SET);
X	if (feof(f)) {
X		fclose(f);
X		return 0;
X	}
X	size = fread(key, 1, CHUNKSIZE - 1, f);
X	fclose(f);
X	return size;
X}
X
Xint 
Xfilesize(char *file)
X{
X	struct stat     s;
X	if (stat(file, &s)) {
X		perror("Cryptosplit");
X		exit(0);
X	}
X	return s.st_size;
X}
X
Xgenerate_keys(char *keyfilename)
X{
X	int             i, j, k, o, keylength, off;
X	unsigned char  *coeffs;
X	unsigned char   x, y, z;
X	char            tmpname[256];
X	coeffs = (char *) malloc(sizeof(char *) * quorum);
X	off = 0;
X	if (!keyfilename)
X		keyfilename = "piece";
X
X	for (i = 0; i < pieces; i++) {
X		keyfiles[i] = (char *) malloc(256);
X		sprintf(keyfiles[i], "%s.%d", keyfilename, i);
X		unlink(keyfiles[i]);
X	}
X	while (keylength = read_key(keyfilename, off)) {
X		off += keylength;
X		for (j = 0; j < keylength; j++) {
X		  /* Generate a random quorum-1'th degree polynomial */
X			for (o = 1; o < quorum; o++) {
X				coeffs[o] = GF(RAND() % 256);
X			}
X			for (i = 0; i < pieces; i++) {
X				y = key[j];
X				x = GF(i + 1);
X				keypieces[i][0] = x;
X				z = x;
X				for (k = 1; k < quorum; k++) {
X					y = GFADD(y, GFMUL(coeffs[k], x));
X					x = GFMUL(x, z);
X				}
X				keypieces[i][j + 1] = y;
X			}
X		}
X		write_pieces(keyfiles, keypieces, keylength + 1);
X	}
X}
X
Xwrite_pieces(char **files, char **data, int ks)
X{
X	FILE           *f;
X	int             i;
X	for (i = 0; i < pieces; i++) {
X		f = fopen(files[i], "a");
X		fwrite(data[i], ks, 1, f);
X		fclose(f);
X	}
X}
X
Xwrite_key(char *file, char *t, int k)
X{
X	FILE           *f;
X	if (file)
X		f = fopen(file, "a");
X	else
X		f = stdout;
X	fwrite(t, k, 1, f);
X	fclose(f);
X}
X
Xprint_help()
X{
X	fprintf(stderr, "To generate 'pieces' of a 'key'\n");
X	fprintf(stderr, "Usage: cryptosplit -g <# of pieces> -q <quorum required to rebuild> keyfile\n\n");
X	fprintf(stderr, "To reconstruct the original file from n 'pieces'\n");
X	fprintf(stderr, "Usage: cryptosplit piece_1 piece_2 ... piece_n [-o output filename]\n");
X	exit(0);
X}
X
Xprint_matrix(char **co, char *c)
X{
X	int             i, j;
X	for (i = 0; i < quorum; i++) {
X		for (j = 0; j < quorum; j++) {
X			printf("%3u ", ((unsigned long) co[i][j] & 0xFF));
X		}
X		printf("= %3u\n", ((unsigned long) c[i] & 0xFF));
X	}
X	printf("\n");
X}
END-of-cryptosplit.c
echo x - gf.h
sed 's/^X//' >gf.h << 'END-of-gf.h'
X/* Cryptosplit
X * An implementation of Shamir secret sharing over GF(2^8)
X *
X * written by Ray Cromwell <rjc at gnu.ai.mit.edu>
X */
X
X/* Pay no attention to the sloppy code, this is only a first draft */
X
X/* g is a primitive element, this table represents g^k for 0 <= k <= 255 */
Xint G[]={
X1, 103, 129, 227, 78, 81, 222, 46, 50, 20, 176, 94, 170, 253, 166, 32, 
X33, 70, 199, 36, 106, 59, 229, 203, 249, 237, 93, 3, 169, 84, 242, 210, 
X243, 181, 114, 86, 60, 7, 226, 41, 208, 61, 96, 99, 202, 158, 108, 190, 
X77, 248, 138, 220, 224, 231, 5, 44, 252, 193, 161, 194, 8, 150, 250, 68, 
X9, 241, 123, 167, 71, 160, 165, 137, 117, 180, 21, 215, 223, 73, 179, 247, 
X254, 15, 116, 211, 148, 52, 145, 24, 109, 217, 204, 27, 196, 141, 62, 201, 
X55, 56, 76, 159, 11, 63, 174, 182, 219, 2, 206, 213, 17, 156, 162, 107, 
X92, 100, 40, 183, 188, 131, 45, 155, 64, 66, 140, 89, 72, 212, 118, 29, 
X65, 37, 13, 186, 6, 133, 168, 51, 115, 49, 189, 228, 172, 120, 14, 19, 
X82, 119, 122, 192, 198, 67, 235, 216, 171, 154, 39, 195, 111, 23, 25, 10, 
X88, 47, 85, 149, 83, 16, 251, 35, 136, 18, 53, 246, 153, 142, 151, 157, 
X197, 234, 191, 42, 121, 105, 146, 177, 57, 43, 30, 232, 113, 255, 104, 245, 
X48, 218, 101, 79, 54, 95, 205, 124, 69, 110, 112, 152, 233, 22, 126, 139, 
X187, 97, 4, 75, 125, 34, 239, 147, 214, 184, 200, 80, 185, 175, 209, 90, 
X225, 128, 132, 207, 178, 144, 127, 236, 58, 130, 74, 26, 163, 12, 221, 135, 
X102, 230, 98, 173, 31, 143, 240, 28, 38, 164, 238, 244, 87, 91, 134, 1, 
X};
X
X/* if n=g^k, this table returns k=lg n */
Xint I[]={
X0, 255, 105, 27, 210, 54, 132, 37, 60, 64, 159, 100, 237, 130, 142, 81, 
X165, 108, 169, 143, 9, 74, 205, 157, 87, 158, 235, 91, 247, 127, 186, 244, 
X15, 16, 213, 167, 19, 129, 248, 154, 114, 39, 179, 185, 55, 118, 7, 161, 
X192, 137, 8, 135, 85, 170, 196, 96, 97, 184, 232, 21, 36, 41, 94, 101, 
X120, 128, 121, 149, 63, 200, 17, 68, 124, 77, 234, 211, 98, 48, 4, 195, 
X219, 5, 144, 164, 29, 162, 35, 252, 160, 123, 223, 253, 112, 26, 11, 197, 
X42, 209, 242, 43, 113, 194, 240, 1, 190, 181, 20, 111, 46, 88, 201, 156, 
X202, 188, 34, 136, 82, 72, 126, 145, 141, 180, 146, 66, 199, 212, 206, 230, 
X225, 2, 233, 117, 226, 133, 254, 239, 168, 71, 50, 207, 122, 93, 173, 245, 
X229, 86, 182, 215, 84, 163, 61, 174, 203, 172, 153, 119, 109, 175, 45, 99, 
X69, 58, 110, 236, 249, 70, 14, 67, 134, 28, 12, 152, 140, 243, 102, 221, 
X10, 183, 228, 78, 73, 33, 103, 115, 217, 220, 131, 208, 116, 138, 47, 178, 
X147, 57, 59, 155, 92, 176, 148, 18, 218, 95, 44, 23, 90, 198, 106, 227, 
X40, 222, 31, 83, 125, 107, 216, 75, 151, 89, 193, 104, 51, 238, 6, 76, 
X52, 224, 38, 3, 139, 22, 241, 53, 187, 204, 177, 150, 231, 25, 250, 214, 
X246, 65, 30, 32, 251, 191, 171, 79, 49, 24, 62, 166, 56, 13, 80, 189, 
X};
X
X#define GFADD(a,b) ((a) ^ (b))
X#define GFMUL(a,b) (((a)==0 || (b)==0) ? 0 : G[(I[(a)] + I[(b)]) % 255])
X#define GFINV(a)   ((a)==0 ? 0 : G[255-I[(a)]])
X#define GF(a) (G[(a) % 255])
X#define LOGGF(a) (I[(a)%255])
X
END-of-gf.h
exit





From rjc at powermail.com  Wed Jul 27 07:05:14 1994
From: rjc at powermail.com (Ray)
Date: Wed, 27 Jul 94 07:05:14 PDT
Subject: Cryptosplit note
Message-ID: <199407271401.KAA01527@powermail.com>



   It uses rand() when it needs random numbers for the
coefficients of the polynomial. I don't know what kind of
security risk that poses, but it really should be using something
better.  Where can I get Blum-Blum-Shub source or documentation on the
algorithm?


-Ray





From lstanton at sten.lehman.com  Wed Jul 27 07:05:39 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Wed, 27 Jul 94 07:05:39 PDT
Subject: CYPHERPUNKS TO THE RESCUE
In-Reply-To: <9407261944.AA04628@smds.com>
Message-ID: <9407271406.AA00426@sten.lehman.com>


In message <9407261944.AA04628 at smds.com> FutureNerd Steve Witham writes:
  > But this raises an idle question: how much easier is it to break 
  > a DES key given a sequence of (n, DES(n)) where the n's are 
  > successive numbers, than it is if the n's are random (but still
  > known)?  I doubt this is a practical threat for garage doors.

This would be a known plaintext attack, well suited to differential
cryptanalysis.

Though the lifetime of the average garage door opener is probably small
enough that it would die before you had enough plaintext/ciphertext
pairs for a good attack




From gtoal at an-teallach.com  Wed Jul 27 07:39:07 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 27 Jul 94 07:39:07 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
Message-ID: <199407271438.PAA29976@an-teallach.com>


: XSPLIT takes a file, generates n-1 random numbers, writes those random numbers
: out to each of the n-1 files, and for the nth file it takes the XOR of all N
: random numbers, and XORs it with the plaintext.  This way, you get to split
: your file in such a way as to require all pieces of it in order to rebuild it.

Where do you get your random numbers?  (This could be susceptible to
the usual PRNG reverse-engineering techniques...)

G
PS I know I should fetch it and look for myself, but I'm fighting
alligators here again.





From nzook at math.utexas.edu  Wed Jul 27 07:50:04 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Wed, 27 Jul 94 07:50:04 PDT
Subject: us.* heiarchy--scary
Message-ID: <9407271446.AA13029@vendela.ma.utexas.edu>


The following is only tangentally c-punk.  It is also long. Ctrl-C now if
that is your only concern.





From mpj at netcom.com  Wed Jul 27 07:51:48 1994
From: mpj at netcom.com (Michael Paul Johnson)
Date: Wed, 27 Jul 94 07:51:48 PDT
Subject: Gore's "new and improved" key escrow proposal
In-Reply-To: <199407251802.LAA10432@servo.qualcomm.com>
Message-ID: <Pine.3.89.9407270757.A28527-0100000@netcom3>




On Mon, 25 Jul 1994, Phil Karn wrote:

> I think we need to distinguish between encrypted *storage* and
> encrypted *communications*.  Voluntary key escrow may make sense for
> encrypted stored business files, but communications is a different
> story. Since there should be nobody out there recording packets, there
> is no need to back up or escrow the keys used to encrypt them.

Good point.  The line between storage and transmission gets kind of 
fuzzy, however, if transmitted messages get stored in encrypted form.  I 
think that if I were designing an encryption system to be used for both 
in my own business, I would probably consider a compartmented escrow 
system for both kinds of messages, with a different escrow public key for 
each department.  That is would be a good balance between two evils:  
unauthorized disclosure of proprietary communications, and loss of 
encrypted data due to loss of a key or loss of an employee.  Naturally, 
this would not be as convenient for law enforcement agents and spies, but 
I suppose that my own escrow data base would still be subject to the same 
subpoena process as the rest of my records, but I would be more likely to 
know when information was being leaked.

                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|





From nzook at math.utexas.edu  Wed Jul 27 08:01:02 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Wed, 27 Jul 94 08:01:02 PDT
Subject: Proposed us.* heirarchy
Message-ID: <9407271457.AA13067@vendela.ma.utexas.edu>


The following is only tangentially c-punk, and long.  If, based on that, you
don't want to read it, please hit ctrl-C now.

Nathan





From sandfort at crl.com  Wed Jul 27 08:06:15 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 27 Jul 94 08:06:15 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <9407270142.AA06673@ah.com>
Message-ID: <Pine.3.87.9407270710.A25102-0100000@crl.crl.com>


C'punks,

On Tue, 26 Jul 1994, Eric Hughes wrote:

> . . .
> One solution to this is to give the passphrase (or other access
> information) to someone who won't give it back to you if you are under
> duress, investigation, court order, etc.  One would desire that this
> entity be in a jurisdiction other than where an investigation might
> happen.

And one way to do this that fits in with my original post is via a 
pager-delivered instruction.  Prior to seizure/theft, you would make an 
arrangement with an offshore "escrow agent."  After seizure you would 
send your computer the instruction that says, "encrypt my disk with the 
escrow agents public key."  After that, only the escrow agent could 
decrypt your disk.  Of course, the escrow agent would only do that when 
conditions you had stipulated were in effect.


 S a n d y








From nrk!nrk!wb8foz at wariat.org  Wed Jul 27 08:13:10 1994
From: nrk!nrk!wb8foz at wariat.org (nrk!nrk!wb8foz at wariat.org)
Date: Wed, 27 Jul 94 08:13:10 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <199407270707.AAA23234@ucsd.edu>
Message-ID: <m0qTAgG-000Gn6C@nrk.com>



> yusuf921 at raven.csrv.uidaho.edu said:

> So, does anyone know what the record stay on comtempt charges is?

Dr. Elizebeth Morgan, I suspect. 
(Dual MD couple in DC. She accuses him of child molestation, spirits
daughter away. Refused to tell Judge where. In lockup for ~1.5 years
without charge/trial. Congress finally passed a law limiting civil
contempt to release her. More recently, Supreme Court ruling defining
limits of civil contempt (UMW vs. JOHN L. BAGWELL) may have an effect on
this.)

-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close............(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From adwestro at ouray.Denver.Colorado.EDU  Wed Jul 27 08:24:55 1994
From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope)
Date: Wed, 27 Jul 94 08:24:55 PDT
Subject: XSplit & N/M alternatives
In-Reply-To: <9407271250.AA16759@prism.poly.edu>
Message-ID: <RHdDkaa0iMHR069yn@ouray.denver.colorado.edu>


> Also, XSPLIT will produce N files of the same size as the original file you
> feed it.

I just glanced at the .doc and ran it once last night on my PC -- haven't
looked at the source -- but a possible application of this occurred to me
this morning.  The N files are binary, but it should be easy to restrict
them to ASCII using a command-line switch or a file for PRNG input, right?
Then they would be suitable for Internet (re)mailing.  (Concerns about
cryptographic integrity are irrelevant for my purposes.)

A remailer could receive, say, a 5k message, which might be ~4.5k after
peeling off that remailer's layer of encryption.  XSPLIT could then be
invoked to produce several ASCII files of identical size.  These bogus
files could be mailed to various remailers at the same time as the "real"
file, with a prepended instruction to send 'em to the bit bucket.  Of
course, latency would then have to be added before processing the "real"
file to defeat traffic analyis.  I'm probably missing something, but
it's a thought anyway...


Alan Westrope                  <awestrop at nyx.cs.du.edu>
__________/|-,                 <adwestro at ouray.denver.colorado.edu>
   (_)    \|-'                  finger for pgp 2.6 public key
"Silent, We the Empire Await, Trystero!" -- Pynchon (sorta...)





From sandfort at crl.com  Wed Jul 27 08:27:55 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 27 Jul 94 08:27:55 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <9407270358.AA06874@ah.com>
Message-ID: <Pine.3.87.9407270837.A25102-0100000@crl.crl.com>


C'punks,

On Tue, 26 Jul 1994, Eric Hughes wrote:

> . . .
> When, under oath, you tell the judge that the passphrase is "I do not
> pay income taxes", the less abbreviated version is "I testify under
> oath that the passphrase is 'I do not pay income taxes'."
> 
> The second statement is not testimony that you do not pay income
> taxes.

Just to play Devil's Advocate, here is another twist to this "passphrase
as self-incrimination" thread.  Let us say you have, in fact, committed a
more serious offense about which the government knows nothing.  If your
passphrase not only admitted the crime, but gave information which could
lead to corroboration of the admission, you could arguably withhold the
passphrase. 

As an example, your passphrase could be:

	I shot a cop in the back and buried his body under
	the porch at 123 Main St., anywhere USA.  The gun is
	wrapped in an oily cloth in my mother's attic.

"I decline to answer on the grounds that my passphrase is a statement 
which may tend to incriminate me.  I will only give my passphrase if I am 
given immunity from prosecution for the actions to which it alludes."

Too cute, I know, but who knows, it might work.


 S a n d y








From sandfort at crl.com  Wed Jul 27 08:50:23 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 27 Jul 94 08:50:23 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <199407271247.NAA27536@an-teallach.com>
Message-ID: <Pine.3.87.9407270827.A25102-0100000@crl.crl.com>


C'punks,

On Wed, 27 Jul 1994, Graham Toal wrote:

> . . .
> two years is two years too long in my opinion to spend in a state pen.

No problem.  They don't put you in prison for contempt.  They put you in 
jail.  Now don't you feel better?


 S a n d y








From rah at shipwright.com  Wed Jul 27 08:58:53 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 27 Jul 94 08:58:53 PDT
Subject: Oh, No, Mr. Bill!
Message-ID: <199407271558.LAA15010@zork.tiac.net>



I had a nightmare last night. I sat bolt upright in bed at about 3:45 am,
and the only thing I could remember from the dream was an ad which looked
like:


Headline: If it's good enough for government work, it's good enough for you.

[Software box in the middle]
(looked like an Access or Word, or Excel box)

Tagline:    MS Escrow(tm): All the privacy we think you need.



Apologies to those MSerfs out there. I can't control my (hyperactive)
imagination sometimes...



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From adam at bwh.harvard.edu  Wed Jul 27 09:10:24 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Wed, 27 Jul 94 09:10:24 PDT
Subject: Cryptosplit note
In-Reply-To: <199407271401.KAA01527@powermail.com>
Message-ID: <199407271609.MAA07999@freud.bwh.harvard.edu>



|    It uses rand() when it needs random numbers for the
| coefficients of the polynomial. I don't know what kind of
| security risk that poses, but it really should be using something
| better.  Where can I get Blum-Blum-Shub source or documentation on the
| algorithm?

rand() produces really bad random numbers.  Dose anyone have code for
Mac/dos/unix that figures out how to use the 'better' PRNG that the
vendor ships with ifdefs & stuff?  (On Unix, I use random(3) for bad
random numbers, on the Mac I use the toolbox Random().  I dont code on
pcs.

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.


to do is to choose
a Blum modulus N = P*Q where P and Q are both equal to 3 mod 4, and of about
the same size.  Choose a random initial seed S and set X0 = S*S mod N.
Then repeatedly iterate X(i+1) = Xi * Xi mod N.  Use the low-order
log2 ( log2 ( N ) ) bits of Xi as the output of the PRNG; for N of 1000 bits
this means you get 10 bits per iteration.

For the cryptosplit application (nice program, BTW) you could use a fixed
pre-computed suitable N.  Then the only hard part is to seed X0.  Maybe you
could use a combination of a hash of the input file and the time of day;
that should be pretty safe although it might be subject to a known-plaintext
attack (where they think they know what you've split up, and they just want
to verify it).  You could add a switch for the user to throw in a random
string as additional seeding material.

The only other problem then is adding an MP package.  A lot of Unix systems
come with libmp, or you could use Gnu or even pgptools.

Hal





From talon57 at well.sf.ca.us  Wed Jul 27 09:21:54 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Wed, 27 Jul 94 09:21:54 PDT
Subject: little brother inside
Message-ID: <199407271621.JAA18557@well.sf.ca.us>



'punksters,

 G. Gordon Liddy was in jail for contempt for somewhere between 18
months and two years.

 This has nothing to do with crypto, but alot to do with privacy.

Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 





From s009amf at discover.wright.edu  Wed Jul 27 09:22:42 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Wed, 27 Jul 94 09:22:42 PDT
Subject: "Key Escrow" --- the very idea
In-Reply-To: <9407221303.AA00981@tis.com>
Message-ID: <Pine.3.89.9407271253.B22539-0100000@discover>


On Fri, 22 Jul 1994, Carl Ellison wrote:

> if you really want to propose an escrow system we can live with,
> I would demand that it include:
> 
> 1.	unambiguous ID of the person being tapped in the LEAF-equivalent
> 2.	multiple escrow agencies, at least one of which is the NSA HQ
> 	(for its superior physical security)
> 3.	watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR,
> 	EFF, NYTimes, ...) with authorization to look for abuses of
> 	authority and to refuse to release keys in such cases and to
> 	publicize such cases as well as bringing them to the attention
> 	of law enforcement for prosecution.

In theory this would be nice, but it just takes a gun to someone's head 
to say hand it over... Would you risk your life for other people... And 
once they kill you, it's a matter of searching through the records for 
it. It's not that safe. I rather my private key not be in escrow at all...

> 4.	user-generated escrow keys, to reduce the chance of anyone having a
> 	backdoor way to get the whole escrow key database.
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=







From ravage at bga.com  Wed Jul 27 09:27:00 1994
From: ravage at bga.com (Jim choate)
Date: Wed, 27 Jul 94 09:27:00 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <m0qTAgG-000Gn6C@nrk.com>
Message-ID: <199407271626.LAA29541@zoom.bga.com>


> 
> Dr. Elizebeth Morgan, I suspect. 
> (Dual MD couple in DC. She accuses him of child molestation, spirits
> daughter away. Refused to tell Judge where. In lockup for ~1.5 years
> without charge/trial. Congress finally passed a law limiting civil
> contempt to release her. More recently, Supreme Court ruling defining
> limits of civil contempt (UMW vs. JOHN L. BAGWELL) may have an effect on
> this.)
> 
I don't think this will apply since we are talking about a criminal case
not a civil one. Child custody is a civil issue unless the child is being
harmed and then the acts are criminal. I suspect that no judge or other
body will set a limitation in the case of a criminal case unless the
imprisonment extends past the statute of limitations (if there is one).

Side Note:

Perhaps somebody who archives the list should take this and earlier talk
on the topic of self-incrimination and such and submit them to a law 
journal...?






From hughes at ah.com  Wed Jul 27 09:50:14 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 27 Jul 94 09:50:14 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <Pine.3.87.9407270837.A25102-0100000@crl.crl.com>
Message-ID: <9407271628.AA07767@ah.com>


   Let us say you have, in fact, committed a
   more serious offense about which the government knows nothing.  If your
   passphrase not only admitted the crime, but gave information which could
   lead to corroboration of the admission, [...]

Well, I'd call that situation stupidity rather than cleverness.

Eric





From hughes at ah.com  Wed Jul 27 09:57:05 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 27 Jul 94 09:57:05 PDT
Subject: LITTLE BROTHER INSIDE
In-Reply-To: <Pine.3.87.9407270710.A25102-0100000@crl.crl.com>
Message-ID: <9407271635.AA07788@ah.com>


   Prior to seizure/theft, you would make an 
   arrangement with an offshore "escrow agent."  After seizure you would 
   send your computer the instruction that says, "encrypt my disk with the 
   escrow agents public key."

You don't even need public key.  Just place a secret key in the hands
of your if-duress-no-release agent and put the same key in the right
place in nonvolatile, but erasable, storage inside the computer.  In a
standard PC, there's room for this in the battery-backed configuration
RAM, which has lots of extra space on many newer models.

The use of public key would still require that a session key for a
(fast) symmetric cipher be generated and then destroyed, so you're not
that much better off.  The advantage is that you don't have to destroy
the public key.  Since destruction is pretty easy for information, I
don't consider it much of an advantage.

And, lastly, if you were to use public key, you'd want the agent to
generate a key pair for your use only.  This avoids linkage with other
information.

Eric





From andy at autodesk.com  Wed Jul 27 11:00:36 1994
From: andy at autodesk.com (Andrew Purshottam)
Date: Wed, 27 Jul 94 11:00:36 PDT
Subject: Continum of numbers and Turing Machines
In-Reply-To: <199407262350.SAA01647@zoom.bga.com>
Message-ID: <199407271759.KAA04594@meefun.autodesk.com>


Marvin Minsky's old automata theory text
(something like "Finite and Infinite Machines") 
has an intro to the computable reals (or constructable reals? 
can't remember) which the interested might like to read.






From tcmay at netcom.com  Wed Jul 27 11:44:52 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 27 Jul 94 11:44:52 PDT
Subject: Government-Controlled Trust Hierarchies
Message-ID: <199407271844.LAA14181@netcom10.netcom.com>


Two recent threads have been:

* Government-controlled ID systems (National ID Card, is-a-person
credentials, etc.)

* Software Key Escrow (SKE)

These two threads are intimately connected, I claim. We would do well
to consider how they relate, given the recent revelations about plans
for SKE by Microsoft, the already-existing (but mostly unused?)
features in Apple's AOCE/System 7 Pro/etc. system, the proposal by
Stephen Walker at TIS of an SKE system, and the press for a National
ID card.

The "anarchic" model of the "web of trust" found in PGP is anathema to
control freaks...sorry if this sounds like I'm grinding an ideological
axe, but I don't feel I have to make posts to _this_ group sound like
impartial, academic papers.

Someone discussing key escrow here recently said that one thing he's
want to see in any "voluntary" system is "proof of identity." Though
many of us here dismissed his arguments as Detweileresque, in that
Detweiler was always trashing pseudonymity (while being by far the
most obvious user of it, ironically). But I think these arguments are
common in some circles.

For example, to use the Apple Open Collaboration Environment (AOCE)
stuff, one gets one's key by submitting to RSA a notarized statement
of one's identity. I haven't done this, and have no intentions to ever
do so, but I gather than one take's one's passport, birth certificate,
etc., down to a Notary Public, she confirms that the person is indeed
"Sue D. Nym," signs and stamps the AOCE or RSADSI form, and this is
snail-mailed to RSADSI in Redwood Shores. Some days or weeks later,
one's key arrives.

Sort of kills the idea of multiple keys for multiple purposes, of
changing keys frequently, and of not going through such a process in
the first place. Oh, and of course it costs money (the Notary for
sure, and maybe RSADSI...though maybe Apple gives your a free coupon
"Good for One Key Generation").

The Microsoft thing may be going down a similar track. The Microsoft
paralegal who confirmed to me yesterday (via Blanc Weber, who can
attest to what I'm saying) that MS is indeed pursuing SKE claimed
that this is primarily to meet export laws and will not apply, he
claims, to U.S. users.

(I'm confused. If it's _export_ laws, and not _import_ laws into
Haiti, Iraq, France, or other police state who may insist on key
escrow, then won't all U.S.-sold packages of "Chicago" have to have
this SKE built in? Why should U.S. export laws care about what key
escrow laws other countries have? Since when do we enforce other
countries' laws at our borders?)

>From everything I am seeing, SKE will be incorporated into some
widely-used operating systems, notably, Microsoft's upcoming release
of "Chicago," the successor to Windows 3.1. (Chicago is essentially
Windows 4.0)

Who will write this? The SKE proposal described at the Karlsruhe
workshop in international key escrow was authored by Stephen Walker
and David Balenson of Trusted Information Systems. Matt Blaze's post
yesterday discussed this in more detail. 

I suggest we look very closely for connections between TIS and
Microsoft, Apple, Novell, Sun, and any other major OS providers. I
believe TIS is preparing an SKE system that involves the "proof of
identity" notary system Apple and RSADSI are now using, that involves
mandatory selection of escrow agents (*), and that will be widely
deployed in upcoming future operating systems, probably in Chicago in
1995 and maybe in Apple's System 7.5 in '95 as well.

As Hal Finney notes, this will nuke the "web of trust" model, and will
also make all systems in which keys need to be generated on an ad hoc,
as needed basis very difficult or impossible to deploy--at least if
the built-in systems of Chicago or System 7.5 are to be used.

(* A note of confusion. I don't see how the schemes described by Matt
Blaze, Carl Ellison, and others here, in which groups of communicants
agree on a mutual escrow agent can work. For example, suppose a bunch
of say, "OK, we'll play your silly game. We'll use your software,
but our "escrow agents" will be "cypherpunks.nil" and
"bitbucket.void," both of which consign all incoming keys to oblivion.
Whutja gonna do now?" This makes the escrow agents a charade, unless
of course there are laws regulating escrow agents!)

In closing, it looks like the anarchic, distributed, web-of-trust
stuff has been recognized as something governments need to quash. The
first attack, Clipper, failed miserably, for various reasons.

The second attack is much more insidious. Use various pressures on
Microsoft (Gee, I wonder what _that_ could be?) to deploy a Beltway
Bandit-deveoloped (TIS, with inputs from Denning, NIST/NSA) system
that is, happily, "freely exportable." This satisfies Cantwell (so she
drops her bill), this allows Clipper to be quietly killed, this allows
Microsoft to free export Chicago, Daytona, and other such products,
and this presumably keeps the national security state people happy.

Well, this is my scenario. It could be wrong in some details, but
clearly something is brewing out there....too many pieces are matching
up.

Vigilance!

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From gtoal at an-teallach.com  Wed Jul 27 11:50:44 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 27 Jul 94 11:50:44 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
Message-ID: <199407271849.TAA05734@an-teallach.com>


: > How about doing this with n of m?  Anyone have code?

: What do you mean?  The sources are included with XSPLIT.  The algorithm is
: very very simple.

: What exactly did you mean by n of m?  Since at each byte the numbers are picked 

He means an n-of-m error correcting code applied to secret sharing.

Take a Hamming code for example.  I used to use a 4-bit one when I
worked in teletext.  4 bit nibbles were encoded as 8 bit words.  You
could corrupt 2 bits and recover the 4 bits correctly, thus it was 
a 2-in-4 error-correcting code.  I think it was also a 3-in-4
error *detecting* code, because if three of the eight bits were
in error, you could know there was an error but not reliably
correct it.

Thus you can take a stream of data, split it up into 4 bits, and
hamming encode each nibble.  Then you give 1 bit from each output
byte to a different person.  The original file can be rebuilt if
6 of the 8 people get together - effectively you're decoding each
8-bit byte by assuming that the bits from the two missing people
were corrupted in transit (ie any value you supply will do)

Error-correcting codes are well understood (though not necessarily
by me ;-) ) and can be tailored to any n of m, eg you could have a
code that took 24-bit units, made a 100-bit output word, and could
rebuild the original 24-bit word by having access to only say 70 of
the 100 bits.

The application of this to secret sharing is obvious.

What isn't so obvious is that since these codes are designed for
data transmission rather than data hiding, you're liable to
find that for some bit positions in the output word, you have
a direct copy of one of the input bits!  So in my first example
above where 4 bits mapped to 8 bits, 4 of the 8 bits of output
were actually just the four input bits even though the other
4 bits were in some way random 'check bits'.

So just by finding the right 4 people and analysing the data
you'd get if you took their bits as actual data, you could
tell whether you'd found the cleartext bits or not.

Thus a straight Hamming code can't be used to split secrets; I'm
not sure of the modifications necessary - I *think* it might be
enough to whiten the input data with random noise, but I'm far
far less than 100% convinced of this.  I'll have to think about
it some other time when I don't have as much on my mind.

I expect some textbook has already covered the application of
these things to cryptography.  Wish I had one :-(

G





From berzerk at xmission.xmission.com  Wed Jul 27 12:17:00 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Wed, 27 Jul 94 12:17:00 PDT
Subject: GUT and NP
In-Reply-To: <199407270329.AA19374@access3.digex.net>
Message-ID: <Pine.3.89.9407271323.A17279-0100000@xmission>




On Tue, 26 Jul 1994, Ray Cromwell wrote:
> 1) continuum phenomena are real and space is not merely quantized
> at a level which is undetectable by experiment (just because
> physics models it as a continuum doesn't mean it is so)
true.
> 2) all of this precision actually makes a difference
true.

>    For instance, at the level of brain chemistry, who cares
> about quantum precision when thermal noises will swamp it anyway?
> (the Penrose argument even goes as far as assuming quantum gravity, a force
> pitifully weak, as a signficant factor)
What does that have to do with the above?

>    One of the reasons digital manipulation became popular was 
> because analog data was too prone to error. Why will a quantum
> computer, which seems even more sensitive to external perturbation,
> be any different?
Are you trying to say that things have to be digital to have noise 
imunity?  If so, you are totally wrong.  Examples abound from analog 
elctronics specifically transmission.

>   And regardless of whether quantum computers work or not, they are
> still algorithmic if they can be simulated (however slowly) by
> a turing machine. It's a rigorous mathematical definition.  Claiming
Sure, I never said otherwise, just that it is conceivable that some 
continum phenomina can't be described algorithmicly AT ALL.
> otherwise uses algorithm in a manner different than was intended. 
> It's like the way Ludwig Plutonium solves all those famous problems
> in sci.math by assuming different definitions of primality, etc.
> Quantum computers might be faster than classical computers, but
> non-algorithmic, I don't think so.
Hmmm, argument by plutonium?  Try again.

Berzerk.





From jgostin at eternal.pha.pa.us  Wed Jul 27 12:21:20 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 27 Jul 94 12:21:20 PDT
Subject: Latency vs. Reordering
Message-ID: <940727141624e1Sjgostin@eternal.pha.pa.us>


hughes at ah.com (Eric Hughes) writes:

> For the Nth time, it's not latency, it's reordering which is important.
     True. For small numbers of files re-ordering is important. On the
large scale, latency serves both purposes. I tend to think of these things
on the large scale, which is the reason I pointed things that way.

                                        --jeff





From d9bertil at dtek.chalmers.se  Wed Jul 27 05:42:56 1994
From: d9bertil at dtek.chalmers.se (Bertil Jonell)
Date: 27 Jul 1994 12:42:56 GMT
Subject: Attention: the us.* hierarchy and its effect on the gun groups
Message-ID: <315kog$rcv@nyheter.chalmers.se>


WHATS UP:

  There is discussion over at news.groups to start a new top-level
hierarchy named us. The main argument being that the US of A should
have an own hierarchy since everyone else has one.

  Now you might have whatever opinion on that, that is not core of
the matter, but some people are trying to sneak in something very
bad under cover of the us.* hierarchy question.

  They, and I'm talking of a cabal of seven persons calling themselves
the "US Hierarchy Coordinating Committee" out of a net population of 
twenty million, want to sneak through severe changes in the newgroup
creation procedures that would put them in absolute command of the us.* 
hierarchy.

TODAY:

  Today when a new newsgroup is to be created, anyone can propose it,
a period of discussion where anyone can participate follows and its
fate it decided by a vote, in which anyone can participate.

TOMORROW:

  In the us.* hierarchy groups can only be created by the cooperation
of the US Hierarchy Coordinating Committee. After they have decided on
a name for the group, and 'firmed up the charter', they will start a
public discussion by announcement on a (by them) moderated group. If
they decide that the group get enough support they will create it.

  The US Hierarchy Coordinating Committee is not elected by anyone. They
are totally self-appointed. Their proposal does not include any rules
or guidelines on how new cabal members are choosen, nor any ways to
depose the current ones. To quote them directly: "The Committee feels
that it would be better to wait until the hierarchy exists for a while
so that the lay of the land may be better understood before proposing
a whole system of rules for changes to the Committee, the creation
guidelines, and the structure of the hierarchy."
  
  They themselves want to write the rules (if any) by which they
themselves can be replaced, but they don't want to show us the rules,
we should just accept them, they say.

WHY:

  Why rip up the old democratic guidelines and replace them with
this oligarchic mess? They say it is to make the us.* hierarchy more
efficient and easy to use. Proposals to concentrate power in the
name of efficiency always makes me wary.

THE NEXT 40 LINES OF THIS MESSAGE SHOULD BE UNNECESSARY:

  Because this proposal should not be judged after how much good the
the Comittee might do, and certainly not after what good things *they*
claim they'll do, but after what bad things they *can* do since their
proposal totally lacks any checks and balances.

  So what I have written upto this point should be enough to
make you jump to the "WHAT CAN I DO" part:)

MY FEAR:

  There have been much talk recently about how Usenet is lawless, about
how various nastiness float around here, and about how the wild frontier
needs to be tamed. I think that is what they intends. This is an attempt
to impose authority on the net, put barbed wire across the frontier.

  I doubt that any controversial newsgroups will pass the comittee. 
I suspect that us.rec.guns will be as impossible to get past
the comittee tomorrow as rec.illegal.drugs would be today.

  So therefore I urge everyone who has interests that is ever so slightly
non-mainstream, either in reality or as pictured by the media, or feels
that your interests might slide out of the mainstream soon, to vote NO
to the us.* hierarchy, if you want a place to discuss your interests on
on Usenet tomorrow.

  Around here I'm thinking of you who are any or all of pro-rkba, anti-WoD,
anti-BATF, anti-censorship's, anti-clipper, libertarians, etc etc.
 
  [only 4 of which is correct about me, but that is irrelevant:) ]

SO WHAT?

  So what? This will only cover the us.* hierarchy? The rest of Usenet will
be as before? Right?

  Well yes and no. Formally that is right, but the net is growing at an
amazing rate. New sites are added daily, many of them schools and schools
lower and lower on the age scale is getting access.
  What do you think they will choose if given the choise between getting
only the pg-13 us.* hierarchy, the R-rated normal Usenet or the X-rated
altnet?
  Especially since the us.* hierarchy advertises itself as handling the
US-specific issues on the net, I think most new sites in the US will play
it safe and only get the us.* hierarchy.

  And the way the net is growing new sites will soon be in the majority
and not long after that take up 90% of the total net sites.
  
  So if you want to say something that more than 10% hear, you'll have
to go through the us.* hierarchy, and you better hope your interest is 
covered by the cabal-approved charter of a cabal-approved newsgroup. And
if you have angered any of the cabal-members in the past you are f*cked.
period.

WHAT CAN I DO:

  You can vote NO to the proposed us.* hierarchy. A us.* hierarchy might
or might not be a good idea, but under these rules it would be a disaster.

  It should be possible to just reply to this message (press 'R' on 
rn/trn/rrn), edit out all quoted text except the 1 line between the 
dashes, and send it off. You should however check that your mail is 
going to "voting at qualcomm.com" and not to me before sending it off.

---------
I vote NO on this us.* hierarchy proposal.
---------

After voting you should recieve an ack by mail within a day or two.
If not then remail your vote.

  The voting closes on August 8, so vote early!

IMPORTANT CAVEAT:

  In their CFV the cabal plainly writes that they will *not* accept
the usual 'more than twice as many yes as no' criteria for group
creation, and if they get defeated they also plainly state that
they will rewrite their proposal and refile it immediately without
waiting 6 months as is the normal procedure.

  They claim they can do this since there arn't any formal rules 
for HIERARCHY creation, just NEWSGROUP creation. Well most people
assumed that in the absence of specified rules, the group rules
would have jurisdiction, since a hierarchy is just a bunch of
individual groups, but the cabal seems determined to steamroller
this through despite any opposition.
  Kinda makes me wonder if they'd even follow their own rules,
provided they ever write any that is.

  Therefore it is of the utmost importance that they are made
to realize that the opposition to their oligarchic proposal is
compact. Explain the gravity of the situation to all your on-line
friends and collegues, and get them to vote too.
 
  This is doubly important if they are sysadmins or similiar.
Get them to state that they will not carry a us.* hierarchy
that does not abide by normal newgroup creation procedures.

Thanks

-bertil-

ADDITIONAL INFORMATION:
   
  The full text (the little there is) is available on news.announce.newgroups
under the Subject "CFV: us.* hierarchy" and with 
Article ID <us_hierarchy-CFV1 at uunet.uu.net>

A SECOND OPINION:

  Quoted without permission under the fair use doctrine from a call to vote
NO posted on news.groups by John De Armond:

*	New rules are being proposed by a new defacto cabal that replaces
	the voting system that has worked well for the most part, with
	a system of "bosses" who control what gets created and what doesn't.
	And it replaces defined criteria for passage or failure with 
	the "judgement" of the bosses.  It replaces the will of the users
	with the will of a few men sitting on high.  This is the antithesis
	of the net spirit.

*	The proposed group creation criteria is most unsatisfactory.  The
	newly formed cabal proposes to replace the current vote with an 
	"interest poll" whereby if 100 people sorta indicate an interest
	in the group it is created regardless of the number of negative
	votes.  This is NOT the way to create new groups.

*	The makeup of the cabal has been decreed from the cabal and no 
	procedure for removing or replacing members is contemplated in
	this proposal.  The highly controversial nature of several of
	the proposed cabal members combined with no mechanism for removal
	almost guarantees a spoils system with no checks and balances 
	at all.  "Piss me off and your group fails" isn't the way to
	run the net.

*	This vote is being conducted in a very abnormal manner, without the
	usual CFD discussion period.  If changes are needed in the current
	group creation process, the proper way is to implement them 
	in accordance with the old procedures until those procedures
	are formally changed.  Change via fiat is again the antithesis
	of the net culture.

For all those reasons and more, I urge everyone to REJECT this proposal
and vote NO.  This is a BAD heirarchy and a BAD proposal and deserves to
die.

--
Legal Notice: Exporting 'personal data' to non-European countries without
special license issued by the Computer Inspection Agency ('Datainspektionen')
for each specific case (message) is a crime. Personal data include names,
even my name. If you read this message outside Europe, I'm a criminal.






From gtoal at an-teallach.com  Wed Jul 27 13:07:45 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 27 Jul 94 13:07:45 PDT
Subject: Cryptosplit note
Message-ID: <199407272006.VAA07358@an-teallach.com>


	   It uses rand() when it needs random numbers for the
	coefficients of the polynomial. I don't know what kind of
	security risk that poses, but it really should be using something
	better.

It definitely should.  It will be trivially crackable. (Well, trivally
after someone writes the program I mean, which is more tedious than
difficult).

(Next question to determine *how* tedious... what do you do to initialise
the random sequence? - oh, never mind, I should look at the code, except
it's probably not worth the effort now.  Just make sure people only
use it for fun and not serious data hiding.  Ask on sci.crypt if anyone
wants to take a crack at decrypting the exored data, given the source
code.)

	  Where can I get Blum-Blum-Shub source or documentation on the
	algorithm?

Can't help on that one, sorry.  They don't tell us nasty furriners.

g







From jgostin at eternal.pha.pa.us  Wed Jul 27 13:21:01 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 27 Jul 94 13:21:01 PDT
Subject: Anonymous Remailer list
Message-ID: <940727152924L3Jjgostin@eternal.pha.pa.us>


C'Punks,
     I'm looking for a list of Anon Remailers that hopefully have most/all
of the following features, or at least get me in the ballpark. Failing
that, perhaps just a list of remailers would be nice. Requested features:

     o    I would like to be able to send a PGP [2.3-present versions!]
          file with commands-etc to be decoded and processed by the Anon
          Remailer. This allows me to not have to send my password-etc in
          plaintext. I realize that this will have to wait until after my
          first email to the remailer, as it has to get my key.

     o    Allows embedded PGP files: One for the remailer, which contains
          both a second PGP message and commands for the remailer.

     o    Allows passwording of anon accounts (I know, they probably all
          do this....)

     o    Reports back errors in command syntax-etc, using a pgp encrypted
          file.

     o    Uses latency and/or reordering.

     o    Relatively quick (this might countermand latency -- I'm not sure
          which is more important to me)


     I'm just getting started with remailers, and am interested in secure,
anonymous communications.

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From cme at tis.com  Wed Jul 27 13:36:58 1994
From: cme at tis.com (Carl Ellison)
Date: Wed, 27 Jul 94 13:36:58 PDT
Subject: Government-Controlled Trust Hierarchies
In-Reply-To: <199407271844.LAA14181@netcom10.netcom.com>
Message-ID: <9407272036.AA20598@tis.com>


>From: tcmay at netcom.com (Timothy C. May)
>Subject: Government-Controlled Trust Hierarchies 
>Date: Wed, 27 Jul 1994 11:44:13 -0700 (PDT)

>(* A note of confusion. I don't see how the schemes described by Matt
>Blaze, Carl Ellison, and others here, in which groups of communicants
>agree on a mutual escrow agent can work. For example, suppose a bunch
                                    ^^^^
>of say, "OK, we'll play your silly game. We'll use your software,
>but our "escrow agents" will be "cypherpunks.nil" and
>"bitbucket.void," both of which consign all incoming keys to oblivion.
>Whutja gonna do now?" This makes the escrow agents a charade, unless
>of course there are laws regulating escrow agents!)

What means "work" ?

If by this you mean "work to provide surveillance agents with citizens'
keys" then of course it doesn't.  Should that surprise you (that I would
talk about a system which doesn't give the TLAs any access)?

If I have 3 escrow agents -- Alice, Bob and Carol -- and they're friends of
mine in different parts of the country, don't know each other, ..., then
when I forget a password for some encrypted file, I can take the ID# of
that file (in its LEAF-equivalent) and send a request to each of my friends
for key pieces for that ID #.  I've achieved backup of my own encryption
keys against failure of my memory.  If there's data my survivors should
have, I list the escrow agents for that data in my will.  If there's data
which should die with me, I don't escrow its key(s).

(I had used Curve Encrypt the other month and forgotten the password --
went a whole month before I remembered it.  This isn't academic to me.)

To me, this works.

But don't let me dampen the inspection of SKE.  Just having the machinery
in place (as someone pointed out a day or two ago) makes it easier for the
gov't to come along and demand to be the escrow agents::  "Why burden your
friends with that duty?  Why concern yourself with how to get to your keys.
We'll keep them for you.  We'll be on-line 24 hours a day, seven days a
week.  We'll be true *escrow* sites -- keeping keys which you can get to
yourself.  Of course, we'll also be law-abiding citizens (officers of the
court?) and respond to any court orders.  So should your friends, by the
way, if you use them as escrow agents...."

:-(

The only real answer is (to me):

1.	demand free export of public-domain crypto (anything published:
	RSA, DES, IDEA, FEAL, transposition, substitution, Hill, Vernam,
	etc., and any combination of those)

2.	write good code (aimed at the naive user, with good Windows or
	Mac GUI) including strong crypto without gov't access to keys
	and sell it, share it or give it away.

3.	make sure that the Congress acknowledges that private citizens
	have invented, distributed and used strong crypto (as strong as
	the military of the time) for 4000 years (cf., Kahn) and hasn't
	given keys to the gov't -- and shouldn't ever do so.

4.	drive home the point (also cf. Kahn) that criminals have invented
	and used strong crypto in the past (hiring their own cryptographers)
	so that this is not a new danger and therefore doesn't need new
	drastic action.

 - Carl





From rjc at access.digex.net  Wed Jul 27 13:45:15 1994
From: rjc at access.digex.net (Ray Cromwell)
Date: Wed, 27 Jul 94 13:45:15 PDT
Subject: GUT and NP
In-Reply-To: <Pine.3.89.9407271323.A17279-0100000@xmission>
Message-ID: <199407272044.AA27619@access3.digex.net>


Berzerk:
> > 2) all of this precision actually makes a difference
> true.
> 
> >    For instance, at the level of brain chemistry, who cares
> > about quantum precision when thermal noises will swamp it anyway?
> > (the Penrose argument even goes as far as assuming quantum gravity, a force
> > pitifully weak, as a signficant factor)
> What does that have to do with the above?

   The principle the arbitrary precision that comes from continuum
is swamped by just about everything else so building a machine
based on it is practically impossible?

> >   And regardless of whether quantum computers work or not, they are
> > still algorithmic if they can be simulated (however slowly) by
> > a turing machine. It's a rigorous mathematical definition.  Claiming
> Sure, I never said otherwise, just that it is conceivable that some 
> continum phenomina can't be described algorithmicly AT ALL.

  I wasn't talking specifically to you, I was talking to James 
Donald. It's conceivable that little green men also exist,
do you have a particular example in mind of your non-algorithmic
phenomena? 

> > otherwise uses algorithm in a manner different than was intended. 
> > It's like the way Ludwig Plutonium solves all those famous problems
> > in sci.math by assuming different definitions of primality, etc.
> > Quantum computers might be faster than classical computers, but
> > non-algorithmic, I don't think so.
> Hmmm, argument by plutonium?  Try again.

    Your turn. I already layed out the definition. I can quote it from
as many automata theory texts as you like. One can not simply change
the definition of algorithm just because one doesn't like it. If
you do, you're no better than dear old Ludwig.









From cactus at bb.com  Wed Jul 27 14:32:41 1994
From: cactus at bb.com (L. Todd Masco)
Date: Wed, 27 Jul 94 14:32:41 PDT
Subject: us.* heiarchy--scary
In-Reply-To: <9407271446.AA13029@vendela.ma.utexas.edu>
Message-ID: <199407272135.RAA02390@bb.com>


From: d9bertil at dtek.chalmers.se (Bertil Jonell):
>  They, and I'm talking of a cabal of seven persons calling themselves
>the "US Hierarchy Coordinating Committee" out of a net population of 
>twenty million, want to sneak through severe changes in the newgroup
>creation procedures that would put them in absolute command of the us.* 
>hierarchy.

Whoever wrote this is a moron who doesn't understand the newsgroup
 creation process.  (Do I?  I'm a UVV member.)

David Lawrence, one of the US Hierarchy Coordinating Committe, already
 has absolute control over newsgroup creation as the moderator of
 news.announce.newgroups.  He occasionally uses it to stop brain-damaged
 proposals from going through.

USEnet is not a democracy, and it never has been.  Followups to
 news-newusers-questions at uunet.uu.net, please.  This has no c'punk
 content, except the desire to head off a stupid thread.





From jgostin at eternal.pha.pa.us  Wed Jul 27 15:36:14 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 27 Jul 94 15:36:14 PDT
Subject: Please verify key for remailer@soda
Message-ID: <T765Pc2w165w@eternal.pha.pa.us>


     Hello fellow C'punks! As my last message said (for those who read
it), I'm just getting into anon remailers. I just picked up the docs and
PGP key for the remailer at soda. I would appreciate it if people would send
me fingerprints of the key. This is so that I know it hasn't been tampered
with, or at least can be reasonably sure. Thanx, in advance!

                                    --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From jamesd at netcom.com  Wed Jul 27 15:57:27 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 27 Jul 94 15:57:27 PDT
Subject: GUT and NP
In-Reply-To: <199407270329.AA19374@access3.digex.net>
Message-ID: <199407272257.PAA20579@netcom8.netcom.com>


Ray Cromwell writes
>   And regardless of whether quantum computers work or not, they are
> still algorithmic if they can be simulated (however slowly) by
> a turing machine. It's a rigorous mathematical definition.

This is flagrantly false.  A frog can be simulated, give infinite
time and infinite tape size, but a frog is not an algorithm.





From jamesd at netcom.com  Wed Jul 27 16:06:19 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 27 Jul 94 16:06:19 PDT
Subject: GUT and NP
In-Reply-To: <199407272257.PAA20579@netcom8.netcom.com>
Message-ID: <199407272306.QAA21542@netcom8.netcom.com>


Ray Cromwell writes
 >   And regardless of whether quantum computers work or not, they are
 > still algorithmic if they can be simulated (however slowly) by
 > a turing machine. It's a rigorous mathematical definition.

I think this is a misquote of the definition.

If a turing machine can *perform* it, then it is an algorithm.

Since a turing machine certainly cannot perform quantum
"algorithms", then by definition they are not algorithms.

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From jya at pipeline.com  Wed Jul 27 17:42:43 1994
From: jya at pipeline.com (John Young)
Date: Wed, 27 Jul 94 17:42:43 PDT
Subject: Government-Controlled Trust Hierarchies
Message-ID: <199407280042.UAA16888@pipe1.pipeline.com>


TC May wrote Wed, 27 Jul 1994 11:44:


<I suggest we look very closely for connections between TIS and
<Microsoft, Apple, Novell, Sun, and any other major OS 
providers.



Scott McNealy, Sun Microsystems, writes in today's Wall Street 
Journal on what he calls Microsoft's "monopoly" of operating 
systems.  He writes, in part:

Quote:

It's highly unlikely that the government will break up 
Microsoft. [. . .]  But there are several important steps that 
would help:

*  If the "system calls" for Windows, Windows NT, Chicago and 
other future operating systems were in the public domain, 
Microsoft programmers would have no unfair advantage over 
competitors in writing applications.

*  A multi-organizational group, including representatives of 
government, consumer groups, academia and business, could 
establish policy guidelines on publishing the specifications to 
interfaces, ensuring that they are free for all to use and 
changed with timely notice, and that the changes conform to 
established industry standards.

*  As the single largest purchaser of desktop computer systems, 
the government could then decree that it will never buy another 
computer system with principal interfaces that do not conform 
to these standards.  This would send an unmistakable message 
that open standards are the key to a free market.  This point 
is especially critical to guaranteeing that the information 
superhighway allows competition, innovation and choice.

End quote.





From merriman at metronet.com  Wed Jul 27 17:54:27 1994
From: merriman at metronet.com (David K. Merriman)
Date: Wed, 27 Jul 94 17:54:27 PDT
Subject: No Subject
Message-ID: <199407280056.AA22049@metronet.com>


It has been brought up on the Cypherpunks mailing list that Microsoft is 
proposing to include public-key escrow as a *built-in* "function" of future 
products - Chicago and Daytona have been specifically mentioned.

Is this, in fact, correct?  If so, what constraints or limitations are there 
on it?  Is it an optional capability, and if so, what means are there for 
disabling (or better still, completely removing) it?  What organization(s) 
does Microsoft propose to use as the escrow agent(s) if such public-key 
escrow is implemented?  What would be the system used (RIPEM, RSA, etc)?  If 
not an existing algorithm, would the algorithm(s) be made public?  What 
would be the key size of any such algorithm?

I would appreciate any and all information you could provide regarding this 
_very_ serious matter.

Please note that this message has also been sent to the Cypherpunks mailing 
list; I am quite sure that the subscribers there would be most interested in 
your answers (or failure to answer).  I will also take the liberty of 
forwarding an unedited copy of your response to this message to the 
Cypherpunks mailing list.

David K. Merriman
merriman at metronet.com
Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints.






From frissell at panix.com  Wed Jul 27 18:21:06 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 27 Jul 94 18:21:06 PDT
Subject: Government-Controlled Trust Hierarchies
Message-ID: <199407280119.AA06540@panix.com>


At 11:44 AM 7/27/94 -0700, Timothy C. May wrote:

>I suggest we look very closely for connections between TIS and
>Microsoft, Apple, Novell, Sun, and any other major OS providers. I
>believe TIS is preparing an SKE system that involves the "proof of
>identity" notary system Apple and RSADSI are now using, that involves
>mandatory selection of escrow agents (*), and that will be widely
>deployed in upcoming future operating systems, probably in Chicago in
>1995 and maybe in Apple's System 7.5 in '95 as well.
>

I've often wondered how "proof of identity" systems cope with the
multiplication of entities problem.

Who exactly *is* XYZ Corp, Trust, Estate, Partnership, Company, etc?

DCF

"Justice Department lawyer admits in open court that we are ruled by an
'anonymous horde, a leviathan' -- in litigation over the design of the
Health Security Act." 






From frissell at panix.com  Wed Jul 27 18:21:06 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 27 Jul 94 18:21:06 PDT
Subject: I will Kill SKE for You
Message-ID: <199407280119.AA06562@panix.com>


How to kill SKE?

Open offer.  For $100 I will apply for an escrowed key and get it delivered
to you (without actually posessing the key material).  I will also apply for
a key as the representative of your corp, trust, partnership, etc.  

For an additional fee I will legally change my name to yours, get a key in
that name and then change my name back.

All transactions can be completed in cash.

DCF

"No racist - I support the permanent elimination of federal income taxation
for African Americans to compensate them for the suffering of slavery."






From perry at imsi.com  Wed Jul 27 18:53:37 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 27 Jul 94 18:53:37 PDT
Subject: Continum of numbers and Turing Machines
In-Reply-To: <199407271759.KAA04594@meefun.autodesk.com>
Message-ID: <9407280152.AA02227@snark.imsi.com>



Andrew Purshottam says:
> Marvin Minsky's old automata theory text
> (something like "Finite and Infinite Machines") 
> has an intro to the computable reals (or constructable reals? 
> can't remember) which the interested might like to read.

I'll point out that the countability of the reals (or, rather,
uncountability) is a simple concept -- I've explained it in five
minutes to a twelve year old, so I see no reason why it can't be
quickly explained here. (I haven't paid much attention -- perhaps
someone else has done this already but I haven't noticed it.)

An infinite set is said to be countable if it can be mapped one to one
to the integers. (Actually, to the cardinals, or positive integers, in
most definitions, but it doesn't matter as I'll show in a moment). As
an example, I can map the even positive numbers to the positive
numbers very easily -- use the "divide by two" operator, and I can
map every even positive number to a positive integer, and vice versa.
All integers may be mapped to the positive integers in an equally
simple manner -- start by numbering 0 as 1, 1 as 2, -1 as 3, 2 as 4,
-2 as 5, 3 as 6, and in general all positive n go to 2n and all
negative n go to -2n+1.

It would seem that the rational numbers couldn't be counted, but in
fact they can -- you just have to be clever. Build a table like so
(I've only partially filled it in :-) and think of the row index as the
numerator and the column index as the denominator -- you will swiftly
see that you can number every fraction. (Actually, you overnumber them
in the sense that some numbers get more than one index this way --
fixing this is left as an exercise to the reader...)


       1   2   3   4   5   6   7   8 ....
1      1   3   6  10  15  21  28  36  
2      2   5   9  14  20  27  35
3      4   8  13  19  26  34
4      7  12  18  25  33
5     11  17  24  32
6     16  23  31
7     22  30
8     29
...

Now, you might think some clever trick could be used to map the reals
into the integers. Unfortunately, you cannot do it. I can prove that
quite easily, by contradiction.

For simplicity, lets just try to map the reals between zero and one to
the integers, and lets consider them expressed as binary numbers.

Imagine that I had built a mapping between this subset of the reals
and the positive integers. Any such mapping implies a list, that is,
that I could build a table like

1   .1010101101010010010010010101001.....
2   .0100001010100010100101001001010010...
3.  .11000101001010110100010100010101001....

etc.

I can now construct a number that is not in the table. Take the first
binary digit from the first number in the table, and complement it. That
is the first digit in my constructed number. Take the second digit
from the second number and complement it -- that is the second digit
of the constructed number. Add in the complement of the third digit of
the third, the fourth digit of the fourth, etc. The number I have just
constructed can't be the first number in the imaginary table because
the first digit didn't match. It can't be the second because the
second didn't match. It can't be the third because the third doesn't
match. Indeed, it can't be any of them. Thus, you can't map the reals
to the integers.

The reals are thus in some sense a "bigger" infinite set than the
integers. 


Perry





From perry at imsi.com  Wed Jul 27 19:02:07 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 27 Jul 94 19:02:07 PDT
Subject: Government-Controlled Trust Hierarchies
In-Reply-To: <199407271844.LAA14181@netcom10.netcom.com>
Message-ID: <9407280200.AA02238@snark.imsi.com>



Timothy C. May says:
> The Microsoft thing may be going down a similar track. The Microsoft
> paralegal who confirmed to me yesterday (via Blanc Weber, who can
> attest to what I'm saying) that MS is indeed pursuing SKE claimed
> that this is primarily to meet export laws and will not apply, he
> claims, to U.S. users.

By the way, just so everyone knows, I understand (based on a
conversation with Steve Kent, who should be a reliable source for
this) that Microsoft is one of the suppliers to the upcoming DMS, or
defense messaging system. The DMS will be using Tessera -- it means
that Microsoft and several other firms are going to be the largest
purveyors of escrowed software in the world.

Perry





From perry at imsi.com  Wed Jul 27 19:09:12 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 27 Jul 94 19:09:12 PDT
Subject: GUT and NP
In-Reply-To: <199407272306.QAA21542@netcom8.netcom.com>
Message-ID: <9407280208.AA02261@snark.imsi.com>



James A. Donald says:
> If a turing machine can *perform* it, then it is an algorithm.
> 
> Since a turing machine certainly cannot perform quantum
> "algorithms", then by definition they are not algorithms.

If a turing machine can *perform* it, then it is an algorithm.

Since a turing machine certainly cannot perform Sun Workstation
"algorithms", then by definition they are not algorithms.

Perry





From blancw at microsoft.com  Wed Jul 27 20:06:49 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 27 Jul 94 20:06:49 PDT
Subject: 
Message-ID: <9407280306.AA18192@netmail2.microsoft.com>


From: David K. Merriman

It has been brought up on the Cypherpunks mailing list that Microsoft is
proposing to include public-key escrow as a *built-in* "function" of future
products - Chicago and Daytona have been specifically mentioned.
...................................................................... 
..........

No, this is not correct.  It was speculation from Tim May on possible 
developments, based on his interpretation of recent events and on email 
which I sent to him.  This email was referring to the fact that his 
concerns notwithstanding,  it is not an easy thing to implement a 
privately-held key escrow system into a desktop operating system, that 
Microsoft is not talking about implementing a 'software Clipper', and 
is presently only *examining* the international ramifications of 
software key-escrow and non-escrowed strong encryption security.

Please give it this question the benefit of the doubt and postpone your 
conclusions about this until I can get an official statement, thanks.

Blanc







From kap1 at wimpy.cpe.uchicago.edu  Wed Jul 27 20:24:19 1994
From: kap1 at wimpy.cpe.uchicago.edu (Dietrich J. Kappe)
Date: Wed, 27 Jul 94 20:24:19 PDT
Subject: Continum of numbers and Turing Machines
In-Reply-To: <9407280152.AA02227@snark.imsi.com>
Message-ID: <9407280323.AA23088@tao>


Pretty Good Privacy 2.6ui - Public-key encryption for the masses.
(c) 1990-1993 Philip Zimmermann, Phil's Pretty Good Software. 27 May 94
Date: 1994/07/28 03:23 GMT

You need a pass phrase to unlock your RSA secret key. 
Key for user ID "Dietrich J. Kappe <kap1 at tao.cpe.uchicago.edu>"

Enter pass phrase: 





From kap1 at wimpy.cpe.uchicago.edu  Wed Jul 27 20:25:50 1994
From: kap1 at wimpy.cpe.uchicago.edu (Dietrich J. Kappe)
Date: Wed, 27 Jul 94 20:25:50 PDT
Subject: Continum of numbers and Turing Machines
In-Reply-To: <9407280152.AA02227@snark.imsi.com>
Message-ID: <9407280325.AA23095@tao>


-----BEGIN PGP SIGNED MESSAGE-----

Perry E. Metzger writes:

[Countability proofs deleted...]

   For simplicity, lets just try to map the reals between zero and one to
   the integers, and lets consider them expressed as binary numbers.

   Imagine that I had built a mapping between this subset of the reals
   and the positive integers. Any such mapping implies a list, that is,
   that I could build a table like

   1   .1010101101010010010010010101001.....
   2   .0100001010100010100101001001010010...
   3.  .11000101001010110100010100010101001....

   etc.

   I can now construct a number that is not in the table. Take the first
   binary digit from the first number in the table, and complement it. That
   is the first digit in my constructed number. Take the second digit
   from the second number and complement it -- that is the second digit
   of the constructed number. Add in the complement of the third digit of
   the third, the fourth digit of the fourth, etc. The number I have just
   constructed can't be the first number in the imaginary table because
   the first digit didn't match. It can't be the second because the
   second didn't match. It can't be the third because the third doesn't
   match. Indeed, it can't be any of them. Thus, you can't map the reals
   to the integers.

   The reals are thus in some sense a "bigger" infinite set than the
   integers. 

Small but important correction: the number that you contructed may in
fact be a binary equivalent to one already in the list.

Example:
	.0111111...
	.1000000...

Claim: For a given real x, there exist at most a finite number of
equivalent binary representations. (In fact, just 2.)

Proof: Left as an excercise.

I think everyone can see how to splice this little lemma into the
proof. Of course, the proof isn't nearly as clean as before, so it may
take more than 5 minutes for a 12 year old (or 12 minutes for a 5 year
old :-).

Dietrich Kappe
kap1 at wimpy.cpe.uchicago.edu
- - -finger for PGP public key-

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjck/zdLyfjamMpJAQHt8AP+LmFAQK2KpjcxrEq8jhW2eUM/qNqVVHsu
j53E0TTwfWGB1ih7KttCY/0GrwpeW1DGGdhp6iLTjCwqW/bE52voY/PdmlqTc/PB
yjwhC9Tw/Mb+gKUleh45JW5f8szhAxv6tGYCLLitdJ3TQHNkJM520RhuJGskPJxB
DUkqzPcL4Yk=
=a2fn
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Wed Jul 27 22:04:45 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 27 Jul 94 22:04:45 PDT
Subject: Questions about Microsoft and Software Key Escrow
In-Reply-To: <9407280306.AA18192@netmail2.microsoft.com>
Message-ID: <199407280504.WAA03278@netcom14.netcom.com>


I've been in e-mail contact today and tonight with the MS paralegal I
mentioned: I urged him to make his comments to the list. It remains
clear to me, not denied by him, that MS is indeed in some process of
evaluating SKE, studying legal and export issues, etc. 

His own comments, including our exchange today, shows him to have
thought about these issues. (This doesn't make his conclusions, or
Microsoft's, "right," but it sure does mean the idea wasn't a new one
out of left field to them...thus confirming my point that it looks
like MS has work going on.)

Howver, all of these various points need to be verified, as I think I
was pretty careful (some would say overly careful) to say in my posts.

Blanc Weber answered David Merriman's questions, and I will provide
my own gloss on her comments:

> From: David K. Merriman
> 
> It has been brought up on the Cypherpunks mailing list that Microsoft is
> proposing to include public-key escrow as a *built-in* "function" of future
> products - Chicago and Daytona have been specifically mentioned.
> ...................................................................... 
> ..........
> 
> No, this is not correct.  It was speculation from Tim May on possible 
> developments, based on his interpretation of recent events and on email 
> which I sent to him.  This email was referring to the fact that his 
> concerns notwithstanding,  it is not an easy thing to implement a 
> privately-held key escrow system into a desktop operating system, that 
> Microsoft is not talking about implementing a 'software Clipper', and 
> is presently only *examining* the international ramifications of 
> software key-escrow and non-escrowed strong encryption security.

I certainly agree that there is no evidence MS is ready to deploy
code. But they appear to be evaluating plans, and possibly have been
talking to NIST/NSA and the export people. I really hope the MS can
comment on what they've been discussing.

(As to the issue of a "software Clipper," SKE could actually be much
worse than Clipper ever was likely to be. I knew of nobody planning to
buy Clipjacked phones, but I know a _lot_ of OS customers. The MS
person told me MS was planning to ensure a "voluntary" standard....you
all know the arguments about deploying a widespread infrastructure
that with the stroke of a pen could stop being voluntary. Talk about
"legitimate needs of law enforcement" (not the MS guy's line, that I
recall...call this paraphrasing) is pretty inconsistent with a
voluntary key escrow system!
> 
> Please give it this question the benefit of the doubt and postpone your 
> conclusions about this until I can get an official statement, thanks.
> 
> Blanc

My forte here on the list, I like to think, has always been to have
"extremely long-range radar" that can pick up trends far in advance.
Black Unicorn once told he this was my main strength, and even
everybody's second-favorite nemesis, David Sternlight said much the
same thing in sci.crypt. Coming from Sternlight, high praise indeed.

Well, this thing has my whiskers twitching.

I sense evidence that a whole sub-rosa series of negotiations has been
going on, that the SKE developed by TIS with inputs from NIST/NSA is
being pushed on the OS vendors. The talk about "exportability" is a
smokescreen....why should the U.S. insist on voluntary key escrow for
products shipped to repressive regimes? Since when is it the U.S.'s
job to enforce the crypto laws of other nations? Unless, of course, a
series of negotiations has been going on.

Something's rotten in the state of Denmark. And it ain't the herring.

By all means, give Microsoft the benefit of the doubt. But also
insist that they explain their work on SKE, and repudiate it.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From blancw at microsoft.com  Wed Jul 27 22:47:05 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 27 Jul 94 22:47:05 PDT
Subject: Questions about Microsoft and Software Key Escrow
Message-ID: <9407280547.AA19824@netmail2.microsoft.com>


From: Timothy C. May

My forte here on the list, I like to think, has always been to have
"extremely long-range radar" that can pick up trends far in advance.
Black Unicorn once told he this was my main strength, and even
everybody's second-favorite nemesis, David Sternlight said much the
same thing in sci.crypt. Coming from Sternlight, high praise indeed.
<misc. elided>
By all means, give Microsoft the benefit of the doubt. But also
insist that they explain their work on SKE, and repudiate it.
.........................................................

I respect your ability to think clearly and with great foresight also, 
Tim, but I really cannot think that Microsoft would "sell out" on this 
issue.  There are too many in the company who would are for privacy for 
the individual, and remember they have their customers to think about.  
If SKE would constitute a problem for the individual end-user, then I 
can't see how the company could implement it and expect to remain a 
leader in the business, with all the negative publicity it would 
generate (conceivably most of it from cypherpunks!).   These are my 
thoughts based on what I know about attitudes around here that I am 
familiar with & certain of.

As I said in another post, Microsoft is an expert at arriving at a 
"win-win" situation, but I don't believe this includes sacrificing some 
of our most cherished values, like personal privacy, in exchange for a 
little security.  If I thought this was not true, *I* would not work here.

I may sound naive; hope time does not prove me wrong.

Blanc





From will at thinkmedia.com  Wed Jul 27 23:54:25 1994
From: will at thinkmedia.com (thinkmedia.com)
Date: Wed, 27 Jul 94 23:54:25 PDT
Subject: Patently Absurd?
Message-ID: <199407280653.XAA17149@scruz.net>


I realize this may seem absurd, but for the sake of humor could there be
any relationship between the Dept. of Justice near pardon of Microsoft on
charges of Anti-trust and the potential adoption of a software encryption
standard in Chicago with the blessing of NIST and some goverment agencies.

Would it be ridiculous conspirancy theorizing to think that MS and Justice
made a deal?

I have nothing to back this up, just reading the news and cypherpunks.

______________________________________________________________________________
Opinion is a flitting thing,                           Thinking Media Research
But Truth, outlasts the Sun--                          will at thinkmedia.com
If then we cannot own them both--                      (408) 423 3720
Possess the oldest one--

                  Emily Dickinson







From gtoal at an-teallach.com  Thu Jul 28 04:02:22 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 28 Jul 94 04:02:22 PDT
Subject: Questions about Microsoft and Software Key Escrow
Message-ID: <199407281101.MAA00332@an-teallach.com>


: I respect your ability to think clearly and with great foresight also, 
: Tim, but I really cannot think that Microsoft would "sell out" on this 
: issue.  There are too many in the company who would are for privacy for 
: the individual, and remember they have their customers to think about.  

I think you're all forgetting something.  Satellites.

G





From nobody at kaiwan.com  Thu Jul 28 04:08:03 1994
From: nobody at kaiwan.com (Anonymous)
Date: Thu, 28 Jul 94 04:08:03 PDT
Subject: I will Kill SKE for You
Message-ID: <199407281107.EAA17164@kaiwan.kaiwan.com>


frissell at panix.com (Unverified) wrote:

> "No racist - I support the permanent elimination of federal 
> income taxation for African Americans to compensate them for the 
> suffering of slavery."

And if you find any ex-slaves alive in America, I'll support you 
on that.  OTOH, at 130 years of age, I doubt that any of them are 
paying much in the way of taxes.

But, maybe you're on to something here.  Let's expand that to ANY 
AMERICAN whose ancestors suffered in any way.  That would do away 
with the Federal Income Tax entirely.  I LIKE THAT!!!





From nobody at soda.Berkeley.EDU  Thu Jul 28 05:39:37 1994
From: nobody at soda.Berkeley.EDU (Tommy the Tourist (Anon User))
Date: Thu, 28 Jul 94 05:39:37 PDT
Subject: What can one do for remail operators?
Message-ID: <199407281239.FAA29184@soda.Berkeley.EDU>



I am interested in doing something to support the remailer operators
that put their necks on the line for us cypherpunks.

I have noticed people like Detweiler (dunno who he is) who are basically
awed by the fact that a remailer crashes when you send your VM swap
file through it, or people using it to do "nanny-nanny-boo-boo, you
can't catch me, so pween off" messages, et al.

I would like to something in support of these people who are noble
enough to keep things running even when EVERYONE it seems is out
to get them.

If I knew any around here, they would get a free beer, and if
the operator of Soda's remailer or Julf was in my area, they 
would get the whole keg ;).


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%A_^P;+]AB?X=];G11ZU97K(ZZQ%(8AU>834+"Y)5E3KUBX2/<MQ>'(
MBT+==!$N]6_?T:4C:5,Q,BAM)?]<+`\GIHV&$_?,,`(NIK"[)^,Y)\9:_QL[
#\H'B
====Encrypted-Sender-End====





From frissell at panix.com  Thu Jul 28 06:03:13 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 28 Jul 94 06:03:13 PDT
Subject: Voice/Fax Checks
Message-ID: <199407281302.AA03998@panix.com>


At 04:43 AM 7/25/94 -0500, Jim Hart wrote:

>Isn't this kind of like writing them a blank check?  If I tell
>them to make the check out for $20 and they make it out for
>$100, how do I repudiate that?  Not only that, how do I prevent
>them from writing and cashing more checks by increasing the
>sequence number?

Nothing.  Just like I can obtain your check info (by getting you to write me
a check) and forging a physical check using DTP technology (Forbes cover
story of several years ago).  You can disavow the check though and demand a
credit from your bank.  

If you don't complain, the transfer stands.  If you do, you get your money
back. 

I don't think they ever passed the Uniform Commercial Code proposal that
would have made checks just like electronic payments where you are liable
for $50 if you don't make a timely report of the problem.  Traditionally,
you *never* had to challange a check and you could get all of your money
back if the bank paid a check on a "forged drawer's signature."

DCF







From frissell at panix.com  Thu Jul 28 06:03:16 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 28 Jul 94 06:03:16 PDT
Subject: LITTLE BROTHER INSIDE
Message-ID: <199407281302.AA04041@panix.com>


At 11:47 AM 7/27/94 +0000, wb8foz at nrk.com wrote:
>contempt to release her. More recently, Supreme Court ruling defining
>limits of civil contempt (UMW vs. JOHN L. BAGWELL) may have an effect on
>this.)

I know a guy in SF who won the Irish Sweepstakes and refused to repatriate
his winnings.  Did 2 years for tax evasion and two years for contempt (I
think).  Contempt was for his refusal to repatriate.  Do you know what sort
of restrictions the Supremes put on contempt jailings?

I always figured that you should shower the judge and other judges in these
cases with letters stating in great detail why you will never purge yourself
of your contempt.  Serves as evidence that holding you is useless and hence
illegal punishment not a "legal" attempt to coerce you.

DCF

"But your honor, I'm desperately trying to *conceal* my contempt for this
court!"






From nzook at math.utexas.edu  Thu Jul 28 06:47:40 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Thu, 28 Jul 94 06:47:40 PDT
Subject: No Subject
Message-ID: <9407281344.AA15574@vendela.ma.utexas.edu>


nomath          5       19%
discrete        7       27%
algebra1        4       15%
algebra2        3       12%
grad            3       12%
orals           1        4%
orala           2        8%
research        1        4%
total          26





From nzook at math.utexas.edu  Thu Jul 28 07:07:12 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Thu, 28 Jul 94 07:07:12 PDT
Subject: Just say NYET to censors
Message-ID: <9407281404.AA23736@pelican.ma.utexas.edu>


Copyright 1994, Nathan Zook.  All rights reserved.  Intelectual copyrights
pending.

NYET-- Non-Youths Exhibit Temperance.

Before I start, it may be informative to consider that I consider myself to
be a hard-line member of the Christian Conservative movement, and a hard-
line advocate of electronic privacy.  I am a PhD candidate in mathematics
at the University of Texas of Austin, and I got the Electronic Privacy
language added to the 1994 Republican Party of Texas platform.  I am a
member of Trinty Evangelical Free Church, and am twenty-seven years old.


As the Internet community continues to grow, the differences of conviction
that exists generally in the world find their way into the community.  Some
demand that newcomers to the net adapt to the mores of this society.  Some
demand that the net, as a newcomer to the world, adapt to the outside.  As
recent events have demonstrated, the less reasonable, on both sides, may be
endangering the integrity and availablity of the net.  Calls for net
censorship, it may be expected, will continue to grow unless the net can
find some way to police itself.  Yet "police itself" is a term that sends
the net into fits.  My solution, NYET, is for the appropriate users to
directly censor the data that they might legitmately lay claim to
censoring--data that flows to minors over which they have legal authority
and responsibility.



Specifically, this is a plan to create two sorts of accounts to the net--
adult and minor.  Adult accounts may only be obtained by persons of age
eighteen.  Minor accounts may only be obtained as adjuncts to adult
accounts, refered to as supervisor accounts.  Adult accounts would have
full access to anything on the net.  News readers, telnet, ftp and like
software being operated from a minor account would check a file in the
adult account to allow access.  Newsreaders, in particular, would censor
any posts crossed from a non-allowed account.  The control files in the
supervisory accounts would default to allow-only mode, but could be
selected to deny-only.

The legal framework that I see important in aiding such a system is as
follows:

State Level:
1)  Declare to hold harmless those BBS operators for charges of Contributing
to the Delinquacy of a Minor that obtain and verify the age of account
holders, and maintain a NYET system of access for minors.  Certain
acceptable verification methods specified, with authority to add methods
delegated to a regulatory agency.  Emphasis to be on ease and speed of
verification.  Special consideration for in-house systems.

2)  Make it illegal to misrepresent age and name data to a BBS.  Require
BBS operators to maintain a record of age and name of account holders for
thirty days after opening of account for hold harmless agreement, and
allowing deletion of said data afterwards.

3)  Declare aiding in tampering with NYET system to be "Contributing to the
Delequency of a Minor".

Federal Level:
Pass paralell laws for BBSs operating with local numbers from two or
more states, or for BBSs operating with 800 numbers.



I believe that such a system would protect the full free expression 
currently enjoyed by the net, while reaffirming parental responsibility in 
the upbringing of their children.  The burden of controlling access
devolves all the way to the parents, making charges against BBS operators
patently frivolous.  Porno charges would then be MUCH more difficult to
press, since a jury could be told that specific steps were being taken to
prevent access to minors.  If parents complained that they didn't want to
go to the trouble of spelling out what their children could access, the
response is clear:  "Oh, so it's not worth the effort to you?"



Despite slurs in this group to the contrary, I believe that the proposed 
us.* heirarchy may well be the first in a series of attempts to censor 
the net.  Remember, we already have had a censor for TV, movies, and radio.
It is not really a question of _if_ but _who_ and at _what level_ will this
censoring take place.

Nathan

(Adjusting flame gear)





From KentBorg at aol.com  Thu Jul 28 07:13:01 1994
From: KentBorg at aol.com (KentBorg at aol.com)
Date: Thu, 28 Jul 94 07:13:01 PDT
Subject: DES Vulnerable, Why?
Message-ID: <9407281012.tn288310@aol.com>


It seems the TLAs (in a weak moment) let slip that DES was getting old and
creaky and vulnerable.  The story is that that is what sent the TLAs off on
their search for a new encryption standard.  (Unfortunately, they got their
mission reversed and decided the need was to *read* plaintext not encrypt
it.)

My question: if triple-DES is so damn tough to break, what is wrong with DES?
 Triple-DES is a trivial variation on DES.

Is it likely that DES's frailities are not the ones we compute with all those
big numbers?

Given the public portions of DES's history, what DES weaknesses make sense?


-kb, the Kent who is 300+ emails behind due to a biz trip and a damp
notebook.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com
kentborg at aol.com
          Proud to claim 39:30 hours of TV viewing so far in 1994!







From berzerk at xmission.xmission.com  Thu Jul 28 07:44:47 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Thu, 28 Jul 94 07:44:47 PDT
Subject: GUT and NP
In-Reply-To: <9407280208.AA02261@snark.imsi.com>
Message-ID: <Pine.3.89.9407280845.A1357-0100000@xmission>




On Wed, 27 Jul 1994, Perry E. Metzger wrote:
> Since a turing machine certainly cannot perform Sun Workstation
> "algorithms", then by definition they are not algorithms.
Sorry, a turing machine can.






From Jacob.Levy at Eng.Sun.COM  Thu Jul 28 07:51:03 1994
From: Jacob.Levy at Eng.Sun.COM (Jacob Levy)
Date: Thu, 28 Jul 94 07:51:03 PDT
Subject: Questions about Microsoft and Software Key Escrow
In-Reply-To: <9407280547.AA19824@netmail2.microsoft.com>
Message-ID: <9407281453.AA19327@burgess.Eng.Sun.COM>



Blanc

I respect your feelings on the matter and your ability to think clearly and
with great foresight also :-), but for this list it would probably be much
more useful if we got some _OFFICIAL_ answer from Microsoft instead of your
"I believe, I cannot think, can't see", etc. etc. You're obviously a
concerned individual but you equally obviously don't claim to speak for
Microsoft.

--JYL

Blanc Weber writes:
 > From: Timothy C. May
 > 
 > My forte here on the list, I like to think, has always been to have
 > "extremely long-range radar" that can pick up trends far in advance.
 > Black Unicorn once told he this was my main strength, and even
 > everybody's second-favorite nemesis, David Sternlight said much the
 > same thing in sci.crypt. Coming from Sternlight, high praise indeed.
 > <misc. elided>
 > By all means, give Microsoft the benefit of the doubt. But also
 > insist that they explain their work on SKE, and repudiate it.
 > .........................................................
 > 
 > I respect your ability to think clearly and with great foresight also, 
 > Tim, but I really cannot think that Microsoft would "sell out" on this 
 > issue.  There are too many in the company who would are for privacy for 
 > the individual, and remember they have their customers to think about.  
 > If SKE would constitute a problem for the individual end-user, then I 
 > can't see how the company could implement it and expect to remain a 
 > leader in the business, with all the negative publicity it would 
 > generate (conceivably most of it from cypherpunks!).   These are my 
 > thoughts based on what I know about attitudes around here that I am 
 > familiar with & certain of.
 > 
 > As I said in another post, Microsoft is an expert at arriving at a 
 > "win-win" situation, but I don't believe this includes sacrificing some 
 > of our most cherished values, like personal privacy, in exchange for a 
 > little security.  If I thought this was not true, *I* would not work here.
 > 
 > I may sound naive; hope time does not prove me wrong.
 > 
 > Blanc




From nzook at math.utexas.edu  Thu Jul 28 07:55:23 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Thu, 28 Jul 94 07:55:23 PDT
Subject: (fwd) Possible compromise of anon.penet.fi
Message-ID: <9407281453.AA23808@pelican.ma.utexas.edu>


Path: math.utexas.edu!news.dell.com!tadpole.com!uunet!spool.mu.edu!howland.reston.ans.net!gatech!news-feed-1.peachnet.edu!news.duke.edu!eff!news.kei.com!hermes.oc.com!convex!cnn.eng.convex.com!barnett
From: barnett at convex.com (Paul Barnett)
Newsgroups: alt.privacy
Subject: Possible compromise of anon.penet.fi
Date: 27 Jul 94 22:09:28 GMT
Organization: CONVEX News Network, Engineering (cnn.eng), Richardson, Tx USA
Lines: 29
Message-ID: <barnett.775346968 at cnn.eng.convex.com>
NNTP-Posting-Host: zeppelin.convex.com

Someone has been collecting email addresses, apparently from postings
to Usenet, and forging them to anonymous postings through
anon.penet.fi to alt.test.

The text of the posting states the REAL email address of the poster,
under a posting attributed to the anonymous ID assigned to that
poster.

I received a notification that an anonymous ID has allocated for me,
followed by a confirmation of a posting to alt.test.  Looking in
alt.test, you will see as many as 500 similar postings.  Most of the
anonymous IDs are numbered sequentially.

However, there are some lower numbered anonymous IDs, presumably in
previous use by the addressee named in the text of the message.  These
anonymous addresses are now compromised.

I am posting to this newsgroup because there appears to be some
correlation between the contributers to this newsgroup and the
addresses that were forged to the messages.  It may be coincidental,
but I thought this was a fair place to post a warning anyway.

My condolences to those people that have been caught in this net.
This is one of the most despicable forms of net.terrorism that I have
encountered.

-- 
Paul Barnett        Convex Computer Corp.
MPP OS Development  Richardson, TX





From m5 at vail.tivoli.com  Thu Jul 28 08:04:24 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 28 Jul 94 08:04:24 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281404.AA23736@pelican.ma.utexas.edu>
Message-ID: <9407281503.AA24140@vail.tivoli.com>



Gee, what about POTS?  Oh well, I guess we'd better make sure that you
can't dial the phone without first entering your personal ID code;
otherwise, Junior might be able to dial up 1-900-BMY-SLUT.

And cable TV?  Nope, can't switch on that cable box without first
keying in your ID.

Hmm... NYET to censorship?  Ok:  No thanks, NYET (or maybe, niet,
spasebo, NYET).




[ You're not serious, right? ]

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From pdn at msmail.dr.att.com  Thu Jul 28 08:05:34 1994
From: pdn at msmail.dr.att.com (Philippe Nave)
Date: Thu, 28 Jul 94 08:05:34 PDT
Subject: What can one do for remail operators?
Message-ID: <2E37C904@mspost.dr.att.com>



> I am interested in doing something to support the remailer operators
> that put their necks on the line for us cypherpunks.
>
> I have noticed people like Detweiler (dunno who he is) who are basically
> awed by the fact that a remailer crashes when you send your VM swap
> file through it, or people using it to do "nanny-nanny-boo-boo, you
> can't catch me, so pween off" messages, et al.
>
> I would like to something in support of these people who are noble
> enough to keep things running even when EVERYONE it seems is out
> to get them.
>
> If I knew any around here, they would get a free beer, and if
> the operator of Soda's remailer or Julf was in my area, they
> would get the whole keg ;).
>

I think the single most important thing we could do for remailer operators
would be to figure out how to make the remailers *truly* *anonymous*. That
is, we need a net.hack of some sort that allows remailers to send their
messages in a way that leaves no trace whatsoever of the original poster
*and* leaves no trace of the remailer itself.

Net.veterans will perhaps recall a thread I started a while back along
these lines... this is a technical problem, and I have the utmost
confidence that the skills to solve this problem are around here somewhere.
If I may make a humble suggestion, I would suggest that this problem is
more immediate and pressing than many of the issues currently being
debated.

  Philippe





From hfinney at shell.portal.com  Thu Jul 28 08:27:31 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 28 Jul 94 08:27:31 PDT
Subject: Just say NYET to censors
Message-ID: <199407281527.IAA22149@jobe.shell.portal.com>


nzook at math.utexas.edu writes:

>Specifically, this is a plan to create two sorts of accounts to the net--
>adult and minor.  Adult accounts may only be obtained by persons of age
>eighteen.  Minor accounts may only be obtained as adjuncts to adult
>accounts, refered to as supervisor accounts.  Adult accounts would have
>full access to anything on the net.  News readers, telnet, ftp and like
>software being operated from a minor account would check a file in the
>adult account to allow access.  Newsreaders, in particular, would censor
>any posts crossed from a non-allowed account.  The control files in the
>supervisory accounts would default to allow-only mode, but could be
>selected to deny-only.

As a parent, I can sympathize with the desire to shield our children from
some of the raunchier material on the net.  Many parts of the net are more
"Animal House" than "Public Library", and you don't necessarily want a
nine-year-old girl learning about sex from a.s.b.

I think there are real problems with Nathan's proposal, though.  Questionable
material on the net is not tagged with an R rating.  Newsgroup categories
could be rated by the parent, but there is nothing to stop cross-posting.
Trying to put ratings on each email message, news posting, web site,
MUD (although some MUDs do have adult areas), IRC channel, etc., is just
not practical.  No censor has that much free time.

Another problem is that even the "safe havens" where minors congregate
may not stay as pure as we would like.  Believe it or not, teenagers of
below the age of 18 are actually interested in sex.  In fact, many, perhaps
even a majority, are not virgins.  It's going to be necessary to censor
the kids' posts more than any others if you want to keep them from talking
about what they want to talk about.

For a good example of these problems, see that paragon of censorship,
Prodigy.  My kids use Prodigy a lot.  They are pre-teens and I don't
worry too much about what they will see on this family-oriented service.
Still, the "Teen" BBS on Prodigy gets a little steamy sometimes, even though
each and every message is reviewed by a Prodigy censor before it can be
posted (at least, that is how it worked at one time.  They may have auto-
mated filters now.).  The "fashion" topic, for example, often degenerates
into discussions of how the girls look in their hot lingerie.  Basically,
the kids are constantly pushing the limits.  Since every parent has their
own ideas of where these limits should be, Prodigy ends up with sort of a
"least common denominator".

I'd like to turn my kids loose on the Internet, let them surf the Web and
the other resources available.  They are very computer-aware and I know
they would get a lot out of it.  But the way the net is now I don't think it
would be responsible parenting to just let them loose, at least not for a
few years.  So, as I said, I sympathize with Nathan's problem, but I don't
think a good solution is at hand.  For now I think private, family-oriented
networks are a better place for young kids.

Hal Finney






From blancw at microsoft.com  Thu Jul 28 08:43:25 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Thu, 28 Jul 94 08:43:25 PDT
Subject: Questions about Microsoft and Software Key Escrow
Message-ID: <9407281543.AA28814@netmail2.microsoft.com>


From: Jacob Levy

I respect your feelings on the matter and your ability to think clearly and
with great foresight also :-), but for this list it would probably be much
more useful if we got some _OFFICIAL_ answer from Microsoft instead of your
"I believe, I cannot think, can't see", etc. etc. You're obviously a
concerned individual but you equally obviously don't claim to speak for
Microsoft.
................................................

Thanks, Jacob.   I don't speak for Microsoft, but I can speak based on 
impressions I have accumulated from internal correspondence between 
employees and misc. company communications to employees.  The company 
would suffer turmoil from within, if it were the case that privacy had 
been compromised.  Programmers are just like you & me, right?

Anyway, I personally can't see the very existence of a system of key 
escrow is an evil which should be apprehended and stopped.   In concert 
with the idea of liberty & freedom to develop ideas and export crypto, 
I think the best offense is a good defense.   I would oppose the idea 
that anyone should be stopped from developing creative ideas on the 
principle that it would be contrary to the existence of intelligence on 
the planet.  I would oppose it if the government promoted it, and I 
would oppose it if any one else did, also.

Blanc





From cactus at bb.com  Thu Jul 28 08:44:37 1994
From: cactus at bb.com (L. Todd Masco)
Date: Thu, 28 Jul 94 08:44:37 PDT
Subject: One more time... us.*
Message-ID: <199407281549.LAA08615@bb.com>



[Very little c'punk content, just explaining why the us.* proposal is nothing
 like a movement towards censorship, but an attempt to resist it]

First, you have to understand that nobody has any say over what newsgroups
 are created on a machine except for the news admin on that machine.  Most
 news admins hand this authority over to Dave Lawrence, the current moderator
 of news.newgroups.announce, when they install their news software. 
 However, *anybody* can decided to ignore anybody else's decisions on
 *any* newsgroup and issue a newgroups message (and someone else will
 usually issue an rmgroup message in response: it's an anarchy, and most
 of us like it that way).

The us.* hierarchy "cabal" idea is *not* to determine what groups
 will get passed and what ones will not;  In fact, the intent is to eliminate
 "no" votes, passing groups only on the basis of significant interest.  If
 you know any USENET history, you'll know about fiascos like the
 soc.culture.tibet, soc.culture.macedonia, and soc.religion.islam.ahmadiya
 proposal -- cases where the newsgroups had a significant amount of interest,
 but were defeated due to large populations having some sort of grudge
 or religious/national interest in supressing a point of view.

This part of the proposal will, in fact, reduce censorship, preventing 
 organized campaigns from defeating newsgroups, effectively preventing
 people from discussing their subject on USENET (for the traditional
 definition of USENET that excludes alt.*).

The other part of the proposal, the one which seems to have pushed people's
 "censorship" kneejerk buttons, is the concept of the "namespace cabal."
 Again, if you have any knowledge of USENET history, you'll know that there
 used to be a far stronger cabal than is proposed by the us.* idea: the
 backbone cabal controlled everything -- they were the news admins at
 the backbone sites and they had the last word.  News admins at other
 sites listened to them because, well, they were the backbone cabal.  They
 had the connectivity.

When the set of newsgroups became too big for news admins to effectively
 manage them (and the connectivity model changed, there no longer being a
 real news backbone), a newer system for gaining consensus over newsgroup
 creation was created.  Votes would be taken -- *NOT* on democratic principals
 or anything of that nature, but simply to gauge interest so that news admins
 would have some basis on which to approve group creation.  Over time,
 the formula was tweaked in various ways when groups that people thought
 should never have passed (like the rec.acquaria, sci.acquaria, etc. groups)
 were created.  Still, this is basically the system we have today.

As I mentioned above, the current model allows large groups of people to
 squash newsgroups of interest to smaller (or even equal sized, since the
 current guidelines require 2/3 majority to pass) groups.  THAT is censorship,
 the tyrany of the majority.  There is also another thing that needs fixing.
 
There is a problem with the current USENET namespace management strategy:
 it is damn near impossible to manage a namepsace by vote.  In extreme
 cases, Dave Lawrence has simply refused to publish the newsgroup creation
 message, but nobody is very happy with this: it's too much like Dave is
 censoring the net, and it's wrong to stop the creation of a newsgroup on
 a subject simply because its proponent insists on a name noone likes.

As a USENET volunteer votetaker, I have become embroiled in proposals for
 groups where a vast number of people wanted a newsgroup but had to wait
 months, sometimes missing the opportunity to discuss events important
 to them, because the newsgroup proponent was insisting upon a name that
 nobody agreed with or because no clear consensus (among users) appeared
 about the naming of the group.

It is the namespace issue that the proposed "cabal" will cover.  It's no
 different than the government refusing to take a vote on where every
 single book in a public library will end up on the shelves or where 
 each document is stored.  Namespace management is simply impossible to
 do by voting, especially when the "voters" have no understanding of the
 issues involved.  We've squeeked by so far, but only barely -- and as the
 net grows, it become much more difficult to maintain the current voting
 scheme.

That is why it is absurd to view the "namespace cabal" concept as an attempt
 to censor a democratic form.  It isn't an attempt to censor (it is an
 attempt to stop censorship), and the current form isn't democratic.  Please,
 before you try to argue this -- check out the facts about the proposal,
 the history behind it, and the real mechanisms in place before you spout
 off.
--
L. Todd Masco  |  Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | "Information wants to be free, but authors want to be paid."





From Jacob.Levy at Eng.Sun.COM  Thu Jul 28 08:55:49 1994
From: Jacob.Levy at Eng.Sun.COM (Jacob Levy)
Date: Thu, 28 Jul 94 08:55:49 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281503.AA24140@vail.tivoli.com>
Message-ID: <9407281558.AA19412@burgess.Eng.Sun.COM>


Mike McNally writes:

 > And cable TV?  Nope, can't switch on that cable box without first
 > keying in your ID.

Would you agree to: Nope, can't watch that XXX movie without first keying
in your ID?

--JYL




From merriman at metronet.com  Thu Jul 28 08:57:49 1994
From: merriman at metronet.com (David Merriman)
Date: Thu, 28 Jul 94 08:57:49 PDT
Subject: What can one do for remail operators? (fwd)
Message-ID: <199407281555.AA10259@metronet.com>


> 
> I think the single most important thing we could do for remailer operators
> would be to figure out how to make the remailers *truly* *anonymous*. That
> is, we need a net.hack of some sort that allows remailers to send their
> messages in a way that leaves no trace whatsoever of the original poster
> *and* leaves no trace of the remailer itself.
> 
> Net.veterans will perhaps recall a thread I started a while back along
> these lines... this is a technical problem, and I have the utmost
> confidence that the skills to solve this problem are around here somewhere.
> If I may make a humble suggestion, I would suggest that this problem is
> more immediate and pressing than many of the issues currently being
> debated.
> 

One option might be for the remailer to forward messages giving a false 
ID/address - essentially, lying about who they are and where they live :-)

That would seem to take care of the outbound traffic; how to deal with 
the inbound traffic is an exercise left for the reader ;-)

Dave Merriman





From hughes at ah.com  Thu Jul 28 08:59:48 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 28 Jul 94 08:59:48 PDT
Subject: Latency vs. Reordering
In-Reply-To: <940727141624e1Sjgostin@eternal.pha.pa.us>
Message-ID: <9407281527.AA00454@ah.com>


	True. For small numbers of files re-ordering is important. On the
   large scale, latency serves both purposes. I tend to think of these things
   on the large scale, which is the reason I pointed things that way.

That's fine, but say reordering if you mean reordering, and not
something else that merely yields reordering.  Reordering is the
important concept.  Latency is a derivative concept.  Reordering is
more important than latency.

If you use the "collect-and-shuffle" method of reordering, you get
_guaranteed_ reordering.  If you use random delay, you get no
guarantees until you do the detailed mathematical analysis of just how
much reordering that gets you.  Merely _measuring_ the amount of
reordering in a continuous message stream is an interesting
definitional problem.  Calculating these measures will require some
fairly sophisticated probability theory, and NO ONE HAS DONE THAT YET.

Cryptography is about assurances as much as actual security.  Adding
latency now yields NO GUARANTEES about the amount of reordering,
because the work has not yet been done.  Adding latency gives only
warm fuzzy feelings, and no understanding.

The maxim applies here: "I you don't understand how it works, don't
trust it."

Eric






From gkremen at netcom.com  Thu Jul 28 09:08:03 1994
From: gkremen at netcom.com (Gary Kremen)
Date: Thu, 28 Jul 94 09:08:03 PDT
Subject: Signature Stripping and anon servers
Message-ID: <199407281608.JAA16814@netcom.netcom.com>


Article 17408 of alt.privacy:
Xref: netcom.com alt.privacy:17408
Newsgroups: alt.privacy
Path: netcom.com!gkremen
From: gkremen at netcom.com
Subject: Signature stripping and anon servers?
Message-ID: <gkremenCtMrv2.190 at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Thu, 28 Jul 1994 03:18:38 GMT
Lines: 25


I am new to this group so please forgive my ignorance.  I am looking at
putting together a local anonymous server.  However, people here have
signatures that might give them away.  They also forget that they have
signatures.  Is there a general (and I know that you can't cover all
cases) of stripping signatures?  What I was thinking about was:


Read last 100 lines of message
  if a line begins with --
  then if no MIME v1.0 header present
       then delete last 100 lines
       else if -- is part of part-boundary
            then ignore
            else delete last 100 lines


Does anyone have any gross problems with this methodology?
If so or if you have any suggestions, send mail to me
and I will post the best stuff.


Thanks in advance.

Gary









From nelson at crynwr.com  Thu Jul 28 09:32:16 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 28 Jul 94 09:32:16 PDT
Subject: What can one do for remail operators?
In-Reply-To: <2E37C904@mspost.dr.att.com>
Message-ID: <m0qTYR0-000I8LC@crynwr.com>


   From: Philippe Nave <pdn at msmail.dr.att.com>
   Date: Thu, 28 Jul 94 09:03:00 MDT

   I think the single most important thing we could do for remailer operators
   would be to figure out how to make the remailers *truly* *anonymous*. That
   is, we need a net.hack of some sort that allows remailers to send their
   messages in a way that leaves no trace whatsoever of the original poster
   *and* leaves no trace of the remailer itself.

I don't think that's possible.  A host can always tell what other host
connected to it to deliver the mail.  That's a requirement of the TCP
connection.

However, what I think remailers *can* do is create a web of remailers
that's large enough that removal of any one site isn't going to affect
the web.  That pretty much means that the web needs to automatically
keep track of all the web members, and the software that creates the
chain of messages needs to query that list.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From m5 at vail.tivoli.com  Thu Jul 28 09:46:31 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 28 Jul 94 09:46:31 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281503.AA24140@vail.tivoli.com>
Message-ID: <9407281645.AA24515@vail.tivoli.com>



Jacob Levy writes:
 >  > And cable TV?  Nope, can't switch on that cable box without first
 >  > keying in your ID.
 > 
 > Would you agree to: Nope, can't watch that XXX movie without first
 > keying in your ID?

No!  Who's going to keep track of all these ID's?  Who'se going to
get access to the database?  Who's to stop "them" from changing their
minds one day and making it such that I need to key in my ID to watch
broadcasts from political fringe groups?

Sorry.  I realize that in some sense things today on cable hover in
the balance; my interest in this group stems from a desire to see the
Great Global Net of the future be one based on the premise that
anonymity has great value.

| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From jya at pipeline.com  Thu Jul 28 09:51:55 1994
From: jya at pipeline.com (John Young)
Date: Thu, 28 Jul 94 09:51:55 PDT
Subject: Questions about Microsoft and Software Key Escrow
Message-ID: <199407281651.MAA18069@pipe1.pipeline.com>



Responding to msg by Jacob.Levy at Eng.Sun.COM (Jacob Levy) on 
Thu, 28 Jul  7:53 AM

>
>Blanc
>
>I respect your feelings on the matter and your ability 
>to think clearly and  with great foresight also :-), 
>but for this list it would probably be much  more 
>useful if we got some _OFFICIAL_ answer from Microsoft 
>instead of your  "I believe, I cannot think, can't 
>see", etc. etc. You're obviously a  concerned 
>individual but you equally obviously don't claim to 
>speak for  Microsoft.
>
>--JYL


Would it not be fair to ask that all the parties earlier listed 
by Tim --  Microsoft, Sun, Apple, IBM and others -- be asked 
for an official statement of their positions on SKE?

Even so, will this produce credible statements?

What if confidentiality or secrecy agreements are already in 
place?

Disinformation needs cryptanalysis, no?


John







From joshua at cae.retix.com  Thu Jul 28 09:57:48 1994
From: joshua at cae.retix.com (joshua geller)
Date: Thu, 28 Jul 94 09:57:48 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281558.AA19412@burgess.Eng.Sun.COM>
Message-ID: <199407281657.JAA26439@sleepy.retix.com>



Jacob.Levy at Eng.Sun.COM (Jacob Levy) writes:
>   Mike McNally writes:

>    > And cable TV?  Nope, can't switch on that cable box without first
>    > keying in your ID.

>   Would you agree to: Nope, can't watch that XXX movie without first keying
>   in your ID?

teach your 12 year old how to hack.

josh





From tcmay at netcom.com  Thu Jul 28 10:23:41 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 28 Jul 94 10:23:41 PDT
Subject: DES Vulnerable, Why?
In-Reply-To: <9407281012.tn288310@aol.com>
Message-ID: <199407281723.KAA10659@netcom13.netcom.com>


Kent Borg writes:

> It seems the TLAs (in a weak moment) let slip that DES was getting old and
> creaky and vulnerable.  The story is that that is what sent the TLAs off on
> their search for a new encryption standard.  (Unfortunately, they got their
> mission reversed and decided the need was to *read* plaintext not encrypt
> it.)

"Can DES be broken?" is of coarse the hoariest of FAQs, so I won't
address it here. Suffice it to say there are literally thousands of
posts in the sci.crypt archives about DES weaknesses, DES-busting
machine designs, etc.

What I want to comment on here is the idea that the TLAs have
_recently_ or _inadvertently_ revealed the weakness of DES. Not so.

Back in 1986-7 there was a major effort to have DES replaced with a
new encryption standard. I don't recall the name for the program, but
it had the support of several chip companies (Intel, AMD, etc.) and
was, I seem to recall, mentioned prominently in the National Computer
Security Act of 1987.

The new standard involved hardware security--thus it was not a new
algorithm per se (but DES is supposed to be done in hardware, too).

Maybe one of you out there remembers the name of this program, and
knows more about why is just fizzled out. I don't want to sort through
old boxes of magazine clippings to find the articles.

The main point is that the chief reason given was that DES was at the
end of its life. Actually, most folks are utterly surprised it's
lasted as long as it has...Diffie and Hellman's paper in the mid- to
late-70s predicted a lifespan of not much more than 10 years.

Triple DES has given it a few more years of breathing room.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From pstemari at bismark.cbis.com  Thu Jul 28 10:37:23 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Thu, 28 Jul 94 10:37:23 PDT
Subject: Just say NYET to censors
In-Reply-To: <199407281527.IAA22149@jobe.shell.portal.com>
Message-ID: <9407281733.AA20600@focis.sda.cbis.COM>


The fundemental flaw in the comparison of the various Internet and
Usenet based resources is that they are a communications exchanges
between various sources and sinks of information, not a single source.
In this they are more akin to the phone network than a TV station or a
major BBS such as CompuServe or AOL.

I'm quite sure that every parent has a long list of phone numbers s?he
would prefer h(is|er) children would not call, starting off with bars,
escort services, etc.  This is not a justification for a pre hoc
screening of every phone conversation by censors, nor is it a reason
to establish various restricted classes of service for telephones.
This is even more clear in the case of Internet/Usenet resources,
where each link is essentially a contractual relationship between the
computer owners involved.

If you want to establish a site that censors/restricts newsgroups,
limits ftp and telnet access, etc, that's just fine, but it is no
reason to restrict contractual relationships that don't involve you.
If you don't want to connect to a site that refuses to abide by your
restrictions, that's your call.  OTOH, don't expect the world to knock
down your door asking for censored newsfeeds, and don't think you have
some God-given right to insist that two sites independent of your own
abide by your restrictions.

In the case of the major backbone providers, eg uunet and psi, the
situation is a bit different.  These sites have a disproportionate
control of what passes between systems, and any attempt on their part
to restrict content would be disastorous.

	--Paul





From tcmay at netcom.com  Thu Jul 28 10:41:56 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 28 Jul 94 10:41:56 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281558.AA19412@burgess.Eng.Sun.COM>
Message-ID: <199407281739.KAA13834@netcom13.netcom.com>


> 
> Mike McNally writes:
> 
>  > And cable TV?  Nope, can't switch on that cable box without first
>  > keying in your ID.
> 
> Would you agree to: Nope, can't watch that XXX movie without first keying
> in your ID?

Of course! All decent Americans understand the need to monitor who
watches this filthy smut.

I was meeting last week with Secretary of Decency Falwell and the
President. Dan proposed that we extend the National ID Number to a
range of other services, including books and magazines. After Jerry,
Dan, and I watched that filthy "Debbie Does Fort Meade" again, we were
all very excited about stopping this trash.

--Klaus! von Future Prime Time

(P.S. If a family wants Junior to have no access to the Playboy
Channel, they can damn well buy one of those parental lock-outs. Or
whip him good for accessing the channel when they told him "nyet." Or
whip her good (and hopefully get it on tape!) if she tunes into Oprah
to hear about teens who married their transexual gym teachers. I don't
want any stinking government type telling me I have to have an ID
number! I'm sure Nathan Zooks is sincere, but, gadzooks, this reminds
me of why the Republican Party is as much a threat to libery as the
Clinton Gang is.)

--Tim


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From berzerk at xmission.xmission.com  Thu Jul 28 11:04:08 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Thu, 28 Jul 94 11:04:08 PDT
Subject: What can one do for remail operators?
In-Reply-To: <199407281239.FAA29184@soda.Berkeley.EDU>
Message-ID: <Pine.3.89.9407281254.A17451-0100000@xmission>




On Thu, 28 Jul 1994, Tommy the Tourist wrote:
> I am interested in doing something to support the remailer operators
> that put their necks on the line for us cypherpunks.
Hmmm.  I know something you could do that would be real great, and earby 
volunteer.  I will post-screen anonymous to usenet mailers, and I am 
thinking about offering a chaining remailer(only other cypherpunk 
remailer sites supported).

Seems like the least I could do.

Berzerk.






From greg at ideath.goldenbear.com  Thu Jul 28 11:04:55 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Thu, 28 Jul 94 11:04:55 PDT
Subject: Remailers
Message-ID: <m0qTZYq-0005HuC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

Phillipe Nave writes:

> I think the single most important thing we could do for remailer operators
> would be to figure out how to make the remailers *truly* *anonymous*. That
> is, we need a net.hack of some sort that allows remailers to send their
> messages in a way that leaves no trace whatsoever of the original poster
> *and* leaves no trace of the remailer itself.

Er, if we knew how to do that, we wouldn't need remailers. :) 

What we do need are more remailers that aren't subject to political
pressure or likely to be killed because someone writes to 'Postmaster'.

Accordingly, I'm pleased to announce the deployment of my own remailer -
'remailer at ideath.goldenbear.com'. I can't say that the arrangement that
gets me my news/mail feed is entirely without politics, but the sysadmin
above me is, I believe, also pro-privacy and pro-remailer.

The remailer is not intended for use for extortion, harassment, fraud,
defamation, or spamming the net. There are no content filters installed
but if I learn of use which involves the above I will take whatever
steps I think necessary to eliminate non-acceptable uses.

The software is Chael Hall's remailer system - PGP encrypted messages are
not yet supported (unless there's a new version I don't know of). 
Sometimes I talk to my feed site with TCP/IP, sometimes with UUCP. This
means that messages may get between 0 and 24 hours of delay; I know of
no way to predict the length of the delay. 

Detweiler, you may not use my remailer nor any of my computer systems
in any way at any time, under any name. If anyone's got his physical
address I'd like to get it so that I may send him a copy of my "no
permission" message, registered mail. 



-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLjfvI33YhjZY3fMNAQFoKwP+K7jUCa5vAhWIPcPz/nzpILi3AbfOZ5Lr
0H6KRJfpX8lvmmO8FNJlbXweQPLhm14It90vlwbuCJd9wfLgiRkZmPs99IgoX1CB
iW4Wby+pdusExj+nNmyFA8zKKRTO4Eq5ahddqMtI7dBHmfZ/F/abjnmYXUmkarKe
EdvZlqBCcIs=
=+GnC
-----END PGP SIGNATURE-----




From berzerk at xmission.xmission.com  Thu Jul 28 11:08:27 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Thu, 28 Jul 94 11:08:27 PDT
Subject: Questions about Microsoft and Software Key Escrow
In-Reply-To: <9407281453.AA19327@burgess.Eng.Sun.COM>
Message-ID: <Pine.3.89.9407281251.A17451-0100000@xmission>




On Thu, 28 Jul 1994, Jacob Levy wrote:
> I respect your feelings on the matter and your ability to think clearly and
> with great foresight also :-), but for this list it would probably be much
> more useful if we got some _OFFICIAL_ answer from Microsoft instead of your
> "I believe, I cannot think, can't see", etc. etc. You're obviously a
> concerned individual but you equally obviously don't claim to speak for
> Microsoft.
People lie.  Tim May speaks the truth and does not charge a consulting 
fee.:-)  Who knows what evil lurks in the hearts of men?

Berzerk.







From koontzd at lrcs.loral.com  Thu Jul 28 11:18:44 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 28 Jul 94 11:18:44 PDT
Subject: DES Vulnerable, Why?
Message-ID: <9407281817.AA07052@io.lrcs.loral.com>


>My question: if triple-DES is so damn tough to break, what is wrong with DES?
> Triple-DES is a trivial variation on DES.

Brute Force Key Search ala' Weiner.





From 7CF5048D at nowhere  Thu Jul 28 11:19:26 1994
From: 7CF5048D at nowhere (7CF5048D at nowhere)
Date: Thu, 28 Jul 94 11:19:26 PDT
Subject: Stealth ported to DOS & OS/2 part 2/2
Message-ID: <199407281715.AA27921@xtropia>



This is a pgp signed binary =pcstlth.zip
Not encrypted. part 2/2

-----BEGIN PGP MESSAGE, PART 02/02-----

57x9mX+c2Kpe9ceJO3deXXvTpoING2+7ceP1txTcEtoULLhhXcHG0K0FoVvXrttY
sHTFjEumZ7sKL1P+P/K5aqWEggZDlMC/LDk0ZR7+bPjrPYgvr6JkAtztlfVPWu2P
WHXc6nC8a5H+UVreHjwfx9/EXIn7olyroMCCv1QwA6m+/L/73BuSk2EvkLidVn7D
BInNViD7Poi3TeFeU35qrIMfr9Xey//4K9+CBRacbMGZFiQ6KRmKUmylr1SYoayP
TXFsCq67fn2wVlFy16wpWXdD6MYb120sv+22m0uuD16vUmbZuqB/y7fXbQiWXHXV
TbfW3IaeqiqmZN4IVVUV9es3MqZnkW3YFeV1h6Lsw4CKXIryXfy5shXlv/C3BwT8
hlf+ORQ3tXMoixURQApcvgBgjSJmA9yoiMsANiiid7xD2amIIFI/QpUxDuWwBL+T
4BcSvCDBnyXolyBbFQtGOpR5qtiC5g8I0QzQIcROgI+FeAjgTSG+D5BpE78F0Gxi
N8B5NvE/AONs4iG7Qyl0iFqkZjnEewDTHJy51smZtztFP8B6J2fucIpc1aHcI1PP
O8V6lL3uFBXIPCYzJ2SKLqTGZHLq6UwxVjiUVpkqdokVSF3q4tQdLvE/SN0uUztc
YifAIZdoBkhKMC2LO1GUJU6j5pwsrvmtLK55VxZXOSDBCVmzO0uMtTmUk7LmVjeT
53a3KEHmepm6zy2+hVRUpvZIcMwtiSzBM26xDFUOyLJ3JXjbLSqQecLNqB3ZPPbT
bp64edncbpIE5RJcL0FQAl2CPRIclOBFCQwJtBwGYySYKcEVElRJsEmCH+SILejE
wzliA0CrBB2y7E0J+iQo8DDIk+AKCa6W4BYJ7vIwsh0exvKQBE/Ksk8kyJHsdqEE
V0qwVOF5AEPTBGyWoFmW3S/BryV4SYJnJHhbgg8lcKkMSlUmZLFk6Etk5oUSNKoq
8fVTKk9xh8qUP6aKDQBZgsFIwb2+QHDZXCFqMVUzBU9VpRA+YGmWZT+QqaeE+E9U
2S+rnBRiL1LLbWrvQjCYTaxF5v/YxAkN1LWJLoADNnES4IhNGADHbKIH4B2bGIOa
0zVxFcClmggAXKGJknyHskyCGk34AO6Q4Feamp/nUN6SZa9K0KupCjJ7ZCrTzim7
nVOmLPtMNs+zi1aIi3MkuFiCSyXYaBflqFJnF9ehE+skCEuw084j2mMX6wF22UUt
wH6AsQ7ltwBovtkhjmWCBE4GtzvVNlDiFifX7HaKOchcnMlEvk6CZZliJjL3Z6qd
wFLi5iq/c4stExzK+dniOFITssUJgNkytUKCcgk2ybJHJNglMzNzuC/2HDEDU2Vm
cwc/yxZTkfokm8u6s8VWgFclOCrBc9miAeBItggCNOZw6j8lOJjDVfZJ8KgEfo9Y
D9TzPfyGSg+jvk6CDbLsTpn6tQQPy8wHZOr7sl0zpZxq0qX6VKc636NeDFDlUacB
3EcphzJF4U58R4JGCX4twUSVwSwJ9qncs0ck2CVBhyz7QILxkssrbaIRqQcl+D8Z
YifAzzNEFyh4KEOcBJjhEOWoOcUh9rocymUyVeYQPSi7XKaWOcTyHIxWivubHeI6
pK6TKV2C7zrEt5F5p0z9u5M7cY8Eb2YyiEvwtEu0AYzMYvChi3e8t2Tmqy6xB6DT
JR6lqXKJhwF8WSII1AG32ACwyy06kPljN9f8oVscISK7uWZUgo8l+LubsYzJ5ppZ
EqjZnPmZLDs3W/wAOK/IFm0A67O53bdlzUqZArsR70LuEtO+KMEvctQN0x1KuwTv
5QjF41BsHmEAyygPp86llHN7QKh/Q1cUXnd/VcRxgD8p4hjAy4ropMlURAkJaLn1
C5UJ8akingL4d5Wr/ETlUf5Q5aH/pyqeBzgsy15XxV6AeZhhYLnQxtO+VaZulqmV
NvFdgIiNR/KAjYfwfZm5xybuJhkuwT7ZoFdWMWzip0gN2MQDACM0Bi6NhfdKu3gF
YrArQ/RgzJ9kqMlLkelQf3kZ9gyH+iBAwKHWQTBcJUG5BCUOdTaAz6E+N9+hLHCo
PwaY51AzirFpO9QapGY61NPzSLlQPwSY7FD/Oo8UD/W8IuxRDvX3QD3Bof4RmfkO
9TGAPIf6CwCvQ10B4Hao8wGcDvVW1NQc6hsAikO9FiCZoTYA/MklNExRRzaP9l05
wwmZmpHDqW/kMAnWSfBND2cGPZz6KQGnOkJT12HZZimceYME96hc83cqpzolOCIX
40HBZctsohlvL5HgNzae/hdtYidSMZvYAZClqaNKsMVpYocXCydLHEfmUbdqlrPg
Iz2whIBTtSnqWnTiXEXko+bPpI747xIc1sQJgN0S/MkpugBiEpzKFOvRYEs21/zM
I+7zOtX/cqiXQB6NzFTHAZx2MnhPgrku9S6A1RL8KkudB/ATt3oDwH+51W8D/Lcb
BHGqzdnqfwFM86jfQc9WK6p9LZQSRfwS7/uhBFWqOInXLlfVc1D2LjZKpN62qUVI
ZWtqBUC9purXobuaaEWDg5rYB+C1iyMADrto89KGJ54C+De7eB7gNjsPpc0uCkZg
tHZxL2h2fgaDNyTY4FBvqnEotQ61eR3e4BDFpF47ud0Bp+gElv91inlo/ltQCalH
nKIcqZ87xQmirlP0kTB1igRS9kxx2whWadcDXCO3uFoJdmSKIN73MwkOZTIXXOHi
spskuEqCLS6xAVU2udTATRiDS6xH6hUXNxBZDMZIsDRLbMGLFkMaYtuszmJxvU6m
bstiOf1gFkuNQxL8QYKPsnifzXZz6nQWdynPzeBiN7/93+RW/D03C5aITNVL0OYW
x3MdSihH7AV4UIKXcjjzqRzm3U9kaqRHPAowV4KJHvXP66F/eFgbwQKiDt7m4ebX
SbBHgn9AYEKR+zulnOpVijoV3NOgqLMA2iT4UFFnAhSozHVrVXUswD6VGHP7x6r6
llNdI2B8ObfvE2oX9lUb7DCn+pymjgC4ya7aaIkI7sJVchEGBRPVlCmfFHi7bazR
ODVemW47l5XauWyBItzopU8RlwKUSFCusA56taJWYGpWKupecO61itoLcB2Z2jCO
FLEX3GJo6luoeVKCLk3tBDghwXq7GhgF3pFgrQTHMrkd2CToxotc4jqAEpf4FoDP
JRYALHCJqQDzXGIcwByXcAPMdIlkFqSnS7wKMNklYgCFLvEkQIFL/AZggks8AJDv
EjpAnktsBvC6xDUAbpcoB3C6xGwAzSUuAFBcYgRAMlOcBs8lMsX7AH2Z4hhAb6Z4
CqAnU+wDeNQlfNgP9rjE5QAPg8cBHnKJAoAfu0QuwP3oYLZDudcl3gTY6RKHstmk
+w1As0vcC9DoEo0ADVgNAFvRs2xeKaUAQZeYC7DBJS4EWO8S4wFqMXaAtS5xCiS4
ziW6Aa51iaMAK13iMMDVLvErgIBL3AOwIUfdfDGae9Sdi9AJD8/YDg/PX69HtGL6
T3rE/QBtHrX+W2TrqHO/xTO94BrQWlEvAihURAJVYP/7A6yxTSORqoirAH6psPz6
qcLS7HlFHV2JWYGfAIziVNVlkEOGwuLopMLi6LiiRmsxxSqDHJt6Csp8nk31zibr
Wz23DvNnU9vOcShfs6l7LwIym7rqEhhANnXnzaQAqJ5RzpKlK6684qqrVihffb76
fPX56vPV56vPV5+vPl99vvp89fnq8//rzwuffnDggwO//jOdAX/9RlVZdOWVfEhf
sI7PY2+67daC2utvXbv+pltvLLhj3cZNlDFr+kzlGjNY6E796SWF7t0URxCohU2v
LF97oz7aqeiLErtnI6kvSu6+DDD8Ny0yqne8UOoU4+UaRfk34+BaRen2zKR+dOC8
eEVVeGGQTqmD28ILF4yhh/V1ok4x51LC6EFEgvVYPV5R9ESdMljWibL4vF30rAec
iyIBZ9NL9fky7dXfWBTxttuUmD9Jr4p7ZSN04/0rFCXiT+qxpU1toUO1C0YC1cY5
ilKnGo/lKcqaVX84rCkdOA+vqtTr3bNO6X5nuMt2qEs8sYUGpnmb2tA85Gg1TXNb
vCg+46ZTdJqulznLI2XOpratHt2hd/oiDs/jIuJPxDOrjPkT6ZUJWyhhLkmG65PK
tuf09tVr/nDYqXRMIBpU6iGnXu/d/i51dnu9mxBuGoO+IzoDQ0ioDPp4JMVUjgqb
xtHYTC4XspwO8cMvqPF8OWoTWfkSgcYlAp30cSfrR+rt+hgi0phmm+fxzkhFb9yj
t1d5DrQFjOd91N3e+AodZKpwTzysV/fpz0WW9OhLel7+W6TCOGQ4w3GnXgWiV4Ho
IEekuq8+r8VvpOEElU7GvciTSDcz0pO6P6F3llObxLaHVhOx3UrHSjvRYJZZi7NM
xTg9VlGYxsEKM5Q0vj9LJhPB8dyfREuJMBdcG8quxRm+QjV2zFCUaFPiM9N84vsy
a3nA+O1UjPiIW+bXPkSMajSMJhZqMkO5rbuRUftbzq1L5Y5rfciO3P/h3HtGU3sn
uOJnCNvo/ikoqDf1Adekp0DLi+/FV3BS2NCCt4eNfE/jDzEFSHkaXTbroQk53ePR
rMp8jNoZe06bZqSpF4/xGUPckpvGLU09VOiuMjLPA7E4ZUapQfhp+la2dXSPTkNY
BYSzTlkoL/oClIaF8vFzCSWlSsMDzq1Hw7+mZq4vaHXSatXArSil8/ehLpr2xXLa
m7qQM7zdCatdObc7we2olk0+V7gjIhpwyJb64SeJYX/U/9kUHoKsGW5zpLKjGxLx
mUMdzE9/0fHPiJjHrNe9fg69jvK+1XRq2/Ph+jwlVDrrVLx4sLWsu3WEhaNFNDd1
Wo1/jMYy1cLfeoWzWbuEqdQWvzPW9DzyaAEC31IIA8/j2sw0Ghz7HA06LLwl3KkO
Hhl9F3HdoEtipLXM73g0/DSng94qgyKNWuld3UFwT/wydD8aML/wTUesN70xgd50
5HPs0tb9npRM/wxJm4XkPkbSxt1t++xLWfUpq9lqbvbUWVj15i9/d6uFZCwjaeV3
0zdNoHy/p+khSfqyL0G1z0L1wnhCtY9R0XfAWDId4uG+fZ+aZrM2urT4MUK79XfR
Jspp1zIU+WSGvAHjOxeTrAlODy+s5T1pPEuEJ95DIvoTqrUCkuWWXJYscp6eJ5F8
Kfr3Retv76eyX5dyvyiV6sIL8atSKzn6jy+l96MWnvfHER5KnUHvL2i3x2r3OLej
lM7f4QTe2McULsR3lZGRAzq3sUj2Kh3XyW2p3tmOraTdn1C6P4Rg0/19Uvw1kvjL
CRsFnsY/kpwL20gshfqMZxJ4QW+KfqMk/RA7pVSCcrNHMOUa6hNKsEQK21yVhO04
LnDGL/iCXbSXdtG+sbwt6e3famrb9mr39SRoF65Pe09tBSP7o1ci+90XIOshZP/N
yHp0f084gby+4FjZ1S6gqBMYCbrbyIi8Mb/BG+8lQ/hyhsQINjmgWwl0eIz6T7RU
nNSrjeY825WRaiNcbzi3diA3WnG8Tq1TgNSDqQaLaaCr+gUdPEYYM7iDx3T/sXBC
TevgWIEOqrKD73i4g1+AppPQHMwnNJ06/nUe+otTX+P8ZmSNs+nNiP/5SEXH8AZH
qMH3uMER3d9h8x/xPF6RpL36+ZBF4RWCKHyzR1K4SPc/nyav9Yrj4cOOiL9tSLIX
+9uCI61tlZvOlE3D77u7w6jSijgZaGvQ1aC7+dKXuL9jGJWfor59NIao/FRrs31Q
xWvxP2UpG63xOWefoH3UdD833VdLTT0H/PsCxruX0UBbsWF4/iOE1QQmV7sppJP5
+LNPzsLHp4Xk45tzmI8/P4Lis/dgL/VgLvdg7/DO77U6/yho+cWD30PtPxlN7fek
RrAnYBTyCB4dHEF8Waq/FsnH2ojkT2czyXlYhTyseOEXsMzD9KIdowntw7STHv+C
eg9RvbVc7yHd/xDJEn+fp+lPECSrLQU6wAKkldTr2hLuR8XXFEWq2wcvhKhBk2R8
PFew+ZNPIARM0d8qIwHbN1EKWCqq0wLG1RkklUP2sLl264sS4zLGuBeK8G5S6y3T
IVQg56kCpfwmIDvoZmR1wngNPBmzB62wX0t0eJr+QduU353Gx+E2t7QWArUk56B6
GhV9pvnPLQ0BZVukWxrCaJxLjftmmfHSM9qeAz2iRZunj+LscfpzV0bGNavMCb3x
fFko0bDuXMyIesvCpnPrY/+8G2rM36Omd0M1Ts+xRJ17EpkLeu+hAecZSMbCGjiz
L7AJjHie3p7Wj/9lTMYZjSe0+N2F5tnGcjI+hsvSUGyYY5kB6QTXE/HbWrfwulhM
62hrXuuGoVXiedwW8XfFs2spz3h/JCHo0kNd/9oYTpwxhg9mU/sTbP5ta4FpZNJH
WpSfgld88tkMJWof5sk/bqz8yIQpleBNwGf6E//ai4+d8eI7+MXHvmScnalxZoyU
gjvUGR4wQxFYvaHjVjdfyyKb7nlp4XWQhQcWuwGyGMYRGWsdZKwd0Zcceflv+kcw
1GCuWR1c7LwistjZ9AeS/tUdX9TztjN6/tQl1JU2sJ+29UdpBvhS9CNeNEwA5uvt
T7CAG4bwqTjMTUtwAd96xvdUioyLmYxb89IZmWnRGs+x3vSPESyr9VArESNq5X4T
7x/qTsS/z3ja9S+5BPae4RJ4cxah36v791m26b7Qk9Y7ejUSGixdlJT4KilMCRL6
sMCDIZ9vaUzuA7T+apUG6pxRMCH1rBp5eK673Dh9AbKaIYQgIu6sRke+DXOd16w/
qj1GKHXNoVckPQc0b9i4Pnh+2BDBEWFjZOj8mL3WEl/x0TH7+tSzK2bfYD2b/uQw
JC2at7Et9N+lxSFn0DtU0qIsuDjYHF5IzZSQR7Kc45Rpdv/vkGwMXYtWKau4liXu
7Y6UVRyB+jWED8vDx3PQR+Krz3MAdV85H0UViWaxyPT3RSoSyG9R0Jm34ANoH3rJ
2Ki/J1phPOnjuSD53/MBq0g5KDBDBsQ8VKb4uVK0/ye6EZ3ArzXnnIfKb2WwfLdm
gT8Vek/tXtQz3qkAwW3Gh3hN9TPIrRttbL8W9wnexIqvfkbpfnm1otzz5k6UsKqr
h9w1/WW5mhJ0mps14ySYqWb7jbkfm7EyN+GNlo2JlGkRR7jeK4IlZKPc8fWYfS26
1btQVZpOhcaZoTyj2U0ytulU0FETXpqrxe3hDjOeH7ksslnT/XmRMjeaqyE7FTpJ
366Guv3PP+akExok0qQu/j7J34Y2dGOExotQZsVYUWENtHYMzWcJJz+PDxWwxejK
QjgCc0J24+FlpPlzwxQddAdGpDaERoYXXmUnjcJVGyCUH15NE1eST1kTMFpYTZVV
uyhtdkIThSIQ4vHODS/0nVHJ97lK3lSZUYcJQQmIwZ1AH2IUD6K05uepCmheZZys
omnWQC2N+m+GnMarMsvK4U7AdI+MogcrM2bnrgIJI47ZfVbyjILwwtbx1Nsscy49
GA8wg5ylYLXknM/Rkysvo47DjzQ3fq6ZfR3ItYu+yHNYns+eQ3I7wqfXGV5IBUro
deNrEAm7iIOQCbdeaAaa5+yq5Yxd6yWoHU9IbE/UjkVyjte4cBVYIuQ17kTbNfpf
q+FBkxQhWWgEqYeDRKojuXP9UBalUWlpanycVo3Lhw0rxQdNZtBdo5fl1eiv1RQd
DvKc3aGXubE2v6azF9FTZdymsMlsD79gxqvSl8/PMYOeA2Wj4U9cRSuiJlYGw9la
SrEyXqvtZaNNvMFbAwzjPPvLvAEew5swEgLGY1idaORF4/bVPPFD/Vu2wuphKNP4
01Ri33j9mV1dz33cehF1yqmEMnVHtGpM0eHQKOvlqbRdp0UNEx4quNsGD+mUMqfn
QNVofY0WOU/vWLZiOebNKL4Il53gk8wldIoIuWgBe2nUAj5idHAVTcVgH7vLprJs
GVpvuxGKxnxJ6XCPm52+s0zLQW3pF6UtpeaCjc3+vlAWFbHjN76wob5vc2jUQUSp
kj+7QRn0+cbPR9H1VJT5uSLHrLbuH+KhJaN0wVRgDI5uyVgwNTQbLYJBF75vCF0Y
F/EL8DQ1ZG/JQBU9Fu4a0BPhFwXhUhkXXXSjJiHn9hcRtqfEp3FTN1J4W3hJwhcf
t4uGpiuT6JJZZqw/RiVBjcqwYYGJ2yBMoPFF5rED1xsR2AFWD7EuEQOTGcXWVZFY
HiDefn3ANGsiZbnEGBe0lI1ubKu/CNIzC6snlEANtxG7huV+M5flMCMxg4ETqont
aNnNQbf6NS9dYgtm1GxfinmTsxfMhLbOtHVYbnW2m2Ah1SlVRk8eszScJh8l4WFt
i7vjLosRY3G55Ly8SA7SthmfuGsm3hPVfFHt/xKqJyhX7SxKbNaobTiWLwdwXI9Z
8s04iPVGLuegl/Q6NxZqlfHxAOVRndQ+lsbvUb/3ic6xqhKQtZcbt0wYku1MQifx
kxuHCJLdg4siIQgbJ51ATAK5sSNXBYwbsKWR+CXe+BXtLEuS7JD3oRqdS4Re0du7
v0/sG6UFwks9AFDUu/EbWE36q2onVlQBL6xQFhbZ1DI3zMN4TpVxY1L6NTDkq3VH
JToZML6dxR5AtRd19HbVobfH58UvlWhHMZIgWl481HIczZxs+xysxaL2OzKQq8UF
LTDJL+njZRE1FzJorLXlToHeGnIHqozuAcbp8jxechkbmg46TCGq46wCJHFY622Q
EdNJPkRPp15KYi5HL3XbSp3RLWqkPhnP0O9yAtb0l+b6lKAdGOM+PUOvZMM9UT8W
WusSKDuJhnmukM1MnTTF4/lxD4wHKthippf8DRhkJ7T0oWE2q4wRn/E4Mq3exwOs
PHiYdneBaZYhc0o7aSlrBlJijaQZ0ZG21oBhVsopz7RMnfShy/0obSUu40F7DpSO
pm0iYByupKORMLzWayQlAlSWvrTwyuAsUIPbCGrzvcE2UzmTzmMCxharG/bwi2Y8
t9K4HxOkxuLOSuN7eJoS02MpElj7D+3wPxxD86ov3DIBy+xcOCBeXc688eAYdghA
ordoMxcsDGaGY5ruQM4J+g4iX+31xTPixFLKsK1j+PxC5txDR2nlemL7e1gNpj73
BMY1de5xfIOdLi7q3yT0/kqTM4zpKyw/BDaXulTmExAjKj8W9d+xPCXDqozY8qHK
C3cR2iKcGoop/VV0ZPVOWul5nLOR3RDJaN68yCjCZvMndlMrUhGH7Szc/9YglAK9
c3cDQGTUVnzvoq+YT24mPp5hzor4tAiQ7CYtImafSsdeY+lpBj0hT6o5PXnYUMP1
TsXTuId4A+y3OdnfTiLS0/gDMgneHbB2Kr0s8Ygq3SIhL0uPKa+p7ZYJg1We0APJ
/sOyBtT+3tBkKP56QNPzdWfEpZdrkW9qxXbueEUPVpi/h0dhC/VS48iGRGQzn5HC
ZRE6j4eAxnIoW7RIlfXoiMxH88FdN0113T5AU3pHJvvnsehGE9ryWYlHaII997ZN
oqMXyRbOIVXCHTa9m5yYjm66+B1+L4l1kDo7LqRtC95T25NEOj1vHLSxJ9fTo5av
Hi76KJiNtcxqGqZ460uppyCokyTFjaqqC7xxP9xzKPLJab+G6w3hjcwZl5ZDbSIL
xpl2ygp/4Ay3O2OlrA5gk+5QI6UQHmqv/lr4WTUSSGDeqajSmDlAG5ZFFqfk9Hw5
tc5NJEW8bPnSmXabVh7uSobbnFIKhBPerRnEAbw5HCVuXEjzkpIWZcliEp19nrtJ
MeAd6x4Wsp7Ge1iZ0qs0nBNPrU6GP4Oi24vZgQN800zMr17RG1mkRbzFjHBoyokv
OtVPaTiLEpGyJJrgyItoHZ0zhhpt1CJzuWJ1T2R2ZLUWGa1XGPqz6odMAW6yLBGp
TNLRdKz7HPQrtZ57t7/L6xm7fKKo1/Pd51ngJUGxij7106LDnrufYG6dksC44dLa
BM+tpo9J6ybYj5h3qLNlCShHUxL9x8HftgojUpmIBJJ8NKH7Ddkbfp0+ALObBtA5
5aPwp17GY2zKJTp0TvlUzlekKhmfx29PDQQ4dFAMdChNDmf6DVqk0nrMiFwCGkEJ
matv0yxqTgrXJ0SItsmC+FjsLyRLxn82uKNmyVnsXjDArtkzJEmavn+AbvhLhWYs
NPHcSXTvYiF9hTKqjAj8n1Bk+Owl1GXZaStIa7MUKrvxODYX2nbAB5Ex+ho3WfKd
dK7He5Wb9qi3SJm6CPoI6w+5UNhzayZtG6gJdxSQshd3W1uYVK07zDWrUmsbLzLL
wHJ2lK5Jy4QBwIu2g1mUXpRrLnUOuaq7f5sq2DqSeorNM4tGxxIslJ16UXczvRUK
YoOl9BRUGeNNJqI0JYYhjVfHVw0O++CAHPYTjRTlomLQb45n2T5VGj+/HUcbnyq9
Ad6498xBE/psSRzP43ZCcvb9aloqSoT8B2Lr7fgu3HZz06l6HKflQb1td1xc1v9n
HDXBYwm3XgXcXbNe6v9Y9x9v9vr0V/VqLxUc5jxSlUT89XihueQ4KsAZ5Gr2H6t3
tfiPaTObHWXxLDwJf752CgmgLPYfDx1rd5AOb/FQnmXU1F0Pg81FOpdRyVam07LP
MDnuFr+zGau5yhn+1Kz/OuYvdaThTzYLS009t6E+6Qpm4Ds7lFtlTPyIic5z+jht
Po/7k92/pslB9Z2KNXli+ORFrcnDVRGevAqpWsI4fenDoTmsQ2H/8chZezE+rRdo
9mBas9nUhfjFcZ7OaEWSp3j6BDmpZxiDqK5R9TWD0pd4VF/ifQdHPe7kR78JOaNl
5hpStma3xfuHrT+5ecXzWhzzM0JaWWkcuiuYbfSUzvgY3e+1HJPe0Fuex8vAKZXm
lM7Va6RCjPaV/KIYWQBLvPrRo91Hu5Mf/1x/Nvy27eOH16w+o55Vq3hg48Tgxaej
wRwzutVjcl39WWobft8W/sD28c+T8ZwkpQdRYcolNmtsGFZLVw22rC4w9uG0d/9K
NvglNbDU9rPpX+gKlrD94E7wvWe/nzwk8KORrtoF3SduiyBkKpSoMv4NBA+QaGtC
zEvtSZQhYIGsi1ia9jroxNMzanw1kYwa0rBqYhkqUGcEyLK7m+0uejq+mG28Y4Tg
TIMrhWrXXhc2cns5ZGL9+PBCgsrW3F3lllOnh4zeOd64/cBy3FyGJTKxxdHYFhxf
S47KKqPyY9NsvQ4lnA4YpR9THBIeK41iKvr2UNHUj0k4Dy77QYWMtul6N23QmxwH
vLRzZ/PBCe/c0Q2wqaxd2y137XFSh9R9SWxVRe2koWH/cnYL5BeHEpuvgLo2pZd3
vL6N00hKJNVODu6KLnDqL4T/oEbKE5HFyfBzamRNIrIyGcD+ZpygM0NgoYN/Nj+T
RvSU3Pn/m7fVhF6fVGPQECy9ECeB3+OCPiixRe2eexpYQRjcV0NZ2L4inIrb8Cgr
pjq2qQBbJal6Dluoj/sYXQD7j3bKskRkURIhQamO90SuRDWqm3+WUcghUMSA3wkn
zVm1IhDOQ5ZGoo/0pu5rMQDWgbLJxXCA/OHfUK1RO4210qhkkl7CNd3DlSr3FyhV
1vQMEBnIpqTp0SsT+hvhdwamfNz/ZkpdTkQq+iLVvZ6mRwfJB6XLc/dPUpTvNUZ+
IinfImvoAzCdvkRzwQKCi9WkiJh+0lDYBp3KnSPNZxTr8OpHlhpWymrYRVINW8AK
1xvqZxb10XPoLytIf6mKVPcYh8C4MOonE7V2fmL5NHAAkAgbzgDriM0UGESmHNWM
pU8Be0thOWL9s59kkHHRdrjFg8rbe/hkvjK8sI38sZ7GP6nk6tn9MFK7H2XTZg8V
kNVDNaL3JTFZy2s1mr25FKYaaUoghyM5OCyQyuvUgPES16A2xmQ40Xwq1zMf49qj
KQeeyD4iOsJlkBdy1Qaxco33FsJLUqjy2VuGyY10/sZuWhB8f/A5M/gXeNn+nEo3
Yu6YDx4jZBxBMFj1/FCZRBQfGeV3Re+jFPabT4ZVC7qHsMFjM9Tc6gdWSCrvoqG6
Cy6HnCU+OwP3j9JxFwQnpPXcm9brpgqSndwUhze+JlOSI+iq3LUhh/zUcTibK430
AUEYjh5OGcLzPBGevLz0K1xmNs3gLp7GI/REs7i7A18s160jCVZ7dDq0ujY0EtCn
YrAuPaNdOT/sEHEXFemjm4XpMDMG7TqpL+0i5iiy0wtC08N2Snk5DxI8YM6l1xk9
rC7vpmfM7g9odjMX8PJWgl+rNHDTlJhg70eSv1Gljaq8WwyDq8rYBpUU/qkBHkM0
r4kYTD+HcEUWjPQxg64mPdYp3e+0FtZY/vgz/dlymO3FdvInbsys+9S4G0yGMNwY
e1aLYhR3vGA7bGOkgrOt0zd2xegLvKhlwo+fRT4ELniSCiLaOKt5PCueWfd3Y8ZC
af2uGvJ6DW2d3iEfeignPCC2ZW6vz6M45ztYF5ouFSsXOYeqjMDf4aNNc/jv+4CW
eh48N3Bc7TkptzTvEH438OsZVezB+UY/iQNbRgRzqMg9mLdwhBw7kROt8D65Ybqq
RJc44fFxL1th1GMSVkmrQ1Z5gsurnfByocaK5cYqrkGqBr8vvFDx0BnLDOOcReRF
OugiIZ2rtxd6tCueMDCDzdqYQwMaTrVzt3bH7FSbVkcrFVkGzrIqYy9rDHDr1Nng
P7WkB+kV5PabTvkja+n3zwYLvZbhlcvZ7P0yXjzFjscUR0P5ibIb0lgO7HU2SMrE
EOog2XKOOL9AGWxRIHeroLOGvRLxjBp2CdaglmWhzzpVg92zm3be1LlshVMvERq1
wy4YzNKxFfqcFADnpMdU/BsXG1axm6I2MvlR4ziNk3q9QeEX00i5CV0A7VP17K/o
gwn9U+lKKfa7oXJRfqQ+QV0IxzKK67s2OfQyAUJ1lGK+imd6dtxIZ3yI/GNpn8ln
wKruE6vXpG/KchX45c0Cox/+/NrLzyMBXUKnj08irZdOMO8oCHCZecdk42fvIjjD
3jlezl5k7jGynUsLdx+n5QgfGh/bXXKSJiBv91PsdcjfzeJ+LkJRjNED1q61SndA
JMRKHBp7SUH+PrOT2Lyed32MK9QT8/eyQwgerd7UUr96jKYvz0dTnZpuyKsjtxbI
anaaIKKjyN+79aiFrbWTL0IEjIsGUb6nl+abc5+nXXpuB38f4R3cgD/A7AwYF/Ay
GuKbqsq4MF+TiLB5vX3akklxzt5rZT87mG1E6ZHsvcVUo06tNH6dKuxN+bcms9/R
Gs7oweFk8HBUPrlP0HCSegY5uI4OdggzG8DpoWRdp2WWcwnbGb8nSl7SBrsnutnE
+uf0R7/pPzr1H/f0n2mkWJaFM2WnJGe36Z0kNPoHm8GzEnJ+/AsckbVUmVMPp6qn
7JpUVX4jarNBdBZT6IzTFUvf9q6owk4+KaptG36ME83bFs17heVpIzJqIFAhMmxb
Xz1IJ2PxeWkNvovyds1r/ks49Jgl5w94Dti/a5kUaQdWIVfr3VR3e4F5GhNFiGr6
7ZQlj68SqeOrRNrxVULKm6lvkU/C/tOzYn1gCGtfs8T6wCDWXmFh7U3D2ktY+4xX
/myavG08Y8n0YVPcfzR6hbkmdb6J+eMJIcu1451z9M5L2j76zdSj+rPWHNLkps+j
O30eSAZU8hl8hM773MZ/mHK9JEIatM31fFKlwYK+YbYZV8uK65NwXWhfx+2C+SLU
iyQX+q2TvUh9b1wrQwgK1RsNVi7y99XncP0+vdo9XxsZfFvmhnBAZYNDLyuFQsQf
So8rSeMXdn3hjEO6ci/UY4hzevIVxJyc0sZpwRxOhw8X6Idp1+UUHhXpz1K6n8zm
s+Huly9PxZ+wMqyXBSD+4R27Wq8KmJtXLq9KBQxAjjpiZdfxNaCyAPVh6LyIOb8s
EE4EtmZY+1VZoAV3GPIcZlnALLt20NHNJ4QHKbCCjgRxq8kTTrjwCnL8JOH40b4e
d9LTZXg6dItTW9pk1r+WJp+393QpHOQ0/MwaEYfyPMnJthZ2kD4T0+73tvjMxrZm
//2exq856BD5/knQ3pCtLJiE3JAdtUBib9T/Yxwr+e+HW4Uk7zOoUh7z0wUbZeZL
ngNvHCgg+fIHM7JkZ8S/I1LdHFnS2FzRQJi8voZPC+AVaa6437PjwQwKOPDf/0QP
/ZDY4wieSozx3HMncqebhU3JS6Eu+JSGy1TlWvy9gb9b8Td/nqqswN8v8PcY/v6I
v98j/7wiVfkrnj/E32n81cxXlYxiVfkx4HP4m40j7bq0vwfR5pf4C9ffq3j+w5vB
F7G6B+yKlcNPL4junsEcemqob5gazGjx39/sb+g+SkXvvoWh2+kE9jC3KEgl/3ew
4U4k+9vZB+YKv4BTinv5JsL3USHqz9O94cMwBXEBD7UR/78VNK2fpjPEAZ5XPsER
5t+J/oA5OY0U8LBEG412mqdpiZ0UeSoz/fdG/I3dl8gOaJ4oPaG2xuFmjd1jaSD+
+zvpfdumoIC6Fq7fiTNHmg6gjo/Q/TujWoPa5jlQcb/aSVnj5WvepXtV/sZhhY3d
7RqN3Zsa+36q1J7N1+x6w+9+kMr/mZUvzsi/h4L2mrag67Ry4xPlMyuAo+SzlwIj
/Pdr3c1NQY79blDamzbgSYmPGKots9T+dqoeHDWMupGm9cStd/a3c8T1wqHCGpQ2
PM3IaiJNtYBB5PHD/VarbM9+TlvJS4dhttrKqYMskRMka7rTU9Gni0inepqe4bII
1zcqITvctPHJcVv4BU3nSp4D99EIlwMS2uXmYzQ6qKu/6CZ9rFHZCi13+qeEcw4K
WsY0fHpxpGkmW+1mlGA8F2yqBN0mV1ja4m9oduhco8jfeBfs9sapnIr4m7vvwxTF
7d3nqsN48TvJaNM81MCxaBC2VnuTj3psETz87mfRp6m0mxSJoVYti5LN3Kq9iYap
yEox7gQz/JQzX8KeRM1DzrdqhAwW+xvlmO7y8Dihc1oZ3e8zhzYq9e5Y0zRkZBBr
yPJpg4SFqYCpJ6ZrbppMU4HKhSmecslnamg+Vsh05kpSkuFeD+GhcMDLjxOmSYQm
QOm5x4lSef3thCY4F+tEuWtGlfFoYnAGHAsuhiUfncP29hwm804i886pnAKZqQp5
qzEr4+WznJVwfbNyVyYPzGYuaYYPchArHGhd9nDCHiqCHL4t5KGq27DPN7MaUYjM
LYTx/pWh/PALvvAtO0X4lmZBteqplhTwzSrjsoTP+HgOie66AuMOUNtcsnOwt9ve
62/30fDGcoWZRgUqDIn5sn8Q56Gry4FyCjea4t/JA3HjuwAS0YFIpXFlLWVmtOLH
yzloOJfewUTBm+JZFuIkXTfyN1ve8eaQEX6aqijBGXoKb3zEMDzPJlJklY34MXTC
wlhg/JIx7rQw7txmdM/gzqfxmSUPHBRB4YiPtiRAJmwx2D9suSG/OwFEcVc3Db27
h55HSAo0FRCbGIsoGsO/Q/fvkNskZ4dOUB0j3s/2IpQBB6kXdnhJKU5llYw8kvbt
rFPysC6PTHAbDoBw4fC4dUhXOuhE+EsqpPJs9fehfimOk2P54QHb1veo6uf88ykt
1Q1vRN80rLrvsn359KDngRRLGr6Dw57jtWeWFVAoGF2dlE4Div/n6yLJEIcMzqOg
Efj3U9kJmT2RFdkq44o5qbCRF0j4kZqW9PykzfN4byoiKD2ezu+GyQvH8Kd6v9Sc
pvQG6rIrjU3vpvTHDBn/w35w6ClF/UEcXvXBjdP6LpO8vNif2OzSY1P9ThtimbP0
UKKUfKax+O+GGap57JxPo81xhPt1z2f/u9eHK2WbyOF7Eaed6To4lkVotPRZkCvo
EEeeJ7tPK5+rSUR1W5pW9584KMNtaVzsiseLpvoTAfKnYCTG5lm8CSI83m0FC3VT
JAfuBjU+QKEBdeOqjJv/KunQGzwn7WXb3fwy2LRTEmwq3hKFZq45FmSHzsWTmoBJ
SX0dNWswkkgGI30TdGugOB64qUN98CZsyjtjDJj8EM4re3GGHK7vUXDoCE2gB2cF
fm8RYtLunscRWWfEIaXZAfXkVNe9NjgyqvPUz2KK1DeZJrBLceucApkrElMOL69z
BQz9pDU+OAfJxe3EVSdydfATpnEKYgE2nccPem8l+6fb2DPgVmfSkcJHUNKXyHzy
XyFwJEadD7q4CWYVkWDpdSe2O7LL2h2usmipUGFDl6qq34lvWCKq6Kaw28FFy+rz
/UrqVuWwdfXjKZjSuDKcd948yzqjYCuXXDCTZ32+mHgrT/IWLrzNkJy1k/GS743i
3u7U26MVfdGfkEpQ20DdgX8tQfxzD/uEKT8Au4O3ZmMTcBTzo1Q4gpdIZYN4jPUX
ZoNcprXbxlWkwiO1HYq7y5NBHpii9qZTm7frfm9qslelx/PJs/ygDdrLrLYzD8Cl
7ZIKP5pLdBsuy3AZzXiZxGlyMEbhrymGeiaF340zfOw/Tqg+q942zbRTP8s24rPD
SuN8HP5GA+rySrK+jIf+wnJBTQ8TpGjzZqgZ/Z0QN/0vRUZRAs6Kw1a/KV5z3cCD
f6ofePDNv+BUc2DIZo6uSz74ej0FZupL3Bcc6j/6IJxpyQuOZh2G5yz5+i3J1Ese
fPOdWnPI83UIo0uPz6Z44h30VrjKdnoorjjNRq2Q8fGFb1huZiuNxS/T+jt6t9m1
orJqee2oEsSUpnyPa1avwl7RbY5Eb+kdXG0wIh/alaN1hxdkz8AhfIaa4GnqyGOW
XruL3q/7EvAg6godUF0D2WflBhL6cm9s0TR6zfCsyWlZaEthE9OG18hzDqvhc6ZM
4u5/DCuY1/02HzLKYMmEI+UcyRje3AthEQnktZSV4HACh/GldGMlFQM8vF5fJJCP
ozUgzCbv9qkBYujeQd9Iejf16t7INYXDO17wOYwbCuOe9AzTVwBh66SQb3hW/5re
PPKdCcPHLD2K+uVNuK49RsqVPzzT4R4UJyF30QCmh7fgG+DE12qKSzXsdo7iDPZG
f4vzskq1mkcaFM5ZICfRs78yQ/2IfsGD3HwI40SwSDWihbOuLDrKuTiQTMhIonB9
nxJ6k9+RdudJRozuL82NLsgg8qORp5GuTfaXOWkEoU10UcZzH/bsNvkzHrk4RQh3
2cIJG6Lx+J4gOxhD5OohSTTJ5GNWL70v6JLX7PfL+K1+n5tWWPA8bNqpTTRphGQD
q+oOYuaYu/s2Usr3l3oH+9Ub3Di8Kz1n6QoTOtTLXTGMB+SJL0wrAxqOJO8MbCip
fuB2i5HqR6/xd1nbqudAJ+JNdOzMF+o1+YMyzuJ6d8jq6Rh8e/bTtSC3Z79P01+d
eLifD0zot082I4IN9vj2dUkCxaFkcAlCfpSQj4wJGzn3k9v/Qg+47jANpOHM/s6J
vY/QQ5C2ECLa9hcYy5JBLFTwU95FvRxNuI3c7cxj7u7r2FC4wJ98hP4rl+B8RMxg
Kyte5A6O4Xdny4ysRW7rkGPl2bCMkztElXHt6XR6TJNmQ/D8fhkqGhzbXyap6KX7
7Hnc5JdoIs/q/2DF2BPNqozZr0k3dmj+drMBbTbnDq6Pfp/G6OzGuGdNc3AVhRdr
atoamixjyNNCxwYLi7dMDg0tzPB12kAcyvG7x0zpzkzNHM1yHV0OdxozBtIZTgZB
OGkKaTb72wusKSwHd1EjqT59OowaIZBM1qYJ5zORG4Ze8MKwut+wDI7L+/15PFQr
f1a/DD3g1oWWyTUuxQv6qyn+kLydIiuHbq0AKjqfCtbhWCTc5SgPesuD55UHp9Jd
w7nlwSviS7k3Jp3GeOnalju+MHVXgXPi02e1gRf0aopvMo/GzxtWn+528diVwear
0950TnnwQnrTjPJgUdyfhpV+VWCubCrxTGYFzy3fMT79/TnDm60iLYsk4lCYHMLi
SFdNubSl+uBPrtVH8Vwvh6R167kctR+89Ixtx3aGiI98J3+4RO7jIx28PTWmsSAg
jemC8uCU+CxItECl+RqNZ5L1HJ9AkRav4mFkKofU1MoAVxvO8TqPP4V6VDkWIFDn
lwfHxc+tMl/Ftbf4aECo0zF8Z9FjhsyXR6kdV8vr98ehGxhXj7UYNJChHl6rn8PD
+GYisqwwRYprEvqSgsg3C9JIU10YuWYCbbZez/6VWv8zIj1ChQ4LE3xY2EOUtfy/
Pf3+3plczUAMPoVzyN26L9xWGjBmwGhIe9/4SP7Q23AjiPZlTa+YEAm4ee+Fy6y6
tyayMh/QABynVycjK/MojnGlM+abLOPcWad40izHLcGVE/TqgsjKOdTzlfNgL0RW
FujV+ZGVhe0+v9LuK1GjK0vpNHkFzjWNjuODsiJNaSEdwpjST+6JaYqn6aXPKSxf
osOkuEf9nIIwOXJNOgNBvzgZCUygg9+fnBpGl1XeyJVfqkr4CulI9kxtIlzfpVAs
epfu72KnQujPw3n2hO4/YXb2+w2WIot20Q+z0THwcRwmdzgxgycxU2YoX0rjgPEy
nHVURP4u4y5cujB+z4bicZ1/0y0iiEyhy4CQJft0qpvHAWGByRCH0yD5iODGumQa
nksJz+1i2IgwnEd1/2S+g30S16+j/kcDdbY6tZZuqBrvM3e1rt09eN16Muun/xcx
0nUK3lBohgrM0IRUz1PGdX+SFN4CRepJXD3F/asSejFCWCrghTB+PpovzbRUlTSy
KEiphRl6mY/WOSJGqwr0NYX6UjdtVEmJHdcCA6yFJIz/SNLBGCtEAcgfyB7oyvm4
Zo4rTG0x/z7562xtfIW4fm94qSZa7yS77U65ceivGRsQYMQ/B0fnp7TnXG39KhxF
6pM+9AGTButtn+5/FHfnY/5WVtrph65w/zA84LnDfoD+L7lIqA3HmGP0GB3hVuTp
mtBfO/QXEa0+QoeORQOb/xr1701p/JrxyCiLopCdBVJk5EPFNyaOoruX/l4n/9ZM
iqA/+ZTnsZfn8VZUMR7hIXSlTY3b+lk/kmJSzS6ClTZOKMGLLX6LVpXiaqW+arK+
FBvmN6ZZFyy3yttZKdZqLytRWsr8aH+RvnkBLlvhgnNwfH+pm1kNiptPrwSTrZ5G
cebkT24v86ezFK9oKAWrPh76TRIt3VbB4pqvO4ZWXsR2ltbnUNja5sm4/ARFGSJJ
89ZESr1VRj4fs00YPKCT+rj1o4FO/TJoKrQp34k9T1cQEa92yjCLJEUPJmnNJel6
llHEkWVBD1+MzIsIubGXQG/VOMo5OItUWLVXas6FCBuh65G0zyaMqHm2tk7Sfe9k
EyFtQ3FzVKOdIiF9dM82OscR9TslrkrjSivUnYonUoR1WjEiBgrTioW8su4e/OFC
ctE4KVikbIGl/Mek16vf52ygCO6m/TINCRTuUvuPj23zgQNgbmDCVGLR6nzbuMga
n477iqMxoRq8Ov3PyH3EukUCB8wdZGMgIqUPwsZLhLkA2qMqFZ4ynxnqobiKG1+m
H+roZa0MUb9Kv7zkGaxBI0IYrMYDSVM+6pbkImlFGxsCn3Bb7hGOPw8VsFPqpF6V
Rz/30zpAhwknaQYcVju8E/e88FoU178EX9sPZYx6vqoEV0tUqyWqMZyi+bp9YLB3
QAVO5r6dR5wM/9Y1bnOjdwXdbjWuPTVYMe6Ro+P8PLyIlD45hLHpffjH0bM3efso
7WXwv52bWjkj9FIsm8ppy7lPjiQtnJKzLZzze62Fk5f6bYtBFcqpI/a4c2ollq/P
K5UCPvLR63F/1bNfywjHIHY8+/NG46FG7+BV4qyJlHszXwqeszg4anEwd3HQszh4
9WJPI8nF7jfo6xW+3USBJ7tPcKAOgp18uTifrais+j0JyydZYi7pa+Xi48bSDyA2
V1evsmrSISgbf9rgcMhin0BXb3yTi/1OBB7T48xitkIRJkvn1b06/7xkT+g4FSp0
70ichRwjPyCrpsc4l+JoUTEwIYB7PRymEz8PvaZBa/prOo1Z0zt4a3AuW26852Cl
ky/YJuDRhRQn12dT54BFXqf0z7CA/T8D8g6FZaKQo48crBBTLGAH7ZEV1mVfLHYn
/WKcJn+TVMPVoCl6qYa7qPpq6N4r5E9hzv9YXgdCaVY4lsc3JZ+zfurNqVx00aIr
r9xSO6vjWonXz1GIuD9SPmHI04pLHJElffqLUxdriC3Wq9ywujKYkel2U2TJyeBd
1NmXT0viWD8t8e1B6nYFq+LTrHuA5VhzXTr/CA8yfNI+OgFSfV+umIvD/i6Nq1A/
1+5inhuzNjJKsX6P5xUPKyGSJjBnR/Ev06XeGtz0udm7/gz1LPNzGlu+cqbGtsQd
Wcyco6S2iMUJ/RveyBUzh+tU9AttZifJ1Ii/s/su0o9CnRSh3ouFIMLtQn8BC8GF
B3anPJ/5kqdxOWqB87NUBqsJBEfiab7Mn02/qDddpA/K03QupQmtTlg18BeC8zuM
909Ll/cRT2OS5WxfZMtkveJIJDAtsgGX7zqhEOi50BgiFf9Pe1cDHFd1nd+udqXV
j70ray0LI5vnWo7/JMU2hvDnIFvoL8H2YlkWAYxZaZ+ktVe7y9v3LKvEIEemoGw1
k+kkpZN0mrpOM6SBlAZaFEqMMWC5Uzp2GA+YxAQV1OlT1yXqjGKrVLD9zrnv7b6V
FIdm0k46w4Wrve+++3/Pu/e7555zPALyxU3LFaLjF9uN1UJ88CSUkMBqeT1PX5TW
x9M6US7OoK8a1344FyFrN88aSeecYRsZ+sKskxIgy3MQfst8wD8SuGcEuD65fdz4
oxSWzzpHTm+PbhDPBAtxMGh7BuTS5AcqHGqqsAbh+BgWgdlLw/jImFgaNqfE0jDU
8GRqpb3kNyWzJhRoFYVEg4eflA7TfFvsBA+JVvLYnDGN4iCF9+gTLILD5IJZ4A/7
xXkOlHNprui3SHMQlvtO+ly29SMTKz42VduBM85hzz30kakHClQiC1wXIVzXUmzh
Ovrr55sBgdXJ/iVpVxsjkwLkeQjkDSG98eplG+zro5gfskDrXNjHUIM0/F04gztO
Dx6uwJ1P8sZkARhmTpMrAoxeSQAGQH1mj7GYsbGfx/MXJbce9iVOEXCpkM5sZnl/
OsQXM29JpuuEQg5W0YZyeIZ4UpobefrKxImFmr+Abr6e4M3Ix4y1wCKSKZlmk6IN
U9oXadGRBD/wdsHK432xhmVeq0jI+lLfMj60oryK/Y52YXHCwwqBExD1kdYfvjTY
MFWS+ltRvo/KN0xhWXO1uwejY5XcTGuZVfJNfMjikonVY3DJL38sTJ5qi7lGhndi
AzG+S1oCODiJSsdLUt8UldYOb/YNQd89f7ThgoOxR51LAj46T3jwfDIgmHHnh9pI
wS/Zdv5Kh8wNOOhGQSkVm0QeFnrI+lxwgGiwLh0sTeajdgie6eeMvYQjSq3uv05R
EdIsTg9+4LlVv5g4ye2ndhq8aHiMjz/6lV14n3h6pMA8scOEpX7JYl3jgEPSayXE
QGwHO1wwoomrM31FmcGl3Wlwo0lnkZDf+2tPY16urMYlGxjn0NuBdOoe5pedpSrK
kwVrGzwcSzpjFP8870dT5mX+lP6OddZxWXwikJP0QgDdXRkoGfwwQARKMoa1gn1B
1530eJ14JFby7VAERjuaZkjxZootGmdseVfZYZLQpo/wMo4Te6U42CQ3rT29Xqd7
6ivbXDKRRzHbYkLpybicPP3oyUeWC0At+NKALFB9xT3eGCEk3gQOe4S6K23jHnw0
E68J/etzplAo0FgXCvex0PeDvOl6kqfQfaIR0rqfhLAzxrGuhOvfeaXJRYuL1oiA
S7SoCbfffmLu4Axs3j4kfcDiSFFHKfKHITcuuYYbpgKEiZ6m1adtSigeJUVFkoso
cdKixEkhRowViyiRVNMOlq7Xp3FY2XgSmpTeR2voRFVAks/trit8jzbUNp5typjZ
lLErDeOl1ITdpDGNQWsbozxLh/ZexOo/+M/Ng/9ZN7R3TEcLx9BCJBK91qDEb1hd
rkAh3GXvcAN9gWNG6iO63RljydIaMxN6UCr0GQxK0kI0ViqIzoy6m7HguDlTGgeb
B6ebqfaLg2tc2YI2iNZSU+sqsY+W03OgEgvvUlp1Lxp5l+gjodAO3DwT2xMp/ZmU
fqSsECnfTlkp/Ui58TIEOLBwgr332I8tSOmzAGRGQnUFluTBk9MvfAObwH4PMOHj
r2VVXF2EXizWuG2nqeS7P1uEPDuiau8rAo6irpG/8pFdhhF3yCFtfGN478x+Kftf
K8DyjNH0AWl90KYkrjBtd4vaYjM/zmo4GJF4yg3vEwfeTIoPAt9aWnUFDPe/mMar
zBX/Z2w8zMMnS1Mv3WKhEjBm3fjPpRZiySMxWnFKXk1bVDs6visf8iJ7XMn7Eb43
3/FTOs/9hFXs/pSY5qS6Y7YgHXcZ//GeWbWpz+LnY/WykWXo8wvjLN2f/Q9F7fl3
YhOIpWIIuPy0UImhhWKuFO2UWDUqJWhNUc8qjWvHxTUAMO4+BkQl5sUTqxPe6aBc
k5K44KeNbhhaQHzVdUkomZlXcN5HJ7jkKtvdlzHP3RedZsiKA7buN5Nta5CbP0Oc
fNvGwLe4kQHZGB8t/cYj7zNYr2PIJO5xNuGb4O1gFjPu0h6jKC1g6kVtQRK7VoNM
+H88dUNqF2/ihbfqPr0JC+1DDBmWi71FFj+iKBTymrh2uY4vBhdAoZXW7/FCwIIS
sjCoTzPzcIYYIL/82Dz3LkqzTDJt0xidiXcETkq2ycS8nHJoOYaA/uFUFV9oi9nF
qt3GEyw2Je/RPxPWTyBNcuVCsn1m7VvJ9ikTVpgKl1MT32ZVzUk6W+99z1IXnWL7
Ahw9YzRytL4GSyhZXwswR9Fjyu5PkqD9O5bOBm09d1npxGBkUz1vpSpi0RpKu4pH
b9nIzUSOxlxyHP03gQppB6YZ80lQukLa3f1xZV842hWT17EWjQNv6BKPBmZbMLRP
w/twSJr3XWcwoVGYCC1P2kBBKQF/G4mj2JzD9ElIsTukO7J1Sr/WWXr0BYPTLn3J
sedonWiqODbCv5Xig/bRW7f1eTtzhEhy8q849qLId+wk/8pdx171kU5GU9WvL8lm
749kZ5Lv5N3tGqr3DN9R5RmqLzn2OpVY7xqt9/EXXb+I9VFNLnt9ZagbZ1mwGbuH
lkNVjWUsjK6nzRWl1XYS8GeX2L0euvQ4xYoDZ9YIJC+XAsk/kp7neLZzcMvXWeut
cdbpw5171PAn7+abhtZZRzXBzBx1cyF0F3LD3zD0v+Sxc4j8ZEmi4UL6XBdf/aTc
xl+AsIxvPUXf1sXsoYC6ZTSl5+mgrVrqYIXVQUS2zunU7L64cvtSkemLaLft7iWn
V7a4ClPk4Jzxr99Pp0VDLXuCxLYtJ1i4uSDZOI2Vu3EGcK8RjAo5o1pKuw7phZP1
yVcsw686QKm5vhKMxYb2uIJrqUb/SLiLfism6Drpz2+FrB0pAf8wu/QDVp9Jk1jW
3slW0vmYMrLKgBVH0vSdqp4jo/Sbysevj0zFAlsNjpUOTpfq1ckCOtue0FdiU9vy
ixNP/1y/htb2aYde6j0hAtAtKSH5r3JhEWc0sYClGqlwaVIdYNbUSgJDPCzoF7aC
LS0J9SvqAgp9CaG+vKR+CXxtxkzGF8QFAqLEuA7FhQG5heJx8OTMcaJ78WSapcrM
wGidy04jWaOf7ml8QVOszn0RoeZSCo0hdBOFCqhBI+f4s3Xty7FXyfozIxGkGm6b
2bXfGdjvtPQxoaj6j5DoQnSgPRs7EpsvbVarhqb4O2m7KU3jG6Ss6TCOP5WrvWuT
P91ComkpvyWXR0+4MSBtUajSQDaZwIJMNiuxe5PRklRZj0YXtH8NwYXkW443HOfq
Uoc4iupT3qYF3lLS20P26dmglBCvRMHfo0WXzrSuge3TMpjd0gAJA+BhgB5kkrzF
Q91XyfzfuZc/dA285x04tfXx8kbSgX08vxHnCqg6PfKXp/NtZsYy0pcbT2J8hvdO
i+sZU8kP9CEkFxOfITi/mIJrTwHtDW+fvquVQF424XF6OeqOoD+BsEM6FkeA1R61
MO6o7iN7wL6BUy+dfM/lDDgQ2Hj5q6eelB/H+SQfYise0tCYfLKOH2TxMKB58FBH
+q/4HSCO2LD/xxll50LXUhzMncnRJsvW8LdQ0fUQKylgax+L7RKTJPYq0xzkRFb5
0u+m09Dwcz585n5T2y0DUr+8/Ei6Bt/9w0KRfmiLVumURg6Vkl3r2wpS/ivv3rqF
bIYcHht10yvaJ4fYbggZM7LJnkC+NM1QOCu/zAbYtpCCqqSvtMzIWYMJOProBdPW
Rp2P1VgB/Dl1qoAElOsco+1Gz5mMpiqEUEnB3fivZ1m1nQzoCTtuguA+f4aF2TJl
7B6haBzOyHLdFi4G6HkUynDHadJSNVRFwHj6WVHBJW1DO537Bk/jw7J0jS8ll1E1
Q/68TIPeGrUa9G0r2WJKMyqMFx+j8PHXhYa8KSM5IeX8yezfmMdrrIm6sIjJnxj6
xNMuxGwVffk92xDz12i7rZBqyJix9yh0uqQal5S+3Xv092j5NpZ4j27hQJ/36BoO
ODW92XsU+uUSfuh2s1n7fYTOiIiviJ9/Ej9viJ8CKrUrTTjbY111YYucbgYyQ3mF
zdqClA/tL3mJFo2U+yUPg0FL5ds18TZZ3qIROTEoxJsp3cQrmdijIpaysS0kEfuo
iPVR7BOZ2CMilq/AjmRi/0DEylR/VEQ9JqJaKOpeEfUIhXeK8MMUrmcd1xMkpJv6
nAgvoPB6EWaFquv4Uzjh5+VMhMvt5metSXtGTJr4x0zEofQhliikDfdBe6pRl49H
Ju3AAKbzcEZNO/Wb7Hrgz0I2y/jj80R8ORSxJ2AK5cyQaK5vxTZPdjGmJOnNPk6A
yjM6zHe1tkNV9qlFtDTp1wkL0T+PQFcQV61Z3ebTnMJBy3KU9afpZO0dZdtAZZSE
ztizumqtTPwI1m7J0hwDNB5Tz3V5pjwTcj4035DNaB28v66BIo/h07zNWsmgkQf9
EFCYK1WYWmjkHyfjnvvzDOd3Edg8z4iOSGWsGFkgbpOLyTAMQ6NUvvidx9ZkBj83
eIAh6yxTmSfT+5vaSbQji1RoHotIvvsm7sa+WUaZUlX7lwhLCbPyLBaI5sgH9Bf4
4oIpYWrdg2Xzy79Jfpoy80MzM7g5Qa59GZqO2YsumwXAKohVlAzQF6YK+K5YWAC2
2wAX+AOS/4ATQlgiYwwiW8bzVIZl1sFuttsSrvg7Rhsln7S87nnKs/enAv0x9lcE
9juyIyCyF1H2NZR9NXgtzKJeaslklgqSdpskbZpQnWUhNzMroxlTJfnGW6TitJmK
NkebxTWvsW+uJhkKg8rJ0wHjOOWZa6BVrOCtYgQYgNgsb7DpZkZE5STpSACW+Iem
XU8hlzfLzGEGn81qchVVHwXJFuKU3iwW6kVQVVoiVJl8J1hysBCrwIe4NEvdMRso
0Ic7SpO0xz5F4uNaSCJ+xqkrtM+SKBHbzkTTbGaMc9snY//HdJClFt2bY1AbXB/E
DxDX58j2EkI/9Iwmag8MN/hQP51wlg6+4hpamqyfYTthYJVB+BMXtEc+JNUeU63K
meKSMDA69EMdrMOwAoz2hukBUyZCDGyBZRy7kpIL5S4eCjcPjJmMzF2N5eUMXTq1
jHeAVDlvIikvhu6lyww1+Iafs8Rp/Sqd9SflHTzrSy0YPCvjpuDsBuivnq1D5dyu
/CNnB1gzlP6ZCNya7GEz3bsCWbqWaczHoZ1yeDwKSQchLYvujAXM7ow5hZySuKQJ
GOtEo1LNbLr75oZL0MNxGX4zdhN4WgHjoCmDS2Muc9tXpUk3EEDnpy+/7/yRsK5T
nBEjuN9uG+Gudtu6w9Y2Ci0gX0zfyPd+yeoxplGYuSY5/1fdtpgaCUZDcv369XKN
XB+L96vh7h5N3njzzZtl62VLVIvUzs1bgi3kRtPTP4aSoeFSh/QMWEmTIQczgp7x
OefkpTcUa/U20BQIbN3dLN0nrUrE9Q41HO2ujXfHJbVDmvVYH4yu1uSuMNpleyOH
o3KVWYgcU+Va+RZZORTW8FpeUSQ1xnSk1xOKeou8KmE9rwrJHf2aIu9q3SrHg50H
FK22SGrfumtHy46mW+TtMVWRtZ5gVI5FRZqOSKzzgNxFeWtra+WEpobjcapBOaSp
QfP1ClsRX4rpciKudIa7wkpI7oxFDypRLRyLBiOyEu1U++P0IPeFtR4Z1aCKGjMa
qbvCEQWFtcg9sbgi96OkA9FYn9zXE9ToaTUaF4pR73NaQs3sUYIhRUU8etPc21st
B74oH1TUBNWFLkdjGn6q5d5gP4dDClcpo1wVTY2H0UYzI5X2m+XsjOmREE1Ut6Jh
EBU5okS70c1YF57CCfmA0l8tJ2JyJ88m6gh39dNgZwpFlUV94UhE7lDkhN7ZqSQS
XXokOz+Y39aemKrZJiama3Fdq7aVIHMJcTXWEeyI9MtdwXBEDncRHYSyVGFRQcsd
DTYy2BmLJ+QVcltUOYQJpAkRr2RigKLpB8wBRzEJTQlGtJ5aTVoVkvrWWySKaYvK
q1clVlOaXEqoCVbLHToGJ3hQwUgyYcphbpONvDFGIDZVvCWqhdvaEY2pvUHuVLca
7JU1Re0NR4PU28zHJVtuBTl5jjtSl+sWZZwZ4WfnmseJ9xXsPPM4eitLvxvuXJmD
/bumj2Ox0LpAOF2RWJBXhjg+II3GuDeoJZikI+HoASUkJUCXnywl3KaybJ2tGqhE
3gmCRta+FWJtW+zI+LmucO7iyA68A2m+9E6nWDk/dZ+6T93/tVtDfx7Al2n630Vn
x1u7twek2qqqKgo/hyXlRfjz8B/AfwRfWuyUVsJfD98Mfw98H3wS/pvwP4D/e/hR
+DfhZ+BLcFBcCr8e/jb4HfAPwGvwj8F/H/4U/E/gJ+Avw5cscErXwq+GvwG+Ef4e
+Aj8Ufivw/8A/mX4n8HPwC9a6JRk+A3wt8PXwW9EPxpUFbviBqklejAYwa7ZpUc7
ebeP6r0diirtiBFi6BEICilDYaATLab2S4EgIAgt3ozhpN2xGLBMtF9s1ZQ8IQVo
P00w4gkpUWzWdLMpijKL3670oiw5qCrRoAzcl+hBoh0oVInG9O4euZffZ1onHk2I
EgyFVCCZzEslejCsxqK9AE7Z7vAmk3kMMvYBoAopmbhQUAtyu6zyrC6HlIPhTkXa
qmlKL6NILQZo1hsDzOjUVbRYs40GtTkR7FWsXCiklzCvGIhM/Wq3zu3bqnZj00sA
AWHYOsLdUsMhpdNsrazQnEj1aiyRqBHF8QY57xCjns6ecCREGIb6xpUF43jCDh0k
JPbZnQSWNTUWoXyqQDdUna4ByIkWEuIHMpIaKUxNiqCl3IkEkBoBzi5gsKjVuZZI
ROkGbkooygFpFxByTSxKkJByJ/oB4XqzbaWWJ6RtauwA2hwPxxVpOxFOZiR2KQk9
otkq5TYEIyqK7adjR0IDIWEowtTYEGJp8qWdVleYBONEaJinUGbyzOHAYADUqbo4
BVi03RmMRPAGAPezAueaQ54780TuFk2glTFdRRzRQkwNqmH0V48GDwIF0yhK25gk
zYyq8qAOyghls3XoCUEjQRvNtCRyHrnnUaIhHoxYtFtqi9I5JWo27xZZKrKvTX1g
v2emiMBtJ46cdCrojPX20lkTY2+bRJEi+yYzBzgyUAs+QUpR732tzVt3NWxv2H7f
IdPVdm4Km2t6VI9E1iLg9zv8iwn5OiV/nstf6LacP+u8S7we/BT4yzNRC7JvfUVe
r9dT5Pfn+xcVL/T7S/0l2fdf2ybw3L76fY0tdzbsa9nRuHOLOS50PZQ9M2fdDTvm
w4BZd/gq70dYNCNP+hOvddLOk0a89lM31tLAr84/ZuafnpVn3T1Xb9NtV3lvlXmn
T5TpQbgaYQ/Ct+GzwOHq8xk1BBZIsVySTR7OkiTJceV7sqmHe7Jhunune/erubuu
8v6i2WapVLR5A+2lyWV8KZV+8LZl9rqu5hYU0f+mK3M6Xe58nJj8i91lC8vdpc7l
a6vXkOMft3vtkiUL7c5bvdJZ7V2Hd2XXVjqdbq9zyZp1ZevMtysXVq5ZsnJVGaIs
V71OhMvXyc6ySlf+QjPeCf+ZioqysmWZpNlMwrnnBEy3EtnmcRvK5nfyujK57Lfg
pP+xsyiWONXFJPfGIk6YQvrM4UnWnO6mpMV/WJzNdZm0dd2+6/HXtXw//jpPLsPf
vGfIelP+vZso/LUDDipv3rPc/z9XbDEvlEMKHv8bUEsBAhQAFAAAAAAAV1b7HAAA
AAAAAAAAAAAAAAQAAAAAAAAAAQAwAAAAAAAAAERPUy9QSwECFAAUAAAACAAXV/sc
6FLiuzsAAABJAAAADAAAAAAAAAABACAAAAAiAAAATUFLRUZJTEUuRE9TUEsBAhQA
FAAAAAgA0WxTHH4kz6R6AQAAgQIAAAwAAAAAAAAAAQAgAAAAhwAAAE1BS0VGSUxF
Lk9SR1BLAQIUABQAAAAIABdX+xyAgrHaPgAAAEwAAAAMAAAAAAAAAAEAIAAAACsC
AABNQUtFRklMRS5PUzJQSwECFAAUAAAAAAANVvscAAAAAAAAAAAAAAAABAAAAAAA
AAABADAAAACTAgAAT1MyL1BLAQIUABQAAAAIAKiVVxzsTQFsDgoAAJEWAAAGAAAA
AAAAAAEAIAAAALUCAABSRUFETUVQSwECFAAUAAAACAAXV/scbBlkTEMRAACSMQAA
CQAAAAAAAAABACAAAADnDAAAU1RFQUxUSC5DUEsBAhQAFAAAAAgAyx1bHNUT6Za8
CgAAXhgAAAsAAAAAAAAAAQAgAAAAUR4AAFNURUFMVEguTUFOUEsBAhQAFAAAAAgA
4JlXHJpS7Kp7EAAAmy0AAAsAAAAAAAAAAQAgAAAANikAAFNURUFMVEguT1JHUEsB
AhQAFAAAAAgATkz7HAeBqcX0EAAAATEAAAsAAAAAAAAAAQAgAAAA2jkAAFNURUFM
VEguUkVPUEsBAhQAFAAAAAgAUlb7HH7GTwfrIwAA/DoAAA8AAAAAAAAAAAAgAAAA
90oAAERPUy9TVEVBTFRILkVYRVBLAQIUABQAAAAIAPFV+xyFhZ0OplIAAA+qAAAP
AAAAAAAAAAAAIAAAAA9vAABPUzIvU1RFQUxUSC5FWEVQSwUGAAAAAAwADACiAgAA
4sEAACcAU3RlYWx0aCBwcm9ncmFtIGNvbXBpbGVkIGZvciBkb3MgJiBvcy8y
=M2LI
-----END PGP MESSAGE, PART 02/02-----





From jamiel at sybase.com  Thu Jul 28 11:21:15 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 28 Jul 94 11:21:15 PDT
Subject: Just say NYET to censors
Message-ID: <9407281816.AA10438@ralph.sybgate.sybase.com>


At  8:58 AM 07/28/94 +0800, Jacob Levy wrote:

>Would you agree to: Nope, can't watch that XXX movie without first keying
>in your ID?

Not to mention watching that [insert your favorite
nonmainstream politician] speech...

I think the real issue here is that any form of censorship
simply sucks (censorship here is content based filtering of
ideas- I am not talking about people who choose not to devote
thier resources to something- that is a related but different
idea). The original poster is trumpeting censorship 'for the
children.' Is anyone else sick of the Save The Kids excuses
used to puch nasty legislation through (Polly Klaas starts
rolling over...)? I firmly believe that if parentd don't want
children seeing something it is the parent's responsibility to
take control of what the children see. If they don't have the
time/energy to be a responsible parent *as they define it*, then
maybe they should have thought about that beofre they had a kid.
In any case, someone else's desire to 'shield' thier child from
some forms of expression has nothing to do with my expression
thereof.

>--JYL

<Jamie steps down... and tries to think about stuff having more
to do with crypto>


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From jamiel at sybase.com  Thu Jul 28 11:32:45 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 28 Jul 94 11:32:45 PDT
Subject: Remailer ideas (Was: Re: Latency vs. Reordering)
Message-ID: <9407281831.AB19187@ralph.sybgate.sybase.com>


I was thinking some about remailers and means to create more
effective ones. I think the idea of padding messages has been
kicked around (has anyone implemented it?), but what about random
compression? Some messages are compressed, others are padded, some
are left alone, perhaps shooting for a median message size
(everything coming from this mailer tries to be 9k, or as close as
possible). Of course, this requires a standard so that other
remailers downstream can make the message readable.

Another thing that occured to me is the thought that if there were
an organized web or remailers, remailers could bounce messages
between them automatically- a header could identify the number of
bounces perhaps, I haven't thought too much about the implications
of doing so, but if every message through the web bounced around
30 times with reordering, padding/compression, PGP, etc. then
traffic analysis would be pretty damn hard, I would think, even
for someone monitoring the entire web of remailers' traffic.

This all assumes that:

- remailers can agree on a standard for the above needed features

- a semireliable web of remailers can be maintained

- some method fordealing with denial of service attacks can be
found (a coredump sent to the web could play all sorts of hell, as
could an 'evil' remailer that sneaks in and changes the
how-many-times-through identifier).

The third problem could be delat with by deciding on a size limit-
if a message is over 65k (or whatever) it is bounced- if you're
sending something big, split it.

The first one could probably be done- if someone (grin- if I find
any time soon, this is a project I'd like to do) wrote a nice
package that was easy to install and use with a feature set that
could be agreeable to most.

The second one is the problem, but could be dealt with by the
first by establishing automated communication- when someone
installs the package, send a control message another remailer
already part of the web which 'registers' it, and then the web
consistently tries to maintain itself by checking on the others
and dropping ones that go down off the list. Some sort of method
would have to be found for ones that drop off then later come
online again so that control messages didn't have to be manually
initiated every time, but that shouldn't be that hard.

What are the problems in the above?

Would Perl be a good choice for doing this?

I saw some code from a remailer some time ago, but lost my mailbox
a while back (which could also mena that this is a dry rehash of
an old discussion... apologies if I am rewriting someone elses
thoughts). Anyone still have this?

Am I talking out my ass?


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel at sybase.com>






From dhgo at midway.uchicago.edu  Thu Jul 28 11:35:28 1994
From: dhgo at midway.uchicago.edu (donald goldhamer)
Date: Thu, 28 Jul 94 11:35:28 PDT
Subject: Local Cypherpunks (?) group
Message-ID: <CMM.0.90.4.775420217.dhgo@kimbark.uchicago.edu>


>Is there any interest in establishing a local (Chicago area) equivalent of 
>the bay area Cypherpunks which meets in physical (as opposed to cyberspace ) 
>form. Topics to be addressed include issues of privacy, security, 
>cryptography and ....

Since the Chicago chapter of CPSR (Computer Professionals for Social
Responsibility) has decided to develop a project (public education, etc.) in
the area of privacy (among others), it would seem to me to be more productive
to work with them.

 Donald H. Goldhamer				d-goldhamer at UChicago.EDU
   Academic Information Technologies		312-702-7166; fax: 312-702-3219
   University of Chicago,   Culver Hall 206,  1025 E 57th St,  Chicago IL 60637





From rfb at lehman.com  Thu Jul 28 11:36:56 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 28 Jul 94 11:36:56 PDT
Subject: Signature Stripping and anon servers
In-Reply-To: <199407281608.JAA16814@netcom.netcom.com>
Message-ID: <9407281832.AA04214@fnord.lehman.com>


    Date: Thu, 28 Jul 1994 09:08:02 -0700
    From: gkremen at netcom.com (Gary Kremen)

    . . .

    Read last 100 lines of message
      if a line begins with --
      then if no MIME v1.0 header present
           then delete last 100 lines
           else if -- is part of part-boundary
                then ignore
                else delete last 100 lines
    
    Does anyone have any gross problems with this methodology?

Yes.  I believe that your pseudocode is buggy.

First, I believe that you should match the regular expression
"^--[ \t]*$" rather than just ``line begins with --''.

Secondly, you should have ``delete everything from the matching line
to the end'' in place of ``delete last 100 lines''.  For this message,
your algorithm would delete the entire message.

--
Rick Busdiecker <rfb at lehman.com>      Please do not send electronic junk mail!
  Lehman Brothers          
  388 Greenwich Street      "The advancement and diffusion of knowledge is the
  New York, NY 10013         only guardian of true liberty."   - James Madison





From koontzd at lrcs.loral.com  Thu Jul 28 11:38:34 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 28 Jul 94 11:38:34 PDT
Subject: DES Vulnerable, Why?
Message-ID: <9407281833.AA07090@io.lrcs.loral.com>


>Back in 1986-7 there was a major effort to have DES replaced with a
>new encryption standard. I don't recall the name for the program, but
>it had the support of several chip companies (Intel, AMD, etc.) and
>was, I seem to recall, mentioned prominently in the National Computer
>Security Act of 1987.

The Commercial COMSEC Endorsement Program (CCEP).  It had two phases,
for type I (classified) and type II (unclassified).  The first phase
stalled rather badly, although eventually gives us STU-IIIs and KG-84
knockoffs.  As late as 1987 NIST was predicting that the type II
phase wouldn't arrive until 1990.  The Clipper chips from Mykotronx
were intended to be part of the type II effort (as can be seen from
the original MYK-78 chip spec and marketing brochures from Mykotronx).

The problem with the type I phase was the duration it took to go from
product proposal approval to prototype completion was a minimum of
32 months.  These delays are caused by manpower and support restrictions
residing in the National Security Agency, partly due to bureaucrary.

Theoretically these roadblocks aren't in place for the unclassified
effort managed by NIST.  We do see that FIPS PUB 140-1 was only issued
this past January.  One wonders in the type II effort has been stalled
purely for bureaucratic reasons.

Clipper/Capstone are actually part of the program.





From rfb at lehman.com  Thu Jul 28 11:45:02 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Thu, 28 Jul 94 11:45:02 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281733.AA20600@focis.sda.cbis.COM>
Message-ID: <9407281844.AA04591@fnord.lehman.com>


    Date: Thu, 28 Jul 94 13:33:01 EDT
    From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
    
    I'm quite sure that every parent . . .

Starting a sentence this way is a formula for disaster :-)

    . . . has a long list of phone numbers s?he would prefer h(is|er)
    children would not call . . . .

There are numbers which I would prefer that my children not call.  I'm
not at all sure that there are any numbers which I would like to
prevent my children from calling.  Doing so would represent a serious
violation of our intra-family web of trust :-)

			Rick





From talon57 at well.sf.ca.us  Thu Jul 28 12:00:25 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Thu, 28 Jul 94 12:00:25 PDT
Subject: "Just say NYET to NYET"
Message-ID: <199407281853.LAA16258@well.sf.ca.us>




 I appreciate Nathan's openness and honesty about the inherent
biases that affect his life. In numerous dealings with the
religious right I've found that hard to come by.

 I also appreciate the fact that he is a strong believer in
privacy, although privacy, in his view, seems to be something
restricted to adults.

 Censorship is an attempt to apply Paternal/Maternal authority
outside the family unit. A place IMHO it does not belong.

 I see the internet somewhat differently though, I see it as
another world, that just happens to be accessable from our own,
kind of like America was about 500 years ago. The only difference
is that it was previously uninhabited.

 I like it the way it is!

 Now like the other world I occupy, here comes the religious right,
who aren't content to live there own lives, there going to tell me
how to live mine. (for my own good of course!)

 No way Dude.......

 I've fought your kind before, and knew it was only a matter of
time before I'd have to fight you here. I for one am ready.

 I thought Hal Finney had an excellent suggestion, why not form
your own private family values or whatever access provider, you
could censor to your hearts content! That would save ya'll from
having to move to Singapore or some other La-La land.


 Just another unwashed, uneducated, heathen, savage, heretic....


Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 






From tcmay at netcom.com  Thu Jul 28 12:15:54 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 28 Jul 94 12:15:54 PDT
Subject: Questions about Microsoft and Software Key Escrow
In-Reply-To: <Pine.3.89.9407281251.A17451-0100000@xmission>
Message-ID: <199407281915.MAA13890@netcom10.netcom.com>



> On Thu, 28 Jul 1994, Jacob Levy wrote:
> > I respect your feelings on the matter and your ability to think clearly and
> > with great foresight also :-), but for this list it would probably be much
> > more useful if we got some _OFFICIAL_ answer from Microsoft instead of your
> > "I believe, I cannot think, can't see", etc. etc. You're obviously a
> > concerned individual but you equally obviously don't claim to speak for
> > Microsoft.
> People lie.  Tim May speaks the truth and does not charge a consulting 
> fee.:-)  Who knows what evil lurks in the hearts of men?
> 
> Berzerk.


I don't believe the folks at MS are lying--I believe they are telling
the truth as they see it. In fact, the paralegal guy told me a lot of
stuff about the possible justifications for SKE, the export issues
(Feds want SKE for exported products....don't ask me why), etc. He
thought, I guess, that this would _convince_ me that Microsoft's
motives were not evil--which I have never thought was the case,
ironically. Instead, he just confirmed to me via his arguments that
some kind of SKE scheme is being talked about, negotiated with one or
more federal agencies, and may or may not be planned for future
products. 

This has always been my point: a heads-up on something of profound
importance if it happens.

That Chicago and Daytona have no SKE built in to current versions is
not at all surprising: the SKE proposal got its big boost in momentum
less than two months ago, and demo code may or may not even exist yet
at TIS.

If I were to guess, we're in SKE about where Clipper was in the summer
of '92...a few hints (Denning and Micali papers) but the various
corporate players (Mykotronx, VLSI Technology, AT&T, etc.) were just
being brought on board. And announcement was still 9 months off in the
future. (Actually, I don't know when all the Clipper players joined
the team...it may've been even earlier than 1992. I'm just making the
point that the public knew nothing about this until a press conference
on April 16, 1993.)

Except this time around there's a greater sensitivity to such deals,
and a lot more ways for sources to communicate tips :-}. There are
also 600 Cypherpunks ready to critique software key escrow.

That Microsoft's legal people know about SKE, despite its newness to
most in the crypto community, and that issues are being debated about
it, shows pretty compellingly that the SKE idea is indeed being worked
on one way or another. This is actually more important than "official
statements," for obvious reasons.

(We often lose sight of actual realities in our focus on "official
statements" and disclaimers about not speaking for Lockheed or Apple
or whatever.)

--Tim


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From paul at poboy.b17c.ingr.com  Thu Jul 28 12:21:03 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Thu, 28 Jul 94 12:21:03 PDT
Subject: Government-Controlled Trust Hierarchies
In-Reply-To: <9407280200.AA02238@snark.imsi.com>
Message-ID: <199407281915.AA04015@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> By the way, just so everyone knows, I understand (based on a
> conversation with Steve Kent, who should be a reliable source for
> this) that Microsoft is one of the suppliers to the upcoming DMS, or
> defense messaging system. The DMS will be using Tessera -- it means
> that Microsoft and several other firms are going to be the largest
> purveyors of escrowed software in the world.

Well, no, not actually; at least that's not the explanation that the
various trade rags have been giving.

DMS is an infrastructure for passing messages around. The actual
Tessera hardware does the escrowed encryption and so on. All the
software has to do is know how to talk to the Tessera PCMCIA card.
One of the key features of DMS is that it uses as much
commercial off-the-shelf (COTS) software as possible. 

To support Tessera, that COTS must either a) be purpose-built (like
LJL/SESI's ArmorMail) to use Tessera, or b) have new versions planned
for the future (Lotus Notes? MS Mail?)

It's interesting to note that the APIs needed to talk to a Tessera
card and National Semi's RSA-only card are very close to one another.
It would be IMHO not too hard to patch, say, MS Mail (especially with
the availability of MAPI!) to use alternate types of tokens.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | "Information is the currency of democracy."
perobich at ingr.com           |     - some old guy named Thomas Jefferson
	       Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjgD2qfb4pLe9tolAQEejwP/bNbkE8auYcbBqRCWSx2D0gpzs5W+7A/m
tL2c0dEA5ISMAWvwE51SixWBIf3kiT5+CBOh2ZNGEYd/oabynHEBXdYUQPYgaQ9E
9pG2wySN+aaSiGTypD7+jjIW3NVWgVKIzOWokixiQfh+W3e3ACASiuy986ZifJww
2C7C1IBGC8Y=
=RDYy
-----END PGP SIGNATURE-----





From paul at poboy.b17c.ingr.com  Thu Jul 28 12:22:40 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Thu, 28 Jul 94 12:22:40 PDT
Subject: DES Vulnerable, Why?
In-Reply-To: <199407281723.KAA10659@netcom13.netcom.com>
Message-ID: <199407281918.AA04080@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> Back in 1986-7 there was a major effort to have DES replaced with a
> new encryption standard. I don't recall the name for the program, but
> it had the support of several chip companies (Intel, AMD, etc.) and
> was, I seem to recall, mentioned prominently in the National Computer
> Security Act of 1987.

I think Tim's thinking of the Commercial Comsec Endorsement Program (CCEP),
an effort to get NSA-approved crypto hardware out into the commercial
world. For some reason it never really caught on :)

- -Paul

- -- 
Paul Robichaux, KD4JZG      | "Information is the currency of democracy."
perobich at ingr.com           |     - some old guy named Thomas Jefferson
	       Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjgEaafb4pLe9tolAQFWkwQAqmH/yf20V6w8gyLW1B18XDA+9ZakEHEt
GxUmze9xhjm/NZuPalCvHcj+QEf8OHUpnZD4I9BfGj47fskj1yM20dH7xUuzqLy+
SJJsISvOoM5dd3SxbetblZYHwcG9pnAt9kS73InS2osiPNNiWnt0SoByH9E32+Gg
xMXwsylpAaw=
=Fa/u
-----END PGP SIGNATURE-----





From karn at qualcomm.com  Thu Jul 28 12:28:34 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 28 Jul 94 12:28:34 PDT
Subject: Dallas Morning News article?
Message-ID: <199407281928.MAA06633@servo.qualcomm.com>


I've heard that an article appeared in the Dallas Morning News,
apparently yesterday (wednesday) on the absurdity of crypto export
controls.  I understand that I was quoted in reference to my CJ
requests for Bruce Schneier's book and floppy disk (which is not
surprising since the writer interviewed me last week). Does anybody
have a copy of this article?  I have no easy way of getting a copy.

Phil





From nelson at crynwr.com  Thu Jul 28 12:38:04 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 28 Jul 94 12:38:04 PDT
Subject: Remailer ideas (Was: Re: Latency vs. Reordering)
In-Reply-To: <9407281831.AB19187@ralph.sybgate.sybase.com>
Message-ID: <m0qTbHD-000I8LC@crynwr.com>


   Date: Thu, 28 Jul 1994 11:37:38 -0800
   From: jamiel at sybase.com (Jamie Lawrence)

   Another thing that occured to me is the thought that if there were
   an organized web or remailers, remailers could bounce messages
   between them automatically-

Yes, that could be done.  Problem is that the NSA's remailer(s) would
immediately deliver messages to the destination.  Get enough NSA
remailers, and the web wouldn't be trustable.  Now, remailers in the
web can and should feel free to randomly forward mail to other
remailers, but it's the sender who should pick the minimum chain
length, and recursively encrypt their own envelopes.

-russ <nelson at crynwr.com>    http://www.crynwr.com/crynwr/nelson.html
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)  | What is thee doing about it?
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From pdn at msmail.dr.att.com  Thu Jul 28 13:01:05 1994
From: pdn at msmail.dr.att.com (Philippe Nave)
Date: Thu, 28 Jul 94 13:01:05 PDT
Subject: Remailers
Message-ID: <2E380E4C@mspost.dr.att.com>



>
> Philippe Nave writes:
>
> > I think the single most important thing we could do for remailer 
operators
> > would be to figure out how to make the remailers *truly* *anonymous*. 
That
> > is, we need a net.hack of some sort that allows remailers to send their
> > messages in a way that leaves no trace whatsoever of the original poster
> > *and* leaves no trace of the remailer itself.
>
> Er, if we knew how to do that, we wouldn't need remailers. :)
>

Touche!

This is, of course, correct. In an ideal scenario, everyone would be able
to personally establish anonymity for their own communications and the
concept of 'anonymous remailers' would be moot.

In the meantime, I suggest that it would be worth quite a bit of effort
on the part of a few wizards to get a 'truly' anonymous remailer up and
running for the benefit of the masses. I keep seeing messages to the effect
of 'sorry, you can't get there from here', but that just tells me that the
problem is non-trivial. [Note that I'm not pooh-poohing the considered
opinions of people who know quite a bit more about email and the Net than
myself; I simply remain stubbornly optimistic about the capabilities of a
large group of skilled Internauts.] Also, don't misconstrue my ravings
to be an indictment of remailers as they exist today - I see that many
valuable lessons are being learned about interoperability, reliability,
and real-world exposure to problem situations. Even our beloved LD has
helped in that regard, bless his pointed head, by showing us what a single
deranged loon can do to a network of remailers. I simply maintain that now
is a good time to reopen the study of 'true' anonymity so that further
remailer developments are added to a strong foundation.

ObEcash: Peons like me who are not capable of the bizarre hacks required
for 'true' anonymity would most likely embrace ecash payment systems for
remailing service with enthusiasm.

Having demonstrated my ignorance of low-level email transport techniques,
I now retire to the shadows again........     :)

    Philippe





From kentborg at world.std.com  Thu Jul 28 13:15:15 1994
From: kentborg at world.std.com (Kent Borg)
Date: Thu, 28 Jul 94 13:15:15 PDT
Subject: DES Vulnerable, Why?
Message-ID: <199407282014.AA01888@world.std.com>


[Tim said, roughly, that public actions to replace DES have not
revealed anything about what the NSA & Co. know about DES's
weaknesses.]

Which I guess is part of what I was driving at.

The other part of what I was driving at: DES is becoming crackable by
pure brute force.  Doesn't 3-DES solve that problem for a few orders
of magnatude?

If 3-DES is so simple a variation on DES, then what is wrong with DES
that 3-DES doesn't solve?  (Yes, it is slower in SW than IDEA--I am
talking security for the moment.)


-kb, the Kent who is leery of the new-fangled when the old seems so
easy to fix


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 39:30 hours of TV viewing so far in 1994!





From ravage at bga.com  Thu Jul 28 13:36:52 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 28 Jul 94 13:36:52 PDT
Subject: (fwd) Re: BATF raid in North Carolina
Message-ID: <199407282036.PAA04509@vern.bga.com>


Newsgroups: rec.models.rockets
Path: bga.com!news.sprintlink.net!uunet!psinntp!psinntp!news
From: ralphpepper at lesueloc.com
Subject: Re: BATF raid in North Carolina 
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <1994Jul27.031907.6182 at nntpxfer.psi.com>
Sender: news at nntpxfer.psi.com
Organization: Performance Systems Int'l
X-Newsreader: NEWTNews & Chameleon -- TCP/IP for MS Windows from NetManage
References: <J+7xDKE.countdownhob at delphi.com>
     
Mime-Version: 1.0
Date: Wed, 27 Jul 1994 05:49:26 GMT
Lines: 61


Re:
> Rebecca Rohan <rrohan at eskimo.com> writes:
>  
> >Yo, those of you in rec.models.rockets who are whining about the 
> >crosspost --- you are one action/adventure movie away from the same 
> >treatment or worse.
>  
> Rebecca,
>  
>      I, for one, appreciate the information you're providing. Too many 
average
> citizens have no idea what's going on with federal agencies. Unconstitutional
> power grabs are getting bigger and more frequent all the time. If it isn't
> stopped soon, we will be stopped dead in our
> tracks as a free nation.
>  
> COUNTDOWN HOBBIES
> 3 P.T. Barnum Square
> Bethel, CT 06801-1838
> 203-790-9010
> Kevin Nolan
> NAR 16148; TRA 0943
> CTRA/NARCONN
>  
   I currently don't have any HPR motors, reloads or any such thing. I left 
them behind when I moved to Georgia (not knowing the legal climate down here). 
So I feel (relatively) safe putting forth my two cents worth as to what I would 
do. 
     First, I would be rigidly legal in every respect. In fact, after hearing 
about them worrying about casing residue I would make sure I didn't even have 
so much as a spent D12-0 casing. Anything I needed would be bought enroute to 
any launch meet, or at the meet itself. 
     Second, I would endeavor to be as 'safe' and 'peaceful' as possible. There 
would be no 'terminator 2' talk out of me.
     Third, if I did get attacked, everything would be 'yessir' and 'nossir'.
     Then, I would quietly go down to the federal courthouse and file a RICO 
Act lawsuit.
     RICO Act stands for Racketeer Influenced and Corrupt Organizations Act. 
This is what is commonly referred to as being charged with 'racketeering'. RICO 
allows individuals (as well as governments) to file against persons or 
organizations that commit three major offenses against one person or a major 
offense against three or more persons.
     One unique feature that makes it exceedingly lucrative for lawyers to take 
on contingency is that the awarded amount is TRIPLE the sum of all court costs, 
 out-of-pocket costs, compensatory, and punitive damages.
     Certain agencies may be immune but not all of them. Also, you could argue 
that immunity only applies to their lawfully empowered duties and when they 
exceed that authority, that they are acting outside of government protection 
and become private citizens commiting acts against other private citizens.
     There was a church in California in 1979 that began moving to do something 
like that against the state Attorney General (Dukemajian at the time). The 
state was trying to take over all of that church's operations (under a law 
protecting charitable trusts - like United Way) Ex-Parte on the claim from six 
ex-members that money was being absconded with. California tried to impose 
their own people into that church's ruling hierarchy & even declared in open 
court that all churches in California thereafter belonged to the state. The 
threatened suit plus the outrageously gross misapplication of the law spooked 
the California legislature into repealing that law completely over the violent 
protestations of Attorney General Dukemajian. I believe there was a book about 
this called "Against the Gates of Hell" or something by somebody named Rader.





From wcs at anchor.ho.att.com  Thu Jul 28 13:44:49 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 28 Jul 94 13:44:49 PDT
Subject: (fwd) Possible compromise of anon.penet.fi
Message-ID: <9407282035.AA21873@anchor.ho.att.com>


> From: barnett at convex.com (Paul Barnett)
> Newsgroups: alt.privacy
....
> Someone has been collecting email addresses, apparently from postings
> to Usenet, and forging them to anonymous postings through
> anon.penet.fi to alt.test.
......
> My condolences to those people that have been caught in this net.
> This is one of the most despicable forms of net.terrorism that I have
> encountered.

It's an interesting weakness, and at least as serious as the
naXXXXX / anXXXXX problem that reveals your identity if you send
email to another anonym.  

The one anonym I've used on anon.penet.fi is already known to at
least one other person (to whom I'd sent mail about the fact that
they'd included their .signature in an anonymous article :-)

I disagree with the "despicable" opinion, though it's certainly a
serious problem and it would certainly have been nicer if the 
cracker had done only a limited number as a demonstration (maybe this
counts; I don't know.)  BUt if our tools have technical weaknesses,
it's *much* nicer to find out from a non-police-agency cracker than
to learn about it when they start knocking on your door.

It sounds like there's a need to separate the email and news-posting
parts of the anon.penet.fi software, or go to stronger anon-reply
methods like the one on the newer cypherpunks remailers.

		Bill
		
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From perry at imsi.com  Thu Jul 28 13:49:45 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 28 Jul 94 13:49:45 PDT
Subject: 
In-Reply-To: <9407280306.AA18192@netmail2.microsoft.com>
Message-ID: <9407282049.AA03288@snark.imsi.com>



As I've noted, according to a reliable source, Microsoft is a vendor
of software for DMS, so although its not part of the products Merriman
is mentioning, there are key escrow features in some software being
delivered by Microsoft.

Perry

Blanc Weber says:
> From: David K. Merriman
> 
> It has been brought up on the Cypherpunks mailing list that Microsoft is
> proposing to include public-key escrow as a *built-in* "function" of future
> products - Chicago and Daytona have been specifically mentioned.
> ...................................................................... 
> ..........
> 
> No, this is not correct.  It was speculation from Tim May on possible 
> developments, based on his interpretation of recent events and on email 
> which I sent to him.  This email was referring to the fact that his 
> concerns notwithstanding,  it is not an easy thing to implement a 
> privately-held key escrow system into a desktop operating system, that 
> Microsoft is not talking about implementing a 'software Clipper', and 
> is presently only *examining* the international ramifications of 
> software key-escrow and non-escrowed strong encryption security.
> 
> Please give it this question the benefit of the doubt and postpone your 
> conclusions about this until I can get an official statement, thanks.
> 
> Blanc
> 
> 





From ravage at bga.com  Thu Jul 28 13:50:03 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 28 Jul 94 13:50:03 PDT
Subject: (fwd) WWII Enigma traffic
Message-ID: <199407282049.PAA04815@vern.bga.com>


Newsgroups: sci.military
Path: bga.com!news.sprintlink.net!sundog.tiac.net!usenet.elf.com!news2.near.net!MathWorks.Com!news.duke.edu!godot.cc.duq.edu!newsfeed.pitt.edu!uunet!ncrgw2.ncr.com!ncrhub2!ranger!military
From: lharnisch at delphi.com
Subject: WWII Enigma traffic
Message-ID: <CtMKns.J91 at ranger.daytonoh.ncr.com>
Sender: military at ranger.daytonoh.ncr.com (Sci.military Login)
Organization: Delphi (info at delphi.com email, 800-695-4005 voice)
Date: Thu, 28 Jul 1994 00:43:04 GMT
Approved: military at ranger.daytonoh.ncr.com
Lines: 13


>From lharnisch at delphi.com

Does someone know the location of archives (or preferably microfilm)
containing undeciphered German Enigma traffic? It isn't important
whether it was cracked by the Allies during the war... am simply
seeking some original German traffic to test computer program....
	I have already gone through messages in the journal
	Cryptologia......
	Pls E-mail me if you know of some sources...
	Thanks....
	Larry Harnisch






From Mike_Spreitzer.PARC at xerox.com  Thu Jul 28 14:06:49 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Thu, 28 Jul 94 14:06:49 PDT
Subject: Questions about Microsoft and Software Key Escrow
In-Reply-To: <9407281543.AA28814@netmail2.microsoft.com>
Message-ID: <94Jul28.140605pdt.14505(10)@alpha.xerox.com>


I don't see what "key escrow" is good for besides enabling wiretaps.  Am I
missing something here?

In any public-key system, even one without "key escrow", I know (or could
easily discover if I wanted to) my own private key.  Yes, I may want to make
some kind of "backup" arrangements for my key, to cover forgetfulness, death,
or whatever.  But that doesn't require anything in the communication/storage
formats (e.g., no LEAF field).  The managment of my private key is independent
of communication/storage of encrypted material.

"Key escrow", on the other hand, is about building into the
communication/storage formats a requirement that I use only keys that are
"escrowed".  I don't see what this adds, other than a requirement that my
communication/storage be interceptable with the cooperation of my "escrow
agents".





From tcmay at netcom.com  Thu Jul 28 14:07:42 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 28 Jul 94 14:07:42 PDT
Subject: Denning and Walker on SKE and International Escrow
Message-ID: <199407282107.OAA20776@netcom2.netcom.com>


Somebody (who can speak up if he wants to) sent me this advance
program...looks like deja vu all over again.

I've elided all the talks other than those of interest to this debate.


>        International Cryptography Institute 1994: Global Challenges
>
>                          September 22-23, 1994
>                       Ritz Carlton, Washington, DC
>
>                               Presented by
>             The National Intellectual Property Law Institute 
>
>The International Cryptography Institute will focus on problems and
>challenges associated with the use of cryptography within nations and
>for international communications.  The Institute will address such
>questions as:  What are the different national policies and regulations
>governing cryptography and how might these evolve?  What cryptographic
>technologies are on the market in different countries, what is being
>used, and what is it being used for?  What problems is cryptography
>causing law enforcement?  What are the requirements of businesses and
>other organizations?  What are the new trends in cryptography and what
>will be their impact on society?  What efforts are leading toward an
>international cryptography framework?  The Institute is for government
>officials, industry leaders, policy makers and analysts, researchers,
>and users of cryptographic technologies.
>        


>8:45-9:00 Opening Remarks
>Dorothy E. Denning, Chair of Program
>James Chandler, President, National Intellectual Property Law Institute
...
>4:00-4:30
>Experiments in International Cryptography and Software Key Escrow
>Stephen T. Walker, Trusted Information Systems, Inc.
>
>4:30-5:00
>International Escrowed Encryption
>Dorothy E. Denning, Georgetown University
>John Droge, Mykotronx, Inc.
...
>11:30-12:00
>World-Wide Availability of Cryptography Products
>David Balenson, Trusted Information Systems, Inc.
>
>12:00-1:30 Lunch with Keynote
>Louis J. Freeh, Director, Federal Bureau of Investigation (invited)

Actually, all the other papers deal with the same ball of wax...it
looks like some serious discussions about "the legitimate needs of law
enforcement" and whatnot have *already occurred*. My guess is that key
escrow is already part of the New World Order (not to sound like a
conspiracy theorist) and that's why the export folks are making
comments to software companies about key escrow.

One big happy police state.

--Tim May





-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From gtoal at an-teallach.com  Thu Jul 28 14:18:33 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 28 Jul 94 14:18:33 PDT
Subject: Questions about Microsoft and Software Key Escrow
Message-ID: <199407282118.WAA18133@an-teallach.com>


	ironically. Instead, he just confirmed to me via his arguments that
	some kind of SKE scheme is being talked about, negotiated with one or
	more federal agencies, and may or may not be planned for future
	products. 

is Mr Gnu reading this?  I think it's time another FOIA request was
in order...

G (who doesn't usually expect other people to do stuff that he could
do himself, it's just that I don't think they'd look kindly on an FOIA
request from Scotland ;-) )





From jrochkin at cs.oberlin.edu  Thu Jul 28 14:20:58 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 28 Jul 94 14:20:58 PDT
Subject: Remailer ideas (Was: Re: Latency vs. Reordering)
Message-ID: <199407282120.RAA07884@cs.oberlin.edu>


> Yes, that could be done.  Problem is that the NSA's remailer(s) would
> immediately deliver messages to the destination.  Get enough NSA
> remailers, and the web wouldn't be trustable.  Now, remailers in the
> web can and should feel free to randomly forward mail to other
> remailers, but it's the sender who should pick the minimum chain
> length, and recursively encrypt their own envelopes.

Very good point. Still, I wish there was a way for my local software to     
automatically make this chain based on some sort of knowledge of what
remailers are currently up. Ideally, my local software could figure
out all this info without manual intervention on my part; it would maintain
it's own list of remailers, and keep track of when they go down.
I'm not sure it's possible to set up a system like this, but it
would be enormously helpful.
 
One naive solution would be for remailers to have a "ping" function. I could
send a remailer a "ping" message, and it would just bounce some acknowledgement
back. More likely, my software could do this periodically, and keep track
of which remailers are down, or non existent, and not use those. 
The problem here is that an eavesdropper could get knowledge of which remailers
I am planning on using, which could help traffic analysis enormously. 
The "ping" function could support anon encryption block, so that I can
ping a remailer through several other remailers anonymously. This is an
improvement, but the traffic generated by lots of people periodically doing
this is going to be enormous. As it is in any implementation of this sort. 
[If you wanted to, you could make the remailers "ping" now by yourslef, just 
have a message resent to yourself. But we can't all do this automatically often,
simply because of the traffic it woudl generate. I think.]
 
The next idea I had involves a usenet newsgroup. Bear in mind I don't really
know how this sort of thing works, so tell me when I've said something    
nit-witted. Anyhow, there could be an alt.remailer.net newsgroup. 
All participating remailers would post an "i'm here" message on it
periodically, say once every 24 hours. This message would include the 
remailers public key as well. My local software could scan this newsgroup.
If a remailer hadn't posted a "i'm here" message in 30 hours or so, my
local software wouldn't include it in any chains. If it's been several
weeks, my local software will drop it from my database of remailer's
altogether. If a "i'm here" from a previously unknown remailer is found,
my software adds it to the database. Or, if I'm worried about abuse, I only
add it to the database if it's public key is singed by someone I trust.  
 
Okay, now everyone try to rip this plan apart. :) I'm sure I haven't arrived
at the idea solution, but there's got to be some way to create a remailer-net
that will allow my local software to generate long remailer chains to remailers
that are all still existent (now, if one of the remailers included in my
6 remailer chain goes down, it's a major pain to figure out which one it was,
and why my mail never arrived there), all automatically. Until we can  
arrive at such a system, remailers are never going to be really useful
to a large number of people; it's just too generate secure remaielr    
^?chains that are trustable.






From matthewn at uiuc.edu  Thu Jul 28 14:52:59 1994
From: matthewn at uiuc.edu (Matt Hewn)
Date: Thu, 28 Jul 94 14:52:59 PDT
Subject: L D Weller????
Message-ID: <199407282152.AA04875@ux1.cso.uiuc.edu>


>From alt.privacy:

>              From CompuServe's Libertarian Political Issues Forum
>
> Subject: #216752-Oceania?
> From: Scott A. Kjar 70402,3124
> To: L D Weller 71011,1743

L D Weller sounds absurdly close to our net.loon...

BTW, the article is on the apparent Oceania scam.


-- 
Matt Hewn <matthewn at uiuc.edu>
--
Information is not knowledge; knowledge is not wisdom; wisdom is not truth.
Truth is absolute.





From Mike_Spreitzer.PARC at xerox.com  Thu Jul 28 15:01:49 1994
From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com)
Date: Thu, 28 Jul 94 15:01:49 PDT
Subject: Questions about Microsoft and Software Key Escrow
In-Reply-To: <94Jul28.140605pdt.14505(10)@alpha.xerox.com>
Message-ID: <94Jul28.150101pdt.14505(2)@alpha.xerox.com>


I'm thinking here about software schemes; by "any public-key system" I mean any
where the encryption is done by software.





From tcmay at netcom.com  Thu Jul 28 15:07:48 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 28 Jul 94 15:07:48 PDT
Subject: Mother of All Clipper Systems?
Message-ID: <199407282207.PAA29796@netcom13.netcom.com>


The trends are ominous. Outside of this forum and my contacts and
sources, I've also been corresponding today with Whit Diffie, Jim
Bidzos, John Gilmore, and Eric Hughes. 

How fast could a system happen? Depends on the nature of the
"emergency," how far along the code is (my guess: not in the next
several months), and all sorts of legal issues.

The upcoming conference, which I just excerpted, suggests that
international key escrow is very far along. The National Health Care
thing could mandate a national ID card (called something else, of
course), and this could happen shortly after enabling legislation
passes. Combined with growing waves of illegal immigrants....

Anyway, it may or may not all fit together. But if all does, we could
be facing the "mother of all Clippers." (The clipper of all mothers?)

Here's a well-written piece on national ID cards. I found it in the
cpsr group (see, Jim, we *do* read other newsgroups). I've made a few
notes and marks, especially in sections mentioning the uses and timing
that could fit with a new crypto initiative, such as SKE.

--Tim


Newsgroups: comp.org.cpsr.talk
From: emery at tc.fluke.COM (John Emery)
Subject: Re: National ID and "slippery slope"
Message-ID: <CtMA76.9Bq at tc.fluke.COM>
Date: Wed, 27 Jul 1994 20:57:02 GMT
...
>From the news reports I've seen lately, it does appear we are heading 
toward a national ID card for all citizens.  For instance, PC WEEK had a 
front page article on May 9th, a couple months ago entitled, "Postal Service,
IRS developing national identity cards; Clinton may give OK":

"The Clinton administration is working on creating an identification card
that every American will need to interact with any federal government
agency.  The card initiative came into the forefront at last month's
CardTech/SecureTech Conference in Crystal City, Va..."

"Sources close to the administration said President Clinton is also 
considering signing a pair of executive orders that would facilitate
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
the connection of individuals' bank accounts and federal records to
                               ^^^^^^^^^^^^^                 
a government identification card..."

"At the conference, postal representative Chuck Chamberlain outlined
how an individual's U.S. Card would be automatically connected with
the Department of Health and Human Services, the U.S. Treasury, the
IRS, the banking system, and a central database of digital signatures
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
for use in authenticating E-mail and other transactions."
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(Tim: This would fit nicely with an SKE system, don't you think?)

"While the U.S. Card is only a proposal, the Postal Service is prepared
to put more than 100 million of the cards in citizens' pockets within
months of administration approval, which could come at any time."
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

As long as one doesn't interact with the Postal Service (e.g. doesn't use
mail), the IRS (doesn't earn taxable income), and doesn't have a bank
account then it won't be a "must carry" card.  However, this doesn't 
include very many people in America.

Another source says "Digital Media reports that the Clinton administration
is laying plans to create an encoded national identity card.  Every
citizen would be obliged to use the new "U.S. Card" in all dealings with
any federal agency and in 'virtually every other legally binding electronic
transaction made by U.S. citizens.'"

"...To further increase electronic surveillance of citizens, Clinton has
reportedly prepared two executive orders that would allow the IRS to
monitor personal bank accounts and 'automatically collect taxes based
on the results." ("Clinton readies national identity card," _Strategic
Investment_, June 22, 1994, p. 2)

The Seattle Times reported on July 13, 1994 that "The United States, in
a response to its ability to control illegal immigration, may soon ask
every American to carry a national identity card..."

So the answer is yes, it is intended to be a national ID card.
I find it hard to believe that every citizen will not have to carry one
of these cards.  For all practical purposes, given these proposals
implemented, it would be quite inconvenient to leave home without it.

This is something that we should all take seriously.


-- 
John Emery		
emery at tc.fluke.COM      
			
			




-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From pjm at gasco.com  Thu Jul 28 15:08:32 1994
From: pjm at gasco.com (Patrick J. May)
Date: Thu, 28 Jul 94 15:08:32 PDT
Subject: Just say NYET to censors
In-Reply-To: <9407281404.AA23736@pelican.ma.utexas.edu>
Message-ID: <m0qTZU9-0004vZC@athena.gasco.com>


nzook at math.utexas.edu writes:
 > NYET-- Non-Youths Exhibit Temperance.
 > [...]
 > As the Internet community continues to grow, the differences of conviction
 > that exists generally in the world find their way into the community.  Some
 > demand that newcomers to the net adapt to the mores of this society.  Some
 > demand that the net, as a newcomer to the world, adapt to the outside.  As
 > recent events have demonstrated, the less reasonable, on both sides, may be
 > endangering the integrity and availablity of the net.  Calls for net
 > censorship, it may be expected, will continue to grow unless the net can
 > find some way to police itself.  Yet "police itself" is a term that sends
 > the net into fits.  My solution, NYET, is for the appropriate users to
 > directly censor the data that they might legitmately lay claim to
 > censoring--data that flows to minors over which they have legal authority
 > and responsibility.

[ proposed laws to prevent minors from accessing questionable material
  deleted ]

     Your basic idea is excellent, so excellent in fact that you could
probably make some money by providing the service.  As a parent of a
soon-to-be netsurfer, I would be willing to pay more for an account
that gave me some control over my daughter's access than I would for a
standard netcom style account.  Let me know when such accounts are
available.

     In the meantime, there is no need for force.  The immediate
reaction of "there ought to be a law" is a direct contradiction to the
net "policing itself".

Regards,

Patrick May
------------------------------------------------------------------------
                              "A contract programmer is always intense."
pjm at gasco.com





From trollins at debbie.telos.com  Thu Jul 28 15:21:15 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Thu, 28 Jul 94 15:21:15 PDT
Subject: Catch-22
Message-ID: <9407282220.AA19733@debbie.telos.com>


Well,
Since E-mailing a few copys of my 3DEA-PGP.ZIP file
and having said file posted on two FTP sites.
"ftp.wimsey.bc.ca" and "ripem.msu.edu"
It seems that the tax man sees $ in his eyes.
I received a nice package with letter from...

    United States Department of State
    Bureau of Politico-Militart Affairs
    Office of Defence Trade Controls

So, it came to their attention that I need to pony up $250
in order to "register" with said office.  Problem is they
want proof of my business in order to register. But, I don't
have a business.  What is it then. 

    1 - I have to register because I modify code and handed
        it out for free.
    2 - I Don't have to register because I don't have a business.
    3 - I have to register and form a business.

Thanks,
tom rollins <trollins at debbie.telos.com>






From tcmay at netcom.com  Thu Jul 28 15:46:38 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 28 Jul 94 15:46:38 PDT
Subject: Signature Stripping a Bad Idea
Message-ID: <199407282246.PAA04279@netcom13.netcom.com>


Reasons why attempts to automatically strip signatures a bad idea:

* Breaks the assumpton that remailers are not reaching in and
twiddling internals of a message.

* Maybe a signature is _desired_ at some point.

* Can lead to various problems, especially if implemented badly.

We've had this debate before, and the consensus was that treating a
remailed block as inviolate is a "win."

Certainly anyone can announce this "feature" as a service, sort of a
"Dummie's Remailer." Like censor services (that screen your mail),
such things are easily imaginable, but should never become the norm,
and should never be mandated.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From berzerk at xmission.xmission.com  Thu Jul 28 15:55:38 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Thu, 28 Jul 94 15:55:38 PDT
Subject: (fwd) Possible compromise of anon.penet.fi
In-Reply-To: <9407282035.AA21873@anchor.ho.att.com>
Message-ID: <Pine.3.89.9407281621.A2994-0100000@xmission>




On Thu, 28 Jul 1994 wcs at anchor.ho.att.com wrote:
> It's an interesting weakness, and at least as serious as the
> naXXXXX / anXXXXX problem that reveals your identity if you send
> email to another anonym.  
> 
All you need to do is add a feature to cancel the account or id.  Then, 
if you recieve a ping from a sent message(like I just did) you will be 
able to cancel the anon name, and get a new one to set the passwd on.

Berzerk






From paul at hawksbill.sprintmrn.com  Thu Jul 28 16:19:01 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Thu, 28 Jul 94 16:19:01 PDT
Subject: Catch-22
In-Reply-To: <9407282220.AA19733@debbie.telos.com>
Message-ID: <9407290021.AA11261@hawksbill.sprintmrn.com>



> 
>     United States Department of State
>     Bureau of Politico-Militart Affairs
>     Office of Defence Trade Controls
> 
> So, it came to their attention that I need to pony up $250
> in order to "register" with said office.  Problem is they
> want proof of my business in order to register. But, I don't
> have a business.  What is it then. 
> 
>     1 - I have to register because I modify code and handed
>         it out for free.
>     2 - I Don't have to register because I don't have a business.
>     3 - I have to register and form a business.
>

You lucky guy.

I'd suggest talking with someone who _has_ had to report to one said 
offices in the past and enlist their suggestions, perhaps Grady Ward.

- paul
 




From koontzd at lrcs.loral.com  Thu Jul 28 16:34:17 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 28 Jul 94 16:34:17 PDT
Subject: Catch-22
Message-ID: <9407282333.AA07677@io.lrcs.loral.com>



>Since E-mailing a few copys of my 3DEA-PGP.ZIP file
>and having said file posted on two FTP sites.
>"ftp.wimsey.bc.ca" and "ripem.msu.edu"
>It seems that the tax man sees $ in his eyes.
>I received a nice package with letter from...

>    United States Department of State
>    Bureau of Politico-Militart Affairs
>    Office of Defence Trade Controls

>So, it came to their attention that I need to pony up $250
>in order to "register" with said office.  Problem is they
>want proof of my business in order to register. But, I don't
>have a business.  What is it then.

When bureacracies do silly things, the best recourse is to
seek media attention.






From sandfort at crl.com  Thu Jul 28 16:49:16 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 28 Jul 94 16:49:16 PDT
Subject: L D WELLER
Message-ID: <Pine.3.87.9407281622.A14599-0100000@crl2.crl.com>


C'punks,

For what it's worth, CompuServe lists L D Weller (71011,1743) as being in
American Fork, UT (between Salt Lake City and Provo). 


 S a n d y








From roy at sendai.cybrspc.mn.org  Thu Jul 28 16:56:46 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 28 Jul 94 16:56:46 PDT
Subject: (fwd) Possible compromise of anon.penet.fi
In-Reply-To: <9407281453.AA23808@pelican.ma.utexas.edu>
Message-ID: <940728.175233.2k3.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, nzook at math.utexas.edu forwards:

> From: barnett at convex.com (Paul Barnett)
> Newsgroups: alt.privacy
> Subject: Possible compromise of anon.penet.fi
> Date: 27 Jul 94 22:09:28 GMT
> Organization: CONVEX News Network, Engineering (cnn.eng), Richardson, Tx USA
> Lines: 29
> Message-ID: <barnett.775346968 at cnn.eng.convex.com>
> NNTP-Posting-Host: zeppelin.convex.com
> 
> Someone has been collecting email addresses, apparently from postings
> to Usenet, and forging them to anonymous postings through
> anon.penet.fi to alt.test.
> 
> The text of the posting states the REAL email address of the poster,
> under a posting attributed to the anonymous ID assigned to that
> poster.

I actually saw this article in alt.privacy, and sort of mentally filed
it.  Then, this morning, I received a note from anon.penet.fi informing
me of my anonymous ID.  I don't use penet, and never sent anything
through there anonymously.

I first thought it might have been a mail-bombing run, but then I
re-read this:

> However, there are some lower numbered anonymous IDs, presumably in
> previous use by the addressee named in the text of the message.  These
> anonymous addresses are now compromised.

I think this might be a forked attack... trying to flood penet with
traffic, and also outing people who have used penet for anonymous
traffic previously.  This is a good argument against maintaining a
double-blind database (and in favor of systems like soda.berkeley.edu's
remailer with its 'response block' strategy).

Does anyone else smell Detweiler?
- -- 
             Roy M. Silvernail --  roy at sendai.cybrspc.mn.org
    "Usenet: It's all fun and games until somebody loses an eye."
                        --Jason Kastner<jason at wagner.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjg4FRvikii9febJAQHwEgQAur6SNxVzxvapKJIbQzETTs0QbesD7OVm
17Q69O6maK2qM/sb8zkv1iaktWZNqvj5A5WJmOF8HqQM+EUCEJq3CWsluEk1VVLB
kqlRFcaSk2/FYoLgNo58ITfLnZxwKTSX0jI25iVlpMAbWUoLt1voUNN44rtINzYG
DDQsWLs7p/k=
=t6My
-----END PGP SIGNATURE-----






From koontzd at lrcs.loral.com  Thu Jul 28 17:52:39 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 28 Jul 94 17:52:39 PDT
Subject: Catch-22
Message-ID: <9407290044.AA07755@io.lrcs.loral.com>


>You lucky guy.

>I'd suggest talking with someone who _has_ had to report to one said
>offices in the past and enlist their suggestions, perhaps Grady Ward.

Thats what comes from putting your real address and name on stuff
you give away.





From cjl at welchlink.welch.jhu.edu  Thu Jul 28 18:02:01 1994
From: cjl at welchlink.welch.jhu.edu (cjl)
Date: Thu, 28 Jul 94 18:02:01 PDT
Subject: Tuna fish and spam sandwich
Message-ID: <Pine.3.89.9407282053.A17233-0100000@welchlink.welch.jhu.edu>



I am curious about what is happening on alt.test.  

Someone is apparently forging letters containing the line:

I am (insert True Name and address here)

from a large list of account names and sending them through anon at penet.fi 
to alt.test.  If the address is not previously registered with 
penet.fi it generates a new acct number (thus the long list of messages 
with sequential acct nums anXXXXXX) however every once in a while 
there will be a message 

(they are all 43 lines long, and have the subject "tuna fish 
test numero nnn" making them easy to spot from real anon.testers) 

that will have an account number that is out of sequence (e.g. a much
lower number).  It would seem that this is revealing the anon acct numbers
of people who have already got accts at penet.fi.  There are a number of
messages posted to alt.test from apparently real acct addresses saying
that they never requested anon accts. and generally disavowing all
knowledge of how the "tuna fish" messages ended up posted.

Does this form of "lunch-sack" attack really work?  By spamming penet.fi
with "tuna fish" messages with forged From: lines can one really get the
true names and corresponding anon acct numbers of people from a list of 
addresses?  If this is possible then I'm sure it wouldn't take long for 
one of you mail-gurus to whip up some code to download a "who cypherpunks"
and feed it through a spam grinder to recover true names.  So much for 
trusting a Finnish Identity Escrow Agent.
HH
 C. J. Leonard                     (    /      "DNA is groovy"
                                   \ /                - Watson & Crick
<cjl at welchlink.welch.jhu.edu>      / \     <--  major groove
                                  (    \
Finger for public key               \   )
Strong-arm for secret key             /    <--  minor groove
Thumb-screws for pass-phrase        /   )





From hughes at ah.com  Thu Jul 28 18:08:30 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 28 Jul 94 18:08:30 PDT
Subject: Denning and Walker on SKE and International Escrow
In-Reply-To: <199407282107.OAA20776@netcom2.netcom.com>
Message-ID: <9407290035.AA01602@ah.com>


Oh, and this Denning-fest crypto meeting costs $500 to attend, as I
recall.

Eric





From hughes at ah.com  Thu Jul 28 18:11:03 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 28 Jul 94 18:11:03 PDT
Subject: Local Cypherpunks (?) group
In-Reply-To: <CMM.0.90.4.775420217.dhgo@kimbark.uchicago.edu>
Message-ID: <9407290038.AA01609@ah.com>


   Since the Chicago chapter of CPSR [...] has decided to develop
   aproject [...] the area of privacy (among others), it would seem to
   me to be more productive to work with them.

Unclear on the concept?

Organizations?  We don't need to stinking organizations!  (Withdraw
weapon, begin firing.)

Eric





From an25067 at anon.penet.fi  Thu Jul 28 19:05:48 1994
From: an25067 at anon.penet.fi (that one guy)
Date: Thu, 28 Jul 94 19:05:48 PDT
Subject: No SKE in Daytona and other goodies
Message-ID: <9407290041.AA20689@anon.penet.fi>



1) I've got Daytona running on a machine right next to me. It doesn't
feature any type of key escrow. Come to think of it, it doesn't
support data encryption.

The version I have is build 683, which is supposed to be the
next-to-last, so it's unlikely MS will suddenly start adding new
stuff, especially since they're already late.

The _real_ danger is that SKE will be added to "Microsoft At Work,"
their proposed protocol for tying copiers, fax machines, and other
office gear to computers.

2) Word on the street is that someone already holds a trademark for
the term "Tessera" and that they have told NSA to cease and desist.
Anyone with access to one of the trademark search services can confirm
this, but I haven't yet.
	       
3) Food for thought: we've seen hardware & software key escrow, but I
don't remember seeing any mention of DNA or blood escrow, like what
Judge Ito has ordered in the Simpson case. Get those samples stashed
away now. I wonder if I can get Duncan to supply a DNA sample on my
behalf?

- that one guy
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From shamrock at netcom.com  Thu Jul 28 19:07:56 1994
From: shamrock at netcom.com (Lucky Green)
Date: Thu, 28 Jul 94 19:07:56 PDT
Subject: (fwd) Possible compromise of anon.penet.fi
Message-ID: <199407290207.TAA22392@netcom7.netcom.com>


Roy wrote about the attack on annon.penet.fi:
>
>I think this might be a forked attack... trying to flood penet with
>traffic, and also outing people who have used penet for anonymous
>traffic previously.  This is a good argument against maintaining a
>double-blind database (and in favor of systems like soda.berkeley.edu's
>remailer with its 'response block' strategy).
>

I am not sure I understand the outing part of the attack. If you have a PW
set for your anon ID then how can someone else fake your mail? If you use
no PW, then you need to wake up anyway. Perhaps outing would be what it
takes.

-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From perry at imsi.com  Thu Jul 28 19:17:23 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 28 Jul 94 19:17:23 PDT
Subject: DES Vulnerable, Why?
In-Reply-To: <9407281012.tn288310@aol.com>
Message-ID: <9407290216.AA03565@snark.imsi.com>



KentBorg at aol.com says:
> It seems the TLAs (in a weak moment) let slip that DES was getting old and
> creaky and vulnerable.

Thats hardly news. Its so utterly obvious even without specialized
knowledge one could determine it.

> My question: if triple-DES is so damn tough to break, what is wrong with DES?
>  Triple-DES is a trivial variation on DES.

Similarly, finding the factors of the number 15 and of a 1000 bit
number are nearly the same operation -- unless you take time into
consideration. 

Please go off and read Schneier on this subject before posting again
-- I suspect that his discussion of security and key lengths and
multiple encryption is very clear and well written.

Perry





From perry at imsi.com  Thu Jul 28 19:25:10 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 28 Jul 94 19:25:10 PDT
Subject: GUT and NP
In-Reply-To: <Pine.3.89.9407280845.A1357-0100000@xmission>
Message-ID: <9407290224.AA03589@snark.imsi.com>



Berzerk says:
> On Wed, 27 Jul 1994, Perry E. Metzger wrote:
> > Since a turing machine certainly cannot perform Sun Workstation
> > "algorithms", then by definition they are not algorithms.
> Sorry, a turing machine can.

I suppose the sarcasm impaired are everywhere.

Perry





From perry at imsi.com  Thu Jul 28 19:46:17 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 28 Jul 94 19:46:17 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <9407290041.AA20689@anon.penet.fi>
Message-ID: <9407290245.AA03637@snark.imsi.com>



that one guy says:
> 2) Word on the street is that someone already holds a trademark for
> the term "Tessera"

Yes, this is true. The NSA has picked very bad ones -- Clipper was a
trademark of Intergraph, Tessera was taken, Mosaic (the DMS's name) is
taken, etc.

> and that they have told NSA to cease and desist.

This I don't know to be true. I only know that the trademark was
indeed taken.

Perry





From nzook at math.utexas.edu  Thu Jul 28 20:30:39 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Thu, 28 Jul 94 20:30:39 PDT
Subject: Just say NYET to kneejerking
Message-ID: <9407290326.AA16170@owl.ma.utexas.edu>


I must admit that I'm disappointed.  I figured that I would take some hits,
but for people to only scan a post before reaching for the lighter...
 
Highlights of the post:
0- I'm a pro-elctronic privacy religous rightist.
        (Someone didn't even get THAT right...)
 
1- We are rapidly approaching a point that there will be a broad-based 
   demand for censorship.  If the net is to survive in a recognizable
   form, we have to head this off.
 
   Specifically, BBS sysops have been drug into court on porno or aiding the
   deliquency of a minor charges.  I advance the proposition that we need
   to establish a system that will allow sysops to be able to brush these
   attacks off.
 
2- The censorship that I advance is censorship _by parents_ _for their own
   children_.  Only.  
 
   People have talked about cable boxxes and telephones.  Are you not aware
   that many cable companies offer boxes with a (physical) key that must be
   present in order for certain channels to come through?  That the phone
   companies currently allow customers to disallow outgoing 900 calls?  My
   idea is to implement a net-equivalent system--household by household
   determination of what will be allowed into their homes.
 
3- In this system, the work to determine which parts of the net to allow/
   disallow access to falls entirely on the parents.
 
4- I believe that this system could be used to gain the protection sysops
   deserve.  
 
   Look at the system.  Imagine you were trying to sue/prosecute a sysop who 
   utilized such a system.  One what basis could you attack?  All decisions
   to allow access were determined by the parent.  The sysop genuinely
   attempts to verify that adults are adults.
 
 
   Let me repeat.  This system is an attempt to cut of an almost certain
attempt by some to censor the net.  If we can get this in place, if we can
get legislatures to recognize the system, we should be able to defeat
censorship attempts by people who, from the net's point of view, are on the
margins of society, but, from the nations point of view, are only slightly
"right" of center.
 
  For those of you who wish to attack me on this, I must insist that you
read my proposal, _in its entirety_.  I am re-posting the article in case
you deleted it.
 
 
  I want the net to continue to function as is, with further extensions.
  I want to be able to let my kids (when I have them) on this same net, w/o
    being asked "What's bestiality?"
  I am not about to demand that net users modify their behavior to
    accomdate me.
  I want a system in place so that sysops aren't forced to constantly
    overlook their entire system in order to avoid legal hassles.
 
 
Nathan
 
A nation that fears guns in the hands of its citzens.... should.






From nzook at math.utexas.edu  Thu Jul 28 20:31:10 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Thu, 28 Jul 94 20:31:10 PDT
Subject: NYET objections
Message-ID: <9407290327.AA16173@owl.ma.utexas.edu>


Subject: NYET objections
 
There were two objections raised so far that could actually apply.
 
1) Kids will talk about what they want to talk about.
 
That's true, unavoidable, etc etc etc.  Also irrelevant.  I'm not talking
about censoring what leaves a home.  I'm talking about parents themselves
limiting what comes in.  I'm talking about a parent deciding that Jonny
doesn't need to know a.s.b even exists.  If a parent decides that some
newsgroup or some file system contains info they don't want coming in, they
kill it themselves, from their own home, for their own kids.  ONLY.
 
2) What about crossposts?
 
I intended to specifically mention crossposts.  A message that was
crossposted from/to a forbidden group is itself not displayed.
 





From hfinney at shell.portal.com  Thu Jul 28 20:45:12 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 28 Jul 94 20:45:12 PDT
Subject: What can one do for remail operators?
In-Reply-To: <2E37C904@mspost.dr.att.com>
Message-ID: <199407290344.UAA09478@jobe.shell.portal.com>


Philippe Nave <pdn at msmail.dr.att.com> writes:

>I think the single most important thing we could do for remailer operators
>would be to figure out how to make the remailers *truly* *anonymous*. That
>is, we need a net.hack of some sort that allows remailers to send their
>messages in a way that leaves no trace whatsoever of the original poster
>*and* leaves no trace of the remailer itself.

Hmmm...  If you could do this, you wouldn't need remailers, would you?
This is what remailers are for.

Hal





From hfinney at shell.portal.com  Thu Jul 28 20:50:33 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 28 Jul 94 20:50:33 PDT
Subject: Remailer ideas (Was: Re: Latency vs. Reordering)
In-Reply-To: <9407281831.AB19187@ralph.sybgate.sybase.com>
Message-ID: <199407290350.UAA09763@jobe.shell.portal.com>


jamiel at sybase.com (Jamie Lawrence) writes:

>I was thinking some about remailers and means to create more
>effective ones. I think the idea of padding messages has been
>kicked around (has anyone implemented it?), but what about random
>compression? Some messages are compressed, others are padded, some
>are left alone, perhaps shooting for a median message size
>(everything coming from this mailer tries to be 9k, or as close as
>possible). Of course, this requires a standard so that other
>remailers downstream can make the message readable.

The real problem to be solved is this: given a set of input messages,
and a set of output messages which represent decryptions of the input
ones (along with perhaps a bit of extra processing), make it impossible
to tell which output messages go with which input ones.  Clearly, if the
messages are of widely disparate sizes, and output messages are similar
size to input messages, that won't do.  That is where the idea of padding,
and of standardized messages sizes, comes from.

Hal





From hfinney at shell.portal.com  Thu Jul 28 21:07:26 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 28 Jul 94 21:07:26 PDT
Subject: Catch-22
In-Reply-To: <9407282220.AA19733@debbie.telos.com>
Message-ID: <199407290406.VAA11397@jobe.shell.portal.com>


trollins at debbie.telos.com (Tom Rollins) writes:

>Well,
>Since E-mailing a few copys of my 3DEA-PGP.ZIP file
>and having said file posted on two FTP sites.
>"ftp.wimsey.bc.ca" and "ripem.msu.edu"
>It seems that the tax man sees $ in his eyes.
>I received a nice package with letter from...

>    United States Department of State
>    Bureau of Politico-Militart Affairs
>    Office of Defence Trade Controls

That's interesting that they went to the effort to track you down.
Do you have any idea of how they found out about your package?  Was
that the one that started all the fooferaw on sci.crypt with PRZ
upset about someone shipping a modified version of his program?

I don't know what the legalities are of registering when you are just
doing this stuff for fun.  Talking to a lawyer will probably cost you
several hundred dollars but that may be the wisest course.  It's not
impossible that you could be charged with felony violation of the Arms
Export Control Act, with penalties up to one million dollars and ten years
in prison.  The few months I spent doing a little work on PGP in my
spare time have cost me $1000 in legal fees just to retain a lawyer and
have him keep track of the possibility of prosecution.  It's sickening,
but you can't be too careful these days.  You can certainly see where
Pr0duct Cypher and our other anonymous/pseudonymous posters are coming
from.  Good luck!

Hal





From rarachel at prism.poly.edu  Thu Jul 28 22:00:50 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Thu, 28 Jul 94 22:00:50 PDT
Subject: Cryptosplit note
In-Reply-To: <199407271608.JAA15281@jobe.shell.portal.com>
Message-ID: <9407290447.AA01082@prism.poly.edu>


This is precisely what I like about cypherpunks.  I came up with an urge to
write a simple crypto split beast, and in posting it and publishing it, I
have caused others to polish up their old code, and post up far better
software. :-)

I love this list. :-)  Whoever said that cypherpunks don't write code was a
fool. :-)





From roy at sendai.cybrspc.mn.org  Thu Jul 28 22:05:21 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 28 Jul 94 22:05:21 PDT
Subject: The penet compromise
Message-ID: <940728.224039.3x8.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

I wrote earlier that I thought the penet attack was a forked strategy
intended to out anon users and flood anon.penet.fi.  Now I'm not so sure
it was forked.

I remember trying an experiment a while back, where I posted a message
to alt.test and saved all the replies.  There were less than a dozen.
misc.test provides much better response.

That lessens the probable impact of the return traffic to a rough
multiplier of 10.  And given the time spread (my experiment yielded
replies over 4 days), I don't know if this can be counted on to yield a
denial-of-service attack.  (I suppose it's possible the perp might be
trying to spam penet in the original sense, by trying to overrun
arbitrary limits in the server)

That leaves outing as the motive.  Now I'm wondering if the idea is to
out as many people as possible, or if the perp is searching for
a particular party or parties.  The formation of the messages (from
reports... I don't get alt.test locally) appears tailored for some kind
of automated data collection.
- -- 
       Roy M. Silvernail         [ ]  roy at sendai.cybrspc.mn.org
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org
         These are, of course, my opinions (and my machines)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjh9+hvikii9febJAQFMqwP7B1fmRFT2BHSh1N4PseiexsxZOcQ4xxJz
HzddvlkcditxGjdOUMD3HAzosIKr1IBj0mk1N9bnE2L6nBR4L6583wF551CTOEVD
h9SvPp10N+FDT34DmYsb9yGoL7OXMK5Bov76++liE16NEaIdI5YvspCZ1hdcjzH0
Zhq2tV+Vhhw=
=Frx+
-----END PGP SIGNATURE-----






From cactus at bb.com  Thu Jul 28 22:27:34 1994
From: cactus at bb.com (L. Todd Masco)
Date: Thu, 28 Jul 94 22:27:34 PDT
Subject: NYET, etc.
Message-ID: <199407290532.BAA22010@bb.com>



I, for one, believe that the net is unstoppable -- and that no attempt to
 censor it will work in the long run (or in the short run), short of
 making networking computers illegal and unpopular.  If people want
 to communicate, they will -- it's no different than day-to-day conversation
 in realspace: you can't monitor an entire world of individuals, short of
 pretty hefty AI -- even with no encryption.  

It's going to be a long and bloody process while people figure this out,
 though, and I'm not sure how recognizable our society will be once the
 message gets through.  I'm considering moving to New Zealand for the
 duration.

Or at least Texas.  [But I'll need money first.  Buy some e-books. :)]
--
L. Todd Masco  | Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | "Information wants to be free, but authors want to be paid."





From rarachel at prism.poly.edu  Thu Jul 28 22:53:32 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Thu, 28 Jul 94 22:53:32 PDT
Subject: XSplit & N/M alternatives
In-Reply-To: <RHdDkaa0iMHR069yn@ouray.denver.colorado.edu>
Message-ID: <9407290539.AA02407@prism.poly.edu>


Re: forcing text only...

Welp, you can simply modify the sources for it yourself to do this.

First, check to see if the character you've read is a control.  If it is
leave it alone and don't encrypt it.  Then if it's an alphanumeric character,
take the random number you've just read and do a binary AND operation on it
with a number less than 31.  Say 31 should suffice.

This should do the trick for what you want... But you should know that it will
kill the fuck out any security you might have ever had.

The best solution is to first ZIP up the file you want to XSPLIT, then use
XSPLIT on it, and feed the outputs of XSPLIT to something like UUENCODE...





From rarachel at prism.poly.edu  Thu Jul 28 22:55:56 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Thu, 28 Jul 94 22:55:56 PDT
Subject: XSPLIT now own ftp.wimsey.bc.ca
In-Reply-To: <199407271438.PAA29976@an-teallach.com>
Message-ID: <9407290542.AA02521@prism.poly.edu>


> Where do you get your random numbers?  (This could be susceptible to
> the usual PRNG reverse-engineering techniques...)

Normally from lrand() or whatever.  This is of course weak, but there are
hooks for plugging in a hardware random number generator via a device
driver.  It can also take a file of random numbers and use that.

Eventually when I come across some BBS sources I may plug those into XSPLIT
and WNSTORM which uses the same random grabber functions.
 





From rarachel at prism.poly.edu  Thu Jul 28 23:00:54 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Thu, 28 Jul 94 23:00:54 PDT
Subject: XSPLIT problem
In-Reply-To: <9407282012.AA20371@prism.poly.edu>
Message-ID: <9407290547.AA02600@prism.poly.edu>


I'll look into this...

Basically I cut this code out of WNSTORM where it works correctly.  Since I
wrote this very quickly, you can tell I did minimal debugging on it...

argv[2][0] should be '-'
argv[2][1] should be 'R'
argv[2][2] should be 'F' 
argv[2][3] should be ':'
argv[2][4]... should be the random file.

Try it without the '-' infront of RF: and see if it makes a difference.

Meanwhile I'll check this out...





From greg at ideath.goldenbear.com  Thu Jul 28 23:23:03 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Thu, 28 Jul 94 23:23:03 PDT
Subject: NYET, coercion, and censorship
Message-ID: <m0qTl4Y-0005LfC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


Nathan Zook writes to complain that his "NYET" proposal hasn't
attracted the character of criticism he'd hoped for.

He explains that he's a "pro-electronic privacy religious rightist". 

He is using the words 'pro-electronic privacy' in a way that is new
to me; I have a hard time attaching them to a person who wants to
regulate the policies and recordkeeping of every sysadmin in America,
who wants to make disclosure of name (which I assume means "real name",
or "birth-certificate-name", or "drivers'-license-name", or whatever)
and age mandatory for *every* user of an online system, who wants to
criminalize false disclosure of the above, and criminalize attempts
to "tamper" with the above system.

Don't ever let anyone tell you that only left-wing folks are interested
in getting their regulatory little fingers into every last corner of
human existence, or that all right-wing folks have great respect for
individual property rights and personal freedom. 

In addition to its regulatory burden on sysops and adult users, the
proposal seems likely to eliminate all access for people under 18
whose parents aren't involved enough in their lives to want to 
sign onto every BBS their child is interested in. This may not be
a particularly onerous burden for kids with involved and understanding
parents - but kids whose parents are either disintersted or actively
hostile to computer/modem use aren't likely to get far. These are the
kids I think most likely to benefit from the sort of intellectual 
breadth and depth (ha ha, ok, so it's better than TV, at least) 
available on the Net. 

> I believe that such a system would protect the full free 
> expression currently enjoyed by the net, while reaffirming 
> parental responsibility in the upbringing of their children.  

I'm not sure that the burdens created are justified by simply
"reaffirming parental responsibility". You'll have to come up with
a much more compelling interest before you'll convince me. (And, 
hopefully, before your statutes would pass Constitutional muster.)

The goal of "beating ourselves up to save the police some work" 
doesn't get all that far with me, either. Perhaps we should just
go ahead and adopt Clipper, too - the legislated alternatives might
be worse. (Not.)

> frivolous.  Porno charges would then be MUCH more difficult to  
> press, since a jury could be told that specific steps were 
> being taken to  prevent access to minors.

This seems like the sort of thing individual sysadmins should be
able to assess themselves - whether the risk of prosecution was
more burdensome than taking steps to avoid it. Shouldn't rational
human beings be able to make their own choices about risk avoidance?

> attempts to censor the net.  Remember, we already have had a 
> censor for TV, movies, and radio.  It is not really a question 
> of _if_ but _who_ and at _what level_ will this  censoring take 
> place.

But we have not had a censor for books, personal letters, newspapers,
art, nor telephone calls. It *is* a question of whether censorship
will take place - and I'm not ready to concede that it will.

Your proposal burdens the privacy, property, and policy of sysadmins,
adult users, and non-adult users. It does so to ostensibly "reaffirm
parental responsibility", protect sysadmins from prosecution, and 
to adopt a submissive posture in the hopes that our benevolent
master the State won't take away more freedom than we've humbly
offered up as a sacrifice. Even if it does all that you say it will,
it'll just trade one sort of sysadmin legal threat (failure to
appropriately censor material) for another (failure to comply with
identification/registration/user access regulation). As a sysadmin
I'm much more scared of the latter. 

A cost/benefit analysis from my perspective says the proposal loses.

I do think there's some real merit to the suggestion folks have made
that you *start your own system* and do your own censorship, 
excising the naughty bits that nice kids shouldn't see. At least here
in Oregon, there are plenty of folks who seem ready to poke their 
own kids' eyes out rather than let them see two men holding hands -
I think there'd be a real market here for "sanitized Usenet". Look
at Tragedy - people keep signing up for the fucking thing, and a 
Netcom account costs only a wee bit more. Yow.


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLjib/33YhjZY3fMNAQFCGQP+OVMkPRT4f6pwxSunuEwUj88hsL+PC+Ui
2Z90xM8pFimIF43NRa8oPPSAZdsE2owsSj88eTevlbMB3Qs21w1oquXKt0n0shUw
ib/qEPUVibXAP1si7tJ8FPwoxPy2pkfUbkmaAwDDoOj72wn8wQ4HQm4Sz6qu5OXr
42URv1wg+ZI=
=oZT4
-----END PGP SIGNATURE-----




From ruf at osiris.cs.uow.edu.au  Thu Jul 28 23:24:19 1994
From: ruf at osiris.cs.uow.edu.au (Justin Lister)
Date: Thu, 28 Jul 94 23:24:19 PDT
Subject: who cypherpunks
Message-ID: <199407290622.AA03236@osiris.cs.uow.edu.au>


who cypherpunks
lists
info cypherpunks
end
-- 
+---------------------+--------------------------------------------------+
|  ____       ___     | Justin Lister                 ruf at cs.uow.edu.au  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-214-330 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |
+---------------------+--------------------------------------------------+





From daemon at anon.penet.fi  Thu Jul 28 22:22:31 1994
From: daemon at anon.penet.fi (System Daemon)
Date: Fri, 29 Jul 94 00:22:31 -0500
Subject: Anonymous code name allocated.
Message-ID: <9407290434.AA12732@anon.penet.fi>


You have sent a message using the anonymous contact service.
You have been allocated the code name an118216.
You can be reached anonymously using the address
an118216 at anon.penet.fi.

If you want to use a nickname, please send a message to
nick at anon.penet.fi, with a Subject: field containing your nickname.

For instructions, send a message to help at anon.penet.fi.



Folks, we GOTTA do something about this...

Nathan





From lcottrell at popmail.ucsd.edu  Fri Jul 29 00:39:38 1994
From: lcottrell at popmail.ucsd.edu (Lance Cottrell)
Date: Fri, 29 Jul 94 00:39:38 PDT
Subject: The penet compromise
Message-ID: <199407290739.AAA28284@ucsd.edu>


-----BEGIN PGP SIGNED MESSAGE-----

How many of us have suffered from this attack? I just recieved a message
indicating an annon ID had been created for this account. The account I
acctualy have an anon ID for has not been affected as far as I know. Since
this account, and not the other, is used for posting to Cypherpunks I
suspect that the attacker is using a list of recent posters (I did post
from the other account to this group in the distant past).

Is there any remidy we can use? I gather there is no way to invalidate an
anonymous ID. I guess I will just assign a password and not annon mail from
this account. :(
Has Julf been contacted about this?

My anon ID from this attack is: an118079 at anon.penet.fi
I will not be using this ID, and will have it revoked ASAP.
Anything from that account is not from me. Check the signature.
Let me know if it is used.
-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLji/11Vkk3dax7hlAQEIKAP+MHP7BJPfaOBOmo3XGEuNSG2vzKd0pwXb
1KIYgj6GML274x12DIy3LFCldnqVl9dxqY7FDxGqHXtnGE7HiBzJ/sCuMomDcrep
IGE9hYgx33NKHh5/ZjSeCU3LlFfsg5dO1T5uAj++WnY3UD6Nih1bJ5jFr8PY0fsZ
TVRKSP4xk/s=
=0duW
-----END PGP SIGNATURE-----

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







From wcs at anchor.ho.att.com  Fri Jul 29 00:53:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 29 Jul 94 00:53:36 PDT
Subject: Microsoft, Master-Keys, and DMS
Message-ID: <9407290751.AA29544@anchor.ho.att.com>


Perry writes:
> As I've noted, according to a reliable source, Microsoft is a vendor
> of software for DMS, so although its not part of the products Merriman
> is mentioning, there are key escrow features in some software being
> delivered by Microsoft.

I've heard on the net that the Defense Messaging System (DMS) will be using Tessera cards,
but I really don't understand how they could use a key-escrow* system for classified data,
which is what the DMS is designed to carry.  After all, that would mean that the
classified data would be  accessible to people without a direct need to know,
which is non-kosher.  

At minimum, the master key for each card would have to be classified at the 
maximum level the card is authorized for (non-surprising), and the Key Generating Bureau's
Family keys would have to be classified at the maximum level *any* cards using it 
are authorized for (or different family keys for each level, I suppose, which has the
added benefit of making different-level cards non-interoperable.)  But making that
data classified means that classified data needs to be stored on the card,
which either means handling it as classified material (awkward), or putting *lots* of trust in 
the chip's tamperproofnesss (doubtful).

Alternatively, there may be some way to get Tessera cards to do Skipjack encryption
without sending the wiretap block at the beginning of the conversation,
either by simply not doing it, or by superencrypting that block for transmission
(which is the classic Clipperphone hack known since the beginning.)

		Bill





From wcs at anchor.ho.att.com  Fri Jul 29 00:56:29 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 29 Jul 94 00:56:29 PDT
Subject: Denning and Walker on SKE and International Escrow
Message-ID: <9407290754.AA29570@anchor.ho.att.com>


> >        International Cryptography Institute 1994: Global Challenges
> >                               Presented by
> >             The National Intellectual Property Law Institute 
> >
> >The International Cryptography Institute will focus on problems and
> >challenges associated with the use of cryptography within nations and
> >for international communications.  The Institute will address such

[Denning/Walker/Freeh agenda deleted]

Out of curiousity, does anyone know if this "Institute" was pre-existing,
or if it was put together for the purpose of having a good academic-sounding
name for a whitewash conference?  [I suppose this could be compared to 
pseudospoofing.....]

				Bill





From greg at ideath.goldenbear.com  Fri Jul 29 01:07:17 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 29 Jul 94 01:07:17 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <9407290326.AA16170@owl.ma.utexas.edu>
Message-ID: <m0qTmUy-0005LfC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


>    Look at the system.  Imagine you were trying to sue/prosecute a sysop who 
>    utilized such a system.  One what basis could you attack?  All decisions
>    to allow access were determined by the parent.  The sysop genuinely
>    attempts to verify that adults are adults.

"Reasonable mistake" as to the age of a minor is already an affirmative
defense in Oregon with respect to a prosecution for furnishing/distributing
obscene material to a minor. ORS 167.085(4). If you're really excited 
about this, you might look at _Ginsberg v. New York_, 398 U.S. 629. A
little poking around makes it look like that's the lead case re
prosecutions for furnishing obscenity to minors. It includes as an
appendix a list of 35 states' "furnishing obscenity to minors" statutes,
circa 1968 (cites only).

In Oregon, it looks like a sysadmin would need to know or have good reason
to know (a) that the material furnished was obscene, and (b) that the person
the material was furnished to was a minor. The standard of "obscenity" for
what minors can see/can't see may be stricter than the traditional Miller
test (Ginsberg) but can't be so strict as "no nudity regardless of context",
at least here in Oregon.


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLjixbX3YhjZY3fMNAQGqEAP+Nlvec4RwuwRFYjOfHWm3GU6PFWHwVvtq
zWIuTm+RzcOOKQPF4VOgZNgMW6Cviwg4DQ1VeTHh58mrqx12G25ZvQzBtSDnS3fb
7wWD+hIWpNQtWIGW5USSb+7hx3f9MPBW9an2yl0jyAo9PNawwHtD6lPMS1Abk9qv
eOWvsQ5VV9s=
=eOS+
-----END PGP SIGNATURE-----




From tcmay at localhost.netcom.com  Fri Jul 29 01:12:17 1994
From: tcmay at localhost.netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 01:12:17 PDT
Subject: No SKE in Daytona and other goodies
Message-ID: <199407290812.BAA11924@netcom2.netcom.com>



" that one guy" wrote:

>1) I've got Daytona running on a machine right next to me. It doesn't
>feature any type of key escrow. Come to think of it, it doesn't
>support data encryption.
>
>The version I have is build 683, which is supposed to be the
>next-to-last, so it's unlikely MS will suddenly start adding new
>stuff, especially since they're already late.

Oh please! Just how many times am I supposed to repeat my point that I make
no claims that any imminent release of Chicago or Daytona or System 7.2 is
likely to have SKE included? I've pointed out that the TIS algorithm is
only now being coded, but that the *general field* of key escrow seems to
involve some behind-the-scenes manouverings which should give us all pause.

Saying that "version 683" doesn't have SKE is beside the point.

The real issue is just how all the work on SKE described in the Denning
conference coming up in September (the full agenda is posted in the crypto
newsgroups) is to be implemented if *not* by the OS and system software
vendors.

The Microsoft guy who wrote the long letter to me on the various issues
involved, the tradeoffs, the export issue (apparently SKE will allow some
products to be exported that would otherwise be illegal to export), etc.,
is clearly working on this key escrow business. Only time will tell if
Microsoft has ever met with NIST/NSA on software key escrow...if they have,
and pressures were put on MS to comply with the new scheme, then we'll all
have reason to worry.

If Microsoft has never met with NIST/NSA or Denning or TIS on this matter,
and was only pursuing SKE research on its own initiative, without any
incentives or threats from the government, then I will withdraw my
speculations and cheer Microsoft on.

(The same thing applies to Novell, Apple, etc. I'm not picking on
Microsoft...I've just heard more substantive comments from them than from
other companies.)

I once again urge Microsoft to make this situation clearer. And I don't
mean with a predictable, pro forma, "We have no intentions of including
software key escrow at this time." Such corporatespeak comments are
useless.

We need to see a public debate on software key escrow, regardless of
Microsoft's involvement one way or another. And we shouldn't wait until the
press conference is held to announce the program!


--Tim May

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From wcs at anchor.ho.att.com  Fri Jul 29 01:15:30 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 29 Jul 94 01:15:30 PDT
Subject: NYET, coercion, and censorship
Message-ID: <9407290813.AA29694@anchor.ho.att.com>


The goal of wanting to allow one's kids to read the net without them being exposed to 
"adult material" that they're not old enough to deal with is not unreasonable,
though I know people with a variety of attitudes toward that aspect of child-raising.
One way to implement it is the heavy-duty authentication of adults vs kids, with the
network infrastructure designed to authenticate everything so you can identify all posters,
etc.  Most of us are probably against that :-)  (By the way, similar sorts of things have been
proposed by the "get schools on the information highway" movement.)

But there's another way to do it, taking an end-to-end approach, using PGP tools.
Give all the kids who want to participate PGP keys, with a web-of-trust created for
certifying a web of "good kids" (you can have the center of the web be the parents' organization,
or your churches, or PTAs, or Kidsnet or whatever), and use tools that only allow them to 
receive PGP-signed messages - shouldn't be too hard to modify a web client, nntp server,
or mail-wrapper to do it, and it doesn't force any structure on the rest of the net.
You also have to modify the tools to sign messages they originate.

Now, to make it possible for your kids to find enough screened material to be interesting,
you'll have to organize a lot of people, but that's inherently part of the job.
Alternatively, you can build gateways from "trusted" information sources;
if Prodigy's censorship is adequate, gate in prodigy messages.  If Clarinet news is
something you consider reasonable, since it's almost all wire-service news,
then gateway that into your net as well, if you can find a way to satisfy licensing.
If you want to add "well-behaved adults", you can add them too, though you may want to leave your 
net tools flexible enough that they can also read the open network.

That way, we can all coexist, and it puts the burden on the people who want special services,
rather than having them force everyone else's tools and policies to change.
It's also more honest, by pointing out to the users that they're getting a special
pre-screened service, rather than implying that the rest of the world wanted a fully-controlled
network.

			Bill
			





From trollins at debbie.telos.com  Fri Jul 29 02:10:25 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Fri, 29 Jul 94 02:10:25 PDT
Subject: Catch-22
Message-ID: <9407290910.AA11410@debbie.telos.com>


>From Hal <hfinney at shell.portal.com>
>trollins at debbie.telos.com (Tom Rollins) writes:
>>Well,
>>I received a nice package with letter from...

>>    United States Department of State
>>    Bureau of Politico-Militart Affairs
>>    Office of Defence Trade Controls

>That's interesting that they went to the effort to track you down.
>Do you have any idea of how they found out about your package?  Was
>that the one that started all the fooferaw on sci.crypt with PRZ
>upset about someone shipping a modified version of his program?

Don't know how they found out about the package.
Yes, that was the package that started the fluff.

-tom






From Heynowiko at aol.com  Fri Jul 29 02:19:40 1994
From: Heynowiko at aol.com (Heynowiko at aol.com)
Date: Fri, 29 Jul 94 02:19:40 PDT
Subject: big bro
Message-ID: <9407290519.tn338065@aol.com>


Do you have any interesting government e-mail addersses?






From gtoal at an-teallach.com  Fri Jul 29 04:32:52 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 29 Jul 94 04:32:52 PDT
Subject: Just say NYET to kneejerking
Message-ID: <199407291131.MAA10550@an-teallach.com>


	I must admit that I'm disappointed.  I figured that I would take some hits,
	but for people to only scan a post before reaching for the lighter...

Don't be such a condescending shit.  We read your post clearly enough,
thank you very much. Typical control-freak crap.  If you want your
little xtian kids to be namby-pamby'd on the net, start up your own
business and offer them restricted access yourself, but don't try to
tell the rest of us how to run our systems.  It's the responsibility
of the parents to restrict the children's access, not the net.  I've
no more against a Falwell-style BBS than I have against their loony
TV channels, just don't force me to have to use one.  By all means
encourage proper upstanding xtian parents to fund a suitable system for
their own children to use, but lay off the regulation bullshit.  That
was lies disaster for free speech everywhere.

G
PS There was a good article on the US xtian right-wing's attempts to
infiltrate Republican politics in the Guardian, Mon July 25. They have
a good quotation from Ralph Reed, the exec director of the Christian
Coalition: "I want to be invisible, " (talking about their political
manoeuvering), "I paint my face and travel at night.  You don't know
it's over until you're in a body bag.  You don't know it's over until
election night."

Friends like you, and Schafly, we can do without, thank you Nathan.





From gtoal at an-teallach.com  Fri Jul 29 04:36:04 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 29 Jul 94 04:36:04 PDT
Subject: Catch-22
Message-ID: <199407291135.MAA10865@an-teallach.com>


	>    United States Department of State
	>    Bureau of Politico-Militart Affairs
	>    Office of Defence Trade Controls

	That's interesting that they went to the effort to track you down.
	Do you have any idea of how they found out about your package?  Was
	that the one that started all the fooferaw on sci.crypt with PRZ
	upset about someone shipping a modified version of his program?

I doubt very much they tracked him down.  I imagine some two-faced
back-stabbing shit on sci.crypt or cypherpunks shopped him.  I didn't
agree with his attitude over the PGP hacks either, but this sort of
in-fighting is just going too far.  I hope some FOIA someday turns
up the name of the back-stabbing bastard.  Personally I have a 
shortlist of two.

G





From julf at penet.fi  Fri Jul 29 05:34:12 1994
From: julf at penet.fi (Johan Helsingius)
Date: Fri, 29 Jul 94 05:34:12 PDT
Subject: Tuna fish and spam sandwich
In-Reply-To: <Pine.3.89.9407282053.A17233-0100000@welchlink.welch.jhu.edu>
Message-ID: <199407291233.AA27548@lassie.eunet.fi>



Hmm. Maybe I should rejoin the cypherpunks list, after all..

> Does this form of "lunch-sack" attack really work?  By spamming penet.fi
> with "tuna fish" messages with forged From: lines can one really get the
> true names and corresponding anon acct numbers of people from a list of 
> addresses?

It does. But only if the user hasn't set a password. That's why I implemented
the password feature! I have also zapped all queued-up "tuna" messages.

But the whole current server is getting to be a horrible patchwork. I am
working on a total redesign/rewrite, as well as upgrading the machine and
the connection, to eliminate the delays and allow PGP. But to do all that,
I am going to need sponsors/support. Preliminary discussions started
with a couple of organisations.

	Julf






From gtoal at an-teallach.com  Fri Jul 29 05:54:42 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 29 Jul 94 05:54:42 PDT
Subject: penet hack
Message-ID: <199407291254.NAA14151@an-teallach.com>


Does anyone know what all these names have in common?  These are
some of the userids that the person hacking penet has been trying
to find.  They don't all look like either cypherpunks or usenet
crypto people to me.

G
angilong at bach.seattleu.edu
angilong at bach.seattleu.edu
archer at elysium.esd.sgi.com
armond at delphi.com
anon09e3 at nyx.cs.du.edu
aross at oregon.uoregon.edu
asg at jupiter.sun.csd.unb.ca
asuter at Xenon.Stanford.EDU
aw54 at aol.com
barrett at iastate.edu
best at anasazi.com
bjeffrey at crl.com
brooking at lynx.navo.navy.mil
cj419 at aol.com
ckalina at gwis.circ.gwu.edu
cjburke at io.com
clamen at CS.CMU.EDU
conover at max.tiac.net
deniero at ace.com
blackadd at news.delphi.com
c_robert at sacam.OREN.ORTN.EDU
christopher.klepacz at daytonoh.ncr.com
eba at netcom.com
dsm at iti-oh.com
dtwede at med.umich.edu
dw627 at cleveland.Freenet.Edu
dspiegel at oucsace.cs.ohiou.edu
ecsd at well.sf.ca.us
133an at ppsdev1.sch.ge.com
mwilson at ncratl.AtlantaGA.NCR.COM
barbose at netcom.com
1l26coop at bnr.ca
8226 at suzie.tccn.com
860099w at eagle.acadiau.ca
AHALL at FMRCO.COM@roundtbl.sccsi.com
AXSDL at ASUACAD.BITNET
=o=@remarque.berkeley.edu
895822ja at cent.gla.ac.uk
1l26coop at bnr.ca
Bill.Wenzel at f1571.n363.z1.fidonet.org
C476014 at mizzou1.missouri.edu
af786 at cleveland.Freenet.Edu
acm at kpc.com
ecsd at well.sf.ca.us
eddy at crl.com
ed at twain.ucs.umass.edu
eeyimkn at unicorn.nott.ac.uk
ejh at larry.gsfc.nasa.gov
edward.rhodes at nccbbs.network23.com
eris at bga.com
energia at uxa.cso.uiuc.edu
ablow at mentor.sdsu.edu
etc at po.CWRU.Edu/hj
ejohnso8 at mason1.gmu.edu
ag848 at cleveland.Freenet.Edu
elliott at medea.princeton.edu
elyse.zois at syncomm.com
evansmp at mb52112.aston.ac.uk
eeb1 at kimbark.uchicago.edu
evansmp at mb52112.aston.ac.uk
ewill at wv.mentorg.com
elcid at iastate.edu
adrianrc at astro.ocis.temple.edu
exutpsc at exu.ericsson.se
fallous at ksu.ksu.edu
ez022854 at dale.ucdavis.edu
evrwrite at powergrid.electriciti.com
etellefsen at lehman.com
eylerjs at ctrvx1.vanderbilt.edu
farthing at leland.Stanford.EDU
fergie at netcom.com
felinoid at ccnet.com
fishe at casbah.acns.nwu.edu
foleye at viper.CS.ORST.EDU
flash at austin.lockheed.com
etc at po.CWRU.Edu
frazzle at aol.com
fjc at gracie.atl.hp.com
fsjsd at acad3.alaska.edu
fwp at fwpbbs.mcs.com
gails at denebs.cray.com
fwells at pmafire.inel.gov
gannon at sbphy.physics.ucsb.edu
garvin+ at pitt.edu
gibson at bmrl.med.uiuc.edu
ggentry at kuhub.cc.ukans.edu
guenther at kirk.fmi.uni-passau.de
jbrown at apollo3.com
jks2x at fermi.clas.Virginia.EDU
jmc3k at honi2.acc.Virginia.EDU
ajc1 at mail.ast.cam.ac.uk
jar41610 at uxa.cso.uiuc.edu
kenh at YaleADS.CIS.Yale.Edu
lange at dseg.ti.com
ahall at fmrco.com
ak8188 at albnyvms.bitnet
ak877 at cleveland.Freenet.Edu
fj at cwi.nl
lee at g1.rmc.ca





From paul at poboy.b17c.ingr.com  Fri Jul 29 06:00:44 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Fri, 29 Jul 94 06:00:44 PDT
Subject: No SKE in Daytona and other goodies (fwd)
Message-ID: <199407291301.AA08440@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

Tim May disses "that one guy" thusly:

> Oh please! Just how many times am I supposed to repeat my point that I make
> no claims that any imminent release of Chicago or Daytona or System 7.2 is
> likely to have SKE included? I've pointed out that the TIS algorithm is
> only now being coded, but that the *general field* of key escrow seems to
> involve some behind-the-scenes manouverings which should give us all pause.

No doubt. But what does the OS provider gain from including encryption
in the OS? At present, customers aren't demanding it. Why add SKE at
all when no one's asking for it?

Apple is able to export System 7 Pro right now because it uses 40-bit
RC2/RC4 for some limited client-server stream encryption. It won't do
file or disk encryption.

> The real issue is just how all the work on SKE described in the Denning
> conference coming up in September (the full agenda is posted in the crypto
> newsgroups) is to be implemented if *not* by the OS and system software
> vendors.

Remember that all these vendors want to sell OSes *and* to control the
future of that particular technology. I'd bet that MS At Work is where
Microsoft is most interested.

FWIW I agree with Tim: it's time to start asking the OS vendors some
hard questions. I'll volunteer to talk to Apple. Tim & Blanc Weber
seem to have good wires into Microsoft.

Bill Stewart's suggestion about shareholder resolutions is a good one,
too, for those who are shareholders of the various companies.

Finally, never forget the power of "divide & conquer"; if MS does
something unpalatable, that gives Novell, Apple, et al a reason _not_
to do that same thing.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | "Information is the currency of democracy."
perobich at ingr.com           |     - some old guy named Thomas Jefferson
	       Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjj9wKfb4pLe9tolAQGNOAP/ToRXGcggXLxr+pOU0Zipt+FXTMFTs7M1
F6c7W/vuNcYX143GsdCu1QG7n7xyZdaBCMp/Z5K2dAI1Q1UaDkFmyrGa+Zr/uolO
ZjowvE7uXy1SN+7SmsizAznFetIVzVMgLPrU4wnMRpN+4nm8fQXJOEfopzVpdjA0
xslqhXxgGk0=
=NUxC
-----END PGP SIGNATURE-----





From perry at imsi.com  Fri Jul 29 06:48:43 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 29 Jul 94 06:48:43 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <199407291131.MAA10550@an-teallach.com>
Message-ID: <9407291348.AA04027@snark.imsi.com>



Graham Toal says:
> 	I must admit that I'm disappointed.  I figured that I would
>       take some hits, but for people to only scan a post before reaching
>       for the lighter...
> 
> Don't be such a condescending shit.  We read your post clearly enough,
> thank you very much. Typical control-freak crap.  If you want your
> little xtian kids to be namby-pamby'd on the net,

I believe Graham is being rather rude.

There is no excuse for being impolite. You can express your views
without vitriol -- you may indeed be able to get along with people
with views you do not share, and find that you are better off for it.

People who don't want their children exposed to the net have a concern
that is likely shared by a large number of people. Personally, I would
not try to protect my (as yet theoretical) children from the net (at
least not any but the smallest) because I feel that it is better to
explain the world to them and help them to develop defenses against
its dangers -- you can't always be there to defend them. However, I do
not wish to impose my child rearing opinions on others -- and neither
do I wish to have any restrictions posed on my use of the net
whatsoever, including bureaucratic registrations. If you wish to keep
your children from seeing everything that is out there, I would
suggest that you simply develop a service to restrict what they can
view to what you have vetted, or keep them using services like Prodigy
which are censored. Don't impose your views on the rest of us, no
matter how good the intent.

Perry






From ruf at osiris.cs.uow.edu.au  Fri Jul 29 06:59:18 1994
From: ruf at osiris.cs.uow.edu.au (Justin Lister)
Date: Fri, 29 Jul 94 06:59:18 PDT
Subject: penet hack
Message-ID: <199407291358.AA07378@osiris.cs.uow.edu.au>


>From the list I recognized barrett at iastate.edu the infamous -MB- from
comp.sys.amiga.advocacy, was to c.s.a.a what LD is to sci.crypt and 
cypherpunks.

He also appears on irc - so I tried tracking others on the list to see if 
the list was related to irc, didn't appear to be (though it is a good
source of user lists).

-- 
+---------------------+--------------------------------------------------+
|  ____       ___     | Justin Lister                 ruf at cs.uow.edu.au  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-214-330 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |
+---------------------+--------------------------------------------------+





From 7CF5048D at nowhere  Fri Jul 29 07:00:17 1994
From: 7CF5048D at nowhere (7CF5048D at nowhere)
Date: Fri, 29 Jul 94 07:00:17 PDT
Subject: Stealth ported to DOS & OS/2 part 1/2
Message-ID: <199407291338.AA05363@xtropia>



This is a pgp signed binary =pcstlth.zip
Not encrypted. part 1/2

This did not arrive, I think sending again.

-----BEGIN PGP MESSAGE, PART 01/02-----
Version: 2.6

iQCVAgUALjaioQ2Gnhl89QSNAQHeqAP7BPi9yx5o8rxbdwTly+VnHffINXpxjiQ+
Tkt0UiXMCka0aS5MQOWX7aJX3cc6Z8wAF4k/r8hltz+byYnGdI2M6S/V/cZk2Yhg
AYkASoQioZd/WaCzyE7RZujCoC+n38T0Vkqx1U1Ycoyu4Uls/1HJXpKgctcIbA/u
10dKT24JzN6txNJiC3Bjc3RsdGguemlwAAAAAFBLAwQUAAAAAABXVvscAAAAAAAA
AAAAAAAABAAAAERPUy9QSwMEFAAAAAgAF1f7HOhS4rs7AAAASQAAAAwAAABNQUtF
RklMRS5ET1NTVkjOzy3IzElVSMsvUkjKL8pJzEtRSFYw1jPg5SouSU3MKcnQS61I
teKEcZJ5uTiTkpMVdHOLFZDEAFBLAwQUAAAACADRbFMcfiTPpHoBAACBAgAADAAA
AE1BS0VGSUxFLk9SR01STWvrMBA8d3/FgnNowHHba3mBBuejhfTFkKT0VhR5E4vK
kpHl9OXfv5WtkF5ksTszOztWAgluPQntK/x4yh4hAdgs39aLLU6xHRqZRYD1fLme
rbZTvgZO3jlHxusLWsNHZ9Q/bLumsc5TmWJJR2UI93/fPvFoHYoBUQtZcT3F/Xbx
tXsvWMhblI6EJ/RUM124Cx6VphaVwQdfNykKU/aEYlUUs93rb0pFNeOCTEVYKkfS
WxZorDLsIyAPl7535ZI5K2dNzd7xLJwSB00ZbhjiflRLUelHaY0HimPKYCWU5bD0
bVAW4sqLYohmMu/35c/NLOSxt4nBbQyHEXPArlXmhCcpU85H2rq3FSbl+ZSrqAPo
XmVs0VFtz/3GmIxTFgqpNJ1ntYStcsh0ZUZiihy8F9+EyqMNSO3ticKqve9kGAI9
AyD+7Oe70f3wAMbA1zwfI5/9EuEWWzix19fBxfg2xgCZzOzz3ZU4kTj6E6CjlyAS
c/olCAD/AVBLAwQUAAAACAAXV/scgIKx2j4AAABMAAAADAAAAE1BS0VGSUxFLk9T
MlNWSM7PLcjMSVVIyy9SSMovyknMS1FIVijNS0ktUsgv1jfi5SouSU3MKcnQS61I
teKEcZJ5uTiTkpMVkPgAUEsDBBQAAAAAAA1W+xwAAAAAAAAAAAAAAAAEAAAAT1My
L1BLAwQUAAAACAColVcc7E0BbA4KAACRFgAABgAAAFJFQURNRY1YbW/cuBH+bP6K
6aGAbXR375xr70PfANe5JAvcJUGcBO2XFhQ1klhTpEBS3ijoj+/MUNrVxklRA4mt
F5Izzzwz84zUxcV9Ru1yBx9vdj9ANcEr9JH+1ymPkR5v/8ePUstim0BDsv3gEBrr
MkZoQoS3L9/CobOmg5SjHRKEpgHtHNgafbbNZH0LHeoao7KeVvQ62+AhB3CoHxGC
dxPkDgG9idOQsYZaZw3W03nlfUijzbrig0NUKWOrfWijHuhcGBPu4H1Hb9m0kY1k
udEeKoTO1mQHb2Z73SK9ocfaBkUe8EXGTxnmv+9uny9/al9/T75pP0GgHaPchzwN
9B+f1OsJTPBZW68ivRx6OVSO95DIcfaPjJTFA8ZEHh+6IFZFJKDwEU+2NpE2UHzJ
59DxOWsCtKBWzBGcaxSEwObdWVzoHPIwo68JPDo44uC0KQekTKt1rG2iZz3mLtQc
I4KNAqNmzDkgV7hrd3B7f7ffb3XswxixnIq9tu4a/iQR8RxX7eAQoqvhgPTH6GrF
ASe0JUZkACFQQxiQQ3sKK+8DoYCZ+DVkLwtGB0uu+ACqQR3ZPvIh2qQdud+FA8EV
2Z1IZ9C/0JCzBGaifQ4Mee4IhhmJIaRkyZCNQit7V2j0mAocLhiyvg20n+85TnXA
skwPQwzMx2ZlsjKh70dvjZB2w9ZTNDs9pOOuUxjFJkLkgbnOSaGB1g1MH6aLOp3h
XDisthdooRqLGf4yk0/sYhXo1q8UOHRVDFm93L9ITPLi5EFwWOLP5FinxCQko/OR
ORFgcHraKaXuyCLrOOhfSe5OJzBjjIQIhUxSskLGFRPbGTz87f65HHX/8d3v4YO3
n+CKL3VSaeTk75gHAkKJZR9ShkcdLWaLwjhedL0pT6sg4fbb29f3ewaZTMOY5AS+
Badb8v5lb73tKXL88BIap1sCZO8pIDUzIyx7SJApkARFv5HYzJb9eyR7VhTFTzlq
k2HJuqQkC/ky6znhmRC2xnrOa8n/y14/4CWd3ZRS0FAEkxzU60l5LBloOu3bOcOx
IdslxQiEuzvx8e7FL7cv7zmj+BXeslSYoFrk/JY9ikc7eOPpDdNZjzMarTGl0r18
/QHujlhtFk6oufjND2qu+VK5p2IY05SXX97d/cWYS3C0NduytoOf0TmXq0rDJGEW
T5i/ZMev99vnb+43QmXeWRjk7APSL0KRMO8TKEkTduDmp21lS81qOcZXM37wBX6J
WRyMGSN6g6VwKVuqqwvkhT0xABi5NJtKl0zF61I7efeDdW7ZXkXsw1yAt88/vN7/
XRhV6nABTfI97eBVGLAZnZs28EiWchRvdjegZDuCOKJDzaU1dSFy7oh/vAIIkFIG
sq2ss1my8EPSLaovsk+7g54S7aXJRTHC5nSs3OTkQLCyI4docymd69KuwpjpDaZE
GNuuVERd16fOK0uk1Rx7DgeTbla8TeBSz9VdZeyHEHWcSgJcJUS4R8KfzIe7QEGI
nkufC4frndSUnu0SAunYjlxSE/xRqYutgQta8MgiIHjtYNVqRgYsainOmSINw1g5
a+ABJ1qoL27r+mj4VY2NHl0Wa0ViLI+u6d3Hi48Yq5AQCgYrtnKsFxeXpG9sYUPk
EyPhsxvaYW66RcTYUopVxQjElMF0aKSuz7la24iGEJtgCMxfoSu9/du3L9++vX3/
aqkVHaq5oJ6W7BQo9fMnzRoqqVMVfh8WdFjyMPDCIm6+pbpTgEDy5ViugAzfpexg
iDbEpeeynQQ+O7XFBv5MN03EnHYUcvjPMTv+uqz+5tFmHbmr/fOfb69XASxZNegk
+OozRTYt1ReMdlx7+OG/lnuLcQ2ab1q3NeXiuEqszPqhJGwJdEkTfdb5rFmqehGY
wW04DRa+KO7MDzjBd/9gBuzr74ofi6oi285sXVmkT2vodvGAUFzZf27jGr4zCfTU
+FOzKqpPLcT/f00z37RI/WJ7m0slU2ea/oUosLlLJNt67nFcu/nW3P1XVlOQg+da
Z+xgmdHbArR6d397TFTRPc4dW0BJn9OapWJKDg+069JvRYtLM+eaVfhlm9K7B1re
TOd0XBUSPktoqD3bsj2ZLFQW/TNnTC4CEvi1ygXz8MQgNmGRjCwtN0eQ5c0hcuNh
YXbQ0VvfCvnLSCPGhkZk6KoEzfqBuyakcRhCzALTV0R2j4k7QyJobcFKSRxOgoqN
r6zn2rywSIajQuJVZoi1HY9WOahqJmOc46i5+C6jVA+6YVzITkPnk08bmAGQI7+V
2aJwj+1pzNLdQHSgTjCOFIZQ4455JgmwEa8zmo6VtONGl4JPK0E/hMzx1e6kFsSC
0hjUA07S+5P9jHCVp4G3cdM1PPunh9/BDVtU/nw2zzF/uPmRb9788OynaxFrFCHR
Hwt7WAIxHFwQaGcNA5rRWR3lkA1F4TIdR4ki9Rhj7doQybJeSRPjLVbNyojUZElY
0onczqPXGWXEtceUq5HA4IgcOutQFQYuquxs7NML2450FR4KWwvfji/oYUBN69RR
7jCWFOuJXimaaSn1RxWgW209jAS945CWMXsSCGp1ShW2nILGxyq150kbXr95Dx6N
wcSMlKFTNFWrY6VbXNTGDNtXeaRY8QlRCcMCZvkOUJdcQs6MVU7zljvJlpnp8wie
FKG6Gqp8vQ3NVipAr+NDsUJGr7QeD0QTzQXWhMg92k2KQbet544r81vUMjQtfrGG
eyKI1sV1KbG3JbO0pBUdG0WazVhIdShFafMNRwljhSmVrOAQdjYj+GC5MC3T8vob
C7s6k4ZZlWSM4JnkgEs9QC9GLEy3MplJ3Sb8Pg0YCQg2QXvtppRLVE1ovf2MinbT
6YuPNJsFz0oXicvM6LkOOGRxwNpOPhAwcUUS6TQrDC2BLFw/84N3PHWN0hSFd288
zh8LTMGdD5PYptWAwsODUJVO+ELNsi5WLLJnOVcoGr76uaXGYdZToYiuarSOv2mU
bmq6kIrKO7JJMm4t1eZKeiYM4YkmVAT/97kfZMyTuXqZ9TYnsbfkfo0OGXvyMwUy
jH5byUb+1oL1RvW6aFU+oGksxbmMknrIY8RSlHgQFctoUdRSCRNFm2vucmAZbxYh
sJwqcwVtzTDL/MclcAdX+6OvEt4zq7kBfcYYeAjFhsGpkE80jgCseYY46/tl4Hti
l5gjn3DOIprYF5HztU0PigtcPzqO/chADnagV0o/KAPqNWzZvDSP/PNQGOTDwGyl
kIQn9tTxFVP1N4pVu3Tvd8i12jyRVF/9XHosv3yC4U9OZRRfOIBlz7jakwyvi1BR
H+5h//72HT1uUwnc/rIvX5HA6cPEpSMFVkpM5TBW86zCEWKVwrgkdM2OC/aBQsbD
I382o4fJ1iVOdIgUPEY1swikHecPJkIwnp0etXWsGBRdS3x+HiOFSHto8gBJJlLe
nssM/aYt5R5Xygv5OfvcrNR/AVBLAwQUAAAACAAXV/scbBlkTEMRAACSMQAACQAA
AFNURUFMVEguQ71a/1PcuJL/eVKV/6FhX8IM8cDAsrvZsKSKTSChNiEUJC/3LqEo
ja2Z0cNjuWyZYd5u/vfrbkm27IEkW3d1qRRgW2q1Pt3qr9refPgAAF6L+FomYDTE
ep6rVEKVJbKAsS5SkSUQw0QXkOgSHoMut3e3Hj7Y3H74gGdvwoWRIjUz+OfO1gjG
S3gtswJ/itJUBQ3gQW/FEpDGHH9l2sBY4lI3ssBVccaHCzh5f3gOMouLZW6UzkDe
5rowUMhplQp6U0agJkxKZchKNTYR/so2jB+qzBacGFjoKk2Ifl5IY5aAXOQqwbk4
ABYCyYwrw3RmchnBlLjI5jIzJczEjSSaEko97xIwM5VNSySMUEjcw2IL/9Xbez9T
JU7Q00LMAf+Mdb4s1HRmWmjAzq+/7jEDDAQyOSmkTJeQqNIUCt/LJGJ6c52oicIn
3G2sC9ygwG/4gDLSZoaycYuVQAKqShoqSkh1NqXfOITpNHyURixxsDEiniElmrXU
FeixXOLDEpFO5Y3IEMc5w4nCssAynUISgzELAlA8SB9pJ3ILTjWiWhQ4c0kb15MJ
STXiBTJNE3Oco8YqVWZp5YfsiWuZsVLR0omYi6mkTeB0ArqBkmCKBX5B2WZu5wtd
JKWFKcHFZ8LwThbE/EKZGQraYlyrh4wRcEn6nSO9KidtwIVZpEynyuwoBGaqZQmL
gnAcEt2NgjjDgaQ/dqkC9CKDQpXXgQpsP3zw8MEPKK20SiT8VppE6a3Z8/BdbJa5
7LzDcaka88vw9STOTNodqqaZSN3Q7U04lgtI5ERlyoplUug5nL06Y1yV2ShhJkUi
i22RTnWBwMzhRhYlj3Xs8nQJLz6cnx+dvr/659H5xcm7015vdDvabT6fXxy2Pu00
n05eXl2c/PdRr9d76rhyH96ffzhiHTg+fHNx1F6vRx97ARUe0xs5CocwXhrpphBk
OKpXZbR9lE88E0WPBuwHMExTPRYp3IhCiXEq/f5KI4yKeyozPdz5WJcSDuxi+62P
sc5uZEYoIpE7R4gkIRVY+cbcTFQqrzIxl/BpZ7S7d9meyl91LrPV2ccnb456m2KS
+73g+KsZopbKoj+AIRiVsL4SkPJWmfa+brRKeuGUKiNDMKAhtLJ9ZNp/PnzQI9vQ
m+S6xDd22/yph+ueTGAhN24klEalKUy1AQHEODDjdtWemkC/3s0A/uSX9XSIRebm
Lwpl+LjRSZSFQNyZd7AziA5umin0er1JKeU1v4lglEawO9i375FVxGxiJJLkCft3
jh8N7D56vcWMWO7zxOFwAPyyl1cmhv4ogprEF3vYJlkiJ/Dh9OS/3D6OVSbSFBHP
UpVdQ413r+fe9GtRE6EfZJaQT7L0eiyg/g59+eLkeS5FgkjSoYzNeJjKbDpry5CF
UuCwK/poZtCPI2STRljtYOVopEWQBcpFB6GET5eI05+wg9hFsIeIwJd9L/CUFW/k
ZZ5ZrOidmxvDYxjdjn683K+FvJYNaNOFNFWR4cdfju0/O4LMS38fMniOC+FvQpol
SUttHsDuTz/v+8cnBzCVJu475C1Qji5+D6D6yDrTxsp0wGKFZ+Vq0DLjyP7tYWOs
zBhJ1zbDA4Gj9lu4Wjzb4+aivPZoMUQRlDM1MZE7LkgbHiOit8cvGsQcO7/R5h0a
RAd43DHDYeE+gB1+YpJeMF9Ie1I6JSGpn3/66cc7iI1GLXK7LXJP+YlY/MutVNNe
pUP/WrN391qk90Jiu4387IEi5MHKFd+5o8dTh0NSDcd5jIT6flOPgRgYwPPnFlN7
HJmp588995aboX2kF249vxpx4bXmdZUZMLNCV9MZ5NW4UNl0K5/m7AMpSBF5Xui8
UMJIKGVcSAPXctnxRycvr47P3729Oj18y27I+6U3R6ev3r+2305eksfqWPYsuUJq
Vyrpq8SrYRmRz2JVZO+wSfaWcOltqsSd5c1aGemJxtfKaOfkgr/aJ9xXx704z4Ef
EN3TD2/e1CZ9J4J4N6KzFYGK4Jr/iGtSVSkLlcCn3Z9+vqyt/zHuowVeYO+JEeBD
LLOb/vrZq7Ozw/ev1wdOurgm5PYgo5zY1pSmwN880YqXydCnx4+hD/T+Ez0Ody7h
4AA2Pn/eGMAAZ8XC8Kxo/fPndTu1RMllhuY7CCJYf1QGrK5H0Cxk4ZiQdwonFOP1
wPiwfcOv1jsEU6C/3ibsJ7Ym8a4nnq3SJLIoovUXgiLNSRdHlcE/HGIUT2/BM/bi
FEmsfc7cHgO34Vj0jsMG2Znh5MQ6VmkX4aB3ISk2TbW+JoKk8E5u7iz24x1w5pdY
H8DaARy9O/bncpcOJg4h6//7C+9Dy4UyMdnV3drBEz8X9dGJKDYfi3FKKcONjjk5
g1gWZgtqd9mLyeePbn/de8aP1gm13dxORFjVvtt5FRr5HEb8x3A4sB4c+mT5B7wX
1oV61hhpXu83fJ5V41TFfMSHMC3EGJTNdVruJGDw6d9jULHJBgW/wVP89eSJ4/Be
Bonw8AB2RgGT7/6IYCZRdihOgb+EYVHnlve5Tqq0KiMiZvM4QgCgVP+RNsanwW/P
Tlx43+zp2u6iljhs1r7YfnPeuM0haxs7ZKLrdu/NZyzSFJcwmrOzeiVnv3Cxa3v4
PaWPEnSWLiGT0upvKkoDP+/BWJmyme9Q6fctW/DLALbhqYvvFHuMzicUp8s1QsYv
rlUOVZbJOJalKJYupqnXcUqlrEqpOlK5W2A9Fxn2rM0is0wWKvQO9fyuNjjmrE74
QT0yteoylIldhr2y/+m9s/2Cu3oTHGkvD5L7yctmZ9YB6SpLrnCRA863PDDfyxzu
USXE31poJtzXkLhPW3oBQjYbcGMaopM4pTQr3KuP9xyLre3fcfTBn/3vFFXXBPwh
l2SAwRRVaSKqaFF1Z+Xk/z561nokQxCYgtVz8jUD9d326cPF0TnJcW2Vn71vMfC3
dZKOZlvkcZcwv/VBAWuq0aleSCQUB7pq/2iNqw0a81WaAv/37YgIykFbzVz23ehW
x4HC+jFpEhmZ4hk8Kj9n65Gl9T1K5M7QN0BwdO7Rpq6gDl15iGy0rSPFbKrHugp0
KZETUaXm/8TJfQdjX+oQoXPMbNDwYTbUswgmQqW2msuxgjKNtjkQ/Xn2UfSFKVR+
Zd1J2R/AM7iY+TKqHt8oXZU25ODaXKIpJ0K2KFVeuyNDK1vkVrNZG+i6cDXeDVNV
H8cq+oODZlI4Z78u/VeKuesI2g5rXl2xUQqtFg8oSnFFqaNpFWKY3DxXDTkXf1VZ
nVaQG1vMdCphLsuSKpXxTMZsoaWIZ5BT9dzcH3whAP+r2CuIaWRGRdeks2RtQ57W
NsSHkN2wZ0VHWUXr0srqWb3vpD5KbJXu/OLQcbNFh9YdMqQdumkfwvjooKxyrjG/
Oz1iAuNUx9ewZqvoiorsXPP10xbSluYzDSqRwhaJpa1PTXQxp1h4hhtbUP1KUMXa
znNFO6eIEZS6JmU0iLKsqCjs9drPUqWLfKjo/FG4uIisUUR/ZWQDCsOVX4qEtgPr
HOhYY5RXAPx4eH56cvrqGbylTgKun4G2VVYHBCswLgB8kHJWtFtTCI+TSx3qeOH9
rNALEAuxZFbtKMuYnmX6ihm2P62l8krK5odz9buMY53bB1YocAe48As6BxymtCqo
QRunzGXMjQxoARUO/x6k/qWrgNR9i3HxH9FEJIfuNY5mNUHMTmCmc8mtgusM8fKN
A0qiEk0pWwtxEofVHGr0tCCfaurCdJC9B5y8Obyu+B5Wt+no7tQ+OQCcQdohq9Gp
zXfRasB6PZ9HcPZHvcyjhDttj5Ko7rolkkGhhKNAMHOFKNKpBTIC3YVWNsRegncS
BqJfjTVdgJDYkOHubQZVFIpHo8eNKY+otBG1qzBNZHGHyW+igxVBkDy/IYG7BRB0
P76iqox+uMbfhT9c5h7oKefLCzlRtw3zje9qb6L7KXjgrBCerGwZ1znVi6i2kYIz
/VTOqY7BZpJqs7SZqcwkNSRrQ5sF1quc6cJQzkiGjbtlXDVAGouZimd+Drsshwjh
pUpI1TU1QylwESrdasyLn8PhB2Xzi9Ash8E0F2q6ivEtscUU61CI5zJu7zV9M5L5
LzU1OHAQClhNlhaQhv/P2YIKNGMJZUXJaDmp0q26xtPJ9HqO034/EEuT6q4dgLfH
/WYvzYAg27rPZNoQrjCBXHRl8oqa5jIwmMhyXc4h0KkCTU2joD7VzdboROmcqj9z
oTIylYkwwmaoQVyCI1sFkN39b0bAVOedCfxeh01eNdvBW3PKu1H7ycujw/uCo8P/
/+AoYOcr0RGj+VUMvxs0aKHWQqdJVeoy1IwiqjV4yelN4xONi8KG8O+qNFBSjSVM
Ir4PiXc6L3HOh6az7jZGKWzEVPOwEPq1FCowUndAAXenUMGkJnr50m4fnNKeqfJm
z72LFGGMnJLBElOhsjsSHJEkdXpD6a7lldOcTqE/SCtWO01cmw/bTdz5qFMgV7dv
tW3tQ5Ao0dsf1IQbmRdHV67a3PQRpvmV6yX4bqWr+WsS/ccmHKb6ngAj6fYHVdIo
bIp8JE4g2ZKexldIgYz+OOWJ1q6EdlNMyP6TFN21CQRxrb4hUfP6/u0ZNzOLOF8G
ndUI1rfNPN8u7bWiLbNue62c4d+5Vb/Juk8BQaNiPyjgu3H3VPHBT2JnXUpzf5G+
9ydjwN0PJEjKWvc9/CL7dojroVz5Boj//qmeCUPY4Roct0IG4FshbmDTDrEW2PVE
AsDWH5UNWFHIgEPtTpC7+FrtCLSEWoB2U52+N+HpW5cuk1gT7PRaK4z2BrRjCgp3
Rr4dWHd0mksTT6Cktk6yHnHM2OxUTPKmORNsd/Gk3Zhp7hKsitR2ZpjExqNyg0Ua
QWs7Xrq77RbMuwyqTN1G/jZAnXKq+Vwm1FBMlxFfcpjnhb7h9mJVKLPsaLq9XvDV
CwT4Pbwl0tRyeXsryVJ9W6EoTXj8zv7otgSsPd1DiF1Yjn/1g3Bi27dY2011qiS4
HmJ9Z8I2YTtJQv3dsXRhbEoru2nCPc0TF8hY2ra02L2mYd11EFh7knZSEDY3M92s
O3ok3I2um9G2Dc7t6KfBJuOVbbdmdDfN/tv3ZOg6Yb2aClbz0RtTdadGtTrldXV2
Joq+izlWGbKg1FpKHozW5lAjbLK4ex+3x+27Gyt3apAxvifQ1YDDjgY0JPfbda6G
aeh3C13cwnlyN7SukBlc5iHmmus83HU0dPuJ7wcEzRBilTyL2+mddxpaVxosNXvD
JPBT7OYdka6C7oUK6rVm5f7C6n2Fzm2Gr+zcNQIp7Eol3dYLTjJHg3XAdd+Fp64I
rEA7Iqjjw7i99hFfy6qNml/Kyrhz52qVhw4LkyAM6163CqrVnp417O7ewspNrOYi
FiUriI1lsx2aeIb/jl1tlb3DC3yuh35FStBcjUA+XmpeujTVZOJWpKSnL4ppHOGP
m+CaBz1+unRxHw1oVbo75epuVdvdFIlgM/GRHZKg20KRshiW0sx1IhHYd1e/n5we
nv9rsA/+5U7wsjk6nCDXh4du2hIaJQVzfK+2kKKpg9iB/dEvvzih2eum0L84eXVy
+j4K7yY2J9Sm6NRj4yY7XZrJRYFiMBRHt0vitKG1AyBoKC4gvOAT/rz8NLI3QYYb
tXurj+POPg+049Rly234enk4oKmc27xv42bjmX1sboAGPaRWiuRmxH5G51roN6YJ
P62+K3rfhC+Bc0O2rYEMbqdYAnyYWq0UDmsU545BKeH+GMFetCQ1sqh/pQ7SLrAO
hb1APXVVd66yqHZRIIyIm+IAOZdaHPYT1eWCA9a5q7lZ1lxtJk+ehA1I/OTWKp0P
cZWIzcRHn37dbk0Z/vrLllBWiouusBgwFLV6qZ6bIMWDMMfzq7aKOfeFndx/o0iI
1JlBtK3NGqHBSlL6P1BLAwQUAAAACADLHVsc1RPplrwKAABeGAAACwAAAFNURUFM
VEguTUFOjVjvj9y2Ef1s/hXsocDeobubXNrmQ9sEuJ5j54DENrx2kH5pwZVGK/Yo
UiCpWyvoH995Q2lX6x9FD7DvVityZt68Gb6hevZsl8m43Opfbrdf6/2ofyQf+X+T
8hD5683/+FFqXmyTNjrZrnekG+syRd2EqN+8fKOPra1anXK0fdKhabRxTtuafLbN
aP1Bt2Rqisp6XtGZbIPXOWhH5ol08G7UuSVNvopjn6nWtclGW8/2yvs6DTabPQyH
qFKmg/HhEE3PdvWQaKvftfyWTWvZSJZXxus96dbW7Ac2s505EL9hhtoGxRHgQ6YP
WU9/3989n/80vv6KYzN+1IF3jPJc57Hn/2CpM6Ougs/GehX55dCJUTHvdeLAER87
KYt7iokjPrZBvIrEQNETnX1tIm+g8BF22HzOhgEtqBV3BOeaBCFt8/YiL2yHI8zk
awaPDUfqnamKgZR5tYm1TfxdR7kNNXLEsHFi1IQ5EnJN28NW3+3uHx42JnZhiFSs
Umesu9F/lYx45NU4fQzR1fpI/MfgaoWEM9qSI3aAEah16AmpPacV++hQwEx4jRBl
wehoORQftGrIRPjHMUSbjOPw23BkuCLCiWyD/4WGg2UwE+9zBOS5ZRgmJPqQkmVH
1oqs7L2nygypwOFCxd4fAu/nO+SpDlSWmb6PAXxsFi6rKnTd4G0lpF3De85ma/p0
2nUMg/jEiDyC6ygKo3ldD/qALupsw7lwXGwv0Or9UNzwq8wxIcR94Ec/c+LI7WPI
6uXDiwSSlyCPgsOcf5BjWRKjkIztEzgRdO/MuFVK3bNH1iHpnynu1iRdDTEyIpwy
Kck9AVdK8DN4/ffdczG1++Xtn/R7bz/oa3w0SaUBxd+CBwJCyWUXUtZPJlrKloRx
WHSzLt/ug6Tbb+5e7R4AMrtGMYkFPNLnR/L+qrPedpw5fLnSjTMHBuTBc0JqMCPM
e0iSOZEMRbeW3Eye/XtgfxYUpQ85mirrueqSkirEx2ymggchbE31VNdS/6vOPNKK
bTelFTScwSSGOjMqT6UCq9b4w1Th1LDvUmIMwv29xHj/4qe7lztUFF7BlqXDBHUg
1LfsUSLa6tee36ha62lC41BVpdO9fPVe35+wWs+cUFPzm76o0fOlc4/FMdAUy1f3
999V1Uo73hq+LP3Ad2xnteg0IAlYPFL+mB0/7zbPX+/WQmXsLAxy9pH4F6PImHdJ
KykTBHD77WZvS886IMfXE376I/wSWByqaojkKyqNS9nSXV3gKOyZARrIpclV/ggq
3pTeid2P1rl5exWpC1MD3jx//+rhV2FU6cMFNKn3tNU/hp6awblxrZ/YU2Txdnur
lWzHEEdyZNBaUxsiakfiwwrNgJQ2kO3eOpulCt8ncyD1UfUZdzRj4r0MhyhO2JxO
nZuD7BlWBHKMNpfWuWztKgyZ3wAlwnBoS0c0dX0+eWWJHDWnMwfJ5Id7bBPQ6tHd
VaauD9HEsRTAdSLSO2L82X19HzgJ0aP1uXC82UpP6eCXEMjEw4CWmvRflHq2qfQz
XvAEERC8cXpx1AwALBppzpkzrfth72ylH2nkhebZXV2fHL+uqTGDy+KtSIz5qxt+
9+nZLxT3IZEuGCzYilzPIc5F39jChgiLkfHZ9od+OnSLiLGlFas9EIgp66qlSvr6
VKu1jVQxYqPuA/grdOW3f//m5Zs3d+9+nHtFS2pqqOclW6WV+uGDgYZK6tyF34UZ
HUgeAC8swuFbujsnSEu9nNqVZse3KTvdRxvifObCTwYfQW2o0X/jh1WknLaccv2f
U3V8P6/+oulqmbnrh+c/3N0sEliqqjdJ8DUXimycu6+ujEPvwZf/mp/NzjVUfdG7
TVU+nFaJl9k8loItiS5lYi5OPlvNXb0IzODWKIOZLwon8yON+uofYMBDfVXimFUV
+3bh68Ijc17Dj0sEjOLC/0sfl/BdSKBPnT8fVkX1qZn4/69r1Rc9Uj/ZzubSydSF
pn8hCmw6JZI9eJxx6N14NJ3+C685ycGj11W2t2D0pgCt3u7uToUquse50xFQyue8
Zu6YUsM97zqft6LF5TBHzyr8sk05u3te3oyXdFw0EtgSGhoPXzZnl4XKon+mislF
QGq8tnehevzEIbgwS0ZIy/UJZHmzjzh4IMyOJnrrD0L+MtKIs6ERGbpoQZN+wKmp
09D3IWaB6TMiu6OEkyExtLZgpSQPZ0EF5/fWozfPLJLhqJB4URnibYvRKge1n8gY
pzwaNN95lOq0aYAL+1mxfY5prScAxOSXKlsU7ul4GrKcblp0oEl6GDgNoaYteCYF
sJaoM1UtlLTDQZeCTwtB34eM/Bp3VgviQTkY1CONcvYn+xvp6zz22MaNN/qbf3r9
B30Lj8qf30xzzJ9v/4iHt19/8+2NiDXOkOiPmT2QQIADDYF3NrqnanDWRDGy5iys
0mmUKFIPGBt3CJE965QcYthicVhVIjUhCUs5cdh58CaTjLj2VHI1MRjIyLG1jlRh
4KzKLsY+M7PtRFfhobC18O30gul7MrxOneQOsORcj/xK0Uxzqz+pAHMw1uuBoXdI
aRmzR4GgVudSgeecNJhV6gGTtn71+p32VFWUwEgZOkVTHUzcmwPNamOC7bM8UlB8
QlTGsIBZ7gHqUkuEyljUNLbcSrVMTJ9G8KQY1cVQ5etNaDbSAToTH4sXMnql5Xgg
mmhqsFWIOKPdqAC6PXicuDK/RSND0xwXNNwngmjZXOcWe1cqy0hZsdko0mzCQrpD
aUrrLwTKGCtKqVQFUtjaTNoHi8Y0T8vLOxaEOpEGrEoyRmAmOdLcD8iLEzPTrUxm
0rcZvw89RQYCLhhv3JhyyWoVDt7+Rop3M+mjS5r1jOfeFIkLZnToA44gDqDt5IIA
xBVJZNKkMIwksnD9Ig7seD41yqEovHvtabosqAruMCa5TYsBBcODUJUtfKRmoYsV
RPYk5wpFw2evW2rqJz0ViujaD9bhTqOcplUbUlF5JzZJxS2l2tRJL4Sh/kQTKob/
q9z1MubJXD3Peuuz2JtrvyZHwJ7jTIEd499WqhF3LVSvVWeKVoWBprGc5zJKmj4P
kUpTwiAqnvGiaKQTJs42eu5ssIw3sxCYrcpcwVsDZpn/0AK3+vrhFKuk98JrHEC/
UQwYQqkBOHuCxcoxgDVmiItzvwx8n/gl7sgVzkVGE2IROV/b9KjQ4LrBIfcDgOxt
z6+U86AMqDd6A/fSNPJPQ2GQi4HJSyEJJvbU4hOo+jsF1S6n91tCr64+kVSfvS49
tV9YqHDlVEbxmQNU9oyLPdnxuggV9X6nH97dveWvD6kk7mHVlVsk7cxxROtIAUoJ
VA7DfppVkCGoFOCSyDVbNOwjpwzDI67N+Mtk65InNiIND6hmiEDecbowEYJhdnoy
1kExKP4s+flhiJwi43WTe51kIsX2aDP8m7eUZ+iUz+Tn4rpZqTfb3Va/C5LP3Ulh
YXbNELLl1ka4J+O6uZjVppYPcqh5kJtGx+t0gzsyjrBcwS1k1TyLXE2fsdXVWjxY
VSZrtXh+MSd5OoIp3nS0Ehm8h3WBbnJ9szSjZjuLdVfnizszC7jpmjdJXi6cEmTU
JNmQyr3hlIpSWRhauL6wdDmxCDzy+HuhGIZ8mFitpwvEq/mFq+IbQ3gMct0g8clS
3Ld8BDPnVW+++5V88N9t1H8BUEsDBBQAAAAIAOCZVxyaUuyqexAAAJstAAALAAAA
U1RFQUxUSC5PUke9Wv9T3LiS/9nzVzTsJcyAgYHH7mbDkio2gYRKQiggL3eXpaY0
tmash8dy2TLDvN3879fdkm15GNjsXdWlUoAtqdX96Varv7i3u9mDTbgyUqQmgX/u
7QxhvIB3MivwpyhNVeA4TfkoFqALmOGvTBsYS4j0nSxkTPM/X8HZ9fElyCwqFrlR
OgN5n+vCQCGnVSroTRmCmhAllUGsq7EJ8Ve2YeqZyuzAmYG5rtKYyOeFNGYByEKu
YlyKE2AukMq4MkQmkYsQpsRDNpOZKSERd5JISij1bHm9SVQ2LZHuRBcSJZjv4D8n
2nWiSpyup4WYAf4Z6XxRqGliOjjA3i+/HPDuDAJyOCmkTBcQq9IUCt/LOCRyMx2r
icIHlDTSBQoncAgfjAZtElnUe5UgshiqkqaKElKdTek3TiEyLRelEQuca4yIEiRE
ixa6Aj2WC3xYIMapvBMZQjhjJFFNFlMiU0jiLmINAOoFqSPpWO7AuUY8iwIXLkhq
PZmQOkOmn2lamOMaNVapMgtWHPImbmUGiCFvHIuZmEqSAFcTxC2MBFEkcASVmjmx
57qIS4Yoxq0TYViMOXE+VyZBBVt4G7OQEWItAXHLkVyVkxXgvqxLIlNldhKCMtWy
hHlBEG4T2Y2C+MJ5ZDZ2pwL0PINClbeN6nd7vR9QSWkVS/i1NLHSO8kr71VkFrns
vsJZqRp331WZwtdL89Q0Eym96+1uwqmcQywnKlNWEZNCz+Di7QVDqcxGCYkUsSx2
RTrVBYIxgztZlDyXueTFEl5/vrw8Ob8e/fPk8urs03kQDO+H+83o5dVxZ2SvGTl7
M7o6+++TIAheMD/u9fXl5xPW9+nxh6sTf6eAhoKWAE8Ihrz4GMYLI3k24YMzgioj
eVEPUSKKgIYPG7mnqR6LFO5EocQ4lVag0gijokBlJkBBx7qUcGQ3OfTHIp3dyYww
QwqrJog4JiUvDzEbE5XKUSZmEr7uDfcPbjoLeVDnMnuw9vTsw0mwKSa5FQEnjxLE
KJVFfwDbYFTMtkiwyXtlfHHutIoDf0GV0fEe9Hq0pX1Aqn/0AjrswSTX5WHPCoqv
A9ztbAJzuXEnoTQqTWGqDQggXoF5pb0CNYF+w/4A/sBXzVKIRObWzgtl+PDQuZKF
QIiZW6D5RANFpNVBEExKKW/5RQjDNIT9wSG/Rv4QnomRSI6nH66aPRwQ80EwT4jP
Pq/a3h4AvQvyykTQH4ZQL/9GZ26SxXICn8/P/tPyfqpQwSnimqUquwWHahC4536j
SiTxg8xiNekRoYAV0N/Dt99YWZdSxAgYnazIjLdTmU0TX0EMe4GTRjRkEuhHIfLV
61mlk85rbSAwnrmQSZfw9Qbh+AP2EKEQDlBy+HbodJmyJQ2dOjNChF64dRE8h+H9
8B83h05/a9kAxSukqYoMR34+tf9omFxC/xAyeIX08TdBSVqiHTaPYP/Hnw7d09YR
TKWJ+hZZwsMRxMEakS9sBV1ITAcTNlo2lhYUMw7t3xYdxsSMD3vNOa9lximHHniE
WnfOTJS3DhTGIoQyURMTssEjTXiOqN2fvq6BcSz8SnJauYkC8KRTEtwiegR79MC0
HO7feoFMych9Kj/9+OM/HtIZDn1K+z6lF/RAfP1pt6ipPqBA//yF+wc+zQOPzL5T
jj0KhC2wxnr1ieFF29ukcMtqhBT6tRDPgfYdwKtXFjo+RczKq1eOX8vDNj/16jMX
uW1wb2sK76rMgEkKXU0TyKtxobLpTj7N+RKiuEDkeaHzQgkjoZRRIQ3cykXnWjh7
Mzq9/PRxdH78ka6D+nr4cHL+9vqdHTp7E+x1HDzOiEdIaKTivoprwypDujwGvR77
6s3ysEcwBJsqtmdws7YueqCp1rrs7FzQiH1ASbpe3nlwfI8wnn/+8KH2sXshRPsh
nY4QVAi3/EdU06lKWagYvu7/+NON88anyHkHqcb/EgPAx09md/31i7cXF8fX79YH
Vn8lgpgZmuZ4C2H9WbnrUVoPgUiwLi2jE/Lm/oJivF4fa/YYOMQ+1ZsO/fUuTbfI
X0H8TGp+ShPLogjXXwsKsSbL4qkM/sOJQlHkDrzkK45u2LXfM2bHc7nMWu10bVyZ
GQ7F7f0j7QYc6c0lRWSp1rdEjAyOoXQHoB/tgfNlxPMA1o7g5NOpOwz7dBpwBrnQ
317by6acKxORp9p3FyAxctXYbEiB6FiMU4qO73TEGQhEsjA74K6WIKIbcXj/y8FL
erL+u3s17IWEjrvdnFumea9gyH9sbw/4joM++dABC8A6d0vGSO72sObuohqnKuIT
tQ3TQoxB2WDec8keWy/+BluKXSAo+BVe4K+tLcvXI2wRze0j2Bs2rH16H0IiUUGo
M4G/hGF95pbjmY6rtCpDIsTZCYkMUKp/SxvI0tyPF2cuhq0FubW8N1qFzfruskPu
9vI5Y2PiG4xIOoFr7xSJNEXqRnPC4TZxXgL3ueVLz1H5IkFnqPxMSmuaqSgN/HQA
Y2XKeq3Dod+37MDPA9iFFzbGUeyBl0ZQby6Qbvm9ulU5VFkmo0iWoli4G99t4YxG
WZNR9VW+UjUBx0aBjc3I4cHREfj+tl67rHLHk1W8mxOQJ1M3Pv68A91n7oe71vgt
CvLBO5s18qTcsze1MNaZ6yqLR0j9iLMHi8N3soRyqZi4WvMPux30Cbt4PGgQsSGv
m9DQm0Qp5Q2ecHX8YznzxH14gKE+wd+hkO45fi8X5DDBFFVpQoj0jOoPS8f3t+FL
/+nFy157mpet/gnP8l2O5fPVySWpaW2Zh4Ondv27VkbHq6POaIkov6wvUTY9o1M9
l0gmGnS02ZnkvBDzU5oC//fteAjloGM7LlFsDGbpUoP1U7IQ8g7FS3hW/p6th5bS
X1mHOwxPi21JrDaTrj6OXYmCvKmtZUTsVMe6aswklhNRpeb/fPX8FT/f7C3dPSp8
a39OtnUSwkSolHyktpe1MrUZObDcWbQR5JUpVD6ybr7sD+AlXCV1vU6P75SuSnvd
cy0o1hTuIyuU2a09SDnKDrGlLIxCPRezRftejuVCOYW/OVwkM3LO5saNUaRZx452
UvtmxE7EczE8XpRiRAmQ8asBTGuWq4aWjXWqrAmh6V6ZJzqVMJNlSZWwKJERO1Ep
ogRyEd1K81iggwL/b+McL5KQGRXz4s5ejQN44RxAHaN1A40HZsdWVyf5Dw7cY8ft
WWzLQZdXx46LHTp59rgg4faqdHFDfTeXVc7lyk/nJ7x4nOroFtZsOVZRrZYLiG7V
XNoCb6ZBxVLYgqO0pZGJLmYUYyYo0ZxKJ6IwbpmrDzkrC6HUDSWjQZRlRQXG2mTd
IlW6gIPKl1+EC0fIl4T0V0ZHuTBURaQIZLdxp54dNV70AWpfji/Pz87fvoSPVInG
rTPQtnbnEGATReLAByRnc7o3hagBsoF4fW1fJ4Weg5iLBTNp5xBPOsn0iBm1P9nV
1HbIHoTzzRVuzSWnrR9pPDfu95pMnIOETm3Oq/yXuYy4AA4eNP7k78Dmv3Tl0Xls
J64aI36I3bZ7jbPZJBClM0h0LrnGfJshRnXFmRKRWFPK08GYFGDNhFoDHshTTYX7
JTRXgZK3x9IVb9tCKR3KvebCbBBmaPbIDSxVdpcwaiF6N5uFcPG+2eFZzP2YZ3HY
9GZiyVBQFF8ghLlC7OhIAp3v5X26grCDZwnasO/J2M5e3bG9yldJ5yX/FP2Fz1tn
HFJuHnZLB82Nv8JnN/f2Eu6kuScBX4W3Vyt/3B4ZbJ/830Xb32UV0pQ15YWcqPua
6fbG6TC/POI9cFoFW0uS4hbneh423k5wRpzKGSX57PCoIkhCTGUmqUVVe8zM80Vl
ogtDSRe5Ke6hcHKNJOaJihK3hK8bhwOhpEpI1S31xiisECrdad2GW8IBAiW/c9+9
tiEs1y+WbeAvFBVRKELhlstT6/uu7k0x66WmEjlOQpWqycJC0fL+ezan2sVYQllR
RldOqnSnLn108qbAcdnve7poU8W1I3Cutd+K0Y63ScxjTtAGV4XxtKErk1fUN5We
C0Rum1oHYU31T+oztBWbThZEp0bnVBaZCZWR44uFETbVa4MInOhXCvYP/yIMpYpj
InC4CW2sFXYjq+YAd+Plszcnx6sDmOP/zwDGY+OxCIaRewKv70UIPIg8LJqkoC7L
JBTurMEbTiLaS8y4CGkb/lWVBkoqQbSB+3eJ/knnJS743HZQnTCUEoZMMvfKfk+k
KY3HWSE8rExTmhVNePGtLVKfk5BUerJH2AVuMEbuyO2IqVDZg1RCxHGTSFDiaPkb
9JZKyk0k/6BLwZVgr1XBBfU617A1Yr9jZ/9u0xF894OacEvr6mTkKqhNrXqaj2y9
2nWubGlZk2a/tLEoFbUEGEk9fKojURgT1kEwQWJrWRpf9dhPj1NeZ52C7+/EhFw2
Kcr1vxGxNdfsbpi8/nhBDa4iyhdeey2E9V0zy3dL+0HIjlnnhhslx6sErEVrKuHg
lcLbMrSbtboWDfUKvk1LaR4tNbuqusctFdVbVsNmo5rnlQIuycYqaTRDvRtcRLbb
aTr2AuXaTC6CXhN8PXRIn44+vR/A8+ccJu0Nh0vNgLYfvQUldQTi9ZCDKCefmORt
Yd8Tcr7lF/Wbru1DIG1Vn9dvPCs3GMgQfDFqTPe98v2nDKpM3Yd187VJq9RsJmNq
BqWLkPvIs7zQd9waqgplFh2T4lbuE+3aXqfjXpcOWaLl3KBuCRel8a374n23wGz9
0QGC6SJS/Kvv3bO7thnW7WxSUuw6QHVD2nbLluLierjngjWbq8luaPxI7d1e7Zas
LXN1ut/2OvOCSkvMzvcCxmaRXfGgwM5NwqZHaJuS3CV8cej3ALtiduZ3heTLrS7l
03dVbh/l7VPHL0TQHQTlNy6bomAiir69hx8wQhA40yNnTzvy1duW5l0v/f7U74o/
+BYBmaEG7bJ+j7v67bWdea8K03IJ/aUyDFf8t1ZByIU079sHYqn++oG7T4a+C+HO
rFdEJ/7ID7NkqzrIfgOZCdmWvefQ+fLj9csWd+BZXG0PDxrGyx3ibvf4EUFdV4hi
jlTSB0reSeQIyEUbqz8GWQbaaqwLdBMRRd6eJ/ydSuOC7BZWg93PUB7s3Nl40gYf
Sx+gtLVQR8h6XdsmXvoypf0whWJuhMFy1r2jLY/f7fnaeqr/qZJrjI5Iv3UDGnd/
o3nD0lSTCe9DMXtfFNMoxB93TfOcHr7e2CCHRtv6abcQulQtdZ33EDZjF8jgYvq0
IlSeTXNy1lg1ffdH8pQUkvBXfoUUdc5tp/WHP//MSNtv4KB/dfb27Pw69D+lqg+N
zQuph8KdUPqWIBcF4mco6vNLp8Ta2hGQeHTFksjwFX/efB3eUA9jY3vDXR7NIdk7
5Gl2lrrxvXNdV/XH6wqrzT427jZe8lP7fVrbOPCCdjc7crOXvlh7aolwS5pv2FZO
/lbfGsgl+6XmgwC7jmy8U0rngEBR1tKmqo/ds/Y7MFK6RfbxDLtbkdsW9lPNqSvJ
cvKuOjmnF7zVuSc58AZwfk9lHc/2O9+RbZY1N5vx1pbfTsIRu0dpHbXNbzdjF6HZ
3ZarjvDnn5yRPyhIuWKUx0bY6Yc5LrwcA/wkw+UvXlngscCMGywUQJCBMmK2SdVA
MvBzof8BUEsDBBQAAAAIAE5M+xwHganF9BAAAAExAAALAAAAU1RFQUxUSC5SRU+9
Wn9T3DiT/ntSle/QsJcwAx4YeNndbFhSxZtAQm1CKCBv7i6hKI2tGevwWC5LZpjb
zXc/dUuyZc9AsnVXl0oBtqVW99OtVv/Q0yc7m0+fwCZcas4yncK/drdHMF7AO56X
5idTuipxAA36wBYgS5iZX7nUMOYQyzte8gRnfLqE06ujC+B5XC4KLWQO/L6QpYaS
T6uM4RsVgZgQKZFDIquxjsyvfEP7oUJvw6mGuayyBOkXJdd6AYaLQiRmrhkAc2bI
jCtNdFK+iGCKXOQznmsFKbvjSJODkrMuAZ2KfKoM4YksuZFhvm3+1eJdpUKZCXJa
shmYP2NZLEoxTXULDdj97bd9YoCAMExOSs6zBSRC6VKY9zyJiN5MJmIizJORNpal
EZCZb+ZBS5A65aVfTAHLE6gUDmUKMplP8bcZQnQaPpRmCzNYaxanhhLOWsgK5Jgv
zMPCIJ3xO5YbHGcEp1GWBZbolBwZjEkRYNRj6BvaCd+GM2lQLUszc4GCy8kEtRrR
ArnEiYWZI8YiE3ph9WfYY7c8B4MkLZ2wGZtyFMJMR6AbKBGmmJkvRre5k3wuy0RZ
mBKzeMo0STJH5udCp0bRFuPaPHhsAOdgsCsMvapAazALk0qJTpXbUQaYqeQK5iXi
OES6GyVyZgai/dilSpDzHEqhbgMT2Hn65OmTn4y2sirh8LvSiZDb6avwXawXBe+8
M+MyMaaX4etJnOusO1RMc5a5oTubcMLnkPCJyIVVy6SUMzh/e064Cr2hIOUs4eUO
y6ayNMDM4I6XisY6dmk6h9efLi6Oz65u/nV8cXn68azXG92P9prPF5dHrU+7zafT
NzeXp/953Ov1Xjiu3Ieri0/HZAMnR+8vj9vr9fBjL6BCY3ojR+EIxgvN3RSEzIzq
VTmKb/QTp6zs4YCDAIZpJscsgztWCjbOuJdPaaZF3BO57hnJx1JxOLSLHbQ+xjK/
4zmiaIisHMGSBE1g6RtxMxEZv8nZjMOX3dHe/nV7Kn2VBc+XZ5+cvj/ubbJJ4WUx
429Sg1rGy/4AhqBFQvaKQPJ7odty3UmR9MIpVY6OYIBDcGX7SLT/fPqkh76hNymk
Mm+s2PSpZ9Y9ncCcb9xxUFpkGUylBgbIOBDjdtWemEC/lmYAf9LLejrELHfz56XQ
tN1wJ/KSGdyJd7AzkI4Rmij0er2J4vyW3kQwyiLYGxzY94ZVg9lEc0OSJhysHD8a
WDl6vXmKLPdp4nA4AHrZKyodQ38UQU3im91skzzhE/h0dvrvTo4TkbMsM4jnmchv
oca713Nv+rWqkdBPPE/wTLL0eqSg/i5++eb0ecFZYpDETRnr8TDj+TRt65CUUpph
N/hRp9CPI8MmjrDWQcbRaAshC4wLN4KCL9cGpz9h12AXwb5BBL4deIVnZHgjr/Pc
YoXv3NwYnsPofvSP64NayWv5AIUuua7K3Hz89cT+syPQvfQPIIdXZiHzG5EmTeJS
m4ew9/MvB/5x6xCmXMd9h7wFytE13wOoPpPNtLHSHbDI4Mm4GrT0OLJ/e9gIKz02
pGuf4YEwow5auFo82+NmTN16tAiiCFQqJjpy28XQhucG0fuT1w1ijp3fUXiHBtIB
GndCcFi4D2GXnoikV8w3tJ4Md0lI6peff/7HCmKjUYvcXovcC3pCFv9yK9W0l+ng
v9bsvf0W6f2Q2F6jP7uhEHmwejXv3NajqcMhmobjPDaE+l6o54AMDODVK4up3Y7E
1KtXnnvLzdA+4gu3nl8NufBW867KNei0lNU0haIalyKfbhfTgs5ADFJYUZSyKAXT
HBSPS67hli8659Hpm5uTi48fbs6OPtAx5M+l98dnb6/e2W+nb/DE6nj2PLkx1G5E
0heJN0MV4ZlFpkinwyb6W8SltykSt5c3a2PEJxxfG6OdUzD6ap+MXJ3jxZ0c5oNB
9+zT+/e1S9+NIN6LcG9FICK4pT/imlSleCkS+LL38y/Xtfc/MXK0wAv8PTICtIl5
ftdfP397fn509W594LSrDLS5xnGOxwjWn6mdgNh6BEjDatoyPMHzI5xRjtcD90Ae
yHy1/juYAv31NmE/sTWJ+Jp4vpROeFlG668ZxoKTrqQih39zMmHEuw0v6ZzFs37t
a265Ch27Y9G7dhsG55rSB3v0cbsIhaVzjtFjJuUtEkSTdMi63dKPd8E5SGR9AGuH
cPzxxO+cPdw6Zgj653++9qecmgsdo+fbq49g5OeyNu4Io+cxG2cY1N/JmNIniHmp
t6E+0Hoxnsqj+9/2X9KjPSbaB9FuhFjVp6vz+zjyFYzoj+FwYM9Y6KNvHpAsZAz1
rLGheXvQ8HlejTMR0yYcwrRkYxA2G2k5/IDBF3+PQUFOFQT8Di/Mr60tx+GDDCLh
4SHsjgImP/4RQcqN7ow6mfnFNKm6sLzPZFJllYqQmM20EAEAJf6b2ygcB384P3UB
eCPTrZWi1jhs1qel/ebOyzaHZG10ZCJdJ713cDHLMrOElpQ/1Ss5D2MWu7XnrKf0
mYPMswXknFv7zZjS8Ms+jIVWzXyHSr9v2YJfB7ADL1wEJsindz4ZdbpsIGT88lYU
UOU5j2OuWLlwUUe9jjMqYU1K1LHEaoX1XOzWs0EkOk44PITQf9fzu9bgmLM24Qf1
0BmK61Andhk6N/1Pf37aL0aq98GW9vpAvZ++aSSzR4Ss8uTGLHJIGZEH5keZMzKK
BPlbC92E+xoS94lFL0DIxutuTEN0EmeYCIWy+ojMsdgSf8XWB7/3f1BVXRfwB1+g
AwZdVkpHEMsZ1l+Wdv4/Ry9bj+gIAlewvE8ec1A/7J8+XR5foB7XlvnZ/x4Df9sm
cWu2VR53CdNbf2yTpWqZyTk3hOLAVu0frXG1QyO+lC7N/74dEYEatM3M5ceNbXUO
UFg/QUtCJ1O+hGfqa74eWVo/YkRuD30HBEfnAWvqKurIFXDQR9tKT0yueiyrwJYS
PmFVpv9PDrkfYOxbHSJ0tpkNGj6lQ5lGMGEiQ+8rbawgdGNtDkS/n32ce6lLUdzY
40T1B/ASLlNf6JTjOyErZUMOqp4lErMWwxYms2srcijVIrecb9pQ1AWU8V6YTPpI
U+AfFNaiwTn/de2/YlRcx7h2WPPqhpxS6LVoQKnYDSZ3ulUqIXKzQjTkXPxV5XXg
j8fYPJUZhxlXCmuJccpj8tCcxSkULL7l+uHgywDwv4q9gpiG51gWTTpL1j7kRe1D
fAjZDXuWbJRMtC5+LO/Vh3bqs8TW0S4ujxw327hp3SYztMNj2ocwPjpQVUFV4I9n
x0RgnMn4FtZsnVtgGZyqsn7anNvieS5BJJzZMi63FaSJLGcYC6dGsDlWmBjWlO08
V1ZzhhiBkjUpLYEpVWHZ1tu1nyWUi3ywLPyZubgIvVGEf+XoA0pNtVmMhHYC7xzY
WOOUlwD8fHRxdnr29iV8wFq/WT8HaeugDggyYLMA0EYqyNDudck8Ti51qOOFq7SU
c2BztiBW7SjLmExzeUMM25/WU3kjJfdD2fQq51hn34EXCo4Ds/Br3AcUprRqnEGj
RRU8plYDtIAKh/8IUv8hq4DUQ4tRed6gaZAcutdmNJmJwewUUllwKubf5gYvX9rH
JCqRmLK1EEd1WMvBVkwL8qnEPkkH2QfAKZrN68rjYf0Zt+5ufSYHgBNIu+g1OtXz
LloNWO9mswjO/6iXeZZQL+xZEtV9sYQTKJhwlAbMQhgUcdcCOoHuQksC0SlBkoSB
6KOxpgsQEhsyrBYzqHNgPBo9b1x5hMWHqF0naSKLFS6/iQ6WFIH6/I4GVisg6E88
YqqEfrjG34U/XOYB6DHnK0o+EfcN883Z1Rai+yl4oKwQtpZENuucyXlU+0hGmX7G
Z1jHIDeJ1VMUZspzji3D2tHmgfdSqSw15ozo2KifRVUDQ2Oeijj1c+jIcoggXkJB
Jm6xXYmBCxPZduNe/BwKPzCbn4duOQymqVDTNYzvqS3GWAdDPJdx+1PTtwuJfyWx
BWEGGQWLycIC0vD/NZ9jgWbMQVWYjKpJlW3XNZ5OptdznPb7gVqaVHftELw/7jey
NAOCbOshl2lDuFIHepGVLipsa/PAYRqW63IOgo41YmzrBPWpbraGO0oWWP2ZMZGj
q0yYZjZDDeISM7JVANk7+G4EjJXYlJnvddjkTbMdvDW7vBu1n745PnooODr6/w+O
AnYeiY4IzUcx/GHQoIVaC50mVanLUClGVGvwhtKb5kzULgobwn9VSoPCGkuYRPwY
Eh9locycT03v2wmGKWxEVIuwEPpYChU4qRVQwOoUKpjURC/f2gX+M5QZK29237tI
EcaGU3RYbMpEviLBYUlSpzeY7lpeKc3plOKDtGK5F0TV87AhRL2JOgVylfVWY9U+
BIkSvv1JTKjVeHl846rNTaV/Wty4ar/vJ7qqvETVf27CYazvMdAc72dgJQ3DpshH
4giSLelJ88pQQKc/zmii9Suh32QT9P+oRXexwYC4Vt9hqHm9+nBO7cYyLhZB7zOC
9R09K3aUvfizrddtN5Qy/JWieiHrTgIErYSDoIDvxj1QxQc/iQ5rxfXDRfren4SB
mU7tBzTWQyNIho0Hv8iBHeK6HDgEnj+H+vuXeiYMYZdqcBtfv24MBhiDxkzXA6P1
r1/DBoZrigSArT9TDVhRyIBDbSXIXXytdQRWgk06K1SnM414+uaiyyTWGB16rRVG
+wOUGIPC3dGo29JprjVsgcK+TrIeUczYSMomRdOcCcSdb7UbM023f1mltjNDJDae
qQ1SaQQtcbx299otmI85VLm4j3y/vk45xWzGE2z5ZYuIriHMilLeUQOwKoVedCzd
XgB4tMVvvof3OJpaLom3lCzV9wlKpcPtd/5HtyVg/em+gdiF5eavfhBO7PgmaLvt
jZUE1+WrbzXYNmknSai/O5YutU1peTdNeKB54gIZS9uWFrsXKexxHQTWnqSdFITN
zUw3a0WPhPrFdbvYNqqpYfwiEDJeErs1oys0nd++J4MX/urVRLCaj96Iqts1otXL
rquzKSv7LuZYZsiCUlspnmC4NoUaYZPF3cy4P2nfrli69WIYo05+1wKOOhbQkDxo
17kapqHfLXRRC2drNbSukBlct0Hmmgs31HXUeD+JOvhBMwRZxZPFSbry1kHr0oGl
Zu+ABOcUHfOOSNdA90MD9VazdMNg+UZB577BI5K7RiCGXRnH+3TBTqZosA64HrqS
1FWBVWhHBXV8GLfXPqaLU7VT80tZHXduRS3z0GFhEoRh3QtRQbXa07OO3d0sWLor
1VyVwmTFYGPZbIcmnuG/41dbZe/wip3rod+gETSXFwwfbyQtrXQ1mbgVMenps3Ia
R+bHXXARAx+/XLu4Dwe0Kt2dcnW3qu3uckSwmfjIzpDA+zyRcBiWnC42rK9HeDEh
wiuglEa0vsztF1nZyy9uD1GmXO8ivBSLsCiM6ugKbMlZUxCxA/ujX3912rM3Q6F/
efr29OwqCq8RNlvV5urYbKNuO95vKVhp9KExoG7XxlGytUNAjDBAQODgi/l5/WV0
jc2tjeFGfc7V+3L3gAbaceK6dX74wnk4oCmh2wRw427jpX1sLmsGzaRWruRmxH5G
5wbnd6YxP62+1vnQhG/BKWfYtp4yuKZiCdCuavVUKL5x2m9qCg8HC/ZOJNqTRf2R
gki70jpk9q7z1JXfqdwi2tWBMDRuqgR4ytTqsJ+wQBfstM61yk1Vc7WZbG2FnUjz
ya2l3GHiShKbiQ9D/brd4jL89ZetpSxVGV2FMWAoajVVPTdBrgdhsudXbVV1Hoo/
qRGHIRGaM4Foe5w1QoOl7PR/AFBLAwQUAAAACABSVvscfsZPB+sjAAD8OgAADwAA
AERPUy9TVEVBTFRILkVYRe17fVwTV9roycxkJiQEUAG/QxTBVZS2sqXbIkj9GHTb
0lTbYPzAoqLSKniTGdBdxHDTLYYjbr9uW9+3765du93Wn69r96XbaN9fjdCSrb22
olurbltdcduJQ5WiJQghc58zkwBWu7e/e/+4v/u7dzTJ+XzOc57nOc/XGR5aFkYW
pENWtAopyle0G2lPAXx0qN/2hBP9k0eH/v/zf/dzOIXO9qY2Uc13Hp+EsymELTPQ
rnN7n0M72WeQ17ITebPfQFK97v2CRoQD+MwhZXu4+0BH2bzMn+nFHvdxd+isN6ER
HdKhUx2eVoOno9dr2YV2nsu6jAv8bL2CKBd3BFFeUgnEm50/oQuWss7JbzGnrhbl
XXWO9UAHEjgPtCIx4QhKyrtaw+EBmQ5+rsPn6XNeyx5A4zX06jMo68wuf/PPS45P
WnXq675dJ/HX/Tn+7F1sE3XkAHco3pz1SfjaPk/BdDa5ushd8ByinYU1nLvgeWRx
3uPTLX2XQscnOac3r8eW6SyUrM0L39WRptGFe99ACwH0IqgYyUgEzS46uFzXjI6P
86a+iLwJLyOjX4j3FaJd/nc3o8w2Tpfzjbr2e69wsLx0Aim5O+DzNHyeQhJKsEnh
RHWAveS9A+qQf0erSlvtJWpjjh93HboDZVKM+6+IvxiaucIsxB0aiw7fgaTPyTjc
2fxgI08dn3QoAR1eiIKfIosP3X18ktciAGeqkY9RK1ug8gvk06uVWqjUIR+rVtxQ
+a/IhzJ2Htt17vAe3fFJaa0AIuODVAF2l2bxMVDcohX1UKzViiwU3aTYWh95hROY
WZdkqlnBn+Ev884L6ZnuOYowRu1hM+9br5OZzJ+t19WwmY3rdfiUp5WVz+Z9JozH
52AgIZLCClymsori5LcylRL42dfaXKgyovWQBR22o+xdliZKuqz4aGSTziUQhfIY
7vR0MnZPwUGEhF94Cg4YkPCkj0K2HL/NpuQeMEhfTfa8b1BLhekOrz3i5cPQN9gd
IN1yJrYcMCjctpHkF9cYlSLjQbSDaUZyPBl1ENY7melwYD6M7RFPZVjnKY0gU4v4
F99Bg0369QiHTwdDfpbgKMX/WNmqIsXaS3AdG+AjCAX4MEK4lPF00O0duOFPyMv3
eer6kGg4rGz3KYo8T87J+fBdpAPgsITEJWl4KubaeLzSqCwwNnKAir5E4tMdu3V8
eIQ9ohSrILYHtDnyu6uGljaSpY3165gw8tQZUE2ak6uvY5HOlRpDR4GvPh189SIk
F8IgXc1kJ+uBQa5xgygrMIYiYwzIU8zo5DGkR1E3A41jCAiG9FCKfltiFE+e2UFQ
NZZAySb9JsPhkIuw3YB5Np0Pp9sjjcW90kazl+95yxDdbKlZ26ynstcwHFDPIKAe
m/RYBiF+H2za5N/+x8Gt1neO1NtLchTfYaD+1ckOLx8x+YX5SnVEemW6A3eZeoQU
XBpxb1FWiPG+FmQjPVOnOxzw63sf2ZqevtJvk76Y5nmf9Z2MVdOtsFavSRETfX9H
Nt+nADop1pTiuwRNRr1NmgBNKtPnxTuCpynYScZ/Er4Cll6+65AevZtmyMZcHt8l
GDyt1MVrQQ+Vraw3lijVYemLAQfg2iuPuZXDayc5lOJeT10v2n4xWEepww9owwN8
D3DrNnPuhDl8j6eux1B7EchovHVEwiTHW4ZTF7z89Vv7uq0OHX8dl7KYv+7l4EvP
oXcNaHeofxrfO7yq71WAcbdD4I9WQJogAEh76oxInKnhaoGhxthQMvBpqwPOAV0K
zI1h/LlcHOCvEFkkM7JuBb44Nqdx9J9RXough+EIxaZ/4qm7ggRTifTJeMKPoKi7
HYIJ1mFU/Ynu1gHfpP0QQ06lDZv6Dbp1wJ/Uqeq2t2ibmHnroCYyqFup7pYmmR1N
L17pw6U99DmVCpjvyeN7az8C6VNbz7RxSKk2kCoI9VSHA0R6oqdgHyi4UWqjb6xO
k8GXJ4LgBg2KPPUHRSMlzTG0xAU5W5Wn0v4fFL9/WIZ2K99msx9YYGY4X1EEOmgc
KJEc4xw5/uCOiHYkX0Avo4OoGQzJXP1/0QdYiguwqkYaQzQS08bLqI2/jIIMjfmI
el7CcHDynwIG5r+GRDo4ggq+SGQ+Ih3uAxztfYSy6taTleo+pbrXNy2691cmgN52
111Gwhzf/GjbjgmgblJuRTrJAsqjF9v74HCA5u5DppPbz4qMyV9zKriV8hTsB/h6
X4NO9t06968TiVbx1EUoIYXYFaI5RlLaemMIDhrprd+X9FcmOprsV4a4rArrOaIx
wPQ08Z3wuWKT7usHCMBfQprbSGVJbHEdLK7TFn8guvi/jid27ZYpU8gU6db2+IkO
bJdACVykT3jtUiMvNyOTH3Tcr6LwHhgPxMvCvDR43m2Y7xysLMs7IZh9l6KDLTAY
iBkvL1TYPmbbpO/v/jcTHNjC6BWW0atqfKKvj7F9f9DWCQ6b9Ms0FZLKFtWgHRBZ
In41r4Ok6ILnkCoN+3tvLw130Bo+u8YRK/7g7ZEZ8WOQ6RwPyFyx/BAy8mJtYbPv
geiS48c5HCpuSYO4yRNvpfsL42+G+EUU4qe3O13rxxN+a6fr8/Awi55qL/FVw8LE
29iTDpaHFA6BP8NfzlHkFBwosvncNDDssp70mNKJRWOQNuFACtEhot6jrK391OeJ
gpk91uHYe8CgukziONLka4hurXAsmQ7CLq3TOwLsQfCztENCB5/UgSkfsgjxaHfU
VQEvCYgB2sX3FMyrCQE/buNTUcN8Ksom1U10OAD/mdGRKUMjQeM36tTBiWSwWrVJ
xTC+yKMYaj++DWzdMNgwdvJE4jKwGUgBoZfA8kWnjBqa0shfV+eYyRyo2KRvQIPc
ikwjz05RhpBRqzbp6AR1gUFi4F65SEm4zNQmYMt1RmGvMypbDb7L4Ak1jXX8SBSe
IGADD4Of8yfwtxTibymK6qq6xzj0wImTyGvvBh9jGMlfA5IzPaoyirmb8p0eHtxU
ewT9mEW/g/P8g7i3jyG4g1SK+0F3gQ1TqtXFJTxaXbKPOIW9ZN2eMQjYuUTz7NL5
3nR7X2Nxj/RLGuZ7KnsMxOkDD6lXqqC1E/NjcHOMV5nO1L4x3G9PJGvLU9QTPyJ2
vMlkgreZnHB18oTxUYYm1iYNW4SsoAUF10fHNtes1sdD3X7Fy3cOX+x3qT8ySPj3
cUQmOrH9iqeyEw79FTVIUGHcMQqOEpw1pJ6+FdrBQmjYIU+A4E8HttNNFpYMoItI
WXUy+0GYfXOgkKh3+J4FJUwOpzMJNPbSAN+tQ3I+bmu/AD4cfQan0aXdjdzL+WVI
mJC/BgmJ+dVIoMB7Z/fBQZaTAux+8msAbMgveFLdN0+GaEw8yOdVM0LSsA73nJnC
86AtEBJNqlhk9DqCL2qKQVwIo8E5/peoAlGSo85xps4xBGJOgL9+gJNHNOpftknj
GPDqrhPTeL3InY/Ey1ADx0cDNxYI4DvAgY2MwAf8/5HXNTuZAAKvNkjgHshjB2Er
9/hao2t7kkF5DVG14AJtFfWAjAxCdoHEXzzjbTgYr7AX6By/OqZ53iw/tjMQz8cB
MG9ijl+G7Vl10c6DEJYxuJhkARitSw9dpM+Oqw2mHtEiJygJF2gNvPLSwXiyKBJl
aUaXknqJkd7uku7uIrGVOApGG5TUrxglVWKUakZa0OUoXdnCkjBWFTZoel1R1416
CqTlBWghBNFapF8praSolrcqKo53Q7R1fNLzO1s0lDOgavnADhinrWxdnrDEfSPJ
lYTPnZJOXe456z6adKrD1PqRO5j0XM7JU9JH2kYYU09tiieytI5+rwR5c5exjU+t
YF/GXbI59KUnkr49GGCXsYrizX0BQcQKSFMoOtEu/aeC22ItPjQflPXxSc9luFFU
rifbS1iIRy0cLjV4+qfULHX3U84lmI/HxQmmD7eNcANpBFObfmZR6GzojOcsaqr+
siPx2ayToWvPhq7tSOY74uRvSQ2KYMe+ayr+MnSW/jhc3MjMMLoY5j6Zpnhm38Wr
B9E+iF+MKvNb4qNEVapZIKLPiGxwQA+WgYJVVrYwpBPwbO+o/8MMVhlontvIE5uD
i0FDEU5TMojSpcjulTE+QzMwj36vKx6gmU6CSP2ZlSncYrNLG1kH+A7PQBTKQu0v
ROO0xbjq6YSUDq6G/TN2QMaTr8BMCsk0sFCnx7DIbxTcReTcLrkGVF//M9ym7YBB
9hef+5VfoEIdHfpnQ1/RR18MddCnS1tjuIcaZrAUElifHtnkkc1zbt4ACGp6ZGXr
YT3KS53OurLwufaOAMyAVMQ5SKh1tDVcYRTccuqC/jIDwtHhbehl5pKhzk/3XGHg
iN4ZIW4DW5/ZySgDPkTZQmwngyhBPU2Uph9VTbAf/AXDngiZEx6IzgkPzglrc6ih
OaCcpS1kzjBBVyW9IgKNKsnhyHn6CK0gOzKusaUZ4TM9DR00I8SRit6KZIYUtLGp
djZ0Es516MReO4ujh+B+7UhHj+zYgZWtjW0ShRpb/pr09AUoPH2BeWZqcuHUfVoi
4UVkL1EDywD45vB1GUwoX3JIUWb5uw+E2hetas3doS+KFHeKdyx5ZDHb9PQTSlYv
+baBE2hQ7EbiYcE0nQZAV3el6b0nFG6ZY3krGyZFb10Yw/9qdj/kBkfOzhBGRAFu
vyLtV+Rg8FPaW921Hzq+hqE5H3qLu73FkR3F34FtJV5AD1BCt3/WJXwCn3HLVnf/
465Rjb/9kPX0j66mgztA9WQrf1gyNlhHuwdQTa+nOKKTT5DiN1Ck5A9I8aK77rss
gd5h/05+27Mucl5moM/6tl7+A+l9KMRHKCROgzbD2zr5+WAODWKbi/UenqHcA5Rr
pMm/lYUTCvDAdr9NB6sU9wAjfgZZgcgHwdWk4jr2NgPRTvAx5bkZd74Mk2rGvk01
8L0mf2076OoT7RfaL9AtOr43mKPO/dcGvgdk/u3hfT3B0QqskRQsV+qLI0gHmF4N
OpR3DLLxHSN8kv4jSJ1r479DO+z9OSd3gEehYiknvWNsg6wWtGoNu4uKvNUsbCoJ
wrtcnALVOqap7l3glBlOcBzJV4hccEMEFmMW20oaAy+D09BnWyIV9ady2N5jOrmN
Dnaj4ABZCUA11R2GI5ar3DNvnreUAcBWJCTl4tFqNZWT/m3g4H37Urll0gsDuW16
CHXB518X6W8qPpx1o+ETAJjXvp3C7cHfIgA2iCahbioHeM26lOvVQ2o82DLUry4i
mnNxPhlm4UyKbMp9n1SYnX5TQNRbuCMtrPTYQF5xTzWNi3uCvxqaDFXQr/QhFpU8
0lT67pLFcNbSQdVA8P0m0glxPkjs8YxR5uDb4GPBXnczKiawKuRRx2B7r+lk3Qgp
FM50588UdYuy2uvAcesmNcHUyH8Hkpz8cOYOvaeuG9UZo8spxd3SB2EcItJe2gu6
CZbM14Pxa1zX7w5XiWYyerte81vGu8NbBL07vFQcAVwofOABT2U3tY10IkQXd2sS
GS+zB61SXfiBvLPbe6CpEMzFwTulTeFGvl9aDynZbkBzataxrHOZjczsmYJhtlVg
ZmeJXOZ+aWF40QMNxzo4GJ8fvngDiiOzzmbuj509WrozfLHL9Le6OPwRrDEOhgSX
hb2qwtZobxqkvcxFKe+zoel8J81fyfTqNfHiiooyA3qEguPhhHfBzg9mSB/3w0kX
e911nbZttPRhP+ch2QpVo0H644qm4w3o3ZTfp3SlHEyxpGalVqRuThVTz6b8JrU2
1Z36VGpv6u9HLxy9YfTXY9LHkn8fpbSnEHtEkilg16R3UiDJWUhMXIn0cAL4PThA
g/HQtCLP4L/WX0ZUXouL2/sKAj0YF2BfQAZivwdH2FmafYXEFPgvcCSS6o8iymnM
++8utgGavz+BqOjXFEds8u7FNukdxQH1w9M5mT58Bwdpz2jG/tBUdPinXHPh8UnB
uZKqzw3N8yFwUk2UEfRyvOoQMbhFZol+3hpaCbcd+DpewXpkxpmQZynlBL00Fyyl
RJMrjnstKzghHddQPYxOYL25pZxszcuFNjP+UnoU4SJqLzRBJce/dwUH5b2Pc0uk
nsjyViUxj8wdA3Mx84ZOTKQ5L4Pn0P1ekcJfAvxZiNSw/g2doGvVcThEd3lXUPg8
3s7CNUaCt+BxDtcwXpHx1rKtAfZxDqFWnPs4B9nlJFzLelew3pWMdzvrrWFavZbH
Oe8qxruK1bYznwXttlivR87cjIiSb0Aumpy6ghUcEtIwDDb9DXZw6l7ONQ6vYvPO
id9J65A8SWpE8gRpApJHA9tG4S5Pm+Hee1xB6UlF4XCrniEUUa2mlBtZvjxDh4S4
nJPAjp9Abakt529LbNJEKJJMQjI+44X9e4GgSwu9nKeVwa2ty3P8rdqwngFtWCo+
82op5y2ibh64FAZO4/A1+h4coXsLvQxQBujmaWNwG1w7LbE9YpNSlOX4DGwzzcKF
cS+ujuB46Ld7gvr24LXfQ0JDmhJZDml4kM9W3OJpMeS119yN2wmLxUQvp3B0KyDy
ACAiW3A/3etdSWWdmDYa+NDtraXmelPwR/i8dE8EnwWcgKyq+wNXCmByhXuAfjNB
YnDiInzC06L3XIx4+gwu+rAB5R1zxtfoYYpskBrgzEkPK7hVNtuk8ojMLpGeGcjx
L18JdFQyXwCO/ppdx/2a3QCfJ7jsnZYzE7y5GzlvQSUX3gVXm++50axLmfsLd37Q
cPp5nNuIeB4UtXZvOGIXuxPhyFvbiafQUen+drsNH6VbC4HfOJzV61yBv2bTUrlH
Fl17bZZ/364vGrobzuJWfGKeNBbVcM5CaSSquQEayzDbDForTpRm+eVLsDVu7j7Q
H7p5T1+Y5b/RkbJ/0YzJQiIzefYKkXPPnixS+xeZelqDly456GNwMQYIW1Zz8+i/
gdB1ZsnOr/A/vNlruY4EbzXyfEDlgi660Cd05fi9PFKHY9gfhv0puU/AZwP36mpu
71Po1bXcXriVzFzHgfjCTe0j0j0D5OrDL0y2WLhdcMOb0xO+9loa7mWV3F0I/Crg
Pbd3MwdGlQ6WXMrxg8sE8ZwQ750D1x7dB8jFL1wrrCp9dTO3dwdqtRHvyQJMzMbZ
TdSuL3Dn+6Uj4QJwtcC9olgYs5yDc3/J4bZ8kOmfwAnTeyKKaFCDSakbYuZfAq+a
eHIJAx8TpERPg1gBG9OIq7X0k1vB49ya24PbTcDVxMAlw4f5UeC23h7czwm4rTFw
2+Fj+N8B1//tcHB1Pw5crhgFNvNmYAcIMBGAJSi5yOxLh6bT30ZzfMppxxBEYlxy
ehqfqocsSh7PgH5uk+N4T4StldWor3UopGHgdnOPwL0MjDcF2Ei8ztoG97c6u3RY
ceATJKEST6zHKGI9gn9EJPrADSIH6oAUvUdEzhOhxLv2uFQQySpSs751eFMp815k
bmNdnA4u3IwxjOU1Cb5daTb5uidiEMck+LosagCcSLaR4JuTRrgnz/FETOLMPU4V
5L0kLJLOdwFI1ryXMSf45lpsatu5LpjUxjo5nZzsiTBiYoLvVegiDtAR0gX+0bC0
DKWa2xLpYgSMLdmXGv88ir8c3BCh+FzI0iMxAwfyISIz56ciSK2Ta+qcLsfxdB/9
4PFJKiemdDnk0WRqoIHwo/GpBqA0hBD2CGRC/YOrRiP/DASx5AkIhIRxIV4N9UIt
OrCaMVuuH7LlxYbmecS+qkEP/SyxqRldsVBKjeri1A0mdcmJQ5HgYjCumj1vLlDD
dmd8rEuLm/5+NUoFBgx+HgtgWAJGXj4YgMYCwgdjkb+zoKfFLd7t083N+RC3Qz17
MeSrohVIFUPCeJnDORbuiKBvZJ494oyr0efxYQhZ39EW3Xg1SgaV8u8pyr3bEsRV
nm2QJpjgyUfb4kokOyJx5gOhBRQD3hfIueQPOdzbGFRralxAAlE9SGFXYAEFAd0C
2A1xztoWMIpnWzzcHqjxphgvTe6Ce304GwviISiOOU7qoiB6eqkSyetgac1nK4WV
a6fBgpAuN+IAmPR7FxhFngAerP0MLzB4FxjlO+VsvICl9YW4a9rdNq3RpuFVFw8C
ltcmmAESouAy4CEqSf4tYf2QuKlZXAzvprx3mZFHhuZTNBIMdmm1And5EU9bkpoe
Fr++VUyrtQQw/pJvTGw8OtsJLxjo0BFgjtV9o0bUH6Zo2eC+USaaD1NxMNKNjkBU
TqSpojGed9/IEhLd4DanuW8I4JPfWC2mQJtINcZ7LoY9xxgyQ3eERtANEf4xVChP
JINI0S0nvvoo5Nr9phO45U3kFmjPJ4UB9isG3UVSaqOJ28dH4HY5oLm9bOzFDVxt
BO9Vy/OFbdJPFe98CoyN1V3LoG1TIbcN00zwKgHE2NI7NJBux3zG6N9mbpvPKIH5
lCqm9zfOJ5St/4ZkT/T1DwJd1cwDdN+crLBLVJyWR+Ts0m8HHHJLYL7K+agrbgd6
k4VrR706nYUUiZoZOQ0Ez2up+VrtILSiYDwhufSJgk8AH0ibeTEcV9gIUUlTogm8
CVk2rbGJh4Tv7qsx4apmPLPRNiN+lKWT5+I+2YSZ3TktWS0Q2PcCzoVInIEfNJIx
E+W4Rfise45R1BXhlp/DWl1yEj57/00thKSxbJymlo12YrQJLYjcQupcJyYBuDqT
XapVdk/j2bF2Q/1aalUkwMDm5xu8841qDqOa1QjZ0QlEItkXo6btAAg1TEAJ0xht
5Jwr0Tdq1FwNcSMnErzNdmmUEn1PRYZVWbJqeCzcCqgXA6rM2kuOJCMi36PwfCoD
0fmIFvV2CPIcgwL+1arSaPaN0XhJS3+BJVgNZZuGwlgWhMILd7l1Bs9a6jzwwgIo
iAkE6vaI2YpAoCDXDTv1PEglfS91qUDykkGO0liWD5KgIkvs1UuIEMysxOMVRmU+
3M8FPaSl9lFAJEknPgQ/oPN5kDU38tSCXoq3S0sUIPlx2S9/GMN2nEJ0vs9gjuK6
SQ+4wsbSterrfQ5iOViCmOwdjnDwF4q7wGA2i5wqEMIBsrU9BnMzAlTVlFux4hhu
nUhiQBh3EDVmgPsVVhNWggkXgFsGeaeIaAKyTPdALI3rIjgfhl5t1EPsHrzvghgE
Abs3X7wIm7/2esNH4tmi6BnVpBWStpBHgHC42NAeDF/7vUv3GhiCWIhZzDTPHpZu
bA4OZVazPsw6ScK/KLWJ2Gh5UEOoDflFQ1RddEUtXd4N8kpCBPp0wpb0AkjjBd50
60RONZorgmBcFTHdU7CMpQSjAtlpaWEQXsYIBdxIIOePpFNhuhwPABjhHgjQbfLn
obYuJIwF6ORUgvMPXizkc95G8DrIDYc8Uj2cESlX69gYfAXZCSb/htR3ffy1y2Ba
iTT3W4JY+E1YyFL/MbLCAm7BkqEg4JSaki+R0ogPIhuhhxLAT4hEICcAfB2nbiZZ
xSJBzdgT8It7iQwotXdALw0nFCWRw4VP119Uek0nFmtTtS0h3TJQp+fBWXppBjuM
K8B0uJMoZkNHITcCd6qhowwSqYMIDP1bXZOLWePR5nxgyTjiasEFqOIzIzeEXwAH
zDXoU8KqOCnGYmCKEm+HGwNiNGHvQ0aQhcbfGc2Qs952n6LXbqp3cJoFpIPfQfhj
NBsFI/kxw9XwJSDskV6HGgicUb2+z1DwEwTjn4E0G/wAtpq566h/iIK0HrHnC8Cq
CmDPn1YnHgOrGTrjja61x2geWu7p6HKcupy4pURaQqYIVfJ/k58kphUyiGdUf8Qg
jIq9AKiZ3FESeVWEzBbTABwo2DHqudzFRQdcIecSjmK03WiOtp+OtgtGzVjTwTkK
INWMovKvvkcAPP044nDc5CwC2YkwE9SFafK4EghXFd4Al3I26XcwVlWr8NrMY+Qy
XSkmKuHz4AKdhhsdPI8IaaDwMgJ65PGs6+EolR4PESp98M+3O+Vr8mIIufUwaA2J
ZBsAxkkHLyC5Ifg3hPU0z9aOB6iiERiVtYD16uX4EgkR+MDK1Yo2H0yAFOonHjGZ
AHzhWd0CY/Bf0D/H4HdffQ+DJkbDwFUW5BR5hcr5fPkOeN0vWWM1eC6EQNrLg4mD
9IKjP6CRiw5+HBkkVkAeOxx6Fh2FTgffjMScoiEXoyTmuRpVBzjxH8E/IMwbCsFR
d5pvcmOBJTuRZgkJW1/6ipgWSDd+b2ShqCenaDUujsDhAQ0ZwV+G988eJ8yECF6/
7+J1ecLFLnYJkaUmfkCVkAcJqOUcJCwH9uX1i5S8W7aqA0Jnx/ttj5Ahm/5BXplQ
r6R+TdBZntX/0pAiJoa9mM3LhW3oYRsQJbfXX0R+3JJ3VJxS34f8gkUNSGCq+ns0
Q5ljalEP/FHQs7KmSEddKh3yQsBRuFdIECERZ6C2w7vXyvZq1fa9Bump5zgwofWR
PkaEa+LnOHJ76il4Bhrj6yOXGZENsM9AI1hEITF2fwPOBXnpAwyW6pELBim70wF2
61pgPrlyagMX2asabrKeUGBSqu8LsJeYzLvUROCYEunjTlC0rKo+ahSwiQy81V2p
kKM030hm1rLkPVWRgS7DoDui6inYjOrA/FT6+Q2gs242ngBXyZpjxEbtETT4dmUD
Q8iR1Vwy9quVrbfrJL7m5ZgBDKvWFX82iyQ2ug80iQosqBZD7ZDVD4XaQD9Qry0i
qS4wjs8N4kWSYYBaKDox1A6Arg0zniU74QV1aMvxh9UBz4ZOLFwV21Mp26jGsCBo
jLxQBcXg8zkxUA3HCOir0fr9APu7/Q39Dce6D+DzIpN3zKWHl9VlMyS74/DRRdde
x38Rv8CtC6Mr13fuQJqaqmbzCgYPRs/fQfNED4aLnIV2RIxP9Ignxo54idR6kUjq
+cHTAJfyBnuJ9AYibyO+ok7SblW91fCyh4HY5YcUOCulfQrf18jt4AdmG0WmjTHz
cBx2MHzT01sUfDrrRH2fG9VOzeqywxrLCTB8AgKlkYP3gPkALAuA3dX05y2KGm6/
SaZmdeE2k796kp1UYKp1cGoCiZw/gFl0S1YbSbobBg/U4GnWxe5P05oLh9+fJtqG
zmLSUmIyT18gXmuOAk4roZorVQvMwGl99FvitBaptLysvrZ/hFF926TBIa9/63gY
xkBY2QkDbvqbirlVzo1llWut87KyrDOt86o2b3VWrN8gWO+69967rLHORZXCxmxU
LG7caN1cVVEplDutZS5XxfrKTeWVgtk4v6K6Ym25tdzprHKajfevrqxybiqDoc6q
9c6yTVYYvqmiskyoqKo0G3/cX3rEm+PNt/8bHgqBM41sRTbb/Y8uRCtQhmuzuNpZ
Ubk+e/P6zci5Gn2vOq+scqpgXVcBuxjWY62otE6JArFWOa3Z1vus5VsqBOi2TjIi
vkqE8aKr3HmfNcMVq2esta7eKpRbFy+537q5bM2T5UK2EZXcv7h4UXHRfdaHqpzl
VmFDWaW1qlIbs3pj1ZonrevI3OzsbKtLcFZs3kxWKN8iOMui3ZOGgXBUiVbX5vI1
Fesqytda11RVVgN5gWpAy/LKNc6tm0nFWlMhbLDCMrDEzGgzjF5XsbEcgC2ybqja
XG7dCpCerKyqsdZsKBNIbSogt7aK7P4mTAiaG8rL1pY7oR12s3DTphlW2wPW6nKn
i6wFW66sEuBnhnVT2Va1vLZcXdIKcJ2A6uYKwDE6kUD7X5u5pkrcuJYwan25AEQs
t24sr1wP26xaB7UKl/XJ8q0zrK4q6xqVm7BGxbqthNiDQGFJY00FyOfqcqtLXLOm
3OVaJ24c4g/wd8mGKqcwjDFVorBZFGYMg2BVIYDYri5bvXGrdV1ZxUZrxToiB2uH
pCImBYvmLxgmBg9XbXZZJ1kfqyzfAgwkDNG6rMLWzeWA+pNRggMYl1BetlHYkC2g
jLWoJismosC2SuvUDNdUMuZmSZhZNsO6WgTilFWXAyVVwbRWqDgNE2+gEQibU+sl
Uksea+yZRB7rLY+u8OaHGnyiDcnqw9zm0frHqI/hNg/ptaL/049xBPmHUBw11HYZ
VIiRGvp7QPhDEgQ7HpoDWbV5oDpjzzioz6WYwfp0qP+/9SQj3eMU/GP2UHv+J0ML
FUX9HUVRjJ4FOUhO0Y9SUvUjKGX4o9cr33sSlXQKvuAZpSgUpU+ktKL2pGtfoxT0
6EM2lD1lyhRYI+knlWCTpgF+ybrkFCKoFEqmmeQ4fexJHnoSRyca4IdLTh1sMg/1
JhkTExMNxuRkNnmkKSE5eURy/FA/2gyGQ7C6QP2sA02ybmNVmWoqVGNIDt2mMsGl
6riNFZVPlq/9sWaOYgymxFSUstMEFc3gjR43Qf2HqP8YRXZ4bgL5lif+D1BLAwQU
AAAACADxVfschYWdDqZSAAAPqgAADwAAAE9TMi9TVEVBTFRILkVYRey9fXxU1bU/
fM6eM5nJZJIZQoDwogYNFQR5EVBCoI6YSVIqZQCTcMWAWogxoiLMCLcSCU5SMzlM
L7c/ba32RS62F1vb0ntRUl8gIL9MqlaDoqLSGivVk06qUSOZ6pDzfNfaZ5IJYu3z
3/N8Ps6HzDr7bZ2911577bXWXntYck1AEYqiaIpHMU1FaVXkx6eMU770oyrKE14l
=qBbx
-----END PGP MESSAGE, PART 01/02-----






From nzook at math.utexas.edu  Fri Jul 29 07:11:33 1994
From: nzook at math.utexas.edu (nzook at math.utexas.edu)
Date: Fri, 29 Jul 94 07:11:33 PDT
Subject: NYET to censors, REPOST
Message-ID: <9407291409.AA24554@pelican.ma.utexas.edu>


For those of you who didn't read it all last time...

Copyright 1994, Nathan Zook.  All rights reserved.  Intelectual copyrights
pending.

NYET-- Non-Youths Exhibit Temperance.

Before I start, it may be informative to consider that I consider myself to
be a hard-line member of the Christian Conservative movement, and a hard-
line advocate of electronic privacy.  I am a PhD candidate in mathematics
at the University of Texas of Austin, and I got the Electronic Privacy
language added to the 1994 Republican Party of Texas platform.  I am a
member of Trinty Evangelical Free Church, and am twenty-seven years old.


As the Internet community continues to grow, the differences of conviction
that exists generally in the world find their way into the community.  Some
demand that newcomers to the net adapt to the mores of this society.  Some
demand that the net, as a newcomer to the world, adapt to the outside.  As
recent events have demonstrated, the less reasonable, on both sides, may be
endangering the integrity and availablity of the net.  Calls for net
censorship, it may be expected, will continue to grow unless the net can
find some way to police itself.  Yet "police itself" is a term that sends
the net into fits.  My solution, NYET, is for the appropriate users to
directly censor the data that they might legitmately lay claim to
censoring--data that flows to minors over which they have legal authority
and responsibility.



Specifically, this is a plan to create two sorts of accounts to the net--
adult and minor.  Adult accounts may only be obtained by persons of age
eighteen.  Minor accounts may only be obtained as adjuncts to adult
accounts, refered to as supervisor accounts.  Adult accounts would have
full access to anything on the net.  News readers, telnet, ftp and like
software being operated from a minor account would check a file in the
adult account to allow access.  Newsreaders, in particular, would censor
any posts crossed from a non-allowed account.  The control files in the
supervisory accounts would default to allow-only mode, but could be
selected to deny-only.

The legal framework that I see important in aiding such a system is as
follows:

State Level:
1)  Declare to hold harmless those BBS operators for charges of Contributing
to the Delinquacy of a Minor that obtain and verify the age of account
holders, and maintain a NYET system of access for minors.  Certain
acceptable verification methods specified, with authority to add methods
delegated to a regulatory agency.  Emphasis to be on ease and speed of
verification.  Special consideration for in-house systems.

2)  Make it illegal to misrepresent age and name data to a BBS.  Require
BBS operators to maintain a record of age and name of account holders for
thirty days after opening of account for hold harmless agreement, and
allowing deletion of said data afterwards.

3)  Declare aiding in tampering with NYET system to be "Contributing to the
Delequency of a Minor".

Federal Level:
Pass paralell laws for BBSs operating with local numbers from two or
more states, or for BBSs operating with 800 numbers.



I believe that such a system would protect the full free expression 
currently enjoyed by the net, while reaffirming parental responsibility in 
the upbringing of their children.  The burden of controlling access
devolves all the way to the parents, making charges against BBS operators
patently frivolous.  Porno charges would then be MUCH more difficult to
press, since a jury could be told that specific steps were being taken to
prevent access to minors.  If parents complained that they didn't want to
go to the trouble of spelling out what their children could access, the
response is clear:  "Oh, so it's not worth the effort to you?"



Despite slurs in this group to the contrary, I believe that the proposed 
us.* heirarchy may well be the first in a series of attempts to censor 
the net.  Remember, we already have had a censor for TV, movies, and radio.
It is not really a question of _if_ but _who_ and at _what level_ will this
censoring take place.

Nathan

(Adjusting flame gear)





From vincie at blaze.cs.jhu.edu  Fri Jul 29 07:27:05 1994
From: vincie at blaze.cs.jhu.edu (Michael Ko)
Date: Fri, 29 Jul 94 07:27:05 PDT
Subject: What kind of encryption to incorporate?
Message-ID: <31b3it$o6i@blaze.cs.jhu.edu>


I'm finishing up on a stegography(sp?) program that uses GIF and WAV
files. It was inspired by Cypherella's Stego program for the Mac.
In the program, I incorporate the filename, length, then data to the
GIF or WAV file. RIght now, I just use a basic secrey key encryption.
It will XOR each data byte with a byte in the password and repeat this.
Is there a better way to encrypt the data that is just has easy to code?

Sorry if this an FAQ. I couldn't find an FAQ for this group. 

Michael Ko
 / ...the chances of getting picked up by another/     The Invincible      \
/ ship within those thirty seconds are 2 to the  /    vincie at cs.jhu.edu     \
\ power of 276709 to one against." - From The    \ Computer Science Depart. /
 \ Hitchhiker's Guide to the Galaxy - D. Adams   \ Johns Hopkins University/







From pstemari at bismark.cbis.com  Fri Jul 29 07:29:23 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Fri, 29 Jul 94 07:29:23 PDT
Subject: The penet compromise
In-Reply-To: <940728.224039.3x8.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <9407291428.AA28858@focis.sda.cbis.COM>


> That lessens the probable impact of the return traffic to a rough
> multiplier of 10.  And given the time spread (my experiment yielded
> replies over 4 days), I don't know if this can be counted on to yield a
> denial-of-service attack.  (I suppose it's possible the perp might be
> trying to spam penet in the original sense, by trying to overrun
> arbitrary limits in the server)

I was thinking about this as I thought about the combination of
mail->news gateways such as anon.penet.fi and news autoresponders, and
it stuck me that a denial of service attack could be based on
including a *.test newsgroup in a Reply-To: header, causing the
autoreplies to get posted back into the *.test groups.

Some of the autoresponders seem to be set up to prevent this, others
not.  I don't know if anon.penet.fi is set up to prevent this sort of
regurgitation.

	--Paul





From jya at pipeline.com  Fri Jul 29 07:43:13 1994
From: jya at pipeline.com (John Young)
Date: Fri, 29 Jul 94 07:43:13 PDT
Subject: The penet compromise
Message-ID: <199407291442.KAA09338@pipe2.pipeline.com>



Responding to msg by lcottrell at popmail.ucsd.edu (Lance 
Cottrell) on Fri, 29 Jul  0:41 AM

>My anon ID from this attack is: an118079 at anon.penet.fi  
>I will not be using this ID, and will have it revoked 
>ASAP.  Anything from that account is not from me.

>Lance Cottrell
  


Ditto for me.

False anon ID assigned 29 Jul 94 :  an118197 at anon.penet.fi.

I have never used this service.

John Young





From talon57 at well.sf.ca.us  Fri Jul 29 07:55:52 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Fri, 29 Jul 94 07:55:52 PDT
Subject: anon.penet.fi troubles
Message-ID: <199407291455.HAA09552@well.sf.ca.us>



Julf,

 There has been a rash of discussion about unusual messages from
your server on cypherpunks recently, I received this one today;





From werner at mc.ab.com  Fri Jul 29 07:55:54 1994
From: werner at mc.ab.com (tim werner)
Date: Fri, 29 Jul 94 07:55:54 PDT
Subject: Tuna fish and spam sandwich
Message-ID: <199407291455.KAA05289@sparcserver.mc.ab.com>


>Date: Fri, 29 Jul 94 15:37:44 +0300
>From: Johan Helsingius <julf at penet.fi>
>
>But the whole current server is getting to be a horrible patchwork. I am
>working on a total redesign/rewrite, as well as upgrading the machine and
>the connection, to eliminate the delays and allow PGP. But to do all that,
>I am going to need sponsors/support. Preliminary discussions started
>with a couple of organisations.

I will donate to this cause.  Will you publish or email me an address where
I can send a check?

tw





From jdd at aiki.demon.co.uk  Fri Jul 29 08:09:44 1994
From: jdd at aiki.demon.co.uk (Jim Dixon)
Date: Fri, 29 Jul 94 08:09:44 PDT
Subject: Just say NYET to kneejerking
Message-ID: <2648@aiki.demon.co.uk>


In message <9407291348.AA04027 at snark.imsi.com> perry at imsi.com writes:
> 
> Graham Toal says:
> > 	I must admit that I'm disappointed.  I figured that I would
> >       take some hits, but for people to only scan a post before reaching
> >       for the lighter...
> > 
> > Don't be such a condescending shit.  We read your post clearly enough,
> > thank you very much. Typical control-freak crap.  If you want your
> > little xtian kids to be namby-pamby'd on the net,
> 
> I believe Graham is being rather rude.
> 
Agreed.  You may love sailing and decide to live near a busy harbor.
But if you have children, you will probably want low fences between them
and the water.	When they get older and have better judgement and motor
control, they will also be able to step over the low fence.  This is
the way that most human beings handle their children, with restrictions
that disappear gradually as the children grow up.

The Internet is a wild and exciting place.  You want your children to
get to know it.  But you would also like a way to build little fences
between them and some things that they are just too young to deal with.
How do you do it?
-- 
+-----------------------------------+--------------------------------------+
|  Jim Dixon<jdd at aiki.demon.co.uk>  |	    Compuserve: 100114,1027	   |
|AIKI Parallel Systems Ltd + parallel processing hardware & software design|
|	     voice +44 272 291 316  | fax +44 272 272 015		   |
+-----------------------------------+--------------------------------------+





From joshua at cae.retix.com  Fri Jul 29 09:01:59 1994
From: joshua at cae.retix.com (joshua geller)
Date: Fri, 29 Jul 94 09:01:59 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <2648@aiki.demon.co.uk>
Message-ID: <199407291601.JAA28808@sleepy.retix.com>


jdd at aiki.demon.co.uk (Jim Dixon) writes:
>   In message <9407291348.AA04027 at snark.imsi.com> perry at imsi.com writes:
>   > Graham Toal says:

>   > > 	I must admit that I'm disappointed.  I figured that I would
>   > >       take some hits, but for people to only scan a post before 
>   > >       reaching for the lighter...

>   > > Don't be such a condescending shit.  We read your post clearly enough,
>   > > thank you very much. Typical control-freak crap.  If you want your
>   > > little xtian kids to be namby-pamby'd on the net,

>   > I believe Graham is being rather rude.

>   Agreed.  You may love sailing and decide to live near a busy harbor.
>   But if you have children, you will probably want low fences between them
>   and the water.	When they get older and have better judgement and motor
>   control, they will also be able to step over the low fence.  This is
>   the way that most human beings handle their children, with restrictions
>   that disappear gradually as the children grow up.

>   The Internet is a wild and exciting place.  You want your children to
>   get to know it.  But you would also like a way to build little fences
>   between them and some things that they are just too young to deal with.
>   How do you do it?

I don't guess I rightly care how you raise your kids as long as you
don't to interfere with what I want to do in the process. if you don't
have sufficient authority over your children to prevent them from doing
that which you do not want them to do, sorry, this is not my problem.

josh







From sidney at taurus.apple.com  Fri Jul 29 09:24:52 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 29 Jul 94 09:24:52 PDT
Subject: anon.penet.fi troubles
Message-ID: <9407291624.AA04391@toad.com>


Brian D Williams <talon57 at well.sf.ca.us> wrote (in e-mail to this list, not
to Julf, by the way):

 >There has been a rash of discussion about unusual messages from
 >your server on cypherpunks recently, I received this one today;
 [...]
 >X-Envelope-To: an111447

Checking the subscriber list, I see that an111447 at anon.penet.fi is
subscribed to cypherpunks. It is near the end of the list returned by
Majordomo. Does that mean it was recently added?

This has happened before. If someone uses anonymized mail to subscribe to
this list, then all mail which anybody sends here is going to be sent to
the anonymized address. Anyone who has an id on anon.penet.fi who has not
set up a password and has sent mail to a mailing list such as this one that
has an anonymous subscriber has revealed their identity to that subscriber
if they included their sig in their message. Anyone who did not have an id
who sends a message to this list will end up being assigned one.

I thought that somebody did something the last time this happened to fix
the problem, at least regarding the cypherpunks list. Or was that just
before one of the mailing list crashes, so the problem went away by itself
until this person recently subscribed?

Does it seem to much of a coincidence that an111447 subscribed at the same
time that the alt.test tunafish spam appeared?

 -- sidney <sidney at apple.com>







From gtoal at an-teallach.com  Fri Jul 29 09:29:26 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 29 Jul 94 09:29:26 PDT
Subject: Just say NYET to kneejerking
Message-ID: <199407291626.RAA21127@an-teallach.com>


	I believe Graham is being rather rude.

Deliberately so.  I would hate to cause offense by accident.

G





From gtoal at an-teallach.com  Fri Jul 29 09:32:23 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 29 Jul 94 09:32:23 PDT
Subject: NYET to censors, REPOST
Message-ID: <199407291631.RAA21219@an-teallach.com>


: From: nzook at fireant.ma.utexas.edu

: Specifically, this is a plan to create two sorts of accounts to the net--
: adult and minor.  Adult accounts may only be obtained by persons of age

: The legal framework that I see important in aiding such a system is as

: State Level:

: acceptable verification methods specified, with authority to add methods
: delegated to a regulatory agency.  Emphasis to be on ease and speed of

: 2)  Make it illegal to misrepresent age and name data to a BBS.  Require
: BBS operators to maintain a record of age and name of account holders for

: 3)  Declare aiding in tampering with NYET system to be "Contributing to the
: Delequency of a Minor".

: Federal Level:
: Pass paralell laws for BBSs operating with local numbers from two or
: more states, or for BBSs operating with 800 numbers.

I see a lot of call here for legislation and government control.

Keep your fucking religion out of my face, Zook.  If you want
censored-kiddynet, create your own one privately out of funds
donated by Good Christians, but take your state control and
stuff it where ypu stuff your crucifix.

G





From adam at bwh.harvard.edu  Fri Jul 29 09:53:40 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 29 Jul 94 09:53:40 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <2648@aiki.demon.co.uk>
Message-ID: <199407291652.MAA03609@freud.bwh.harvard.edu>


Jim Dixon:

| The Internet is a wild and exciting place.  You want your children to
| get to know it.  But you would also like a way to build little fences
| between them and some things that they are just too young to deal with.
| How do you do it?

	Find a group of like minded parents.  Join resources together,
and hire someone to write code to do digital reputations & ratings
systems.  Encourage people to 'rate' their postings as G, PG, PG-13, R
or XXX.  (This is the American 'voluntary' movie rating system to
indicate the content of the movies.)

	Then hack up a newsreader/web browser to only connect to those
systems with a reputation behind them and also advertised as whatever
level of violence/sexuality/religiousity/communism that you define as
acceptable for your kids.

	This requires no law, no coersion.  All the tough thinking
work has been done, in terms of creting digital reputations schemes.
Now, all that needs to be done is implementation.  If you do it well,
and create a scheme that allows for multiple webs of trust, multiple
user defined ratings systems, etc, then coincidentally, you will have
created an infrastructure that allows for all sorts of smart
filtering.


Adam

-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From adam at bwh.harvard.edu  Fri Jul 29 09:57:33 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 29 Jul 94 09:57:33 PDT
Subject: What kind of encryption to incorporate?
In-Reply-To: <31b3it$o6i@blaze.cs.jhu.edu>
Message-ID: <199407291656.MAA03632@freud.bwh.harvard.edu>


Michael Ko:

| I'm finishing up on a stegography(sp?) program that uses GIF and WAV
| files. It was inspired by Cypherella's Stego program for the Mac.
| In the program, I incorporate the filename, length, then data to the
| GIF or WAV file. RIght now, I just use a basic secrey key encryption.
| It will XOR each data byte with a byte in the password and repeat this.
| Is there a better way to encrypt the data that is just has easy to code?

	A filename and length give away the fact that something is
hidden.  If you only hide encrypted data, and no plaintext of any
sort, then the file can not be automatically detected; it can ony be
seen by someone who can decrypt it.

	There are lots of real encryption schemes beyond XOR out
there.  Take a look at the source archive in goblin.dsi.unimi.it

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From jchoate at austin.cc.tx.us  Fri Jul 29 08:07:48 1994
From: jchoate at austin.cc.tx.us (Jim Choate)
Date: Fri, 29 Jul 1994 10:07:48 -0500
Subject: (fwd) Re: Surveillance Equipment...
Message-ID: <199407291507.KAA24744@monk.austin.cc.tx.us>

Path: monk.austin.cc.tx.us!news.tamu.edu!cs.utexas.edu!howland.reston.ans.net!gatech!news-feed-1.peachnet.edu!news.duke.edu!MathWorks.Com!news2.near.net!news.delphi.com!usenet
From: cosmic_agent at delphi.com
Newsgroups: alt.bbs.ads
Subject: Re: Surveillance Equipment...
Date: Thu, 28 Jul 94 01:58:08 -0500
Organization: Delphi (info at delphi.com email, 800-695-4005 voice)
Lines: 53
Message-ID: <hmwwj64.cosmic_agent at delphi.com>
References: <E5B0B99A at ocr.com>
NNTP-Posting-Host: bos1c.delphi.com
X-To: jeff kaczor <JEFF.KACZOR at ocr.com>

jeff kaczor <JEFF.KACZOR at ocr.com> writes:
 
>            Surveillance & Counter Surveillance Equipment!
>
>                   Executive Protection Products Inc.
>
>       BBS (707) 257-3327  Phone (707) 253-7142  Fax (707) 253-7149
>
>                Specializing in: Business Control Systems
>
>Featuring:
>
 
 
> Online Product Ordering               Telephone Scramblers
> Bulletproof Vest & materials          Fax Encryptors
> Armored Cars                          Article Surveillance
> Video Surveillance Systems            Weapons Detectors
> Covert Video Operations               Minox Cameras
> Training Services                     Professional Industrial Radios
> Telephone Recording Systems           Scanners & Monitors
> "Tap" & "Bug" Detection Services      Communications Security
> Intelligence Bookshelf                Worldwide System Design & Counsul
> Intelligence Video Tapes              Extensive Online Library
 
 
>Comming Soon:
>
> Online Information Brokerage          Encrypted Message Network
> Online National Telephone Directory   Internet Access
> Online Investigational Searches       Online Credit Reports
>
>And much more!
>
>Call today! (707) 253-7142
>Business Hours from 9am to 5pm Pacific Standard Time.
 
 
>
>24 Hour Bulletin Board Access. (707) 257-3327 {Three Nodes}
 
This is great. There is everything here to bust the Secret Underground
Society out of my kid's an my life.
 
Cheers
--
 ------------------------------------------------------------------------------
 Spock! Hell This        |                           | Jim! What Do You Want
 Civilization Uses       |                           | Me To Use First?
 Reverse Thinking!       |  COSMIC_AGENT at delphi.com  |
                         |                           | Photon Torpedoes Or
                         |  Bob                      | Phaser Fire?
 ------------------------------------------------------------------------------






From rel at lipo.ping.at  Fri Jul 29 10:09:12 1994
From: rel at lipo.ping.at (Roland E. Lipovits)
Date: Fri, 29 Jul 94 10:09:12 PDT
Subject: anon.penet.fi troubles
In-Reply-To: <199407291455.HAA09552@well.sf.ca.us>
Message-ID: <5TlUcd1rwfB@lipo.ping.at>


Hello Brian,

in article <199407291455.HAA09552 at well.sf.ca.us> at /ML.Cypherpunks
you wrote:

(...)
 > your server on cypherpunks recently, I received this one today;
 >
 > From daemon at anon.penet.fi Fri Jul 29 01:08:33 1994
 > From: daemon at anon.penet.fi
 > Date: Fri, 29 Jul 94 10:11:46 +0300
 > To: talon57 at well.sf.ca.us
 > Subject: Anonymous message failed (wrong password)
(...)
 > X-Envelope-To: an111447
 > Received: from relay2.UU.NET by anon.penet.fi (5.67/1.35)
 >         id AA20854; Thu, 28 Jul 94 22:44:56 +0300
 > Received: from toad.com by relay2.UU.NET with SMTP
 >         id QQxanv11527; Thu, 28 Jul 1994 15:47:30 -0400
 > Received: by toad.com id AA20384; Thu, 28 Jul 94 12:00:25 PDT
 > Received: from well.sf.ca.us by toad.com id AA20148; Thu, 28 Jul 94
 > 11:59:05 PDT
 > Received: (from talon57 at localhost) by well.sf.ca.us (8.6.9/8.6.9)
 > id LAA16258 for cypherpunks at toad.com; Thu, 28 Jul 1994 11:53:34
 > -0700
 > Date: Thu, 28 Jul 1994 11:53:34 -0700
 > From: Brian D Williams <talon57 at well.sf.ca.us>
 > Message-Id: <199407281853.LAA16258 at well.sf.ca.us>
 > To: cypherpunks at toad.com
 > Subject: "Just say NYET to NYET"
 > Sender: owner-cypherpunks at toad.com
 > Precedence: bulk
 >
 >
 >  The message in question was sent by me to cypherpunks at toad.com
 > from my account at talon57 at well.sf.ca.us and nowhere else.

Could it be that an111447 at anon.penet.fi has subscribed to the cypherpunks- 
list. The mail-header looks like cypherpunks at toad.com is forwarding your  
mail to the anon-account.

Regards,
Lipo

--
** PGP Key via EB/RRQ **
## CrossPoint v3.02 R ##





From daemon at anon.penet.fi  Fri Jul 29 00:11:46 1994
From: daemon at anon.penet.fi (daemon at anon.penet.fi)
Date: Fri, 29 Jul 94 10:11:46 +0300
Subject: Anonymous message failed (wrong password)
Message-ID: <13f4d4006823fcba1b3486c34509198f@NO-ID-FOUND.mhonarc.org>


The message you sent to the anonymous server could not be
processed, as your
password (in the X-Anon-Password: header) didn't match the one
stored in the
server. Either you have made a mistake, or somebody has used your
account and
changed the password. If the latter is the case, please contact
admin at anon.penet.fi.

Contents of failed message:

 -------------------------
X-Envelope-To: an111447
Received: from relay2.UU.NET by anon.penet.fi (5.67/1.35)
        id AA20854; Thu, 28 Jul 94 22:44:56 +0300
Received: from toad.com by relay2.UU.NET with SMTP 
        id QQxanv11527; Thu, 28 Jul 1994 15:47:30 -0400
Received: by toad.com id AA20384; Thu, 28 Jul 94 12:00:25 PDT
Received: from well.sf.ca.us by toad.com id AA20148; Thu, 28 Jul 94
11:59:05 PDT
Received: (from talon57 at localhost) by well.sf.ca.us (8.6.9/8.6.9)
id LAA16258 for cypherpunks at toad.com; Thu, 28 Jul 1994 11:53:34
-0700
Date: Thu, 28 Jul 1994 11:53:34 -0700
From: Brian D Williams <talon57 at well.sf.ca.us>
Message-Id: <199407281853.LAA16258 at well.sf.ca.us>
To: cypherpunks at toad.com
Subject: "Just say NYET to NYET"
Sender: owner-cypherpunks at toad.com
Precedence: bulk


 The message in question was sent by me to cypherpunks at toad.com
from my account at talon57 at well.sf.ca.us and nowhere else.

 It looks as if someone is redirecting mail improperly.

Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 





From tcmay at netcom.com  Fri Jul 29 10:32:44 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 10:32:44 PDT
Subject: "Just say 'No' to key escrow."
In-Reply-To: <199407291301.AA08440@poboy.b17c.ingr.com>
Message-ID: <199407291732.KAA03851@netcom9.netcom.com>


Paul Robichaux writes:

> No doubt. But what does the OS provider gain from including encryption
> in the OS? At present, customers aren't demanding it. Why add SKE at
> all when no one's asking for it?

Ah, the exact question for us to be asking! "Why add SKE at all when
no one's asking for it?" Indeed.

Why the upcoming conference on key escrow? Why the representatives
from Germany, Netherlands, France, etc.?

Where is the public debate about these things? (I'm not claiming, by
the way, that corporations have to debate with the public before
developing features--I'm a free market sort. But it's clear that more
than just isolated product developments are involved. The extent of
collusion between vendors and goverments is unclear, but signs point
to such collusion.)

> FWIW I agree with Tim: it's time to start asking the OS vendors some
> hard questions. I'll volunteer to talk to Apple. Tim & Blanc Weber
> seem to have good wires into Microsoft.

We may be able to rally enough opposition this time around to make
work on SKE an "unsocial" thing to do (Recall our strategy of making
Clipper vendors corporate outcasts, with our "Big Brother Inside"
approach?).

> Finally, never forget the power of "divide & conquer"; if MS does
> something unpalatable, that gives Novell, Apple, et al a reason _not_
> to do that same thing.

"Just say 'No" to key escrow."

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hughes at ah.com  Fri Jul 29 10:47:07 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 29 Jul 94 10:47:07 PDT
Subject: NYET and international data services
Message-ID: <9407291714.AA02880@ah.com>


Even in the NYET proposal were implemented, it wouldn't accomplish
it's own objectives.  The existence of international data services,
not under the purview of the cabal of governments administering a
hypothetical mandatory rating system, would provide an end run around
any attempt at censorship.  The only alternative would be to shut down
international data links.

Whatever material someone might find objectionable will still exist,
because the proposal doesn't call for its suppression, merely its
labelling.  That objectionable material will go outside the bounds of
the system, and right back in.  In order to be effective, the system
would have to prevent telnetting to arbitrary international sites.

Do you really suppose China would participate in a Western-values (of
any sort) madatory rating system?  Please.  And I, for one, would be
happy to run data services out of China, and the Chinese would be
happy for the foreign exchange.

I have, in fact, considered putting up just such a service in
Tiajuana, right across the border from San Diego.  I might even be
able to use radio or laser links to cross the border, and not even
deal with international telecom arrangements.  Someone wants a non-US
web page?  I could sell them one.  They don't tell me their name, and
I can't tell anyone else.  If someone is offended, they get to sue in
Mexican court.

Internationalization solves most problems of local restriction, de
facto.  You won't be able to do mandatory ratings of any kind because
every jurisdiction, even the USA, is a local jurisdiction.

Eric





From blancw at microsoft.com  Fri Jul 29 10:48:21 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 10:48:21 PDT
Subject: No SKE in Daytona and other goodies
Message-ID: <9407291748.AA20092@netmail2.microsoft.com>


From: Timothy C. May

"If Microsoft has never met with NIST/NSA or Denning or TIS on this matter,
and was only pursuing SKE research on its own initiative, without any
incentives or threats from the government, then I will withdraw my
speculations and cheer Microsoft on."
...................................................

And then you can say:	Blanc was right all along;
			I really had nothing to worry about.
			Signed:  Tim C May


"We need to see a public debate on software key escrow, regardless of
Microsoft's involvement one way or another. And we shouldn't wait until the
press conference is held to announce the program!"
.......................................................

I would like to see more explanations on key escrow, myself.   To me, 
the issue is control:  who gets it, who excercises it, who will try to 
prevent an individual from their right to exert it.

How does the mere existence of a system of key escrow necessitate that 
no one will ever again have the means to secure their privacy?   I do 
understand the difference in the situation of an individual in a 
corporate environment using a given software environment, vs the 
individual at home with their own pc trying to access the internet & 
send email.

But you all write code:  you have ideas on how to deal with this, right?

Do you think that having created a means to an end, that it will be 
impossible to retain ownership and control of it?  In the present 
political atmosphere, there are many ownership issues being threated.  
The government's position is to take away the means to an end, thereby 
preventing the whole problem of having to think about who has the right 
to use it or not.

Do you think that preventing companies from implementing their own key 
escrow schemes, this will eliminate the problem of having to fight with 
the government over the keys?

Blanc









From andy at autodesk.com  Fri Jul 29 10:50:10 1994
From: andy at autodesk.com (Andrew Purshottam)
Date: Fri, 29 Jul 94 10:50:10 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <199407290812.BAA11924@netcom2.netcom.com>
Message-ID: <199407291749.KAA26655@meefun.autodesk.com>


A technical question about the proposed SKE schemes: are they a proper superset
of non-escrowed pgp/ripem type systems (pk for key exchange/auth, private
session keys for privacy)? As a previous poster mentioned, users
could select null or locally controlled key escrow agents, and effectively
have a non-escrowed system. This would be possible only if the 
users one wished to communicate with did co-operate, and did somehow
exchange public keys with you in a non-escrowed fashion, right? 
Is this then a strong argument for the web-of-trust model?

If I am tottaly out in left field here, feel free to berate me
in private mail, and I'll post no further on this.

Andy






From berzerk at xmission.xmission.com  Fri Jul 29 10:54:31 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 29 Jul 94 10:54:31 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <9407290326.AA16170@owl.ma.utexas.edu>
Message-ID: <Pine.3.89.9407291150.A22625-0100000@xmission>




On Thu, 28 Jul 1994 nzook at math.utexas.edu wrote:

> I must admit that I'm disappointed.  I figured that I would take some hits,
> but for people to only scan a post before reaching for the lighter...
Hi, I hope that you read mine.  I am favorable to EVERTHING you are 
saying EXCEPT the identification part.  It is too much power.  You have 
no need for this.  Just make dsclosure of age bracket mandatory.  This 
gives the "beast" the minimal information to play with and does EXACTLY 
what you want to do.  

Also, I would be very interested in trying to provide a censorship 
service.  I think the most valuable thing you could do is to provide 
services orented to this.

Berzerk.






From tcmay at netcom.com  Fri Jul 29 10:54:40 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 10:54:40 PDT
Subject: NYET -- Non-Yids Extinguish Traitors
In-Reply-To: <9407291409.AA24554@pelican.ma.utexas.edu>
Message-ID: <199407291754.KAA05958@netcom9.netcom.com>



> Copyright 1305, El-Tim Shabbaz Al-May.  


> NYET-- Non-Yids Extinguish Traitors.
> 
> Before I start, it may be informative to consider that I consider myself to
> be a hard-line member of the Islamic Students movement, and a hard-
> line advocate of electronic privacy.  

We Islamic Fundamentalists are very worried about the exposure of
Allah's children to the den of vipers that Infidels call "the Net."
("The Pit" is a much better name, in more ways than one.)

NYET proposes to create two sorts of accounts on the net: Believers and
Infidels.

Believers would be denied access to all but the blessed groups
(currently, only alt.fan.salman.rushdie.kill.kill.kill). Infidels
would be denied access to all groups.


> The legal framework that I see important in aiding such a system is as
> follows:
> 
> 1)  Declare to hold harmless those BBS operators for charges of Contributing
> to the Delinquacy of Allah's Children that verify the age of account
> holders, and maintain a NYET system of access for Believers...

> 2)  Make it illegal to misrepresent age and name data to a BBS.  Require
> BBS operators to maintain a record of age and name of Believers.

> 3)  Declare aiding in tampering with NYET system to be "Contributing to a
> Crime Against God."

> I believe that such a system would protect the full free expression 
> currently enjoyed by the Pit, ensuring that blashemers are detected
> and punished, that illegal publications are halted, that children are
> not exposed to evil ideas, and the Pit is cleansed of Non-Believers.

God is Great!

Allah's Humble Sword of Vengeance, 

--El-Tim Shabbaz Al-May


-- 





From berzerk at xmission.xmission.com  Fri Jul 29 11:03:36 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 29 Jul 94 11:03:36 PDT
Subject: penet hack
In-Reply-To: <199407291254.NAA14151@an-teallach.com>
Message-ID: <Pine.3.89.9407291220.A22625-0100000@xmission>




On Fri, 29 Jul 1994, Graham Toal wrote:

> Does anyone know what all these names have in common?  These are
> some of the userids that the person hacking penet has been trying
> to find.  They don't all look like either cypherpunks or usenet
> crypto people to me.
Mail them and ask them where they hang out.

Berzerk.






From berzerk at xmission.xmission.com  Fri Jul 29 11:03:49 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 29 Jul 94 11:03:49 PDT
Subject: Catch-22
In-Reply-To: <199407291135.MAA10865@an-teallach.com>
Message-ID: <Pine.3.89.9407291134.A22625-0100000@xmission>




On Fri, 29 Jul 1994, Graham Toal wrote:
> I doubt very much they tracked him down.  I imagine some two-faced
> back-stabbing shit on sci.crypt or cypherpunks shopped him.  I didn't
> agree with his attitude over the PGP hacks either, but this sort of
On that note I will never buy a Phil Zimmerman product as long as I live.
Rats are scum.

Berzerk.






From blancw at microsoft.com  Fri Jul 29 11:04:04 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 11:04:04 PDT
Subject: Just say NYET to kneejerking
Message-ID: <9407291804.AA20946@netmail2.microsoft.com>


From: "Perry E. Metzger"

	Graham Toal says:

	>
	> Don't be such a condescending shit.  We read your post clearly enough,
	> thank you very much. Typical control-freak crap.  If you want your
	> little xtian kids to be namby-pamby'd on the net,

I believe Graham is being rather rude.
.......................................................................

I myself do not find Graham's rudeness offensive, as long as it's 
funnier than Perry's.

Blanc





From pjm at gasco.com  Fri Jul 29 11:06:27 1994
From: pjm at gasco.com (Patrick J. May)
Date: Fri, 29 Jul 94 11:06:27 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <9407290326.AA16170@owl.ma.utexas.edu>
Message-ID: <m0qTwJb-0004uqC@athena.gasco.com>


nzook at math.utexas.edu writes:
 > I must admit that I'm disappointed.  I figured that I would take some hits,
 > but for people to only scan a post before reaching for the lighter...

     I must admit that I'm disappointed.  I figured people on this
list would assume good faith on the part of other list members until
it was demonstrated otherwise.

     I read your entire post.  You advocate using the government to
force people to behave as you see fit.  I pointed out that the
services you want could be offered without the need for more
legislation.

 > 2- The censorship that I advance is censorship _by parents_ _for their own
 >    children_.  Only.  
 >  
 >    People have talked about cable boxxes and telephones.  Are you not aware
 >    that many cable companies offer boxes with a (physical) key that must be
 >    present in order for certain channels to come through?  That the phone
 >    companies currently allow customers to disallow outgoing 900 calls?  My
 >    idea is to implement a net-equivalent system--household by household
 >    determination of what will be allowed into their homes.

     The cable and telephone companies _offer_ these services.  You
propose mandating what is provided.

 > 3- In this system, the work to determine which parts of the net to allow/
 >    disallow access to falls entirely on the parents.

     And on the Department of Internet Connectivity and Hiding Erotic
Data (DICHED).

 > 4- I believe that this system could be used to gain the protection sysops
 >    deserve.  

     What's wrong with leaving the sysops free to protect themselves
as they see fit?

Regards,

Patrick May
------------------------------------------------------------------------
                              "A contract programmer is always intense."
pjm at gasco.com





From blancw at microsoft.com  Fri Jul 29 11:07:38 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 11:07:38 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <9407291807.AA21211@netmail2.microsoft.com>


From: Timothy C. May

"If Microsoft has never met with NIST/NSA or Denning or TIS on this matter,
and was only pursuing SKE research on its own initiative, without any
incentives or threats from the government, then I will withdraw my
speculations and cheer Microsoft on."
...................................................

And then you can say:	Blanc was right all along;
			I really had nothing to worry about.
			Signed:  Tim C May


"We need to see a public debate on software key escrow, regardless of
Microsoft's involvement one way or another. And we shouldn't wait until the
press conference is held to announce the program!"
.......................................................

I would like to see more explanations on key escrow, myself.   To me, 
the issue is control:  who gets it, who excercises it, who will try to 
prevent an individual from their right to exert it.

How does the mere existence of a system of key escrow necessitate that 
no one will ever again have the means to secure their privacy?   I do 
understand the difference in the situation of an individual in a 
corporate environment using a given software environment, vs the 
individual at home with their own pc trying to access the internet & 
send email.

But you all write code:  you have ideas on how to deal with this, right?

Do you think that having created a means to an end, that it will be 
impossible to retain ownership and control of it?  In the present 
political atmosphere, there are many ownership issues being threated.  
The government's position is to take away the means to an end, thereby 
preventing the whole problem of having to think about who has the right 
to use it or not.

Do you think that preventing companies from implementing their own key 
escrow schemes, this will eliminate the problem of having to fight with 
the government over the keys?

Blanc









From berzerk at xmission.xmission.com  Fri Jul 29 11:16:17 1994
From: berzerk at xmission.xmission.com (Berzerk)
Date: Fri, 29 Jul 94 11:16:17 PDT
Subject: NYET to censors, REPOST
In-Reply-To: <9407291409.AA24554@pelican.ma.utexas.edu>
Message-ID: <Pine.3.89.9407291235.A22625-0100000@xmission>




On Fri, 29 Jul 1994 nzook at math.utexas.edu wrote:
> Specifically, this is a plan to create two sorts of accounts to the net--
> adult and minor.  Adult accounts may only be obtained by persons of age
Ok.  This is arguable itself, but there are a couple comments in the 
legal framework section that are VERY imprtant.

> State Level:
> 1)  Declare to hold harmless those BBS operators for charges of Contributing
> to the Delinquacy of a Minor that obtain and verify the age of account
> holders, and maintain a NYET system of access for minors.  Certain
> acceptable verification methods specified, with authority to add methods
> delegated to a regulatory agency.  Emphasis to be on ease and speed of
> verification.  Special consideration for in-house systems.
Sure, this is great.  No problems.  This should include visual inspection 
for those who can be verified at a glance, or personal knowledge(like a 
conversation about what you were doing when kenedy died, or the working 
of a company a child would not remember.)

>2)  Make it illegal to misrepresent age and name data to a BBS.  Require
NO!  2 options.,

Make it illegal for a MINOR to misrepresent age and name data to a BBS.

or

Make it illegal to misrepresent age bracket(minor, adult) to a BBS.

> BBS operators to maintain a record of age and name of account holders for
> thirty days after opening of account for hold harmless agreement, and
> allowing deletion of said data afterwards.
The deletion of said data is a nice touch.  I think that this could be 
subject to the same slippery slope arguments that has been used with the 
FFL, though, uping the requirements, raising the time, adding information.

Don't give them an electronic platform that they can amend things onto 
that we will all regret.

> 3)  Declare aiding in tampering with NYET system to be "Contributing to the
> Delequency of a Minor".
?????  This would seem to be covered by 2), what is the deal?  
Forgeries?  If so, I would be concerned about enforcemnent.

> Federal Level:
> Pass paralell laws for BBSs operating with local numbers from two or
> more states, or for BBSs operating with 800 numbers.
NO!  Just cover them in both states.  We know that the feds will try and 
turn this into a national id card and database, they have tried with 
healthcare, drivers licences, tax data, ......... the list is as long as 
my arm.

> I believe that such a system would protect the full free expression 
> currently enjoyed by the net, while reaffirming parental responsibility in 
> the upbringing of their children.  The burden of controlling access
> devolves all the way to the parents, making charges against BBS operators
> patently frivolous.  Porno charges would then be MUCH more difficult to
> press, since a jury could be told that specific steps were being taken to
> prevent access to minors.  If parents complained that they didn't want to
> go to the trouble of spelling out what their children could access, the
> response is clear:  "Oh, so it's not worth the effort to you?"
True, I agree that an effort to head this off is warented, and would work 
for this here.  Send me private e-mail for further discussion.

Roger Bryner.






From tcmay at netcom.com  Fri Jul 29 11:48:54 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 11:48:54 PDT
Subject: FW: No SKE in Daytona and other goodies
In-Reply-To: <9407291807.AA21211@netmail2.microsoft.com>
Message-ID: <199407291848.LAA11383@netcom9.netcom.com>


Blanc Weber wrote:

> From: Timothy C. May
> 
> "If Microsoft has never met with NIST/NSA or Denning or TIS on this matter,
> and was only pursuing SKE research on its own initiative, without any
> incentives or threats from the government, then I will withdraw my
> speculations and cheer Microsoft on."
> ...................................................
> 
> And then you can say:	Blanc was right all along;
> 			I really had nothing to worry about.
> 			Signed:  Tim C May

No, I obviously won't sign that ;-}. First, Blanc has said many
things, even expressing her own concerns about the implications of
SKE, so this statement is overly broad. Second, "I really had nothing
to worry about" is under no circumstances true.

But my main point here will be to comment on the *infrastructure* that
SKE implies, and whey even a "voluntary" system is worrisome.

> I would like to see more explanations on key escrow, myself.   To me, 
> the issue is control:  who gets it, who excercises it, who will try to 
> prevent an individual from their right to exert it.

Yes, more debate is needed. I've seen essentially no mention of it in
the press, though I understand some articles will soon be coming.

For an idea with such ramifications, with a conference of
international scope, and with folks withing software companies already
briefed on this new idea, I'd say it's high time to get the public
debate started.

> How does the mere existence of a system of key escrow necessitate that 
> no one will ever again have the means to secure their privacy?   I do 
> understand the difference in the situation of an individual in a 
> corporate environment using a given software environment, vs the 
> individual at home with their own pc trying to access the internet & 
> send email.

"Key escrow" does not automatically imply loss of privacy. For
example, I have a diskette containing my keys which I store off-site,
to protect myself from loss of my computer. Likewise, I could deposit
copies of keys, or cryptosplit files, with a lawyer, a key escrow
service, etc. Ditto inside corporations.

But what is the reason of the involvement of "law enforcement" and the
"intelligence community" in this matter? I refer you all to the
upcoming conference agenda, the involvement of NIST/NSA, TIS, Denning,
and FBI Director Louis Freeh. Look at the papers being presented at
the conference.

Any questions?

> Do you think that having created a means to an end, that it will be 
> impossible to retain ownership and control of it?  In the present 
> political atmosphere, there are many ownership issues being threated.  
> The government's position is to take away the means to an end, thereby 
> preventing the whole problem of having to think about who has the right 
> to use it or not.

That's a good point. The government apparently wants to limit the free
and personal use of crypto, to create a SKE system where Clipper
failed. I am certainly not alone in drawing this conclusion.

Vague statements about it all being voluntary are hardly consistent
with the involvement of law enforcement, other intelligence agencies,
the export control folks, and the police and intelligence agencies of
other nations.

(Some Cyperpunks get very indignant when the issues of gun control and
crypto are linked, but this is an obvious case of strong parallels.
Those that know about gun registration, limits on ammunition sales,
licensing, etc., will already know about the parallels. Those that
don't are probably not gun rights advocates, so they won't be
persuaded.)

> Do you think that preventing companies from implementing their own key 
> escrow schemes, this will eliminate the problem of having to fight with 
> the government over the keys?

I don't proprose to "prevent" any company from exploring key escrow. I
just don't see why law enforcement, intelligence agencies, etc. have
anything to do with this, and I am very worried by the arguments I
hear about "legitimate needs of law enforcement" and "export laws."

If Microsoft or Novell or Apple wishes to offer products that support
easy use of software key escrow, fine. It's a dangerous temptation to
government to take their voluntary systems and make them mandatory (as
I suspect is the goal, soon enough), but I would not try to use the
law to stop them. I might try to use public pressure, but I'd have to
wait and see what their scheme looked like.

Any hint that the systems used were developed with government backing,
with "incentivization," or with protocols especially suited for
eventual mandatory use, would of course change everything....then I
would favor doing more.

We're in a new kind of situation. Technologies are no longer just
"free market" issues, they often get developed with government inputs,
with collusion with other companies (where the government sanctions
and even encourages this collusion), and where the infrastructure of a
police state is possibly being deployed.

So let's be vigilant.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ravage at bga.com  Fri Jul 29 11:52:14 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 29 Jul 94 11:52:14 PDT
Subject: (fwd) Re: Surveillance Equipment... (fwd)
Message-ID: <199407291851.NAA22148@zoom.bga.com>


Forwarded message:


From jdd at aiki.demon.co.uk  Fri Jul 29 11:52:19 1994
From: jdd at aiki.demon.co.uk (Jim Dixon)
Date: Fri, 29 Jul 94 11:52:19 PDT
Subject: Just say NYET to kneejerking
Message-ID: <2682@aiki.demon.co.uk>


In message <199407291601.JAA28808 at sleepy.retix.com> joshua geller writes:

> >   The Internet is a wild and exciting place.  You want your children to
> >   get to know it.  But you would also like a way to build little fences
> >   between them and some things that they are just too young to deal with.
> >   How do you do it?
>
> I don't guess I rightly care how you raise your kids as long as you
> don't to interfere with what I want to do in the process. if you don't
> have sufficient authority over your children to prevent them from doing
> that which you do not want them to do, sorry, this is not my problem.

My little fences are on my land.  If you cross over my little fences, so
are you.

I think that what I was trying to politely suggest is that the proper
place for the proposed access restrictions is not out there on every
system on the Internet, but instead on your own system.

Politeness rarely does any harm.
--
Jim Dixon





From xentrac at enzu.unm.edu  Fri Jul 29 11:52:25 1994
From: xentrac at enzu.unm.edu (Kragen J Sittler)
Date: Fri, 29 Jul 94 11:52:25 PDT
Subject: No Subject
Message-ID: <m0qTx2F-0001rsC@enzu.unm.edu>


Path: lynx.unm.edu!jobone!newsxfer.itd.umich.edu!europa.eng.gtefsd.com!howland.reston.ans.net!usc!elroy.jpl.nasa.gov!decwrl!waikato!auckland.ac.nz!news
From: pgut1 at cs.aukuni.ac.nz (Peter Gutmann)
Newsgroups: alt.security,comp.security.misc
Subject: SFS 1.08 beta released
Date: 18 Jul 1994 13:41:41 GMT
Organization: University of Auckland
Lines: 76
Sender: pgut1 at cs.aukuni.ac.nz (Peter Gutmann)
Message-ID: <30e0ql$743 at ccu2.auckland.ac.nz>
NNTP-Posting-Host: cs13.cs.aukuni.ac.nz
X-Newsreader: NN version 6.5.0 #7 (NOV)
Xref: lynx.unm.edu alt.security:17535 comp.security.misc:10445



I've just released the latest beta of my encrypting filesystem software.  
Hopefully this will be the final beta before the full release.  It's 
available from:
 
    ftp.informatik.uni-hamburg.de (134.100.4.42)
 
as:
    /pub/virus/crypt/disk/sfs_108.zip
 
Version 1.08 fixes a number of minor problems which cropped up in the 1.07 
beta.  The SFS release announcement follows.
 
Peter.
 
 
SFS (Secure FileSystem) is a set of programs which create and manage a 
number of encrypted disk volumes, and runs under both DOS and Windows. Each 
volume appears as a normal DOS drive, but all data stored on it is encryped 
at the individual-sector level.  Encrypted volumes can be loaded and 
unloaded as required, and can be quickly unloaded with a user-defined 
hotkey, or automatically unloaded after a period of inactivity.  They can 
also be converted back to normal DOS volumes, or have their contents 
destroyed.  The documentation includes an in-depth analysis of various 
security aspects of the software, as well as fairly complete design and 
programming details.
 
SFS has the following features:
 
  - The current implementation runs as a standard DOS device driver, and
    therefore works with both plain MSDOS or DRDOS as well as other
    software such as Windows, QEMM, Share, disk cacheing software, Stacker,
    JAM, and so on.
 
  - Up to five encrypted volumes can be accessed at any one time, chosen
    from a selection of as many volumes as there is storage for.
 
  - Volumes can be quickly unmounted with a user-defined hotkey, or
    automatically unmounted after a certain amount of time.  They can
    also be converted back to unencrypted volumes or have their contents
    destroyed if required.
 
  - The software contains various stealth features to minimise the
    possibility of other programs monitoring or altering its operation.
 
  - The encryption algorithms used have been selected to be free from
    any patent restrictions, and the software itself is not covered by
    US export restrictions as it was developed entirely outside the US
    (although once a copy is sent into the US it can't be re-exported).
 
  - SFS complies with a number of national and international data
    encryption standards, among them ANSI X3.106, Federal Information
    Processing Standard (FIPS) 180, Australian Standard 2805.5.2, ISO
    10116:1991 and ISO 10126-2:1991, and is on nodding terms with
    several other relevant standards.
 
  - The documentation includes fairly in-depth analyses of various
    security aspects of the software, as well as complete design and
    programming details necessary to both create SFS-compatible software
    and to verify the algorithms used in SFS.
 
  - Reasonable throughput and size.  One beta-tester has reported a
    throughput of 250 K/s for the basic version and 260 K/s for the 486+
    version on his 486 system when copying a file with the DOS copy
    command from one location on an SFS volume to another (I get about
    160 K/s on my vanilla 386 box). The resident portion requires 6.5K
    of memory, and can be loaded high if desired.
 
  - Direct access to IDE and SCSI drives is available for better
    performance and for drives which aren't normally accessible to DOS
    (for example systems with more than 2 hard drives).
 
SFS 1.1 is a maintenance release which fixes a few minor problems in 1.0, and
adds a number of features suggested by users (the current release is a the 
1.08 beta).  More details on changes are given in in the README file.





From ravage at bga.com  Fri Jul 29 12:09:23 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 29 Jul 94 12:09:23 PDT
Subject: NYET to censors, REPOST
In-Reply-To: <9407291409.AA24554@pelican.ma.utexas.edu>
Message-ID: <199407291903.OAA22735@zoom.bga.com>


> 
> State Level:
> 1)  Declare to hold harmless those BBS operators for charges of Contributing
> to the Delinquacy of a Minor that obtain and verify the age of account
> holders, and maintain a NYET system of access for minors.  Certain
> acceptable verification methods specified, with authority to add methods
> delegated to a regulatory agency.  Emphasis to be on ease and speed of
> verification.  Special consideration for in-house systems.
>
The best way to impliment this is to have no kind of verification done by
the BBS operator on their callers. This is the way that I run my system.
I am *NOT* responsible legaly, ethicaly, moraly, etc. for who calls my
system and uses it. If mommy or daddy don't want their kids to have virus
software or pictures of naked ladies then that is their problem not mine.
I refuse to take on a parents responsibility. (period)

> 2)  Make it illegal to misrepresent age and name data to a BBS.  Require
> BBS operators to maintain a record of age and name of account holders for
> thirty days after opening of account for hold harmless agreement, and
> allowing deletion of said data afterwards.
>
Since there is no legal need to demonstrate age why should it be illegal
to misrepresent it? Why do I want to become part of the law enforcement 
community in the first place? I want to run a BBS, not become a oink-droid.

As to name, sorry but I specificaly have a 'guest' account on my system
and handles are fine as well. People have no responsibility to give me their
real name and I have no responsibility to ask.

As to deletion, I reserve the right to throw somebody off *MY* system for
any reason I deem worthy (incl. having a shitty day). It is my systems and
nobody should be able to set my admission standards.

> 
> I believe that such a system would protect the full free expression 
> currently enjoyed by the net, while reaffirming parental responsibility in 
> the upbringing of their children.  The burden of controlling access
> devolves all the way to the parents, making charges against BBS operators
> patently frivolous.  Porno charges would then be MUCH more difficult to
> press, since a jury could be told that specific steps were being taken to
> prevent access to minors.  If parents complained that they didn't want to
> go to the trouble of spelling out what their children could access, the
> response is clear:  "Oh, so it's not worth the effort to you?"
> 
>
Protect the full expression of everyone but the BBS operator. Folks a 
BBS is equivalent to a newspaper or other 'press'. The only person on there
who has a 'right' is the person operating it. Don't give it up just because
somebody else is too busy to trust their kids.

The burden of cotrolling access devolves to the parent...period.

You sue me, I sue you in Federal court for civil liberty infringement.

Porno doesn't exist except in a seriously neurotic or anal retentive persons
midget mind. We are born naked, we die naked, why is it not ok to look at 
living people naked? 

My general responce is that if 'your' god will allow sin why can't you?






From hughes at ah.com  Fri Jul 29 12:13:49 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 29 Jul 94 12:13:49 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <199407291749.KAA26655@meefun.autodesk.com>
Message-ID: <9407291841.AA03054@ah.com>


   A technical question about the proposed SKE schemes: are they a
   proper superset of non-escrowed pgp/ripem type systems

I'm not sure what you mean by superset, but I suspect that however you
interpret it, the answer is no.

   As a previous
   poster mentioned, users could select null or locally controlled key
   escrow agents, and effectively have a non-escrowed system. 

The system I've seen (Whit's recollection of Steve Walker's) did not
allow a cooperating party to interoperate with a non-cooperating
party.  In other words, both correspondents must comply with gov't key
surrender, or neither.

Matt or Whit can comment better, since they've seen it first hand.

Eric





From s009amf at discover.wright.edu  Fri Jul 29 12:17:59 1994
From: s009amf at discover.wright.edu (Aron Freed)
Date: Fri, 29 Jul 94 12:17:59 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <9407291748.AA20092@netmail2.microsoft.com>
Message-ID: <Pine.3.89.9407291528.C21944-0100000@discover>


On Fri, 29 Jul 1994, Blanc Weber wrote:

> From: Timothy C. May
> 
> "If Microsoft has never met with NIST/NSA or Denning or TIS on this matter,
> and was only pursuing SKE research on its own initiative, without any
> incentives or threats from the government, then I will withdraw my
> speculations and cheer Microsoft on."
> ...................................................
> 
> And then you can say:	Blanc was right all along;
> 			I really had nothing to worry about.
> 			Signed:  Tim C May
> 
> 
> "We need to see a public debate on software key escrow, regardless of
> Microsoft's involvement one way or another. And we shouldn't wait until the
> press conference is held to announce the program!"
> .......................................................
> 
> I would like to see more explanations on key escrow, myself.   To me, 
> the issue is control:  who gets it, who excercises it, who will try to 
> prevent an individual from their right to exert it.
> 
> How does the mere existence of a system of key escrow necessitate that 
> no one will ever again have the means to secure their privacy?   I do 
> understand the difference in the situation of an individual in a 
> corporate environment using a given software environment, vs the 
> individual at home with their own pc trying to access the internet & 
> send email.
> 
> But you all write code:  you have ideas on how to deal with this, right?
> 
> Do you think that having created a means to an end, that it will be 
> impossible to retain ownership and control of it?  In the present 
> political atmosphere, there are many ownership issues being threated.  
> The government's position is to take away the means to an end, thereby 
> preventing the whole problem of having to think about who has the right 
> to use it or not.
> 
> Do you think that preventing companies from implementing their own key 
> escrow schemes, this will eliminate the problem of having to fight with 
> the government over the keys?
> 
> Blanc

What is the difference if a big company subjects its employees to a 
key-escrow system or if the government does it with the people. If you 
think about it, the government could coerce the company into reading 
through information being passed back and forth....

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=







From Jacob.Levy at Eng.Sun.COM  Fri Jul 29 12:27:02 1994
From: Jacob.Levy at Eng.Sun.COM (Jacob Levy)
Date: Fri, 29 Jul 94 12:27:02 PDT
Subject: Q: Chaum style blind signatures?
Message-ID: <9407291929.AA21163@burgess.Eng.Sun.COM>



Could someone please explain what is a "Chaum style blind signature" and
how it can be used? I looked in all the FAQs on rtfm.mit.edu and could not
find anything about this.

Any help appreciated, --JYL

P.S. I've seen the term used in a document claiming these can be used for
     untraceable e-cash




From xentrac at cybele.unm.edu  Fri Jul 29 12:31:10 1994
From: xentrac at cybele.unm.edu (Kragen J. Sittler)
Date: Fri, 29 Jul 94 12:31:10 PDT
Subject: "Just say 'No' to key escrow."
In-Reply-To: <199407291732.KAA03851@netcom9.netcom.com>
Message-ID: <9407291929.AA09812@cybele.unm.edu>


Timothy C. May:
> We may be able to rally enough opposition this time around to make
> work on SKE an "unsocial" thing to do (Recall our strategy of making
> Clipper vendors corporate outcasts, with our "Big Brother Inside"
> approach?).

Um, how much good has this actually done?

Kragen




From blancw at microsoft.com  Fri Jul 29 12:41:31 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 12:41:31 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <9407291941.AA26399@netmail2.microsoft.com>


From: Timothy C. May

But what is the reason of the involvement of "law enforcement" and the
"intelligence community" in this matter? I refer you all to the
upcoming conference agenda, the involvement of NIST/NSA, TIS, Denning,
and FBI Director Louis Freeh. Look at the papers being presented at
the conference.

Any questions?
.............................................

If a system contains "protocols especially suited for eventual 
mandatory use", like SKE, does this of necessity mean that the 
developers intended that it should become part of a nationally-mandated 
open avenue to spying on anyone who uses it?

Blanc





From fhalper at pilot.njin.net  Fri Jul 29 12:47:59 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Fri, 29 Jul 94 12:47:59 PDT
Subject: Penet
Message-ID: <9407291947.AA06982@pilot.njin.net>


I was away for a while, could someone fill me in on exactly what happened invo
-olving penet?
Thanks,
Reuben Halper





From blancw at microsoft.com  Fri Jul 29 12:48:39 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 12:48:39 PDT
Subject: No SKE in Daytona and other goodies
Message-ID: <9407291948.AA26680@netmail2.microsoft.com>


From: Aron Freed

What is the difference if a big company subjects its employees to a
key-escrow system or if the government does it with the people. If you
think about it, the government could coerce the company into reading
through information being passed back and forth....
.................................................

With a private company, you can negotiate with the owners, or leave.
With the government, you have no choice.
If the governors decide to coerce a company into complicity with 
surveillance over internal correspondence, it can do this anyway by 
other means  - that is, it can get access over any material it deems 
necessary for "legitimate law enforcement needs", even hard-copy files.

The desire for absolute control isn't limited to governments, and it 
doesn't originate in the institution, but in the psychology of the beholder.

Blanc







From blancw at microsoft.com  Fri Jul 29 12:56:11 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 12:56:11 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <9407291954.AA26955@netmail2.microsoft.com>


From: Timothy C. May

I don't proprose to "prevent" any company from exploring key escrow. I
just don't see why law enforcement, intelligence agencies, etc. have
anything to do with this, and I am very worried by the arguments I
hear about "legitimate needs of law enforcement" and "export laws."
.....................................................

So what about this statement you made earlier:
>
>Putting Microsoft's feet to the fire, getting them to commit to *not*
>including any form of software-based key escrow in any future releases
>of Windows (Chicago or Daytona) could be a concrete step in the right
>direction. Ditto for Apple.
>
>I'm sure we can think of other steps to help derail widespread
>deployment of this infrastructure.


I have the same concerns, I just don't see how it would be possible to 
cause a company to "commit" itself to not doing this, i.e. preventing 
the company from including SKE in its products.

Blanc.
	





From pierre at shell.portal.com  Fri Jul 29 13:10:24 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Fri, 29 Jul 94 13:10:24 PDT
Subject: NYET and international data services
Message-ID: <199407292009.NAA12269@jobe.shell.portal.com>


Eric Hughes remarks:

> Even in the NYET proposal were implemented, it wouldn't accomplish
> it's own objectives.  [...] international data services,
> [...] would provide an end run around any attempt at censorship.

Right, clearly, and I would add national underground links that would
appear if such regulation was implemented. I'm always amazed when
people think for even one second that effectually
regulating an internet based on the existing protocols is possible.
In particular, the existing internet has enough redundancy and activists
to keep it going, legal hassles or not.

Unfortunately, what is just as clearly (to me :-) possible, is an ATTEMPT
at regulation, with its accompanying enforcement effort, no matter how
ludicrous. With this would come the same waste in good will, money,
lives, trust in the goverenment, and trust in fellow citizens that came
from the previous attempts at regulating alcohol, drugs, taxes and
intellectual property to cite only the most blatant examples.

If legal and corporate bullies make it difficult to run key servers in
the US, use the ones that run outside. Same for anonymous remailers. Same
for erotic or pornographic picture servers. Same for erotic texts,
the other way around from Canada or, say, Islamic countries: You can
run these with little hassle in the US (although it's certainly not
the best place to do so). The same thing for intellectual property laws:
not all countries have the same copyright, patent or trademark laws.
And if you are in France and want to run English language services,
do it from the US, or England, or Finland, or Germany, or ... :-(
And why would a networked bank stay in the US once the bugs are ironed
out, or even before that for that matter?  In fact, even US law
enforcement people are reported to be doing that currently from the
US, using foreign companies to collate data on US residents that they
are forbidden from collating in the US (sorry, reference not handy).

Recently, TV crews were shocked, simply shocked to discover that you
could access from the US "disgusting pictures" stored on a Danish
computer <shrug>.

Unfortunately for the US subscribers to this list, as things stand,
there are very few reasons to run any kind of internet businesses
from the US, apart from current physical location of the principals.
I predict many of the less employee-intensive ones will simply
emigrate.

I fully understand that it's easier to run the software from a local
site, with physical oversight, but you should balance the legal
hacking necessary with the programing hacking. Really, in many cases
a foreign site in a country where the activity is legal would mean
much fewer hassles, and added peace of mind (notwithstanding the
ironically similar tendencies of Israel, certain Islamic states, and
the US to want to prosecute foreigners for activities performed in
foreign countries...)

Give up on your reluctance with dealing with foreign countries, and
don't give yourselves more headaches than necessary.

> I have, in fact, considered putting up just such a service in
> Tiajuana, right across the border from San Diego.  I might even be
> able to use radio or laser links to cross the border, and not even
> deal with international telecom arrangements.  Someone wants a non-US
> web page?  I could sell them one.  They don't tell me their name, and
> I can't tell anyone else.  If someone is offended, they get to sue in
> Mexican court.

I'd encourage people who are aware of foreigner-friendly and privacy-
aware internet access systems, suitable for such legal or financial
arbitraging to post pointers to this list. They are relevant because
of the privacy aspects, the use for setting up key-servers, banks,
reputation systems, and whatnots, and the cryptographic aspects of
maintaining businesses through mostly remote access.

(French, US permanent resident... aaAAAaarrRRRrrggGGgghhHHhhhh ;-)
Pierre.
pierre at shell.portal.com





From Eric_Weaver at avtc.sel.sony.com  Fri Jul 29 13:17:07 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 29 Jul 94 13:17:07 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <Pine.3.89.9407291528.C21944-0100000@discover>
Message-ID: <9407292014.AA07120@sosfc.avtc.sel.sony.com>


   Date: Fri, 29 Jul 1994 15:16:47 -0400 (EDT)
   From: Aron Freed <s009amf at discover.wright.edu>

   What is the difference if a big company subjects its employees to a 
   key-escrow system or if the government does it with the people. If you 
   think about it, the government could coerce the company into reading 
   through information being passed back and forth....

Employees have the option of not sending personal information through
the company system, instead using a service they hire themselves.  The
people, if subjected to key-escrow in their private communications,
would only have the option of not sending the information via
electronic means if they wanted said info to be out of the range of
snoops.

The government should NOT be viewed similarly to an employer in its
relationship with citizens.  Employees are free to quit and make their
income some other way.





From paul at poboy.b17c.ingr.com  Fri Jul 29 13:34:52 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Fri, 29 Jul 94 13:34:52 PDT
Subject: FW: No SKE in Daytona and other goodies
In-Reply-To: <9407291941.AA26399@netmail2.microsoft.com>
Message-ID: <199407292032.AA11586@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> If a system contains "protocols especially suited for eventual 
> mandatory use", like SKE, does this of necessity mean that the 
> developers intended that it should become part of a nationally-mandated 
> open avenue to spying on anyone who uses it?

No, but (Cliche Alert) the road to key escrow is paved with good
intentions. IMHO the developers who might actually be working on
implementations of this scheme either
	a) don't know that it _could easily_ "become part of
	   a nationally-mandated open avenue to spying,"
	b) know but don't think such developments are likely, or
	c) know and don't care.

Clearly education is a powerful antidote to cases a) and b)

- -Paul

- -- 
Paul Robichaux, KD4JZG      | "Information is the currency of democracy."
perobich at ingr.com           |     - some old guy named Thomas Jefferson
	       Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjlnc6fb4pLe9tolAQEL5gP/VNTciCCZNEQm5o99ynHYmXJFnOYt3QuP
30do0DZMxIyjYh6PwiyXbpIn2odqqGqy1pt1b+12+s24bEAcRI2tm86bZH5ebwU2
7nZvu8MedmMHp8PNy9ihlXWtUwDDTK1TPK4DmBOZPcvHN5F8sdQcqq6lSqELIBcA
NrM2P47zMGw=
=8yyv
-----END PGP SIGNATURE-----





From Eric_Weaver at avtc.sel.sony.com  Fri Jul 29 13:36:54 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 29 Jul 94 13:36:54 PDT
Subject: FW: No SKE in Daytona and other goodies
In-Reply-To: <9407291941.AA26399@netmail2.microsoft.com>
Message-ID: <9407292036.AA07392@sosfc.avtc.sel.sony.com>


   From: Blanc Weber <blancw at microsoft.com>
   Date: Fri, 29 Jul 94 12:34:14 PDT

   From: Timothy C. May

   But what is the reason of the involvement of "law enforcement" and the
   "intelligence community" in this matter? I refer you all to the
   upcoming conference agenda, the involvement of NIST/NSA, TIS, Denning,
   and FBI Director Louis Freeh. Look at the papers being presented at
   the conference.

   Any questions?
   .............................................

   If a system contains "protocols especially suited for eventual 
   mandatory use", like SKE, does this of necessity mean that the 
   developers intended that it should become part of a nationally-mandated 
   open avenue to spying on anyone who uses it?

Not of necessity.  (One senses some bottom-covering here...)

It DOES of necessity mean that they are, wittingly or unwittingly,
contributing to opening the avenue.  It is incumbent upon us to make
them aware of that contribution, so that their consciences may be
tortured thereby.

If in fact they have any.





From tcmay at netcom.com  Fri Jul 29 13:42:09 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 13:42:09 PDT
Subject: "Just say 'No' to key escrow."
In-Reply-To: <9407291929.AA09812@cybele.unm.edu>
Message-ID: <199407292040.NAA22401@netcom9.netcom.com>


> 
> Timothy C. May:
> > We may be able to rally enough opposition this time around to make
> > work on SKE an "unsocial" thing to do (Recall our strategy of making
> > Clipper vendors corporate outcasts, with our "Big Brother Inside"
> > approach?).
> 
> Um, how much good has this actually done?
> 
> Kragen

I'd say it's pretty obvious, from the many articles, editorials, etc.
against Clipper. Cypherpunks were by no means the only, or even the
dominant, factor. Many factors were involved.

Clipper became a national joke, with 80% of polled Americans against
it. And corporations were loathe to associate themselves with it,
especially after the initial, highly-negative reaction.

A campaign of ridicule is often effective.

If and when Microsoft unveils government-friendly key escrow, I expect
we'll be ready with some nice slogans...I know I will!


--Tim May, coiner of "Big Brother Inside" and other slogans.


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mab at crypto.com  Fri Jul 29 13:42:51 1994
From: mab at crypto.com (Matt Blaze)
Date: Fri, 29 Jul 94 13:42:51 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <9407291841.AA03054@ah.com>
Message-ID: <199407292048.QAA20091@crypto.com>



>   A technical question about the proposed SKE schemes: are they a
>   proper superset of non-escrowed pgp/ripem type systems
>
>I'm not sure what you mean by superset, but I suspect that however you
>interpret it, the answer is no.
>
>   As a previous
>   poster mentioned, users could select null or locally controlled key
>   escrow agents, and effectively have a non-escrowed system. 
>
>The system I've seen (Whit's recollection of Steve Walker's) did not
>allow a cooperating party to interoperate with a non-cooperating
>party.  In other words, both correspondents must comply with gov't key
>surrender, or neither.
>
>Matt or Whit can comment better, since they've seen it first hand.
>
>Eric

I just looked over the viewgraphs from the Karlshrue meeting; short of
breaking the signature scheme used to certify the "package instance"
public escrow key, there doesn;t appear to be any unilaterial action that
one party can take to interoperate with a "legal" recipient without
escrow.

Others have pointed out, however, that you can re-use other people's
public escrow keys (that you learned, for example, by communicating with
them) to thwart traffic analysis.  Of course, traffic analysis is not
one of the stated requirements of the system anyway.

Also, the TIS proposal involves "software" tamper resistance in the form
of code checksums that the verified at run time.  This is intended to
discourage bi-laterial escrow circumvention.  Of course, any software-
only scheme can be thwarted, but patches to disable it may be a bit
involved, depending on how well obfuscated the code is.

-matt





From jeffb at sware.com  Fri Jul 29 13:45:38 1994
From: jeffb at sware.com (Jeff Barber)
Date: Fri, 29 Jul 94 13:45:38 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <9407291948.AA26680@netmail2.microsoft.com>
Message-ID: <9407292044.AA29437@wombat.sware.com>


> What is the difference if a big company subjects its employees to a
> key-escrow system or if the government does it with the people. If you
> think about it, the government could coerce the company into reading
> through information being passed back and forth....
> .................................................
> 
> With a private company, you can negotiate with the owners, or leave.
> With the government, you have no choice.


There is an additional difference which I believe has been implicit in
most of the discussion on this issue:  When we talk about a company
escrowing the keys of its employees, we mean the company escrows the keys
of encrypted communications used *for company business and on "company
time"*, not necessarily all keys utilized for all communications by the
employees.  I suppose a company could try to restrict its employees further,
but as Blanc notes, you can leave the company a lot easier than you can
leave the country.


-- Jeff




From paul at poboy.b17c.ingr.com  Fri Jul 29 13:53:57 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Fri, 29 Jul 94 13:53:57 PDT
Subject: FW: No SKE in Daytona and other goodies
In-Reply-To: <9407291954.AA26955@netmail2.microsoft.com>
Message-ID: <199407292050.AA11754@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> I have the same concerns, I just don't see how it would be possible to 
> cause a company to "commit" itself to not doing this, i.e. preventing 
> the company from including SKE in its products.

The same way companies have been made to commit not to kill dolphins,
or test products on animals, or give to Planned Parenthood: organized
public pressure, combined with threatened or actual negative
publicity.

Boycotts, letter-writing campaigns, and the like have worked wonders
for organizations ranging from the religious right to the ultraliberal
left. I see no reason to doubt that they could be brought to bear
here.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | "Information is the currency of democracy."
perobich at ingr.com           |     - some old guy named Thomas Jefferson
	       Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjlq66fb4pLe9tolAQFRPAQAyQZ/RwMogHw7RHd/wMUtG5fB0mDsNGvx
SsgMcSBreX2Nzx6QChXGXGsH3IuIHqiMin2jm1qqCBWp9yLIgB/Sbjb0mmU/vzF8
oBjJRBzUkbQ2+X/EkuQCCplanbjl8uxUrvWz12WTG+ilHfGtVhvCYU0/eRVZzmn6
kUJaBZrzqsA=
=Ovnv
-----END PGP SIGNATURE-----





From blancw at microsoft.com  Fri Jul 29 14:05:49 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 14:05:49 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <9407292105.AA29978@netmail2.microsoft.com>


From: Paul Robichaux

The same way companies have been made to commit not to kill dolphins,
or test products on animals, or give to Planned Parenthood: organized
public pressure, combined with threatened or actual negative
publicity.
..........................................

You could also, like the Luddites, pressure the inventors of computers 
not to make any more of these new-fangled, fearsome things.  Because 
you just *know* what they'll be used for, once they develop some 
database "features" and make it possible to send messages anonymously.

Blanc

(And, for clarity, I'm reminded that I ought to put a disclaimer in my 
signature about my address:
I don't any express any "official" opinions from Microsoft; I just like 
to argue on cypherpunks.)





From jim at bilbo.suite.com  Fri Jul 29 14:13:27 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Fri, 29 Jul 94 14:13:27 PDT
Subject: AA BBS sysops found guilty
Message-ID: <9407292112.AA11348@bilbo.suite.com>



The list is currently discussing use end-point filtering vs source-point  
filtering vs total Net-filtering to control access to various  
Net-material.  Well...

I read in the paper today that the sysops who run the AA BBS were found  
guilty of distributing pornography.  For those of you who are not familiar  
with the case, the AA BBS is an adult BBS residing in California.  A  
Memphis TN postal inspector signed on to the BBS under a false name and  
downloaded erotic material to his computer in Tennessee.  For various  
reasons I cannot fathom, the Californian sysops were dragged into a  
Tennessee count, tried by a Tennessee jury, and found guilty.

It is my understanding that the AA BBS sysops try to verify the  
"adultness" of their subscribers.  It didn't help them in this case.   
"Adultness" wasn't the issue.  "Accessible from Tennessee" was the issue.   
It seems that the stuff on the AA BBS was legal for California, but  
considered illegal pornography in Tennessee.

What I wonder is why the postal inspector wasn't charged with anything  
(well, actually I don't wonder, the question is rhetorical).  Unless I'm  
wrong, it was the postal inspector's actions that caused the erotic  
material to be downloaded from California to Tennessee.  All the BBS  
sysops did was make the stuff available via a dialup BBS.  It's not as if  
the BBS sysops personally took the time and effort to physically mail the  
stuff to Tennessee.  Is it valid to call an end-point initiated download  
an "act of distribution" on the part of the BBS operators?  Apparently it  
does.

What is the point I'm trying make?  Well, the list is currently discussing  
the benefits of end-point filtering to keep "bad stuff" from getting into  
"good homes".  Of course, this implies the "bad stuff" is out there  
somewhere waiting to be downloaded.  If this Tennessee verdict holds, just  
putting "bad stuff" stuff out there will become a crime, regardless of  
where in the US you put it.

"If you upload it, they will come!  (and get you)"

I'm hoping this case will get overturned on appeal to the US Supreme  
Court.  However, even that could be a mixed blessing depending on the  
wording of the SC decision.  At best, the SC decision could include  
language says that persons downloading information are responsible for  
ensuring that the material is not in violation of local laws.  At worst,  
the SC could say that the operators of information systems are responsible  
for insuring material is not made available to persons in certain regions,  
if the material violates laws in those regions.  In either case, there is  
an implied assumption that the material is somehow conveniently rated  
and/or categorized.  This sets the stage for government sponsored rating  
systems, and the bureaucracies to enforce them.


Jim_Miller at suite.com






From mpd at netcom.com  Fri Jul 29 14:17:43 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 29 Jul 94 14:17:43 PDT
Subject: Q: Chaum style blind signatures?
In-Reply-To: <9407291929.AA21163@burgess.Eng.Sun.COM>
Message-ID: <199407292058.NAA01975@netcom11.netcom.com>


Jacob.Levy at Eng.Sun.COM (Jacob Levy) writes:

 > Could someone please explain what is a "Chaum style blind
 > signature" and how it can be used? I looked in all the FAQs
 > on rtfm.mit.edu and could not find anything about this.

 > P.S. I've seen the term used in a document claiming these
 > can be used for untraceable e-cash

Given a pair of RSA keys (e,n) and (d,n), the owner may sign a
number x by computing x^d mod n using his private key.  In real
life, x usually consists of a message digest and a small amount
of constant information.  This prevents the product of two
signatures from also being a valid signature.  Anyone may verify
a signature by performing a similar operation using the public
key and recovering x.

Blind signatures allow you to obtain a signature from someone
without disclosing to them what they are signing.  You pick a
random number r and ask the signer to sign x*r^e mod n.  Since r
is arbitrary, this tells the signer nothing about the value of x.

When the signer gives you back r*x^d mod n, you simply multiply
by the multiplicative inverse of r mod n to obtain x^d mod n, the
signed message.  The signer still has no idea what he has signed
and cannot recognize it later if he sees it.

This allows untraceable digital cash, since the bank can sign new
notes for customers that it cannot later recognize.  It has other
interesting uses as well.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From cactus at bb.com  Fri Jul 29 14:32:37 1994
From: cactus at bb.com (L. Todd Masco)
Date: Fri, 29 Jul 94 14:32:37 PDT
Subject: Suggestion...
Message-ID: <199407292137.RAA00380@bb.com>



Julf, why don't you give out random ID numbers rather than sequential?
 It wouldn't have stopped this attack, but it is a little more secure.
--
L. Todd Masco  |  Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | "Information wants to be free, but authors want to be paid."






From tcmay at netcom.com  Fri Jul 29 15:02:55 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 15:02:55 PDT
Subject: FW: No SKE in Daytona and other goodies
In-Reply-To: <199407292032.AA11586@poboy.b17c.ingr.com>
Message-ID: <199407292202.PAA22086@netcom3.netcom.com>


Paul Robichaux writes:

> No, but (Cliche Alert) the road to key escrow is paved with good
> intentions. IMHO the developers who might actually be working on
> implementations of this scheme either
> 	a) don't know that it _could easily_ "become part of
> 	   a nationally-mandated open avenue to spying,"
> 	b) know but don't think such developments are likely, or
> 	c) know and don't care.
> 
> Clearly education is a powerful antidote to cases a) and b)

To this can be added an obvious fourth possibility:

        d) know and care, but have a paycheck to earn and a career
           to think about.

I think many people working for companies developing unsavory products
find reasonse not to quit in rigtheous indignation.

In fact, we could add more possibilities:

         e) know and care, but think it best to "work from within"
 
         f) know and care, but also know that company will just assign
            others to same job

And so forth.

The may also know and care, but think the dangers are being
overstated, or that "that's not my department" ("says Klaus! von
Bomb"?)

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From wcs at anchor.ho.att.com  Fri Jul 29 15:35:01 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 29 Jul 94 15:35:01 PDT
Subject: No SKE in Daytona and other goodies
Message-ID: <9407292231.AA14740@anchor.ho.att.com>



>    Date: Fri, 29 Jul 1994 15:16:47 -0400 (EDT)
>    From: Aron Freed <s009amf at discover.wright.edu>
> 
>    What is the difference if a big company subjects its employees to a 
>    key-escrow system or if the government does it with the people. If you 
>    think about it, the government could coerce the company into reading 
>    through information being passed back and forth....

[ good replies by Eric Weaver and Blanc Webber, deleted. ]
I'd further add that there *are* reasons for a business to use escrow,
[and I'm using the term "escrow" correctly here, as opposed to the government's
use when referring to master-key systems imposed by a third party rather than
information given to a neutral third party by the principals of a contract.]

For instance, a business may want to keep records of communications with other
businesses, such as purchase orders, electronic payments, etc.
but may want to send the communications encrypted.  
Escrowing keys and encrypted messages is one way to provide for later dispute
resolution.  Maybe not the best, but it can be useful.
(A digital signature by the recipient of a hash of the message is another.)

Escrowing passwords can also be a reasonable business practice - 
you *don't* want to have your business records become unavailable
if the system administrator gets hit by a bus, and you'd really rather not
have your corporate encrypted mail gateway become unusable if the 
passphrase is lost.  Again, escrow is one possible technique,
though escrow on a per-message basis isn't the best for these applications.

When I bought my house, the down payment to the sellers went into escrow
until we concluded the contract, as insurance for them that I wouldn't back out.

Eric Weaver writes:
> The government should NOT be viewed similarly to an employer in its
> relationship with citizens.  Employees are free to quit and make their
> income some other way.
 
It should, however, be viewed similarly to an _employee_, which it is.
On the other hand, when you quit your job, you don't have to leave town;
you just find another job if there is one, or maybe start your own business.
Even if we viewed governments similarly to employers, this approach would
encourage them to keep their employees happy - otherwise, we'd quit
working for the Yankees, and either go armadillo or join the North American
Self-Defense Cooperative or the Quaker Aikido League.

		Bill





From jrochkin at cs.oberlin.edu  Fri Jul 29 16:11:09 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 29 Jul 94 16:11:09 PDT
Subject: Just say NYET to kneejerking
Message-ID: <199407292310.TAA01489@cs.oberlin.edu>


*****
2- The censorship that I advance is censorship _by parents_ _for their own
   children_.  Only.  
 
   People have talked about cable boxxes and telephones.  Are you not aware
   that many cable companies offer boxes with a (physical) key that must be
   present in order for certain channels to come through?  That the phone
   companies currently allow customers to disallow outgoing 900 calls?  My
   idea is to implement a net-equivalent system--household by household
   determination of what will be allowed into their homes.
 *****
 
There is a difference between mandating and offering. Between allowing and 
requring. If there were cable companies which _forced_ people to use
boxes of that sort, and phone companies which _required_ customers
to disallow 900 calls, your analogy might be closer. And most of us would
probably be in fierce opposition to those systems too.
 
I'll echo what other people have said: you are perfectly free to set up
a system which only gives accounts to children if their parents get a
"overseeing" account too. No one here will mind at all, I dont' think.
People will mind if you require all systems to behave that way.
It's the difference between offering a service and requiring people
to be censors. I'm not sure why you don't see the distinction here.





From jim at bilbo.suite.com  Fri Jul 29 16:38:54 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Fri, 29 Jul 94 16:38:54 PDT
Subject: AA BBS sysops found guilty
Message-ID: <9407292336.AA13690@bilbo.suite.com>



> > At best, the SC decision could include language says that
> > persons downloading information are responsible for
> > ensuring that the material is not in violation of local
> > laws.  At worst, the SC could say that the operators of
> > information systems are responsible for insuring
> > material is not made available to persons in certain
> > regions, if the material violates laws in those regions.
> > 

> 

> And both are similarly unreasonnable: At best, how do you
> know for sure before you download,

Exactly what I fear most from this case.  In order to assist users, sysops  
may be required to rate and/or categorize all downloadable material using  
a rating scale or list of categories determined by some governing body  
(FCC?).  If the sysops do not following the guidelines, then they can be  
considered participants in the distribution of "bad stuff" to "good  
places".


> and at worst, are you supposed to know the law for all
> countries, states, counties and cities with access to
> Internet and connected networks when even an attorney
> cannot possibly know the law for a single state?
> 


I think "At worst" is not very likely, for the reasons you state.  That's  
why I worry more about "At best".

I think the only real good outcome would be that the verdict is overturned  
because of some technicality, preventing the case from becoming some kind  
of landmark.  However, this would only delay things until the next case.


Jim_Miller at suite.com






From cmckie at ccs.carleton.ca  Fri Jul 29 16:44:17 1994
From: cmckie at ccs.carleton.ca (Craig McKie)
Date: Fri, 29 Jul 94 16:44:17 PDT
Subject: Keyword voice searching
Message-ID: <9407292343.AA13728@superior.ccs.carleton.ca.YP.nobel>


Does anyone have access to the original article? The author is unnamed
in this version. One would wonder who the "congressional and other
sources" are as well.

 =============
Ottawa Citizen Friday July 29 1994 A9

Key words trigger U.S. security system

Seattle Times

WASHINGTON - Dozens of words, including "bomb", "assassination" and
"terrorist," apparently can trigger a recording device used by the
National Security Agency to monitor phone calls between the U.S. and
foreign countries.
          So say congressional and other sources who have been offered
a glimpse of the agency's secretive electronic intelligence gathering.
There is surveillance equipment, referred to simply as the big vacuum
cleaner, said to be capable of sweeping up conversations in the air,
recording them and then searching for words that might indicate some
hostile action against this country.
          In his book The Puzzle Palace, author James Bamford contends
the agency operates a worldwide network that can eavesdrop on almost
every phone conversation in the world.
          The agency has denied it has such broad capabilities.









From rjc at powermail.com  Fri Jul 29 17:06:13 1994
From: rjc at powermail.com (Ray)
Date: Fri, 29 Jul 94 17:06:13 PDT
Subject: penet spoofs
Message-ID: <199407290246.WAA00369@powermail.com>



  Yours truly has been stung. Someone used rjc at powermail.com to create
a penet address. Since I have never used that address to post
anywhere else except cypherpunks, the spoofer is probably on
cypherpunks. I thought it might have been caused by a penet'er
being subscribed to cypherpunks but a similar thing did not
happen to my other accounts.

-Ray






From blancw at microsoft.com  Fri Jul 29 17:59:15 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 17:59:15 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <9407300059.AA08692@netmail2.microsoft.com>


From: Paul Robichaux

...... the road to key escrow is paved with good intentions.
IMHO the developers who might actually be working on
implementations of this scheme either
	a) don't know that it _could easily_ "become part of
	   a nationally-mandated open avenue to spying,"
	b) know but don't think such developments are likely, or
	c) know and don't care.

Clearly education is a powerful antidote to cases a) and b)
...................................................................... 
...................................

You're right:
How would you make clear the connection between key escrow (per se), 
the large context of liberty to pursue software strategies to solve 
customer problems, the and the individuals who find themselves in the middle?

What would you say is the critical, key focal point between the 
existence of a system of operation, and the way it is intended to be used?

And how would you get the educational message out to those involved?

Blanc

[Job-related Disclaimer:  Microsoft won't let me make "official" 
statements,  but they will allow for Superior Arguments.]


 





From adwestro at ouray.Denver.Colorado.EDU  Fri Jul 29 18:10:31 1994
From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope)
Date: Fri, 29 Jul 94 18:10:31 PDT
Subject: penet spoofs
In-Reply-To: <199407290246.WAA00369@powermail.com>
Message-ID: <7JQEkaa0iQlS069yn@ouray.denver.colorado.edu>



>   Yours truly has been stung. Someone used rjc at powermail.com to create
> a penet address. Since I have never used that address to post
> anywhere else except cypherpunks, the spoofer is probably on
> cypherpunks. I thought it might have been caused by a penet'er
> being subscribed to cypherpunks but a similar thing did not
> happen to my other accounts.

Me too, but I suspect the asshole just sent a 'who cypherpunks' request
to majordomo at toad.com.  I've stated that I think LD has an anon account
at nyx.cs.du.edu, where the list is set up as a newsgroup.  Anyway, can
someone point out the procedure for asking Julf to delete my account in
the way that's least painful for him?  I suspect he's overwhelmed with
such requests...:-(


Alan Westrope                  <awestrop at nyx.cs.du.edu>
__________/|-,                 <adwestro at ouray.denver.colorado.edu>
   (_)    \|-'                  PGP 2.6 public key: finger/servers
PGP 0xB8359639:  D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23





From gtoal at an-teallach.com  Fri Jul 29 18:14:33 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 29 Jul 94 18:14:33 PDT
Subject: "Just say 'No' to key escrow."
Message-ID: <199407300000.BAA01331@an-teallach.com>


: From: "Timothy C. May" <tcmay at netcom.com>

: Paul Robichaux writes:

: > No doubt. But what does the OS provider gain from including encryption
: > in the OS? At present, customers aren't demanding it. Why add SKE at
: > all when no one's asking for it?

: Ah, the exact question for us to be asking! "Why add SKE at all when
: no one's asking for it?" Indeed.

: Why the upcoming conference on key escrow? Why the representatives
: from Germany, Netherlands, France, etc.?

Because, as I mentioned before but I don't think people understood the
significance, Bill Gates is attempting to create a worldwide network
of about a hundred satellites.  You don't get to do that without
political assistance, and no way is the USG going to let Bill put those
birds up unless they control the technology to snoop on the entire net.

Putting SKE in all microsoft products is doubtless one (though unlikely
all) of the quid pro quos of getting a licence to put up the sky-based
comms network.

G





From tcmay at netcom.com  Fri Jul 29 18:32:38 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 18:32:38 PDT
Subject: Popular Front for the Liberation of Crypto
In-Reply-To: <9407292336.AA13690@bilbo.suite.com>
Message-ID: <199407300132.SAA25501@netcom2.netcom.com>




> I think the only real good outcome would be that the verdict is overturned  
> because of some technicality, preventing the case from becoming some kind  
> of landmark.  However, this would only delay things until the next case.
> 
> 
> Jim_Miller at suite.com

I was talking last Saturday to Keith Henson, at the
Extropians/Cypherpunks/PenSFA party at Eric Messick's geodesic dome in
the Santa Cruz Mountains (I wanted to give you folks the "ambience"),
and Keith had just flown back from Memphis, where he had been
assisting the defense on computer and ECPA matters (Electronic
Communications Privacy Act). Keith has been on our list, has attended
several meetings, and is well-known to many of us.

Anyway, Keith confirmed that *several more* cases are pending, and I
joked (gallows humor) that the Mormons would get them next. A few days
later, charges were filed in Salt Lake City.

Grim times in cyberspace. 

Perhaps folks who are more willing to "compromise" with the law
enforcement types can see why I'm so opposed to helping them hang us.

I'm in the "Rejectionist Front"--no escrow, no limits on key lengths,
no fealty to outmoded laws. Too many Cypherpunks are trying to arrange
"reasonable compromises," I fear.

Perhaps I should form a splinter group, the PFLC, the Popular Front
for the Liberation of Crypto. The PFLC would axiomatically reject the
crappy compromises with Al Gore on the NII, the upcoming "deal" on
Digital Telephony (a deal is being cut even now), and the deal on
escrowed key systems we've been talking about lately.

The solution to the AA BBS sorts of things will not come anytime soon,
and probably not through the courts. Full-blown remailers, moving
AA-type boards out of the Beknighted States, etc.

Feeling paranoid, 

--Tim May




-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From sidney at taurus.apple.com  Fri Jul 29 18:39:05 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 29 Jul 94 18:39:05 PDT
Subject: No Subject
Message-ID: <9407300138.AA12962@toad.com>


Excerpted from a NewsBytes article with the headline "Consumer Apps For
Electronic Fingerprint Reader":

 The Microreader can take an analog picture of a finger, convert the
 analog picture into a digital code, and store that code for
 matching. [...] the Microreader is being miniaturized and the
 price is being reduced from $1,500 to "substantially less than
 $100."

The article lists a bunch of possible applications involving verification
of identity and access control, incorporation in keyboards and cellular
telephones to secure them, etc. It does not mention any time frame for when
this device would actually hit the market or when the price would drop to
that $100 figure, so take it all with a grain of salt.

 -- sidney markowitz <sidney at apple.com>







From hkhenson at cup.portal.com  Fri Jul 29 18:52:14 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Fri, 29 Jul 94 18:52:14 PDT
Subject: article for cypherpunks
Message-ID: <9407291852.1.22724@cup.portal.com>

Tim, could you pass this on?  If not just can it.  thanks, keith
------
This is in reference to postings by Patrick May and Hal Finney on 
controlling what kids see on the net. 
 
My oldest daughters are mid 20s, the youngest is preteen.  The older 
ones were prodigious and early readers.  When they were growing up the 
house was full of Penthouse or worse (we rented rooms to university 
students) and they had free access to a large collection of the 
*worst* of the underground comics, stuff by R. Crum and S. Clay 
Wilson.  If you have never see these, perhaps one title, _Captain 
Pissgums and his Pervert Pirates_ will give you the flavor.  They read 
*all* of them, plus all of my old collection of Mad Magazines, many SF  
books, and during those years I read them the Tolkien books--twice.   
We did not have TV for most of those years, so they did a lot more  
reading than the average kids.  At the time (early to mid 70s) it  
never occurred to me to try to control what they were reading.  
 
They turned out fine, I consider them responsible adults.  However,  
there is one story from those days which shows that they *were*  
influenced by such an environment.  Once on their way home from grade  
school (5th and 3rd I think), they were accosted by a flasher.  Now,  
they *knew* about flashers--from the comic books.  Was this a traumatic  
experience to find one in (so to speak) the flesh?  Nope.  I found out  
about it when I heard them grousing that the flasher had bugged out  
when they asked him to stay while they rounded up a bunch of their  
friends to see the flasher! 
 
If parents want to *try* to keep their kids away from certain material  
on or off the nets, I don't have a problem with that.  But as far as I  
have ever been able to determine, there is not much point in doing so. 
 
I asked Tim to post this for me because at the moment I don't need any  
more problems :)


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From shamrock at netcom.com  Fri Jul 29 18:58:09 1994
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 29 Jul 94 18:58:09 PDT
Subject: NYET to censors, REPOST
Message-ID: <199407300158.SAA17384@netcom7.netcom.com>


Graham wrote about the NYET proposal:

>I see a lot of call here for legislation and government control.
>
>Keep your fucking religion out of my face, Zook.  If you want
>censored-kiddynet, create your own one privately out of funds
>donated by Good Christians, but take your state control and
>stuff it where ypu stuff your crucifix.
>

Amen, amem.

The christian right is attempting to keep their children in ignorance to
minimize the effort it takes to brainwash them. I shall not rest posting on
the Net until those children ask their parents:

"Daddy, do you know how to perform a genuine French duck fuck?"
"Gasp!"
"Well, we do. Would you like to know?"

-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From tcmay at netcom.com  Fri Jul 29 19:00:12 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 19:00:12 PDT
Subject: article for cypherpunks (fwd)
Message-ID: <199407300200.TAA28554@netcom2.netcom.com>


Irony of ironies! Keith Henson, who I was just minutes ago writing
about, just asked me to forward an article to the CP list. 

--Tim


Forwarded message:


From nobody at kaiwan.com  Fri Jul 29 19:01:24 1994
From: nobody at kaiwan.com (Anonymous)
Date: Fri, 29 Jul 94 19:01:24 PDT
Subject: Attempted Compromise of anon.penet.fi Server?
Message-ID: <199407300200.TAA02127@kaiwan.kaiwan.com>



-----BEGIN PGP SIGNED MESSAGE-----

A number of postings to the alt.test Usenet newsgroup from 
pseudonymous accounts at anon.penet.fi have recently been 
reported.  Correspondingly, a number of people have received 
email from that server indicating that an unsolicited 
pseudonymous account and ID and have been established for them at 
that server.

Assuming no actual compromise of the anon.penet.fi database 
itself, this attack could serve a number of purposes.  Let's 
assume that an attacker had obtained the Cypherpunks mailing 
list, perhaps merged with a listing of all posters to sci.crypt, 
alt.security.pgp, alt.politics.org.nsa, etc. and, forging a 
message from each member, attempted to create a new pseudonymous 
account at the anon.penet.fi server for each one.  Likely motives 
for, and outcomes from this attack are:

SCENARIO #1:

Attempting to assign a new anon account to a person by posting to 
alt.test.  Each failure would indicate that the address owner 
already possessed a password-protected anon ID there.  This 
information could prove potentially "useful", I suppose.  For 
example, a list of names of anon forwarder users could be 
collected for "special treatment" later, possibly a "sting" 
operation of some sort, it would also net a few people whose only 
use of anon.penet.fi was merely REPLYING to another's 
pseudonymous address, which also results in the allocation of a 
new ID.  See Scenario #4 for further speculation.

SCENARIO #2:

Attempting to create such an account and SUCCEEDING would now 
match up the user ID with the new account number.  Any future 
posts via this account could then be easily cross-referenced back 
to the source.  Any account thus created, as evidenced by a 
"welcome" message from anon.penet.fi, should probably NOT be 
used, at least where anonymity was needed.

SCENARIO #3:

If the new accounts were password-protected by the forger, and 
the passwords NOT revealed to the putative "owners", the result 
would be a "denial of service".  Has anyone received a message 
that an unsolicited new account has also been password 
"protected"?  (Scenarios #2 and #3 are mutually exclusive, BTW.)

SCENARIO #4:

The most serious of all is the possibility of a "barium attack".  
A special "coded", but seemingly innocuous, message could be sent 
to each email address identified in Scenario #1.  If the person 
replies, he/she has just blown his/her anonymous cover, and any 
previous (or future) postings/correspondence using that ID are 
then traceable back to the source.  Needless to say, anyone who 
has a pseudonymous ID at anon.penet.fi that he/she would like to 
keep secret should be EXTREMELY careful in responding to any 
messages coming through that server.  The most likely means of 
accomplishing this attack is through the Subject: header, since 
many people reply to messages and keep the original subject, 
prefixing it with "RE: ".  If I send messages to Alice, Bob, and 
Charlie via anon.penet.fi, using a slightly different Subject: 
line for each, then a reply containing that Subject: line will 
link the pseudonymous return address on the reply with the 
recipient of the original message.

The source of this attack could be either a TLA (three-letter 
agency, such as NSA, FBI, CIA, etc.), some hacker, or even the 
infamous Larry Detweiler.  I cite the "TLA" option since a number 
of messages have been posted to various newsgroups via 
anon.penet.fi that seemingly violate Federal law.  At first 
glance the attack would seem to have been executed in a somewhat 
clumsy fashion, particularly the posting of public messages with 
the text "I am John Doe", or whatever.  OTOH, given the 
inevitable "welcome" message from anon.penet.fi to the "holders" 
of the newly assigned IDs, such "clumsiness" could also be 
designed to make a sophisticated attack look amateurish to 
disguise the motives and capabilities of the attacker(s).  Or, 
this whole thing could be an attempt to achieve "Death to 
Blacknet" by undermining user confidence in the anon servers by 
spreading "fear, uncertainty, and doubt".

QUESTION: Has anyone with a previously existing, 
password-protected identity at anon.penet.fi received an "invalid 
password" message recently, even though no attempts to send mail 
through the server had been made?  If not, then that's a bad sign 
because it might indicate that password protection has somehow 
been curcumvented by the attacker.

 -- Diogenes - a registered pseudonym.
    PGP key (ID# D1150D49) available through PGP Public Key Servers

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjmja+Rsd2rRFQ1JAQExTAP6A4kTUwufW05Bx5Mznz3AkjDKuP18K5/P
FhZT3LEed2j8x1fxFbwmNdkUnHVsxf+pvA0cfmQQV68CY9R0BIkPEUmf59wMAlZ4
vr6kei5nNw6WFb8W3ihk7GhqynTuIZjGCHdPXP/IaZKcxGx0tdTB2A1A74eVYBB3
yRWrSTbSEbc=
=7yi1
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Fri Jul 29 19:32:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 29 Jul 94 19:32:08 PDT
Subject: Truly Voluntary Software Key Escrow
In-Reply-To: <9407300059.AA08692@netmail2.microsoft.com>
Message-ID: <199407300231.TAA03731@netcom2.netcom.com>


Blanc Weber writes:

> What would you say is the critical, key focal point between the 
> existence of a system of operation, and the way it is intended to be used?
> 
> And how would you get the educational message out to those involved?

I know I've written too much today--I'll try to take a few days off
once SKE thing blows over (blows over for _now_, since it is likely to
be with us for years).

But Blanc asks a concrete question that actually has a very simple
answer.

First, the nature of the TIS-developed SKE system needs to be further
examined. But from my recollection of what Diffie told us about it,
and what Matt Blaze has told us about it, the most dangerous aspect of
a government-friendly SKE system is that government(s) will license,
authorize, regulate, or control escrow agents.

That is, entities that are "escrow agents" might have to pay a $500
yearly fee (like gun dealers), meet certain requirements, file
paperwork, be subject to audits of records, etc. In fact, this sort of
thing seems consistent with what foreign governments are almost
certain to require of SKE.

Here's the catch: a purely voluntary system, such as Joe's Accounting
or Cypherpunks 'R Us might want to use would allow several
easily-selectable options:

- no escrow at all....flip a switch, and escrow is bypassed completely

(after all, if "key escrow" is purely voluntary, and is driven by
customer demands, then the default option would be "no escrow")

- escrow sites can be arbitrary (or even dev/null bit buckets)

(again, if driven by customer demands, no licensing, no regulation,
etc. Escrow sites could just be disk drives on the LAN, for example.)

So the answer to Blanc's question is clear:

> What would you say is the critical, key focal point between the
> existence of a system of operation, and the way it is intended to be
used?

Answer: A voluntary escrow system shall have no requirements that it
must be used, no limitation on the nature or form of the escrow sites,
and no requirements whatsover for licensing, auditing, regulations,
inspection, or control of escrow sites. Escrow sites could be one's
mother, one's neighbor, or even one's own system. Or none at all.

And no SKE system should communicate to others, in special fields or
elsewhere, whether escrow is being used, who or what the escrow sites
are, etc. (Again, a truly voluntary system should not have any such
hooks in it. When I make backups of my data, I don't have to signal to
the outside world what format, where, etc. 

Key escrow for added security should be "observationally inivsible."
No party outside the individual or group using key escrow should have
any way of knowing if key escrow is occurring. Simple.

Any requirements imposed by negotiation with law enforcement, the FBI,
Interpol, the NSA/NIST, or any other body signal that the so-called
"voluntary" standard is about as voluntary as income taxes are. And
*any* signalling that escrow is or is not being done is a violation of
the observational invisibility criterion for a voluntary system.

So, the answer is very simple: a truly customer-driven solution will
have many ways of turning off the escrow, choosing agents arbitrarily
and without permission from outsiders, and with "observational
invisibility" that makes the choice of using key escrow truly a
private choice.

(I submit that this will not be very acceptable to law enforcement,
which is of course why the "voluntary" nature is a charade.)

We can make a more refined list of essential characteristics of a
truly voluntary system, as I may have missed a few details. But the
idea is common-sensical: a voluntary system is a private system,
giving no evidence as to its use, nonuse, conditions, etc.

These are features of Microsoft's or anyone else's SKE system that we
can verify easily. And report any deviations from.

Once again I urge the folks out there working on SKE systems--and I
know at least 3 by name now, not to sound like Senator McCarthy--to
openly discuss these points and to publically commit to a "voluntary
escrow" protocol that has strong crypto/no escrow as a central option.
(If the only choices are strong crypto/mandatory escrow and weak
crypto/no escrow, then we know the standard is hardly voluntary.)

I thank Blanc for asking such a direct question, one which has an easy
answer. I hope she can pass it on to others.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From solman at MIT.EDU  Fri Jul 29 19:33:03 1994
From: solman at MIT.EDU (solman at MIT.EDU)
Date: Fri, 29 Jul 94 19:33:03 PDT
Subject: "Just say 'No' to key escrow."
In-Reply-To: <199407300000.BAA01331@an-teallach.com>
Message-ID: <9407300232.AA01640@ua.MIT.EDU>


> Because, as I mentioned before but I don't think people understood the
> significance, Bill Gates is attempting to create a worldwide network
> of about a hundred satellites.  You don't get to do that without
> political assistance, and no way is the USG going to let Bill put those
> birds up unless they control the technology to snoop on the entire net.

This is a relatively inane conspiracy theory. Gates hardly requires any
assistance since the feds were already committed to setting up licenses
in bands that are good for these types of networks. Both the FCC and Hughes
have sped up their efforts towards these systems in recent days.

And the satellite system is not Bill Gates. He is an investor, and a fairly
small one. Gates and McCaw (sp?) gave that venture much more by attaching
their names to it than they did by giving a few of their millions. I seem
to recall Gates' share being 7 megabucks.

> Putting SKE in all microsoft products is doubtless one (though unlikely
> all) of the quid pro quos of getting a licence to put up the sky-based
> comms network.

Jesus people are paranoid. I happen to be of the opinion that A) if escrow
isn't bult into things by the time Chicago, Cairo and Daytona are out it
will be too late and that B) software based escrows are a good thing because
they take the wind out of hardware based encryption efforts and they are
difficult to make mandatory.

JWS





From blancw at microsoft.com  Fri Jul 29 19:40:31 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 29 Jul 94 19:40:31 PDT
Subject: "Just say 'No' to key escrow."
Message-ID: <9407300240.AA10095@netmail2.microsoft.com>


From: Graham Toal

. . .  . . Bill Gates is attempting to create a worldwide network
of about a hundred satellites.  You don't get to do that without
political assistance, and no way is the USG going to let Bill put those
birds up unless they control the technology to snoop on the entire net.
...............................................................

Could Bill even think about setting up a satellite network without 
confronting the Governmental Presence?  Anyone who plans to do anything 
in communications must come to terms with the Divine Intervention 
Department;  maybe not today, maybe not tomorrow, but for sure by payday.
Can anyone in the United States get away with introducing a product or 
service which is not going to require that "government interests" be 
represented in some way (if only at tax-time)?

They must, at the very least, have meetings, conferences, discussions 
to ensure that 1) no one in the world is going to be damaged by the new 
service, and 2) that the MotherShip will get its revenue % .   Is there 
any legally-sanctioned enterprise/company which can avoid this?

This is a real predicament not limited to Billg and his interest in the 
internet.  I think quite broadly about all of the areas in which the 
government steps in to maintain a controlling influence;  any time a 
new idea is introduced, They Will Be There to make sure that they can 
protect us from the new-fangled object in case anyone tries to use it 
against us, the Precious Ones, the Most Valuable Citizens of the World.

Scanaphobia, anyone?

Blanc

[Obligatory Reminder: The company won't leFrom owner-cypherpunks  Fri Jul 29 21:18:02 1994
Return-Path: <owner-cypherpunks>
Received: by toad.com id AA15874; Fri, 29 Jul 94 21:18:02 PDT
Received: from selene.wright.edu by toad.com id AA15859; Fri, 29 Jul 94 21:17:23 PDT
Received: from discover.wright.edu (discgate.wright.edu)
 by selene.wright.edu (PMDF V4.3-7 #2485)
 id <01HFAQ3YAUXS0001IY at selene.wright.edu>; Sat, 30 Jul 1994 00:14:36 EDT
Received: by discover.wright.edu      (4.1/SMI-4.1) id AA13118; Sat,
 30 Jul 94 00:16:39 EDT
Date: Sat, 30 Jul 1994 00:16:38 -0400 (EDT)
From: Aron Freed <s009amf at discover.wright.edu>
Subject: Re: No SKE in Daytona and other goodies
In-Reply-To: <9407292014.AA07120 at sosfc.avtc.sel.sony.com>
To: Eric Weaver <Eric_Weaver at avtc.sel.sony.com>
Cc: blancw at microsoft.com, tcmay at localhost.netcom.com, cypherpunks at toad.com
Message-Id: <Pine.3.89.9407300035.A12869-0100000 at discover>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Sender: owner-cypherpunks at toad.com
Precedence: bulk

On Fri, 29 Jul 1994, Eric Weaver wrote:

> The government should NOT be viewed similarly to an employer in its
> relationship with citizens.  Employees are free to quit and make their
> income some other way.

Yeah and since when has this country been so easy to quit and find a new 
job with the same relative pay???? Do you think it's that easy??? Uh I 
don't think so.. duh huh... I can't even get a summer job working at a 
computer store and I'm very computer literate for my age. 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- 	YABBS - telnet phred.pc.cc.cmu.edu 8888                       -=-
-=-    								      -=-
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=







From nobody at c2.org  Fri Jul 29 21:24:32 1994
From: nobody at c2.org (Anonymous User)
Date: Fri, 29 Jul 94 21:24:32 PDT
Subject: Graham Toal and His 'Fucking Religion'
Message-ID: <199407300422.VAA26071@zero.c2.org>


gtoal at an-teallach.com (Graham Toal) wrote:

> Keep your fucking religion out of my face, Zook.  If you want 
> censored-kiddynet, create your own one privately out of funds 
> donated by Good Christians, but take your state control and stuff 
> it where ypu stuff your crucifix.

Ironic what you say, Graham.  Given the fact that the subject 
matter is PORNOGRAPHY, often involving explicit depiction of 
sexual intercourse, which is somewhat of a "religion to some", 
maybe that's exactly what Nathan was asking -- for pornographers 
to keep their "fucking religion" off the net...

Just as adults can avoid reading what the consider "offensive" 
material, so can you, too, avoid lashing out in a blind fury at 
posts like this that YOU disagree with.  If one didn't know 
better, it'd seem that YOU are almost advocating censorship of 
ideas that you deem offensive. <g>





From roy at sendai.cybrspc.mn.org  Fri Jul 29 22:06:12 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 29 Jul 94 22:06:12 PDT
Subject: A new flavor of spam
In-Reply-To: <319e5j$sgh@zeus.london.micrognosis.com>
Message-ID: <940729.194357.3V1.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

Yeah, I know it's a forward.  But it's short, and raises a very good
point about tuna...

In alt.current-events.net-abuse, nreadwin at london.micrognosis.com writes:

> levin at bbn.com (Joel B Levin) writes:
>>If you'll note that bottom of these messages, the (forged) user's real
>>ID is included in the text.
> 
> Do you have evidence to back this up? The forger can map the forged
> from line to the anon id using the subject line. The id in the body may
> be unrelated. The forger might even deliberately try to mislead anyone
> reading alt.test into thinking that infamous-anon-id-X corresponds to
> some-email-address using this. Neil.
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org
  perl -e '$x = 1/20; print "Just my \$$x! (adjusted for inflation)\n"'
        "What do you mean, you've never been to Alpha Centauri?"
                                               -- Prostetnic Vogon Jeltz

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjmivxvikii9febJAQGthwQAuvscCVExgQ4mtuL3Ju+BdO1/+vZxtazb
zWy48A6hZC5qrp6n3F/nUGrITC6CD5ZvJ3OOwyU1jCsieuKFjFwwkMJQumm98iF+
ibd+WVcurBqEr+oWGVXl7Oyfcs474w1/533HJwUZDK/MC/QCfdFcPJdVrC36146E
Q+r1Ck8CzPE=
=FLAh
-----END PGP SIGNATURE-----






From shamrock at netcom.com  Fri Jul 29 22:07:53 1994
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 29 Jul 94 22:07:53 PDT
Subject: NYET to censors, REPOST
Message-ID: <199407300507.WAA07462@netcom7.netcom.com>


>C'punks,
>
>On Fri, 29 Jul 1994, Lucky Green wrote:
>
>> ...
>> The christian right is attempting to keep their children in ignorance...
>
>No need to alienate folks, Lucky.  LOTS of folks, of all political and
>religious persuasions are attempting to keep their children ignorant of
>one thing or another.  Anyone who thinks it's only the so-call "Christian
>Right," is living in denial.

I agree. The environmental fascists on the 'left' and the "don't you
deviate from the mainstream" masses in the 'middle' are no better. I
believe that children are best exposed to everything out there at an early
age, because exposed they will be, rest assured.

>> "Daddy, do you know how to perform a genuine French duck fuck?"
>> "Gasp!"
>> "Well, we do. Would you like to know?"
>
>Hell, Lucky, *I* haven't got a clue.  How does it go?
>

I am not sure if explaining this under my own name would be wise at this
point in time. Perhaps someone else would like to elaborate through a
remailer?


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From roy at sendai.cybrspc.mn.org  Fri Jul 29 22:21:12 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 29 Jul 94 22:21:12 PDT
Subject: penet spoofs
In-Reply-To: <7JQEkaa0iQlS069yn@ouray.denver.colorado.edu>
Message-ID: <940729.235209.2u7.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, Alan Westrope:

> Me too, but I suspect the asshole just sent a 'who cypherpunks' request
> to majordomo at toad.com.

Maybe not.  My personal address was used, but my list subscription
address wasn't.  (cypherpunks gets gated to a local newsgroup here, so I
can read it with news tools)
- -- 
       Roy M. Silvernail         [ ]  roy at sendai.cybrspc.mn.org
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org
         These are, of course, my opinions (and my machines)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjnc6Bvikii9febJAQFaVgQAvClV+v9+mAGPM1Tf000Dr/sqPuyAW36f
MsAs3yblljF9S756+/+bSipAa8eYVpGZp/N9vL3G4tPAVRce43nzVBpXuCu6ICrX
tAwCYPdkbJXHAr48sAFy+1FIYhvsHsJ3NclajwPdX+gFAmQo1TKcAi2F+J3JCrWn
eXEVuKcWyo4=
=mZG5
-----END PGP SIGNATURE-----






From pierre at shell.portal.com  Fri Jul 29 22:25:14 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Fri, 29 Jul 94 22:25:14 PDT
Subject: AA BBS sysops found guilty
Message-ID: <199407300524.WAA06128@jobe.shell.portal.com>


I said:

> I remember that the charges were actually more subtle (though just as
> silly) and numerous. To discuss it further we need to know the detail
> of which charges brought a guilty verdict, and which were thrown out.

Well, talk about subtle: (From the netnews threads)

"The Thomases were convicted on 11 criminal counts, each carrying
maximum sentences of five years in prison and $250,000 in fines.

Thomas was acquitted on a charge of accepting child pornography
mailed to him by an undercover postal inspector."

The thread is currently in comp.org.eff.talk,misc.legal,alt.sex,
alt.bbs,alt.slack

In none of the thread did I see a mention that the difference between
"shipping material" and "Making material available for net access" was
even considered to matter. The judge also seems to have disallowed the
jury from interpreting "community standards" to include what we call
"electronic communities" (not that I would expect a bunch of random
jurors to even consider this distinction).

Interesting quotes from the thread:

:   "If the jury feels the law is unjust, we recognize the undisputed
:   power of the jury to acquit, even if its verdict is contrary to the
:   law as given by a judge, and contrary to the evidence ... and the
:   courts must abide by that decision."
:   - US v Moylan, 4th Circuit Court of Appeals, 1969, 417 F.2d at 1006

and

: In the list of grievances in the July 4, 1776, declaration of
: independence, one was "transporting us beyond seas to be tried for
: pretended offences."

Pierre.
pierre at shell.portal.com





From cactus at bb.com  Fri Jul 29 23:58:19 1994
From: cactus at bb.com (L. Todd Masco)
Date: Fri, 29 Jul 94 23:58:19 PDT
Subject: penet.fi attack
In-Reply-To: <199407300700.DAA06386@bb.com>
Message-ID: <199407300703.DAA06398@bb.com>



roy at sendai.cybrspc.mn.org (Roy M. Silvernail):
 > In list.cypherpunks, Alan Westrope:
 > 
 > > Me too, but I suspect the asshole just sent a 'who cypherpunks' request
 > > to majordomo at toad.com.
 > 
 > Maybe not.  My personal address was used, but my list subscription
 > address wasn't.  (cypherpunks gets gated to a local newsgroup here, so I
 > can read it with news tools)

Ditto.  El creepo was definitely using the real list for the attack (and
 oddly, I got two total: one last night and one this evening).
--
L. Todd Masco  |  Bibliobytes books on computer, on any UNIX host with e-mail
cactus at bb.com  | "Information wants to be free, but authors want to be paid."





From gtoal at an-teallach.com  Sat Jul 30 03:59:01 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Sat, 30 Jul 94 03:59:01 PDT
Subject: Larry Detweiler and his 'Fucking Hypocrisy'
Message-ID: <199407301057.LAA18732@an-teallach.com>


: From: Anonymous User <nobody at c2.org>

: Ironic what you say, Graham.  Given the fact that the subject 
: matter is PORNOGRAPHY, often involving explicit depiction of 
: sexual intercourse, which is somewhat of a "religion to some", 
: maybe that's exactly what Nathan was asking -- for pornographers 
: to keep their "fucking religion" off the net...

Classic, a lesson in hypocrisy from Detweiler!  Larry, the day I call
for government regulation to stop decent atheist kids from being allowed
to access evil underground Christian fsp sites is the day you can start
bleating hypocrisy.

Another deliberate flame-bait from Detweiler.  Excuse me if I don't
waste my time refuting anything else he said.

G





From nowhere at bsu-cs.bsu.edu  Sat Jul 30 05:40:49 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sat, 30 Jul 94 05:40:49 PDT
Subject: No Subject
Message-ID: <199407301239.HAA21747@bsu-cs.bsu.edu>



Muchas apologies for the forwarded post, but I thought you folks might
find this of interest...



From: Perillo at dockmaster.ncsc.mil
Newsgroups: comp.security.misc
Subject: Fwd: SHA, Proposed Modification.
Date: 29 Jul 1994 10:03:21 -0400
Organization: Yale CS Mail/News Gateway
Lines: 611
Sender: daemon at cs.yale.edu
Message-ID: <940729135927.373949 at DOCKMASTER.NCSC.MIL>
NNTP-Posting-Host: babyblue.cs.yale.edu


The following is the Request for Comments citation summary, on the
revision or fix of the Secure Hash Algorithm (SHA) released by
NIST on July 11th.

Enclosed is the "technical details sheet" of the
proposed modification that has been floating around NIST for the
last two months.

- Robert

----------------------------
Federal Register  07/11/94
Citation="59 FR 35317"

[Docket No. 940675-4175]
RIN 0693-AB33

Proposed Revision of Federal Information Processing Standard 
(FIPS) 180, Secure Hash Standard

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; Request for comments.

SUMMARY: A revision of Federal Information Processing Standard 
(FIPS) 180, Secure Hash Standard (SHS), is being proposed. This 
proposed revision corrects a technical flaw that made the standard 
less secure than had been thought. The algorithm is still reliable 
as a security mechanism, but the correction returns the SHS 
to the original level of security.

   The SHS produces a 160-bit output called a message digest 
for a message of any size. This message digest can be used with 
FIPS 186, Digital Signature Standard (DSS), to compute a signature 
for the message. The same message digest should be obtained 
by the verifier of the signature when the received version of 
the message is used as input to the Secure Hash Algorithm (SHA). 
--------------

         Proposed Modification of the Secure Hash Algorithm

In Section 7 of [1](page 9), the line which reads

    b) For t=16 to 79 let W(t) = W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16).

is to be replaced by

    b) For t=16 to 79 let
                   W(t) = S1( W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16) ).

where S1 is a left circular shift by one bit as defined
in Section 3 of [1](page 6), namely

S1(X) = (X<<1) V (X>>31).


ASCII translator's note : S1 is actually,  S superscript 1.
                          W(t-n) is actually, W subscript, t or t-n.



References:

    [1]  FIPS PUB 180; Secure Hash Standard
         Computer Systems Laboratory
         National Institute of Standards and Technology
         1993 May 11







___________________________________________________________________

Robert J. Perillo, CCP      Computer Scientist
Cerberus Systems            Washington, DC
___________________________________________________________________
  





From gtoal at an-teallach.com  Sat Jul 30 06:09:02 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Sat, 30 Jul 94 06:09:02 PDT
Subject: "Just say 'No' to key escrow."
Message-ID: <199407301308.OAA23358@an-teallach.com>


: From: solman at mit.edu

: This is a relatively inane conspiracy theory. Gates hardly requires any
: assistance since the feds were already committed to setting up licenses
: in bands that are good for these types of networks. Both the FCC and Hughes
: have sped up their efforts towards these systems in recent days.

That's just the terrestrial side.  What about actually getting the birds up?

: And the satellite system is not Bill Gates. He is an investor, and a fairly
: small one. Gates and McCaw (sp?) gave that venture much more by attaching
: their names to it than they did by giving a few of their millions. I seem
: to recall Gates' share being 7 megabucks.

All the more reason to look at the investors more closely and see what other
quid pro quo's have been arranged.

: will be too late and that B) software based escrows are a good thing because
: they take the wind out of hardware based encryption efforts and they are
: difficult to make mandatory.

This sort of talk is dangerous.  If cypherpunks don't have a united front
against SKE, I can't see the less radical front organisations like EFF
and CPSR (well, maybe just EFF) going balls to the wall against it either.

Compromises should be resisted in order to force USG to show their true
colors when they finally demand to outlaw all non-escrowed crypto.  Otherwise
it'll sneak up on us in the night like the Christian Coalition's goal of
taking over the Republican party.

G





From remailer-admin at chaos.bsu.edu  Sat Jul 30 07:11:58 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Sat, 30 Jul 94 07:11:58 PDT
Subject: DA to DAta censors by D.A.
Message-ID: <199407301412.JAA15580@chaos.bsu.edu>



Copyright 1994, Nutthin Puke.  All jellies preserved.  Intelectual arguments
pending.

DA-- Determined Atheists

Before I start, it may be informative to consider that I consider myself to
be a hard-line member of the Atheist Preservative movement, and a hard-
line advocate of religious freedom.  I am a PhD candidate in tantric sexual
practices at the University of California at Sodom, and I got the 'Separation
of Church and State' language added to the 1774 Republican Party of Texas
platform.  I am a member of Atheists against Christians, and am two hundred
and twenty-seven years old.


As the American community continues to grow, the differences of conviction
that exists generally in the world find their way into the community.  Some
demand that newcomers to the USA adapt to the atheist mores of this society.
Some demand that the USA, as a newcomer to the world, adapt to the religious
beliefs of the outside.  As recent events have demonstrated, the less
reasonable, on both sides, may be endangering the integrity and availablity
of the USA.  Calls for USA-wide religious censorship, it may be expected,
will continue to grow unless the USA can find some way to police itself.  Yet
"police itself" is a term that sends the USA into fits.  My solution, DA, is
for the appropriate users to directly censor the publications that they might
legitmately lay claim to censoring--publications that flows to minors over
which they have legal authority and responsibility.



Specifically, this is a plan to create two sorts of reader in the USA--
adult and minor.  Adult readership may only be obtained by persons of age
eighteen.  Minor readership may only be obtained in the presence of adult
readers, refered to as supervisor librarians.  Adult readers would have
full access to anything in the USA.  Gospel tracts, prayer meetings, Turner
TV, and like press being viewed by a minor, would cause a Clipper call to an
adult supervisor to allow access.  Newspaper editors, in particular, would
censor any letters submitted from a confused Christian juvenile reader.

The legal framework that I see important in aiding such a system is as
follows:

State Level:
1)  Declare to hold harmless those Church bookshops for charges of Contributing
to the Delinquacy of a Minor that obtain and verify the age of bible readers,
and maintain a DA system of access for minors.  Certain acceptable
verification methods specified, with authority to add methods delegated
to a regulatory agency.  Emphasis to be on ease and speed of verification.
Special consideration for in-church bookshops.

2)  Make it illegal to misrepresent age and name data to a religious bookshop.
Require library operators to maintain a record of age and name of religious
book readers for thirty days after borrowing a Bible or putting a request
for a religious publication on hold.

3)  Declare aiding in tampering with DA system to be "Contributing to the
Moral Degeneracy of a Minor" and "Promoting religion in direct contravention
of Californicate Provision 69".

Federal Level:
Pass paralell laws for Churches operating with dioces in two or more states,
or for Churches operating with 800 'dial-a-prayer' numbers.



I believe that such a system would protect the full free expression of religion
currently enjoyed in the USA, while reaffirming parental responsibility in 
the upbringing of their children.  The burden of controlling access devolves
all the way to the parents, making perversion charges against Church elders
patently frivolous.  Advocation-of-religion charges would then be MUCH more
difficult to press, since a jury could be told that specific steps were being
taken to prevent access to minors.  If parents complained that they didn't
want to go to the trouble of spelling out what their children could access,
the response is clear:  "Oh, so it's not worth the effort to you?"



Despite slurs in this group to the contrary, I believe that the proposed
god.* heirarchy may well be the first in a series of attempts to censor
atheism in the USA.  Remember, we already have had a censor for porn,
religion, and unwholesome Hostess-brand snacks.  It is not really a question
of _if_ but _who_ and at _what level_ will this censoring take place.

Nutthin

(Adjusting kinky underwear)


With apologies to Tim May for stealing his schtick.





From jya at pipeline.com  Sat Jul 30 08:16:58 1994
From: jya at pipeline.com (John Young)
Date: Sat, 30 Jul 94 08:16:58 PDT
Subject: Popular Front for the Liberation of Crypto
Message-ID: <199407301516.LAA23350@pipe1.pipeline.com>



Responding to msg by tcmay at netcom.com (Timothy C. May) on Fri, 
29 Jul  6:32 PM

>Grim times in cyberspace. 
>
>Perhaps folks who are more willing to "compromise" with 
>the law  enforcement types can see why I'm so opposed 
>to helping them hang us.


ENR, a construction magazine, reports July 25 on the Davidian 
site cleanup at Waco:

Quote:

As the crew sifts through debris, workers are finding human 
remains.  "Mostly we've found childrens' bones," says Fawn.   . 
. .  "These are the things that mess with my mind."

The project manager adds that he has trouble finding workers 
for the job.  "They are scared of the bones."

Only 47 bodies have been identified of the 80 or more victims.

End quote.



The LEAs endlessly search for easy targets.






From jamesd at netcom.com  Sat Jul 30 08:27:27 1994
From: jamesd at netcom.com (James A. Donald)
Date: Sat, 30 Jul 94 08:27:27 PDT
Subject: No SKE in Daytona and other goodies (fwd)
In-Reply-To: <199407291301.AA08440@poboy.b17c.ingr.com>
Message-ID: <199407301527.IAA13305@netcom13.netcom.com>


The correct and sensible thing for Microsoft to do is to put
hooks in their OS whereby a convenient interface can be provided
to any encryption system.

They may well do this, and (truthfully) tell the US they are 
providing infrastructure for key escrow and (truthfully) tell
cypherpunks they are providing infrastructure for crypto anarchy.
and (truthfully) tell shareholders that they are preparing
their operating system for a world of world wide networks.

This would be the archetypical Bill Gates maneuver.

So before screaming at them, let us see what they are doing.
-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From usura at vox.hacktic.nl  Sat Jul 30 09:16:59 1994
From: usura at vox.hacktic.nl (uSuRa)
Date: Sat, 30 Jul 94 09:16:59 PDT
Subject: New remailer up at: usura@hacktic.nl
Message-ID: <caBaqc1w165w@vox.hacktic.nl>



-----BEGIN PGP SIGNED MESSAGE-----

Hi C'punx,

There is another remailer operational in The Netherlands.
It operates from my usura at hacktic.nl account, and it is an
'on-line' remailer as oposed to my UUCP remailers at vox.hacktic.nl .

For more information send some email 

            To: usura at hacktic.nl
       Subject: remailer-help
       
Or finger usura at hacktic.nl for the remailers PGPkey.

UsE Wisely ..


-----BEGIN PGP SIGNATURE-----
Version: 2.6 for VoX Labz.

iQCVAgUBLjpxS1nfdBSNVpE9AQHdwgP/YEMVzaPmgSK5/neizS+XxAtG8//Hbpmw
G3b0WJ3JLCSmlbsP4eyS70vOn7V0kdLEoht5yJL4VnMF0J6L8elxLfU8wDxMofKj
z7tRCdfVZru2Xcao5FbIEm8L+nFrDF3CPv+Wo3YrHeJEh4kghw0fCsPdlSqilWDz
uCF0JDGMhnk=
=3UmU
-----END PGP SIGNATURE-----

EnJoY ..
--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From rah at shipwright.com  Sat Jul 30 09:27:47 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 30 Jul 94 09:27:47 PDT
Subject: "Just say 'No' to key escrow."
Message-ID: <199407301626.MAA10015@zork.tiac.net>


At  2:08 PM 7/30/94 +0100, Graham Toal wrote:
>: From: solman at mit.edu
>
>: This is a relatively inane conspiracy theory. Gates hardly requires any
>: assistance since the feds were already committed to setting up licenses
>: in bands that are good for these types of networks. Both the FCC and Hughes
>: have sped up their efforts towards these systems in recent days.
>
>That's just the terrestrial side.  What about actually getting the birds up?
>

Oddly enough, they're discussing the use of a modified version of Orbital
Sciences' Pegasus launcher.  It currently uses a B-52 to carry the rocket
to ~40K ft., and then lets it go on up to LEO.  However, there's no reason
they can't use a 747 as the "first stage". 747's are newer and cheaper and
easier to maintain, and the result would be private enterprise from the
ground up.

At the risk of sounding like pollyanna, we may again be seeing fascists
behind every Bush(?) here...  Yet, conducting a public awareness campaign,
in the shrillest possible terms, against SKE (or more properly, government
mandated SKE) is a very good idea.  It's easy to separate the two on a
conceptual basis, and we should.

Conspiracy theories about collusion between governments and big business,
no matter how monopolistic those businesses, usually don't wash.  Economic
institutions really can't keep secrets for very long these days, especially
secrets with significant economic impact. While I believe that they
probably try, it's a little like pissing in the wind (if you're looking for
the proper middle-class white northern european unconciousness-raised male
metaphor ;-).

However, I have to admit people do stupid things for uneconomic reasons.
Windows is living proof of that.  Microsoft offering a "security" package
with SKE in it to their most lucrative market (Large, Hieropatriarchical,
Semi-ossified, Ex-industrial Corporations), is very plausible without any
collusion with the uncle necessary.  Us howling like banshees about it
makes real sense in that light.  LHSECs really hate it when people howl at
them like like banshees.

Exhortatory prose (and action) about manning the barracades against SKE
makes sense. Conspiracy theories will probably make potential allies laugh.

Cheers,
Robert Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From sandfort at crl.com  Sat Jul 30 09:51:05 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 30 Jul 94 09:51:05 PDT
Subject: NYET to censors, REPOST
In-Reply-To: <199407300507.WAA07462@netcom7.netcom.com>
Message-ID: <Pine.3.87.9407300921.A5256-0100000@crl.crl.com>


C'punks,

On Fri, 29 Jul 1994, Lucky Green wrote:

> ...
> >> "Daddy, do you know how to perform a genuine French duck fuck?"
> >> "Gasp!"
> >> "Well, we do. Would you like to know?"
> >
> >Hell, Lucky, *I* haven't got a clue.  How does it go?
> >
> 
> I am not sure if explaining this under my own name would be wise at this
> point in time. 

Your parents actually named you "Lucky"?

> Perhaps someone else would like to elaborate through a remailer? 

Aha!  It *is* a "sleeve job"!


 S a n d y






From sandfort at crl.com  Sat Jul 30 09:59:56 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 30 Jul 94 09:59:56 PDT
Subject: No SKE in Daytona and other goodies
In-Reply-To: <Pine.3.89.9407300035.A12869-0100000@discover>
Message-ID: <Pine.3.87.9407300906.A5256-0100000@crl.crl.com>


C'punks,

On Sat, 30 Jul 1994, Aron Freed, responding to Eric Weaver, wrote:

> ... since when has this country been so easy to quit and find a new job
> with the same relative pay...[blah, blah, blah].

Aron and Eric, this discussion is off-topic for Cypherpunks.  It looks 
like I'm just going to have to step in and settle this:

Eric is right, Aron is wrong.  Now stop fighting and shake hands.  We 
have more important privacy battles to wage.

Your humble servant,


 S a n d y









From jya at pipeline.com  Sat Jul 30 11:27:28 1994
From: jya at pipeline.com (John Young)
Date: Sat, 30 Jul 94 11:27:28 PDT
Subject: Graham Toal and His 'Fucking Religion'
Message-ID: <199407301826.OAA13180@pipe1.pipeline.com>


Responding to msg by nobody at c2.org (Anonymous User) on Fri, 29 
Jul  9:22 PM

Not at all.  Mr. Graham Toal expresses civilized contempt of 
such unctuousness horseshit.  His deft lance of this pus is 
salutary.





From jgostin at eternal.pha.pa.us  Sat Jul 30 11:51:04 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sat, 30 Jul 94 11:51:04 PDT
Subject: penet.fi attack
Message-ID: <940730123148n1ijgostin@eternal.pha.pa.us>


"L. Todd Masco" <cactus at bb.com> writes:

> Ditto.  El creepo was definitely using the real list for the attack (and
>  oddly, I got two total: one last night and one this evening).
     Might it be that El Creepo is a _subscriber_ here? If he were, he
could get a list of addresses that people actually _post_ from. That
covers cases like Roy's. Methinks the C'Punks have a Bug in our midsts.
Since C'Punks Write Code, C'Punks also Debug Code, and this Bug needs to
be Squashed. :-)

                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From nowhere at bsu-cs.bsu.edu  Sat Jul 30 12:03:03 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sat, 30 Jul 94 12:03:03 PDT
Subject: No Subject
Message-ID: <199407301901.OAA24480@bsu-cs.bsu.edu>




Is there a problem with the remailer at soda.berkeley.edu?
Or are they simply moving machines around, as the message
indicates? I received this "warning" message - 


(identifying headers removed) 



    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************


The Computer Science Division at the University of California at
Berkeley is in the process of moving into a brand new building.
This entails moving all machines.  If you are getting a warning
message that the individual's machine is not responding, you might
want to try to contact them using something other than e-mail.
Although we anticipate that most machines will be down for From owner-cypherpunks  Sat Jul 30 14:16:24 1994
Return-Path: <owner-cypherpunks>
Received: by toad.com id AA24030; Sat, 30 Jul 94 14:16:24 PDT
Received: from MIT.EDU (ATHENA-AS-WELL.MIT.EDU) by toad.com id AA24024; Sat, 30 Jul 94 14:16:04 PDT
Received: from UA.MIT.EDU by MIT.EDU with SMTP
	id AA04630; Sat, 30 Jul 94 17:15:58 EDT
From: solman at MIT.EDU
Received: by ua.MIT.EDU (5.57/4.7) id AA04787; Sat, 30 Jul 94 17:15:51 -0400
Message-Id: <9407302115.AA04787 at ua.MIT.EDU>
To: gtoal at an-teallach.com (Graham Toal)
Cc: cypherpunks at toad.com
Subject: Re: "Just say 'No' to key escrow." 
In-Reply-To: Your message of Sat, 30 Jul 94 14:08:23 +0100.
             <199407301308.OAA23358 at an-teallach.com> 
X-Mailer: exmh version 1.3 4/7/94
Date: Sat, 30 Jul 94 17:15:50 EDT
Sender: owner-cypherpunks at toad.com
Precedence: bulk

> : From: solman at mit.edu
> 
> : This is a relatively inane conspiracy theory. Gates hardly requires any
> : assistance since the feds were already committed to setting up licenses
> : in bands that are good for these types of networks. Both the FCC and Hughes
> : have sped up their efforts towards these systems in recent days.
> 
> That's just the terrestrial side.  What about actually getting the birds up?

That's the easiest part. International competition for the precious
few organizations requiring launching facilities has almost entirely
elimintated government intervention in what goes up. Its just like
dealing with regulations made by physical world entities in cyberspace.
If you don't like the rules, it is easy to move it elsewhere.

> : will be too late and that B) software based escrows are a good thing 
because
> : they take the wind out of hardware based encryption efforts and they are
> : difficult to make mandatory.
> 
> This sort of talk is dangerous.  If cypherpunks don't have a united front
> against SKE, I can't see the less radical front organisations like EFF
> and CPSR (well, maybe just EFF) going balls to the wall against it either.

All we need is widely distributed software with optional escrow and the
government will be helpless against us. They won't have a prayer of passing
legislation that prevents you from using your software, so they'll pass
legislation that requires you to use escrows. People will register a key with
the escrow and then use a different key for everything. Escrow dies. Of
course we should fight anything mandating escrow, but the reality is that
if we can force the escrow into software it will be useless to big brother.

JWS





From jamesh at netcom.com  Sat Jul 30 14:20:00 1994
From: jamesh at netcom.com (James Hightower)
Date: Sat, 30 Jul 94 14:20:00 PDT
Subject: The Strange Case of Amateur Action
Message-ID: <199407302120.OAA17880@netcom7.netcom.com>


mpd at netcom.com (Mike Duvos) Writes:
> It is ironic that although the issues raised by this
> case are of the utmost importance, Robert Thomas is just about
> the last person anyone would have chosen as their First
> Ammendment Poster Boy.

Which makes him all the better choice for the Feds. He's harder to
justify defending.

JJH
--
My loathings are simple: 
stupidity, oppression, crime, cruelty, soft music.      -Vladimir Nabokov




From perry at imsi.com  Sat Jul 30 14:48:31 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sat, 30 Jul 94 14:48:31 PDT
Subject: Just say NYET to kneejerking
In-Reply-To: <m0qUJoT-0004G1C@khijol.uucp>
Message-ID: <9407302147.AA05500@snark.imsi.com>



Ed Carp [Sysadmin] says:
> > There is no excuse for being impolite. You can express your views
> > without vitriol -- you may indeed be able to get along with people
> > with views you do not share, and find that you are better off for it.
> 
> Is this the pot calling the kettle black?

No.





From wcs at anchor.ho.att.com  Sat Jul 30 16:31:47 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sat, 30 Jul 94 16:31:47 PDT
Subject: No SKE in Daytona and other goodies
Message-ID: <9407302328.AA01368@anchor.ho.att.com>


Eric Hughes, replying to somebody, wrote:
>    As a previous
>    poster mentioned, users could select null or locally controlled key
>    escrow agents, and effectively have a non-escrowed system. 
> 
> The system I've seen (Whit's recollection of Steve Walker's) did not
> allow a cooperating party to interoperate with a non-cooperating
> party.  In other words, both correspondents must comply with gov't key
> surrender, or neither.

It's a little better than that, but not much.
There are three sides to the process - writing the wiretap field,
verifying the wiretap field, and using the field to wiretap.
The receiver can definitely verify the wiretap field, but has a choice
about whether to do the verification or accept conversations with an
invalid field.  If a conformist receiver refuses to accept conversations
without a verified wiretap field, the sender has to include it to talk.
(This is the opposite of Clipper, where the receiver has no control over 
the system, but the sender can construct a fake wiretap block with some work.)
The sender has a choice of what keymaster agencies to use, but the receiver
can choose whether or not those agencies are acceptable.

It's easy to turn off software key escrow, but only on your own machines.
Unfortunately, the most interesting cases are applications like cellphones,
where the sender is the occasionally non-conformist phone user, 
the receiver is the phone company, and the government can bully the phone 
company into being conformist about both verifying the block and
only accepting politically correct keymasters.  

For other cases, like encrypting fax machines, they'll probably accept
any keymaster, so you can probably use "Dev Null Key Security Inc."
(The government *could* get nasty and insist that encrypting fax machines
can only be imported if they verify that the keymaster's key is signed by
the Key Generation Bureau, but it's a lot harder to control millions
of fax machine users than a few hundred phone companies.)

			Bill





From ckd at loiosh.kei.com  Sat Jul 30 17:46:50 1994
From: ckd at loiosh.kei.com (Christopher Davis)
Date: Sat, 30 Jul 94 17:46:50 PDT
Subject: Orbital Sciences Corporation
In-Reply-To: <199407301626.MAA10015@zork.tiac.net>
Message-ID: <199407310046.UAA00277@loiosh.kei.com>


[crypto relevance is basically nil; apologies]
RH> == Robert Hettinga <rah at shipwright.com>

 RH> Oddly enough, they're discussing the use of a modified version of
 RH> Orbital Sciences' Pegasus launcher.  It currently uses a B-52 to
 RH> carry the rocket to ~40K ft., and then lets it go on up to LEO.
 RH> However, there's no reason they can't use a 747 as the "first
 RH> stage". 747's are newer and cheaper and easier to maintain, and the
 RH> result would be private enterprise from the ground up.

I believe OSC is now ready to use (if they haven't started already) their
modified L-1011 TriStar launch platform ("Stargazer").

I'm not sure the 747 would be as easily modified, based on the design of
the wing box and landing gear.  Similar issues would probably apply to the
McDD DC-10/MD-11.





From wizard at kaiwan.com  Sat Jul 30 18:25:27 1994
From: wizard at kaiwan.com (Mr. Wizard)
Date: Sat, 30 Jul 94 18:25:27 PDT
Subject: Encypted voice communications?
Message-ID: <Pine.3.89.9407301826.A22585-0100000@kaiwan.kaiwan.com>



I seem to remember reading a while back about a voice-encryption scheme 
over telephone lines using a sound card, modem, and fast CPU.  Does 
anybody have additional information on this topic?

-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-
    "I bet you never smelled a real schoolbus before!" wizard at kaiwan.com






From lrh at crl.com  Sat Jul 30 21:07:05 1994
From: lrh at crl.com (Lyman Hazelton)
Date: Sat, 30 Jul 94 21:07:05 PDT
Subject: Orbital Sciences Corporation
In-Reply-To: <199407310046.UAA00277@loiosh.kei.com>
Message-ID: <Pine.3.87.9407302120.A12948-0100000@crl.crl.com>


OSC has already used their modified L1011 to launch a Pegasus.  Last 
month they launched a stretch Pegasus from the plane for the first time.  
Unfortunately they are using new control software in the Pegasus and it 
did not properly take into account the difference in the Phugoid 
frequency of the stretched bird.  The result was positive feedback in the 
yaw control loop causing failure of the main wing.  A self destruct 
charge was detonated from the control facility aboard the L1011.  They 
are due to try again sometime soon.
						Lyman

Finger lrh at crl.com for PGP 2.4 Public Key Block.







From hughes at ah.com  Sat Jul 30 22:11:24 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 30 Jul 94 22:11:24 PDT
Subject: No Subject
In-Reply-To: <199407301901.OAA24480@bsu-cs.bsu.edu>
Message-ID: <9407310439.AA05366@ah.com>


soda.berkeley.edu is moving, or undergoing an upgrade, or something
like that.  It should be up next week.

Eric





From sameer at c2.org  Sat Jul 30 23:01:34 1994
From: sameer at c2.org (sameer)
Date: Sat, 30 Jul 94 23:01:34 PDT
Subject: soda.berkeley.edu/soda.csua.berkeley.edu/ftp.csua.berkeley.edu
In-Reply-To: <9407310439.AA05366@ah.com>
Message-ID: <199407310559.WAA11271@infinity.c2.org>


> 
> soda.berkeley.edu is moving, or undergoing an upgrade, or something
> like that.  It should be up next week.
> 

	More specifically:

soda.berkeley.edu is moving to a new building because the UC
Berkeley's CS deparment is moving to a new building. When back up it
will be called soda.csua.berkeley.edu and soda.berkeley.edu will work
for only about six months. The ftp site is going to move to another
computer owned by the csua so ftp references should be to
ftp.csua.berkeley.edu so that when the ftp site moves it will be
relatively seamless.
(ftp.csua.berkeley.edu points to soda.berkeley.edu right now)

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From sameer at c2.org  Sat Jul 30 23:05:21 1994
From: sameer at c2.org (sameer)
Date: Sat, 30 Jul 94 23:05:21 PDT
Subject: HTML Archives
Message-ID: <199407310602.XAA11391@infinity.c2.org>


I have begun archiving a few lists with a mail->html gateway.

They can be accessed on http://www.c2.org/hypermail

This list is included among them. (The gateway hasn't yet been subbed
to com-priv, but the subscribe request has been sent in.)

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From jdd at aiki.demon.co.uk  Sun Jul 31 06:34:52 1994
From: jdd at aiki.demon.co.uk (Jim Dixon)
Date: Sun, 31 Jul 94 06:34:52 PDT
Subject: penet hack
Message-ID: <2956@aiki.demon.co.uk>


I got a message from anon.penet.fi this morning:

> You have sent a message using the anonymous contact service.
> You have been allocated the code name an118709.
and so forth.

I have never sent any messages using the remailer.  So whoever
is fiddling with the remailer is still doing it.  Is it a coincidence
that I posted to this list for the first time a few days ago?
--
Jim Dixon





From rfb at lehman.com  Sun Jul 31 08:53:03 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Sun, 31 Jul 94 08:53:03 PDT
Subject: penet hack
In-Reply-To: <2956@aiki.demon.co.uk>
Message-ID: <9407311552.AA19224@fnord.lehman.com>


    Date: Sun, 31 Jul 94 14:18:48 GMT
    From: Jim Dixon <jdd at aiki.demon.co.uk>
    
    I got a message from anon.penet.fi this morning:
    
    > You have sent a message using the anonymous contact service.
    > You have been allocated the code name an118709.

This is a direct result of the following:

    Date: Sun, 31 Jul 94 08:32:24 PDT
    From: Majordomo at toad.com
    Subject: Majordomo results

    >>>> who cypherpunks
    Members of list 'cypherpunks':

    . . .

    an111447 at anon.penet.fi

So, anything that you send to cypherpunks also goes to this loser, who
then can associate your two identities.  Since your an*@anon.penet.fi
address was just allocated, you have not been compromised very badly.

It's possible that this person is simply ignorant rather than
malicious.  Subscribing as na111447 at anon.penet.fi would have given the
subscription anon.penet.fi-level security without compromising other
users of that service.

The people with the most exposure are those who use anon.penet.fi but
who do not use the X-Anon-Password feature.  If you use a password and
send a message to cypherpunks, you should get a message from
anon.penet.fi saying that you forgot to use your password when you
sent the message, but the loser will not get the (un)anonymized
version of your cypherpunks message.  Of course, there's marginal
security even with the password feature as the password is transmitted
as plaintext.

			Rick





From jdblair at nextsrv.cas.muohio.EDU  Sun Jul 31 09:04:07 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Sun, 31 Jul 94 09:04:07 PDT
Subject: most recent remailier list wanted
Message-ID: <9407311604.AA14172@ nextsrv.cas.muohio.EDU >


Asking the often posted question...

Where's the most recent remailer list located at?

thanks in advance,
-john.

--------------------------------------------------------------------------
John Blair: <jdblair at nextsrv.cas.muohio.edu>         voice: (513) 529-2961
http://phoenix.aps.muohio.edu/users/jdblair/home.html            KILL YOUR
Finger me for PGP key.                                          TELEVISION
 Too much proximity to folly tends to make it seem normal. --Edward Abbey





From perry at imsi.com  Sun Jul 31 09:06:42 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 31 Jul 94 09:06:42 PDT
Subject: NYET to censors, REPOST
In-Reply-To: <199407300158.SAA17384@netcom7.netcom.com>
Message-ID: <9407311606.AA06253@snark.imsi.com>



Lucky Green says:
> Amen, amem.
> 
> The christian right is attempting to keep their children in ignorance to
> minimize the effort it takes to brainwash them. I shall not rest posting on
> the Net until those children ask their parents:
> 
> "Daddy, do you know how to perform a genuine French duck fuck?"
> "Gasp!"
> "Well, we do. Would you like to know?"

It is the right of Christian Fundamentalists to teach their children
any way they like, just as it is my right to teach my children any way
I like. A society that forceably prevents fundamentalists from
brainwashing their children also has the right tools to keep me from
explaining to my children why government is evil and why there is no god.

I oppose any attempt to prevent free speech on the net in order to
cater to the needs of fundamentalists, but I also oppose vehemently
any attempt to make them conform in the education of their children
with YOUR view of what is right and wrong. I feel that it is perfectly
fine if they produce bowlderized and censored net links for their kids
-- I just don't want them chaning the structure of everyone else's
life in order to do it. Mr. Zooks has a perfect right to raise his
children any way he likes that is not inconsitant with the wishes of
his children, and I do not want to see you or anyone else telling him
what to do, just as I do not want Mr. Zooks telling US what to do.

Perry





From perry at imsi.com  Sun Jul 31 09:12:32 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 31 Jul 94 09:12:32 PDT
Subject: Children and the Net
In-Reply-To: <940729193326Q2sjgostin@eternal.pha.pa.us>
Message-ID: <9407311612.AA06271@snark.imsi.com>



Jeff Gostin says:
> jdd at aiki.demon.co.uk (Jim Dixon) writes:
> 
> > The Internet is a wild and exciting place.  You want your children to
> > get to know it.  But you would also like a way to build little fences
> > between them and some things that they are just too young to deal with.
> > How do you do it?
> 
>      In my eyes, it's really quite easy: Don't let your children use
> Internet UNTIL AND UNLESS you feel they are emotionally stable and mature
> enough to handle any kind of message that comes across the net.

There are other simple strategies, like using a service like Prodigy
that censors its messages, or starting a service for like minded
parents that censors the material children can access. You don't
need change the whole world to alter what a small minority read.

I'm not a believer in the notion of keeping your children "protected"
because the world is a dangerous place and I feel that you produce
children unable to cope with the world if they don't know what is in
it. At the same time, I feel Mr. Zooks has the right to raise his
children as hot house flowers if he likes, and he can accomplish his
goals perfectly well without censoring us, which I feel would be
unacceptable even if Mr. Zooks could not raise his children unexposed
to the world without censorship. Luckily, both sets of goals are
achievable.

Perry






From Jacob.Levy at Eng.Sun.COM  Sun Jul 31 09:22:59 1994
From: Jacob.Levy at Eng.Sun.COM (Jacob Levy)
Date: Sun, 31 Jul 94 09:22:59 PDT
Subject: penet hack
In-Reply-To: <2956@aiki.demon.co.uk>
Message-ID: <9407311625.AA22480@burgess.Eng.Sun.COM>



>I have never sent any messages using the remailer.  So whoever
>is fiddling with the remailer is still doing it.  Is it a coincidence
>that I posted to this list for the first time a few days ago?

No cause for alarm.

The way this works is that the cypherpunks list has members that are
subscribed through anon.penet.fi. If the mailing list sends the message as
you (as opposed to sending it as cypherpunks at toad.com) then it will send a
message from you to the anonymous subscriber. Because of the double-blind
feature of anon.penet.fi this will cause allocation of an ID. Hence if you
send email to this list you're likely to get an ID assigned and receive the
message from anon.penet.fi

--JYL




From mpd at netcom.com  Sun Jul 31 10:20:54 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 10:20:54 PDT
Subject: Children and the Net
In-Reply-To: <9407311612.AA06271@snark.imsi.com>
Message-ID: <199407311720.KAA03972@netcom14.netcom.com>


Perry E. Metzger <perry at imsi.com> writes:

 > A society that forceably prevents fundamentalists from
 > brainwashing their children also has the right tools to
 > keep me from explaining to my children why government is
 > evil and why there is no god.

The cure for brainwashing is not to silence the brainwasher, but
to make sure the intended victim is exposed to a wide variety of
other viewpoints.  We can cure the children of Fundamentalists
quite easily without preventing their parents, or you for that
matter, from expressing any point of view you choose.  Truth
usually wins over bullshit when both are equally illuminated in
public view.

I would certainly oppose any law which said that parents could
completely control a minor's access to information in order to
make sure that the parent's perspective was the only one
presented.

Very young children need to be protected from graphically violent
material which they might find disturbing.  Other than this, I am
not sure any censorship on the Net is appropriate.

Kids experiencing the Net for the first time are perfectly safe
if they follow some simple guidelines.

     1. Never give out personal information like your name,
        address, or phone number to strangers.

     2. Check all information obtained from the Net with a
        trusted person before acting on it.

     3. Change the channel if someone interacts with you in
        a way you find crude and offensive.

One should remember that a kid sitting in his living room at a
computer is perfectly safe in physical sense.  There is nothing
bytes of data can do to harm him.  As long as he does not
volunteer inappropriate information to strangers, he can cruise
to his heart's content without fear of unwanted consequences, and
learn all sorts of interesting things in the process.

 > I oppose any attempt to prevent free speech on the net in
 > order to cater to the needs of fundamentalists, but I also
 > oppose vehemently any attempt to make them conform in the
 > education of their children with YOUR view of what is right
 > and wrong.

I certainly agree with this in terms of the censorship issue.

 > I feel that it is perfectly fine if they produce bowlderized
 > and censored net links for their kids -- I just don't want
 > them changing the structure of everyone else's life in order
 > to do it.

They can just use America Online.  It comes pre-bowlderized and
pre-censored right out of the box.

 > Mr.  Zooks has a perfect right to raise his children any way
 > he likes that is not inconsistant with the wishes of his
 > children, and I do not want to see you or anyone else
 > telling him what to do, just as I do not want Mr. Zooks
 > telling US what to do.

It's the wishes of the children that tend to be overlooked when
the Funny Mentalists are having their legislative orgy.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From cypress at connected.com  Sun Jul 31 10:59:39 1994
From: cypress at connected.com (BCL)
Date: Sun, 31 Jul 94 10:59:39 PDT
Subject: penet hack
In-Reply-To: <2956@aiki.demon.co.uk>
Message-ID: <Pine.3.89.9407311011.A25732-0100000@goshen.connected.com>


On Sun, 31 Jul 1994, Jim Dixon wrote:

> I got a message from anon.penet.fi this morning:
> 
> > You have sent a message using the anonymous contact service.
> > You have been allocated the code name an118709.
> and so forth.
> 
> I have never sent any messages using the remailer.  So whoever
> is fiddling with the remailer is still doing it.  Is it a coincidence
> that I posted to this list for the first time a few days ago?

  Sure sounds like it. I wonder if they are watching the messages that 
addresses are being stripped from? I believe this is my first post 
here(at least in quite a while). Lets see what happens, shall we?


   Brian

--------------------------------------------+--------------------------------
 Linux: The choice of a GNU generation      |  cypress at connected.com
 sysop  of FreeZone datahaven (206)569-2911 |  finger for PGP key
--------------------------------------------+--------------------------------





From Richard.Johnson at Colorado.EDU  Sun Jul 31 11:02:23 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Sun, 31 Jul 94 11:02:23 PDT
Subject: penet hack
In-Reply-To: <2956@aiki.demon.co.uk>
Message-ID: <199407311801.MAA17074@spot.Colorado.EDU>


| I got a message from anon.penet.fi this morning:
| 
| > You have sent a message using the anonymous contact service.
...
| I have never sent any messages using the remailer.  So whoever
| is fiddling with the remailer is still doing it.  Is it a coincidence
| that I posted to this list for the first time a few days ago?

No coincidence.  For those that haven't figured it out yet, some less
than clueful individual has subscribed a penet pseudonymous id to
cypherpunks.  Again.  Then again, maybe it _was_ an intentional try
at 'out'ing posters to cypherpunks.  The perp will receive each post
twice, once with the 'real' header via their normal subscription, and
once with the 'anonymized' header via their penet subscription.

When a message from a mailing list arrives at penet, addressed to
a 'nym, penet anonymizes it and assigns a new 'nym for the address
in the From: line.  To me, this is obviously stupid when mailing
lists are involved, causing automatic 'out'ing of folks who didn't
know they were sending to a pseudonymous account.

Might it be better for penet to fix the problem by more intelligent
parsing on their end (using the Sender: line too?), rather than
forcing the rest of the world to patch around their little security
bug?

Such patches include not attaching signatures and real names to any
mailing list posts, making sure all your accounts have penet ids
protected by passwords, not signing posts using PGP or RIPEM, and
sending to lists only via anonymous remailers.  A whole lot of bother
for little gain...

Basically, this penet problem makes Julf's service less than useless
to anyone who wants their pseudonymous address to remain private.





From perry at imsi.com  Sun Jul 31 11:13:34 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 31 Jul 94 11:13:34 PDT
Subject: Children and the Net
In-Reply-To: <199407311720.KAA03972@netcom14.netcom.com>
Message-ID: <9407311813.AA06454@snark.imsi.com>



Mike Duvos says:
> Perry E. Metzger <perry at imsi.com> writes:
> 
>  > A society that forceably prevents fundamentalists from
>  > brainwashing their children also has the right tools to
>  > keep me from explaining to my children why government is
>  > evil and why there is no god.
> 
> The cure for brainwashing is not to silence the brainwasher, but
> to make sure the intended victim is exposed to a wide variety of
> other viewpoints.  We can cure the children of Fundamentalists
> quite easily without preventing their parents, or you for that
> matter, from expressing any point of view you choose.

This may be so, but I am unsure that I have any interest in spending
energy in attempting to "cure" people of their views. Its not my place
to tell people what to think, and I'm uncertain that a society that
makes it easy to perform such "cures" is necessarily one that I want
to live in. Perhaps society would wish to "cure" my children of their
views.

Frankly, I don't CARE if fundamentalists brainwash their children.  I
want to be left alone myself, and I'm perfectly willing to leave them
alone, too. I'm not so interested in running my neighbors lives, nor
am I so perfect that I am capable of running theirs as well as my
own. So long as they grant me the same respect they can tell their
children that Jesus levitates at all times thirty stories above the
Royal Albert Hall for all I care. I just don't want them telling ME
what to do and think.

Understand that I disagree with Zooks' proposal to impose a censorship
structure on the net. I merely ALSO disagree with the flood of
opinions that seem to say that he doesn't have the right to raise his
children as he sees fit. If he wants to only let them see sanitized
net traffic, let him find a service to provide that to his children. I
am not interested in interfering in his life. I ask the same respect
from him, but thats all.

Perry






From tcmay at netcom.com  Sun Jul 31 11:26:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 11:26:33 PDT
Subject: Children and the Net
In-Reply-To: <199407311720.KAA03972@netcom14.netcom.com>
Message-ID: <199407311826.LAA24798@netcom10.netcom.com>


Mike Duvos writes:

> I would certainly oppose any law which said that parents could
> completely control a minor's access to information in order to
> make sure that the parent's perspective was the only one
> presented.

This won't cut it. No outsiders can interfere with how I raise my
children, in terms of the views I expose them to. ("Public schooling"
is not the issue, as children can be sent to Xtian, Buddhist,
Adventist, or whatever schools,...so long as minimal standards are
met. There is no requirement for ideological or memetic balance.)

Practically, any system such as Mike proposes above would fail.
Parents have control over the reading material of children. Ditto for
television, movies, etc.

I'm getting involved here in this political discussion because some
Cyherpunks think it's OK to forcibly butt into how others raise their
children, that this is somehow consistent with a Cypherpunk attitude
about information and liberty. It's not.

We saw this idea that "parents cannot force their children ..." reach
its fruition in the Branch Davidian case, where the BATF had to burn
the children in order to save the children.

I reject the notion that the state needs to intervene in families in
order to make sure that balanced and appropriate views are provided.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From gtoal at an-teallach.com  Sun Jul 31 11:58:18 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Sun, 31 Jul 94 11:58:18 PDT
Subject: penet hack
Message-ID: <199407311816.TAA22796@an-teallach.com>


	The people with the most exposure are those who use anon.penet.fi but
	who do not use the X-Anon-Password feature.  If you use a password and

This is what I don't understand about all this.  I thought when Julf
re-opened the service after Spaf had it closed down that time, that he
made the password stuff mandatory, and you couldn't use your account
until you installed a password?  (If passwords *aren't* mandatory, they
damn well ought to be made so immediately.  This form of attack has
been known about for well over a year now.)

G





From jdd at aiki.demon.co.uk  Sun Jul 31 12:14:43 1994
From: jdd at aiki.demon.co.uk (Jim Dixon)
Date: Sun, 31 Jul 94 12:14:43 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <2984@aiki.demon.co.uk>


In message <9407291941.AA26399 at netmail2.microsoft.com> Blanc Weber writes:
> 
> If a system contains "protocols especially suited for eventual 
> mandatory use", like SKE, does this of necessity mean that the 
> developers intended that it should become part of a nationally-mandated 
> open avenue to spying on anyone who uses it?
> 
If you see a guy skulking in a dark alley with a gun, a knife, and a
large club, do you debate whether he is of necessity about to use them?
--
Jim Dixon





From zoo at armadillo.com  Sun Jul 31 12:25:04 1994
From: zoo at armadillo.com (david d `zoo' zuhn)
Date: Sun, 31 Jul 94 12:25:04 PDT
Subject: Children and the Net
Message-ID: <199407311918.OAA24381@monad.armadillo.com>


-----BEGIN PGP SIGNED MESSAGE-----

//  Very young children need to be protected from graphically violent
//  material which they might find disturbing.  Other than this, I am
//  not sure any censorship on the Net is appropriate.

It's exactly this tone that I'm afraid of.  Need?  In who's opinion?  While
I might agree that children shouldn't indiscriminately be seeing
potentially disturbing material, the way that I'd state it is: "I'd like my
children to be protected from graphically violent material".  Note that it
would be *my* children that *I* want to protect.  And I have the means to
handle that.  Not that I have kids, but...

It's insidous, the ways that morals get turned into law and regulations.


- -- 
- -  david d `zoo' zuhn  -| armadillo zoo software -- 
- --  zoo at armadillo.com --|   unix generalist (and occasional specialist)
- ------------------------+   send e-mail for more information
  pgp key upon request  +----------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjv44u80ah2ymxnRAQGC+QP/dwj7FONy059sHsY55/0aX7RfSrvh5lm4
C66P1azSmbdF7nqY4jrR5Eau+/pcqgkOnRvMD5Sjl9n2aInfXZM1K1uLZDim2gbw
+SrLnYW/7tg1NdZA6Al83a5EGbfR9wS7q9g8OsIflizdvyqo4egAv3mav3IRIGsM
1XAXXu9gtqg=
=0aMR
-----END PGP SIGNATURE-----





From gtoal at an-teallach.com  Sun Jul 31 12:28:05 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Sun, 31 Jul 94 12:28:05 PDT
Subject: Children and the Net
Message-ID: <199407311927.UAA24348@an-teallach.com>


	structure on the net. I merely ALSO disagree with the flood of
	opinions that seem to say that he doesn't have the right to raise his
	children as he sees fit. If he wants to only let them see sanitized

Could you point one of this flood out then?  I didn't see any like that.
I've no interest in interfering with how he raises his children.  I was quite
explicit that all I wanted was that his child-rearing plans don't interfere
with my life.  Or my kids' for that matter.

You're a terrible man for putting words in other people's mouths, Perry.

G





From werewolf at io.org  Sun Jul 31 12:59:00 1994
From: werewolf at io.org (Mark Terka)
Date: Sun, 31 Jul 94 12:59:00 PDT
Subject: Soda.Berekely Mailer Up...Or Down???
Message-ID: <Pine.3.89.9407311559.A4201-0100000@nudge.io.org>


Is the remailer at soda.berkeley up now? I've had a couple of messages
returned from that site saying it was down or something.

--------------------------------------------------------------------------
Mark Terka     | werewolf at io.org             | public key (werewolf) at
Toronto,Canada | dg507 at cleveland.freenet.edu | pgp-public-keys at demon.co.uk
--------------------------------------------------------------------------






From mpd at netcom.com  Sun Jul 31 13:09:09 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 13:09:09 PDT
Subject: Children and the Net
In-Reply-To: <199407311918.OAA24381@monad.armadillo.com>
Message-ID: <199407312008.NAA27760@netcom2.netcom.com>


david d `zoo' zuhn <zoo at armadillo.com> writes:

 >> Very young children need to be protected from graphically
 >> violent material which they might find disturbing.  Other
 >> than this, I am not sure any censorship on the Net is
 >> appropriate.

 > It's exactly this tone that I'm afraid of.  Need?  In who's
 > opinion?  While I might agree that children shouldn't
 > indiscriminately be seeing potentially disturbing material,
 > the way that I'd state it is: "I'd like my children to be
 > protected from graphically violent material".  Note that it
 > would be *my* children that *I* want to protect.  And I
 > have the means to handle that.  Not that I have kids, but...

 > It's insidous, the ways that morals get turned into law
 > and regulations.

Young kids have the same feelings looking at realistic
depictions of violence in movies that they would have looking at
the real thing.  This is true even if they intellectually grasp
that what they are viewing never really happened.  Many movies we
wouldn't think twice about can cause children intense emotional
pain.

The critical faculty needed to gate such feelings situationally
develops at different ages in different children, but is
generally well-developed by the age of 12.

Many other countries simply rate movies by specifying how old
you have to be to see the movie.  These ratings are made by
experts who understand the effects various types of imagery are
likely to have on young viewers.  A typical blood and guts
adventure film might get a rating of 12.  Something really gross
would probably get a rating of 15.  Sometimes movies are
completely banned in certain countries, like "Predator II" in
Norway.  Note the absence of any mention of parents in the
preceeding.

In America, where everything about kids is really about parental
power, we have a completely silly ratings system full of phrases
like "Parents Strongly Cautioned" and "May Be Inappropriate." The
effect of all this is that a parent can take a 6 year old to
"Texas Chainsaw Massacre" and put him in therapy for the rest of
his life, but a 16 year old can't even go near a movie which
doesn't star Bambi without dragging some generally unwilling
adult along.

No one gets protected from anything and the system exists
entirely as an parent ego-boosting exercise.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From paul.elliott at hrnowl.lonestar.org  Sun Jul 31 13:10:50 1994
From: paul.elliott at hrnowl.lonestar.org (Paul Elliott)
Date: Sun, 31 Jul 94 13:10:50 PDT
Subject: cryptosystems journal vol2 #2
Message-ID: <2e3be87b.flight@flight.hrnowl.lonestar.org>


-----BEGIN PGP SIGNED MESSAGE-----

Does any one know how I could get a copy of Cryptosystems journal vol
2 #2? I wanted to read the article on hardware rng's.  I tried writing
the publisher and getting from the Library of congress on inter
library loan, but the publisher never answered, and the Library of
congress said it was currently being processed, whatever that means.
- ------------------------------------------------------------------------------
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott at hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjv2XPBUQYbUhJh5AQHYHAP/fKuubxq0o/KzC3jO/vggFN2Wwwa8xXjD
4IUD9rrikR5UF81ISXdWOe4LKnuQMLj8fJNYAPuZQ/Ycy0GFhxt9TkGp+G6n+eHp
t+2vHd/1px9vYB6bh0xnZIhnNhRfOCb5yo/w4hU7vPBw6a0b7yNyIe38RU0KouRv
A84aNHmN2/4=
=de3P
-----END PGP SIGNATURE-----

-- 





From bart at netcom.com  Sun Jul 31 13:13:00 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Sun, 31 Jul 94 13:13:00 PDT
Subject: Bumper sticker kit
Message-ID: <199407312013.NAA25124@netcom4.netcom.com>



    From this morning's SJMN:

    Williams & Macias (800 310 0890) has developed a gloss paper stock
    that lets you print bumper stickers on an ordinary laser printer.
    ... called Product Codes 2041 and 2042 which differ in that the 
    first has three stickers per 8.5 x 11 sheet which are slightly
    smaller than "standard" bumper stickers. The latter has 2 full
    sized ones.  Both are priced at $19 and get you 20 sheets so
    there are 60 or 40 respectively.  The stickers have a permanent
    weatherproof adhesive backing and are made from weather resistant
    paper.

    Cypherpunks write bumper stickers too(?).




From cypress at connected.com  Sun Jul 31 13:22:22 1994
From: cypress at connected.com (BCL)
Date: Sun, 31 Jul 94 13:22:22 PDT
Subject: Children and the Net
In-Reply-To: <199407311826.LAA24798@netcom10.netcom.com>
Message-ID: <Pine.3.89.9407311328.A27517-0100000@goshen.connected.com>


On Sun, 31 Jul 1994, Timothy C. May wrote:

> Practically, any system such as Mike proposes above would fail.
> Parents have control over the reading material of children. Ditto for
> television, movies, etc.

  Exactly. An that's where the control should stay. In my view the 'net' 
should be like a giant world-wide library. You can get good stuff and you 
can get bad stuff and it is up the parents to regulate what the kids get. 
Passing the buck to the net authorities just circumvents the parent's 
control of the material. What if there is something that I want my kid to 
access and the 'authorities' say that it cannot be allowed until they 
turn 18.

> I'm getting involved here in this political discussion because some
> Cyherpunks think it's OK to forcibly butt into how others raise their
> children, that this is somehow consistent with a Cypherpunk attitude
> about information and liberty. It's not.

  Raising kids the way you believe is all part of the 1st amendment. When 
then state starts telling you how to raise them(as it already is in some 
states) then you have just lost one of your greatest freedoms and rights.

> We saw this idea that "parents cannot force their children ..." reach
> its fruition in the Branch Davidian case, where the BATF had to burn
> the children in order to save the children.

  But the state always knows whats best, right? Have you heard that the 
ABC documentry on Waco has been postponed under pressure from the WH 
until after the crime bill is voted on? Heard his on the radio the other day.

> 
> I reject the notion that the state needs to intervene in families in
> order to make sure that balanced and appropriate views are provided.

  An interesting thing that I learned in anthropology last quarter. Out 
teacher likes to goo of on tangents and give useful info. According to 
him the Bureau of Indian Affairs(BIA) sent the Indian kids to BIA school 
on other completely different reservations in order to break down the 
transfer of the Indian culture from the elders in the tribes to the 
children. 

  If you don't transfer your culture(whatever it may be, religious, 
anti-government, etc) to your kids then it is lost. If the governemnt is 
the one doing the 'cultural development' of your kids then where is that 
going to leave us in a generation or two?

  Brian

--------------------------------------------+--------------------------------
 Linux: The choice of a GNU generation      |  cypress at connected.com
 sysop  of FreeZone datahaven (206)569-2911 |  finger for PGP key
--------------------------------------------+--------------------------------





From tcmay at netcom.com  Sun Jul 31 13:25:15 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 13:25:15 PDT
Subject: Big Brother's Escrow Systems
In-Reply-To: <2984@aiki.demon.co.uk>
Message-ID: <199407312024.NAA03158@netcom10.netcom.com>



> In message <9407291941.AA26399 at netmail2.microsoft.com> Blanc Weber writes:
> > 
> > If a system contains "protocols especially suited for eventual 
> > mandatory use", like SKE, does this of necessity mean that the 
> > developers intended that it should become part of a nationally-mandated 
> > open avenue to spying on anyone who uses it?
> > 
> If you see a guy skulking in a dark alley with a gun, a knife, and a
> large club, do you debate whether he is of necessity about to use them?
> --
> Jim Dixon

Jim puts it rather more bluntly than I am comfortable with, but his
point is a good one.

Many of us style ourselves as free-market libertarians, so what
features a company puts into its products is not for us to interfere
with, in most cases.

But we are entering a new era, an era in which products are not just
developed and then dumped on the market for customers to either buy or
not but, but instead in which products are developed over many years,
with many inputs from customers, other companies, and even from
government agencies.

Analogies from Orwell are often dangerous, but this is one that may
apply. If a security camera company sells a 'baby monitor,' as many
companies do, there is no real threat, and no real worry.

Suppose that company works with government agencies, export
departments, and the police forces of various nations to develop a
tamper-resistant camera system that can be used to "voluntarily
escrow" the captured images. The advocates for the "voluntary" escrow
features, with transmission to a central facility, point out that some
people want their houses monitored while they're on vacation, that
some companies want remote monitoring, etc.

Is this something libertarians would want to interfere with?

A tough call, depending on the pressures put on the company by
government(s).

Pressures could mount to make the voluntary escrow not quite so
voluntary. Perhaps to protect children against abuse, to catch
pedophiles and sodomites, to detect pot-growing druggies, and to
monitor bomb-planting Muslims.

(I don't think such an Orwellian scheme would ever fly. I'm picking
this parallel to key escrow to make the points in an obvious way, to
explain how even free-market libertarians would oppose such gizmos.)

But surely we would be right in pointing out the possible misuses, the
ethical issues of some governments making the surveillance mandatory,
and the need for design features which prevent such a use?

If Microsoft or any other companies have already colluded with the
national security establishments of the U.S. or other countries to
limit strong crypto except where software key escrow is used, then
attacks on these companies are justified. By "attacks" I mean verbal
condemnation, boycotts, ostracism, workarounds to bypass the installed
systems, and other measures. I'm not saying that Microsoft has already
colluded, or that they plan to. As I've expressed here, there are
certainly signs that SKE is well-known to at least some folks within
Microsoft, which is in itself an interesting and perhaps telling fact.
The upcoming conference on international key escrow, and the talk
about export issues, suggests a deal may be in the works.

In short, I don't think we have to wait until a "completely voluntary"
(in the U.S., probably not in lots of other countries) software key
escrow system is deployed and ready to have a switch thrown to make
it mandatory before we begin to act.

I am not one of those libertarians who sophistically argues that
aggression has not occurred until the bullet is actually passing
through one's brain.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mpd at netcom.com  Sun Jul 31 13:30:16 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 13:30:16 PDT
Subject: Children and the Net
In-Reply-To: <199407311826.LAA24798@netcom10.netcom.com>
Message-ID: <199407312030.NAA29526@netcom2.netcom.com>


Timothy C. May, speaking for parents everywhere, writes:

 > This won't cut it. No outsiders can interfere with how I
 > raise my children, in terms of the views I expose them to.
 > ("Public schooling" is not the issue, as children can be
 > sent to Xtian, Buddhist, Adventist, or whatever
 > schools,...so long as minimal standards are met. There is no
 > requirement for ideological or memetic balance.)

 > I reject the notion that the state needs to intervene in
 > families in order to make sure that balanced and
 > appropriate views are provided.

This notion that the state is not permitted to interfere in the
workings of the family unit can work both ways.  It can also
suggest that no outsiders can intefere in the way you treat your
wife, or when your children get large and muscular, how they
might decide to "raise" you.  Too bad when they decide that
paying the nursing home to pamper ol' Grandpa Tim is dipping too
deeply into the family vacation budget.

Social Darwinism carried to its logical extreme is not a pretty
sight, even for one fond of viewing the misfortune of others as
"evolution in action."

 > Practically, any system such as Mike proposes above would
 > fail. Parents have control over the reading material of
 > children. Ditto for television, movies, etc.

Parents have control in the home.  Children have access in lots
of other places, like libraries, which have historically resisted
any attempt to censor any but the most egregious reading material
based solely on the age of their clients.

 > We saw this idea that "parents cannot force their children
 > ..." reach its fruition in the Branch Davidian case, where
 > the BATF had to burn the children in order to save the
 > children.

Had it not been for the fact that having children covered with
scars, welts, and bruises is not considered child abuse in the
state of Texas, all the children would have been removed from the
compound prior to the raid, and only the adults would have been
toasted.

Family interference cuts both ways.

Besides, if kids were twice the size of adults and had six inch
fangs, you wouldn't hear any of this "can't interfere in the
family nonsense." Parents would demand 24 hour in-home protection
from the state and raise taxes to pay for it.  Most such rhetoric
is just an excuse for parents to impose their will on people who
cannot yet defend themselves.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From zoo at armadillo.com  Sun Jul 31 13:55:22 1994
From: zoo at armadillo.com (david d `zoo' zuhn)
Date: Sun, 31 Jul 94 13:55:22 PDT
Subject: Children and the Net
In-Reply-To: <199407312008.NAA27760@netcom2.netcom.com>
Message-ID: <199407312043.PAA24725@monad.armadillo.com>


I don't disagree with you on the effects of this sort of thing on
children. What I don't like, in any form, is a blanket statement like
"children need protection from".....  Or at least in any context where this
protection is mandated.  I see the shift from "children need protection
from violent images" (and all that entails) to "the people need protection
from terrorism" (and that *that* entails).  Yes, there is a real concern in
both of these cases.  But the actions taken as "protection" tend to be as
commensurate as using a sledgehammer to swat flies.

If we have mandated "protection", who is to do the mandating?  The national
government?  No, thank you.  They've got too much power as it is.
Community standards?  Hmm.  Better, but that concept has just recently
taken a broadside hit, at least where the net is concerned.  It'll be
interesting how the Supremes deal with Virtual Communities.






From doug at OpenMind.com  Sun Jul 31 13:55:28 1994
From: doug at OpenMind.com (Doug Cutrell)
Date: Sun, 31 Jul 94 13:55:28 PDT
Subject: Children and Cypherpunks
Message-ID: <aa61c44b0002102334a9@[198.232.141.2]>


-----BEGIN PGP SIGNED MESSAGE-----

Tim May writes:
>This won't cut it. No outsiders can interfere with how I raise my
>children, in terms of the views I expose them to...
>...I'm getting involved here in this political discussion because some
>Cyherpunks think it's OK to forcibly butt into how others raise their
>children, that this is somehow consistent with a Cypherpunk attitude
>about information and liberty. It's not.

I think the issue is far from clear.  While I agree that the liberty of
parents must of course be protected, I believe that the liberty of
children is an equally important issue.  While I can understand the strong
historical, social, and even biological roots of the desire to maintain
absolute control over one's children, I believe that children do have
inalienable rights as unique and individual persons.

How are we to clearly distinguish between the parent who confines his
child to an attic room 24 hours a day from the parent who puts up similar
informational walls that block his access to knowledge of the world?

Granted, at its extreme, this idea flies in the face of almost all
previous human history.  Nonetheless, the information era brings with it
never before encountered possibilities for new relationships between
children and society at large. Hence, the attitude of child "ownership" by
parents may call for serious re-examination.

I would predict that the rights of pre-adults will become one of the most
important civil rights issues of the next century.

Doug
___________________________________________________________________
Doug Cutrell                    General Partner
doug at OpenMind.com               Open Mind, Santa Cruz
===================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLjwc74ocgYlDu3UBAQEUjgP/fT8Ww6SK0bHVnh2Qm9p57nEn4ZZ4kHH9
sHBs3Q41tHb5ta7N1NRFeHO2KPQCFxpuxPvEW7XRWyZ11hzEgZVMDUv/yIpvIJoQ
G6dijp7MRDaoQ/4bEVHW8XxdRJro1GptgRaW18v68z0rBja/nuLfaq7FybQThY1p
ndmqgQpwvJ4=
=m7t0
-----END PGP SIGNATURE-----

___________________________________________________________________
Doug Cutrell                    General Partner
doug at OpenMind.com               Open Mind, Santa Cruz
===================================================================







From jamesd at netcom.com  Sun Jul 31 13:55:44 1994
From: jamesd at netcom.com (James A. Donald)
Date: Sun, 31 Jul 94 13:55:44 PDT
Subject: Children and the Net
In-Reply-To: <199407311720.KAA03972@netcom14.netcom.com>
Message-ID: <199407312055.NAA01717@netcom12.netcom.com>


Perry E. Metzger <perry at imsi.com> writes:
>  > A society that forceably prevents fundamentalists from
>  > brainwashing their children also has the right tools to
>  > keep me from explaining to my children why government is
>  > evil and why there is no god.

Mike Duvos writes
> The cure for brainwashing is ... 
> to make sure the intended victim is exposed to a wide variety of
> other viewpoints.  We can cure the children of Fundamentalists
> by ....

Much though it pains me to acknowledge that Perry is ever right
about anything:

If I find that the children of fundamentalists are being "cured"
I will move my ammo stash from my garage to hole in the hills,
and take my gold out of the safety deposit box, and add booby
traps to my alarm system.

It is completely impossible for a private person to insulate
his children from opposing views.  Only the state has that
kind of power.

Unlike Mike, I have actually raised children.  Once every
few months I make them sit still for about thirty seconds
and utter a few Words of Profound Wisdom in their general
direction.

Surprisingly this has proved startlingly effective.  The
infrequent comments from their father have proved vastly
more influential than the steady propaganda they receive
from their compulsory government miseducation.  

> Very young children need to be protected from graphically violent
> material which they might find disturbing.

By who?

I gather you do not entirely trust parents to perform this
important social activity.

> It's the wishes of the children that tend to be overlooked when
> the Funny Mentalists are having their legislative orgy.

Who is more likely to care about the welfare of a kid?

A fundamentalist who happens to be the kids father, or 
bureaucrat in charge of child welfare?


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From tcmay at netcom.com  Sun Jul 31 13:58:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 13:58:37 PDT
Subject: Children and the Net
In-Reply-To: <199407312030.NAA29526@netcom2.netcom.com>
Message-ID: <199407312058.NAA05451@netcom10.netcom.com>


Mike Duvos, speaking for cretins everywhere, writes:
> Timothy C. May, speaking for parents everywhere, writes:

Please, Mike, let's not resort to winning arguments with comments such
as yours above. I think I was reasonably polite in my response to you,
even foregoing my intended spoof (along the lines of Christian
Fundamentalists demanding the right to speak to the children of
Heathens and Jews, a point consistent with your point that parents
have no right to stop such sources of outside information).

> might decide to "raise" you.  Too bad when they decide that
> paying the nursing home to pamper ol' Grandpa Tim is dipping too
> deeply into the family vacation budget.

Most of us have a simple answer to this one: if "Grandpa Tim" is using
"his" money, he can spend it as he wishes. If he's using his son's
money, then his son can cut back on the "pampering." Simple, and
common sensical. Not 'perfect," in that various unhappy situations may
occur, but the best solution, for lots of reasons. I don't want
outsiders interfering in such decisions.

> Social Darwinism carried to its logical extreme is not a pretty
> sight, even for one fond of viewing the misfortune of others as
> "evolution in action."

Personal attacks are not welcome on this list, Mike. Not by me, at
least. If you persist, your comments will get no further answer from
me. (This may sound like Sternlight. Sternlight falters because he
_claims_ to have kill-filed someone, then can't resist responding.)

> Parents have control in the home.  Children have access in lots
> of other places, like libraries, which have historically resisted
> any attempt to censor any but the most egregious reading material
> based solely on the age of their clients.

My children are not allowed to visit public libraries, as I dislike
having them exposed to the collectivist ideas therein. When they have
read all the books in our home, preferably twice, then perhaps I will
allow them to visit a library. I also school them at home. Perfectly
legal.

I'm not sure what Mike proposes to do about this situation. I know
that anybody insisting on access to my children to give them
"alternative views" will not be met kindly.

> Had it not been for the fact that having children covered with
> scars, welts, and bruises is not considered child abuse in the
> state of Texas, all the children would have been removed from the
> compound prior to the raid, and only the adults would have been
> toasted.

It's well-established that David Koresh could have been picked up
easily on any of his trips into Waco or on any of his morning jogs
around the Branch Davidians ranch. A former Sheriff who once served
papers on Koresh has said the same thing: merely walking up and
knocking on the door would almost certainly have worked.

The Waco massacre has been debated many times in many groups, and I
don't intend to get into it here. The connection with crypto exists,
but is a bit of a reach.

The connection of the recent comments by several folks who argue that
Cyherpunks should support forcible reeducation of children, either
pro-Christian or anti-Christian (the comments about "Funny
Mentalists"), is stronger to the themes of this list.

Anyone who supports censorship of one view or another, who supports
forcible intervention in family and group culture, probably will not
care for the inevitable implications of strong cryptography.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From rah at shipwright.com  Sun Jul 31 13:58:39 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 31 Jul 94 13:58:39 PDT
Subject: Crypto Takes a Holiday (NYET, Children, etc.)
Message-ID: <199407312057.QAA19792@zork.tiac.net>


[remove reflective headgear, cough, adjust nomex underwear, blow whistle..]

Good afternoon.

Having just percipitated an accidental thread on rockets, I'm not one to
talk, really. That's never really stopped me before, of course...

However, if someone could tell me a direct relationship between strong
crypto and parental values, control of one's offspring, evangelical
christianity, and other inherent Rights of Mankind(tm), I would greatly
appreciate it...

Cheers,
Bob Hettinga

[check respirator, pull down headgear, resume position behind corrigated
steel barricade]


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From jamesd at netcom.com  Sun Jul 31 14:05:18 1994
From: jamesd at netcom.com (James A. Donald)
Date: Sun, 31 Jul 94 14:05:18 PDT
Subject: Children and the Net
In-Reply-To: <199407312008.NAA27760@netcom2.netcom.com>
Message-ID: <199407312105.OAA02486@netcom12.netcom.com>


Mike Duvos writes
> Young kids have the same feelings looking at realistic
> depictions of violence in movies that they would have looking at
> the real thing.  This is true even if they intellectually grasp
> that what they are viewing never really happened.  Many movies we
> wouldn't think twice about can cause children intense emotional
> pain.

I will decide what movies my kids see thank you very much.

I took Jim to see his little brother being born, and I
took them both to see "Total Recall"

Are you going to call the cops and charge me with child abuse?

> effect of all this is that a parent can take a 6 year old to
> "Texas Chainsaw Massacre" and put him in therapy for the rest of

My children are doing just fine.  Screw you!


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From jim at bilbo.suite.com  Sun Jul 31 14:16:42 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Sun, 31 Jul 94 14:16:42 PDT
Subject: Children of the Net
Message-ID: <9407312115.AA24585@bilbo.suite.com>




Did you here about the new Steven King novel?  It called "Children of the  
Net".  It about a group of children who stumble upon an obscure mailing  
list and come under the influence of the evil sysop.  Lots of gore and  
suspense as parents try to regain control of their childrens' minds.  I  
won't reveal how it ends, but it involves a lot of nifty government  
technology.

:-)

Jim_Miller at suite.com





From jim at bilbo.suite.com  Sun Jul 31 14:28:12 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Sun, 31 Jul 94 14:28:12 PDT
Subject: The Terrorists are coming!  The Terrorists are coming!
Message-ID: <9407312127.AA24733@bilbo.suite.com>



Today's broadcast of "The McClaughlin(sp?) Group" had a short segment  
discussing the likelihood that terrorists will get and detonate a nuclear  
device.  The opinions of the five journalists varied from "not likely" to  
"almost certain".  At the end of the show, when the journalists are asked  
to make their predictions, one of them said that due to the terrorist  
threat, the US needs a larger and more powerful intelligence capability  
that ever before.

wonderful

Jim_Miller at suite.com





From tcmay at netcom.com  Sun Jul 31 14:34:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 14:34:30 PDT
Subject: Censoring the Net
Message-ID: <199407312134.OAA07692@netcom10.netcom.com>


Cypherpunks,

I was initially dismissive of the various calls by members of this
List to censor the Net in various ways:

- to protect children
- to stop illegal posts
- and even to better ensure that children get exposed to alternative
views.

(As a Adept of Cthulhu, I certainly feel it is my right to demand
"fair access" to the children of Xtians and other such ilk. By not
being given a chance of accepting Cthulhu into their
hearts--literally--they are being condemned to being consumed as a
light snack by the Elder Ones. This is just not fair to the children.
Denying them access to salvation is a form of child abuse, and must be
stopped. Raids by the BATF against anti-Cthulhu stronghold would be a
good start....Cthulhu _likes_ the smell of burning children!)

Anyway, the chorus of arguments for censorship here echoes the
discussion going on on the Net as a whole. Very disturbing that so
many Cypherpunks are being drawn in by these specious arguments.

What version of our list have they been reading? 

Centralized control of the Net is neither advisable nor possible. 

"Not advisable" becuase then we'd have every special memetic interest
group in the world lobbying for sanctions against their rivals, for
more support for their particular views, and we'd have cops busting
down doors.

"Not possible" because the Net in its current form is world-wide in
scope, with the U.S. only being currently the de facto nexus of
activity. This will not be the case in 10 years, perhaps even in 5
years.

For U.S. laws to control the Net is foolishly impractical.

And strong crypto makes all this moot, eventually. Data havens, full
pseudonymous remailers (two generations beyond today's flaky,
student-run experiments), and "fortress crypto" (the bane of law
enforcement) will make attempts to control who reads what moot.

Your ideas, pro- or anti-Christian, pro- or anti-Muslim, will not be
won by regulating the Net. And Cthulhu will have the last laugh.


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mpd at netcom.com  Sun Jul 31 14:50:58 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 14:50:58 PDT
Subject: Children and the Net
In-Reply-To: <199407312105.OAA02486@netcom12.netcom.com>
Message-ID: <199407312151.OAA26107@netcom14.netcom.com>


James A. Donald writes:

> I took Jim to see his little brother being born, and I
> took them both to see "Total Recall"

Did he enjoy the part where Arnold shoved the metal rod up the
guy's nostril and out the top of his head?  Will you be upset
if they try this at home?

> Are you going to call the cops and charge me with child abuse?

Probably not.  Is there anything you wouldn't expose a pre-teen 
to, just out of curiosity?  Japanese soldiers bayonetting babies?
Hardcore S&M gay porno?  Roseanne naked?

>> effect of all this is that a parent can take a 6 year old to
>> "Texas Chainsaw Massacre" and put him in therapy for the rest of

> My children are doing just fine.  Screw you!

Why am I getting the feeling that there are no limits at all here?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From tcmay at netcom.com  Sun Jul 31 15:17:01 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 15:17:01 PDT
Subject: Crypto Takes a Holiday (NYET, Children, etc.)
In-Reply-To: <199407312057.QAA19792@zork.tiac.net>
Message-ID: <199407312216.PAA14931@netcom6.netcom.com>


> 
> [remove reflective headgear, cough, adjust nomex underwear, blow whistle..]
> 
> Good afternoon.
> 
> Having just percipitated an accidental thread on rockets, I'm not one to
> talk, really. That's never really stopped me before, of course...

Chill out. This is a quiet day on Cypherpunks, and clearly a lot of
people have views on this. If you'd rather debate whether
multiplicative Abelian subgroups contain inverses which can be used
for crypto purposes, go ahead.

> However, if someone could tell me a direct relationship between strong
> crypto and parental values, control of one's offspring, evangelical
> christianity, and other inherent Rights of Mankind(tm), I would greatly
> appreciate it...

The connection, tenuous (but no more tenuous that a hundred other
threads these past two years), is that of source-level or
receiver-level blocking is central to many of the proposals here and
in general:

* Centralized control: Source-level blocking. "We must protect the
innocents from X" (Where X is, variously: pro-Christian material,
anti-Christian material, pro/con Muslim, Mormon, Jewish, etc.
material, violent images, Barney images, sex, anti-sex, etc.).

* Decentralized, market control: Receiver-level blocking. "I'll decide
what I want to see." Local filter agents, local control. (This
includes voluntary services like Prodigy, provided an alternative
exists.)

Strong crypto makes the second view impossible to stop.

Is this enough of a connection?

Or should we declare this debate illegal and go back to asking what
the best way to generate random numbers is?

(I'm not dissin' the random number people...we've just seen that
debate too many times, with too little advance progress by people who
refuse to check out the Blum-Blum-Shub papers and whatnot.)

I doubt I can convince Nathan Zooks that his idea for a world-wide
police state to ensure that children are not exposed to anti-Christian
material is a lousy idea, or that I can convince Mike Duvos that his idea
of mandating access to Nathan's "Funny Mentalist" children so as to
de-program them is an equally lousy idea, but I sure do hope I can
convince most of you that central control just doesn't work.

Let the ideas compete, but don't argue for a Net that is what the
Unites States was ostensibly organized to avoid.

It ain't perfect, and neither will crypto-anarchy be perfect, but it
beats having cops come to my door.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From rjc at access.digex.net  Sun Jul 31 15:50:02 1994
From: rjc at access.digex.net (Ray)
Date: Sun, 31 Jul 94 15:50:02 PDT
Subject: Announcing: The Censorship Escrow System (CES)
Message-ID: <199407312249.AA17767@access3.digex.net>



   The Censorship Escrow System is a new service being provided
by The People for a Better Tommorow and SAVE OUR CHILDREN. CES's goals
are:

o to provide children with a sanitized world view
o to prepare our children as proper citizens for their government
o to prevent children from developing sexual/political deviancy
o to preclude dangerous independent thinking
o to parent the child in absense of proper parental guidance

The CES concept is simple. CES will archive all of your children's
books, tv, and educational products. We will also record and archive
all of your child's telephone conversations. If you suspect that
your child is being exposed to Dangerous Ideas, you will provide
us with a key to unlock our archives for your child. We will then review
all of the materials for offending ideas, and then recommend a plan of
action. For a small fee, you will be eligible for the CCES, or
Complete Censorship Escrow System. Unlike CES's retroactive 
censorship, CCES will monitor all of the information your child is
to be presented with, and Escrow offending material until a later day
when your child is indoctrinated enough to resist the material. 
At that time (usually age 16-18), you may give your child a key
which he may present to us. The key will unlock all of the material
he was prevented from viewing.

  
Coming Soon: Internet Censorship Escrow System
Features:

o archiving of all newsgroups and mailing lists for escrow
o authentication of age to prevent your child from gaining access
	to the active groups
o smart information filtering of K-12 newsgroups to remove/escrow material
   relating to sex, rebellion, etc.
o establishes an Internet Parent Overseer Board which when chaired by
a group of fine upstanding citizens from the community, has the power
to veto creation of public newsgroups which could be offensive to
children.


CES: Protecting your children for a Better Tommorow!

>From the people who brought you the Gun Ownership Escrow System (GOES),
Healthcare Escrow System (HES), and Hate Speech Escrow System (HSES). 


-The People for a Better Tommorow

side note: CES is available now for beta testing. The internal
company name for the project is Tipper. We expect to have an
electronic expert system version of our system called the Tipper Chip
available soon for implantation into VCRs, Home Video Game Systems,
and Computers.


-TPfaBT






From tcmay at netcom.com  Sun Jul 31 15:53:02 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 15:53:02 PDT
Subject: Children and the Net
In-Reply-To: <199407312151.OAA26107@netcom14.netcom.com>
Message-ID: <199407312253.PAA23639@netcom9.netcom.com>


Mile Duvos writes:

> 
> Why am I getting the feeling that there are no limits at all here?
> 

Not "no limits," _different limits_.

And since we all have different limits for what we want our children
to see, we want to make the choices ourselves.

(Ironically, James Donald's point about having his son see a live
birth is fairly _tame_ in some circles. Here in Santa Cruz, classes of
4th and 5th graders are routinely visited by midwives (or midpersons,
I guess) who show them all sorts of things. It's politically correct
to show the kids these sorts of things.)

(Visiting one friend, his daughter pointed out a large metal bowl
containing the afterbirth (of a recent birth). I was not
impressed. I'll leave it to you to guess what they were doing with it
at home. Should we _raid_ this house? Or should we _mandate_ this
behavior? Should pagans and lesbian witches visit publically-mandated
classrooms so as to de-program children of their patriarchal,
Xtian-centered, homophobic tendencies?)

[An answer to this rhetorical question: There's no more reason to
centralize and assign schools than there is to centralize and assign
food stores. Elminate public funding for education--or go to a voucher
system if you must--and let the various schools and their diverse
approaches compete for the dollars of the parents. Simple.]

This diversity is why it's so important that we not let governments,
or even local "communities" dictate what we can see, what we can let
our children see, or tell us what we _make_ our children see.

A pretty basic idea, I'd say.


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mpd at netcom.com  Sun Jul 31 16:14:51 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 16:14:51 PDT
Subject: Children and the Net
In-Reply-To: <199407312253.PAA23639@netcom9.netcom.com>
Message-ID: <199407312314.QAA16264@netcom4.netcom.com>


Timothy C. May writes:

 > Mike Duvos, speaking for cretins everywhere, writes:
 >> Timothy C. May, speaking for parents everywhere, writes:

 > Please, Mike, let's not resort to winning arguments with
 > comments such as yours above.

I'm not sure why suggesting that many parents would agree with
the views recently expressed by you about controlling their
childrens' access to the media is a comment you take offense at,
what it has to do with "winning" one way or another, or why you
would characterize those having an opposing point of view as
cretins.

 > I think I was reasonably polite in my response to you, even
 > foregoing my intended spoof (along the lines of Christian
 > Fundamentalists demanding the right to speak to the children
 > of Heathens and Jews, a point consistent with your point
 > that parents have no right to stop such sources of outside
 > information).

I wouldn't really have a problem with children hearing the views
of Christian Fundamentalists, as long as participation wasn't
obligatory, and it wasn't a state-sponsored event.  If the
children were teens, I would feel quite uncomfortable with the
notion of parents having the power to deny them access to such
information.

 >> Social Darwinism carried to its logical extreme is not a pretty
 >> sight, even for one fond of viewing the misfortune of others as
 >> "evolution in action."

 > Personal attacks are not welcome on this list, Mike. Not by
 > me, at least. If you persist, your comments will get no
 > further answer from me.

No personal attack intended.  I am a strong supporter of
egalitarian societies with strong social safety nets, and think
that youth emancipation will likely be the next big civil rights
movement in this country.  I am also willing to pay high taxes in
order to feel secure that all citizen-units are suitably housed,
well-fed, and taken care of.  This is entirely self-serving on my
part, since it cuts down on social unrest and street crime.

 > My children are not allowed to visit public libraries, as I
 > dislike having them exposed to the collectivist ideas
 > therein. When they have read all the books in our home,
 > preferably twice, then perhaps I will allow them to visit a
 > library. I also school them at home. Perfectly legal.

I spent a large part of my childhood in university libraries and
learned a lot more from the books they contained than I ever got
out of the decaying public school system.  I'm sure I would have
been outraged if anyone had ever suggested that such information
be forbidden me solely because of my age, or the wishes of my
parents.

I can only hope that the preceeding was another one of your witty
parodies.  I've never met a parent before who would forbid their
children access to a library.

 > Anyone who supports censorship of one view or another, who
 > supports forcible intervention in family and group culture,
 > probably will not care for the inevitable implications of
 > strong cryptography.

Au contraire.  I view strong crypto as a liberating influence on
everyone who is a member of the aforementioned families or
groups. strong crypto = absolute personal privacy.

I think the transition to an information-based economy will
result in a fundamental reorganization of who wields power in our
society.  In the future, all information will be available to
everyone and a 30 year old might have no advantage over a 12 year
old in his ability to create wealth.  This is certain to effect
major alterations to the power balance within families.

In times in the historical past, young people began closely
associating with adults at a young age and were able to function
as adults by the time they reached their early teens.  As society
became more complex, and a lengthy education was required to do
anything useful, childhood was extended and children were
disempowered in order to better serve the ever-growing and
all-powerful educational cabal.

This process has now peaked, and our society is filled with 35
year old college educated children who can't afford to move out
of their parents homes.  A reversal is iminent, aided by the
explosive growth of personal information technology, and public
education as we know it is heaving its last dying gasp.

All positive signs, IMHO.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From jya at pipeline.com  Sun Jul 31 16:31:41 1994
From: jya at pipeline.com (John Young)
Date: Sun, 31 Jul 94 16:31:41 PDT
Subject: Crypto Takes a Holiday (NYET, Children, etc.)
Message-ID: <199407312331.TAA24687@pipe1.pipeline.com>



Responding to msg by tcmay at netcom.com (Timothy C. May) on Sun, 
31 Jul  3:16 PM

>Let the ideas compete


That is the best protection for all us children.

John





From paul at hawksbill.sprintmrn.com  Sun Jul 31 16:36:08 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Sun, 31 Jul 94 16:36:08 PDT
Subject: Children and the Net
In-Reply-To: <199407312253.PAA23639@netcom9.netcom.com>
Message-ID: <9408010038.AA20359@hawksbill.sprintmrn.com>



Tim May <tcmay at netcom.com> writes - 

> 
> This diversity is why it's so important that we not let governments,
> or even local "communities" dictate what we can see, what we can let
> our children see, or tell us what we _make_ our children see.
> 
> A pretty basic idea, I'd say.
>

The _most_ basic, I'd venture to say, upon which the ideals of
a democracy are founded. I think you've summed it up quite nicely, Tim.

- paul

 




From perry at imsi.com  Sun Jul 31 16:49:48 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 31 Jul 94 16:49:48 PDT
Subject: Children and the Net
In-Reply-To: <199407311927.UAA24348@an-teallach.com>
Message-ID: <9407312349.AA06715@snark.imsi.com>



Graham Toal says:
> 	structure on the net. I merely ALSO disagree with the flood of
> 	opinions that seem to say that he doesn't have the right to raise his
> 	children as he sees fit. If he wants to only let them see sanitized
> 
> Could you point one of this flood out then?  I didn't see any like that.
> I've no interest in interfering with how he raises his children.

You were merely extremely insulting. Others have suggested that he has
no right to raise his children as he sees fit.

Frankly, I find both disturbing. I spent most of last week working
cooperatively and productively with a member of the Clipper review
panel (you remember those folks) on internet security issues. He and I
may or may not have certain intense disagreements, but we put them
aside to accomplish various necessary tasks. (Several other fairly
radical members of this mailing list were members of the same working
group, by the way, and also managed to put things aside.) I find
Dorothy Denning, another member of that panel, to have views I rather
intensely dislike -- and I must admit to having stupidly resorted to
name calling in one posting I made in response to her. However, that
was silly, too -- there is no point in such behavior, and I admit to
having been wrong in doing so.

You do not win friends and influence people with insults. You do not
accomplish anything by throwing spoonfuls of hate at the other party
-- it doesn't convince him or her that you are a rational person.

As for the question of people suggesting that the individual does not
have the right to raise his children as he sees fit, you personally
insulted his religious views, and others insulted them and went so far
as to say that he should not be raising his children according to
them. The line between these two is slim in an argument even if it is
large in one's mind?

I find this trend among cypherpunks, who are SUPPOSED to be defenders
of diversity and freedom, rather odd. I would have expected people to
limit themselves to calmly stating that Mr. Zooks should find another
way to accomplish the goal of raising his children free from
influences he dislikes. Instead they seem to have taken it upon
themselves to decide whether or not his religion or personality
requires realignment, and some have, yes, even gone so far as to
suggest that he doesn't know how to raise his own kids.

Perry






From perry at imsi.com  Sun Jul 31 17:05:32 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 31 Jul 94 17:05:32 PDT
Subject: Children and Cypherpunks
In-Reply-To: <aa61c44b0002102334a9@[198.232.141.2]>
Message-ID: <9408010002.AA06737@snark.imsi.com>



Doug Cutrell says:
> I think the issue is far from clear.  While I agree that the liberty of
> parents must of course be protected, I believe that the liberty of
> children is an equally important issue.  While I can understand the strong
> historical, social, and even biological roots of the desire to maintain
> absolute control over one's children, I believe that children do have
> inalienable rights as unique and individual persons.

That may be so. However, I agree with Tim that I don't think society
is equiped to make decisions on when a child should be taken from
parents simply because they have odd views. Unless a child is being
physically tortured I am not sure that mechanisms can be designed that
will not, for the most part, be abused and used largely to attack
non-conformists, of which I am one.

> How are we to clearly distinguish between the parent who confines his
> child to an attic room 24 hours a day from the parent who puts up similar
> informational walls that block his access to knowledge of the world?

I see no reason to attempt to distinguish the cases. I know parents
that do not provide their children with television sets -- perhaps the
new-fangled crime of "information deprivation" would be used to attack
them. I know of Amish families, and I have no interest in tearing
children away from them, either. Leave people alone, I say.

> Hence, the attitude of child "ownership" by parents may call for
> serious re-examination.

I'm an extremist in this regard -- I believe all children "own"
themselves. Thats not the point. I also don't want the state
monitoring people's child rearing. The child abuse industry is already
far out of proportion. Under some of the proposals mentioned here,
Amish people would be considered criminals. Why? Who have they hurt? I
have no fascination with or desire to aid other people's children. I
want them to leave me alone, and leave my children alone, and anything
that weakens that in the name of "the common good" is going to end up
hurting ME in the end, given that I'm a strong nonconformist.

Perry





From mpd at netcom.com  Sun Jul 31 17:09:22 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 17:09:22 PDT
Subject: Children and the Net
In-Reply-To: <199407312055.NAA01717@netcom12.netcom.com>
Message-ID: <199408010009.RAA23634@netcom8.netcom.com>


James A. Donald writes:

 > If I find that the children of fundamentalists are being
 > "cured" I will move my ammo stash from my garage to hole in
 > the hills, and take my gold out of the safety deposit box,
 > and add booby traps to my alarm system.

Children are "cured" of their parents' ideas all the time. I've
known lots of kids who grew up in restrictive settings where
their access to forbidden ideas was tightly controlled.  After
four years at college away from parental influence, they were
magically transformed into happy free-thinking sensible people.

 > It is completely impossible for a private person to insulate
 > his children from opposing views.  Only the state has that
 > kind of power.

If it's impossible, then why does such outrage manifest itself
when it is suggested that it shouldn't be done?  Something is
fishy here.

 >> Very young children need to be protected from graphically
 >> violent material which they might find disturbing.

 > I gather you do not entirely trust parents to perform this
 > important social activity.

There's always one loony toon who wants to screen all five
volumes of "Faces of Death" for his son's kindergarten class. :)

Teaching kids is sort of like feeding them.  In general, we let
the parents make the day to day decisions.  But we also let
experts research what things are toxic and hold parents
accountable if they insist upon feeding the kid lemon scented
furniture polish.  Both approaches are needed.

>> It's the wishes of the children that tend to be overlooked when
>> the Funny Mentalists are having their legislative orgy.

 > Who is more likely to care about the welfare of a kid?

 > A fundamentalist who happens to be the kids father, or
 > bureaucrat in charge of child welfare?

This is a trick question, right?  Caring counts for zip.  The
road to Hell is paved with good parental intentions.  Suppose the
fundamentalist father wants to beat his six year old son with a
belt everytime he touches himself to save him from Satan's
influence?  A little bureaucratic input from a child welfare
professional might not be a bad idea in such a case.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From mpd at netcom.com  Sun Jul 31 17:11:21 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 17:11:21 PDT
Subject: Children and the Net
In-Reply-To: <Pine.3.89.9407311328.A27517-0100000@goshen.connected.com>
Message-ID: <199407312348.QAA19286@netcom4.netcom.com>


BCL <cypress at connected.com> writes:

 > Raising kids the way you believe is all part of the 1st
 > amendment. When then state starts telling you how to raise
 > them(as it already is in some states) then you have just
 > lost one of your greatest freedoms and rights.

The constitution has no age limit on the basic rights it
guarantees.  It is only by interpretation that these rights have
been transformed into "adult rights", a term just as obnoxious to
many as "white rights" or "men's rights" were when those
interpretations prevailed.

Your right to do whatever you like to your children stops where
their constitutionally protected rights begin.

I'm all in favor of an uncensored Net but I am also in favor of
guaranteed access to that Net for all citizens, including young
ones.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From perry at imsi.com  Sun Jul 31 17:13:49 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Sun, 31 Jul 94 17:13:49 PDT
Subject: Children and the Net
In-Reply-To: <199407312151.OAA26107@netcom14.netcom.com>
Message-ID: <9408010013.AA06752@snark.imsi.com>



Mike Duvos says:
> Why am I getting the feeling that there are no limits at all here?

Why do you have such an unhealthy fascination for how others raise
their children? I have enough trouble running MY own life without
telling people what to do. I know of no one who is such a paragon of
perfection that their views may be used as a benchmark by which all
child rearing may be judged.

I do not yet have children. However, I am absolutely certain that in
half the societies on earth I'd be considered someone dangerous to
children. Why? I'm a political "nutcase". I don't believe in the state
controlled version of the institution of marriage (although I believe
in permanent committed monogamous relationships) and thus refuse for
political reasons to marry. I believe in open access to information
for children and a far more liberal view of the rights of children
than most people have. I suspect that when I become a parent, any law
that could be used to "cure" the children of fundamentalist
christians, Amish, etc, would be applied to mine right off the bat --
after all, I'm a dangerous man.

Live and let live, I say. I don't want others judging my child
rearing, and I have little or no desire to judge theirs. Leave them
be unless their idea of discipline for children involves The Rack or
The Firing Squad.

Perry





From mimir at io.com  Sun Jul 31 17:17:24 1994
From: mimir at io.com (Al Billings)
Date: Sun, 31 Jul 94 17:17:24 PDT
Subject: Children and the Net
In-Reply-To: <199407312030.NAA29526@netcom2.netcom.com>
Message-ID: <Pine.3.89.9407311914.A4510-0100000@pentagon.io.com>


On Sun, 31 Jul 1994, Mike Duvos wrote:

> Had it not been for the fact that having children covered with
> scars, welts, and bruises is not considered child abuse in the
> state of Texas, all the children would have been removed from the
> compound prior to the raid, and only the adults would have been
> toasted.

Puh-leeze! There has been little to no evidence of ANY abuse of the 
Branch Davidian children. The only thing we know is that Koresh liked his 
mates young but that doesn't mean the rest of hte children were abused 
and, of course, Koresh's kink is quite normal in quite a few places. Are 
you forgetting that the BDs were investigated for child abuse and cleared 
earlier?







From hfinney at shell.portal.com  Sun Jul 31 17:22:00 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 31 Jul 94 17:22:00 PDT
Subject: Crypto Takes a Holiday (NYET, Children, etc.)
In-Reply-To: <199407312216.PAA14931@netcom6.netcom.com>
Message-ID: <199408010021.RAA07035@jobe.shell.portal.com>


In fairness to the original proposal, it's worth remembering that his
purpose was not specifically to impose censorship on the net, but rather
to protect BBS operators (and net access providers) from legal liability for
providing pornographic and other questionable material to children.

Granted, his method for doing so did amount to a lot of laws and censor-
ship, and I can't agree with that any more than others here.  But the problem
isn't going to disappear under an onslaught of rhetoric.  As I said, I
can sympathize with concerned parents, and although my personal philosophies
would not support a censorship-based solution, not everyone will feel as

There is a movement afoot to hook schools up to the net, part of the general
"superhighway" initiative.  This is going to raise the public profile of the
adult material on the net and increase pressure for ways to limit the
access of youngsters to it.  One response we can have is to dig in our heels
against any censorship, and say, "don't put your school on the net if you
don't want your kids reading about bestiality."  From my experience, this
would be equivalent to saying "don't put schools on the net."  That will not
be a politically acceptable solution.

I really don't know what the ultimate resolution of this conflict will
be.  IMO, the Internet as it stands today is incompatible with the
conventional mores of much of society.  Either the Internet will be
bowdlerized, or perhaps split into "X-rated" vs "G-rated" sections.
Maybe a completely new internetwork is needed, one with more controls and
limitations.  Then perhaps the current internet could continue to exist
in close to its present form.

I know that some people are optimistic that the Internet will change
society rather than vice versa.  They hope that as more and more people join
the net that they will become tolerant of the much wider range of views and
practices than are common in most people's home towns.  But I don't think it
will come out this way.  Society is a lot bigger than the net, and the
character of the net will inevitably change as the membership changes.

In some ways this is reminiscent of our earlier debates about whether
society would be able to prevent the advent of widespread lawbreaking
due to Tim's conception of "crypto anarchy."  I have always been
skeptical that our software and ideas can really succeed in the face of
strong social opposition.  For similar reasons I think that the net
will be cleansed of pornography if people feel strongly enough about
it.  So I do see a lot of connections to crypto issues in this
debate.

Hal





From mpd at netcom.com  Sun Jul 31 17:33:21 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 17:33:21 PDT
Subject: Children and the Net
In-Reply-To: <9408010013.AA06752@snark.imsi.com>
Message-ID: <199408010033.RAA25547@netcom8.netcom.com>


Perry E. Metzger <perry at imsi.com>

 > Why do you have such an unhealthy fascination for how
 > others raise their children? I have enough trouble running
 > MY own life without telling people what to do.

I merely wish to spare another generation of kids from 18 years
of grief at the hands of self-righteous power-hungry adult
authority figures.  Not exactly an unreasonable goal.

 > I know of no one who is such a paragon of perfection that
 > their views may be used as a benchmark by which all child
 > rearing may be judged.

A generally true, but completely irrelevant statement.

 > I believe in open access to information for children and a
 > far more liberal view of the rights of children than most
 > people have.

 > Live and let live, I say. I don't want others judging my
 > child rearing, and I have little or no desire to judge
 > theirs. Leave them be unless their idea of discipline for
 > hildren involves The Rack or The Firing Squad.

The first paragraph here, although it sounds nice, is completely
obliterated by the second.

It like saying "I'm all in favor of rights for Blacks, but of
course I wouldn't presume to tell anyone else what they can do
with their niggers."

Or "I'm really against anti-Semitism, but I have no desire to
judge anyone elses practices with regard to hiring, housing, club
membership, or whether they would want their sister to marry
one."

Saying you are for childrens' rights on one hand, and then
suggesting that those rights should be completely dependent on
whomever the specific child happens to win in the parent lottery,
is idiotic and useless.

 > I suspect that when I become a parent, any law that could
 > be used to "cure" the children of fundamentalist christians,
 > Amish, etc, would be applied to mine right off the bat --
 > after all, I'm a dangerous man.

We're talking about Net access here.  How would a law which
guaranteed that to all citizens, regardless of age, threaten you?

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From owner-cypherpunks  Sun Jul 31 17:42:28 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Sun, 31 Jul 94 17:42:28 PDT
Subject: No Subject
Message-ID: <9408010042.AA06723@toad.com>







From owner-cypherpunks  Sun Jul 31 17:52:39 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Sun, 31 Jul 94 17:52:39 PDT
Subject: No Subject
Message-ID: <9408010052.AA06988@toad.com>







From owner-cypherpunks  Sun Jul 31 17:58:01 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Sun, 31 Jul 94 17:58:01 PDT
Subject: No Subject
Message-ID: <9408010058.AA07168@toad.com>







From mpd at netcom.com  Sun Jul 31 18:30:11 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 18:30:11 PDT
Subject: Children, the Net, and Dead Modems
Message-ID: <199408010127.SAA29371@netcom13.netcom.com>


My Zoom 14.4k modem just caught on fire.  Therefore, there will
be a sudden interruption of my participation in our friendly
Sunday afternoon flame war on children, the Net, and other
related issues.

I found an 11 year old Hayes Smartmodem in a heap of junk in my
closet.  I think it will do 1200.

This is the second time my Zoom modem has burned up unexpectedly
after being replaced under Warranty, in case anyone is thinking
of buying one.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From mpd at netcom.com  Sun Jul 31 18:40:53 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 31 Jul 94 18:40:53 PDT
Subject: Children and the Net
Message-ID: <199408010140.SAA01590@netcom13.netcom.com>



> On Sun, 31 Jul 1994, Mike Duvos wrote:

> > Had it not been for the fact that having children covered with
> > scars, welts, and bruises is not considered child abuse in the
> > state of Texas, all the children would have been removed from the
> > compound prior to the raid, and only the adults would have been
> > toasted.

> Puh-leeze! There has been little to no evidence of ANY abuse of the 
> Branch Davidian children. The only thing we know is that Koresh liked his 
> mates young but that doesn't mean the rest of hte children were abused 
> and, of course, Koresh's kink is quite normal in quite a few places. Are 
> you forgetting that the BDs were investigated for child abuse and cleared 
> earlier?

These facts were well documented.  Child welfare workers visited the
compound and examined the children.  Signs of previous physical
punishment were noted as well as a room devoted to that purpose and
the appropriate paraphernalia.

A doctor at Baylor University Medical Center was asked later why 
this didn't cause the removal of the children, and said that while
such behavior would certainly be considered abuse in a medical
sense, it did not meet the legal definition of abuse according
to the laws of the State of Texas.

Texas, of course, is the leader on the national corporal punishment
bandwagon and dishes out over 250,000 state-sponsored beatings every
year in its public school system.  So far all efforts to ban the 
practice have been successfully opposed by the teachers union.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From rah at shipwright.com  Sun Jul 31 19:13:14 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 31 Jul 94 19:13:14 PDT
Subject: Crypto Takes a Holiday (NYET, Children, etc.)
Message-ID: <199408010212.WAA22602@zork.tiac.net>



At  3:16 PM 7/31/94 -0700, Timothy C. May wrote:
>>
>> [remove reflective headgear, cough, adjust nomex underwear, blow whistle..]

[...]
>
>Chill out. [...]

Damn. Every time I put on that asbestos suit, Tim brings out the napalm....

>The connection, tenuous (but no more tenuous that a hundred other
>threads these past two years), is that of source-level or
>receiver-level blocking is central to many of the proposals here and
>in general:
>
>* Centralized control: Source-level blocking.

vs.

>* Decentralized, market control: Receiver-level blocking.

>Strong crypto makes the second view impossible to stop.
>
>Is this enough of a connection?

Tim, you just made my point. It makes the whole thread moot, and any
participation in what appears to be a holy war about it for other reasons
(like thrashing someone theologically) is a waste of time.

>I doubt I can convince Nathan Zooks that his idea for a world-wide
>police state to ensure that children are not exposed to anti-Christian
>material is a lousy idea, or that I can convince Mike Duvos that his idea
>of mandating access to Nathan's "Funny Mentalist" children so as to
>de-program them is an equally lousy idea, but I sure do hope I can
>convince most of you that central control just doesn't work.

Just like Tom Paine, you're reducing things to extremes, Tim. Useful when
providing the ideological motivation for a particular political action, but
not helpful in a jihad between people who are allies on any other
significant topic of discussion on this list.

Mr. Zooks can't help but believe what he does because it's a logical
consequence of his deeply-held religion. Mr. Duvos' strong belief in the
evils of Fun-damn-mentalism, while laudible in my *personal* opinion, seems
to prevent him from ignoring an opportunity to thrash anybody with those
beliefs. Neither one of them is as comical as you portray them.

My point is, we shouldn't perpetuate the brawl on the field by clearing the
benches in solidarity with our theological soulmates.

>
>Let the ideas compete, but don't argue for a Net that is what the
>Unites States was ostensibly organized to avoid.

Yes, and I believe there are at least a dozen newsgroups out there where
this kind of ideological warfare can be played out, keeping the s/n ratio
here in better shape.

A slow news day on the list is not a good excuse to keep the bandwidth
allocated with a pissing match about who's religious paradigm is bigger.

Cordially(!),
Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From jamesd at netcom.com  Sun Jul 31 19:27:37 1994
From: jamesd at netcom.com (James A. Donald)
Date: Sun, 31 Jul 94 19:27:37 PDT
Subject: Children and the Net
In-Reply-To: <199407312151.OAA26107@netcom14.netcom.com>
Message-ID: <199408010224.TAA23446@netcom4.netcom.com>


James A. Donald writes:
> > I took Jim to see his little brother being born, and I
> > took them both to see "Total Recall"

Mike Duvos writes
> Did he enjoy the part where Arnold shoved the metal rod up the
> guy's nostril and out the top of his head? 

Yep.  They thought that was really great.

> Will you be upset
> if they try this at home?

At the age of three Jim figured out that death was permanent and
extremely serious. 


> Why am I getting the feeling that there are no limits at all here?

Because we do not like having someone elses limits imposed on us 
at gunpoint.

Lets make a deal.  I will let you deprive your kids of information
concerning sex, death, reproduction, and violent injury etc, provided
you let fundamentalists deprive their kids of information concerning
your religious views.


Fair deal?

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com





From blancw at microsoft.com  Sun Jul 31 19:29:05 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 31 Jul 94 19:29:05 PDT
Subject: Crypto Takes a Backseat (NYET, Children, etc.)
Message-ID: <9408010229.AA19967@netmail2.microsoft.com>


Children, Censorship, Pornography, & Who's Right It Is to Interfere:

I have asked myself at times what I would do about abuse towards a 
child if I were to become personally aware of one, as well as what 
would be the proper resolution to the fact that freedom & liberty means 
exposure to not only the best, but the worst that is possible in humans.

I couldn't accept interfering with a family and their progeny; I 
couldn't advocate setting up a body of overseers to pretend that they 
are the ultimate authority on how to raise the young to become at least 
as perfect as their elders.

I have settled upon the idea of alternatives:
when alternatives are existent, those who need and are searching for 
what these alternatives provide will be able to overcome the attempted 
influences upon their minds & bodies;  if there is a place where 
children could go if they found their life at home abusive or 
unbearable (and they were aware of this place, or these people) then 
they themselves could seek relief & assistance there.  If they were 
restricted or limited in their contacts at home, then they could go to 
wherever else other access to information is available (and don't 
children accomplish this, anyway, usually to the surprise and 
consternation of their parents?).   I think the best solution would be 
to make available the kind of assistance which children themselves 
could take it upon themselves to seek at their discretion, if they 
thought their situation called for it.  What could anyone object, if a 
child was to make their discomfort & unhappiness apparent by seeking 
the help of another who was willing to come to their aid?  This would 
not be interferance, but still satisfy the desires of those who have 
concerns about injustices to the vulnerabilities of kids.

In an open environment where all things are possible, where you never 
know what you're going to get (in that box of chocolates), it would be 
best to have recovery systems in operation where the damage would be 
limited and correction would be possible & easier to achieve.   
Intelligence should make its impression upon the lives of free 
individuals above what the limited concepts and fears of some would 
propose.  This implies open discussion, communication, the ability to 
present a better view of life, better ideas, and wiser alternatives.

Children like to know that their parents care for them, that their 
parents are interested in their physical & mental welfare.   I think 
that they would prefer the guidance of their parents above that of 
strangers, that they would prefer that those whom they admire could 
provide the best counsel to them, and to give their parents the credit 
for having the best judgement on the block.  But if sympathetic 
guidance & open discussion is not a part of their family's atmosphere, 
this leaves the seeking mind to find other sources of knowledge about 
the way the world works, and other sources of seeming authority to fill 
in the vaccuum.

I think that the future is calling for much preparation of the 
intellect towards a greater ability to deal with the abstract while not 
leaving the level of the concrete (not that this isn't always 
important). The technological innovations which are continuously being 
created, improved, advanced require that a person be facile in dealing 
with new & advanced concepts as well.  This also requires that a person 
be able to maintain their contact with the real world and not go off in 
ignorance with an imagination which lacks a knowledge of real processes 
and of how things (life, social systems, income, etc.) are made possible.

The challenge of the new frontier is magnified in the world of ideas & 
information; if the individual (child or adult) is to be free to 
indulge in all the new toys being made available, then they must have a 
way to deal with what s/he will confront there on every level, for 
personal efficacy and for effective self-defense against the things 
which one would/should not choose to tolerate, whatever one's age group.

Blanc
[Enlightening Disclaimer:  These comments are derived from my own 
intellect, not my employer's.]





From tcmay at netcom.com  Sun Jul 31 19:38:50 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 19:38:50 PDT
Subject: Children, the Net, and Dead Modems
In-Reply-To: <199408010127.SAA29371@netcom13.netcom.com>
Message-ID: <199408010238.TAA09824@netcom5.netcom.com>


Mike Duvos flames:

> My Zoom 14.4k modem just caught on fire.  Therefore, there will
> be a sudden interruption of my participation in our friendly
> Sunday afternoon flame war on children, the Net, and other
> related issues.

Come on, Mike, we didn't flame you _that_ much! :-}

(Has anybody heard from Nathan to see if the same thing happened to
him? Perhaps he took it as a sign from above.)

Good luck on gettting back up to at least a tolerable speed. My Supra
14.4 has been running like a charm for more than two years. And
they're a lot cheaper now than then.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From blancw at microsoft.com  Sun Jul 31 19:40:49 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 31 Jul 94 19:40:49 PDT
Subject: FW: No SKE in Daytona and other goodies
Message-ID: <9408010241.AA20077@netmail2.microsoft.com>


From: Jim Dixon

If you see a guy skulking in a dark alley with a gun, a knife, and a
large club, do you debate whether he is of necessity about to use them?
...........................................................................

No, but maybe he wouldn't be planning to use them on *me*.

Maybe he was chasing a burglar or pedophile; maybe he was in danger of 
being abducted by little green men from Mars;  how would *I* know what 
he was doing out there in full armor?

I could watch and wait, with my cam-corder ready in case anything 
really interesting really happened.

Blanc
[Unoffical Job-related Disclaimer:   I confess . . . . . . . that I am 
not yet ready to confess.]





From blancw at microsoft.com  Sun Jul 31 20:28:58 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 31 Jul 94 20:28:58 PDT
Subject: Big Brother's Escrow Systems
Message-ID: <9408010329.AA20402@netmail2.microsoft.com>


From: Timothy C. May

If Microsoft or any other companies have already colluded with the
national security establishments of the U.S. or other countries to
limit strong crypto except where software key escrow is used, then
attacks on these companies are justified.
..........................................................................

My turn:   oh, ppulllleeeeeze!   :>)
(this is a rather popular expression, lately).

This is why I don't think that scenario is possible:

Billg's favorite magazine is The Economist, he's inundated with 
free-market ideology; he's been willing to put up with all kinds of 
"guidance" from the world's regulatory agencies in order to bring the 
tools of software to places like China, where they could certainly use 
the industry for economic development and a few tools for 
communication.   Not that he is the only one doing this, not that he 
isn't profiting by it.  I myself would not be willing to tolerate the 
kinds of controls that software & other companies have to suffer in 
order to bring their products to these markets.  But I can grant that 
it does the customers a benefit for these to have been made available 
to them, even if I know that I myself am revolted to consider the 
regulatory tests which must be passed in order to do this (something 
akin to airport drug check examinations).  Maybe he's trying to save 
the world, I don't know.

Would they have been on the list of those opposing Clipper and the 
export of crypto?  I can't see where the company would contribute to 
the opposition on the one hand and then turn around and collaborate to 
put limits on strong crypto except as allowed by the government.  It's 
a contradiction; I can't imagine that MS would go in that direction of 
accepting such an unsavory idea.

It's absurd to think that MS would wish to offer its software and 
services to people all over the world, making it easier for them to get 
their work done and contribute to opportunities for developers therein 
to make an income, thus "empowering" them - freeing them to some 
extent, while on the other hand helping to put them under unwanted & 
unmanageable surveillance, thus putting them back into another 
miserable situation outside their control.

The culture here is so unlike that concept, so unreserved, that this is 
why I find it difficult to accept that the interests of the 
individual's desire for control over their privacy would be set up for 
compromise - be made difficult to maintain  -  by secret agreements 
between the company's leadership & the MotherShip.

I will belive it when I see it.   And I'll sign it:
	How could I have doubted;
	Timothy C. May was right all along.
	I should have known better.

Blanc
[Gratituous Disclaimer:   There isn't any way my employer could get me 
to say this.]





From greg at ideath.goldenbear.com  Sun Jul 31 21:22:29 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Sun, 31 Jul 94 21:22:29 PDT
Subject: Big Brother's Escrow Systems
Message-ID: <m0qUob3-0005KXC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

Blanc Weber writes:

> It's absurd to think that MS would wish to offer its software and 
> services to people all over the world, making it easier for them to get 
> their work done and contribute to opportunities for developers therein 
> to make an income, thus "empowering" them - freeing them to some 
> extent, while on the other hand helping to put them under unwanted & 
> unmanageable surveillance, thus putting them back into another 
> miserable situation outside their control.

Humm. Do Microsoft shareholders know that the company is being run
in order to empower folks, as oppposed to making money? I must confess
that I was (until now) unaware of that.


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLjxzwH3YhjZY3fMNAQGgXwP+KWm7FZqgmrkMgjSAaxRLPHm6KeTYAdMC
iQuvFn1wwWXOWtF5JcCg9r4GHPwuODF3u59JakqHu2zxm7kPxuM13S3eB7PSPKj4
ro6O4nhQyDfW+vyHe6+o+2HHoaVzKceAk/v4eyRecTeubLzzlQV8ZRYVkGdaYjD7
mjSNclowTkA=
=UyEG
-----END PGP SIGNATURE-----




From schneier at chinet.chinet.com  Sun Jul 31 21:50:23 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Sun, 31 Jul 94 21:50:23 PDT
Subject: Philadelphia Enquirer Story on Clipper
Message-ID: <m0qUosJ-0002EdC@chinet>





                             PHILADELPHIA INQUIRER
                  Copyright Philadelphia Newspapers Inc. 1994

 DATE: SATURDAY  July 23, 1994
 PAGE: A01                                         EDITION: FINAL
 SECTION: NATIONAL                                 LENGTH: LONG
 GRAPHICS: PHOTO AND DIAGRAM
 SOURCE: By Michael L. Rozansky, INQUIRER STAFF WRITER

                PHONE-SCRAMBLING CHIP STIRS A DEBATE ON*PRIVACY*
                 U.S. IS PROMOTING A CODE SYSTEM IT CAN CRACK.

    The FBI, CIA and National Security Agency say that advances in technology 
are making it impossible to wiretap and decode the phone calls and computer 
communications of terrorists and criminals.
    So they came up with this solution:
    This little square of silicon sealed in black plastic is called the 
Clipper chip that Uncle Sam wants businesses and individuals interested in 
keeping their telecommunications confidential to buy. It scrambles 
conversations so that no one who eavesdrops on a call can understand them.
    No one, that is, except the U.S. government.
    That's because the government's concept was to keep a copy of the 
electronic key to each Clipper chip that, with a court order, would allow it 
to unscramble calls and listen in.
    All this has provoked what one White House official has dubbed the ''the 
Bosnia of telecommunications policy.''
    The first great civil-liberties battle of the '90s is here, and it's 
being fought over*privacy*in cyberspace.
    This week the Clinton administration took the first step toward clipping 
the Clipper. Vice President Gore wrote to a congressional critic that the 
administration would consider alternatives. Indeed, it wanted to explore 
industry alternatives, he said.
    But there are no signs that the government is altering its fundamental 
drive to make sure that changes in technology and advances in encryption do 
not make it impossible for the government to tap into telephone conversations 
and data communications.
    Some critics hailed Gore's letter as a major victory, others said it was 
less than it seemed.
    ''They are not withdrawing Clipper, they are not relaxing export 
controls, it doesn't change anything,'' said Dave Banisar, a policy analyst 
at the nonprofit Electronic*Privacy*Information Center in Washington.
    The government says the Clipper chip lets people and businesses protect 
their*privacy,*while giving police and spy agencies the ability to wiretap, 
with a court order, to catch terrorists, drug dealers and mobsters.
    Opponents say it's part of a broad government assault on*privacy.*
    ''Clipper is the tip of the iceberg,'' says Banisar. ''It's part of a big 
push by law enforcement to have their fingers in a lot of pies.''
    In addition to Clipper, Uncle Sam has come up with Capstone, a system 
similar to Clipper, for high-speed computer communications. The government 
also wants the telephone industry to spend what may be billions of dollars 
reworking its system to make it easier for the government to tap 
conversations.
    These and other plans have aroused the fury of an unlikely coalition of 
civil-liberties advocates and high-tech industry groups, which say those 
plans are unworkable, unnecessary and harmful to business.
    IBM and the International Chamber of Commerce oppose Clipper. So do the 
Cypherpunks, a band of cryptography buffs, computer hackers and programmers 
concerned with*privacy.*An anti-Clipper petition circulated on the Internet 
gathered 47,000 electronic signatures.
    The government was so intent on promoting Clipper that it eased rules 
covering its export while continuing to ban the export of competing systems 
capable of creating encryption that is almost unbreakable, known as ''strong 
encoding'' systems. Some strong encoding systems, which are classified as 
''munitions,'' can be obtained free on the Internet.
    One result is that U.S. companies are losing business to foreign 
competitors that make the same type of encryption systems the United States 
refuses to export, said Douglas Miller, government-affairs manager for the 
Software Publishers Association. He said 340 foreign crytographic systems 
were available in 31 countries.
    But issues of liberty versus government prying are what dominate the 
debate.
    ''If the government succeeds in this effort, the resulting blow to 
freedom and*privacy*could be immeasurable,'' Jerry Berman, executive director 
of the Electronic Frontier Foundation of Washington, the leading cyberspace 
civil- liberties organization, wrote in an electronic memo posted on Internet 
bulletin boards.
   *''Privacy*is necessary for democracy and liberty,'' said cryptographer 
Bruce Schneier, author of Applied Cryptography. ''You can't have a real 
democracy if you're required to tell the government all your secrets.''
    He and other critics say the Clipper plan is ripe for mistakes or 
government abuse that will compromise*privacy.*
    Law-enforcement officials counter that the Clipper and the related 
proposal, the Capstone chip, do not give them any greater right to wiretap 
than they have now.
    They frame the debate in different terms, saying that the key issue is 
what happens if the government cannot break the encryption used by major 
criminals.
    ''There's a potential for dire consequences, absolutely,'' said Jim 
Kallstrom, FBI special agent in charge of New York's electronic surveillance 
unit. ''If you're working on a kidnapping case, it's no good to get the 
criminal information a week later.''
    He adds: ''Are we going to have a cop on the (information) superhighway, 
or are we going to create a sanctuary for criminals?''
    Government officials say using Clipper - and its Capstone sister chip - 
is voluntary.
    ''There's nothing to say people can't ignore the government endorsement 
and use proprietary products,'' said F. Lynn McNulty, associate director for 
computer security at the National Institute for Standards and Technology, 
which developed the system.
    In practice, critics say, the government is not so neutral. Companies 
that have contracts to do sensitive work for the government, for example, may 
be required to use Clipper encryption. And the government is buying Clipper 
chips - the FBI alone has ordered 9,000 - which creates a market for Clipper 
and encourages more purchases. And the ban on exports of competing strong 
encoding systems also favors Clipper, the critics assert.
                                       *
    The Clipper chip was born largely out of fear - fear that the three-
letter police and spy agencies would lose their ability to wiretap.
    By the late '80s, the U.S. government worried that its old standard form 
of encoding, called the Data Encryption Standard, was getting easier to crack 
by newer, more powerful computers. Work began on a new standard form of 
encoding.
    While that was underway, in 1991, AT&T Corp. told the government it was 
going to come out with a mass-market voice-scrambling box: the $1,195 Surity 
3600.
    Until then, very strong encryption was generally used for data, not voice 
communications, said the FBI's Kallstrom. For example, banks use encryption 
to electronically transfer billions of dollars. But most scrambling systems 
for phone calls degraded sound quality so badly they were rarely used, he 
said.
    ''For the first time, there was something available that . . . was small, 
compact, inexpensive,'' and, ''for all practical purposes to law enforcement, 
was virtually unbreakable,'' Kallstrom said. ''That changed the balance of 
power.''
    The government's response was Clipper. In April of 1993, the government 
introduced a secret mathematical scrambling system, the Skipjack algorithm, 
which was encased in a computer chip to prevent tampering. It was supposed to 
be 16 million times tougher to crack  than the previously endorsed system.
    When the government asked for comment, 320 people responded. Only two 
wrote in support. Despite that, the Clipper plan was endorsed by the White 
House and became government policy in February.
    The government persuaded AT&T to use the Clipper system in its Surity box.
    AT&T, meanwhile, also sells two other versions of the box using its own 
proprietary encoding systems.
                                       *
    To limit government access to scrambled messages to occasions when a 
court authorizes a wiretap, Clipper uses a type of encryption called a ''key 
escrow'' system. When each Clipper chip is programmed at Mykotronx, in 
Torrance, Calif., an extra numerical key is created that can be used to 
decode that Clipper's signals. The extra key is split in two, with each half 
going to an escrow agent - in this plan, two different government agencies.
    Later, if law enforcement finds that a court-authorized wiretap picks up 
a Clipper-scrambled conversation, it can go to the escrow agents, get the key 
parts, assemble them and use the resulting key to decode that and subsequent 
calls from the tapped phone.
    In a separate, controversial move, the FBI proposed a ''Digital 
Telephony'' law that requires phone companies to modify their switching 
systems to facilitate wiretaps. The FBI says that new digital technology 
makes wiretapping tough, and new phone services such as call-forwarding and 
speed- dialing let people bypass wiretaps.
    The Digital Telephony bill would give the agency continued access to the 
phone system not just for wiretaps, but for  data on where and when calls are 
made.
    ''If you think crime is bad now,'' FBI Director Louis J. Freeh warned in 
a May speech, ''just wait and see what happens if the FBI one day soon is no 
longer able to conduct court-approved electronic surveillance.''
    The bill, which has not been introduced yet, is being fought by the 
United States Telephone Association, which says it could cost $2 billion to 
implement and would raise public suspicions about a government ''trapdoor'' 
in the phone system.
    Opponents say it also will enable police to gather information about 
people's consumer, spending and even political habits from monitoring their 
transactions over phone or cable-television lines.
    ''It makes the presumption,'' Banisar said, ''that law enforcement and 
the military have needs above everyone else, and we have to satisfy those 
needs first and then satisfy everyone else's basic civil rights.''
    Freeh and other law-enforcement officials say electronic surveillance has 
been critical in cracking major cases of terrorism, drugs and kidnapping - 
such as the arrests in Chicago's El Rukn street gang, purportedly acting for 
Libya in a plot to shoot down a commercial airplane with a stolen military 
rocket.
    Civil libertarians find the FBI's arguments misleading and inaccurate.
    ''They have a couple of horror stories about child molesters or whatever, 
but they account for just the smallest fraction of what wiretaps are used 
for,'' said Banisar, of the*privacy*information center.
    Banisar said law enforcement seeks and gets court permission for fewer 
than 1,000 electronic surveillance cases a year (there were 976 cases in 
1993), but that those include electronic bugs. Banisar said 70 percent of the 
cases concern drugs.
    Banisar notes that in the El Rukn case the gang bought the stolen 
military rocket in an FBI sting.
    Clipper's critics concede that police may fail to solve some cases if 
strong encryption is widely available.
    ''I am willing to accept that law enforcement will be hamstrung. You're 
giving up some safety in exchange for personal freedom,'' said cryptographer 
Schneier. He said strong encryption protects ''both terrorists and Chinese 
dissidents.''
    Daniel J. Weitzner, senior staff counsel of the Electronic Frontier 
Foundation, said the government certainly has the right to wiretap - but 
''nowhere does it say that law enforcement is entitled to success in every 
search, which is what (Clipper) is saying.''
    Clipper's opponents say it's ineffective for a variety of reasons. 
Because its use is voluntary, they say, crooks can easily use some other kind 
of encryption.
    ''What criminal's dumb enough to go to Radio Shack to buy an encrypting 
device that says 'FBI approved' stamped on the package?'' Weitzner asks.
    That's not the point, say Clipper's defenders. They say the Clipper 
program will ensure at least that the biggest-selling form of encryption can 
be cracked. And, they add, crooks are often really dumb, pointing to 
lawbreakers who leave fingerprints, make calls from their home phones and -  
in the World Trade Center bombing - tried to get back a deposit on the rented 
truck that carried the bomb.
    Allowing non-Clipper systems also seems to undercut any value Clipper has.
    ''It's doubtful that foreign buyers, especially foreign governments, will 
want an encryption system (if) . . . the U.S. government holds and has access 
to the keys,'' said Nanette DiTosto, manager of telecommunications for the 
U.S. Council for International Business.
    She said multinational companies might have to buy two encryption systems 
- one to deal with the U.S. government and another to deal with customers and 
governments overseas.
    Clipper's defenders brush aside many of the protests and focus instead on 
the ramifications of a world without Clipper. Dorothy E. Denning, chairman of 
the computer-science department at Georgetown University and a supporter of 
the Clipper plan, said such a world would be like ''highways without traffic 
lights and people without driver's licenses.'' She said the public was far 
more concerned with crime than*privacy.*
    Weitzner says the government's effort is tantamount to trying to suppress 
a language. ''Can the government ban a language it doesn't understand?'' asks 
Weitzner. ''If there are only two people left in the world who speak Navajo, 
can the government ban them from using the language?''
 GRAPHICS: PHOTO (3)
  1. (Uncaptioned) Clipper chip
  2. Analyst Dave Banisar of the Electronic*Privacy*Information Center said 
law enforcement wants ''to have their fingers in a lot of pies.'' (The 
Philadelphia Inquirer / MICHAEL MALLY)
  3. Daniel J. Weitzner of the Electronic Frontier Foundation says the 
government's Clipper effort is like trying to suppress a language. DIAGRAM (2)
  1-2. The Clipper Chip Controversy: How it works; Government Access (SOURCE: 
Mykotronx Inc., Federal agencies; The Philadelphia Inquirer / CRISTINA RIVERO)
 KEYWORDS: US GOVERNMENT COMPUTER COMMUNICATIONS SCIENCE AND 
TECHNOLOGY*PRIVACY* RIGHT
END OF DOCUMENT.







From tcmay at netcom.com  Sun Jul 31 21:58:38 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 21:58:38 PDT
Subject: Big Brother's Escrow Systems
In-Reply-To: <9408010329.AA20402@netmail2.microsoft.com>
Message-ID: <199408010458.VAA18103@netcom7.netcom.com>


> 
> From: Timothy C. May
> 
> If Microsoft or any other companies have already colluded with the
> national security establishments of the U.S. or other countries to
> limit strong crypto except where software key escrow is used, then
> attacks on these companies are justified.
> ..........................................................................
> 
> My turn:   oh, ppulllleeeeeze!   :>)
> (this is a rather popular expression, lately).
> 
> This is why I don't think that scenario is possible:

I think the likely scenario is shaping to be: strong crypto can be
exported if software key escrow is included. The comments about
meeting export requirements, the Karlsruhe workshop on international
key escrow, and the agenda for the upcoming conference on
international aspects ("global challenges"), with a heavy focus on key
escrow, all point to this.

Going along with this "ground truth" (no SKE = no export) does not
require a malicious person bent on using software to subvert and
dominate the world (not a direct reference to Bill Gates).

...
> isn't profiting by it.  I myself would not be willing to tolerate the 
> kinds of controls that software & other companies have to suffer in 
> order to bring their products to these markets.  But I can grant that 
> it does the customers a benefit for these to have been made available 
> to them, even if I know that I myself am revolted to consider the 
> regulatory tests which must be passed in order to do this (something 
> akin to airport drug check examinations).  Maybe he's trying to save 
> the world, I don't know.

I can't speak to any one person's intentions. But what Blanc says here
reads to me like this: if they say put SKE in, he'll put it in. But
this is idle speculation on our part.

The key is to make sure that any "voluntary" system be truly
voluntary, with arbitrary key escrow agents (and no special
requirement, fees, or approvals needed!), an easy and transparent way
to turn off escrow completely, and "observational invisibility" of the
escrow process (transmitted files give no evidence to eavesdroppers o
being escrowed, or who the escrow agents are, etc.).

> Would they have been on the list of those opposing Clipper and the 
> export of crypto?  I can't see where the company would contribute to 
> the opposition on the one hand and then turn around and collaborate to 
> put limits on strong crypto except as allowed by the government.  It's 
> a contradiction; I can't imagine that MS would go in that direction of 
> accepting such an unsavory idea.

"Collaboration" may be a misleading word. Perhaps Microsoft, Cantwell,
etc., backed off from their opposition to a debilitating plan (no
export of strong crypto) because they saw the proposed TIS system as
being acceptable. (_I_ don't find it acceptable, because I
axiomatically reject the concept of mandatory key escrow, but I have
to say that many people will find it to be an acceptable compromise.
Whether Maria Cantwell, Bill Gates, etc., have been thusly involved is
still speculative.)

> It's absurd to think that MS would wish to offer its software and 
> services to people all over the world, making it easier for them to get 
> their work done and contribute to opportunities for developers therein 
> to make an income, thus "empowering" them - freeing them to some 
> extent, while on the other hand helping to put them under unwanted & 
> unmanageable surveillance, thus putting them back into another 
> miserable situation outside their control.

In the upcomign debate on this, I think you'll find that many people
will consider software key escrow to be a "reasonable compromise,"
with all the right buzzwords: court order, search warrant, legitimate
needs of law enforcement, preserves the wiretap capabilities we now
have, etc.

I present it as a tool for a surveillance state, but others will see
it as a reasonable compromise. Especially if it means the same box
marked "Peoria" can now be shipped freely around the world. I have a
feeling that J. Random Tycoon will consider the compromise reasonable.

> The culture here is so unlike that concept, so unreserved, that this is 
> why I find it difficult to accept that the interests of the 
> individual's desire for control over their privacy would be set up for 
> compromise - be made difficult to maintain  -  by secret agreements 
> between the company's leadership & the MotherShip.

Then what is "the agreement" that has been spoken of? What key escrow
schemes are being developed by the folks attending the conference?


> I will belive it when I see it.   And I'll sign it:
> 	How could I have doubted;
> 	Timothy C. May was right all along.
> 	I should have known better.

We may know one way or another what's cooking in the next half year or
so. The upcoming conference will raise visibility, and SKE will need
to be reasonably widely deployed by mid-96 or so, or I suspect it'll
be too late. 

I hope I'm proven wrong by events. I can't see any rationale for SKE
only in exports (e.g., why should U.S. _export_ law care about escrow
being used within Russia, for example?), so I expect either no SKE or
SKE in nearly all major OSes.

Given that the overall "EES" is definitely not dead, but that the
specific hardware of "Clipper" appears to be dead (any minor market
the Surety phones had, has evaporated), then what is the position on
escrow?

Cantwell didn't win...crypto export is still controlled. Key escrow
isn't dead, only the "hardware chip" seems to be dead. And given the
accelerating conversion to phones and video via computers--the whole
multimedia/video/conferencing thing--the key escrow guys in Washington
and in Europe _have_ to be thinking about software key escrow, because
all those installed 486 and Pentium boxes are already communicating,
and those folks aren't going to be buying "Capstone Modems" with EES
chips inside. (And something like 50% of all Pentium boxes are being
sold into private homes, amazingly.)

How to deal with public opposition to Clipper, corporate reluctance to
buy new Clipper phones and new Capstone modems, and to this change to
a world of computers talking to other computers?

Fortunately for them, the software key escrow system of Walker and
Belenson, with inputs from Schmid, Denning, and others, looks to
ideally solve this problem. It runs with existing hardware, requires
no new purchases of chips, and avoids the patents of other systems.
(The TIS system apparently avoids the Micali patent, or at least
Schmid and Denning were reportedly very happy at Karlsruhe to hear of
prior art, by a European, which apparently predated Micali's patent
filing by some years....Whit Diffie reported this.)

Now all you've got to do is get it installed widely. 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From schneier at chinet.chinet.com  Sun Jul 31 22:14:05 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Sun, 31 Jul 94 22:14:05 PDT
Subject: Lawsuits Against PKP
Message-ID: <m0qUpPc-0002EbC@chinet>




Two lawsuits were recently filed in federal court, northern district
of Calif, which may cripple Public Key Partners.

Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran.
It alleges that the RSA patent is invalid.  RSA Data had denied Cylink
a patent license.

Schlafly v. Public Key Partners, C-94-20512-SW, July 27, 1994, San Jose.
It alleges that almost all of the PKP patent claims are invalid and
unenforceable.  From the complaint:

	Plaintiff makes complaint against defendants for unfair
	business practices, including libel, interference with
	contractual relationships, patent misuse, fraud,
	monopolization, and racketeering, and demands remedies
	available under federal law, including jury trial,
	declaratory judgment, monetary damages, and injunctive relief.

You can probably get a copy from the court by calling
Kinko's, 408-279-0655, 408-295-4336 fax.  Ask for document #1.
It is bulky, at about 270 pages.

Bruce

**************************************************************************
* Bruce Schneier
* Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
* schneier at chinet.com
**************************************************************************




From shamrock at netcom.com  Sun Jul 31 23:25:47 1994
From: shamrock at netcom.com (Lucky Green)
Date: Sun, 31 Jul 94 23:25:47 PDT
Subject: Lady Di's medical records
Message-ID: <199408010625.XAA25501@netcom7.netcom.com>


A laptop containing Lady Di's medical records has been stolen out of her
therapists office. Seems that the British press is holding its breath
expecting the thief to forward any found information to the newsrags.

This is the second time that the royal family could have been saved
potentially great embarrassment by the use of encryption. For those who
forgot: the first time was when Price Charles adulterous conversations on
an non-encrypted cell phone were intercepted and made public by the press.

Cypherpunks help royals ;-) ?



-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From shamrock at netcom.com  Sun Jul 31 23:45:55 1994
From: shamrock at netcom.com (Lucky Green)
Date: Sun, 31 Jul 94 23:45:55 PDT
Subject: Philadelphia Enquirer Story on Clipper
Message-ID: <199408010646.XAA27158@netcom7.netcom.com>


>  Dorothy E. Denning, chairman of the computer-science department at
> Georgetown University and a supporter of the Clipper plan, said such
> a world [with unbreakable encryption] would be like ''highways without
>traffic lights and people
> without driver's licenses.''

Let me predict it here today: there will be the day that you will need a
license to access the Net.

> She said the public was far more
> concerned with crime than*privacy.*

It gives me the chills everytime I read that quote. I just can't get used to it.


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger







From tcmay at netcom.com  Sun Jul 31 23:46:41 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 23:46:41 PDT
Subject: Lady Di's medical records
In-Reply-To: <199408010625.XAA25501@netcom7.netcom.com>
Message-ID: <199408010646.XAA24199@netcom4.netcom.com>


> A laptop containing Lady Di's medical records has been stolen out of her
> therapists office. Seems that the British press is holding its breath
> expecting the thief to forward any found information to the newsrags.
> 
> This is the second time that the royal family could have been saved
> potentially great embarrassment by the use of encryption. For those who
> forgot: the first time was when Price Charles adulterous conversations on
> an non-encrypted cell phone were intercepted and made public by the press.
> 
> Cypherpunks help royals ;-) ?
> 
> -- Lucky Green <shamrock at netcom.com>  PGP public key by finger
> 

Legal liability by the therapist could help even more. The safe
manufacturers were driven to develop better safes not by exhorting
customers to buy better safes, but by the actual financial incentives
induced by the insurers...buy a stronger safe and rates go down. 

Likewise, lose your client's confidential medical/psychiatric records,
end up paying $2,000,000 in damages...your insurer will then
incentivize customers to use better security.

(The value of insurance or other secondary markets cannot be ignored:
people rarely think an even will occur to them, so they are
unresponsive to specific risks. But insurers can make the market more
communicative and liquid.)

I understand that in California, shrinks have a duty to protect
records. I expect encryption is spreading. I also expect that many of
them are worried about the trend to force disclosure of patient
records. (Such as with the Tarasoff ruling on patients who make
threats, the various other loopholes for breaking doctor-patient
privilege, the various "discovery" procedures in court cases, and so
on.)

(Watch for software key escrow to fold this in: mandated encryption of
records, but American Psychiatric Association and California State
Mental Health Association the designated escrow sites. For example.)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From khijol!erc at apple.com  Sun Jul 31 23:56:09 1994
From: khijol!erc at apple.com (Ed Carp [Sysadmin])
Date: Sun, 31 Jul 94 23:56:09 PDT
Subject: Just say NYET to censors
In-Reply-To: <199407281739.KAA13834@netcom13.netcom.com>
Message-ID: <m0qUMaH-0004G1C@khijol.uucp>


> I was meeting last week with Secretary of Decency Falwell and the
> President. Dan proposed that we extend the National ID Number to a
> range of other services, including books and magazines. After Jerry,
> Dan, and I watched that filthy "Debbie Does Fort Meade" again, we were
> all very excited about stopping this trash.

Of course, you would be allowed unrestricted access to such "trash".  For
purposes of monitoring compliance, of course ;)

I hear the ex-director of the Texas American Family Association has the
most extensive collection of porno flicks and mags around.
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From khijol!erc at apple.com  Sun Jul 31 23:57:14 1994
From: khijol!erc at apple.com (Ed Carp [Sysadmin])
Date: Sun, 31 Jul 94 23:57:14 PDT
Subject: Supposed NSA turncoat reveals monitoring of anon remailers? >pshah!<
In-Reply-To: <199407121432.AA10892@poboy.b17c.ingr.com>
Message-ID: <m0qUNIG-0004G1C@khijol.uucp>


> > On the subject of network monitoring, Bruce posted a copy of an NSA
> > technology transfer which described a database searching algorithm
> > that looked fairly sophisticated (I don't have the actual posting
> > handy.)  Did anyone (Bruce?) obtain a copy of the algorithm, and if
> > so, were there any distribution limitations on it?  It looked like
> > just the thing that the NSA would use as their "watchword" scanner,
> > and even if not, it looked like a very useful design all the same.
> 
> I took the time to contact the "office symbol" listed in the NSA
> announcement. The NSAoid's name was Dennis Sysko. He was a little
> nonplussed that Bruce had posted the announcement.
> 
> I was required to write a letter to them, on Intergraph letterhead,
> requesting further information; after receiving it, Sysko promised to
> send me an NDA that I could sign and return to get further
> information.
> 
> Someone else posted in t.p.c that they'd sent in a letter and been
> told that NSA would not license this technology to individuals. That
> sort of echoes the argument that there are some munitions appropriate
> for government but not for individuals.

Did anyone ever get this, or could someone forward the original post to
me?  Thanks!!
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"