From jimn8 at netcom.com Tue Mar 1 00:05:09 1994 From: jimn8 at netcom.com (Jim Nitchals) Date: Tue, 1 Mar 94 00:05:09 PST Subject: *Time Magazine* article on Clipper Message-ID: <199403010805.AAA17526@mail.netcom.com> (Sorry for the "from" and "to" names; I'm using elm and it just doesn't format the headers in a way that the Cypherpunks list software's happy with) America Online goofed, and let a preliminary description of this week's Time magazine remain online after Time pulled an article on Clipper at the last minute. I've got a screen snapshot of the welcome screen containing the promo text, as well as email from Tom Mandel, who maintains the Time Online information. He says it was pulled due to late breaking news. So, if Time puts out an article favorable to Clipper, and distracting the public's attention from mandated key escrow, it might make sense to do a little investigative journalism of our own. Not that I'd accuse Time of knuckling under to Administration pressure to pull the article, or making revisions based on NSA "advice." Are EFF and CPSR doing everything possible to get media attention? Can't the EFF hold a press conference and hand out a "Big Brother" award to whichever congresscritter has done the most to hurt the cause of privacy? Any of the sponsors of the FBI Wiretap bill would do. A little heavy adverse publicity might give pause to other critters, at least the ones up for re-election anyway. - Jim Nitchals From norm at netcom.com Tue Mar 1 00:17:41 1994 From: norm at netcom.com (Norman Hardy) Date: Tue, 1 Mar 94 00:17:41 PST Subject: standard for steganography? Message-ID: <199403010818.AAA19344@mail.netcom.com> At 0:56 3/1/94 -0500, Sergey Goldgaber wrote: >On Mon, 28 Feb 1994, Norman Hardy wrote: > >> Has anyone done statistical studies of low bits of pixels or sound samples? >> I suspect that they are often far from random. A flat 50% distribution in >> the low bits might standout like a sore thumb. I can imagine the the low ... >Yes, pure white noise would be anamalous. I have suggested that one use >a Mimic function with a "garbage grammar". Implemented correctly, it should >withstand statistical analysis. > >What is an AD converter? And what are the techniques you speak of that >mimic those AD converters? 'AD converter' = 'Analog to Digital converter'. Here are three schemes each with flaws: Consider an alphabet of 10 bit characters with a probability distribution such that each bit has an expected value of .6 (instead of the normal .5). The character 000000000 has a probability of .4^10 = .000105 and p(1111111111) = .6^10 = .006046. Do a Huffman encoding on this alphabet. 000000000 codes as 13 bits and 1111111111 codes as 7 bits. Take the cipher stream and execute the Huffman decode(!) operation on the cipher stream. Out comes a sequence of 10 bit bytes with 60% ones. To retrieve the original cipher stream execute the normal Huffman coding algorithm and get the original stream. The flaw here is that Huffman assigns some probability to each of the 10 bit characters which is 2^-7, 2^-8, ... 2^-13. The intermediate probabilities are not represented. This would show up without too much data. Another scheme is called 'arithmetic coding'. It avoids the above probability quantization but is tricky to program. I can't find a reference to it just now but it should appear in any modern book in information theory. Unlike Huffman it does not code each character into a definite number of bits but codes a sequence of several characters into a 'real number'. Adapting this to numbers that real computers can use is tricky. Again you feed the flat cipher stream into the decoding end of the algorithm and get biased bits. The above two schemes are information efficient. With a 60% bias you get 97% efficiency. If you are willing to settle for 80% efficiency you can merely establish a RNG synchronized at sender and receiver that sends a bit from the cipher stream with probability .8 and sends a one with probability .2. From sergey at delbruck.pharm.sunysb.edu Tue Mar 1 01:07:59 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Tue, 1 Mar 94 01:07:59 PST Subject: standard for stegonography? In-Reply-To: <9403010717.AA20839@acacia.itd.uts.EDU.AU> Message-ID: On Tue, 1 Mar 1994, Matthew Gream wrote: > > Earlier, Sergey Goldgaber wrote: > > > Wasted bandwidth does not a poor method make! > > No, but in the case of steganography it does make it an impractical > requirement. I dissagree. You may waste a few bytes, or maybe several Kb, but it would be worth it. > No, I outlined two reasons. Firstly, an offset method such as you mention > wastes a lot of bandwidth. Say you take a conservative 16 bits as offset > (which is already too easy to brute force), there you have up to 64kbit of > potentially wasted bandwidth in a transmission medium that needs as much > as it can get. See for example pixel 'stegging', you'd need exceeding large > pictures just to overcome the offset noise let alone modulate data of any > practical length in. The second reason, which yes can be construed as more > a personal dislike, did regard the prerequistite for a PKCS. In retrospect, > I'll retract that. > As I said in an earlier post: you can either sacrifice space for security; or, sacrifice security for space! Now that I think about it, one wouldn't have to sacrifice any bandwidth whatsoever! As, the stego program could be made to do wrap-around encoding. Meaning that, as the end of the file is reached, encoding continues from the beginning until the appropriate offset is reached. This would loose none of the additional security offered by the original method. On a related note, someone has mentioned that fractals have a great ammount of potential for stego. Their noise-threshold is much higher. You may want to look into that if you're concerned with conserving space. > I agree with the first and foremost as well, steganography is there to > hide data. But by the same token, if the data is hidden, how do you know > there is any there ? Isn't the idea that _you_ have a quick means to > determine whether something has been hidden there, else it looks like > harmless information ? It _should_ look like harmless information! It would be _nice_ to be able to know which files have been stegg'ed; but, that would either have the potential to tip off one's opponent as well or, it would require secure channels to propagate header keys (see previous message in thread for comments to this effect). > > With your method, you're leaving it up to whatever particular information > has been stegged in to have some inherent integrity check. Ie. this would > work if you stegged in PGP data or signed data. I do not advocate stego'ing data with telltale headers. That combination is self defeating. It must be noted that encrypted headers, as per your advice, would allow one to know that decription was successful, without sacrificing security. > But what if you stegged > in something else, how do you know it was stegged data ? All I was > proposing was a method of providing a header encrypted so you _know_ that > what follows is stegged information, that was my original intent. > You would have to decrypt it to find out. The only problem may lie in figuring out the file-length. Possible solutions are: 1 - Put in some kind of EOF marker. Scatter a some more through the file just in case, as well. You may thus be required to make several attempts at decryption. 2 - Have a standard file length. Break the original file into standard length packets. Pad with noise, if neccessary. Then send it through via multiple successive files. > Those first few bits are decrypted to either > reveal a structured header, in which case you can proceed to remove > the rest of the data, or to reveal junk, in which case there is nothing > there, at least nothing for you. > This is much clearer, thank you. However, I'm sure you realize that if the key used to encrypt the header is standardized, and it's location of the header is standardized as well, much security is lost. If its not standardized, secure channels must exist for its propagation (ie: no need for stego). > > So that this question may be asked: if you have secure channels, why do you > > need encryption? > > I have seen this point, and yes, I guess it is a problem. You would need to > at some stage in the past agree on a key to use. How about changing that > from IDEA to RSA then ? > hmmmm..... > > It would be even easier to get the same picture and run it through your > > stego software which would look at your public-key and extract the file > > automatically. This would be pretty secure, easy to use, and require no > > secure channels! > > But then why offset in the first place? What is going to be at the offset > that can't be at the front of the file ? If something structured is going > to be at an offset, then it's easily susceptible to being brute force > searched. > Yes, stego is all but invalidated if you try and hide patterned information. That is why I recommend using "Stealth PGP" and/or a Mimic-function in combination with the standard stego we've been discussing. > Okay, how about giving up using some form of offset and just RSA encrypt > a header with the intended recipients key. You need not give up the offset-method to do this. They should work together for additional security. > To check, you'd get your stego > software to pull out the first 2048 bits and decrypt the first X bits > corresponding to whatever your modulus length is with your private key, > if the result is "*STEGO FOLLOWS*+other", then theres a file there, else > you know nothing exists there (at least not for you ..). This is a good idea. It will save you time you would have otherwise used to try and decrypt the whole file. However, this should only be used if the header fits in uniformly with the rest of the file. Otherwise, the file will stand out as encrypted. Of course, the data should be uniformly encrypted with Stealth PGP or its equivalent, as well. > However, this is half hearted because after thinking about it, I've come > to the conclusion that it's probably best if all the software does is > push the bits in and leave it up to Stealth-PGP (or other software) to > provide a means of creating the header and the proceeding data in a way > so that no key-ID's or so on exist. The function of Stealth PGP, as I understand it, is not only to encrypt without information as to the intended reciever, but to leave no trace of encryption whatsoever. Thus the need for a seperate, encrypted, header. I think your modified proposal should work just fine. > Then you could just > "desteg < art | stealth-pgp > out" and watch Stealth-PGP's exit code. If the desteg program automatically checks for encrypted, hidden fileheaders via un-stealth-pgp, it may be as simple as you've pointed out, anyway. > The desteg software shouldn't attempt to put anything in to identify > the presence of stegged data tho. > Your idea will save time at no loss to security, if the header is encrypted. I see a problem only if the header is: 1 - unencrypted or 2 - encrypted with a non-public key or 3 - encrypted but anamalous If its encrypted with a public-key and blends in with the rest of the data and the rest of the file it should be fine. Sergey From jeremy at crl.com Tue Mar 1 02:17:36 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 1 Mar 94 02:17:36 PST Subject: The answer. Message-ID: I think I have found the way to end all our problems: ESP. Consider a secure public-key ESP connection from your head to mine. It's perfect. I think that we should work on developing this right away! _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From smb at research.att.com Tue Mar 1 06:27:44 1994 From: smb at research.att.com (smb at research.att.com) Date: Tue, 1 Mar 94 06:27:44 PST Subject: DES Question Message-ID: <9403011427.AA21477@toad.com> Mainly to sabotage the performance of DES software implementations. Even back then the government knew it was much easier to control the dissemination of hardware than software. Are you sure? I got the distinct impression it was related to serial/parallel conversions on the chips of the time. From lstanton at lehman.com Tue Mar 1 06:34:06 1994 From: lstanton at lehman.com (Linn Stanton) Date: Tue, 1 Mar 94 06:34:06 PST Subject: ditz in office In-Reply-To: <199402282219.RAA26298@eff.org> Message-ID: <9403011434.AA19268@sten.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Mike" == Mike Godwin writes: Mike> I'm still reasonably satisfied to have voted for Clinton. I Mike> don't think any of this stuff would have been any different Mike> if any other candidate had been elected. I think that these proposals would still be coming from the government if Bush had been re-elected, but that they would generate more opposition, which would, to me, be a Good Thing. It is an unfortunate fact that in this country, people often react differently to an idea, depending on who produces it. I have spoken to people who really TRUST Clinton, and who have no objection to clipper and the wiretap bill, until you remind them the the Republicans could be in office again someday. Then they go "Oh, yeah. That would be a problem" There is also the partisan issue. It would be much easier to muster opposition in Congress if the majority party was not the same as the party of the administration. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- iQBVAgUBLXNSO8GRjm/KQ3JTAQEl4wH/cvsg3yl/iwKP1uQHJY5hqn/umpgbQznW tTm9XlPdl0NJa5PnysN8BoL4w5vskLjX3hFK33ZGknp+aUQl+zLKRg== -----END PGP SIGNATURE----- From ravage at wixer.bga.com Tue Mar 1 06:46:13 1994 From: ravage at wixer.bga.com (Jim choate) Date: Tue, 1 Mar 94 06:46:13 PST Subject: standard for steganography? In-Reply-To: <199403010523.VAA00389@mail.netcom.com> Message-ID: <9403011446.AA21798@toad.com> I have played w/ stego some and w/ the present resolutions of images I dont find the images have enough complexity to really hide a message of a useable length, unless you break it up into several images. I use a function to measure the complexity of a image based on adjacent bit changes. The more complex an image the more bit changes. I measure it thus: # of adjacent bit changes in image/ # of bits in image = complexity if the complexity is too low or too high (this is counter intuitive) then you can't hide a message. Consider an image w/ only a few bit flippings, any message that is inserted will cause the visual image to be distorted in a noticable way (unless it is truely expressionistic). Now consider a image w/ every other bit flipped (maximum complexity) which is in effect a checkerboard. Any bits that get flipped change the pattern to a less complex one (ie the checkerboard is broken up). Also you have to consider the effects on edges and the standard deviation inherant in using anti-aliasing. This will cause bits on the edge to be switched incorrectly for the algorith in use. Since it is a trivial problem to measure the sd for various graphics packages this makes a nifty test bed for finding imbedding images. Blank or mono-chromatic areas also show the same type of errors. I am still working on it and hope to find an error in there somewhere but so far no go. From uri at watson.ibm.com Tue Mar 1 06:57:40 1994 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Tue, 1 Mar 94 06:57:40 PST Subject: DES Question In-Reply-To: <199402282149.NAA00940@servo.qualcomm.com> Message-ID: <9403011457.AA21940@toad.com> Phil Karn says: > >Second question: The DES code that I have (not written by me) has a > >comment section which describes filling all 16 subkeys seperately, > >thereby allowing a 128 byte key. Is there any significant advantage to > >doing this? Is there any reason that I should not do it? > That sounds like my code. That feature seemed like a good thing to do > at the time. Then I learned about differential cryptanalysis. No, you > cannot strengthen DES in this way, and in fact you could actually > weaken it unless you are sure to use 128 completely random bytes for > your key. Phil is wrong and ys you can strengthen DES by choosing completely independent subkeys, rather than generating the subkeys with known algorithm from 56-bit "seed". However, the additional strength will mostly go towards foiling brute-force attacks. Note, that it will take about 2^60 chosen plaintexts instead of 2^47 to mount differential cryptanalysis attack, and also linear cryptanalysis is somewhat hampered by using subkeys independently generated. > >What is the purpose of the initial and final permutations? > Mainly to sabotage the performance of DES software implementations. > Even back then the government knew it was much easier to control > the dissemination of hardware than software. Wrong. Pure hardware requirements - nothing so subtle as to "complicate" software implementation, simply peculiarity of that day hardware... Trust me! (:-) -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- >From owner-cypherpunks Tue Mar 1 06:58:15 1994 From mnemonic at eff.org Tue Mar 1 06:58:15 1994 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 1 Mar 94 06:58:15 PST Subject: ditz in office In-Reply-To: <9403011434.AA19268@sten.lehman.com> Message-ID: <199403011458.JAA15119@eff.org> Linn Stanton writes: > It is an unfortunate fact that in this country, people often react > differently to an idea, depending on who produces it. I have spoken > to people who really TRUST Clinton, and who have no objection to clipper > and the wiretap bill, until you remind them the the Republicans could > be in office again someday. Then they go "Oh, yeah. That would be a > problem" I don't detect any less opposition to Clipper and Digital Telephony from Clinton supporters than from Clinton opponents. Quite the opposite, if you want to know the truth. --Mike From lstanton at lehman.com Tue Mar 1 07:15:44 1994 From: lstanton at lehman.com (Linn Stanton) Date: Tue, 1 Mar 94 07:15:44 PST Subject: ditz in office In-Reply-To: <199403011458.JAA15119@eff.org> Message-ID: <9403011515.AA20333@sten.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Mike" == Mike Godwin writes: Mike> I don't detect any less opposition to Clipper and Digital Mike> Telephony from Clinton supporters than from Clinton Mike> opponents. Quite the opposite, if you want to know the Mike> truth. Exactly. This is how I see it (all numbers made up for illustration): If Clipper/Digital Telephony are proposed by Clinton, 60% of Democrats and 70% of Republicans will support. If Clipper/Digital Telephony are proposed by a Republican, 40% of Democrats and 80% of Republicans will support. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- iQBVAgUBLXNb78GRjm/KQ3JTAQFdNAH/ZNjcqVtSVTQ8HY+qwAqgbOJrhKFNq6IO WA8bhJrRaccofIowUexlikyMyu1sVfE8FxZCCa1WO31wHAC996ZtOg== -----END PGP SIGNATURE----- From cvoid at netcom.com Tue Mar 1 07:59:42 1994 From: cvoid at netcom.com (Christian Void) Date: Tue, 1 Mar 94 07:59:42 PST Subject: T-Shirt stuff... Message-ID: Greetings. Could anyone who has order a t-shirt, but has not gotten a order confirmation PLEASE send me mail. I have a few orders sitting here that I have no size information or e-mail addresses for. Unless you want an XL, send me a note. Thanks. :) Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From frissell at panix.com Tue Mar 1 08:07:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 1 Mar 94 08:07:10 PST Subject: Freehdom Isn`t Freeh Message-ID: <199403011606.AA22179@panix.com> New York Times, Monday, February 28, 1994 Business Day A PUSH FOR SURVEILLANCE SOFTWARE By John Markoff In the age of computer communications and digital telephone calls, the American people must be willing to give up a degree of personal privacy in exchange for safety and security, the head of the Federal Bureau of Investigation said. In an interview on Friday, Louis J. Freeh, the F.B.I. Director, defended proposed legislation that critics say would turn the nation's telephone network into a vast surveillance system. He said taxpayers would be asked to pay up to half a billion dollars to develop and deploy the necessary network software. The Administration wants to impose new technology that would enable law- enforcement agents to gather a wealth of personal information by monitoring citizens' calling patterns and credit card transactions over the telephone network --- and over the two-way cable television networks being planned by cable and phone companies. The system would go well beyond the current wiretapping technology, because much of the information could be gleaned without the police or F.B.I. actually having to eavesdrop on specific voice or electronic-mail conversations. "The costs are high, but you have to do a cost-benefit analysis," said Mr. Freeh, who insisted that fighting terrorists and criminals was the Government's intention --- not playing Big Brother to the citizenry. `A Credible Solution' "The damage to the World Trade tower and the economic interests of the country are conservatively estimated at $5 billion," he said, citing last year's bombing of the World Trade Center in Manhattan. "I think the American people will agree that this is a credible solution to the problem we face." The Administration is trying to line up Congressional support for the legislation, called the Digital Telephony and Communications Privacy Improvement Act of 1994, before having it formally introduced. Government officials say traditional wiretapping is becoming increasingly more difficult because more and more phone calls and data communications are transmitted as streams of digital information --- representing the ones and zeros understood by computers. Thousands of such calls may intermingle on a public-network circuit at any moment. Proponents of the legislation say new software placed on computerized network switching equipment is necessary to help law enforcement sort through this traffic. But executives of McCaw Cellular Communications, the nation's biggest cellular telephone company, told Mr. Freeh and White House officials at a meeting on Thursday that their newest telephone switches already provide the surveillance capabilities requested in the legislation. Moreover, privacy advocates say the Government can point to no case in which digital network technology alone has impeded an investigation. And they note that in the World Trade Center case, it was not electronic communications but mundane bungling of vehicle and warehouse rentals that led to arrests. An Electronic Portrait Such critics have long warned that in the information age, it is possible to build a detailed model of an individual's behavior, political and sexual preferences, social network and travel itineraries simply by examining telephone-calling patterns and credit card purchases. Some capabilities were demonstrated when law-enforcement agents pieced together a chronological list of phone calls made by the people accused of plotting and carrying out the attack in January on the figure skater Nancy Kerrigan. But the type of software the Clinton Administration wants to add to the public communications network would make possible much more detailed records of individuals' electronic activities. "It will be possible to develop a life-size portrait about you as a person," said Jerry Berman, executive director of the Electronic Frontier Foundation, a Washington privacy-rights lobbying group. "This is not just about a phone number." For the Administration, having taxpayers rather than communications companies pay for the system is meant to dilute industry criticism of the plan, which has met resistance since it was disclosed a few weeks ago. Congressional support is difficult to gauge. "The bill has some significant problems we need to resolve," said Representative Don Edwards, Democrat of California and chairman of the House Judiciary subcommittee on civil rights. "The profiling and the tracking aspect of the bill is something we are concerned abut." A version of the legislation was first proposed in 1991 by the Bush Administration at the urging of the Justice Department. But unlike that version, the new bill would limit the surveillance to public networks and not include company phone systems --- private branch exchanges, or PBXs --- or private corporate computer networks. Despite those changes, civil liberties groups and some industry executives say they are concerned that the scope of the new bill would give law- enforcement agencies new access to a vast amount of "transactional," or billing, information related to the setup of a telephone call. Under current law, obtaining a subpoena to obtain transaction data from the telephone company is easier than getting a wiretap warrant to eavesdrop on actual conversations, which requires a judge to find probable cause that a crime has taken place. Mr. Freeh met with telephone industry executives at the White House on Thursday and with Congressional leaders on Capitol Hill on Friday in an effort to attract support for the bill. He said in the interview that he was willing to compromise by adding safeguards for transactional information. "I understand the privacy concern," he said. "My real objective is to get access to the content of telephone calls. With respect to the extraordinary amount of personal information that is generated by this new technology, we would consider some way to block some of that information or raise the standard required to gain access. We're flexible on that." The F.B.I. Director said new digital communications technologies were making it more difficult for authorities to listen to conversations of suspected criminals who may be using cellular telephones or whose conversations may be carried as data streams in networks of fiber optic cables. Mr. Freeh said wiretapping had long been one of law enforcement's most effective tools. He cited examples in which it had been used effectively to prevent crimes, including a case in Chicago in which a terrorist was planning to shoot down an airliner with a Stinger missile. In that instance, Mr. Freeh said, The telephone networks involved were not advanced digital systems, but older analog networks that send voices as electronic patterns mimicking natural sound waves. But he said there had already been hundreds of cases in which attempted F.B.I. wiretaps had been thwarted by new digital communications technology --- not, he said, because the suspected criminals were necessarily trying to evade detection, but simply because the public-network technology made it difficult for agents to listen. Last year, a group called the Computer Professionals for Social Responsibility obtained Government documents through a Freedom of Information request indicating that an informal survey of F.B.I. offices in Newark, Philadelphia and Las Vegas, Nev., found no instances in recent years in which F.B.I. agents had encountered any technology- based problems in conducting wiretaps. Asked about those findings, Mr. Freeh said he was not aware of them. Several telephone industry executives who met with Mr. Freeh at the White House last week said that they were skeptical whether new legislation was needed and that they were concerned about provisions that would fine telephone companies up to $10,000 a day for failing to comply with the new law. "This is just new faces giving the same pitch," said one telephone industry vice president who attended the meeting and who had been opposed to the Bush Administration's version of the legislation. He spoke on condition of anonymity. Executives at the American Telephone and Telegraph Company said they did not believe there were significant technological problems that warranted new legislation. They also said they feared that the proposed legislation would undercut the privacy expected by customers. "Clearly the privacy concern is the biggest concern for A.T.&.T.," a spokesman for the company, Herb Linnen, said. He said the company would continue to meet with the White House and Justice Department in an effort to narrow the bill. Industry executives and privacy advocates have also warned about abuses of new surveillance technologies by telephone company insiders and computer vandals. But the F.B.I. Director said the protections in current analog telephone systems would be adequate to deter most break-ins. "This is always a threat," Mr. Freeh said. "But it's de minimus if you consider the alternative, which is not giving law-enforcement and intelligence agencies these capabilities." A White House official said that he believed opponents of the legislation were overreacting and that the law was a good compromise between privacy and law-enforcement needs. "The authority to gather transactional information already exists; I don't think this expands that authority," said John Podesta, the White House staff secretary. "We're open to talking through the issue with the privacy community." ----- Keyboarding by Lois Roth --- WinQwk 2.0b#1165 From frissell at panix.com Tue Mar 1 08:07:15 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 1 Mar 94 08:07:15 PST Subject: Dorothy Denning Message-ID: <199403011607.AA22207@panix.com> New York Newsday, Tuesday, March 1, 1994 Letter to the Editor THESE YANKEE CLIPPERS ... Dorothy E. Denning asserts that the federal government needs to force telecommunications consumers to buy into a so-called "weak encryption" scheme using the National Security Agency's "Clipper" computer chip because the government needs to be able to decrypt communications traffic that criminals might generate in the future ["The Clipper Chip Will Block Crime," Viewpoints, Feb. 22]. Denning fails to offer any evidence that any criminal or terrorist group has ever used encryption in the past, and also fails to explain why they would be stupid enough to use a compromisable encryption scheme in the future. Denning glosses over past governmental abuses of intercept technology with assurance that Clipper intercept procedures are resistant to abuse. Denning fails to mention that federal documents confirm that government intercept procedures involving Clipper technology offer users no more protection from wrongful government surveillance than plain text. Intercepted data protected by so-called "strong" encryption cannot be told from data protected by weak encryption until somebody actually tries to break the code --- which would make random checking of the data stream necessary to expose users of strong encryption schemes. But the government disclaims the use of codebreaking except under court order. Universal adoption of Clipper technology is unlikely because now, just months after the government unveiled Clipper, designers are offering, through electronic bulletin boards and user groups, freeware [available for free tryouts before buying] programs using strong encryption. It is only a matter of months before true "military-strength" encryption software reaches the market --- making Clipper the Edsel of cryptography. If the government forces Americans to use nothing but Clipper encryption, we can kiss the First and Fourth Amendment rights good-bye. Hold out for military-strength encryption to keep your data safe! Ludwig R. Vogel Manhattan Editor's note: The writer is chair of the Libertarian Party of New York State. The views expressed are his own. ---- Keyboarding by Lois Roth --- WinQwk 2.0b#1165 From frissell at panix.com Tue Mar 1 08:16:04 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 1 Mar 94 08:16:04 PST Subject: ditz in office Message-ID: <199403011615.AA28534@panix.com> Even if the normal parts of the Bush and Clinton Administrations are equally fascist, the Clinton Administration would win in net fascism since it includes an added (unelected) fascist element missing from the Bush administration: Linda Stasi reports in her column "Hot Copy" in the New York Daily News today (Tuesday, March 1, 1994) that she and some other gossip columnists were invited to have tea with Hillary Clinton yesterday. [Hillary was in town to boost her health care program with a visit to a very recently improved Kings County Hospital. The units Hillary visited were specially scrubbed for her visit and contained fewer patients than usual.] Linda says Hillary "...never wants to run for public office herself. But she'd probably get elected in a minute." Think again Linda. You also provided us with another one of those `Hillary's Ominous Quotes of the Day': "AT A CERTAIN POINT, YOUR RIGHTS MUST BE ABRIDGED FOR THE PUBLIC GOOD." The statement might simply be her response to a question about convicted rapists not having to submit to an AIDS test. And then again, it might not. --- WinQwk 2.0b#1165 From mnemonic at eff.org Tue Mar 1 08:23:39 1994 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 1 Mar 94 08:23:39 PST Subject: ditz in office In-Reply-To: <199403011615.AA28534@panix.com> Message-ID: <199403011623.LAA17434@eff.org> Oh, please. Dislike Hillary Clinton's policies if you must, but all this animus against Hillary Clinton as a person and as a fascist is grounded in sexism. --Mike From smb at research.att.com Tue Mar 1 08:40:05 1994 From: smb at research.att.com (smb at research.att.com) Date: Tue, 1 Mar 94 08:40:05 PST Subject: ditz in office Message-ID: <9403011640.AA23727@toad.com> `Hillary's Ominous Quotes of the Day': "AT A CERTAIN POINT, YOUR RIGHTS MUST BE ABRIDGED FOR THE PUBLIC GOOD." Sorry, that's a statement of fact. The interesting question is where one draws the line. Assume, for example, that you are a fervent believer in some religion that requires the sacrifice of unwilling outsiders. Should you be permitted to practice that religion? (Note: I said ``practice'', not ``believe in''.) Would the anarchist liberatarian next door to you be abridging your rights if he or she shoots back when you come to collect some victims? Even your own note acknowledged that rights aren't necessary absolute; you noted, in an exculpatory context, that The statement might simply be her response to a question about convicted rapists not having to submit to an AIDS test. As I said -- the interesting question is how and where one draws the line. From jef at ee.lbl.gov Tue Mar 1 09:10:33 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Tue, 1 Mar 94 09:10:33 PST Subject: standard for stegonography? Message-ID: <9403011710.AA08621@hot.ee.lbl.gov> >Now that I think about it, one wouldn't have to sacrifice any bandwidth >whatsoever! As, the stego program could be made to do wrap-around >encoding. Indeed, that's what I implemented. The current man page is appended. --- Jef pnmstego(1) USER COMMANDS pnmstego(1) NAME pnmstego - insert a stegonographic message into a portable anymap SYNOPSIS pnmstego [-offset n] [-components rgb] [-bitsched 10010...] file [pnmfile] DESCRIPTION Reads a portable anymap as input. Hides another file within the anymap by changing the low-order bits of each pixel, and writes the modified anymap to standard output. Stegonography means "hidden writing" - it's for storing a message in such a way that an opponent won't even be sure that the message is there, let alone be able to extract, decrypt, and read it. Pnmstego lets you store a file in the low-order bits of a PPM or PGM image. For a typical maxval of 256, this means the pixel values will be changed by only 1/256, which should not be noticable to someone viewing the image. Only PGM and PPM images may be used - trying to hide a file in a PBM image would be easily visible, so it's not allowed. OPTIONS The program has a bunch of flags that let you specify varia- tions on exactly how the bits are hidden in the image. If you don't specify any flags, the default options give you a reasonable storage method, to wit: -offset 0 -components b -bitsched 1 Letting the options default like this has the advantage that you can send a stegoed file to someone without having to specify what flags you used. You can also put the file on a public FTP server for people to retrieve, without needing any other communication. However, there is a disadvantage: people who the file is not intended for will be able to extract it too. If the resulting file is recognizable in some way, for instance if it's encrypted by PGP, then some of the purpose of the stegonographic storage will have been compromised. (A PGP file has a standard header and stores, in cleartext, the keyid needed to decrypt a file.) So, if you want the file to be absolutely positively hidden, you can use non-default settings for the options. Just don't forget what settings you used, and remember that if you want to send the file to someone else you will have to communicate the necessary settings somehow. Now, as for what the options do: -offset Specifies how far into the image to start. If the file runs off the end of the image, it wraps around back to the beginning, so don't worry about specifying too large an offset. In fact, you can even specify an offset larger than the image size - the initial value gets wrapped around too (modulus). Basically, any 32-bit number can be used. -components This lets you specify which of the red, green, or blue color components is used for storing bits. You give it a string made up from one or more of the letters r, g, and b. The default is b, use only the blue component. See the section below on quantization for why the default isn't rgb. If the input image is a PGM file, instead of PPM, this option is silently ignored. -bitsched This lets you skip using some possible bit posi- tions in the image. If the file you're hiding is not so big that you need the whole image to store it, you can use this option to hide it better. The argument is just an arbitrary- length string of 1's and 0's - the 1's say which bit positions should be used, and the 0's which should be skipped. The default is to use all bit positions. QUANTIZATION Normally, to store an image in a colormapped file format such as GIF, you first run it through ppmquant. However, if you try to quantize, then stego, and then convert to GIF, you will find that the ppmquant step will fail with an error about too many colors. This is because the stego step increased the number of colors. You might think, ok, stego first, then quantize; nope, the quantization would destroy the stegonographic message. Here's what you do instead: quantize down to half the number of colors you want in the final file, and then use only one of the three color com- ponents to store the hidden file. Using only one bit per pixel, the number of colors can at most double. This is why the default for the -components flag is to use only blue. So, the pipeline to use is: ppmquant 128 image.ppm | pnmstego message.txt | ppmtogif > hidden.ppm SEE ALSO pnmdestego(1), pnm(5) AUTHOR Copyright (C) 1994 by Jef Poskanzer. From adam at bwh.harvard.edu Tue Mar 1 09:10:52 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 1 Mar 94 09:10:52 PST Subject: ditz in office In-Reply-To: <199403011615.AA28534@panix.com> Message-ID: <199403011710.MAA01927@duke.bwh.harvard.edu> Duncan Frissell wrote: (Hillary Rodham Clinton, speaking in all caps:) | "AT A CERTAIN POINT, YOUR RIGHTS MUST BE ABRIDGED FOR THE PUBLIC GOOD." | | The statement might simply be her response to a question about convicted | rapists not having to submit to an AIDS test. IMHO, there is a world of difference between abrogating the rights of a convicted criminal and the rights of the accused. Society seems to have agreed that conviceted criminals should be stripped of certain rights, such as their freedom and or their ownership of property, after their conviction. Since the question of "Did he have AIDS?" clearly impacts the severity of the crime committed and the impact it may have on the victim, I don't see this as an amazingly shock provoking example of the rights of a criminal being taken away, especially in light of how difficult it seems to be to obtain a conviction for rape. I would not be willing to accept such testing on the basis of anything but a conviction. An accusation (in my mind) is not enough to force a test, nor to force the disclosure of a previous test. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From jef at ee.lbl.gov Tue Mar 1 10:39:58 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Tue, 1 Mar 94 10:39:58 PST Subject: standard for stegonography? Message-ID: <9403011839.AA08937@hot.ee.lbl.gov> I wrote: >offset, wrap-around, bit schedules Actually, that interface is way too complicated and still not that secure. How about if the user just specifies a seed for a random number generator. Then that generator is used to make a *permutation* of the bit locations in the image, and the file's bits are stored in the permuted order. And look, this hides the file-length longword and any fixed file header real well, by spreading them through the image. Now I just have to find a simple but robust RNG that I can include in pbmplus, and some code to generate a permutation of a specified size. I'm not going to have ITAR problems with this, am I? RNGs are still legal to export? Oh, and to answer the original question: no standard. If this idea works, it's clearly better than existing stego systems at hiding the data; that's more important than interoperability. --- Jef From tcmay at netcom.com Tue Mar 1 10:49:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 1 Mar 94 10:49:59 PST Subject: ditz in office In-Reply-To: <199403011458.JAA15119@eff.org> Message-ID: <199403011850.KAA22046@mail.netcom.com> Mike Godwin writes: > Linn Stanton writes: > > > It is an unfortunate fact that in this country, people often react > > differently to an idea, depending on who produces it. I have spoken > > to people who really TRUST Clinton, and who have no objection to clipper > > and the wiretap bill, until you remind them the the Republicans could > > be in office again someday. Then they go "Oh, yeah. That would be a > > problem" > > I don't detect any less opposition to Clipper and Digital Telephony from > Clinton supporters than from Clinton opponents. Quite the opposite, if you > want to know the truth. I tend to agree with Mike here. Playing the "what if" game, had Bush won, the Clipper thing would still be rolling along (remember that it was started long ago, probably in the mid 80s). The arguments against it would have a slightly different flavor, the Right would be more mollified, and the Left would be screaming about a police state. Perhaps more Congressional opposition to Clipper would've emerged if Bush were Prez, but we don't know. I'm hopeful that the Congresscritters will eventually realize that the foundations of a police state are being laid with things like Digital Telephony (proposed first under Bush, of course) and the 31 flavors of Clipper, Capstone, and Tessera. The real problem is not Republican vs. Democrat, but the concentration of more and more economic and political power in the hands of the State and the continual erosion of individual liberties. But you've heard some of us talk about this before, so I'll stop. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From matsb at sos.sll.se Tue Mar 1 10:57:06 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Tue, 1 Mar 94 10:57:06 PST Subject: Freehdom Isn`t Freeh In-Reply-To: <199403011606.AA22179@panix.com> Message-ID: > New York Times, Monday, February 28, 1994 > Business Day > A PUSH FOR SURVEILLANCE SOFTWARE > By John Markoff > A version of the legislation was first proposed in 1991 by the Bush > Administration at the urging of the Justice Department. But unlike that > version, the new bill would limit the surveillance to public networks and > not include company phone systems --- private branch exchanges, or PBXs > --- or private corporate computer networks. This is not fair! But couldn't a network provider hire all it's users for 1 dollar a year and deduct the employees' communications expenses from their salaries (making the net salary negative) thus keeping the network corporate and private? matsb From tcmay at netcom.com Tue Mar 1 11:33:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 1 Mar 94 11:33:44 PST Subject: Virtual Corporations to Avoid Taxes In-Reply-To: Message-ID: <199403011934.LAA28358@mail.netcom.com> Here's an area that has long fascinated me: using corporate entities as a way to bypass taxes on individuals. Mats Bergstrom writes: > > A PUSH FOR SURVEILLANCE SOFTWARE > > By John Markoff > > > A version of the legislation was first proposed in 1991 by the Bush > > Administration at the urging of the Justice Department. But unlike that > > version, the new bill would limit the surveillance to public networks and > > not include company phone systems --- private branch exchanges, or PBXs > > --- or private corporate computer networks. > > This is not fair! But couldn't a network provider hire all it's users for > 1 dollar a year and deduct the employees' communications expenses from > their salaries (making the net salary negative) thus keeping the network > corporate and private? Indeed, anytime a distinction is made between the rights of individuals and corporate entities, all kinds of "gaming" can occur. To pick a truly devious example, in the same vein that Mats just mentioned, consider that corporations don't pay taxes or even report income on site-to-site transfers of goods, knowledge, etc. That is, huge amounts of stuff can flow back and forth within the company and not be treated as "income," because the various parts of the company are treated as part of the whole....only the "net income" ultimately gets taxed. (I'm not suggesting any changes in tax law--trying to tax internal flows would be ludicrous and impractical, as well as being unethical.) Where it gets interesting is if a group of consultants--the Cypherpunks, for example--instantiate themselves as a "corporation" and do mutual consulting and helping....avoiding taxes all the way. (Recall that plumbers and carpenters, for example, who do reciprocal labor are technically supposed to report all income received, to estimate the value of the labor received, etc.). Cyberspatial networks will allow "virtual corporations" to be formed that can shelter a lot of activity that would otherwise be heavily taxed! Kind of like a commune (which I suspect end up reporting very little "net" income and almost no income at all for the individual participants). Individuals would surely want a "real" income to be extractable from the system, and this "net" income would be fully taxable. But the mutual help aspects would not be taxable as is now the case. The best examples of such virtual corporations are _professional partnerships_, as in legal partnerships, medical partnerships, etc. The participants can exchange expertise, help each other, etc., all without reporting the transactions as income (or as expenses, to deduct from their income in other transactions). (Scenario: Create similar partnerships for blue-collar workers, so plumbers, carpenters, roofers, etc. can avoid taxes when they "trade" work.) (I won't get into the interesting issues of how contributors eventually extract income from such deals. There's always the potential for shirkers, layabouts, cheaters, and other phenomena well-known to commune folks. But the potential is there.) I have a sneaking suspicion that all of these ways that corporations can be used to limit taxes are the reasons for so many special laws and taxes on corporations. Imagine that the entity described by Mats Bergstrom is formed, and everyone gets paid their $1 a year.....then the various government agencies (in the U.S., in this example) descend upon the corporation and ask about the health care plans, the OSHA compliance, the minority quotas ("What, you mean 97% of your so-called "hackers" are white males?"), and on and on. And under Bilary's Health Nationalization Plan, if the corporation has more than X employees (where X is currently 50, I believe), it'll be instructed to fork over about $5000 per year per employee, no matter their wages ($1 a year), plus administrative expenses. Oh, and don't forget the minimum wage laws! Despite these problems, I see great opportunities for cypberspatial corporations being used to shield participants against various taxes and regulations. Foreign-based corporations, for example. Techno-communes, anyone? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From plaz at netcom.com Tue Mar 1 11:40:57 1994 From: plaz at netcom.com (Plaz) Date: Tue, 1 Mar 94 11:40:57 PST Subject: standard for steganography? Message-ID: <199403011941.LAA06715@mail.netcom.com> Jim choate wrote: >I have played w/ stego some and w/ the present resolutions of images I dont >find the images have enough complexity to really hide a message of a useable >length, unless you break it up into several images. Present resolutions? What directions do you think it needs to go? Stego handles 24 bit TrueColor (actually 32 bit, but Romana wisely decided not to stuff data in the almost always blank alpha channel), and as many DPI as you have memory for. I don't think there is much call for deeper color resolution. It's true that GIF only accepts 8-bit color and the defacto standard internet transmision format for higher resolutions JPEG is a lossy compression that annhilates the message. Is this what you are refering to? >I use a function to measure the complexity of a image based on adjacent bit >changes. The more complex an image the more bit changes. I measure it thus: > ># of adjacent bit changes in image/ # of bits in image = complexity > >if the complexity is too low or too high (this is counter intuitive) then you >can't hide a message. Consider an image w/ only a few bit flippings, any >message that is inserted will cause the visual image to be distorted in a >noticable way (unless it is truely expressionistic). Now consider a image w/ >every other bit flipped (maximum complexity) which is in effect a >checkerboard. Any bits that get flipped change the pattern to a less complex >one (ie the checkerboard is broken up). Also you have to consider the effects >on edges and the standard deviation inherant in using anti-aliasing. This >will cause bits on the edge to be switched incorrectly for the algorith in >use. Since it is a trivial problem to measure the sd for various graphics >packages this makes a nifty test bed for finding imbedding images. Blank or >mono-chromatic areas also show the same type of errors. Yes, it is recommended that noisy images are used as the message envelope. Scanned or Frame-grabbed are good for this kind of thing. _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz at netcom.com 66 Pyramid Plaza plaz at io.com Freegate, Metaverse at io.com 7777 "Subvert the domination paradigm!" From plaz at netcom.com Tue Mar 1 11:41:08 1994 From: plaz at netcom.com (Plaz) Date: Tue, 1 Mar 94 11:41:08 PST Subject: standard for stegonography? Message-ID: <199403011941.LAA06727@mail.netcom.com> Jef Poskanzer writes: >>Well, try using Stego on an 8 bit PICT, and see for yourself! >>It looks like a >slight< random noise filter was applied to >>the image - plausibly the sort of trouble one would have with >>a slightly imperfect scanner. > >Maybe colormaps on the Mac are always sorted? That would minimize >the visible effect of +-1 changes in index value. Colormaps on the Mac are not "always" anything, since creating custom pallettes is trivial, but yes, they usually are. For best stegonagraphy in 8-bit, I would recomend using the system greyscale pallette. (Greyscale images *almost always* sorted on the mac.) _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz at netcom.com 66 Pyramid Plaza plaz at io.com Freegate, Metaverse at io.com 7777 "Subvert the domination paradigm!" From frode at toaster.SFSU.EDU Tue Mar 1 11:43:20 1994 From: frode at toaster.SFSU.EDU (Frode Odegard) Date: Tue, 1 Mar 94 11:43:20 PST Subject: It's the philosophy, stupid! Message-ID: <9403011941.AA17409@toaster.SFSU.EDU> It's now quite a while since I promised to write something about how the U.S. is starting to look more and more like the Weimar Republic just before Hitler came to power. However, I am simply out of band- width, and will try to get away with recommending the book where I first picked up this idea: "Ominous Parallels" by L. Peikoff The book reveals the philosophical premises of today's Liberals *and* Conservatives and shows how they would fit right into Weimar. In the end, Hitler was the man who promised to implement the ideals of both the right (order, restraint of workers etc.) and the left (social programs, restraint of businessmen.) Both the Protestants and the Catholics praised Hitler, for "increasing the moral standard" of the country. Finally, Ayn Rand's "Atlas Shrugged" is a novel which offers a rather stunning commentary to the words of both Bush and Clinton. Indeed, it was "Atlas Shrugged" which finally prompted me to abandon the super-socialized Norway and move to the U.S.; and here I am watching it grow ever-more statist. :-) As for anyone already aware of / curious about Rand's philosophy, Objectivism, I'll be happy to (per email) answer questions, point them to discussion lists and so on. Frode Odegard From nobody at jarthur.claremont.edu Tue Mar 1 11:50:16 1994 From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu) Date: Tue, 1 Mar 94 11:50:16 PST Subject: No Subject Message-ID: <9403011950.AA27701@toad.com> Hi All... No no answer to the swiss bank question... Duncan... if you KNOW positively then your answer is OK... otherwise if you are shooting from the HIP please refrain... A definitive answer to this question is needed... and currently its unknown... anon From jef at ee.lbl.gov Tue Mar 1 11:58:10 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Tue, 1 Mar 94 11:58:10 PST Subject: low-overhead encrypted telnet Message-ID: <9403011958.AA09178@hot.ee.lbl.gov> I've been talking about entrypted telnet with Craig Leres lately, and he came up with an interesting idea. The background is, sysadmins want encrypted telnet so that passwords don't fly around in the clear, but at the same time, they don't want to spend too many extra CPU cycles. I figured at least some sysadmins would resist installing an encryption-capable telnetd because of this concern about overhead. What you'd really like to do so satisfy these people is encrypt only when actually transmitting passwords. Problem is, that's hard to implement. Kerberos does it by supplying new versions of a dozen different programs, and it still only works within your organization, and even there it doesn't handle chained logins (telnet from host A to host B, then from host B to host C, etc.). It's hard because you have different levels of software trying to talk to each other. A solution that worked entirely within telnet would be a lot simpler. A compromise I thought of a while back is to encrypt the first few kilobytes and then switch to cleartext. This lets you log in securely, the average overhead for the session remains low, and there's no interaction between different software levels. But this also doesn't handle chained logins, if the second login comes later in your session. So here's Craig's idea: only encrypt the client-to-server direction. That's the only direction that passwords go, so it's secure; and it's low overhead because you generally type far fewer characters than you read. Just a tidbit for anyone working on encrypted logins. --- Jef From VACCINIA at UNCVX1.OIT.UNC.EDU Tue Mar 1 11:58:26 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 1 Mar 94 11:58:26 PST Subject: clipper + enaction = illegal alternate encryption Message-ID: <01H9GN16SBXU000676@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Jeremy at crl.com writes: >Now why bother going through all the trouble to take out the chip? Why >not just leave it in there and send RSA encrypted over your phone line? >Once they _DO_ decrypt your clipper, they will still have another barrier. >Leaving the chip in there does make it a little harder even for law >enforcement doesn't it? This is the reason all other forms of encryption will be outlawed if the clipper proposal goes through. I foresee at least two lines of enforcement. The first is that one is held in contempt of court (assuming they can find some charges to press) until you give them your key. How long can they keep you in the slammer on a contempt charge? This option is already available and seems to work, at least so far. The second is to make alternate encryption illegal and thus they will get you even if they have no evidence to charge you with. After all, if the police are monitering you AND you are encrypting information, you must be guilty, right? Encryption will be enough evidence to convict. This makes life easy for law enforcement and will surely be the next step after clipper. If they can't get you for the alleged crime you are committing then use of illegal encryption will provide a consolation prize. They really HAVE to make alternate forms of encryption illegal to make clipper of any value to them, despite the rhetoric we are now hearing (at least some people are hearing). Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLXModj2paOMjHHAhAQH4IgQAy+sqJeI1JqDgtR4kayOuo5ovzcVpxfVM JTi7ZgwLppw859cKhQgGzHfWezpDYQxrYGEfOH4JqFXWUlqEyVgrDhIw2PVMO95p IkGDrU90O/RkUFg9lrEuWvxSXJvKX52Cz6jN7tj7DxkdXYutpc2z80QiPY1mtXN7 wr7XySZ9dzI= =BVk0 -----END PGP SIGNATURE----- From wet!naga Tue Mar 1 12:11:49 1994 From: wet!naga (Peter Davidson) Date: Tue, 1 Mar 94 12:11:49 PST Subject: Insecurity of public key crypto #2 (reply to May) Message-ID: [The BBS I use seems to have brain damage. Apologies if this has already been posted.] >From: tcmay at netcom.netcom.com (Timothy C. May) >Subject: Re: Mac encryption >Date: Wed, 23 Feb 1994 09:56:40 -0800 (PST) > >Ron Davis writes: > >(quoting me [T.C.M.]) > >>>MacPGP, available by anonymous ftp from the soda.berkeley.edu site, is >>>the only one I know of using public key methods, and hence the only >>>one of real interest to Cypherpunks. > >The problem with symmetrical ciphers is one of *scaling*. > >Since a key must be exchanged with each other person, the total number >of keys growns rapidly as the community of participants increases. At >any stage, the key may be lost, stolen, observed, shared with the >Feds, etc. A community of 700 participants, as here on Cypherpunks, >would mean each person would have to generate, exchange (securely!), >and store 700 specific keys for use just with others. Anybody with 700 co-conspirators is asking for trouble, since at least one of them is sure to be a federal agent. Encryption is for concealing "sensitive" information. If it's not sensitive, why bother? If it is sensitive then you'd better be damn sure you can trust the person you're sending it to. >This is the famed "key distribution problem." > >With public key methods, this problem is largely solved. Each person >can generate his or her own key, publish the public key part of it, >and be done with it. It's not that simple. Terry Ritter has pointed out on sci.crypt that the problem with PGP is the validation of public keys used. In other words, the security hole in the use of PGP is not in the encryption methods used, or in the use of PGP itself, but in the possibility of being duped by someone (or some nefarious federal agency) spreading bogus public keys. It's not enough to have a public key which you believe is the public key of a person you wish to communicate securely with - you also have to be sure that the private key which corresponds to this public key is known only to that person, in other words, that the public key really did come from the person you believe it came from. If you get the (presumed) public key of some person X from some directory of public keys, or from some third party, how can you be sure it didn't originate with someone who wants to monitor all the encrypted messages being sent to X? Terry Ritter has explained how a third party can place themselves in the middle of encrypted communications between two people using PGP and monitor everything they say to each other - and this without having to crack RSA or IDEA. This method of eavesdropping applies only to public key encryption systems, not to secret key systems, so I suggest that the latter are still of interest (even to cypherpunks), not only for encrypting data that stays on your hard disk but also for encrypted communications. rom owner-cypherpunks Tue Mar 1 12:11:49 1994 Return-Path: Received: by toad.com id AA28180; Tue, 1 Mar 94 12:11:49 PST Received: from wet.UUCP by toad.com id AA28156; Tue, 1 Mar 94 12:11:44 PST Received: by wet.uucp (/\=-/\ Smail3.1.18.1 #18.2) id ; Tue, 1 Mar 94 11:52 PST Message-Id: Date: Tue, 1 Mar 94 11:52 PST From: wet!naga (Peter Davidson) To: cypherpunks at toad.com Subject: Insecurity of public key crypto #1 (reply to Mandl) Sender: owner-cypherpunks at toad.com Precedence: bulk [My BBS is having fits lately. Apologies if this has already been posted.] >Date: Wed, 23 Feb 94 12:13:57 EST >From: dmandl at lehman.com (David Mandl) >Subject: Re: Mac encryption > >The invention (discovery?) of public-key crypto changed the world, and >makes practical everyday use of crypto infinitely easier. Infinitely? You mean there is absolutely *no* difficulty involved in using PGP? I quit using it up quite a while back. Couldn't be bothered with the hassle. >It also makes >the kinds of specific things cypherpunks are interested in much more >practical (or POSSIBLE). Digital signatures, yes. I haven't had a need for 'em so far (I'm not setting up a digital bank). >If you correspond with hundreds of people on a >regular basis, including people you don't know and people you may send >something to once and never deal with again, it is impractical to say the >least to have to generate and exchange keys. Only "sensitive" information is worth encrypting and if you want to stay out of trouble you don't go giving sensitive information to someone you don't know. A certain mutual knowledge and trust between two people has to be establish before any exchange of sensitive information. >Why was public key crypto invented at all? Why are people interested in >using it? Practically, it's really fundamentally different from symmetric >crypto, which is of very limited use in the situation we're all in now >(anonymous communication, the net, quick hit-and-run dissemination of >information, digital signatures, etc., etc.). Crypto is for concealing information from those you don't want to see it. Public key crypto is thus not fundamentally different from symmetric key crypto. The difference is in communication of the encryption key, which is not a fundamental difference. Both kinds of crypto have problems when it comes to key distribution. In the case of secret key the problem is in keeping the key secret. In the case of public key the problem is in validating the public key. >PGP also has the "web of trust" structure built in. "Trust"? Sure. Just trust the person you got X's public key from (who got it from someone who got it from who knows?). So is X's public key really X's public key? Sure, just trust that it's so, then send X a message and trust that it won't be intercepted by whoever put out the bogus public key for X. From schneier at chinet.com Tue Mar 1 12:16:15 1994 From: schneier at chinet.com (Bruce Schneier) Date: Tue, 1 Mar 94 12:16:15 PST Subject: APPLIED CRYPTOGRAPHY - Errata 1.5.6 - March 2, 1994 Message-ID: APPLIED CRYPTOGRAPHY ERRATA Version 1.5.6 - March 2, 1994 This errata includes all errors I have found in the book, including minor spelling and grammatical errors. Please distribute this errata sheet to anyone else who owns a copy of the book. Page xvii: Third paragraph, first line: "Part IV" should be "Part III". Page 1: First paragraph, fourth line: "receiver cannot intercept" should be "intermediary cannot intercept". Page 6: Sixth and seventh lines: "against symmetric" should be "against a symmetric". Page 8: Second paragraph, first line: "q code" should be "a code". Page 10: Second paragraph, fifth line: Reference "[744]" should be "[774]". Page 11: Second paragraph: "The rotations of the rotors are a Caesar Cipher" should be "Each rotor is an arbitrary permutation of the alphabet". Page 13: Third paragraph: Delete parenthetical remark. Fifth paragraph, first line: "Shift the key" should be "shift the ciphertext". Page 15: Section 1.3, first line: "Throughout the book use" should be "Throughout the book I use". Page 25: "Attacks Against Protocols," first paragraph: "the protocol iself" should be "the protocol itself". Page 27: "One-Way Functions," fourth paragraph: "For example, x^2" should be "For example, in a finite field x^2." Page 28: Third paragraph, third and fourth sentences should be "How to put mail in a mailbox is public knowledge. How to open the mailbox is not public knowledge." Page 30: Fourth line: "symmetric cryptosystems: by distributing the key" should be "symmetric cryptosystems: distributing the key". Page 30: "Attacks Against Public Key Cryptography," second paragraph: "The database also has to be protected from access by anyone" should be "The database also has to be protected from write access by anyone". Also: "substitute a key of his choosing for Alice's" should be "substitute a key of his own choosing for Bob's". Page 30: Last line: "substitute that key for his own public key" should be "substitute his own key for that public key". Page 32: Ninth line: Delete the word "encrypted". Page 34" "Signing Documents with..." First sentence: "too inefficient to encrypt long documents" should be "too inefficient to sign long documents". Page 36: Second line: "document encrypted with" should be "document signed with". "Multiple Signatures," step (2): "Alice or Bob sends" should be "Alice sends". Page 38: Fifth paragraph: "V_X = E_X and that S_X = D_X" should be "V_X = E_X and S_X = D_X". Page 40: Third line: "computer can exist" should be "computer can be". Second paragraph: Delete "should be runs of zeros and the other half should be runs of ones; half the runs". Page 50: Step (3): "With Alice's public key" should be "with "Alice's" public key." Page 51: Step 5: "with what he received from Bob" should be "with what he received from Alice". Page 55: Step (2): At the end of the step, add: "He sends both encrypted messages to Alice." Page 69: Last line: "tried to recover her private key" should be "tries to recover Alice's private key". Page 73: "Bit Commitment Using One-Way Functions," last paragraph: Second and third sentences should be "Alice cannot cheat and find another message (R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). If Alice didn't send Bob R_1, then she could change the value of both R_1 and R_2 and then the value of the bit." Page 77: "Flipping Coins into a Well," first line: "neither party learns the result" should be "Alice and Bob don't learn the result". Third line: parenthetical remark should be: "Alice in all three protocols". Page 78: Step (1): "Alice, Bob, and Carol all generate" should be "Alice, Bob, and Carol each generate". Page 80: Second paragraph, second sentence. It should read: "A general n-player poker protocol that eliminates the problem of information leakage was developed in [228]." Page 90: Last paragraph: "step (3)" should be "step (4)". Page 91: Second line: "step (3)" should be "step (4)". Page 93: "Blind Signatures," first line: "An essential in all" should be "An essential feature of all". Page 98: First paragraph after protocol, fourth line: "to determine the DES key with the other encrypted message" should be "to determine the DES key that the other encrypted message was encrypted in." Page 115: "Protocol #2," third paragraph: "together determine if f(a,b)" should be "together determine f(a,b)". Page 121: Second paragraph: Delete the colon in the third line. Page 131: Fifth paragraph: "each capable of checking 265 million keys" should be "each capable of checking 256 million keys". Page 133: Table 7.2: Third number in third column, "1.2308" should be "0.2308". Page 134: Table 7.3: "1027" should be "10^27". Page 139: Indented paragraph: "could break the system" should be "could break the system within one year". Page 141: "Reduced Keyspaces," last sentence: "don't expect your keys to stand up" should be "don't expect short keys to stand up". Page 148: Eighth line: "2^24" should be "2^32". Page 156: Second paragraph: "blocks 5 through 10" should be "blocks 5 through 12". Page 157: Figure 8.2: "IO" should be "IV". Page 159: Figure 8.3: "IO" should be "IV". Page 161: Figure 8.5: "Decrypt" should be "Encrypt". Page 162: Figure 8.6: "Encipherment" diagram: "Decrypt" should be "Encrypt". Input should be "p_i" instead of "b_i", and output should be "c_i" instead of "p_i". Page 164: Figure 8.7: "IO" should be "IV". Page 165: Last equation: There should be a "(P)" at the end of that equation. Page 167: Second paragraph, last line: "2^(2n-1)" should be "2^(2n-14)". Page 168: Figure 8.8: This figure is wrong. The encryption blocks in the second row should be off-centered from the encryption blocks in the first and third row by half a block length. Page 174: Middle of page: Equations should be: k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2 k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3 k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4 Page 175: Last paragraph, second line: "acting as the output function" should be "acting as the next-state function". Page 177: Diffie's quote, second to last line: "proposal to built" should be "proposal to build". Page 178: Figure 8.20: In "Node 2", the subscripts should be "D_2" and "E_3". Page 190: Fourth paragraph, last line: "to determine M" should be "to determine P". Page 191: First paragraph: "3.5" should be "6.8". "0.56" should be "0.15". "EBCDIC (Extended Binary-Coded Decimal Interchange Code)" should be "BAUDOT". "0.30" should be "0.76". "0.70" should be "0.24". Page 193: Second sentence: "Unicity distance guarantees insecurity if it's too small, but does guarantee security if it's high" should be "Unicity distance guarantees insecurity if it's too small, but does not guarantee security if it's high." Page 198: Fourth paragraph from bottom, second sentence: "If a and b are positive and a is less than n, you can think of a as the remainder of b when divided by n" should be "If a and b are positive and b is less than n, you can think of b as the remainder of a when divided by n". Page 199: Middle of the page: In the sentence "Calculating the power of a number modulo a number", a should not be italicized. Page 201: First line of code: Remove "assuming x and y are > 0". Page 202: Middle of the page: In the sentence "Now, how do you go about finding the inverse of a modulo n?" "a" should be italicized. Page 207: "Jacobi Symbol," formula: Variable "h" should be "a". Also, J(0,n) = 0. Page 209: Fourth paragraph: "If that value does not equal q" should be "If that value does not equal 1". Page 214: Last line: "n" should be "p". Lines 29, 30, and 31: "r" should be "a", and "gcd(p,r)" should be gcd(a,p)". Page 215: Lehman test, step 5: All three "(n-1)/2" should be exponents. Page 217: There should be an open parenthesis in front of the second "ln" in both exponents. Sixth paragraph: "Guassian" should be "Gaussian". Page 222: "Validation and Certification of DES Equipment," first line: "As part of the standard, the DES NIST" should be "As part of the DES standard, NIST". Page 223: Second to last paragraph, last line. Reference "[472]" should be "[473]". Page 225: Figure 10.2: L_i is taken from R_(i-1) before the expansion permutation, not after. And "L_(i)-1" should be "L_(i-1)". Page 227: Fourth line from bottom: "output positions that correspond" should be "output positions correspond". Page 228: Fourth paragraph, last line: "0 to 16" should be 0 to 15". Page 228: Fifth paragraph should read: "For example, assume that the input to the sixth S-box (that is, bits 31 through 36 of the XOR function) are 110010. The first and last bits combine to form 10, which corresponds to row 2 of the sixth S-box. The middle four bits combine to form 1001, which corresponds to column 9 of the same S-box. The entry under row 2, column 9 of S-box 6 is 0. (Remember, we count rows and columns from 0, and not from 1.) The value 0000 is substituted for 110010. Page 231: Table 10.9, sixth line: "80286" should be "80386". Page 233: The second two weak keys should be: 1F1F 1F1F 0E0E 0E0E 00000000 FFFFFFFF E0E0 E0E0 F1F1 F1F1 FFFFFFFF 00000000 Page 238: Next to last line before "Additional Results": "NSA's" should be "IBM's". Page 238: "Differential Cryptanalysis," third paragraph: "(1/16)^2" should be "(14/64)^2". Page 239: Figure 10.4: "14/16" should be "14/64". Page 242: Table 10.14: In "XORs by additions" line, "2^39,2^3" should be "2^39,2^31". In "Random" line, "2^21" should be"2^18- 2^20". In "Random permutations" line, "2^44-2^48" should be"2^33-2^41". Page 245: Line 11" "8 bits is" should be "8 bits was". Page 247: Section heading, "Cryptanalysis of the Madryga" should be "Cryptanalysis of Madryga". Page 250: The two functions should be: S_0(a,b) = rotate left 2 bits ((a+b) mod 256) S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256) Note the difference in parentheses. Page 250: Figure 11.4: Note that a is broken up into four 8-bit substrings, a_0, a_1, a_2, and a_3. Page 251: Figure 11.6: The definitions for S_0 and S_1 are incorrect ("Y = S_0" and "Y = S_1"). See corrections from previous page. Also, "S1" should be "S_1". Page 254: "Security of REDOC III," second sentence. Delete clause after comma: "even though it looks fairly weak." Page 262: Figure 11.9: There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Page 263: Table 11.1: The decryption key sub-blocks that are Z_n^(m)-1 should be Z_n^((m)-1). Also, the second and third column of decryption key sub-blocks in rounds 2 through 8 should be switched. Page 265: Figure 11.10: There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Pages 266-7: Since the publication of this book, MMB has been broken. Do not use this algorithm. Page 267: Sixth line from bottom: Reference should be "[256]". Page 269: "Skipjack." First paragraph. Reference should be "[654]". Page 270: "Karn." Third paragraph. Last sentence: "append C_r to C to produce" should be "append C_r to C_l to produce". Page 271: Middle of the page: "(for example, MD2, MD5, Snefru" should be "(for example, MD2, MD4, Snefru". Page 272: Second to last line: "But it is be analyzed" should be "but it is being analyzed". Page 275: Second to last paragraph: "Using 1028 bits" should be "using 1024 bits". Page 277: First lines: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 281: Third paragraph: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 283: Table 12.2: "PRIVATE KEY: d e^(-1)" should be "PRIVATE KEY: d = e^(-1)". Page 286: Third paragraph: "Eve gets Alice to sign y," "y" should be italicized. Second to last line: "Eve wants to Alice to" should be "Eve wants Alice to". Page 287: Last line: Wiener's attack is misstated. If d is less than one-quarter the length of the modulus, then the attack can use e and n to find d quickly. Page 288: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 289: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 292: Fifth line: "sqrt(x/v)" should be "sqrt(1/v)". Page 294: Second and third lines: "Bob" should be "Victor." Page 295: First line: "t random integers fewer than n" should be "t random numbers less than n". Page 297: Last line: "when" should be "where". Page 301: Middle of the page: Delete the sentence "Since the math is all correct, they do this step." Page 302: Fourth line from bottom: "a" should be in italics. Page 303: "Authentication Protocol," step (1): Add "She sends x to Victor." Page 305: Third paragraph, parenthetical remark: "NIST claimed that having DES meant that both that both the algorithm and the standard were too confusing" should be "NIST claimed that having DES mean both the algorithm and the standard was too confusing". Page 306: Eighth line: "cryptographers' paranoia" should be "paranoia". Page 307: "Description of the Algorithm": "p = a prime number 2^L bits long" should be "p = a prime number L bits long". "g = h^((p-1)/q)" should be "g = h^((p-1)/q) mod p". Page 309: Third line: "random k values and then precompute r values" should be "random k-values and then precompute r-values". Page 314: Protocol, step (1): "when" should be "where". Page 319: There should be a blank line before "discrete logarithm:" and another before "factoring:". Fourth line from the bottom: "depends more on the" should be "depends on more than the". Page 321: Third line: "when h" should be "where h". Page 322: Second paragraph: "over 500 pairs of people" should be "253 pairs of people". Page 326: In the definition of h_i, "H_(i-1)" should be "h_(i- 1)". Page 330: Definitions of FF, GG, HH, and II are wrong. These are correct: FF: "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)" GG: "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)" HH: "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)" II: "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)" Page 336: "HAVAL," sixth line: "160, 92, 224" should be "160, 192, 224". Page 339: "LOKI Single Block": In computation of Hi, drop final "XOR M_i". Page 340: "Modified Davies-Meyer": In computation of H_i, "M_i" should be subscripted. Page 342: "Tandem Davies-Meyer": In computation of W_i, "M_i" should be subscripted. Page 345: "Stream Cipher Mac", first line:" "A truly elegant MDC" should be "A truly elegant MAC". Page 347: Formula: "aX_(n1)" should be "aX_(n-1)". Second paragraph: "(For example, m should be chosen to be a prime number.)" should be "(For example, b and m should be relatively prime.)" Page 351: Second line of text: "they hold current" should be "they hold the current". Page 353: Tenth line (in source code): "< 31" should be "<< 31". Second paragraph: "are often used from stream-cipher" should be "are often used for stream-cipher". Page 356: Source code: "ShiftRegister = (ShiftRegister ^ (mask >> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >> 1)". Page 360: Equation should not be "l(2^1-1)^(n-1)", but "l(2^l- 1)^(n-1)". Page 362: Figure 15.10: "LFSR-B" should be "LFSR-A" and vice versa. The second "a(t+n-1)" should be "a(t+n-2)", and the second "b(t+n-1)" should be "b(t+n-2)". Page 363: Fourth paragraph: "cellular automaton, such as an CSPRNG" should be "cellular automaton as a CSPRNG". Page 365: "Blum-Micali Generator": In the equation, "x_i" should be an exponent of a, not a subscript. Page 367: Paragraph 5: "Ingmar" should be "Ingemar". Page 370: "Using "Random Noise," first paragraph, last line: "output 2 as the event" should be "output 0 as the event". Page 371: Sixth line: "access/modify times of/del/tty" should be "access/modify times of /dev/tty". Page 371: "Biases and Correlations," third line: "but there many types" should be "but there are many types". Page 376: Seventh line: "send a message, M" should be "send a message, P". Page 391: Second protocol, step (1): "in his implementation of DES" should be "in his implementation of DSS". Next sentence: "such that r is either q quadratic" should be "such that r is either a quadratic". Page 402: First line: "when" should be "where". Line 18: "2^t" should be "2^(-t)". Page 406: Step (5): "ij". Page 417: Last paragraph: "Kerberos is a service Kerberos on the network" should be "Kerberos is a service on the network". Page 421: Figure 17.2: In the top message "C" should be lower case. Page 435: "RIPEM": "Mark Riorden" should be "Mark Riordan". Page 436: "Pretty Good Privacy," third paragraph: Delete fourth sentence: "After verifying the signature...." Page 436: Pretty Good Privacy is not in the public domain. It is copyrighted by Philip Zimmermann and available for free under the "Copyleft" General Public License from the Free Software Foundation. Page 437: Fifth line: Delete "assess your own trust level". "Clipper," second paragraph: reference should be "[473]". Fourth paragraph: references should be "[473,654,876,271,57]". Page 438: Middle of page: reference should be "[654]". "Capstone," first paragraph: reference should be "[655]". Page 445: The IACR is not the "International Association of Cryptographic Research," but the "International Association for Cryptologic Research." This is also wrong in the table of contents. Source Code: The decrement operator, "--", was inadvertently typesetted as an m-dash, "-". This error is on pages 496, 510, 511, 523, 527, 528, 540, and 541. There may be other places as well. Page 472: "for( i = 0; i<<16; i++ )" should be "for( i = 0; i<16; i++ )". Page 473: Function "cpkey(into)". "while (from endp)" should be "while (from < endp)". Page 508: Line 8: "union U_INITseed" should be "union U_INIT seed". Page 531: "for( i = 0; i<; i++ )" should be "for( i = 0; i<2; i++ )". Page 558: "#defineBOOLEAN int" should be "#define BOOLEAN int", "#defineFALSE0" should be "#define FALSE 0", and "#defineTRUE(1==1)" should be "#define TRUE (1==1)". Page 564: "#define BOOLEANint" should be "#define BOOLEAN int", "#define FALSE0" should be "#define FALSE 0", and "#defineTRUE(1==1)" should be "#define TRUE (1==1)". Page 569: "rand() > 11" should be "rand() >> 11". Page 569: In "G13.H", "#define G13int" should be "#define G13 int". Page 572: Reference [45]: "Haglen" should be "Hagelin". Page 576: References [136] and [137]: "Branstead" should be "Branstad." Page 578: Reference [184] "Proof that DES Is Not a Group" should be "DES Is Not a Group." The correct page numbers are 512-520. Page 589: Reference [475]: The publisher should be E.S. Mittler und Sohn, and the publication date should be 1863. Page 601: References [835] and [836]: "Branstead" should be "Branstad." Page 602: Reference [842]: "Solvay" should be "Solovay". Page 603: Reference [878]: "Weiner" should be "Wiener." This errata is updated periodically. For a current errata sheet, send a self-addressed stamped envelope to: Bruce Schneier, Counterpane Systems, 730 Fair Oaks Ave., Oak Park, IL 60302; or send electronic mail to: schneier at chinet.com. From warlord at MIT.EDU Tue Mar 1 12:41:05 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 1 Mar 94 12:41:05 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403011958.AA09178@hot.ee.lbl.gov> Message-ID: <9403012040.AA00412@toxicwaste.media.mit.edu> Couple of comments: 1) Kerberos *does* work between corporate entities. I can, for example, go to Iastate (ISU) and get MIT Kerberos tickets, and then rlogin -x to MIT, encrypting the session (I can, and I have). Also, it is possible (and I know someone who is doing it at this moment) for someone from ISU, with ISU tickets, to log into an account here at MIT. 2) Using your example, a user on host A telnets to host B, and from host B they telnet to host C, if the A<->B link is encrypted, then so long as the user trusts host B, then A<->C is secure as well (assuming B<->C is encrypted). 3) Just encrypting from client->server will not necessarily reduce the load on the server. Also, doing something like DES is really not a very high CPU operation, IMHO. Maybe a better protocol than the one done in rlogin -x is in order (this sends 8 characters over the link for every successful "read", which means you can be getting anywhere from 100% down to 12% throughput of plaintext in the cyphertext!) 4) Charon, which is based upon Kerberos, was developed exactly for this type of problem: you want to authenticate securely over links which may not otherwise be secure, but you trust the CPU in front of you! The paper describing Charon is available via anonymous ftp: ftp://toxicwaste.mit.edu/pub/charon/thesis.ps.Z Enjoy! -derek From fnerd at smds.com Tue Mar 1 12:43:48 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 1 Mar 94 12:43:48 PST Subject: Security is TWO Rubber Stamps Message-ID: <9403011948.AA06577@smds.com> Ludwig R. Vogel's letter to New York Newsday makes the point, "...Government intercept procedures involving Clipper technology offer users no more protection from wrongful government surveillance than plain text." FBI guys say they only want to keep the abilities they already have. Vogel turns it around: they want to make sure we have no more protection against them than we already have...except for key escrow... America's Bulwark Against Corruption! Every citizen has the right to the protection of Two Rubber Stamps!* So wear your rubber stamps today, America! +----------------------+ | APPROVED FOR WIRETAP++---------------------+ | U.S. Treasury |+APPROVED FOR WIRETAP | +---------------------++ N.I.S.T. | +----------------------+ *Offer void under certain circumstances that cannot be discussed. -fnerd did i get the two agencies right? quote me - - - - - - - - - - - - - - - We shall have to evolve Problem solvers galore As each problem they solve Creates ten problems more. --Piet Hein -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From MJMISKI at macc.wisc.edu Tue Mar 1 12:53:00 1994 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Tue, 1 Mar 94 12:53:00 PST Subject: On encrypted Logins Message-ID: <24030114501849@vms2.macc.wisc.edu> Does anyone have information on the actual overhead of encrypted logins. What besides telnetd need be modified, specifically? Jef makes an interesting idea for cost containment. Jef, what exactly would y --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From MJMISKI at macc.wisc.edu Tue Mar 1 12:53:22 1994 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Tue, 1 Mar 94 12:53:22 PST Subject: welp. Message-ID: <24030114513424@vms2.macc.wisc.edu> Well now, that message got crunched. I meant to say Jef, what exactly would need to be modified using your monodirictional approach? --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From hughes at ah.com Tue Mar 1 13:26:43 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 1 Mar 94 13:26:43 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: Message-ID: <9403012118.AA08046@ah.com> >Only "sensitive" information is worth encrypting and if you want to >stay out of trouble you don't go giving sensitive information to >someone you don't know. If part of your communications are encrypted and part are not you have sent the message about what information is sensitive and what is not. This difference in encoding is a fir-class message in it's own right. Therefore _all_ communications should be encrypted at all time. It is no argument against the principle that this is difficult to do at the current time. Eric From jef at ee.lbl.gov Tue Mar 1 13:27:15 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Tue, 1 Mar 94 13:27:15 PST Subject: low-overhead encrypted telnet Message-ID: <9403012126.AA09307@hot.ee.lbl.gov> >1) Kerberos *does* work between corporate entities. In practice, no, it doesn't. This is not a technical problem, but it's nevertheless quite real. You will never see inter-realm Kerberos set up at places line netcom, because netcom's sysadmins have better things to do than manage secret keys for every organization that wants to connect. Only a system with completely automated configuration and operation has a chance. >2) Using your example, a user on host A telnets to host B, and from >host B they telnet to host C, if the A<->B link is encrypted, then so >long as the user trusts host B, then A<->C is secure as well (assuming >B<->C is encrypted). Yes, of course, if the A<->B link is encrypted then subsequent logins are secure. The point is to find a way to secure those logins *without* full encryption of the A<->B link. >3) Just encrypting from client->server will not necessarily reduce the >load on the server. In practice, almost all of the time, it will. >Also, doing something like DES is really not a >very high CPU operation, IMHO. Personally I agree with this. Most sysadmins will not. >4) Charon, which is based upon Kerberos, was developed exactly for >this type of problem: you want to authenticate securely over links >which may not otherwise be secure, but you trust the CPU in front of >you! The paper describing Charon is available via anonymous ftp: > ftp://toxicwaste.mit.edu/pub/charon/thesis.ps.Z I'll check this out, but if it's based on Kerberos it's probably useless for the reasons mentioned above. --- Jef From nates at netcom.com Tue Mar 1 13:30:14 1994 From: nates at netcom.com (Nate Sammons) Date: Tue, 1 Mar 1994 13:30:14 -0800 (PST) Subject: Colorado Cypherpunks meeting Message-ID: <199403012130.NAA13994@mail.netcom.com> From warlord at MIT.EDU Tue Mar 1 13:49:25 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 1 Mar 94 13:49:25 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403012126.AA09307@hot.ee.lbl.gov> Message-ID: <9403012149.AA00966@toxicwaste.media.mit.edu> > I'll check this out, but if it's based on Kerberos it's probably > useless for the reasons mentioned above. Charon does not require any shared kerberos. All it does require is that the destination server have an rcmd srvtab, and the user have a kerberos principal that can authenticate to that server in some form. To use your netcom example, if netcom had their own kerberos realm, and if they were running the Charon server, then anyone with a Charon client and a netcom account could securely authenticate to their netcom account, no matter where they were actually coming from. -derek From hughes at ah.com Tue Mar 1 14:08:16 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 1 Mar 94 14:08:16 PST Subject: on international transmissions In-Reply-To: <9402270646.AA25163@prism.poly.edu> Message-ID: <9403012200.AA08101@ah.com> The situation: -- non-USA person retains a USA-based email service -- this person forwards mail to non-USA machine -- this person requests crypto software be sent to the USA email address -- another person sends software to the USA address -- the forwarding works and the software is shipped outside the USA >This way, the author has not broken the law by sending the software >to anysite.com, This is correct, since the sender of the crypto was told that the address was a US place. If, however, the sender of the crypto knows that it will be automatically forwarded outside of the country, the they become liable because they have prior knowledge of the consequences of their actions. >and I haven't either because all I did was to tell >the unix box to forward my mail out of the country. Such a direction is not improper _per se_, but the combination with a request to have crypto software sent to that address means that the requester has prior knowledge that the request will cause crypto software to be exported across US boundaries. And that prior knowledge creates liability. >Neither I nor Joey_CryptoAuthor broke ITAR. Not really. Not >intentionally. Incorrect. The person who sets up forwarding with the intention of moving crypto software automatically outside of the country is in violation. But since I am not a lawyer I feel compelled to point out that the cost of extradition of random people to the USA for trial under USA laws is expensive and difficult, the most recent high-profile example being Noriega. In addition, detection of such an action will be difficult at best, and near impossible to prove if encryption is used. Proof that software was exported in encrypted mail would require at least the following: -- a copy of a particular piece of mail claimed to contain encryption software -- evidence that this particular piece of encrypted mail did in fact contain encryption software -- evidence that a particular piece of encrypted mail was sent outside of the country at a particular time and between two given machines So, someone has to supply the authorities with a copy of the mail, with a decryption of the mail, and with mailer logs evidencing a transmission across USA borders. Mailer logs are typically purged after a week or two. So if the intermediate machine has purged logs and the .forward file is gone, there will be precious little direct evidence left of an actual transmission. If the encryption is addressed to only the receiver, and if the sender did not keep a record of the session key, only the receiver can provide the session key. The session key is necessary to show that a given piece of encrypted mail is an encrypted copy of a particular piece of software. And unless the NSA or the intermediate machine or the sender provides a copy of the particular piece of mail, there's no fact in evidence that any software was actually sent. Of course, if the sender is out to sting you and ther intermediary provides logging information, one might get screwed. But then again, all intermediaries would have to cooperate, were there more than one. And finally, I have written so much only to point out that legality and enforceability are two very different things. Eric From hughes at ah.com Tue Mar 1 14:19:35 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 1 Mar 94 14:19:35 PST Subject: Proposal: Another emergency session of Cypherpunks In-Reply-To: <199402262029.MAA19813@mail.netcom.com> Message-ID: <9403012211.AA08138@ah.com> >Summary: Maybe it's time for another emergency session of Cypherpunks >to discuss policy in the aftermath of the double whammy announcements >of Tessera/Clipper II and the new and even more dangerous Digital >Telephony Bill. Since such a meeting would be only one week before our regular meeting, and since we had ignorantly but presciently scheduled the topic to be "Politics", I see no need. >It'd also be nice if some of the outlying groups (Cambridge, MA, >Washington, D.C., London, Colorado, Austin) could link up with us at >least briefly. [Background: we did voice-over-IP for the emergency meeting last year right after clipper came out.] I'd like to do this again. Can those who are interested in setting up this technically contact me directly for coordination? Also, for those who did it last time, even if you won't be doing it this time, I'd like to hear from you. And if someone can get us an MBONE channel for this, I'd be willing to carry two or three hours of the meeting on a broadcast-only basis. >(If we started at noon, California time, that would be >fine for the East Coasters, but 8 or 9 p.m. for the Londoners....does >the London group still meet?) We'll be meeting at the same time, noon on the second Saturday, as we always do. Eric From wcs at anchor.ho.att.com Tue Mar 1 14:39:49 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 14:39:49 PST Subject: stego Message-ID: <9403012217.AA05764@anchor.ho.att.com> Jim Choate's comments on steganography having problems with images that are too complex or too simple were interesting. Obviously, cartoon-like GIFs aren't a good target, though scanned real stuff may be fine. Weather maps cna be good - back when I worked with the things, I found you could really see about5-6 bits worth of depth, and after that it didn't usually look much different - we stole one or two values from the color-map to draw lines on the satellite images to add state boundaries, various data values, etc., but could have stolen the LSB and maybe 7th bit without major loss on cloud-image pictures. (Radar pictures, on the other hand, were almost all black, with one or two other pixel values, compressed to 2% of original size, and would have been useless for hiding anything in.) Bill From karn at qualcomm.com Tue Mar 1 15:11:31 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 1 Mar 94 15:11:31 PST Subject: Proposal: Another emergency session of Cypherpunks In-Reply-To: <9403012211.AA08138@ah.com> Message-ID: <199403012311.PAA11250@servo.qualcomm.com> If you were to carry the Cypherpunks meeting over the MBONE, which I assume you mean, I'd definitely be interested in joining in from San Diego. Phil From hughes at ah.com Tue Mar 1 15:31:54 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 1 Mar 94 15:31:54 PST Subject: On meetings Message-ID: <9403012324.AA08378@ah.com> Tim asked me to clarify the bit about emergency meetings. I thought he was consider moving the meeting time, among other things. He was not. I mistook his article. Sorry for the misunderstanding. Eric From unicorn at access.digex.net Tue Mar 1 15:35:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 1 Mar 94 15:35:05 PST Subject: Dorothy Denning Message-ID: <9403012335.AA01986@toad.com> -> Also, I've gotten a message through to Ross Perot about our fight against Clipper, and how to reach me, so if I get a response, I'll let you guys know. Anthony <- Oh god, that is all the cause needs. I can see it now: "Transistor brain Ross Perot opposes it! It must be evil!" From m5 at vail.tivoli.com Tue Mar 1 15:35:52 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 1 Mar 94 15:35:52 PST Subject: Problems w/ Clipper In-Reply-To: Message-ID: <9403012335.AA02003@toad.com> Anthony D Ortenzi writes: > 1) Most of us are concerned not with our own privacy if other forms of > encryption are not banned. I don't understand this; what it seems to say, I disagree with completely and suspect everyone else does too. > 2) Collectively, we seem to agree that letting the Government into our > lives in such a way as Clipper provides is not necessarily all that > evil... I completely disagree, and I suspect most other c'punks do as well. > Am I right? I don't think so. > (trying to center the discussion) ...but your motive is good. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From wcs at anchor.ho.att.com Tue Mar 1 15:36:14 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 15:36:14 PST Subject: DES Question Message-ID: <9403012336.AA02022@toad.com> Matthew Ghio writes: > When using DES to encrypt email addresses, the total amount of data to > be encrypted would be only 3 or 4 eight-byte DES blocks. My question > is: Would CBC or CFB really be effective for such a small amount of data Assuming you're using a random initialization vector rather than zeros, yes, CBC or CFB should be quite effective - the first real block is essentially XORed with random junk, though of course if they guess the right key they can check that the block comes out reasonably. But it does prevent a brute-force attack where they decrypt and see if they get ASCII, since they first block is random junk - they're forced to decrypt at least two blocks of data, which is somewhat annoying for brute-force-search machines. Bill From andy at autodesk.com Tue Mar 1 15:36:41 1994 From: andy at autodesk.com (Andrew Purshottam) Date: Tue, 1 Mar 94 15:36:41 PST Subject: Dorothy Denning In-Reply-To: <199402282142.NAA00899@servo.qualcomm.com> Message-ID: <9403012336.AA02039@toad.com> Dr. Denning is a secure systems (OS and databases) research from SRI. Her background is in capability-based OS (her advisor was MUTICS designer Peter Denning, whom she married) and inference of private data from statistical data bases. Her work is interesting and potentially contributes to our privacy, but has little direct connection to cryptanalysis. Phil's objection seems quite reasonable. I recall a profile of the Dr's Denning in one of the popular cracker/phreax exposes, (maybe in Markov/Hafner?) Andy From wcs at anchor.ho.att.com Tue Mar 1 15:42:38 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 15:42:38 PST Subject: ditz in office Message-ID: <9403012341.AA08259@anchor.ho.att.com> (I voted Libertarian, of course; back in '84 I had wasted my vote on (yuk) Mondale because he was the closest to a credible threat to Reagan, and it only encouraged them to get another useless Democrat the next time. If there hadn't been a Lib running, I would have probably voted for Perot just for the chaos factor, though I didn't particularly trust him.) I had, however, hoped that Clinton, as a tax&spend Democrat, would at least bring in some of the Liberal virtues along with the Liberal vices, which would be better than a George Bush who had the vices of the conservatives with none of the virtues. Unfortunately, I've been disappointed, in spite of how low my expectations already were :-) Somebody who favors national ID cards, concentration camps for non-violent political offendors, allowing the Federal cops to burn down the homes of uncooperative religious groups if they won't surrender, restrictions on free speech to keep the cops happy, wiretaps for everyone, and stuff like that is *clearly* no liberal. Some columnist, probably George Will, described him as a "passionate hypocrite", which seems to fit reasonably well. I'd hoped for someone genuinely passionate about something, and I don't see that in him. (Nobody could describe George Bush that way, of course, since the man's clearly not passionate about anything....) Bill Stewart, ranting about politics again.... From fhalper at pilot.njin.net Tue Mar 1 15:46:00 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 1 Mar 94 15:46:00 PST Subject: Applied Crypto Message-ID: <9403012345.AA19252@pilot.njin.net> Does anyone know if Project Guttenberg(or anyone else) has electronic books such as applied cryptography? Thanks, Reuben Halper From wcs at anchor.ho.att.com Tue Mar 1 15:56:51 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 15:56:51 PST Subject: Dorothy Denning Message-ID: <9403012355.AA08431@anchor.ho.att.com> I objected to Anthony Ortenzi's article on Dorothy Denning. Much of the attacks seemed appropriate for a politician like Clinton (:-)), but aren't appropriate for an academic who's doing politics about technical areas, where there so much more *useful* ways to flame her ideas, rather than her character. > Number 1, if someone is an encryption expert [...], why would they endorse > anyone but the recipient being able to decode the message? You're confusing technical tactics with political/social goals. She's an expert in what you can do with encryption, she just has different values about who should be able to benefit from it and how. > Number 2. [Newsday...] > The argument was just very, well, flimsy is the word I guess. I thought so too. Part of it was from writing for a non-technical audience, but some of her arguments have been appallingly weak. El Rukn was a particularly bad example :-), and as you say, it would be nice if she'd just come out and say the government should spy on all of us to keep us from doing Bad Things; it's an argument people can relate to and discuss (though it'll get a lot of negative reaction, which is not her objective.) > Anyone know: > A) Is she an expert in cryptography? Yes - her book from the early 1980s was *the* standard text on crypto for quite a few years, and she's published some other reasonable papers. Dr. Denning is department head of CS or EE or something at Georgetown. > C) Was she dropped on her head a lot as a baby? Probably got scared by a Commie Terrorist Drug Dealer, and comforted by some friendly federal police officer... or else was educated in government-run schools. :-) > Also, I've gotten a message through to Ross Perot about our fight > against Clipper, and how to reach me, so if I get a response, I'll let Clipper sounds like just the kind of thing Perot would enjoy. Bill From wcs at anchor.ho.att.com Tue Mar 1 16:08:32 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 16:08:32 PST Subject: The answer. Message-ID: <9403020006.AA08655@anchor.ho.att.com> > I think I have found the way to end all our problems: ESP. No good - the KGB has top psychics working for them, and the CIA has been working for years to keep up. I read it in the newspaper in the supermarket, so it must be true! Bill From ejohnson at pmip.dist.maricopa.edu Tue Mar 1 16:20:24 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Tue, 1 Mar 94 16:20:24 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) Message-ID: <199403020015.RAA21139@pmip.dist.maricopa.edu> : >Only "sensitive" information is worth encrypting and if you want to : >stay out of trouble you don't go giving sensitive information to : >someone you don't know. : : If part of your communications are encrypted and part are not you have : sent the message about what information is sensitive and what is not. : This difference in encoding is a fir-class message in it's own right. : : Therefore _all_ communications should be encrypted at all time. It is : no argument against the principle that this is difficult to do at the : current time. : : Eric : Would it not make sense, therefore, to publish a public cypherpunks mailing list key, which is returned with subscription requests? All incoming message cleartext to the mailing list server would then be encrypted in the server's key; not for security, but precisely for the reason you state above. That _would_ create quite a volume of encrypted communications to each receipient of the list. --Eric From wcs at anchor.ho.att.com Tue Mar 1 16:22:55 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 16:22:55 PST Subject: I have FOIA'd the Clipper Key Escrow databases Message-ID: <9403020004.AA08640@anchor.ho.att.com> Eric Hughes writes: > Should John's FOIA request for the clipper key database work, it > creates a wonderful hole in the entire key custody system. > It would require a legislative act to plug the hole. Not necessarily - they may be able to claim there's a criminal investigation in progress (one of the standard FOIA loopholes) or they may lose the first round if there isn't one in progress so they'd have to go start investigating somebody (for corruption in government, or spies in the CIA, if nothing else is available :-) Since they don't know who the spy is, or who has which phone, everybody's key must obviously be relevant evidence... But it's clearly a fun opportunity. > Now, how many legislators do you know that are going to make a public > record by voting in favor of Big Brother? If the President supports it, why not a bunch of his fellow politicians? Bill From ritter at cactus.org Tue Mar 1 16:25:01 1994 From: ritter at cactus.org (Terry Ritter) Date: Tue, 1 Mar 94 16:25:01 PST Subject: Large Block DES Newsletter Message-ID: <9403020024.AA06224@cactus.org> Large Block DES Newsletter Vol. I, No. 1 Feb. 28, 1994 Terry Ritter, Ed. Current Standings for the Large-Block DES Proposals: I. NxM DES: A B v v k1 -> DES1 k2 -> DES2 v v C D Exchange Right 4 Bytes E F v v k3 -> DES3 k4 -> DES4 v v G H Falls to meet-in-the-middle like double-DES. Falls to a practical attack by Biham, now called "fix-in-the-middle." II. NxM DES Found Weak Announcement of above. III. Isolated Double-DES 2x construct found weak in original article. The 1x construct: A v k1 -> DES1 v B v km -> XOR v C v k2 -> DES2 v D was found weak by Chris Dodd who pointed out that two different blocks of known-plaintext (A,D) and (A',D') will allow matching (B XOR B') and (C xor X'). (This is similar to Biham's "fix-in-the-middle.") Good going Chris! Also found by Stefan Lucks . IV. Ladder-DES A B | k1 | v v | XOR <- DES1-----| | | | k2 | | v v |---- DES2 -> XOR | | | k3 | v v | XOR <- DES3 ----| | | | k4 | | v v |---- DES4 -> XOR | | v v C D Joseph C. Konczal points out that the construct is indeed vulnerable to meet-in-the-middle. I agree, but note that this seems to imply a 112-bit search. Since we don't need more than 112 or 120 bits of strength, I don't see it as a problem. (Indeed, if we could get more strength, we might want to trade it for speed anyway.) 112 bits (or so) is the design goal, which should be enough for a couple of decades. In a normal cipher design, I would expect each key bit to contribute toward strength, but these are hardly normal cipher designs. Especially when we try to expand block size, extra keys may simply provide another small block with the same strength as a previous small block. Keys will be delivered electronically, so the relatively rare delivery of 2x or 4x or even 8x the expected key material should not pose a serious problem. However, Biham reports: "ladder DES is not more secure than 2**88 steps and 2**64 chosen plaintexts." Now, 2^88 cipherings is 2^32 times as strong as the 2^56 currently in DES (and larger than Skipjack), but hardly the 2^112 intended. For the current design the current options are: 1) live with the 2^88 strength (so far!), 2) design the rest of the system to prevent chosen plaintexts, or 3) prevent more than, say, 2^32 block cipherings under a single key. Actually, we need to know exactly what the problem is, and the limits of it, before we can propose a fix, or decide whether the ladder-DES scheme is unfixable. Summary Three substantially different constructs proposed; of these, two fall, and one is wounded. To review, the intent is to find some relatively-simple construct which builds on the assumed strength of DES to deliver wide blocks and something like 112 bits of strength, with less processing than triple-DES. (I see no need for super-strength, unless it is free.) We still do not know whether or not this is possible. From fnerd at smds.com Tue Mar 1 16:43:10 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 1 Mar 94 16:43:10 PST Subject: Fax / Modem question Message-ID: <9403012238.AA07514@smds.com> (Please respond to this question by private email.) Is it possible to set up most fax/data modems to be ready to receive calls from either fax machines or data modems? If so, in this mode, does it make the beep that sets a calling fax machine going, or does the caller have to push a button to initiate the connection from his or her side? Ditto for data. Doesn't the answer side usually put out the first beep? -fnerd please reply to: fnerd at smds.com - - - - - - - - - - - - - - - blue mass, Pharm. a preparation of metallic mercury with other ingredients, used for making blue pills. -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From fischer at charybdis.prl.ufl.edu Tue Mar 1 16:49:18 1994 From: fischer at charybdis.prl.ufl.edu (G R Fischer) Date: Tue, 1 Mar 94 16:49:18 PST Subject: Dorothy Denning Message-ID: <9403020050.AA24854@charybdis.prl.ufl.edu> > I recall a profile of the Dr's Denning in one of the > popular cracker/phreax exposes, (maybe in Markov/Hafner?) > > Andy I believe you are referring to Bruce Sterling's "The Hacker Crackdown", interesting book because Sterling sympathetically presents many sides: paranoid telco's, testosterone-poisoned adolescent hackers, hand-wringing cops (Dr. Denning is presented in this milieu) and (my personal favorite) the "information wants to be free" libertarians. Randy Fischer From smb at research.att.com Tue Mar 1 16:57:19 1994 From: smb at research.att.com (smb at research.att.com) Date: Tue, 1 Mar 94 16:57:19 PST Subject: PGP on the HP 100 Message-ID: <9403020057.AA03418@toad.com> Has anyone tried putting ViaCrypt PGP on the HP-100? Is anyone but me crazy enough to contemplate it? How abysmal is the performance? --Steve Bellovin From schneier at chinet.com Tue Mar 1 17:10:57 1994 From: schneier at chinet.com (Bruce Schneier) Date: Tue, 1 Mar 94 17:10:57 PST Subject: Cryptography Articles in April 94 Dr Dobbs Journal Message-ID: Check out the April 94 issue of Dr. Dobbs Journal. There are four articles on cryptography, and a cryptanalysis contest. The first article is by myself, about the Cambridge Algorithms Workshop last November. The topic of the workshop was high-speed encryption, and ten complete algorithms were presented. The article discusses the workshop, briefly mentions the algorithms, and talks a little about designing secure algorithms. The second article, by Peter Smith, talks more about the LUC cipher. If you remember his article in the Jan 93 DDJ, LUC is an RSA variant that uses Lucas functions instead of exponentiation. Even though Smith claims to have invented this scheme, it has been around since the early 1980s (see p. 318 of my book). In any case, it's a good article. William Stalling's article is about SHA. It explains how the algorithm works very nicely. (If this is any indication of how his new book will look, I am looking forward to it.) And finally, I have an article describing a new secret-key algorithm: Blowfish. I presented Blowfish at the Cambridge Workshop. The article includes a description of the algorithm and source code (that hopefully will compile on any machine--call me if you have problems). DDJ is sponsoring a cracking context for Blowfish. You don't have to break the entire algorithm, just finding a weakness is sufficient. The best attack received by 1 April 1995 wins. Awards are $750 for first place, $250 for second, and $100 for third. Subscribers should expect to receive their copy of the magazine in a week or so, and newsstand copies will be available by mid- March. Bruce ************************************************************************** * Bruce Schneier * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 * schneier at chinet.chi.il.us ************************************************************************** >From owner-cypherpunks Tue Mar 1 13:49:25 1994 From andy at autodesk.com Tue Mar 1 17:17:00 1994 From: andy at autodesk.com (Andrew Purshottam) Date: Tue, 1 Mar 94 17:17:00 PST Subject: Applied Crypto In-Reply-To: <9403012345.AA19252@pilot.njin.net> Message-ID: <9403020015.AA28709@meefun.autodesk.com> Well, Applied Crypto is of recent (now) vintage, so I would not expect it to show up in Project G. But certainly some of the classic stuff that APP reprints might be candidates. Have the copyrights expired on W. Friedman's texts, or were they pd anyway as Army publications? Andy From cknight at crl.com Tue Mar 1 17:19:30 1994 From: cknight at crl.com (Chris Knight) Date: Tue, 1 Mar 94 17:19:30 PST Subject: Colorado Cypherpunks meeting In-Reply-To: <199403012130.NAA13994@mail.netcom.com> Message-ID: On Tue, 1 Mar 1994, Nate Sammons wrote: > > This saturday, the 5th of March, at 7:00pm in the Penny Lane > coffee shop, there will be a Colorado Cypherpunks meeting to > discuss the recent Clipper/Skipjack/FBI DTB problems. > > Please tell anyone in the area (Colorado) who is interested to > please show up. It's on the South-west corner of 18th street > and Perl. > You maybe want to give a town? Colorado is a BIG place... -ck From rcain at netcom.com Tue Mar 1 17:32:27 1994 From: rcain at netcom.com (Robert Cain) Date: Tue, 1 Mar 94 17:32:27 PST Subject: Insecurity of public key crypto #2 (reply to May) In-Reply-To: Message-ID: <199403020133.RAA14793@netcom9.netcom.com> Peter Davidson sez: > > >This is the famed "key distribution problem." > > > >With public key methods, this problem is largely solved. Each person > >can generate his or her own key, publish the public key part of it, > >and be done with it. > > It's not that simple. Terry Ritter has pointed out on sci.crypt that > the problem with PGP is the validation of public keys used. In other > words, the security hole in the use of PGP is not in the encryption > methods used, or in the use of PGP itself, but in the possibility of > being duped by someone (or some nefarious federal agency) spreading > bogus public keys. It's not enough to have a public key which you > believe is the public key of a person you wish to communicate securely > with - you also have to be sure that the private key which corresponds > to this public key is known only to that person, in other words, that > the public key really did come from the person you believe it came > from. If you get the (presumed) public key of some person X from some > directory of public keys, or from some third party, how can you be > sure it didn't originate with someone who wants to monitor all the > encrypted messages being sent to X? Terry Ritter has explained how a > third party can place themselves in the middle of encrypted communications > between two people using PGP and monitor everything they say to each other > - and this without having to crack RSA or IDEA. Ah, yes. The man in the middle again. If a protocol existed that could guarantee detection of the man in the middle, then it would only need be used once with each conversant to exchange public keys reliably. The whole problem of public key distribution would then be solved. As many of you know, I believe such a protocol exists. :-) Without this detection capability in some form, public key has few advantages except that you only need one of them. A signfigant advantage, I admit but it doesn't seem to solve anything. Exchanging keys between point A and point B requires a chain of trust with no possibility of a man in the middle, not the sort of thing people want to mess with. Peace, Bob -- Bob Cain rcain at netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------ From m at BlueRose.com Tue Mar 1 18:03:44 1994 From: m at BlueRose.com (M Carling) Date: Tue, 1 Mar 94 18:03:44 PST Subject: Applied Crypto Message-ID: <9403020134.AA12320@BlueRose.com> Project Guttenberg has only books that are in the public domain e.g. very old books. I suspect that Bruce Schneier (and the publisher) would like people to buy Applied Cryptography. I found it to be worth the price. M Carling Begin forwarded message: Date: Tue, 1 Mar 94 18:45:49 EST From: fhalper at pilot.njin.net (Frederic Halper) To: cypherpunks at toad.com Subject: Applied Crypto Sender: owner-cypherpunks at toad.com Precedence: bulk Does anyone know if Project Guttenberg(or anyone else) has electronic books such as applied cryptography? Thanks, Reuben Halper From russw at netcom.com Tue Mar 1 18:26:42 1994 From: russw at netcom.com (Russell Earl Whitaker) Date: Tue, 1 Mar 94 18:26:42 PST Subject: Colorado Cypherpunks meeting Message-ID: <199403020227.SAA24907@mail.netcom.com> At 13:30 3/1/94 -0800, Nate Sammons wrote: >This saturday, the 5th of March, at 7:00pm in the Penny Lane >coffee shop, there will be a Colorado Cypherpunks meeting to >discuss the recent Clipper/Skipjack/FBI DTB problems. > >Please tell anyone in the area (Colorado) who is interested to >please show up. It's on the South-west corner of 18th street >and Perl. > Nate, I know people in Colorado who would be interested in going... if you told them what city it might be in. Denver? Russell Russell Earl Whitaker russw at netcom.com Director, Extropy Institute 408-366-5435 ================================================================ From nobody at soda.berkeley.edu Tue Mar 1 18:30:32 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 1 Mar 94 18:30:32 PST Subject: the nsa Message-ID: <199403020230.SAA02384@soda.berkeley.edu> we of the cypherpunks mailing list certainly admire the nsa, perhaps more than any other agency anywhere in the world. because of this admiration, i would like to have a large, color jpeg of the director of the nsa. i will uuencode this and mail it to many many people. could someone post such a jpeg to cypherpunks, or perhaps point me to where i might find one, or point me to a book or magazine that would have one, so i can scan it in? it's ok if the image is a bit noisy. thanks, nobody From wcs at anchor.ho.att.com Tue Mar 1 18:33:45 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 18:33:45 PST Subject: Standards for Steganography Message-ID: <9403020153.AA09443@anchor.ho.att.com> There are basically three classes of things you can hide 1) Plaintext easily-recognized payloads 2) Encrypted payloads with easily-recognized forms, e.g. PGP 3) Encrypted payloads that looks like random noise unless you have the key. (e.g. stealth-PGP or other cryptosystems that don't self-identify.) The definition of "easily-recognized" is obviously context-dependent, depending on your threat model. The proposed stego programs are mainly A) Programs that simply insert the payload, no frills except padding the ends B) Programs that insert the payload with length-markers and checksums C) Programs that encrypt the payload while inserting it D) Mimic functions that adapt the real bits to a given set of statistics Type A stego is fine for Type 3 data, as long as the statistics of the file you're hiding data in make random bits believable. It's obviously not much use for Type 1 data, and only some use for Type 2 data, if you're worried about the Bad Guys knowing that you're sending secret messages (and you probably are, else why bother with stego?) So if you're using Type A stego, make sure you use Type 3 random-looking payloads. Type B stego is a dead giveaway, like Type 2 payloads, if the Bad Guys are looking for it. If you're using encryption programs that do some kind of verification (at least if you have the right key), then you don't need these functions. Sure, the Bad Guys have to do the checksum themselves, which takes some work, but they now have a 256:1 or 64K:1 or whatever certainty there's stuff there. Type C stego programs are ok, if they're sufficiently high-quality, but they have to provide most of the functions of a good encryption program. It makes much more sense to use a software tools approach and separate the encryption from the steganography - if the encryption function doesn't advertise itself blatantly. If you just use a wimpy encryption function (e.g. XOR all the data with 10101010 or a PRNG), it stops wimpy Bad Guys at the cost of annoying the rich competent Bad Guys. The main usefulness of this is for Type 2 payloads, e.g. current PGP, but it's probably better to use Stealth-PGP instead. Type D stego can be useful for cases where the host material doesn't look right if you throw in random bits, and you seriously need to hide something. It's probably most effective with random- looking data (Type 3 payloads); with Type 1 or Type 2 the steganized message will tend to start the same way each time, which is bad, and if you need the quality of data hiding that mimic functions give you, you need a high-quality encryption program as well. All this stuff is essentially saying that you should use simple stego programs and stealthy encryption programs. Among other advantages, it means that you *can* standardize on stego programs without risking the attention of the Bad Guys, and it's much easier to agree on a standard with almost no options than to waste time on the infinite choice of details that you can haggle about with Type B stego - especially since those systems really tend to need good stealthy encryption as much as Type A stego does. Bill From corbet at stout.atd.ucar.EDU Tue Mar 1 18:46:12 1994 From: corbet at stout.atd.ucar.EDU (Jonathan Corbet) Date: Tue, 1 Mar 94 18:46:12 PST Subject: Colorado cypherpunks meeting -- city Message-ID: <199403020246.TAA10388@stout.atd.ucar.EDU> > This saturday, the 5th of March, at 7:00pm in the Penny Lane > coffee shop, there will be a Colorado Cypherpunks meeting to > discuss the recent Clipper/Skipjack/FBI DTB problems. > > Please tell anyone in the area (Colorado) who is interested to > please show up. It's on the South-west corner of 18th street > and Perl. For all of you who haven't heard of Penny Lane...it's in Boulder, on *Pearl* street (frueidan slip there, Nate?). This is about your last chance to check out this place -- it's being booted so that we can have another Starbuck's or some such. Such is life in Boulder these days. (Insert sanctimonious old-timer's sigh here). If I can explain to my wife that one night I'm staying late thrashing up the systems, the next I'm brewing beer with a friend, and the following I'm going to a cypherpunks meeting I'll be there. Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu http://www.atd.ucar.edu/rdp/jmc.html From nobody at soda.berkeley.edu Tue Mar 1 18:49:49 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 1 Mar 94 18:49:49 PST Subject: Insecurity of public key crypto #2 (reply to May) Message-ID: <199403020249.SAA04575@soda.berkeley.edu> ## As many of you know, I believe such a protocol exists. :-) and as many of us believe, you're full of it... and what about the STS protocol that's been presented on the list before?? unless you publish, no one has any good reason to believe you... From rcain at netcom.com Tue Mar 1 18:56:26 1994 From: rcain at netcom.com (Robert Cain) Date: Tue, 1 Mar 94 18:56:26 PST Subject: clipper + enaction = illegal alternate encryption In-Reply-To: <01H9GN16SBXU000676@UNCVX1.OIT.UNC.EDU> Message-ID: <199403020257.SAA26110@netcom9.netcom.com> VACCINIA at UNCVX1.OIT.UNC.EDU sez: > > -----BEGIN PGP SIGNED MESSAGE----- > > Jeremy at crl.com writes: > > >Now why bother going through all the trouble to take out the chip? Why > >not just leave it in there and send RSA encrypted over your phone line? > >Once they _DO_ decrypt your clipper, they will still have another barrier. > >Leaving the chip in there does make it a little harder even for law > >enforcement doesn't it? > > This is the reason all other forms of encryption will be outlawed if the > clipper proposal goes through. I do not think so. It is perceived at very high levels that this simply won't fly. Y'all have been pretty effective at creating an initial negative impression within the press that is being accepted by John and Jane Q. public. Congrats. It is felt that already there has been too much bad press to counteract even with good arguments. If it happens I don't think it will be a matter of legislation but executive order that will stand the scrutiny of private consultation with congress and the flak this early publicity will generate. The latter is just a guess but I do know that the Clipper proponents are not at all encouraged and feel the need for it in the most sincere and concerned ways for what I think are very good reasons. Personally I don't think they will do anything to prevent our opening Pandora's Box simply because they are outflanked and know it but they have considered things they can't say in public that are creating much fear not only within this government but quite recently among many governments. It is not dope dealers or racketeers these governments are worried about. > I foresee at least two lines of enforcement. > The first is that one is held in contempt of court (assuming they can find > some charges to press) until you give them your key. How long can they keep > you in the slammer on a contempt charge? This option is already available > and seems to work, at least so far. This could work except that if exchanges are interactive so that a D-H type protocol can be used to generate one time session keys, using the RSA PK's only to do this securely, then yielding one's private key gives no ability to decrypt any prior interactive sessions. For documents this line of enforcement could work but for conversation it is useless. > > The second is to make alternate encryption illegal and thus they will > get you even if they have no evidence to charge you with. After all, if > the police are monitering you AND you are encrypting information, you > must be guilty, right? Encryption will be enough evidence to convict. > This makes life easy for law enforcement and will surely be the next > step after clipper. Except that if you use Clipper too they will have no reason to suspect that you might be using something hard going into it until they have done the escrow thing and by then you are probably in pretty deep anyway if the escrow method works as described and probably guilty of something pretty serious. There really is a strong argument from their side that says if one must use a form that is immune from a compromise like well escrowed keys one is *way* more than likely to be discussing something most of us would want LE or NS to know about. I know that argument is anathema here but I am finding it more and more compelling. Peace, Bob -- Bob Cain rcain at netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------ From 71332.747 at CompuServe.COM Tue Mar 1 19:32:37 1994 From: 71332.747 at CompuServe.COM (James Hicks) Date: Tue, 1 Mar 94 19:32:37 PST Subject: Who are Worldwide Consultants? Message-ID: <940302030040_71332.747_DHQ92-1@CompuServe.COM> Hello. Has anyone heard of this organization? The below popped into my mail box unsolicited. This is the "E-mail Version" but there is no e-mail return address (that I could find). >James< >***************************************************************************** >FINANCIAL & PERSONAL PRIVACY NEWSLETTER, Spring 1994 Issue, E-mail Version >***************************************************************************** > >Published by: > >Worldwide Consultants >2421 West Pratt Boulevard, Suite 971 >Chicago, Illinois 60645 >U.S.A. > >PURPOSE AND POLICY STATEMENT: In order to keep the Financial and Personal >Privacy Newsletter (FPPN) unbiased, this publication accepts no paid >advertising and does not affiliate itself with, or receive support from, any >particular organization. > >FPPN covers topics of interest to privacy-conscious individuals. We cover the >legal, technological and personal aspects of confidentiality as well as >government and private sector-sanctioned invasion. > >This publication (in its entirety), MAY BE REPRODUCED OR TRANSMITTED in any >form or means without consent of the publisher. This newsletter is a public >service, thus is FREE. Feel free to disseminate by electronic mail or fax, >post on national & international networks and BBSs (Bulletin Board Services), >and distribute in hardcopy (printout) format. > >FPPN presents information and research believed to be reliable, however, it >cannot be guaranteed. Although every attempt has been made to ensure the >accuracy of contained data, Worldwide Consultants, the publisher, cannot >accept liability for misstatements. A complete investigation should be >conducted prior to any commitments. THIS CONTENT OF THIS NEWSLETTER IS FOR >INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS LEGAL OR OTHER PROFESSIONAL >ADVICE. > > > >FROM THE PUBLISHER'S DESK > >We would like to take this time to welcome you to the premier edition of our >publication. The Financial & Personal Privacy Newsletter will bring you hard- >to-find, valuable, and even bazaar information not found in the mainstream >press. We bring you the world in a way that you probably have never seen it >before. > >Please remember that there is an open door for you to air your thoughts, >suggestions and grievances (if any) in writing. Also, we welcome relevant, >well-written and researched articles of at least 500 words. Though we can't >pay for submissions, we will print up to 100 words about the author. > >Enjoy! > >-FPPN Staff > > > >BOOK AND VIDEO REVIEWS > >Confidential Information: Dangers of Disclosure by Bodo Schonebeck is a text >that describes the use and detection of bugs and other monitoring devices used >to obtain sensitive information. The price of the publication is $15 (plus $5 >postage). To order, contact: Security-Investigation-Debugging-Agency, P.O. >Box 4757, D-78512 Tuttlingen, Germany. > > >Asset Protection Strategies: Tax and Legal Aspects by Lewis D. Solomon and >Lewis J. Saret is a 480-page concise text that details various techniques for >protecting assets and reducing the risk of lawsuits. The price of the book is >$125. To order (or examine for 30 days), contact: Wiley Law Publications, >7222 Commerce Center Dr., Suite 240, Colorado Springs, CO 80919 USA; 800-879- >4539; Fax 719-548-4479. Please reference #4-6630. > >Phone Pirates by Ian Angus and Gerry Blackwell is a 246-page guide to >telecommunications fraud. The text describes how hackers penetrate phone >systems and steal long-distance services. The price of the book is $55. To >order, contact: Telemanagement Press, 8 Old Kingston Rd., Ajax, Ontario >L1T 2Z7, Canada 416-686-5050, ext 225. > >PT2 The Practice: Freedom and Privacy Tactics by Dr. W.G. Hill is a candid and >straight-foward text that takes an inside look at international financial >privacy planning and free-living. The price of the book is $100. To order, >contact: Scope International Ltd., 62 Murray Rd., Waterlooville, Hants >PO8 9JL, Great Britain; 44-0705-592255; Fax 44-0705-591975. > >New ID: How to Create a Complete New Identity by L.O.T.I. Group is a 35-minute >videotape that walks the viewer, step-by-step, through the process of identity >change and ID aquisition. The cost of the VHS video is $24.95. To order, >contact: Paladin Press, P.O. Box 1307, Boulder, CO 80306 USA; 303-443-7250; >Fax 303-442-8741. > >Our Vanishing Privacy by Robert E. Smith provides in-depth details (based on >the author's experience and an attorney, government employee, and reporter & >researcher) about information kept on U.S. citizens in government computers. >The price of the book is $12.95. To order, contact: Loompanics Unlimited, >P.O. Box 1197, Port Townsend, WA 98368 USA. > >People Tracking - You Can Find Anyone by Fay Faron & Lee Lapin is an 80- >minute videotape that provides the viewer with details on finding missing >persons of every walk of life. The price of the VHS video is $69.95. To >order, contact: Intelligence Incorporated, 2228 S. El Camino, #349, San Mateo, >California 94403; Fax 415-851-5403. > >How to Achieve Personal and Financial Privacy, 5th Edition by Mark Nestmann is >a 300+ page manual that details virtually every aspect of domestic privacy >protection. The book costs $68. To order, contact: LPP, Ltd., P.O. Box >83538, Phoenix, AZ 85071; 800-528-0559; Fax: 602-943-2363. > > > >SECURE COMMUNICATIONS STRATEGIES > >by Dr. Herrell Roehm, Ph.D. > >WARNING: The instructional format is used for clarity only. The author does >not advocate breaking any law. The reader is solely resposible for any >actions taken. No warrants, expressed or implied are made for any of the >material contained herein. Copyright 1991 I.S.D.A. - All Rights Reserved. > >RECOMMENDED READING FOR Privacy Seekers, Spies, Private Investigators, >Attorneys, Skip Tracers, Security Consultants, Law Enforcement Personnel, >Mercenaries, Collection Agents, Anarchists, Tax Resisters, Secret >Organizations, and The Persecuted and Oppressed. > >INTRODUCTION > >HOW TO USE THIS ARTICLE EFFECTIVELY: Place yourself in the position of >someone requiring maxium privacy AS IF YOUR LIFE DEPENDED ON IT. You'll gain >concrete insight and intuition that will help you avoid those seeking to >locate you, whom we will call the "tracer". Seek to develop your own >individual and unique sense of intuition. Intuition is informed by knowledge, >and knowledge should be informed by intuition. This somewhat intangible >quality can make the crucial difference between safety and exposure of worse. > >HOW MOST MISSING PERSONS ARE FOUND: If the truth were known, skip tracing is >not an extremely difficult profession, and can be very lucrative. The P.I. >(Private Investigator) is not the only kind of tracer. When we speak of >tracer, we mean: P.I.s, Feds and Police, government and private spies and >intelligence agencies, collection agencies, bounty hunters, or anyone who >might want to locate you. To find almost all of your "regular" skips, just >learn the readily available methods. There are more books about missing >persons than any other area of investigation. It represents the "bread and >butter" of many P.I. agencies. Any good tracer will be signed up with one or >more computer search services, and may locate many targets in just a few hours >or days. > >HOW MISSING PERSONS STAY "MISSING": Our privacy seeker is serious, and has >made privacy a way of life. He is hard to find, and makes up perhaps ten >percent or less of all missing persons cases. Some investigators label these >cases "difficult" or "impossible" to locate, often charging large fees anyway. >Some skips are fleeing criminal prosecution, prison, or engage in illegal >enterprises which demand absolute secrecy and security. A high-level of >sercecy and security is required for other legitimate enterprises too: >private investigation, personal bodyguard, critical and/or controversial >research, labs, and inventors to mention a few. Unpopular or "deviant" >lifestyles, beliefs, and practices lead some individuals to distance >themselves from "society" as much as they can. Certain totalitarian trends in >modern society cause some to want to avoid contact with government "Big >Brother" as much as possible. Persons in failed witness "protection" programs >where security has been breached may trun to the private sector after being >compromised by feds or other cops. Additional non-criminal reasons may >include: oppression from political, terrorist and dangerous groups, flight >from abusive families or cults, or fleeing threats of violence perpetrated by >individuals. It is not our purpose to judge or evaluate, and other reasons >exist. All have in common as distinct need for privacy. The techniques >discussed are used to achieve a successful level of privacy and secrecy, but >require DEDICATION AND THOROUGHNESS to be effective. > >SECURE COMMUNICATIONS > >MAIL: Get all your mail at a P.O. Box in a ficticious name. You will have to >fill out U.S.P.S. Form 1093 with a physical address (required), but you can >later "move". Sometimes the post office will ask for an update of your 1093. >This can be routine, but could indicate that someone is mail-tracing you. >They may have already received your "dud" address, and have continued their >inquiry by passing this information on the the P.O., who then ask you for the >updated 1093. The tracer can get a lot of free work done this way, but he >also runs the risk of alerting the skip. The final word here is WATCH YOUR >MAIL. > >MAIL DROPS: A "mail drop" or private postal box is sometimes recommended, but >"caveat emptor" is the watchword. These services are available in most areas, >and are used by numerous individuals and businesses for legitimate reasons. >You can provide additional cover by having your mail go through a series of >drops, but don't forget there are directories of these addresses. Because of >Reverse Skip Tracing (discussed later), we don't recommend mail drops when >seeking maximum security. Safest of all is to establish an address where you >(or a trusted friend or associate) can receive your mail. For the price of >some mail drops, you might rent a small cheap room or apartment in the "seedy" >area of town (if a particular type of address is not needed) where you can get >your mail in a group of mailboxes for that building. You can pick up your >mail at varying times, or have someone else do it for you. Make friends with >the superintendent of a building so that your mail is delivered with that of >the residents (you don't live there, of course). A cover story can easily >account for your need of this service. A "homeless" person might persuade a >mission, church or other agency to receive his mail, but the amount of mail >should be small as not to attract attention. These suggestions work best if >you don't get a lot of mail, and are not involved in illegal or other >compromising situations, which might lead to blackmail, exposure, or worse! > >GENERAL DELIVERY: Sounds hokey, but it's a very good cover. The Main Post >Office in a town or city is probably the best location as they are the busiest >and least likely to remember or notice you. Try to appear properly >nondescript when going for your mail, and don't establish a pattern. > >CREATE A STREET ADDRESS FROM A P.O. BOX: A box is not suitable for all >situations. You will need a street address. Every post office has a physical >street address, so send your mail there. Example: You are Mr. A. Skipper, Box >911, Metropolis, TX 78444-0911. Find out the street address of the P.O., and >write your address like this: Mr. A. Skipper, 1411 Main Street, Number 911, >Metropolis, TX 78444-0911. All boxholders now have an individual 9-digit >zipcode; its use should insure you get mail so addressed. Some correspondents >tell us that an occassional nosey postal employee will say this is not >permissable, but generally you shouldn't have any trouble. If you insist the >employee show you chapter and verse in the administrative codes, you will >probably prevail, but you may draw unwanted attention. In another instance of >a branch post office in a shopping center, there was difficulty obtaining the >actual physical address as the employee claimed it was never used. Even after >the address was obtained, some mail continued to be improperly returned to >sender. You will have to weigh each case, but we recommend that you try >another post office or branch if you run into snags at a particular location. > >REVERSE SKIP TRACING: Some ads for mail drops are just a ploy to get your >name and address, which is crossed referenced with lists of known missing >persons. Even "legitimate" drops may sell their client lists, or allow >tracers to go through the names. You can rest assured that every mail drop >will cooperate with the police or feds if they come around asking about you >(or your assumed name). Many books recommend use of mail drops, but we see >too may possible hangups. Is it possible that some of these "expert" missing >persons authors are just making sure that maildrops have a steady clientel for >reverse tracing? > >ANSWERING ADVERTISEMENTS: Keep your eyes open, and examine closely what is >recommended in some "inside information" or "underground" publications. Be >careful in answering any potentially risky advertisement. An example is found >in magazines catering to drug users and advocates, such as "High Times >Magazine". Many ads are probable D.E.A. fronts, especially the ones for >information or paraphernalia for growing pot (marajuana), mushrooms, ect.. >An ad for information on privacy, false I.D., or illegal scams (by little or >unknown companies), may be a front for reverse skip tracers - or someone else >tracing people like you! Don't avoid seeking new information, but be sure >your postal privacy is well protected. If your return address is traced, be >sure they come up empty-handed. > >REGISTERED AND CERTIFIED MAIL and C.O.D.s: Once you have established your >P.O. Box, the only mail coming to your real address should be "occupant" mail. >If Registered or Certified mail does come (could be C.O.D. or Insured Parcel >Post or ANY mail requiring a signature), say you are someone else, say the >person moved and left no address, moved months or years ago, say anything, but >NEVER sign for mail - no exceptions! The carrier is out of line to ask who >YOU are, so this should work. Tracers use this as a cheap and effective way >to locate skips. > >PACKAGES AND DELIVERIES: Always pay with money orders. Your receipt is proof >enough if required, and virtually impossible to trace. Keep the receipt >blank; don't fill it in unless needed. Although Federal Express, UPS, and >other couriers say they can't deliver to a P.O. Box, you can still use it. >Say on the order, "notify by mail at my P.O. Box for delivery instructions". >This causes a little delay, but the parcel agent will simply send you a post >card with an 800 phone number so you can call with delivery instructions. >Have it sent to a safe address, or don't give them an address at all. Pick up >the package at their office. NEVER have ANYTHING delivered to your real >address! That way, if anything does come, you will be alerted, and refuse >delivery as described. > >TELEGRAMS: We think of them as old-fashioned, but telegrams are still around. >It's not a bad ruse either, and should be treated same as above. > >MAIL TRACING: This is a cheap and useful tool, and is often the opening >gambit in efforts to locate you. Look out for any suspicious mail! All P.O. >Box information on U.S.P.S. Form 1093 can be accessed by others. Numerous >cover letters are avaiable, but the best way is to state that the individual >used the P.O. Box for business purposes, or that a court action is intended or >in the process. The P.O. will release the records, including the physical >street address you gave them. See any good book on researching public records >for more details. If a tracer sends you a letter, and it doesn't come back, >he may be enticed to advance another level, such as a personal visit and/or >surveillance. To deflect First Class and all other mail, consider buying >(through the mail of course) a small rubber stamp saying "Unknown - Return To >Sender", "Deceased", "Moved", "No Fowarding Order On File" or similar P.O. >wording. Be sure to drop it in a mail box NOT served by your regular post >office or branch. Beware of responding to offers asking you to call for >confirmation because you have "won" a free cruise or whatever. A postcard, >flyer or letter may offer a lucrative employment in your profession (or >something else you need or want) with a number to call collect. It may be a >ruse by a tracer. If family or friends' names are known, you may receive an >"emergency call" notifying you of the "death" of a loved one. Don't respond- >no exceptions! Have a backup plan for emergency communications with friends >or family if you absolutely must have it. So if a call comes, you KNOW it's a >ruse, and do not respond. Advance planning is crucial. > >MAIL COVERS: If feds or other cops are tracing you, they may establish a Mail >Cover for a 30 day period, with extensions. A mail cover does NOT require a >warrant, so it's easy to use. It is initiated by the agency working directly >with the local post office. They record ALL the information on the OUTSIDE of >the envelope, based on the premise that this is "public" information. They >identify regular correspondents, contacts, abnks, credit cards, other mail >transactions, suppliers, business associates, and more. Supposedly this does >not delay your mail, but who knows? It seems that it would delay it (given >the efficiency of most P.O. workers) or that you might receive mail in large >amounts when you usually do not. Monitor postmarks, and if you receive a lot >of mail, you should have a good idea how long it takes mail to reach you from >various parts of the country. ALWAYS WATCH MAIL AND DELIVERY PATTERNS. > >SENDING "SENSITIVE" MAIL: If you use a mail drop, change it from time to >time, and always run your mail through more than one drop. When quicker >delivery is needed, consider private delivery services. Drop the package off >at a pick-up point - do NOT have them come to you. Vary your service between >different carriers, and do NOT use post office Express Mail, particularly if >moving detectable contraband. It is routinely X-rayed and "sniffed". The >bus can be sued as numerous parcels are shipped everyday. Common items >shipped are tools, auto parts and equipment of all sorts, but many suitcases >and cardboard boxes as well. Even if you just have an envelope, wrap it in a >large box and weigh it down so that it is similar to other boxes being >handled. Use a typewriter for anything written, preferably a newer electric >model that doesn't leave a distinctive mark or indicate anything about your >key pressure. For short notes, ect., consider taking your paper to a large >discount store where typewriters are set out for your demostration. If you're >typing something that takes a minute of so, this is a good source. Libraries >often have typewriters available for use, so use a cover identity to get a >library card. Better yet copy centers and business centers where typewriters, >computers, printers, and copy machines are located together. No one will >require I.D. to rent you a typewriter for a half hour, and no one will >remember you among hunderds of users. For very sensitive correspondence, >photocopy the letter after you type it, and send this copy as the "original". >Develop an unreadable scrawl as your signature. It's not always necessary to >put your return address, and it is not required. You must be sure that the >mail is correctly addressed, and that nothing inside would compromise your >location or identity if it were opened by the authorities (or a tracer - yes, >they may violate the law!). > >AVOIDING MAIL TRACERS AT YOUR REAL ADDRESS: Remove the mail box. Remove any >signs from doors, windows, outside or walls, which may draw unwanted >attention. Never put YOUR name(s) on anything, and remove any old nameplates. >You can remove address numbers. If the postman has no mailbox or no proper >address, he cannot deliver, and mail is returned "Undeliverable As Addressed". > >MAILING LISTS, PERIODICALS, AND SUBSCRIPTIONS: Use the Direct Marketing >Association, P.O. Box 9008, Farmingdale, NY 11735 to get off most lists. The >IRS uses sophisticated mailing lists to apprehend tax evaders, categorized by >high-salary professions, spending patterns, lifestyles, and purchases like >vacations and luxury cars. Get off as many lists as you can. If you receive >"junk" mail (or other unwanted mail), mark it "addressee unknown - unable to >foward", and drop it in a street mail box, preferably one not served by your >local post office or substation. List users will delete your name to save >future costs. Do this consistently; you'll be off more lists. When you move, >do NOT send "Change of Address" notices to anyone. Start new subscriptions >under your new name at your new P.O. Box. If you subscribe to "exotic" or >unusual publications, you may be traced by this connection to your old life. >Large publications are probably OK, but if your interest is "The Vegetarian >Party Times", or Gum Label Collectors Quarterly", which has only a few >subscribers, you're taking a chance of exposure. NEVER SUBSCRIBE TO A >NEWSPAPER OR ANY OTHER SERVICE USING A DELIVERY PERSON. Tracers know these >individuals are aften talkative, nosey, and area a wealth of information about >you and your habits. Buy it at a news rack, read it at the library, or have >it sent to your P.O. Box. WRITE THE TRACER A LETTER, AND TELL HIM YOUR >"LOCATION": An Air Mail letter from Guatemala City, Paga Pago, Cairo or >Australia saying you're there, and never plan to return to the USA can end a >lot of tracing activities, particularly those of collection agencies. You >need a cooperative person in the other country to remail the letter. Business >agents for banking and forming corporations, and offices for rent in places >like Panama, the Isle of Man or other locations could be used. Check the >classified section of The International Herald Tribune Newspaper, 212-755-8785 >for leads. Some banks in Europe and other countries have good confidentiality >laws, and, if you have an account, some may receive and foward your mail for >you. Letters from diverse locations over a period of time might convince a >tracer that you are roaming about the world, another expatriate American >(there are lots of them) running from responsibilities back home. A word to >the wise: watch out for mail drops abroad - tracers have lists and directories >of these addresses. > >TELEPHONE SECURITY: Depending on who's after you, there may be no security at >all! The feds (and others) can turn a phone into an area "bug" with proper >equipment. If you must have a phone, be aware of the latest technology (an >excellent soure is "Full Disclosure Magazine, which is published monthly by >First Ammendment Press, P.O. Box 67, Lowell, Michigan 49331 USA). Be sure to >list it in a fictitious name or business name. I'm told that Ma Bell now >wants you to be a corporation to do this. That's OK - be a corporation! If >they ask for a corporation registration number, find out what one looks like >in your state, and provide it. If you receive a message or letter asking you >to call someone collect, don't do it! This is an old tracing technique. If >you don't give yourself away in the conversation, the tracer will simply call >the operator, ask for the time, charges and origin of the call and phone >number. Since the tracer is paying for the charges, the operator will be >happy to cooperate. Avoid cordless & cellular phones and radio communication. >Police (and anyone else) can listen and legally record these conversations, >which are exempt from wiretap laws. You're using the open airwaves, so your >communications are literally open to anyone who wants to listen. Numerous >scrambling devices are available. Some cordless phones have variable security >codes, and you could combine this with a voice scrambler (one type of which is >available from Shomer-Tec, P.O. Box 2039, Bellingham, WA 98227). This may be >enough, depending on who's tracing you, but what one computer scrambles, >another computer can eventually unscramble. This also goes for any "codes" >you might device or use. In the ever-changing world of communications >technology and spy devices, "never say never" about anything, and always >assume that someone is at least one step ahead of you in sophistication. STAY >AWAY FROM ALL ELECTRONIC COMMUNICATIONS IF YOU CAN. If you must communicate >over these media, take every possible precaution. Best of all - don't have a >phone. It's easier than you think. A lot of phone use is habit anyway. If >you must make calls, use safe locations like a friend's home or a secure pay >phone, but don't establish a regular pattern anywhere. > >FACE-TO-FACE COMMUNICATIONS: In past times, when your telephone wasn't secure >you could usually set up a face-to-face meeting. The ready availability of >numerous "bugs" has changed all of that, especially the ultra-small micro >varieties. Depending on the level of security required, it can be very >expensive to deploy counter devices and detectors. They may be useless, and >give you a false sense of security. Let's consider a few of the >possibilities. If your meeting place is known, bugs can be planted in >advance. Your contact will probably be bugless, but the whole area would >already be compromised. Simple parabolic ears and smaller listening devices >can easily be employed if cover can be established. These are generally >defeated by meeting in large open spaces, yet this presents its own additional >risks. Technology advances rapidly in theis field. What was science fiction >yesterday is common equipment tomorrow. Never underestimate the technological >capacity of the tracer. Who can you trust when it comes to bugs? Trust no >one! Even a friend or "safe" contact (or their car or home) can be bugged >without their knowledge. After the tracer has identified your contact, he >will observe HIS patterns, just waiting for YOU to show up. This is >particularly successful if you have a girlfriend, pusher, money source, or >anyone/anywhere you just HAVE to visit. The tracer knows you're eventually >coming, so it's just a matter of time. Your contact could be compromised by >threats to his (or his family's) safety, or by blackmail. Very few people >will remain totally loyal under such circumstances. You can hope your contact >will at least warn you if this is happening, but don't count on it. Watch >friends and contacts for any signs which might alert you. When someone who >was helpful, jovial and friendly begins to act reserved, afraid, and uneasy, >they may be under just this kind of pressure. > >A FINAL WORD ON COMMUNICATIONS: Our purpose is to get you in the habit of >thinking, observing, and COMMUNICATING from the position of someone who >requires absolute maximum privacy and security. Its purpose is not to create >paranoia, but don't forget the old saying: "Just because you're paranoid >doesn't mean they're not really out to get you". > >ABOUT THE AUTHOR: Herrell Roehm is the founder and executive director of the >International Security and Detective Alliance (I.S.D.A.), a worldwide society >and professional registry for private investigation and security services. He >is also the editor of I.S.D.A.'s newsletter, The Eagle (subscriptions are >$7.95 for 4 issues). For a sample copy, including information about the >organization, send $2 to: I.S.D.A., P.O. Box 6303, Corpus Christi, TX 78466 >U.S.A.. Dr. Roehm also conducts nationwide missing persons searches and other >examinations in the southern U.S. and Mexico. He may be reached by telephone >at 512-888-6164. > > > >NEWS IN THE WORLD OF PRIVACY PROTECTION AND INVASION > >THE PRIVACY JOURNAL is a monthly newsletter that reports on legislation, legal >trends, new technology, and public attitudes affecting the confidentiality of >information and the individual's right to privacy. The subscription cost is >$109 annually ($135 overseas). For a sample copy, contact the Privacy Journal >at P.O. Box, 28577, Providence, RI 02908 USA; 401-274-7861. > >TRACELESS PHONE CALLS are possible through the use of a service provided by >the International Telephone Company. Private Lines, a service founded by >Beverly Hills Lawyer Will Dwyer II, allows users to make calls via their 900- >number with absolutely no record. The service works for domestic and >international calls. Simply dial 1-900-CALL-888, and select "1" for calls >within the U.S., Canada or the Caribbean at $1.95/minute. Select "2" for all >other direct-dial worldwide locations at $3.95/minute. The calls will appear >on your long-distance bill as calls to 1-900-225-5888 "Secure-Tel". For more >information about the service, contact IPC at 800-823-0080; 408-738-3700; Fax >408-748-4343. > >CAMOUFLAGE PASSPORTS are documents that look exactly like a legally issued >passport, containing the bearers photo and vital stats, and is full of entry >and exit stamps. These documents are bogus passports from countries that >don't exist anymore (i.e. Ceylon, British Guyana, New Hebrides, Upper Volta or >Pantagonia). The purpose of these documents are not travel, but to provide >hijackers, terrorists, and other hostile elements with an alternative identity >in order to save those with high-profile nationalities such as American, >Canadian, British, ect. from harm. The cost of a "Camouflage Passport" is >$550. For more information or to order, contact: Expat World, P.O. Box 1341, >Raffles City, Singapore. > >OFFSHORE COMPANY FORMATION for the purpose of setting up legitimate businesses >or empty shells is simple with the use of the the services of Overseas Comapny >Registration Agents, Ltd.. They are part of an worlwide network of lawyers, >accountants, secretaries and bankers who perform all work with extreme >discretion. For a free 60-page brochure, contact: O.C.R.A., Companies House, >Ramsey, Isle of Man; 800-283-4444 (toll-free from the U.S.); 44-624-815544; >Fax 44-624-815548. > >THE 16TH ANNUAL CONFERENCE OF DATA PROTECTION will be held in The Hague, >Netherlands in September. Government Commssioners will meet with the private >sector to discuss computers and privacy issues. For more information, >contact: Peter Hustinx, Postbus 3011, 2280 GA Rijswijk, The Netherlands. > >BUSINESS ESPIONAGE CONTROLS & COUNTERMEASURES ASSOCIATION (BECCA) is a non- >profit organization dedicated to the protection of proprietary information and >other business secrets. For more information about the group, contact: BECCA, >P.O. Box 55582, Seattle, Washington 98155 USA; 206-364-4672. > >EVERY ASPECT OF COMPUTER, PBX & VOICE MAIL, AND TECHNOLOGICAL PRIVACY is >covered by the Infosecurity News, The magazine for the protection of >information. For details and subscription rates, contact the publication at >498 Concord Street, Framingham, MA 01701 USA; Fax 508-872-1153. > >HAVE YOUR NAME AND PHONE NUMBER REMOVED FROM TELEMARKETING LISTS by writing to >Telephone Preference Service, DMA, P.O. Box 9014, Farmingdale, NY 11735 USA. > >GET COPIES OF YOUR CREDIT REPORT by contacting TRW at 800-392-1122, Equifax at >800-685-1111, or Trans Union at 800-851-2674. > >JIM ROSS' COMMUNICATOR NEWSLETTER covers various topics relating to electronic >surveillance and privacy issues. For a free copy, call 800-US-DEBUG. > >COMPUTING & COMMUNICATIONS LAW & PROTECTION REPORT is a brief guide to >developing corporate policy on monitoring and disclosure of electronic mail >(e-mail). For a free copy, contact: Assets Protection Publishing, P.O. Box >5323, Madison, WI 53705 USA; Fax 608-271-4520. > >ALTERNATIVE INPHORMATION markets numerous publications on high-tech (and not >so technical) methods of privacy invasion. Write for a copy of their catalog: >Alternative Inphormation, P.O. Box 4, Carthage, Texas 75633 USA. > >CORPORATE SECURITY DIGEST is a weekly publication reporting on governmental, >commercial, and industrial security (and privacy) topics. Subscriptions are >$295/year. To request a free copy, contact: Washington Crime News Service, >3918 Prosperity Avenue, Suite 318, Fairfax, Virginia 22031 USA; 703-573-1600. > >CENTRAL INTELLIGENCE AGENCY (CIA) PUBLICATIONS are available by annual >subscription. For information, contact: Document Expediting Project (DOCEX), >Exchange and Gifts Division, Library of Congress, Washington, DC 20540 USA; >202-707-9527. > > > >***************************************************************************** * >OFFSHORE FINANCIAL AND PERSONAL PRIVACY PROGRAMS ALLOW YOU TO PROTECT YOUR >CONFIDENTIALITY IN PERSONAL AND BUSINESS AFFAIRS. A FEW EXAMPLES OF THE From nobody at nowhere Tue Mar 1 19:41:16 1994 From: nobody at nowhere (nobody at nowhere) Date: Tue, 1 Mar 94 19:41:16 PST Subject: No Subject Message-ID: <199403020307.AA05092@xtropia> On Mon, 28 Feb 94 11:48:59 -0800, "Eric Hughes" wrote: > John's request will be denied, no doubt, and will go to court. Should > he prevail in court, the executive branch is bound by that decision. > A key custody database which was public would make the system insecure > and unusable. The executive branch could not change this. Only the > legislature could. > Do not expect a treatment according to the law by the courts. It has been a long time since courts have considered themselves bound by the text of the laws or the constitution. Instead, John should instruct his lawyers to create delays. A Lawyer that can not create a delay is worthless. In the beginning, until the Government figures out what is going on, the Government will probably also want to create a delay. Cypherpunks should tell the public and every possible buyer of the clipper chip, especially the Corporate buyers that the suit exists, and if it is successful, all clipper keys could be disclosed including the keys to Clipper devices. All data that has been transfered via Clipper could be retroactively exposed! This will cause Clipper to be a commercial flop. In short, we can use FUD to kill Clipper! This is a delicious irony because usually FUD is used by the enemies of liberty, not buy its defenders! > Eric From sommerfeld at orchard.medford.ma.us Tue Mar 1 20:05:24 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 1 Mar 94 20:05:24 PST Subject: PGP on the HP 100 In-Reply-To: <9403020057.AA03418@toad.com> Message-ID: <199403020355.WAA00374@orchard.medford.ma.us> From: smb at research.att.com Date: Tue, 1 Mar 94 19:56:40 EST Sender: owner-cypherpunks at toad.com Has anyone tried putting ViaCrypt PGP on the HP-100? Yup. Is anyone but me crazy enough to contemplate it? Nope. (I demoed it to a few people at the ISOC SNDS conference in San Diego a month ago..). How abysmal is the performance? Pretty bad, at least compared to the desktop systems I'm used to. I hope you're patient.. - Bill From rcain at netcom.com Tue Mar 1 20:09:35 1994 From: rcain at netcom.com (Robert Cain) Date: Tue, 1 Mar 94 20:09:35 PST Subject: Dorothy Denning In-Reply-To: <9403012355.AA08431@anchor.ho.att.com> Message-ID: <199403020410.UAA07525@netcom9.netcom.com> bill.stewart at pleasantonca.ncr.com +1-510-484-6204 sez: > > I objected to Anthony Ortenzi's article on Dorothy Denning. > Much of the attacks seemed appropriate for a politician like Clinton (:-)), > but aren't appropriate for an academic who's doing politics about > technical areas, where there so much more *useful* ways to flame > her ideas, rather than her character. I could not agree more. I would rather see her ideas discussed though than flamed. > > > Number 1, if someone is an encryption expert [...], why would they endorse > > anyone but the recipient being able to decode the message? > > You're confusing technical tactics with political/social goals. > She's an expert in what you can do with encryption, she just has different > values about who should be able to benefit from it and how. I spoke with her at some length today and later with a man she recommended I also speak with that is an Assistant to the Director at the NSA. It *is* a question of who should be able to benefit from it but not because they are conerned about any of us here. More later. > > as you say, it would be nice if she'd > just come out and say the government should spy on all of us to keep us > from doing Bad Things; it's an argument people can relate to and discuss > (though it'll get a lot of negative reaction, which is not her objective.) She won't come out and say that because that is not at all what she believes. She is not even looking at us much or giving much thought to the Bad Things we might do. Her scope is much larger than "us." > > > C) Was she dropped on her head a lot as a baby? > Probably got scared by a Commie Terrorist Drug Dealer, and comforted > by some friendly federal police officer... or else was educated in > government-run schools. :-) I wish I could get across to you all how this C) kind of attack affects even people of her stature and public standing. This is a very poor charactature of her as I found her in discussion or have found her writings. She is calm, reasonable, not in the least a hard liner and I haven't seen a trace of the personality traits you give a basis for. Yes, she is very frustrated, even depressed sounding, because she cannot seem to find a way to convey the reality of her concern without it being distorted or pulled into a ridiculous context and yes she is frustrated because she clearly sees the problems facing Clipper. What has not been discussed here very much and what I felt going into the conversations with these people is that they *can't* tell us what they are afraid of. It is not a matter of won't. The conversations bore this out. We have been concentrating on in our discussion here on how much they fear the loss of a power they have gotten used to and abused to where we find it offensive. That is not nearly so much what they fear. It is the *unknown*. It is pretty hard to make public statements like that. The real issue is that this is an *enabling* technology that allows any group of people distributed over the world to meet spontaneously in secret to plan anything. I don't think we can even conceive, nor have they yet, the ways the real Bad Guys (I hope we can agree that some do exist) might find to use this new ability. A very clear danger is sensed in Washington with little real benefit to the civilized and civil majority. In fact, the reason I began to have the qualms about this that I have been expressing lately (besides being in a position to open this Pandora's Box myself now) is that the reason I started looking at crypto a couple of years ago was that I was in an extremely agitated, nearly revolutionary state during the period slightly before the LA riots and for a while thereafter and I came to the conclusion that this system needed to be brought down, simple. I felt that this could be pulled off, in fact, if a method of secure voice communication could be established that would *enable* country wide planning and synchronization. Think about it. Well, my politics have changed considerably for several reasons but I well remember my initial motive for studying crypto and looking for a solution to the man in the middle that didn't require any passwords or prior agreement. I have not, however, lost the belief that dedicated revolutionaries could use it to create havoc not just here but world wide and that could just be the tip of the iceberg. I don't know what the solution is though and I don't think that Dr. Denning, President Clingon or the NSA really has one. The cat is out of the bag now and they seem to realize to their near depression that it won't go back in. I requested the phone meeting with her because I needed to discuss these moral issues with someone that I felt was looking a bit more deeply into it all. I am not sure what I am going to do. I no longer really want to be the one to open the box with something easy to use and foolproof but I know that it is just a matter of time before someone else meanders down the path I found so why act on my personal concerns only to lose the chance to be the first out of the gate. I asked these questions and ran into heavy sighs. I believe it is well understood that only voluntary means of controling this exist and that liklihood is very small. Persuasion is not working and the press has been whipped into a near hysterical state over this by we and our friends (yes, we on the internet are considered to be the force that has derailed their hopes and that was unforseen.) As is obvious I don't consider this government to be a monolithic antagonistic entity out to strip us of rights. Sure it has happened in areas but they are reasonably isolated areas. There are *many* people in this rather diverse government and in an advising capacity to it whose sole concern is our safety and these people are worried. I find it interesting that there are many people here who lack the imagination to understand that there probably are a goodly number of reasons for rightly feeling the need for a Clipper like solution and that it would not be appropriate for the government to be public about them. Why is that so difficult to understand in these times of international strife, terror and technology? Peace, Bob -- Bob Cain rcain at netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------ From dwomack at runner.utsa.edu Tue Mar 1 20:20:32 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Tue, 1 Mar 94 20:20:32 PST Subject: Corporations Message-ID: <9403020420.AA23717@runner.utsa.edu> Mr. May mentioned corporations; I'd like to hear comments on a concept.... Let's suppose an offshore corp. is established somewhere; perhaps Grenada, perhaps Belize, or where ever. You work for this corporation; the corporation produces a product or service. Now, here is where the potential seems to be: the corporation generates bills from the offshore location. Customers pay to the corp., mailing to the offshore location. Constructive receipt, then, is offshore. My understanding is that corporate earnings are subject to the host country's tax, NOT U.S. tax. And, tax waivers are not difficult to get from these other countries. If one wishes to take some risks, the corp. then makes a loan to the individual, at a fair market rate of interest. This would be in addition to whatever miserly wage the corp. paid to it's employees. Of course, the person would be obligated to declare a forgiven loan as income; they would be on their honor to do so, since there would be no paperwork.... Any thoughts? Or is there a gigantic hole in my thinking? Regards.... From punisher at ccwf.cc.utexas.edu Tue Mar 1 20:26:21 1994 From: punisher at ccwf.cc.utexas.edu (The PUNISHER - Judge) Date: Tue, 1 Mar 94 20:26:21 PST Subject: Clipper/Skipjack Message-ID: <199403020426.AA01460@bashful.cc.utexas.edu> just a quick note to tell you all that I just read an editorial in info security by John Droge. He rambles on in much the same way Dorothy Denning does, terrorists, you can trust that gov't...blah, blah, blah.. Anyway, I was wondering why any sane, 1/10 intelligent person would be defending the Clipper chip...then I read his bio...he is a VP at Mykotronx. Looks like their PR machine is in full steam! :) The Punisher From nowhere at bsu-cs.bsu.edu Tue Mar 1 20:32:16 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 1 Mar 94 20:32:16 PST Subject: Stegonography Message-ID: <9403020432.AA11900@bsu-cs.bsu.edu> There's been a lot of discussion lately about trying to make stego files not have any identifying marks, so that usage of stego would be indistinguishiable from noise. A more effective option might be to insert obvious (or somewhat obvious) stego messages in lots of graphics. Take every graphic file you own and hide something in it with a stego program. Put PGP messages in them (even including the obvious ---- BEGIN PGP MESSAGE ---- headers). Or a BBS ad. Or just cute little messages. Then distribute the files that way. Hopefully, people will take these images and pass them on without ever knowing there was stuff in them. If enuff people do this, graphics will become so "polluted" with stego messages that your truly secret PGP messages will be hidden in plain sight along with all the other graphic files full of stuff, and won't stand out. Plus, you could plausably deny having put it there, claiming that it must have been that way when you got it, and that you didn't know it was there. From rarachel at prism.poly.edu Tue Mar 1 20:45:06 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 1 Mar 94 20:45:06 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: <199403020015.RAA21139@pmip.dist.maricopa.edu> Message-ID: <9403020433.AA16707@prism.poly.edu> > Would it not make sense, therefore, to publish a public cypherpunks > mailing list key, which is returned with subscription requests? > All incoming message cleartext to the mailing list server would > then be encrypted in the server's key; not for security, but > precisely for the reason you state above. That _would_ create > quite a volume of encrypted communications to each receipient of > the list. Please don't do that. I don't want to go through hoops to read this mailing list. It's already cumbersome as is. Adding PGP in the soup would make things very nasty. I'd rather not use PGP except for private messages. Perhaps having a usenet news group for encoded mail might be better. Something where everyone can occasionally either send a PGP'ed message with the subject being an encoded version of the receipient's name, or with just random junk that's PGP'ed... This would create enough traffic to be able to hide messages in. Perhaps a special "news" reader program can be written that scans all messages in that group for the encoded name, and if it matches that of the reader it will decode it and dump it in that user's mail or read it (and possibly reply to it) on the spot. From ejohnson at pmip.dist.maricopa.edu Tue Mar 1 21:11:49 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Tue, 1 Mar 94 21:11:49 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) Message-ID: <199403020511.WAA21677@pmip.dist.maricopa.edu> : From rarachel at prism.poly.edu Tue Mar 1 21:44:58 1994 : Subject: Re: Insecurity of public key crypto #1 (reply to Mandl) : To: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) : Cc: cypherpunks at toad.com : X-Mailer: ELM [version 2.4 PL21] : Content-Type: text : Content-Length: 1207 : : > Would it not make sense, therefore, to publish a public cypherpunks : > mailing list key, which is returned with subscription requests? : > All incoming message cleartext to the mailing list server would : > then be encrypted in the server's key; not for security, but : > precisely for the reason you state above. That _would_ create : > quite a volume of encrypted communications to each recipient of : > the list. : : Please don't do that. I don't want to go through hoops to read this : mailing list. It's already cumbersome as is. Adding PGP in the soup : would make things very nasty. I'd rather not use PGP except for private : messages. That was exactly the point Eric Hughes was making; it is not a good strategy to save encryption for only private communications. Besides, procmail (or similar) should be able to handle piping incoming cypherpunks traffic through the decryptor, so the hoop would be transparent anyway. No muss, no fuss. --Eric From tytso at ATHENA.MIT.EDU Tue Mar 1 21:29:19 1994 From: tytso at ATHENA.MIT.EDU (Theodore Ts'o) Date: Tue, 1 Mar 94 21:29:19 PST Subject: Dorothy Denning In-Reply-To: <199403020410.UAA07525@netcom9.netcom.com> Message-ID: <9403020528.AA26183@tsx-11.MIT.EDU> From: rcain at netcom.com (Robert Cain) Date: Tue, 1 Mar 1994 20:10:15 -0800 (PST) What has not been discussed here very much and what I felt going into the conversations with these people is that they *can't* tell us what they are afraid of. It is not a matter of won't. The conversations bore this out. We have been concentrating on in our discussion here on how much they fear the loss of a power they have gotten used to and abused to where we find it offensive. That is not nearly so much what they fear. It is the *unknown*. It is pretty hard to make public statements like that. Yes, it is pretty hard, because it makes it seem as if they have small minds. There have been people who have likened the coming of computers and networking to the invention of the Gutenburg printing press --- that is, it is a critical, enabling technology that will have extremely serious impacts on our society as we know it. I can imagine that back then, the Catholic church must have been deeply opposed to letting the "hoi polloi" access to books, and access to learning. Think of how it would disrupt the social order!!! >From what you have said, it sounds like Denning, et. al's objections are of a similar ilk; they are afraid of how this might completely change society. I agree; it probably will. However, while there may have been some societal upheavals that can be traced back to the introduction of the printing press, in the end I think we can all agree that the printing press was a good thing. The important point that you make is that the cat really *is* out of the bag; I am just concerned that the government, in a futile attempt to try to stuff the cat back in, does perhaps fatal damage to all of our civil rights in its desperation. Look at how civil forfeiture has been used to completely strip someone of his properties, without any due process. Look at the RICO act, and the truely scary things that you can do with it; it was originally applied against the Big Bad Mob, but it's turning out to have much broader applications. So if the cat really is out of the bag, then the government should give up on this ill-conceived Clipper abortion as soon as possible. The fact that the Clipper propoents may actually be recognizing the hopelessness of their task this is a sign of hopefulness or a sign of great danger; the question is whether they will act like rational human beings, or a cornered animal. - Ted From plaz at netcom.com Tue Mar 1 21:35:29 1994 From: plaz at netcom.com (Plaz) Date: Tue, 1 Mar 94 21:35:29 PST Subject: GAMES: The "Crypto Anarchy Game" Message-ID: <199403020536.VAA20802@mail.netcom.com> >Tim, on the cypherpunks list you said: > > Let me also note that this issue has--like so many things on this > list--come up a couple of times. Geoff Dale, for example, proposed a > Cypherpunks game/simulation area in a virtual world at the Illuminati > BBS. I have no idea how it's coming; haven't seen Geoff here in > months. Best wishes to Seth or anyone else who actually implements > such a system. > >I don't know what Geoff has been doing with the Illuminati BBS, but I >do know that he's on the list. Majordomo tells me so: > > plaz at netcom.com (Geoff Dale) > >Geoff, do you think it would be appropriate to describe on the list what >progress, if any, you've made on the above referenced project? Woops, found this in my archives. Almost a week old, forever in net time. I did mention something about possibly doing a cypherpunks area in the Metaverse MOO. I was largely trying to convince someone else to do it. I have done absolutely nothing on this topic. ExI Freegate Virtual Branch, yes. A little work on Cafe Flesh, guilty, but no work on any cypunks game/environment. I doubt the value of spending much time on a cypherpunk "game" anyway. It's not like we had to introduce an internet game to the public before they started to notice it. If someone wants to do it, go for it. It won't register highly in my priority list, tho. TTFN _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz at netcom.com 66 Pyramid Plaza plaz at io.com Freegate, Metaverse at io.com 7777 "Subvert the domination paradigm!" From sandfort at crl.com Tue Mar 1 22:27:57 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 1 Mar 94 22:27:57 PST Subject: Corporations In-Reply-To: <9403020420.AA23717@runner.utsa.edu> Message-ID: C'punks, On Tue, 1 Mar 1994, David L Womack wrote: > . . . > Let's suppose an offshore corp. is established > somewhere; perhaps Grenada, perhaps Belize, > or where ever. You work for this corporation; > the corporation produces a product or service. > > Now, here is where the potential seems to be: > the corporation generates bills from the offshore > location. Customers pay to the corp., mailing > to the offshore location. Constructive receipt, > then, is offshore. My understanding is that > corporate earnings are subject to the host > country's tax, NOT U.S. tax. And, tax waivers > are not difficult to get from these other countries. Yup. And a variation of this is what's called double invoicing. It's one of the things that made Hongkong great. > If one wishes to take some risks, the corp. then > makes a loan to the individual, at a fair market > rate of interest. This would be in addition to > whatever miserly wage the corp. paid to it's > employees. Of course, the person would be obligated > to declare a forgiven loan as income; they would > be on their honor to do so, since there would be > no paperwork.... Congratulations, you have re-invented a time-honored service of offshore banks and incorporation services. Of course, there never has to be a forgiveness of the loan. It can just be rolled over forever. Or, the recipient can use his "loan payments" as a means of ex-patriating more money. I'm really quite impressed with your thinking on this. Though many sophisticated varients of these techniques have existed for years, it is quite an accomplishment to invent them independently. Unlike some knee-jerk hand wringing (mixed metaphor?) I have seen on this list, you have identified the transactional essence present in successful transnational thinking. Again, congratulations. S a n d y From nobody at soda.berkeley.edu Tue Mar 1 22:28:58 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 1 Mar 94 22:28:58 PST Subject: . Message-ID: <199403020628.WAA04657@soda.berkeley.edu> >What has not been discussed here very much and what I felt going into >the conversations with these people is that they *can't* tell us what >they are afraid of. It is not a matter of won't. The conversations >bore this out. We have been concentrating on in our discussion here >on how much they fear the loss of a power they have gotten used to and >abused to where we find it offensive. That is not nearly so much >what they fear. It is the *unknown*. It is pretty hard to make public >statements like that. Repeat after me: Change is our friend. We must embrace change. Change is good. We must lose our fear of change. Change...Change...Change...Change...Change...Change...(click)...Change... From kinney at bogart.Colorado.EDU Tue Mar 1 22:33:46 1994 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Tue, 1 Mar 94 22:33:46 PST Subject: Dorothy Denning Message-ID: <9403020633.AA22730@bogart.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- Robert Cain Writes: >What has not been discussed here very much and what I felt going into >the conversations with these people is that they *can't* tell us what >they are afraid of. Theodore Ts'o writes: >So if the cat really is out of the bag, then the government should give >up on this ill-conceived Clipper abortion as soon as possible. The fact >that the Clipper propoents may actually be recognizing the hopelessness >of their task this is a sign of hopefulness or a sign of great danger; >the question is whether they will act like rational human beings, or a >cornered animal. I think this is very perceptive. Clipper is perhaps the best they could _think_ of given an outmoded set of axioms. If the presumptions people in government have about their own role are no longer valid, they probably don't fully realize it yet, or at least can't admit they do. Clipper is just the kind of woefully clueless thing people in that position would come up with. It is kind of scary. Yikes. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLXPOevfv4TpIg2PxAQE2zQP9HY7vmwAz73DDvW0wHti07p/4hlPOLouQ Yw0gj6Ixrxw00D1trdpZloU3pw5NfHrVGjcLvA12KMJqcjyh9Ga6+q1y/oQOoGzm q/8dTwgKT61pdkTKnPt8Esyy/g30Jzy+QODjdDFMkkey+KwE1vbKIJiQccPvZypJ rFpN4KOqBZ4= =Jo/p -----END PGP SIGNATURE----- From Rolf.Michelsen at delab.sintef.no Tue Mar 1 23:38:25 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Tue, 1 Mar 94 23:38:25 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403011958.AA09178@hot.ee.lbl.gov> Message-ID: On Tue, 1 Mar 1994, Jef Poskanzer wrote: > I've been talking about entrypted telnet with Craig Leres lately, and > he came up with an interesting idea. The background is, sysadmins want > encrypted telnet so that passwords don't fly around in the clear, but > at the same time, they don't want to spend too many extra CPU cycles. > I figured at least some sysadmins would resist installing an > encryption-capable telnetd because of this concern about overhead. [Some text deleted] Have you seen the proposals for an encryption option for TELNET? There are at least two proposals. The first is by David Borman dated April 1990 and the second by Lawrence Brown and Gilje Jaatun dated December 1991. Borman's proposal focuses on the possibility of encryption of passwords only. Unfortunately I don't have a pointer to an electronic copy of these proposals -- perhaps someone else on this list has? I am currently working on a project which requires encrypted TELNET. We will be encrypting *all* transmitted data to protect sensitive information -- not just passwords. Does anybody know the current status of standardization of an encryption option for TELNET? -- Rolf ---------------------------------------------------------------------- Rolf Michelsen Phone: +47 73 59 87 33 SINTEF DELAB Email: rolf.michelsen at delab.sintef.no 7034 Trondheim Office: C339 Norway ---------------------------------------------------------------------- From wcs at anchor.ho.att.com Tue Mar 1 23:38:52 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 1 Mar 94 23:38:52 PST Subject: Clipper (Re: Dorothy Denning) Message-ID: <9403020738.AA12338@anchor.ho.att.com> "W. Kinney" writes: > I think this is very perceptive. Clipper is perhaps the best > they could _think_ of given an outmoded set of axioms. > If the presumptions people in government have about their own role > are no longer valid, they probably don't fully realize it yet, > or at least can't admit they do. I disagree. My opinion is that the axioms involved are 1) We're in power, and want to stay there. 2) Some kinds of technology greatly enhance our power if we control them. 3) Crypto Technology is a major threat to our power unless we control it. 4) Maybe we can stop it if we act quickly, at a cost to society that's low enough that we won't cause a major revolt 5) If we pull that off, the success will help consolidate our power. 6) The public believes almost anything we tell them, at least for a while, as long as we sound sincere. Of those axioms, only 4) is really in question, though 1a) is a bit shaky. Even George Bush could pull off 6) as long as the economy was doing ok. Some of the people, though probably not Clinton, have some other axioms, which I'll agree are obsolete or outright bogus, like: -1) Government is inherently a good way to do things. -2) We can accomplish a lot of good things with our power. -3) We're not really interested in power for its own sake -4) We're smart enough to run a planned economy > Clipper is just the kind of woefully clueless thing people in > that position would come up with. It's not at all clueless. It's offensive, unAmerican, and probably won't win, but there's a subtle malignity to it that's almost Nixonesque in its cleverness, and it's tacky enough they may be able to pull it off. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From tcmay at netcom.com Tue Mar 1 23:54:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 1 Mar 94 23:54:44 PST Subject: Quantum mechanics banned In-Reply-To: <9403020006.AA08655@anchor.ho.att.com> Message-ID: <199403020755.XAA26409@mail.netcom.com> > > > I think I have found the way to end all our problems: ESP. > > No good - the KGB has top psychics working for them, > and the CIA has been working for years to keep up. > I read it in the newspaper in the supermarket, > so it must be true! > > Bill Bill Stewart has failed to add that work on ESP is now classfied UMBRA SECRET SCARLET. The Jason Society has declared Puthoff and Targ's work on remote viewing to be of highest military significance and has moved the research to the National Rensaissance Organization at Fort Belvoir, Virginia. The work is run under codeword security, as part of DOD 451 deep black ops. Quantum cryptography has similarly been deemed of vital national importance to a secret research facility at Area 51 at Groom Lake. Encrypted blind pipes link the researchers to PROMIS databases at MITRE and Fort Monmouth Signal Warfare Lab. Quantum cryptography foils eavesdroppers, as you all know, so it cannot be allowed in the hands of private citizens. As Professor Denning puts it: "Would you want child pornographers to _also_ know how to calculate wave functions?" (However, not all is lost. Quantumpunks are reporting success in penetrating national borders by something they call "crypto tunnelling." Collapse of the Usenet wave function predicted. Sigh! or, as we quantumpunks prefer to say, "Psi.") I learned all this watching "The X-Files." --Tim May, in an unbound state (not California) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hkhenson at cup.portal.com Wed Mar 2 00:23:38 1994 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Wed, 2 Mar 94 00:23:38 PST Subject: fyi Message-ID: <9403020024.1.28502@cup.portal.com> Sorry to inflict this *DRAFT* copy of a letter on the net, but I have begun to feel rather paranoid--the kind of feeling you get from stepping into deep water and being among sharks. (I wonder if Danny C. would have done better if he had kept the net informed as he went along?) I have been told that the court clerks and judge's secrataries (who work for the Justice Departement, and are not really under the control of the Judges) do abuse-of-process favors like thoes reported below for the US Attorneys all the time. When the name spellings and facts get checked, I plan to print it out, put on my suit, and hand deliver it to the Judge Patel in open court. I hope to report in a day or so. H. Keith Henson 799 Coffey Ct. San Jose, CA 95123 408-972-1132 Judge Marilyn Patel Northern District of California 450 Golden Gate Ave., 19th Floor San Francisco, CA 94102 March 1, 1994 Dear Judge Patel: As a friend of the court, I suggest you look into the actions of your clerks. It appears they withhold information from you and play games with your calendar. Last Thursday, Richard Williams (a lawyer from San Jose) made telephone contact with Ms Moriyama in the clerk's office. He had a motion to file for return of property and suppression of evidence in a case which itself involves a report of fraud on Judge Brazil to obtain a search warrant. Ms Moriyama told him that the motion could be placed on the calendar of your court for Monday, February 28, 1994 at 2:30 pm if he could get the motion filed early Friday morning. Mr. Williams had the motion filed by courier with the clerks office by about 9 am last Friday. He fully expected to be before your court Monday at 2:30. I learned of the hearing Friday and made plans to be there myself since my affidavit is part of this motion. Two of Mr. William's staffers talked to Ms Moriyama last Thursday, and are prepared to testify as to her agreement to putting the motion on your calendar, though the option was left open that you might shift it to some other department at the same hour. Monday about 10 am, Ms Moriyama called Mr. Williams saying she had no copy of the motion (two were filed) and denying that she had even agreed to put this matter on your calendar, or even that she had talked to Mr. Williams or his staff the previous week. She tried to get the matter placed before Judge Brenin, and when told that a Magistrate-Judge was unacceptable, she got the motion hearing placed on Judge Caulfield's calendar one day before the matter is to be moved to Tennessee, inflicting great costs and business damage upon the plaintiffs. While talking to Judge Caulfield's clerk on Monday, Mr. Williams was told that the US attorney had ordered the clerks to remove the motion from your calendar after it had been scheduled! Though I do not know that Judge Brazil ever saw the letter I wrote to him, one of his staff called me and left a long message (which I preserved) on my answering machine. In it, the staffer stated that it was not a Judge's role to investigate the fraud perpetrated on his court to which I had directed his attention, and that I should contact the US attorney if I wished the matter to be investigated. Given that the US attorney has manipulated your calendar to prevent these very matters from being brought to the attention of your court, I believe this approach would be akin to getting a fox to guard the henhouse. I have never considered myself a naive person. In spite of this, I have always felt that the judiciary in this country was honest. I still feel this way, but how effective can an honest judge be when their information channels are completely controlled by one party in a case? Sincerely, H. Keith Henson From nobody at jarthur Wed Mar 2 00:57:34 1994 From: nobody at jarthur (nobody at jarthur) Date: Wed, 2 Mar 94 00:57:34 PST Subject: No Subject Message-ID: <9403020857.AA13739@toad.com> Men in Dark Suits, sunglasses and trenchcoats FORCED Bob Cain to Say: > >it is well understood that only voluntary means of controling this >exist and that liklihood is very small. Persuasion is not working and >the press has been whipped into a near hysterical state over this by we >and our friends (yes, we on the internet are considered to be the force >that has derailed their hopes and that was unforseen.) Thanks Bob... that admission from the opposing forces has made all of our effort in this fight worth it... This makes the complete devaluation of this "Clipper/Tessara" nightmare relatively easy.... we doing good... keep the pressure up!! This has lifted the fog of battle for us momentarily... > >As is obvious I don't consider this government to be a monolithic >antagonistic entity out to strip us of rights. Sure it has happened in >areas but they are reasonably isolated areas. There are *many* people >in this rather diverse government and in an advising capacity to it >whose sole concern is our safety and these people are worried. I find My Saftey is REALLY NONE of THEIR concern... they have already insured in court they cant be held liable for mistakes... >it interesting that there are many people here who lack the imagination >to understand that there probably are a goodly number of reasons for >rightly feeling the need for a Clipper like solution and that it would >not be appropriate for the government to be public about them. Why is >that so difficult to understand in these times of international strife, >terror and technology? Here I start to wonder about you Bob... OUR Government caused the current issues we are seeing haunt this country... and they want the keys to ALL the secrest??? Not a chance in HELL Bob... I AND OTHERS WILL MAKE SURE THAT CLIPPER IS TOTALLY SUNK!!! count on it!! anon p.s. to the punks... keep it up... you are doing a GREAT job...(anon pats himself on the back also!!) > > >Peace, > >Bob > From pmetzger at lehman.com Wed Mar 2 04:15:29 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 04:15:29 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: <199403020511.WAA21677@pmip.dist.maricopa.edu> Message-ID: <9403021214.AA21553@andria.lehman.com> Eric Johnson says: > : Please don't do that. I don't want to go through hoops to read this > : mailing list. It's already cumbersome as is. Adding PGP in the soup > : would make things very nasty. I'd rather not use PGP except for private > : messages. > > That was exactly the point Eric Hughes was making; it is not a good > strategy to save encryption for only private communications. > > Besides, procmail (or similar) should be able to handle piping > incoming cypherpunks traffic through the decryptor, so the hoop > would be transparent anyway. No muss, no fuss. So, will procmail run for someone getting this mailing list via CCMail under DOS? There are people doing that, you know. Its one thing to write tools so people can encrypt their routine PRIVATE mail. Its another thing to encrypt mailing lists read by hundreds of people. The former can be adjusted on a case by case basis -- the latter cannot. Perry From pmetzger at lehman.com Wed Mar 2 04:34:22 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 04:34:22 PST Subject: Dorothy Denning In-Reply-To: <9403020528.AA26183@tsx-11.MIT.EDU> Message-ID: <9403021233.AA21564@andria.lehman.com> Theodore Ts'o says: > I can imagine that back then, the Catholic church must have been deeply > opposed to letting the "hoi polloi" access to books, and access to > learning. Think of how it would disrupt the social order!!! Don't look back to the Catholics, Ted. The Russians and Chinese restricted access to printing presses, because they knew that they would permit the overthrow of the government. Dorothy and all the rest are Statists. They are no different from the Russians and the rest. The Communists wanted to restrict access to printing presses because they felt them to be a danger to their society, and Denning and the rest want to restrict cryptography for exactly the same reason. They have no love for the constitution -- they believe in "balancing" constitutional rights, "giving up" rights for "security" and all the rest. They THINK they have love for the constitution. They THINK they are patriots. In fact, they are no different in ANY of the arguments they make from fascists or communists. If Denning knew how much of what she said sounds exactly like stuff coming out of Pravda from the 1960s, she'd probably either flip or go into denial. I used to read translations of Pravda a lot as an original source for researching Soviet history. Her stuff also bears an uncanny resemblence to public statements made by Nazi leaders at various times about dangerous things the public couldn't get their hands on, and how various rights needed to be restricted in order to "protect" the public. > The important point that you make is that the cat really *is* out of the > bag; I am just concerned that the government, in a futile attempt to try > to stuff the cat back in, does perhaps fatal damage to all of our civil > rights in its desperation. People forget about the fact that rights are not just a nicety, the way Denning thinks. They are critical to our survival. The U. S. is not a nice place that happens to grant rights because it has a benevolent government -- it has a benevolent government and is a nice place because it grants rights. This crucial distinction is lost on those who would trade rights for safety -- the Dennings of the world believe safety is a commodity that may be purchased with rights. John Gilmore has noted that once you have replaced all a government's mechanisms with mechanisms that would be needed for a fascist government to run the country, fascism can be achived by a mere change in attitude by the governors. Denning and the rest don't grok that. They think "this is America; it can never happen here." My relatives who perished in the holocaust all said "this is Germany; the land of Goethe and Schiller; one of the greatest intellectual centers on earth; how can this happen here?" People never ask the distinction that made the U.S. government stable where others fall every few decades. They just assume it to be a fact of nature -- that they can play with the basis of that fact all they like without making the fact itself disappear. Cause and effect do not work that way. > Look at how civil forfeiture has been used > to completely strip someone of his properties, without any due process. > Look at the RICO act, and the truely scary things that you can do with > it; it was originally applied against the Big Bad Mob, but it's turning > out to have much broader applications. Once all telecommunications in this country are instantly interceptable; once all the FBI Digital Telephony crap and the Clipper crap are merged together, any fascist takeover could immediately start bugging all phones at will. They could immediately determine who their enemies were talking to at will. They could trace all economic transactions at will. (They want to be able to do that, too -- look at FinCen, also an idea "to protect us".) In short, this is a major tool that they would want. It looks so much like the premises behind the East German or Bulgarian phone network ran on that we should ask ourselves WHY. > So if the cat really is out of the bag, then the government should give > up on this ill-conceived Clipper abortion as soon as possible. It is, of course, already way too late for them to do anything. The damage they can do before they realize this might, however, be extreme. Perry From an64372 at anon.penet.fi Wed Mar 2 05:07:33 1994 From: an64372 at anon.penet.fi (an64372 at anon.penet.fi) Date: Wed, 2 Mar 94 05:07:33 PST Subject: Virtual Corporations to Avoid Taxes Message-ID: <9403021223.AA08175@anon.penet.fi> Timothy C. May writes: > Here's an area that has long fascinated me: using corporate entities > as a way to bypass taxes on individuals. > > [misc. examples deleted] I've been researching this and related topics (offshore corporations, non-U.S. banks, mail drops, etc.) and I have many ideas and questions I'd like to discuss. Is this an appropriate mailing list or does a superior venue exist? Is there enough interest for a new list? Are there any commercial providers that run electronic mailing lists (if so, how costly are they)? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From Tomaz.Borstnar at arnes.si Wed Mar 2 05:24:08 1994 From: Tomaz.Borstnar at arnes.si (Tomaz Borstnar) Date: Wed, 2 Mar 94 05:24:08 PST Subject: Virtual Corporations to Avoid Taxes In-Reply-To: <9403021223.AA08175@anon.penet.fi> Message-ID: <9403021323.AA18119@toad.com> In-reply-to: Your message dated: Wed, 02 Mar 1994 12:23:29 -0300 > I've been researching this and related topics (offshore > corporations, non-U.S. banks, mail drops, etc.) and I have many ideas > and questions I'd like to discuss. Is this an appropriate mailing > list or does a superior venue exist? Is there enough interest for a Don't think so. We better get a new list. Tomaz From loofbour at cis.ohio-state.edu Wed Mar 2 06:52:01 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Wed, 2 Mar 94 06:52:01 PST Subject: Increasing the encrypted/unencrypted ratio (was Re: Insecurity of public key crypto #1 (reply to Mandl)) In-Reply-To: <9403021214.AA21553@andria.lehman.com> Message-ID: <199403021451.JAA28312@styracosaur.cis.ohio-state.edu> "Perry E. Metzger" writes: > Eric Johnson says: [in reply to bits about encrypting The List] > > Besides, procmail (or similar) should be able to handle piping > > incoming cypherpunks traffic through the decryptor, so the hoop > > would be transparent anyway. No muss, no fuss. > > So, will procmail run for someone getting this mailing list via CCMail > under DOS? There are people doing that, you know. Ah - so provide an unencrypted list for the software-challenged and the merely lazy. The incentive for using the encrypted list, then? Simple -- 1. Increasing ones personal encrypted-to-unencrypted ratio and 2. The old chestnut -- delay the unencrypted list 24 hours. Do I need to insert the stereotype that those who can't run procmail are probably experiencing worse delays than the above thanks to their UUCP feed? Or is enough to use the "information*timeliness=value" argument that's been advanced in the past to advocate encrypting traffic *to* the list? Either way, the rhetorical advantage still lies in the turnaround time to the list. > Its one thing to write tools so people can encrypt their routine > PRIVATE mail. Its another thing to encrypt mailing lists read by > hundreds of people. The former can be adjusted on a case by case basis > -- the latter cannot. I believe it's traditional to reply "Indeed." nathan From adam at bwh.harvard.edu Wed Mar 2 07:15:34 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 2 Mar 94 07:15:34 PST Subject: low-overhead encrypted telnet In-Reply-To: Message-ID: <199403021514.KAA03435@duke.bwh.harvard.edu> Rolf wrote: | I am currently working on a project which requires encrypted TELNET. We | will be encrypting *all* transmitted data to protect sensitive | information -- not just passwords. Does anybody know the current status | of standardization of an encryption option for TELNET? I don't, but I would question the wisdom of putting lots of effort into a telnet encryption scheme. I would think it would be much more productive to build an encryption scheme at the network level, say, as packets are being encapsulated, so that users can specify that they want an encrypted session for telnet or ftp, or even sendmail could encrypt automatically when sending to certain hosts. By using a public key scheme to exchange session keys (much like PGP), you could obtain the public key affiliated with your destination IP, and know your packets are getting to the right place. A general framework, based on public key encryption would be a far more flexible, powerful and useful tool for generating security on the net than simply securing TELNET. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From sdw at meaddata.com Wed Mar 2 07:49:46 1994 From: sdw at meaddata.com (Stephen Williams) Date: Wed, 2 Mar 94 07:49:46 PST Subject: stego In-Reply-To: <9403012217.AA05764@anchor.ho.att.com> Message-ID: <9403021550.AA05379@jungle.meaddata.com> > > Jim Choate's comments on steganography having problems with images > that are too complex or too simple were interesting. > Obviously, cartoon-like GIFs aren't a good target, though scanned > real stuff may be fine. Weather maps cna be good - back when I worked > with the things, I found you could really see about5-6 bits worth of > depth, and after that it didn't usually look much different - > we stole one or two values from the color-map to draw lines on > the satellite images to add state boundaries, various data values, etc., > but could have stolen the LSB and maybe 7th bit without major loss on > cloud-image pictures. (Radar pictures, on the other hand, were almost I haven't been able to keep up with all of the Stego discussion, but on pictures with few colors and a large amount of a small number of colors (like cartoons, etc. with a backround), you could use the unused color table entries. You set these to be the same colors as the correspondingly largest used colors and use them when juxtaposed with their color. Original: [0,A] 00000000000000000000000000000000000000000000000 000000000000000A000000000000000A000000000000000 000000000000000A000000000000000A000000000000000 000000000000000A000000000000000A000000000000000 000000000000000A000000000000000A000000000000000 000000000000000A000000000000000A000000000000000 000000000000000A000000000000000A000000000000000 00000000000000000000000000000000000000000000000 Stego-colormap: (1/0 repeat) [0=1,A=B] 01010101010101010101010101010101010101010101010 010101010101010B010101010101010B010101010101010 010101010101010B010101010101010B010101010101010 010101010101010B010101010101010B010101010101010 010101010101010B010101010101010B010101010101010 010101010101010B010101010101010B010101010101010 010101010101010B010101010101010B010101010101010 01010101010101010101010101010101010101010101010 Won't compress as well of course, but the picture is identical. Multiple color entries at the same setting could be used to encode more bits. (0=1=2=3 gives 2 bits info). You then leave the least used colors alone. More easily detectable I suppose though since multiple color settings were the same. One way around that is to make them just a shade off, which wouldn't change the actual color much. > all black, with one or two other pixel values, compressed to 2% of original > size, and would have been useless for hiding anything in.) > > Bill > -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net sdw at meaddata.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together From ejohnson at pmip.dist.maricopa.edu Wed Mar 2 07:50:23 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Wed, 2 Mar 94 07:50:23 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) Message-ID: <199403021550.IAA22518@pmip.dist.maricopa.edu> : > : Please don't do that. I don't want to go through hoops to read this : > : mailing list. It's already cumbersome as is. Adding PGP in the soup : > : would make things very nasty. I'd rather not use PGP except for private : > : messages. : > : > That was exactly the point Eric Hughes was making; it is not a good : > strategy to save encryption for only private communications. : > : > Besides, procmail (or similar) should be able to handle piping : > incoming cypherpunks traffic through the decryptor, so the hoop : > would be transparent anyway. No muss, no fuss. : : So, will procmail run for someone getting this mailing list via CCMail : under DOS? There are people doing that, you know. Yes, I am aware of that. : Its one thing to write tools so people can encrypt their routine : PRIVATE mail. Its another thing to encrypt mailing lists read by : hundreds of people. The former can be adjusted on a case by case basis : -- the latter cannot. : : Perry I don't think "adjust[ing] on a case by case basis" is necessary. I was suggesting just the opposite. It obviously isn't a security issue. I believe it is more of a first principles issue; "Thou shall encrypt thy communications, lest thou draw attention to thy self, and the right be removed by thine opponents." Oh well, since it was deleted in the first reply to my reply, let's try this again: Eric Hughes wrote: : If part of your communications are encrypted and part are not you have : sent the message about what information is sensitive and what is not. : This difference in encoding is a fir-class message in it's own right. : : Therefore _all_ communications should be encrypted at all time. It is : no argument against the principle that this is difficult to do at the : current time. Perhaps I am misunderstanding the above (I think not; "_all_" is fairly inclusive). I understand your argument about routine PRIVATE mail. However, key exchange alone involves considerably more hassle than what I am suggesting (and judging from the reply I got from Eric Hughes, I gather encrypting the list is hardly a new idea) which is this: there would be a tangible benefit from encrypting a list like cypherpunks with a well-known, even casual grade key. For God's sake, *especially* cypherpunks (you know, the name, power of example and all that) If the tools need to be built for some platform; well, "cypherpunks write code". Pipes _are_ available under DOS, you know. --Eric From pmetzger at lehman.com Wed Mar 2 08:03:57 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 08:03:57 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: <199403021550.IAA22518@pmip.dist.maricopa.edu> Message-ID: <9403021603.AA21658@andria.lehman.com> Eric Johnson says: > I don't think "adjust[ing] on a case by case basis" is necessary. > I was suggesting just the opposite. It obviously isn't a security > issue. I believe it is more of a first principles issue; "Thou > shall encrypt thy communications, lest thou draw attention to thy > self, and the right be removed by thine opponents." You miss the point, Eric. We are advocating that IN THE FUTURE all communications should be encrypted. However, FOR THE MOMENT this is often impractical. Cypherpunks write code in an effort to try to bring this future closer. However, making our lives impossible right now will delay that future. I encrypt things whenever possible. Some people I communicate with can't encrypt, so I adjust, on a case by case basis. Someday, hopefully within the next year or two, things will be different. Encrypting this list ever would be useless -- but fine if it would be easy to do. Since it isn't easy or useful, it is a bad idea. Perry From freeman at MasPar.COM Wed Mar 2 08:06:44 1994 From: freeman at MasPar.COM (Jay R. Freeman) Date: Wed, 2 Mar 94 08:06:44 PST Subject: Quantum mechanics banned Message-ID: <9403021606.AA25085@cleo.MasPar.Com> Tim May discusses ESP and quantum cryptography... > I learned all this watching "The X-Files." Well, *I* learned it by watching a crystal ball. -- Jay Freeman From hughes at ah.com Wed Mar 2 08:27:23 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 2 Mar 94 08:27:23 PST Subject: low-overhead encrypted telnet In-Reply-To: <199403021514.KAA03435@duke.bwh.harvard.edu> Message-ID: <9403021619.AA10508@ah.com> > I don't, but I would question the wisdom of putting lots of >effort into a telnet encryption scheme. I would think it would be >much more productive to build an encryption scheme at the network >level The reason that encrypted telnet is a good thing is that modification at the network level requires kernel modification, and encrypting a telnet does not. Installing an encrypted telnet daemon does require sysadmin cooperation, but it doesn't mean recompiling the kernel. As such, encrypted telnet is a good intermediate while the long term solution of encrypted IP gets developed and deployed. Eric From hughes at ah.com Wed Mar 2 08:30:14 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 2 Mar 94 08:30:14 PST Subject: Increasing the encrypted/unencrypted ratio (was Re: Insecurity of public key crypto #1 (reply to Mandl)) In-Reply-To: <199403021451.JAA28312@styracosaur.cis.ohio-state.edu> Message-ID: <9403021622.AA10519@ah.com> >The incentive for using the encrypted list, then? Simple -- > 1. Increasing ones personal encrypted-to-unencrypted ratio >and > 2. The old chestnut -- delay the unencrypted list 24 hours. I'll consider doing this after a whole bunch more stuff is developed, like checking for digital signatures on posts and delaying those without them. We're now running majordomo for the list, so if these features get added to the standard majordomo distribution, we could more easily deploy them. That's a hint, since I have higher priority things to work on. Eric From pmetzger at lehman.com Wed Mar 2 08:33:01 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 08:33:01 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403021619.AA10508@ah.com> Message-ID: <9403021632.AA21725@andria.lehman.com> Eric Hughes says: > The reason that encrypted telnet is a good thing is that modification > at the network level requires kernel modification, and encrypting a > telnet does not. Installing an encrypted telnet daemon does require > sysadmin cooperation, but it doesn't mean recompiling the kernel. Although running an encrypted IP stack does require sysadmin cooperation, it does not require a kernel rebuild -- John Ioannidis has built modloadable versions of most of the swIPe software. > As such, encrypted telnet is a good intermediate while the long term > solution of encrypted IP gets developed and deployed. Agreed -- sadly its arriving VERY slowly. 4.4BSD Lite comes with a standards-compliant encrypted telnet implementation, however. Perry From hughes at ah.com Wed Mar 2 08:37:22 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 2 Mar 94 08:37:22 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: <199403021550.IAA22518@pmip.dist.maricopa.edu> Message-ID: <9403021629.AA10563@ah.com> I wrote: >: Therefore _all_ communications should be encrypted at all time. It is >: no argument against the principle that this is difficult to do at the >: current time. >there would be a tangible benefit from encrypting >a list like cypherpunks with a well-known, even casual grade key. Yes, there would be a benefit for those who are working specifically on mailers, but for those, like me, of course, who aren't, it would be a royal pain in the ass. This is an argument against the practice of encrypting all traffic, not the principle. And this argument only holds in the present time; it won't hold in the future. As Perry points out, we aren't where we want to be. Yet. Eric From smb at research.att.com Wed Mar 2 08:46:23 1994 From: smb at research.att.com (smb at research.att.com) Date: Wed, 2 Mar 94 08:46:23 PST Subject: low-overhead encrypted telnet Message-ID: <9403021646.AA21038@toad.com> Eric Hughes says: > The reason that encrypted telnet is a good thing is that modificatio n > at the network level requires kernel modification, and encrypting a > telnet does not. Installing an encrypted telnet daemon does require > sysadmin cooperation, but it doesn't mean recompiling the kernel. Although running an encrypted IP stack does require sysadmin cooperation, it does not require a kernel rebuild -- John Ioannidis has built modloadable versions of most of the swIPe software. Assuming, of course, that you're running a system that has modload. (Ironically, CERT has recommended that you delete loadable device drivers from systems that don't need them, as a way to guard against password- sniffers.) > As such, encrypted telnet is a good intermediate while the long term > solution of encrypted IP gets developed and deployed. Agreed -- sadly its arriving VERY slowly. 4.4BSD Lite comes with a standards-compliant encrypted telnet implementation, however. What standards? There are no RFCs, nor any current drafts, that define a telnet encryption option. The last draft I saw was from 1991, and Internet drafts expire after 6 months. As I recall, the idea that was being pushed then was to integrate encryption more closely with authentication. From pmetzger at lehman.com Wed Mar 2 08:53:43 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 08:53:43 PST Subject: low-overhead encrypted telnet In-Reply-To: <199403021644.LAA09602@lehman.com> Message-ID: <9403021653.AA21794@andria.lehman.com> smb at research.att.com says: > Agreed -- sadly its arriving VERY slowly. 4.4BSD Lite comes with a > standards-compliant encrypted telnet implementation, however. > > What standards? There are no RFCs, nor any current drafts, that define > a telnet encryption option. The last draft I saw was from 1991, and > Internet drafts expire after 6 months. As I recall, the idea that was > being pushed then was to integrate encryption more closely with > authentication. There are much more recent drafts, Steve -- the telnet authentication option is now RFC1409, as of early last year, and the encryption draft is dated April 1993 -- see the nearest internet drafts mirror for a copy. Your recollection of the desire to merge authentication and encryption is correct -- to my knowledge, the new Cray telnet is an implementation of the currently circulated draft (which was also written at Cray). Perry From pmetzger at lehman.com Wed Mar 2 08:55:09 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 08:55:09 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403021646.AA21038@toad.com> Message-ID: <9403021654.AA21811@andria.lehman.com> smb at research.att.com says: > Although running an encrypted IP stack does require sysadmin > cooperation, it does not require a kernel rebuild -- John Ioannidis > has built modloadable versions of most of the swIPe software. > > Assuming, of course, that you're running a system that has modload. > (Ironically, CERT has recommended that you delete loadable device drivers > from systems that don't need them, as a way to guard against password- > sniffers.) A short sighted view. You can't stop line monitoring -- you should defend against it with encryption instead. In an environment like mine, there are literally thousands of potential line monitoring points that I cannot defend, but encryption gives me real security. Perry From cme at sw.stratus.com Wed Mar 2 09:01:11 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 2 Mar 94 09:01:11 PST Subject: PGP on the HP 100 Message-ID: <199403021700.MAA04776@galt.sw.stratus.com> >Has anyone tried putting ViaCrypt PGP on the HP-100? Is anyone but >me crazy enough to contemplate it? How abysmal is the performance? I may be crazier. I put it on a Mac (660) using SoftPC. It performs about like on a 286. However, that's plenty fast enough for my uses. - Carl From kermit at ics.forth.gr Wed Mar 2 09:02:04 1994 From: kermit at ics.forth.gr (Aggelos D. Keromitis) Date: Wed, 2 Mar 94 09:02:04 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403021619.AA10508@ah.com> Message-ID: <199403021702.AA24705@pythia.ics.forth.gr> In message <9403021619.AA10508 at ah.com>, Eric Hughes writes: >The reason that encrypted telnet is a good thing is that modification >at the network level requires kernel modification, and encrypting a >telnet does not. Installing an encrypted telnet daemon does require >sysadmin cooperation, but it doesn't mean recompiling the kernel. > >As such, encrypted telnet is a good intermediate while the long term >solution of encrypted IP gets developed and deployed. > Has anyone (other than me that is :) thought of changing just the library routines for setsockopt/getsockopt/send/recv ? It wouldnt be too hard (me thinks) to do it, but i dont know where to find the sockets library. -Aggelos ----------------------------------------------------------------------------- Aggelos Keromitis kermit at csd.uch.gr Heraclion, Greece kermit at ics.forth.gr Finger kermit at calliope.ics.forth.gr for public PGP key ----------------------------------------------------------------------------- From blancw at microsoft.com Wed Mar 2 09:10:30 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 2 Mar 94 09:10:30 PST Subject: Virtual Corporations Per Se Message-ID: <9403021711.AA05232@netmail2.microsoft.com> > I've been researching this and related topics (offshore > corporations, non-U.S. banks, mail drops, etc.) and I have many ideas > and questions I'd like to discuss. Is this an appropriate mailing > list or does a superior venue exist? Is there enough interest for a >Don't think so. We better get a new list. .............................................. *I'm* interested ....... not simply to avoid taxes, but to live as a Hitchhiker Citizen of the Galaxy. :>) If a new list is started, you can add my name. ~ Blanc From deeb at meceng.coe.neu.edu Wed Mar 2 09:18:29 1994 From: deeb at meceng.coe.neu.edu (Stephen Humble) Date: Wed, 2 Mar 94 09:18:29 PST Subject: clipper + enaction = illegal alternate encryption In-Reply-To: <199403020257.SAA26110@netcom9.netcom.com> Message-ID: <9403021716.AA15267@meceng.coe.neu.edu> rcain at netcom.com (Robert Cain) sez: > There really is a strong argument from their side that says if one > must use a form that is immune from a compromise like well escrowed > keys one is *way* more than likely to be discussing something most > of us would want LE or NS to know about. I know that argument is > anathema here but I am finding it more and more compelling. I think "anathema" may be the wrong word - I would suggest "incorrect". As the number of people who habitually use strong crypto grows, the nefarious conversations will be lost in the noise about last night's party and recipes for chocolate truffle cake. The likelihood that any particular conversation is of interest to LE/NS types must drop as well. This will be true unless the number of strongly-encrypted nefarious conversations grows at least as fast as the total number of strongly-encrypted conversations. Somehow I fail to believe that the supply of crooks is so large. From Rolf.Michelsen at delab.sintef.no Wed Mar 2 09:20:30 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Wed, 2 Mar 94 09:20:30 PST Subject: low-overhead encrypted telnet In-Reply-To: <199403021514.KAA03435@duke.bwh.harvard.edu> Message-ID: On Wed, 2 Mar 1994, Adam Shostack wrote: > I don't, but I would question the wisdom of putting lots of > effort into a telnet encryption scheme. I would think it would be > much more productive to build an encryption scheme at the network > level, say, as packets are being encapsulated, so that users can > specify that they want an encrypted session for telnet or ftp, or even > sendmail could encrypt automatically when sending to certain hosts. I agree with your observation. The Telnet protocol is however independent of any underlying network protocol. In our application the Telnet connection can be established over a lot of different types of networks. Implementing secure IP will not give us much since it does not cover the other possibilities for a Telnet connection. It is also a question of resources (read "time") -- we require a solution *now* (and preferable yesterday :-) No flame, just an observation that what seems to be a better solution is not always suitable... -- Rolf ---------------------------------------------------------------------- Rolf Michelsen Phone: +47 73 59 87 33 SINTEF DELAB Email: rolf.michelsen at delab.sintef.no 7034 Trondheim Office: C339 Norway ---------------------------------------------------------------------- From cme at sw.stratus.com Wed Mar 2 09:42:03 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 2 Mar 94 09:42:03 PST Subject: Bob Cain's mind switch Message-ID: <199403021741.MAA04800@galt.sw.stratus.com> Bob wrote: >The real issue is that this is an *enabling* technology that allows any >group of people distributed over the world to meet spontaneously in >secret to plan anything. I don't think we can even conceive, nor have >they yet, the ways the real Bad Guys (I hope we can agree that some >do exist) might find to use this new ability. A very clear danger is >sensed in Washington with little real benefit to the civilized and >civil majority. There's no question that this is a possibility. It exists. However, Clipper won't make it go away. There's no Daddy to run home to. In fact, this has always been a possibility, unless you believe that all hotel rooms, bus stations, city parks, farmer's fields, men's rooms, women's rooms, ..., are bugged and will continue to be (so that clandestine meetings can be overheard). Now, the next step for the NSA and FBI is to get on the stick and discover ways to counter this threat. Now that PCs permit criminal organizations to create their own strong crypto and worldwide communication allows them to telecommute cheaply, interaction among criminals for planning purposes will be enhanced just as interaction among businesspeople and computer designers is. The world is changing -- as usual -- and LE needs to keep up -- as usual. --------- That isn't hopeless. However, it requires thinking in new ways and I don't expect bureaucrats to be able to do that. Perhaps technical people need to be given a free hand. :-| Maybe the result is that there is no security. For example, we should not expect to achieve more protection from plans laid during electronic meetings than we would achieve from plans laid during physical meetings. ..and, no, I don't believe there should be a law prohibiting private physical meetings. There will *always* be some insecurity. There is always a nut with a gun out there. There are also car accidents. I am not totally safe and would not want to live in a world in which the police are powerful enough to make it that safe. ---------- What I kept suggesting to Dorothy Denning, as this flap was building, was that: 1. the gov't should immediately drop the Clipper proposal because it's alienating people who need to be on the gov't's side; 2. the gov't should actively promote encryption of cellular calls with an untappable algorithm, for the over the air link (with conversion back to clear voice once it hits the cellular office) -- providing the public with trustworthy security, addressing the public's biggest security threat and therefore reducing the market demand for encryption which interferes with wiretaps; and 3. the LE and intelligence community should recognize that the world has changed beyond the point of no return, thanks to the PC and to communications technology, and there is no way to prevent criminals from using totally secure cryptography to aid in their plans. Criminals have always had access to strong cryptography for their communications (cf., Kahn talking about the rum runners, for example (Elizabeth Friedman's efforts as a cryptanalyst)) and the world hasn't fallen apart yet. However, the PC and high speed digital communications mark a slight change in the landscape and these changes need to fuel some good, creative, technical work -- not a bureaucratic running-scared retreat to an impotent "there oughtta be a law". I don't know if it's too late, thanks to the FBI and NSA serious alienation of people (like us) who matter. It might be. Once they declared war on us, it's unlikely to expect us to suddenly look at them as good guys. However, if they followed my 3 step plan right now, they'd have a chance still -- at least, I believe they would. - Carl From mccoy at ccwf.cc.utexas.edu Wed Mar 2 09:46:04 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 2 Mar 94 09:46:04 PST Subject: low-overhead encrypted telnet In-Reply-To: <9403021646.AA21038@toad.com> Message-ID: <199403021745.AA00455@tramp.cc.utexas.edu> smb at research.att.com writes: > > Agreed -- sadly its arriving VERY slowly. 4.4BSD Lite comes with a > standards-compliant encrypted telnet implementation, however. > > What standards? There are no RFCs, nor any current drafts, that define > a telnet encryption option. The last draft I saw was from 1991, and > Internet drafts expire after 6 months. As I recall, the idea that was > being pushed then was to integrate encryption more closely with > authentication. There is currently a chunk of code in the standard 4.3/4 telnet ref implementation that does encryption (DES in OFB, CFB, and ECB modes) It is a part of the AUTH-ENCRYPT module that is part of the telnet option specifications. There is work being done by the AUTH-ENCRYPT working group to try to get authorization tied more closely to the encryption options (last I heard they were slowing down and had hit a problem exchanging IVs for the encryption.) This work is using authorization methods (Kerberos, SPC, RSA) to drop in the key for the encryption. There is work being done by the IPSEC working group to add encryption to the IP layer of the protocol stack (telnet et al work at higher levels) but I have not read anything recent from this group in a while and last I checked they were still hashing out design details so I would not expect anything on this front for a while. There are a couple of people in Austin who have a version of the telnet ref implementation that will do a D-H exchange of 688 bits which can then be used by the ENCRYPT option and are trying to figure out which direction the AUTH-ENCRYPT people are going so that they can make the DHX option fit in seamlessly with the AUTH-ENC stuff (the DHX exchange tries to be first and start up an encrypted stream and if the AUTH-ENC option is invoked after the DHX exchange we want to switch to the new key without disruption.) Unfortunately 1994 has been a busy year, but hopefully there will be an alpha or beta for CPs to test next week... jim From russw at netcom.com Wed Mar 2 09:47:14 1994 From: russw at netcom.com (Russell Earl Whitaker) Date: Wed, 2 Mar 94 09:47:14 PST Subject: ALERT: UK anti-porn network proposal Message-ID: <199403021747.JAA20523@mail.netcom.com> The author of the following notice is in a sensitive vocational position, and has asked me to post the following... ###BEGIN### A Home Office press release issued on 15 Feb 94 announces the intention of the Home Secretary to crack down on computer-distributed pornography. Accordingly, last week the government introduced an amendment to the Criminal Justice and Public Order Bill which is pending before Parliament. The new clause in the Bill would amend the definition of *publication* in the Obscene Publications Act 1959. It is currently considered *publication* of a pornograph image if one *record, shows, plays, or projects it.* The proposed amendment would change this to read: ... record, shows, plays, or projects it, or, where the matter is stored electronically, transmits that data. The problem, of course, is that there is no definition of what it means *to transmit* pornographic data. There is no distinction drawn between primary and secondary transmission. This could mean that bulletin board sysops, commercial sites with Usenet feeds, and even BT, could ALL be engaged in the *transmission* of pornographic data. If this is correct, then people in the position of innocent intermediary would have to rely upon a defense of *innocent dissemination*, much like that found in UK defamation law. Essentially, if the police could show that pornographic images had passed over one's computer equipment, then one would have to prove that he *had not examined the [pornographic] article and had no reasonable cause to suspect* that its publication was illegal. Aside from being in the uncomfortable position of having to prove one's ignorance, the *reasonable cause* language may imply a duty to inspect certain data in a vain attempt to see if it contains pornographic images. This especially could be true where one provides a data feed to a known past-pornographer. It is not entirely clear why the Home Office thinks that this amendment is necessary. If the intention is to catch commercial pornographers, it would appear that *record* should include recording to CD-ROM or into RAM. Likewise, *play* should catch purchasers. The justification might be that proof of recording and playing is much more difficult than proof of transmission. CAVEAT: This discussion does not include radio and television broadcasts. There is a seperate section of the Act which specifically addresses this area. It is not clear whether or not the proposed *transmits* language would have any effect upon that section, but presumably it could. It is difficult to believe that large players like BT, Mercury, CompuServe, etc, will let this pass without a fight. It could also be, however, that they are unaware of the possible ramifications of the proposed amendment. ###END### [I will forward responses to this message. - Russell] Russell Earl Whitaker russw at netcom.com Director, Extropy Institute 408-366-5435 ================================================================ From koontzd at lrcs.loral.com Wed Mar 2 09:49:26 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 2 Mar 94 09:49:26 PST Subject: Clipper/Skipjack Message-ID: <9403021748.AA06716@io.lrcs.loral.com> >just a quick note to tell you all that I just read an editorial in >info security by John Droge. >Anyway, I was wondering why any sane, 1/10 intelligent person would be >defending the Clipper chip...then I read his bio...he is a VP at >Mykotronx. He is also the marketing manager for CLIPPER/CAPSTONE From wex at media.mit.edu Wed Mar 2 09:54:39 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Wed, 2 Mar 94 09:54:39 PST Subject: Dorothy Denning In-Reply-To: <199403020410.UAA07525@netcom9.netcom.com> Message-ID: <9403021753.AA28687@media.mit.edu> Wow, Bob, what a vision. You (and Dr Denning and certainly the gov't) seem to be afraid that: > any group of people distributed over the world [can] meet spontaneously in > secret to plan anything. Freedom of association was so revered by the founders of this country that they put it in the very first amendment to the Constitution. If I am not free to meet with my friends, associates or others, then what freedom do I have? Yes, I'm a First Amendment purist. I'm sorry, but visions of nameless, faceless "Bad Guys" with nameless, faceless nefarious plans just don't move me. I understand that the pro-Clipper people feel a real danger and are trying to block against it. But there are real nameable, quantifiable dangers all around me and if I want protection I'll ask for it. Till then... First they stole the fourth amendment. I said nothing because I don't deal drugs. Then they took the sixth amendment. I was silent because I know I'm not guilty. When they came for the second amendment, I kept quiet because I don't own a gun. Now they've come for the first amendment, and I can't say anything at all. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 na53607 at anon.penet.fi We are Chaos Boys. We are coming to a paradigm near you. From mccoy at ccwf.cc.utexas.edu Wed Mar 2 09:55:45 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 2 Mar 94 09:55:45 PST Subject: low-overhead encrypted telnet In-Reply-To: <199403021514.KAA03435@duke.bwh.harvard.edu> Message-ID: <199403021755.AA00466@tramp.cc.utexas.edu> Adam Shostack writes: > > A general framework, based on public key encryption would be a > far more flexible, powerful and useful tool for generating security on > the net than simply securing TELNET. I sincerely doubt that such a system would be designed or implemented before the turn of the century. All one needs to do is take a look at the PEM key certification authority clusterfuck to see just how difficult it can be to implment something like this. The additional benefits that adding encryption to telnet offer is that the telnet protocol is used in more areas than telnet. Many programs and protocols use the telnet system for control channels and other bits so that a significant change to telnet can have ramifications beyond just the obvious ones... jim From wex at media.mit.edu Wed Mar 2 10:05:50 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Wed, 2 Mar 94 10:05:50 PST Subject: 'Nother possible Stego place... Message-ID: <9403021805.AA03150@media.mit.edu> It's a bit of a hack, but don't most char implementations in C just ignore the high-order bit? --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 na53607 at anon.penet.fi We are Chaos Boys. We are coming to a paradigm near you. From ejohnson at pmip.dist.maricopa.edu Wed Mar 2 10:28:26 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Wed, 2 Mar 94 10:28:26 PST Subject: encrypting the list (Was Re: Insecurity of public key) Message-ID: <199403021828.LAA22914@pmip.dist.maricopa.edu> : Eric Johnson says: : > I don't think "adjust[ing] on a case by case basis" is necessary. : > I was suggesting just the opposite. It obviously isn't a security : > issue. I believe it is more of a first principles issue; "Thou : > shall encrypt thy communications, lest thou draw attention to thy : > self, and the right be removed by thine opponents." : : You miss the point, Eric. We are advocating that IN THE FUTURE all : communications should be encrypted. However, FOR THE MOMENT this is : often impractical. Cypherpunks write code in an effort to try to bring : this future closer. However, making our lives impossible right now : will delay that future. This is hyperbole. It would not make our lives impossible. And far from delaying the future, as it relates to communications on the list, I would argue that it would reduce the signal-to-noise ratio immensely, thereby hastening the deployment of tools. So I don't think I'm missing the point simply by disagreeing with you. : I encrypt things whenever possible. Some people I communicate with : can't encrypt, so I adjust, on a case by case basis. Someday, : hopefully within the next year or two, things will be different. : : Encrypting this list ever would be useless -- but fine if it would : be easy to do. Since it isn't easy or useful, it is a bad idea. It's usefulness depends both upon whether you think increasing the ratio of cryptext vs. cleartext to your system is useful, and whether easy is defined by the least capable systems on the list. Don't worry. I'll drop it here. : : Perry BTW, you don't have to shout. I can read upper-lower case text without difficulty. --Eric From tcmay at netcom.com Wed Mar 2 10:38:38 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 2 Mar 94 10:38:38 PST Subject: Laziness? In-Reply-To: <199403021451.JAA28312@styracosaur.cis.ohio-state.edu> Message-ID: <199403021838.KAA19172@mail.netcom.com> (I've changed the subject line to something much shorter than the 2 lines+ of the previous subject line. And hopefully more germane to my point.) Nathan Loofbourrow writes: > Ah - so provide an unencrypted list for the software-challenged and > the merely lazy. > > The incentive for using the encrypted list, then? Simple -- > 1. Increasing ones personal encrypted-to-unencrypted ratio > and > 2. The old chestnut -- delay the unencrypted list 24 hours. ... > I believe it's traditional to reply "Indeed." Indeed---NOT! I don't consider myself especially "lazy" when it comes to this list, nor do I consider myself "software-challenged." I connect to the Net from my home Mac IIci or PowerBook 170 over a 14.4 modem line to Netcom, an Internet service provider many of you are familiar with. Once on Netcome, I have access to a wide range of standard UNIX tools. However, I do NOT run PGP on these machines! Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or even "MailSafe" in rare circumstances) on my *home* machine, after first downloading the mail with "Eudora 2.0," a nice off-line mail reader. It still takes several steps, as most of you can imagine. I don't plan to start using PGP on insecure machines, even with a shortened "UNIX-grade" key. Especially not for a mailing list, where encryption is pointless (except to increase encrypted traffic a bit). Downloading and then decrypting 100 or more messages a day is not a viable option, and such a move would cause me to unsubscribe from the list rather quickly. (To clarify this: I read the list with "elm," when I am on Netcom doing other things as well, like reading NetNews, and am thus able to delete about half of all messages before eventually--every few days, typically--dowloading the whole batch. Encrypted traffic would make this screening and immediate response much more difficult.) If Nathan is running PGP on a multi-user system, such as campus machines at Ohio State, he is likely deluding himself about actual security. Others at the site may already have his private key and passphrase captured. If he is running PGP on his own private machine, with good Net connectivity, congratulations. Most of us--I think it's safe to say--don't have these options. Many are reading from university accounts, from commercial services like CompuServe, and even from multiple services (depending on location). Not running PGP on each and every message doesn't mean we're lazy--it means we've got better things to do with our time. As for Nathan Loofbourrow's charge that this must mean I am lazy and/or software-challenged, I suggest he try writing more posts for this list and/or writing code. Sorry to sound harsh, but calling us lazy and software-challenged is not addressing the real issues. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From deeb at meceng.coe.neu.edu Wed Mar 2 11:15:09 1994 From: deeb at meceng.coe.neu.edu (Stephen Humble) Date: Wed, 2 Mar 94 11:15:09 PST Subject: 'Nother possible Stego place... In-Reply-To: <9403021805.AA03150@media.mit.edu> Message-ID: <9403021910.AB17243@meceng.coe.neu.edu> "Alan (Miburi-san) Wexelblat" sez: > It's a bit of a hack, but don't most char implementations in C just > ignore the high-order bit? No. A char in C is signed or unsigned according to the whim of the compiler designer, but all bits are significant. Some UN*X editors have a nasty habit of nuking the high bit. Vi frequently does, GNU emacs doesn't. Stephen From pmetzger at lehman.com Wed Mar 2 11:23:08 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 11:23:08 PST Subject: encrypting the list (Was Re: Insecurity of public key) In-Reply-To: <199403021828.LAA22914@pmip.dist.maricopa.edu> Message-ID: <9403021922.AA22150@andria.lehman.com> Eric Johnson says: > : You miss the point, Eric. We are advocating that IN THE FUTURE all > : communications should be encrypted. However, FOR THE MOMENT this is > : often impractical. Cypherpunks write code in an effort to try to bring > : this future closer. However, making our lives impossible right now > : will delay that future. > > This is hyperbole. It would not make our lives impossible. Speak for yourself. I process five hundred or more messages a day. Anything that would add even moments to the time it takes me to reply to a message would eliminate whats left of the time I spend with my friends and S.O. Maybe you have lots of time on your hands, but the rest of us have real lives and don't want to spend them trying to set up a cryptography system for each of our correspondants. In a year or so, maybe this will all likely be practical -- but it isn't now. You are more or less like someone in 1976 advocating that everyone quit typing and start using only word processors, when the computers weren't yet cheap enough. Have some patience. Perry From rre-request at weber.ucsd.edu Wed Mar 2 12:04:27 1994 From: rre-request at weber.ucsd.edu (rre-request at weber.ucsd.edu) Date: Wed, 2 Mar 1994 12:04:27 -0800 Subject: archive send: prescription In-Reply-To: <199403022004.PAA22755@eff.org> References: <199403022004.PAA22755@eff.org> Message-ID: <199403022004.MAA04685@weber.ucsd.edu> File: prescription BEGIN---------------cut here------------------ Date: Fri, 18 Feb 94 15:33:43 +0000 From: G.Joly at cs.ucl.ac.uk (Gordon Joly) Subject: MICE Seminar for February 22 at 14:00 GMT. Newsgroups: dec.mail.lists.rem-conf You are invited to the next MICE International Seminar which will take place next week. Please limit traffic for two hours from 14:00 GMT on Tuesday, February 22. This seminar will be transmitted on the usual multicast addresses (please see the sd entry), and will be advertised in sd from Tuesday morning. Further information of this and future seminars is kept in the URL http://www.cs.ucl.ac.uk/mice/seminars.html Bruno Struif (GMD) speaking from Darmstadt, Germany will give a presentation on: "The Privacy Enhanced Electronic Prescription". Abstract -------- In Germany, more than 500 millions prescriptions are issued per year. Normally, the patient receives the prescription in the doctor's practice and takes it to a pharmacy where he gets his medicaments. From the pharmacy, the prescription is physically transported to a pharmacy computer center where it will be processed in different ways. Finally the patient health insurance gets this prescription with listings containing the result of the processing in the pharmacy computer center. Since the prescription is a paper document, the processing is difficult, time-consuming and cost-intensive. The introduction of the health insurance card in Germany will improve the technological environment in the doctor's practices.The prescriptions will be produced in the future by using the health insurance card, a personal computer and a printer. The model presented shows that the electronic presentation of the prescription produced in the doctor's PC can be maintained so that the difficult and expensive way of processing paper prescriptions in the pharmacy, the pharmacy's computer center and finally by the health insurance can be avoided. The solution described and already implemented at GMD is - to sign the electronic prescription by the doctor with its physician smartcard capable to compute digital signatures - to write the electronic prescription in the patient's smartcard - to prove the authorization of a pharmacist for the access to the patient's smartcard by using a pharmacist smartcard - to electronically transmit the electronic prescription together with pharmacy information (name of the pharmacy, prescription cost etc) to the pharmacy computer center or the health insurance computing center where it can be automatically processed. The patient gets therefore two representation forms of the prescription, the electronic form and the paper form. The paper form is still necessary in the relationship doctor/patient/pharmacist, since - the patient has a right to look on the issued prescription, - in case of malfunction of the patient's smartcard in the pharmacy the delivery of the medicaments has still to be possible and - the assembly of the medicaments is easier with a paper form in the hand. In the new release of the electronic prescription model a step in the direction of data privacy has been made. The personal data of the patient and the doctor are replaced by digital pseudonyms in a way that the pharmacy computing center and the health insurance can verify only certain characteristics, e.g. that the prescription has been issued by a registered doctor and that the related patient is a member of the respective health insurance. In special cases, a re-identification of the doctor or the patient is possible by using re-identification smartcards. Gordon Joly Phone +44 71 380 7934 FAX +44 71 387 1397 Email: G.Joly at cs.ucl.ac.uk UUCP: ...!{uunet,uknet}!ucl-cs!G.Joly Comp Sci, University College, London, Gower Street, LONDON WC1E 6BT WWW WWW WWW http://www.cs.ucl.ac.uk/mice/gjoly.html WWW WWW WWW END-----------------cut here------------------ -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From area51 at aol.com Wed Mar 2 12:48:21 1994 From: area51 at aol.com (area51 at aol.com) Date: Wed, 2 Mar 94 12:48:21 PST Subject: Defenders of Clipper Message-ID: <9403021547.tn186608@aol.com> Hi everyone, I've been watching this list for a few weeks now, and I really don't see any real basis for defending Clipper. It seems the essential arugment of Denning and others is, "Well, we can't tell you what we're afraid of, but trust us, we should be afraid". Can they not tell us because they don't know? Or is it some sort of "secret" they fear? Obviously, widespread secure communications would make life much easier for criminals. Yes, terrorists will be able to make their secret plans using cryptography. But, I would hasten to point out that the Trade Center bombers managed to pull their attack off with NO encrypted conversations that I've heard about. And yes, next time it might be a nuclear bomb. There, is that the unnamed terror? Or is it that the intelligence community is learning all the neat-o toys they bought for SIGINT are rapidly becoming worthless, and in reality there's absolutely nothing they can do about it. They'll have to strengthen their long neglected human intel-gathering side, much as some members of their own community have been arguing for years. The real reason Denning, the NSA, et al are arguing for Clipper is that they realize their professions are becoming obsolete. Welcome to the ranks of the techo-unemployed. Just as nuclear proliferation marches on slowly but surely, so will high-tech crypto. Information wants to be free, as they say, and the implication here is you just can't stop it. Does the government really think they can stop everyone in the world who wishes this nation harm from using crypto? I think not....So they better get on the ball really defending us... Sorry for rambling on.... Rod Ramsey Area51 at aol.com From pfarrell at netcom.com Wed Mar 2 12:51:10 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 2 Mar 94 12:51:10 PST Subject: PEM, was Re: low-overhead encrypted telnet Message-ID: <57220.pfarrell@netcom.com> In message Wed, 2 Mar 1994 11:55:32 -0600 (CST), Jim McCoy writes: > I sincerely doubt that such a system would be designed or implemented > before the turn of the century. All one needs to do is take a look at the > PEM key certification authority clusterfuck to see just how difficult it > can be to implment something like this. I have to admit that PEM's RSN availability against PGP 2.X's 20+ months of worldwide availability has made me not keep up with PEM and the latest hierarchical, government controlled certification process... But is there an intrinsic problem with a PGP-style web of trust for remote telnet/rlogin applications. I really don't expect to login to arbitrary nodes on the net, but is that required? or simply a robust way (SecureID in software?) Maybe PCMCIA cards with PGP once desktop systems have them. If i'm cluelessly missing something essential, please email me the news. Thanks Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via firger #include From pfarrell at netcom.com Wed Mar 2 12:51:24 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 2 Mar 94 12:51:24 PST Subject: Laziness? Message-ID: <57234.pfarrell@netcom.com> In message Wed, 2 Mar 1994 10:38:55 -0800 (PST), tcmay at netcom.com (Timothy C. May) writes: > I connect to the Net from my home Mac IIci or PowerBook 170 over a > 14.4 modem line to Netcom, an Internet service provider many of you > are familiar with. Once on Netcome, I have access to a wide range of > standard UNIX tools. However, I do NOT run PGP on these machines! > > Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or > even "MailSafe" in rare circumstances) on my *home* machine, after first > downloading the mail with "Eudora 2.0," a nice off-line mail reader. > It still takes several steps, as most of you can imagine. I use a similar system to Tim's, except that I use NUpop on a "PC" to download 150+ messages a day from cypherpunks and a bunch of other lists. We have to move the tools to the user's controlled, secure environment. For some that may be Unix, but for close to 98% of the 'net community, a controlled computer is a Mac or PC. At GMU, a few supported grad students have personal Suns or other workstations, maybe 50 students out of 22,000. But nearly all of the students in the techy schools have at least a PC or mac that is under their personal control. Multi-user Unix solutions don't cut it. More importantly, if all 700+ of us on this list used encrpytion for _every message every day_ it would be only an insignificant portion of the net volume. We have to get encryption out to the masses. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From pfarrell at netcom.com Wed Mar 2 12:51:34 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 2 Mar 94 12:51:34 PST Subject: Windows Programming help wanted. Message-ID: <57247.pfarrell@netcom.com> This is a repeat of a request that I made last fall. I got no real response then. Perhaps as the list has grown, someone will respond.... I am looking for help on a Microsoft Windows development project. I have most of a Windows Client SMTP mail client program written, but I can't devine how to make the Windows Communications API work with any marginal success. I need help from someone who has written Windows communications software. The program is functionally equivalent to NUpop or Eudora. It is designed to work over dialup asynchronous lines without TCP/IP. Not that I dislike all the nice functionality tht TCP/IP provides, but because some netowrk providers (such as George Mason University) refuse to support SLIP/PPP for political reasons, and because other providers (Netcom for one) charge orders of magnitude more for SLIP/PPP than for async support. The resulting product will be user firendly, a native Windows program with the usual buttons, icons, context sensitive help, etc. It will have PGP, and maybe RIPEM, support built in. Automagically. I plan to release the code to the net, and will give full credit in the About Box, documentation, etc. for any help. Please respond via email. Cypherpunks write code. Thanks Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From jpp at markv.com Wed Mar 2 13:08:27 1994 From: jpp at markv.com (jpp at markv.com) Date: Wed, 2 Mar 94 13:08:27 PST Subject: low-overhead encrypted telnet In-Reply-To: Message-ID: <9403021307.aa10907@hermix.markv.com> The IP security program I have been working on (slowly) is a packet redirector and cryptdec. You ask it to encrypt packets comming in on one socket, and pass them out to another socket (also to decrypt those comming in on the second socket and pass them out the first socket). Thus you can run one of these on the X server, and one on the X client, and all the X trafic becomes encrypted over the net. You can telnet to the local redirector, to the forign redirector, and then to the standard telnet port. Or FTP, or whatever. I am still learning about net software, and this vision may not be easly implemented, or sockets may be the wrong level of interface to the net, I dunno. But I do know that my unix (SCO) and my X server (WINDOWS) both support this stratagy. j' From loofbour at cis.ohio-state.edu Wed Mar 2 13:29:40 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Wed, 2 Mar 94 13:29:40 PST Subject: Laziness? In-Reply-To: <199403021838.KAA19172@mail.netcom.com> Message-ID: <199403022129.QAA28485@styracosaur.cis.ohio-state.edu> Timothy C. May writes: > As for Nathan Loofbourrow's charge that this must mean I am lazy > and/or software-challenged, I suggest he try writing more posts for > this list and/or writing code. I'll address the last first: I meant to imply neither. I don't think encrypting traffic from cypherpunks tomorrow would have the desired effect. However, I'll gladly work towards the day when such a change can be transparent to its readers. > I connect to the Net from my home Mac IIci or PowerBook 170 over a > 14.4 modem line to Netcom, an Internet service provider many of you > are familiar with. Once on Netcome, I have access to a wide range of > standard UNIX tools. However, I do NOT run PGP on these machines! > Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or > even "MailSafe" in rare circumstances) on my *home* machine, after first > downloading the mail with "Eudora 2.0," a nice off-line mail reader. > It still takes several steps, as most of you can imagine. > I don't plan to start using PGP on insecure machines, even with a > shortened "UNIX-grade" key. Especially not for a mailing list, where > encryption is pointless (except to increase encrypted traffic a > bit). I would like to see greater independence from the list. With the help of anonymous mailing and forwarding services, and with the use of a secure machine, I may be able to read and respond to the list without ever betraying my participation. Why announce to the world that I read cypherpunks if I don't have to? > Downloading and then decrypting 100 or more messages a day is not a > viable option, and such a move would cause me to unsubscribe from the > list rather quickly. (To clarify this: I read the list with "elm," > when I am on Netcom doing other things as well, like reading NetNews, > and am thus able to delete about half of all messages before > eventually--every few days, typically--dowloading the whole batch. > Encrypted traffic would make this screening and immediate response > much more difficult.) Your particular connectivity and the ease of reading mail on-line seem to have conspired to make decryption (as well as offline reading and archiving!) quite onerous. If you lack a secure, connected machine at the office, and have no IP (or UUCP!) service at home, I think you're at a strong disadvantage towards reading any encrypted traffic at all. Is there no means for you to automate offline mail reading? The user with a 300 baud modem and a VT100 terminal at home should not expect to be practicing secure encryption. Any better-equipped user has the hardware needed to encrypt and decrypt securely -- they just haven't written the software. > If Nathan is running PGP on a multi-user system, such as campus > machines at Ohio State, he is likely deluding himself about actual > security. Others at the site may already have his private key and > passphrase captured. If he is running PGP on his own private machine, > with good Net connectivity, congratulations. Most of us--I think it's > safe to say--don't have these options. Many are reading from > university accounts, from commercial services like CompuServe, and > even from multiple services (depending on location). Not running PGP > on each and every message doesn't mean we're lazy--it means we've got > better things to do with our time. Point taken; but if you receive unencrypted mail on a multi-user system, you're likely deluding yourself about its security as well. I am motivated to provide the list to anyone that wants it without advertising your subscription (and its traffic) to your service provider. Anonymous posting, meet anonymous subscribers. I can think of several reasons why cypherpunks would not be the only list for which encrypted traffic might be desired. > Sorry to sound harsh, but calling us lazy and software-challenged is > not addressing the real issues. "Indeed." I hadn't intended this to be taken as name calling. Really. nathan From ao27+ at andrew.cmu.edu Wed Mar 2 13:35:16 1994 From: ao27+ at andrew.cmu.edu (Anthony D Ortenzi) Date: Wed, 2 Mar 94 13:35:16 PST Subject: Increasing the encrypted/unencrypted ratio (was Re: Insecurity of public key crypto #1 (reply to Mandl)) In-Reply-To: <9403021622.AA10519@ah.com> Message-ID: Excerpts from internet.cypherpunks: 2-Mar-94 Increasing the encrypted/un.. by Eric Hughes at ah.com > >The incentive for using the encrypted list, then? Simple -- > > 1. Increasing ones personal encrypted-to-unencrypted ratio > >and > > 2. The old chestnut -- delay the unencrypted list 24 hours. > > I'll consider doing this after a whole bunch more stuff is developed, > like checking for digital signatures on posts and delaying those > without them. > > We're now running majordomo for the list, so if these features get > added to the standard majordomo distribution, we could more easily > deploy them. That's a hint, since I have higher priority things to > work on. Well, I know that this might be a bit of a "crazy" idea, but would the best way to distribute an encrypted mailing list be to have a PGP setup where there is a public key to the mailing list, and all recipients are given copies of the secret key? I know that it might be a bit stupid from the security side, but if each person was using PGP, the secret key would be PGP encrypted and sent with that person's public key, ensuring that only subscribers would get it, and then using that secret key to decrypt the messages as they are recieved? Just wonderin'.... Anthony From wcs at anchor.ho.att.com Wed Mar 2 13:41:49 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 2 Mar 94 13:41:49 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) Message-ID: <9403022140.AA22586@anchor.ho.att.com> A while back, when people were starting to talk about encrypting the list, someone like Eric Hughes pointed out that, if you *want* to run an encrypted, or batch-digested, or whatever, version of cypherpunks, you were free to do so - just set up your system and have it forward cypherpunks to your subscribers. Somebody could still do it now (not me! :-), preferably outside the US where the problems of RSA/PKP patents don't apply. The flip side of the problem is building an automagic decryptor for mail sent *to* cypherpunks, though you could accomplish part of that by using the extropia anonymous remailer which accepts encrypted mail. On the other hand, doing either of these functions on toad.com today risks subjecting John and friends to harassment from RSA (unless toad.com happens to be a Sun 486i or really hot box with SoftPC that can emulate Intel code fast enough to run ViaCrypt.) Bill From ao27+ at andrew.cmu.edu Wed Mar 2 13:42:40 1994 From: ao27+ at andrew.cmu.edu (Anthony D Ortenzi) Date: Wed, 2 Mar 94 13:42:40 PST Subject: Dorothy Denning In-Reply-To: <9403012335.AA01986@toad.com> Message-ID: Excerpts from internet.cypherpunks: 1-Mar-94 Re: Dorothy Denning by Black Unicorn at access.dig > -> > Also, I've gotten a message through to Ross Perot about our fight > against Clipper, and how to reach me, so if I get a response, I'll let > you guys know. > > Anthony > <- > > Oh god, that is all the cause needs. > I can see it now: > > "Transistor brain Ross Perot opposes it! It must be evil!" Chill... I thought that our prime objective was to defeat Clipper... even if you don't like Ross, he does have some pull with the people of this country, and that's what we need... we need the *PEOPLE* to fight Clipper. We need the fight not to just be "a group of civil libertarians", but the general populous. Maybe Ross isn't the answer, but at least I've taken a real step to try to oppose Clipper. What the hell have you done, Black Unicorn? Anthony From talon57 at well.sf.ca.us Wed Mar 2 14:24:48 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 2 Mar 94 14:24:48 PST Subject: Denning Message-ID: <199403022224.OAA12373@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I agree with those who oppose unwarranted attacks on Dr Dennings character. She is by all accounts an intelligent, well-mannered person and deserves to be treated as such. I completely disagree with her about clipper however. I have watched with growing horror as our government over the last 15 years has slowly turned into a near fascist state. Black clad commandos storming a religious group's compound deliberately inciting an armed confrontation, then harrassing for more then a month, then initiating an attack that left most members including the children dead. People who had not been convicted of anything. We are told if we only knew, we would support clipper, I think not. Hide behind your secret information if you chose, we have a general idea of what you fear anyway. We are less worried about nuclear/chemical/biological/informational terrorists then we are of what our government could become with such fascist tools. After all, there are terrorist acts now, when you can listen. Its about privacy...... Its about adults making their own decisions, not some paternalistic government, no matter how well meaning, doing it for us. We will build the tools we need, we will bypass attempts to stop us, we will advance till our communication ressembles noise. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLXUQbdCcBnAsu2t1AQG9OgQApYhHWjg47wShhzMfQL2LedmAv5j52Ijb H7V+0EO3V4VFsJ2qgtEvOZNHDs2XBCcIthxbpfALOn+V+PY/0eayff5gHBfirKpX AyXRSdGabqA7uVu0PgSSH31fG4OLL4j91crI/9HrVccztfOMGv2dcZGdpyNLBGRi OEW8ZBGieCg= =I02i -----END PGP SIGNATURE----- From lefty at apple.com Wed Mar 2 14:38:13 1994 From: lefty at apple.com (Lefty) Date: Wed, 2 Mar 94 14:38:13 PST Subject: Dorothy Denning Message-ID: <9403022236.AA01224@internal.apple.com> >Chill... I thought that our prime objective was to defeat Clipper... >even if you don't like Ross, he does have some pull with the people of >this country, and that's what we need... we need the *PEOPLE* to fight >Clipper. Mark Twain once said that the only people entitled to use the word "we" when referring to themselves were kings, editors and people with tapeworms. I assume that you're speaking on behalf of your intestinal parasites. Ross Perot is a reactionary head-case. He is the _last_ person I would think to bring into the Clipper debate, right after Bob Packwood and Jesse Helms. >We need the fight not to just be "a group of civil libertarians", but >the general populous. Maybe Ross isn't the answer, but at least I've >taken a real step to try to oppose Clipper. What the hell have you >done, Black Unicorn? Well, for starts, he's posted things that demonstrate possession of a nervous system a few levels above a notochord. What on earth would lead you to believe that you have any claim whatsoever to doing something significant to oppose Clipper in relation to others on this list? You sent a bloody piece of email, and to very much the wrong person: BFD. Don't hold your breath waiting for either a medal or a parade. Your ravings regarding Dorothy Denning pretty much set the tone for all of your contributions since then: juvenile, poorly thought out, and ineptly executed. Goodbye, Mr. Ortenzi. Down the oubliette with you. *plonk* -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From kinney at bogart.Colorado.EDU Wed Mar 2 14:46:42 1994 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 2 Mar 94 14:46:42 PST Subject: Clipper (Re: Dorothy Denning) Message-ID: <9403022246.AA03841@bogart.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- I write: > I think this is very perceptive. Clipper is perhaps the best > they could _think_ of given an outmoded set of axioms. Bill Stewart writes: >I disagree. My opinion is that the axioms involved are >1) We're in power, and want to stay there. >2) Some kinds of technology greatly enhance our power if we control them. >3) Crypto Technology is a major threat to our power unless we control it. Looks to me like we substantially agree with one another, actually. I might, however, throw out an additional concept, which, to me at least, is a very significant consideration. The basic reasoning of our government with regard to individual rights has always been that rights are agreed on by society as a whole, and one of the social roles of government is to act both as protector and _arbiter_ of those rights. I think this shows through every time somebody talks about "trade-offs" -- this is government acting as arbiter, trying to enforce an assumed role as the body charged with deciding what rights _mean_ in a practical social context. Under many circumstances, this is an appropriate role: the government acts to protect free speech more often than it acts to suppress it, for instance. But the spooky illogic of Clipper comes, I think, from this model of rights as things the government can, but doesn't take away from its citizens. Cryptography breaks this paradigm, because privacy becomes something posessed by the citizen independent of the government's good will. Clipper is an effort to restore the traditional paradigm, to return the government quite literally to its traditional role of "keeper of the keys". It is a failure to recognize that the rules of the world are changing, and a failure to adapt. This is more frightening in a lot of ways than any "Nixon-esque" intrigue could ever be. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLXSzcffv4TpIg2PxAQGhMwP9EXJdIgj3vJVLYdavBon4GAPQF3lWDh/b E8nRToSPKR5iac7X3tmoEyl2AHiArneKgeqcdFh+1AZapfGyRl0iWQDZgQxlDMrt Vix9GxQ/wDVJTjopWyTIMFtgPz86B47ObRXi2doCG7od1+Rlw5rvwTARW0H4jUep ZvVsgmaOx+c= =R7+u -----END PGP SIGNATURE----- From lefty at apple.com Wed Mar 2 14:49:14 1994 From: lefty at apple.com (Lefty) Date: Wed, 2 Mar 94 14:49:14 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) Message-ID: <9403022248.AA01608@internal.apple.com> Eric Johnson writes: > > I was suggesting just the opposite. It obviously isn't a security > issue. I believe it is more of a first principles issue; "Thou > shall encrypt thy communications, lest thou draw attention to thy > self, and the right be removed by thine opponents." Am I missing something, or is this equivalent to saying that the way to oppose gun control is by brandishing a gun as much as possible? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From SJB8195 at ZEUS.TAMU.EDU Wed Mar 2 16:10:54 1994 From: SJB8195 at ZEUS.TAMU.EDU (Scott Beaudreau) Date: Wed, 2 Mar 94 16:10:54 PST Subject: Peace initiative Message-ID: <940302181035.2180273e@ZEUS.TAMU.EDU> Hello cypherpunks, Please consider my suggestions. Send flames via anonymous remail to /dev/null. I would like to see the following discussions end: 1. Attacks on Dr. Denning. (She is only an opponent, not Damien Thorn.) 2. Defense of Dr. Denning. (More important topics exist.) 3. Attacks of Ross Perot or his supporters. 4. Attacks on each other. I am more interested in these topics: 1. Corporations, money, and IRS. Sandy and others. 2. Rating systems. 3. Phone and fax security. 4. Clipper chip news. 5. Security software news. PGP Tools, etc. These ideas are simply my opinion. There is too much talent on this group to throw at flames. Casually yours, Scott Beaudreau From mike at EGFABT.ORG Wed Mar 2 16:14:12 1994 From: mike at EGFABT.ORG (Mike Sherwood) Date: Wed, 2 Mar 94 16:14:12 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? Message-ID: How do we go about explaining why clipper is bad to average joe 6-pack? I've noticed that most normal people seem to think the reasons against clipper are just paranoid concerns of a bunch of conspiracy theorists. Average joe 6-pack doesn't seem concerned that the government will have the keys to decrypt anything he does using a cellular phone with a clipper chip. Or in the key database were compromised, such things could be forged, but that's what average joe 6-pack sees as being the imaginations of a bunch of conspiracy theorists in action. How can this be explained to people who have a hard time differentiating a 5.25" floppy from a small paper plate? (Well, they couldn't do it 2 out of 3 times) If we can't effectively convince the average citizens that clipper is bad, they'll accept it because the government told them it is good and alternative crypto is bad because the only reason to hide something from our benevolent, democratic government(which is always acting in our best interests) is if we're hideous criminals. Any comments would be appreciated. -Mike -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From ejohnson at pmip.dist.maricopa.edu Wed Mar 2 16:20:35 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Wed, 2 Mar 94 16:20:35 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) Message-ID: <199403030019.RAA23965@pmip.dist.maricopa.edu> : Eric Johnson writes: : > : > I was suggesting just the opposite. It obviously isn't a security : > issue. I believe it is more of a first principles issue; "Thou : > shall encrypt thy communications, lest thou draw attention to thy : > self, and the right be removed by thine opponents." : : Am I missing something, or is this equivalent to saying that the way to : oppose gun control is by brandishing a gun as much as possible? : : -- : Lefty (lefty at apple.com) : C:.M:.C:., D:.O:.D:. If you replace the word "brandishing" with "carrying", I find nothing disagreeable about your sentence. RKBA and all that. ^ --Eric From wcs at anchor.ho.att.com Wed Mar 2 16:25:51 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 2 Mar 94 16:25:51 PST Subject: Increasing the encrypted/unencrypted ratio (was Re: Insecurity of public key crypto #1 (reply to Mandl)) Message-ID: <9403030024.AA01382@anchor.ho.att.com> > [List could use a PGP key where everybody shares the private key?] No point. First of all, anything that everybody on the list has isn't going to be a secret anyway; it'd get out, and who knows how many of the subscribers are really spooks anyhow. Second, the reason for using public-key systems is so you don't have to distribute secret information - if you're going to do that anyway you might as well distribute the secret key for a symmetric-key algorithm, such as "pgp -c". Third, the newer PGP versions can handle multiple recipients (unless I'm mixing it up with the plans for the next version?), so you can have the message encrypted once with one secret key, and N versions of the secret key (+a random string) encrypted with user i's public key. From pmetzger at lehman.com Wed Mar 2 16:29:03 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 2 Mar 94 16:29:03 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: Message-ID: <9403030028.AA22931@andria.lehman.com> Mike Sherwood says: > How do we go about explaining why clipper is bad to average joe 6-pack? You don't. They don't matter much anyway. Just concentrate on the people who matter. Contrary to popular belief, the people don't run this country. If we can convince Congress that this is a bad idea, the opinions of their constituents won't matter. Convincing the people who think is likely more effective than convincing the folks who hang out at Bowl-O-Rama anyway -- the congressmen don't care about the Bowl-O-Rama folks because they never vote anyway. Perry From hughes at ah.com Wed Mar 2 16:36:49 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 2 Mar 94 16:36:49 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: Message-ID: <9403030029.AA11533@ah.com> >How do we go about explaining why clipper is bad to average joe 6-pack? "When the national health care system decides that your beer is bad for you, they won't make beer illegal, they'll just raise your insurance rates. And because you can't protect your privacy they'll know exactly how much beer you buy." Substitute your favorite commodity above, such as motorcycle helmets, condoms, greasy food, cigarettes, or pronography. Eric From hughes at ah.com Wed Mar 2 16:39:56 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 2 Mar 94 16:39:56 PST Subject: Laziness? In-Reply-To: <199403022129.QAA28485@styracosaur.cis.ohio-state.edu> Message-ID: <9403030032.AA11554@ah.com> >Why announce to the world that I read >cypherpunks if I don't have to? This is one reason that we have not disable the 'who' command on the toad.com majordomo server. If you want the public not to know you're on the cypherpunks list, get and use an alias. >Point taken; but if you receive unencrypted mail on a multi-user >system, you're likely deluding yourself about its security as well. There are two issues here. I don't mind reading most mail on a shared machine, but I'm sure as hell not going to let my private key inside its RAM. Eric From tcmay at netcom.com Wed Mar 2 16:51:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 2 Mar 94 16:51:17 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: Message-ID: <199403030051.QAA05871@mail.netcom.com> Mike Sherwood writes: > How do we go about explaining why clipper is bad to average joe 6-pack? Well, there are many approaches to take. Most of us (sorry, Lefty, for speaking as a tapeworm :-} ) are totally opposed to Clipper and key escrow in all its forms, as I'm sure most readers of this list know. (A few defenders of Clipper have appeared here recently....draw your own conclusions about the overall sentiment of the list.) > I've noticed that most normal people seem to think the reasons against > clipper are just paranoid concerns of a bunch of conspiracy theorists. I've found just the opposite. Most of my non-crypto friends and family understand the issues once they are explained. We've made these points so many times before on this list, so I'll be brief. Mike and others will have to use their imagination to flesh these points out. (And the several excellent articles on crypto in "Wired," "Whole Earth Review," "Communications of the ACM," "The Village Voice," etc., are a good place to go for more details. Some of these article are available on-line.) Limiting crypto is analogous to: - requiring all letters to be written on postcards instead of sealed in envelopes (Phil Zimmermann came up with this one) - insisting that all locks on doors have their keys "escrowed" with the local cops, just in case the cops want to make a midnight "inspection" of your house. - outlawing window shades and other obstructions to those who are videotaping you through your windows. - requiring that all photo processing labs make a duplicate set of all photos and "escrow" them with the local Legion of Decency or Child Protective Services Agency, just in case child nudity or other evidence of criminality is suspected - "Diary escrow," in case one's diary is suspected of containing subversive writings or admissions of criminal behavior - bugging of church confessionals...for obvious reasons. I mean, if people are "confessing" their sins, shouldn't the police know? Dorothy Denning certainly thinks so. ....Use your imagination to construct similar analogies to educate your friends and opponents. The issues don't require any expertise in number theory or cryptology to comprehend. .... > clipper chip. Or in the key database were compromised, such things could > be forged, but that's what average joe 6-pack sees as being the > imaginations of a bunch of conspiracy theorists in action. How can this > be explained to people who have a hard time differentiating a 5.25" > floppy from a small paper plate? (Well, they couldn't do it 2 out of 3 > times) Don't phrase things in terms of computers, modems, floppy disks, etc. Use familiar examples, such as locks on doors and personal diaries. > If we can't effectively convince the average citizens that clipper is > bad, they'll accept it because the government told them it is good and > alternative crypto is bad because the only reason to hide something from > our benevolent, democratic government(which is always acting in our best > interests) is if we're hideous criminals. > Personally, I'm not fighting the battle of trying to convince my neighbors and folks I meet at the gym that key escrow is bad. We reach a lot more folks by talking to and educating journalists. I of course spoke to several of them before the Clipper thing broke. (But two of them got in contact with _me_ precisely because I'd written about the evils of key escrow half a year before Clipper was even announced....this meant their articles hit at the same time Clipper was hitting.) I recently spent 2 hours on the phone answering the many questions of a Southern California reporter who is writing a long article on crypto and Clipper that he hopes to resell to many other papers. I dwellt heavily on analogies like the ones I described above....he seemed to think these analogies will be easily understandable to his readers. The more contact I have with journalists (Levy, Kelly, Dibbell, Markoff, others), the more impressed I am. True, these are mostly science or computer-literate folks, but their overall grasp of the issues is impressive. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mech at eff.org Wed Mar 2 16:54:30 1994 From: mech at eff.org (Stanton McCandlish) Date: Wed, 2 Mar 94 16:54:30 PST Subject: digi-script? Message-ID: <199403030054.TAA29367@eff.org> Sorry I didn't find this sooner, but the info is still of interest even if the conf is over. Forwarded message: From arthurc at crl.com Wed Mar 2 17:09:48 1994 From: arthurc at crl.com (Arthur Chandler) Date: Wed, 2 Mar 94 17:09:48 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: <9403030029.AA11533@ah.com> Message-ID: If ol' Joe happens to read "Doonesbury," ask him what Duke would do if he held the Clipper key. From nates at netcom.com Wed Mar 2 17:45:50 1994 From: nates at netcom.com (Nate Sammons) Date: Wed, 2 Mar 94 17:45:50 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: Message-ID: <199403030146.RAA14530@netcom10.netcom.com> I have to agree with Time, etc that many of my friends say the equivilant of "what a stupid idea... it'll never pass" when I explain what the gov is trying to do to us. Some of my friends, however, think I am totally paranoid (not completely false) and that I should just chill out a bit. The problem is that many people say that clipper is so stupid it'll never pass, so they assume that their congress-critter will do the "right" thing and dump clipper. This is where most people fail. Our congress-critters are most likely *not* going to do the right thing, since their ears are being pulled by the NSA and the FBI, etc... who think that unless all of us are watched, we'll hurt ourselves or hurt eachother like a bunch of infants. -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From mike at EGFABT.ORG Wed Mar 2 17:55:00 1994 From: mike at EGFABT.ORG (Mike Sherwood) Date: Wed, 2 Mar 94 17:55:00 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: <199403030051.QAA05871@mail.netcom.com> Message-ID: tcmay at netcom.com (Timothy C. May) writes: > Well, there are many approaches to take. Most of us (sorry, Lefty, for > speaking as a tapeworm :-} ) are totally opposed to Clipper and key > escrow in all its forms, as I'm sure most readers of this list know. > (A few defenders of Clipper have appeared here recently....draw your > own conclusions about the overall sentiment of the list.) I also oppose the whole clipper/key escrow idea just because it's the governments' idea. The reason that makes it bad is because they have a lot more power to "promote" their "good ideas" whereas those of us out here have the option to choose if we're happy with des or if we'd prefer pgp. However, this is more of a religious issue than anything else, and the average people don't understand serious religious issues - they're too caught up on the silly ones that no one cares about like creation vs evolution. =) > - insisting that all locks on doors have their keys "escrowed" with > the local cops, just in case the cops want to make a midnight > "inspection" of your house. well, the cops can do that anyway with their magic door-breaking key. And as we've seen in the case of steve jackson games, they'd much rather break things apart than let people give them keys to open them. =) > - outlawing window shades and other obstructions to those who are > videotaping you through your windows. this applies to crypto in general. clipper gives this protection from everyone *BUT* law enforcement. how do we justify "hiding" everything from the police without giving the inference that what we want to keep private is illegal or highly questionable? I've found a lot of people more willing to assume the government's intentions are good than to accept that individuals are. > Personally, I'm not fighting the battle of trying to convince my > neighbors and folks I meet at the gym that key escrow is bad. any thoughts on an approach for bringing this to the attention of those people at the gym that don't care about crypto? or perhaps a speech to a captive audience that has to listen because it's a public speaking class that is part of silly required GE? =) -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From klbarrus at owlnet.rice.edu Wed Mar 2 18:19:24 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Wed, 2 Mar 94 18:19:24 PST Subject: MAIL: remailer list Message-ID: <9403030219.AA27285@flammulated.owlnet.rice.edu> Cypherpunks, I was just informed by Chris Walker that the remailer elee9sf at menudo.uh.edu is now down. If you send mail, it bounces with "this account is expired". Sheesh, in the space of two weeks I've lost all four remailers I had running at UH. Time to set up another ;) -----BEGIN PGP SIGNED MESSAGE----- Cypherpunk anonymous remailers, 3/3/94 Q1: What are the anonymous remailers? A1: 1: remailer at chaos.bsu.edu 2: nowhere at bsu-cs.bsu.edu 3: hh at soda.berkeley.edu 4: hal at alumni.caltech.edu 5: ebrandt at jarthur.claremont.edu 6: catalyst at netcom.com 7: remailer at rebma.mn.org 8: hfinney at shell.portal.com 9: remailer at utter.dis.org 10: remailer at entropy.linet.org 11: remail at extropia.wimsey.com NOTES: 1-3 no encryption of remailing requests 4-11 support encrypted remailing requests 11 special - header and message must be encrypted together 7,9,10,11 introduce larger than average delay (not direct connect) 7,9,11 running on privately owned machines 3 features USENET posting ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks/remailer directory at soda.berkeley.edu (128.32.149.19). chain.zip - program that helps with using remailers dosbat.zip - MSDOS batch files that help with using remailers hal's.instructions.gz - in depth instruction on how to use hal's.remailer.gz - remailer code pubkeys.tar.gz - public keys of remailers which support encryption pubkeys.zip - MSDOS zip file of public keys scripts.tar.gz - scripts that help with using remailers Or try the cypherpunks gopher site (chaos.bsu.edu) and look in "Anonymous Mail" for instructions. Mail to me (klbarrus at owlnet.rice.edu) for further help and/or questions. ====================================================================== Q3. Email-to-Usenet gateways? A3. 1: group-name at cs.utexas.edu 2: group.name.usenet at decwrl.dec.com 3: group.name at news.demon.co.uk 4: group.name at news.cs.indiana.edu 5: group-name at pws.bull.com 6: group-name at ucbvax.berkeley.edu NOTES: * This does not include ones that work for single groups, like twwells.com. * Remember to include a Subject: with your post, may cause failures if missing #6 blocks from non-berkeley sites (so use the berkeley remailers :-) ====================================================================== This is the remailer.data file I use with nestping, a script for pinging anonymous remailers: 01:n:remailer at chaos.bsu.edu 02:n:nowhere at bsu-cs.bsu.edu 03:n:hh at soda.berkeley.edu 04:y:hal at alumni.caltech.edu 05:y:ebrandt at jarthur.claremont.edu 06:y:catalyst at netcom.com 07:y:remailer at rebma.mn.org 08:y:hfinney at shell.portal.com 09:y:remailer at utter.dis.org 10:y:remailer at entropy.linet.org 11:s:remail at extropia.wimsey.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLXVIg4OA7OpLWtYzAQFp1gP9EBxByjifFHwNRzXo9/aBAOUlZeeLKlTe r8bDbVCsX3KH3DKPETGZrT5+KbTZOeNAJWbJXb+pv6LCPN0s9cMnQt9hf5znPaS0 ZbYz/JNaMGenqt+oZAy/xN1GWc+0UcuKEyr2dZrqrZB1be6Ilv2G77tIC1H1HZ1b 2GcsRMUair8= =/PYK -----END PGP SIGNATURE----- From rcain at netcom.com Wed Mar 2 18:48:31 1994 From: rcain at netcom.com (Robert Cain) Date: Wed, 2 Mar 94 18:48:31 PST Subject: Clipper (Re: Dorothy Denning) In-Reply-To: <9403020738.AA12338@anchor.ho.att.com> Message-ID: <199403030249.SAA28948@netcom9.netcom.com> bill.stewart at pleasantonca.ncr.com +1-510-484-6204 sez: > > I disagree. My opinion is that the axioms involved are Me too. I would like to substitute a bit. > 1) We're in power, and want to stay there. No argument there. :-) > 2) Some kinds of technology greatly enhance our power if we control them. 2) Some kinds of technology greatly enhance the power of those that are ruthless and dangerous. > 3) Crypto Technology is a major threat to our power unless we control it. 2) Crypto technology could well be a major threat to the world's safety unless we control it. > 4) Maybe we can stop it if we act quickly, at a cost to society > that's low enough that we won't cause a major revolt 4) Maybe we can stop it if we act quickly while still providing society the benefits it wishes. > 5) If we pull that off, the success will help consolidate our power. 5) If we pull that off, the success will help protect society from being disrupted, damaged or held hostage by those wishing power. > 6) The public believes almost anything we tell them, at least for a while, > as long as we sound sincere. 6) The public feels we are interested in their private lives and we must change that perception toward our actual concerns. > > > Clipper is just the kind of woefully clueless thing people in > > that position would come up with. > > It's not at all clueless. It's offensive, unAmerican, and probably > won't win, but there's a subtle malignity to it that's almost > Nixonesque in its cleverness, and it's tacky enough they may be > able to pull it off. It's not at all clueless, offensive or unAmerican and it still probably won't win. It represents nothing more or less than a studied and earnest offer of a method that can compromise so as to give society the potential benefit of the technology while also giving us the protection that it is and has been their job to give. All that they can do in fact, and they know this, is to attempt to persuade people to voluntarily leave them with that ability. The most valuable thing that Clipper is doing I think is showing the unscrupulous and scrupulous within government (and I still believe the unscrupulous to be a small subset even though I think there are entire agencies without scruples) what messing with the people in the fashion of unconvicted forfiture, can cause. I mean c'mon, who is going to believe that a group who can and will take all of a person's belongings and sell them before convicting the person and not return them on aquittal will stop short of arbitrary, fishing expedition privacy invasion? I hope that those in the NSA, the intelligence community and the military, who see the now potentially disasterous consequences of the actions of a few of their cousins in government like the DEA, will slap them around a bit. They could ya' know. If it were not for clowns like those who have seeemed to a very large segment of society to have run totally amuck I think there would not be the sturm and drang that this issue now stirs up in groups like this. You men and women in and close to government who are sincerely concerned about crypto for good reason don't have to look very far to see who created this problem for you. What comes 'round goes 'round is the lesson here. I just hope the lesson isn't as harmful to student and teacher alike as it has the potential to be. Peace, Bob -- Bob Cain rcain at netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------ From klbarrus at owlnet.rice.edu Wed Mar 2 20:05:11 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Wed, 2 Mar 94 20:05:11 PST Subject: LIST: encrypted Message-ID: <9403030405.AA05697@flammulated.owlnet.rice.edu> About receiving this mailing list encrypted.... I beleive Hal Finney is (was?) offering such a service. Basically you send in your public key, and Hal pipes all list mail through pgp and remails it you, from one of his anonymous remailers. I don't think many people opt for this :) but the option is there (unless Hal isn't offering it anymore). He'll probably answer when he reads the list mail! -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From dan at kypris.com Wed Mar 2 20:36:10 1994 From: dan at kypris.com (Daniel A. Nichols) Date: Wed, 2 Mar 94 20:36:10 PST Subject: help getting files off csn.org??? Message-ID: <9403030156.AA10552@kypris.com> Hey all! Can someone help me out as to how to get the pgp-related stuff off csn.org? Unfortunately I don't have real ftp, only ftp through the ftp-mail-server. I have grabbed the README.MPJ file and immediately sent an ftp request to get files from the ever-changing I_will_not_export/??? directory, but get back a "no such directory". How often does the directory name change? Am I just not going to be able to get them through ftp-mail requests? Thanks, Dan --- Daniel A. Nichols Voice: (214) 307-0474 Kypris Software Systems Fax: (214) 306-3409 2601 Frankford Rd. #2703 E-Mail: dan_nichols at kypris.com Dallas TX 75287-4517 NeXTMail Welcome! From CCGARY at MIZZOU1.missouri.edu Wed Mar 2 20:57:24 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 2 Mar 94 20:57:24 PST Subject: Standard for Stenography? Message-ID: <9403030457.AA05934@toad.com> Firstly, congratulations for Sergey Goldgaber's stubborn pushing of this topic, for Bill Stewart's observation: "simple stego-programs, stealthy encryption programs", & for Norman Hardy's notice of the possibility of non-randomness in the low order bits of pixels. Here are my proposed standards & suggestions for stenography. 1. The stenography module is just a simple program for inserting data into a picture. The data is not plaintext! Ideally, stealth pgp is the encryption method. There should be no clever variable positional stenography. No security through obscurity. No "TOWERS of BABBLE". It must be standardized for easy conversation. I agree with Bill Stewart on this: simple stego programs, stealthy encryption programs. 2. The 1st position of the stenography is defined as the 1st pixel transmitted or received. The 1st several pixels should make up the header. The header should be of a fixed size with fixed sized & positioned fields. The header follows: 1____6 7_________17 18>>>>>>> checksum; "STENOGRAPHY"; the encrypted text The numbers refer to pixels. One bit of encrypted data per pixel. The 1st field is a checksum particular to that RSA key. The 2nd field consists of the word "STENOGRAPHY" in caps. The remainder is devoted to the encrypted msg. itself. The checksum is a standardized checksum method that has the same checksum as the RSA key. You need this in case you have given out several public keys. The checksum may also be an integral multiple of the RSA key. The reason for the checksum is in case the recipient has multiple keys, this will help him select the correct one without using huge numbers of cycles. Only 6 bits are used since that would be all that would be necessary & to eliminate the possibility of a huge number that would be large enough to constitute a legal proof. Also, by using a small number, investigators are not given much of a clue. By allowing integral multiples, you allow a fairly large number of keys but also stop small numbers from popping up a lot - no statistical suspensions! The reason for the "STENOGRAPHY" field is to assist your computer in determining if this is a stenography file & that the correct key was chosen without attempting to decrypt the whole file. I know that this presents the possibility of a small "known plaintext attack", but a good encryption system should stand up to such an attack. RSA can ... can't it? 3. No "lossy" picture methods! Two methods immediately suggest them -selves: JPEG & GIF. JPEG is ordinarily a lossy method but I am told that it has a no loss option. GIF is not a lossy method. I hear that JPEG has the ability to carry more bits per pixel than GIF so I would suppose JPEG. Also, while earlier I suggested 1 bit of encrypt per pixel it may be cool to use more. 4. Norman Hardy has suggested something that I have wondered about: are low order bits of pixels really randomly distributed? You graphic/ statistic ace's out there need to check this out & inform us. Possibly, some methods do & some don't? Inquiring cypherpunks need to know! I don't know too much about graphics, so I could use a lot of help. 5. What are the best pictures to use? I would suggest soft focus pin- up girls, mountain ranges, clouds, fields of grain, dense vegetation. Would soft focus help in all these types? note: I think kiddie-porn would be a bad idea. The above suggestions support the stealth method- strong encryption- simple stenography- public key- standardized model. If I have missed anything or you have a better idea, please let us know. Yours Truly, Gary Jeffers From unicorn at access.digex.net Wed Mar 2 21:25:43 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 2 Mar 94 21:25:43 PST Subject: Dorothy Denning Message-ID: <199403030525.AA29615@access1.digex.net> -> Chill... I thought that our prime objective was to defeat Clipper... even if you don't like Ross, he does have some pull with the people of this country, and that's what we need... we need the *PEOPLE* to fight Clipper. We need the fight not to just be "a group of civil libertarians", but the general populous. Maybe Ross isn't the answer, but at least I've taken a real step to try to oppose Clipper. What the hell have you done, Black Unicorn? Anthony <- In the circles I travel in Mr. Perot is considered a dangerous paranoid. I agree he has the ear of some *PEOPLE* (as you so nicely put it) but as much as you fear the branding of the anti-clipper movement as JUST "a group of civil libertarians," it is possible that there are other brands just as destructive to credibility. Mr. Perot is in my opinion represenative of one such brand. The Good Perot Keeping Seal might sink the "general populous" boat we would so much like to travel on. As far as your efforts in this matter v. mine, Anyone can post some messages to the list Mr. Ortenzi. -uni- (Dark) From rarachel at prism.poly.edu Wed Mar 2 21:39:03 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 2 Mar 94 21:39:03 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: <9403030029.AA11533@ah.com> Message-ID: <9403030526.AA17582@prism.poly.edu> > "When the national health care system decides that your beer > is bad for you, they won't make beer illegal, they'll just raise your > insurance rates. And because you can't protect your privacy they'll > know exactly how much beer you buy." > > Substitute your favorite commodity above, such as motorcycle helmets, > condoms, greasy food, cigarettes, or pronography. How soon would it be before they will decide that anyone who is afraid of what the NSA and its fans must be paranoid, so paranoid that they must be insane and thus, must be put in a mental institution because they are a danger to themselves and others. Never mind that there aren't any mental institutions left, they can reopen them. Oh, and anyone who disagrees with King Kongress and Billary must also be insane, why would anyone disagree with the direct descendents of the Gods! :-) From jef at ee.lbl.gov Wed Mar 2 22:32:48 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Wed, 2 Mar 94 22:32:48 PST Subject: Standard for Stenography? Message-ID: <9403030632.AA13653@hot.ee.lbl.gov> > Firstly, congratulations for Sergey Goldgaber's stubborn pushing of >this topic, for Bill Stewart's observation: "simple stego-programs, >stealthy encryption programs" I disagree with pretty much everything in your message, and since I'm the one who opened the topic and who is writing the code, my opinion would seem to count for quite a bit more than yours. I'm not going to repeat the reasons why the kind of standard you propose is a bad idea, you can fetch the messages as easily as I can. Cc:ed to the list only so that no one thinks Gary's proposal was accepted. The permutation idea remains the best. By the way, this discussion is an example of something I have labelled the "silence is invisible" phenomenon. It goes like this: there's a discussion; some of the participants work out an answer, and as far as they're concerned the discussion is over. However, other participants don't understand the answer, and keep on talking. In a physical meeting, the talkers would notice the annoyed looks on the faces of everyone else; or if the meeting had a good facilitator, he or she would catch on to the misunderstanding and correct it; but in cyberspace, those feedback mechanisms don't happen. --- Jef From rarachel at prism.poly.edu Wed Mar 2 22:53:03 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 2 Mar 94 22:53:03 PST Subject: PC Expo, Mac World, Comdex, etc... Message-ID: <9403030641.AA18606@prism.poly.edu> If a few of us who have a bit of money to spend on disks and duplication could come together (or work apart) we could just go out infront of PC Expo, or any other expo and simply hand out free disks with stuff like PGP, SecureDrive and whatever else, maybe even include a flyer with info about getting more info on issues like clipper and such... Perhaps some sort of self running hypertext demo to show analogies, say via a caricature of Dorothy Denning or Billary Clingon trying to install bugs in the phones of the viewers, cameras in cable TV boxes, microphones in bathrooms etc, all bearing the word "Clipper" on them... :-) (The distribution method isn't my idea, a dude who runs or works for an internet mail/news only carrier approached me and gave me a flyer...) "Get your free PGP disks here, learn about how Uncle Sam is spying on your privacy, etc..." :-) Now for some rude awakenings to follow... are there any laws against handing out >FREE< disks to people exiting or entering a convention center? (hopefully not too many.) Putting up an informercial will reach a lot of people who couldn't care less. Putting this stuff in the hands of those who have the interests of big business will reach a wider bit of the people we need to reach. From rarachel at prism.poly.edu Wed Mar 2 23:15:33 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 2 Mar 94 23:15:33 PST Subject: Missing(??) April 94 DDJ!!???!!??? In-Reply-To: Message-ID: <9403030703.AA18870@prism.poly.edu> Speaking of DDJ's nice crypto articles for April 94, I just had a truly weird thing arrive in the mail today. It was a plastic mailer bag from DDJ which contained Vol 1., Issue 1. of DDJ's Developer Update. The plastic envelope was larger than needed for such a mailing. All the bag contains is the 8 page Dev. Update issue and a card with my name and the return address for the snail mail folks to be able to process the package. There was NOT any April 94 issue of DDJ. Have I been ripped, or did DDJ goof, or was this mailing supposed to contain only the 8 page thinggie??? If anyone receives their DDJ April 94 issue >ALONG< with the developer update, please let me know so I can bitch. :-) If anyone received the same package without the DDJ issue, I ask that you also let me know so that I silence myself patiently for the DDJ April 94 issue. :-) However, one nice thing is that one of the aside boxes at the left side of the 8 page thinggie has "Crypto Chip Debuts." This is on the cover under News Briefs. Okay, it's small, I'll type it: "National Semiconductor has released the iPower encryption chip which is designed for use in PCMCIA cards and provides a range of security features. The chip can encrypt via multiple encryption algorithms (none listed) and will self destruct upon any tampering attempt, using a self contained chemical. Cards that use the iPower chip can also provide additional functions such as tracking users access times. The iPower division is based is (sic) Santa Clara, CA 408-721-8797." #include From rarachel at prism.poly.edu Wed Mar 2 23:31:57 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 2 Mar 94 23:31:57 PST Subject: on international transmissions In-Reply-To: <9403012200.AA08101@ah.com> Message-ID: <9403030719.AA18965@prism.poly.edu> <> Another scenario. Suppose Person A has a unix account they don't use very often. Say once every few months. Suppose person X is a hacker and breaks into Person A's account. Person X then sets up a small program that acts as a remailer, *BUT* in a very specific way. This remailer looks for a particular message, specifically the requested cryptographic software sent from person B who is a crypto author. Person X is outside of the USA and has grabbed many many accounts and has installed similar programs on each machine, which strip out all headers of forwarded mail, and encrypt/stego all traffic through them. Person X wants to get his hands on a new, but very strong cypher or interesting program that he doesn't have. So through his captured accounts whose profieles match person A's, he manages to set up the transaction and receive the software. The remailer programs have a very specific code in them that when triggered will remove all trace of their existence within the captured accounts. (ie: the program rm's itself and overwrites the original .login file to the one person X has hacked.) In other words, he gets his hands on the software, sends the kill code to one mailer which sends it on to the next and kills itself, all mailers die. The resulting trail is a long, but quickly disappearing one. Nevermind that the odds are that Person X willbe caught before he manages to set up his "network" and all that. Cliff Stoll is/was an exceptional sniffer with a lot of time on his hands talking to deaf ears until he talked through a megaphone and was taken seriously. The law in theory has been broken. In practice, Person C, F, and N, are pretty much out of luck, unless they get some other breaks leading to person X. :-) Now suppose that Person A = Person X. Would you say that person A has an aliby that his account had been hacked in and he wasn't aware of it until a few months later his password mysteriously appeared in 2600 or Phrack or elsewhere and a few people told him of the "breech" of security? :-) Okay, that's it, time for me to get some sleep. Too many theoretical, useless schemes. A true sign of sleep deprivation. From tcmay at netcom.com Thu Mar 3 00:32:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 00:32:23 PST Subject: Standard for Stenography? In-Reply-To: <9403030457.AA05934@toad.com> Message-ID: <199403030833.AAA29880@mail.netcom.com> > Here are my proposed standards & suggestions for stenography. > > 1. The stenography module is just a simple program for inserting data > stenography. No security through obscurity. No "TOWERS of BABBLE". > 2. The 1st position of the stenography is defined as the 1st pixel > checksum; "STENOGRAPHY"; the encrypted text > consists of the word "STENOGRAPHY" in caps. The remainder is devoted > The reason for the "STENOGRAPHY" field is to assist your computer in > determining if this is a stenography file & that the correct key was Wasn't stenography standardized in the last century? Or am I thinking of shorthand? Though I avoid spelling flames, the repeated confusion of steganography ("covered/hidden writing") with what court reporters and secretaries do is really getting to me. And the statistics of the low-order bits in various sorts of images were discussed about six months ago here, by various folks. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 3 00:56:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 00:56:08 PST Subject: What's Wrong with the List In-Reply-To: <9403030632.AA13653@hot.ee.lbl.gov> Message-ID: <199403030856.AAA02891@mail.netcom.com> I agree completely with Jef Poskanzer's observation: (Ironically, experienced list members generally avoid "I agree" comments, which means disagreements over the basics generally get more "air time" than agreements. This is a related point to the one Jef is making, and is the reason I'm speaking up here to agree with him.) > By the way, this discussion is an example of something I have labelled the > "silence is invisible" phenomenon. It goes like this: there's a discussion; > some of the participants work out an answer, and as far as they're concerned > the discussion is over. However, other participants don't understand the > answer, and keep on talking. In a physical meeting, the talkers would > notice the annoyed looks on the faces of everyone else; or if the meeting > had a good facilitator, he or she would catch on to the misunderstanding > and correct it; but in cyberspace, those feedback mechanisms don't happen. An important observation! I'm sure many of us who've been on the list for a long time (since the start for many of us, without a break!) are feeling frustrated at the same old tired topics being aired and--worse--the same old errors being promulgated. Supposedly new ciphers, rehashes of TEMPEST, continuous explanations of "stenography" by people who don't know how to spell it, and so on. Every one of these tired topics get rehashed every month or so by a new "entering class." Since there's no moderation, the "senior class" can't really stop the freshmen from going on about some pet theory. (Not to trash pet theories, you understand. We all have them. I just want to _again_ encourgage newcomers to do several things. First, read the list for a while--perhaps a month--before making serious posts. Second, read some of the crypto literature. Third, read sci.crypt and talk.politics.crypto and bear in mind that this list is not meant to be a substitute for either. Fourth, read what other people write and carefully think about the implications. That ought to do for starters.) When the list had 300 people, a year or so ago, this was beginning to be a problem, but at least the topics were relatively fresh for many folks. Now, a year later, there are more than 750 people on the list. A continuous input of new subscribers. A constant stream of rehashed ideas and perpetuated mistakes. (Don't get me wrong, though! Some new ideas and new code from folks like Product Cypher have been fantastic! But a lot of newcomers seem unaware of the basics of crypto and want to "share" their thought processes with all 750 subscribers. Some are even speaking favorably of Clipper and key escrow....one wonders why they are on this list.) Anyway, I don't want to sound like I'm dismissing newcomers to the list. I'm just agreeing with Jef's observation and suggesting that too many topics are being taken over by the "clue challenged." Read the literature! Or at least parts of it. Read the stuff in the Cypherpunks archive site (soda.berkeley.edu, in pub/cypherpunks), including the "Glossary" that Eric Hughes and I put together for the first Cypherpunks meeting in September, 1992. Yes, a FAQ is sorely needed. I'm still working on a FAQ for this list, but I fear it will largely go unread by many of the folks who need to read it the most. Please prove me wrong. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 3 01:21:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 01:21:12 PST Subject: What's Wrong with the List--Part 2 Message-ID: <199403030922.BAA05223@mail.netcom.com> While I'm on a rant about what's wrong with the way the list is going, let me mention another serious problem: * People who want others to "do more." It seems that every few months someone starts loudly whining that others are not doing enough. This is very grating. For example, Detweiler started down his path to neurosis by begging and pleading for folks on the list to do more to help fulfill his vision of a "whisteblowing" group (note that others had discussed this idea, too, so Detweiler cannot claim all the credit). His pleas were eventually answered by Miron Cuperman, who went ahead and newgrouped "alt.whistleblowing" or similar. This is, by the way, now an essentially zero traffic group. More recently, "Xenon" got it into his head that the most important project in the universe was "Stealth PGP." Again, a good idea (and one that Phil Zimmermann, Kelly Goen, and others were calling by that exact same name more than a year ago). But Xenon figured that if he excoriated us enough for not immediately implementing his vision, we'd eventually work on it. He flamed out after a brief stint on the list and says he is now unsubscribed. (Which is too bad, as he had some good ideas. His problem is that he got _too excited_ about some particular ideas. Yes, getting "too excited" can be a problem: when one exhorts others to do the work one cannot or will not do oneself. In other words, badgering, lecturing, and moralizing. Xenon apparently came to see the lack of a rush to his flavor of steganography as some sort of failure of will by the Cypherpunks, and unsubscribed.) These are the dangers. Whenever I feel the urge to exhort others to work harder and longer at some task, I think about this situation. (I have no problem with political rants, exhorting folks to adopt my point of view on something. But I avoid--I hope--asking others to do work that I am unwilling or unable to do. It just isn't right. If one wants others to do something concrete, a less "bossy" approach is called for, and one should be prepared to give something in return.) Closely related to this issue is the habit some have of talking about what "we" have decided "our" goals are and how these goals of "ours" should be fulfilled. (As a sidenote, L. Detweiler kept asking what the "Cypherpunks goals" were and what the "leaders" expected to be done. When many folks told him in no uncertain terms just what kind of anarchy the List is, poor Detweiler just couldn't handle it. I think "control freaks" like Detweiler want plans, want others in harness to fulfill these plans, and want to boss others around.) I'll stop with the rants for now. Take my comments any way you like, but I hope they are taken in the spirit in which they are given--as honest observations of some of the problmes affecting a list with nearly 800 subscribers. Cheers! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 3 02:08:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 02:08:33 PST Subject: HUMOR: Sternlight on the CPSR Clipper Petition Message-ID: <199403031009.CAA09426@mail.netcom.com> Cypherpunks, And now for some humor amidst my rants. This is a post I did that makes light of David Sternlight's bizarre assertion that the anti-Clipper petition of the CPSR contains few valid signatures because he, David Sternlight, asked those who signed the petition to send him e-mail....and he only got 35 responses! QED, the CPSR either faked the signatures or others forged messages. (Sternlight even cites "cypherpunks" as likely culprits, noting that they are skilled at creating phantom identities....I guess Detweiler was listened to by at least one kindred soul.) The methodological flaws in Sternlight's line of reasoning are too obvious to go into here, and Sternlight has sunk to a new low in terms of respect. His claims that he was recently a senior government policy advisor give me new insights into why the government is as screwed up as it is. Finally, I've avoided flaming Sterno in public, and I had some qualms about kicking him while he's so much of a fool over this issue, but my satirical urges got the best of me. Here it is: Newsgroups: comp.org.eff.talk,alt.privacy.clipper,alt.security.pgp,talk.politics.crypto,alt.security.ripem,alt.fan.david-sternlight From: tcmay at netcom.com (Timothy C. May) Subject: Re: CPSR Clipper Petition test results Message-ID: Date: Thu, 3 Mar 1994 09:50:47 GMT Matt Austern (matt at physics2.berkeley.edu) wrote: : The US government claims that over 100 million people voted in the : 1992 Presidential election. Fewer than 50 people, however, personally : told me that they voted in that election. : It won't play, fellas. 50 people out of 100 million? Clearly, this : supposed "election" didn't really happen. This effect is far more widespread than you suspect. Several days ago I posted a request in rec.skate for people to send me e-mail if in fact they watched the Olympics--any or all of it. While the pundits at CPSR (Central Polling for Sports Research) would have us belief that _more than_ 100 million Americans (which is "many" but not "most") watched some or all of the Olympics, I received a paltry 3 responses, and one of these was a string of moronic insults, so I really only count 2 valid response. Could 100 million Americans have watched the Olympics if I only received 2 valid responses to my poll? My many years advising the government in senior policy postions, and my Ph.D in statistics tells me "Not on your life." Applying the Black-Scholes significance test (with a quartile scatter factor normalized to the Kolmogorov constant), I have concluded that the actual number of Olympics watchers was 135 plus or minus 7.32. I thus conclude that CBS, the Olympic Committee, the Tonya Harding Kneecapping Club, and the ever-treacherous CPSR are all lying to us! I will, however, not discuss this matter any further! (At least not until I do.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From kryten at shell.portal.com Thu Mar 3 02:23:22 1994 From: kryten at shell.portal.com (Greg - Kucharo) Date: Thu, 3 Mar 94 02:23:22 PST Subject: Hands On Action Message-ID: <199403031024.CAA24935@jobe.shell.portal.com> > Thanks for your posts Tim.They really got me motivated.Indvidual action gave > us the rights we now enjoy and are threatned.Invidual action will save them > from extinction.When George Washington got fed up with the British slagging > on his rights he didn't sit around a Mt.Vernon getting stoned with Martha > and saying how nice it would be if those lackeys down in Boston would kick > the Redcoats out.He got his musket,saddled his horse and marched his army to > get them out himself,and make way for The Constitution.I don't have a musket > or a horse,but I do have a computer,knowledge of programming and a Computer > Club.It took awhile,but the DeAnza Computer Club is now educated in PGP and > we now turn to our fellow students.As young Americans we arent as used to > being jerked around by our government,and we don't intend to start getting > used to it.I will probably spend a great deal of my adult life on the network > I'll need my rights in there just as much as outside. > Since I have educated my fellow club members and forwarded List posts to them > we are going to start writing crypto programs for use here on campus and on > our club machine.If everyone takes up Crypto arms,we can drive out the Redcoats > and make George proud. From michael.shiplett at umich.edu Thu Mar 3 02:42:53 1994 From: michael.shiplett at umich.edu (michael shiplett) Date: Thu, 3 Mar 94 02:42:53 PST Subject: Missing(??) April 94 DDJ!!???!!??? In-Reply-To: <9403030703.AA18870@prism.poly.edu> Message-ID: <199403031041.FAA17053@totalrecall.rs.itd.umich.edu> "ara" == Arsen Ray Arachelian writes: ara> Speaking of DDJ's nice crypto articles for April 94, I just had a ara> truly weird thing arrive in the mail today. It was a plastic ara> mailer bag from DDJ which contained Vol 1., Issue 1. of DDJ's ara> Developer Update. The plastic envelope was larger than needed ara> for such a mailing. All the bag contains is the 8 page Dev. ara> Update issue and a card with my name and the return address for ara> the snail mail folks to be able to process the package. My Dr. Dobb's Developer Update contained a sheet of paper which stated DDDU is a new monthly update to the magazine in order for DD to cover "timely, ... news & industry oriented, ... product specific" information. The April DDJ arrived yesterday. michael From werner at mc.ab.com Thu Mar 3 04:04:26 1994 From: werner at mc.ab.com (tim werner) Date: Thu, 3 Mar 94 04:04:26 PST Subject: Standard for Stenography? Message-ID: <199403031204.HAA23056@sparcserver.mc.ab.com> >Date: Wed, 02 Mar 94 22:32:39 PST >From: Jef Poskanzer > > In a physical meeting, the talkers would >notice the annoyed looks on the faces of everyone else; Don't forget the pleased looks on the faces of people who are glad to see that Jef P is working on stego. :-) From unicorn at access.digex.net Thu Mar 3 04:07:43 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 3 Mar 94 04:07:43 PST Subject: Standard for Stenography? Message-ID: <199403031207.AA10243@access3.digex.net> -> The reason for the "STENOGRAPHY" field is to assist your computer in determining if this is a stenography file & that the correct key was chosen without attempting to decrypt the whole file. I know that this presents the possibility of a small "known plaintext attack", but a good encryption system should stand up to such an attack. RSA can ... can't it? <- The problem with your approach (I believe) is that if MY computer can (without an attempt at desteging and decryption with the proper key) tell the file is a stego file, then anyone can filter all traffic and just pick out the stego files. This of course removes half (or most) of the incentive to use stego in the first place. The flaw in your basic motivation is that you place processing speed at a higher value than security. Even if the only loss were a small known plaintext attack potential, it still is not worth (IMHO) the security shortfall that results. Have I misunderstood your suggestion? -uni- (Dark) From unicorn at access.digex.net Thu Mar 3 04:22:21 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 3 Mar 94 04:22:21 PST Subject: MacPGP a plant? Message-ID: <199403031222.AA10439@access3.digex.net> Now I'm sure I'm jumping to conclusions, but consider the following: 1> The MacPGP2.3 source is, as near as I can tell, unreleased and unavailable. 2> The output from MacPGP2.3 is easily distinguishable from MSDOS output. (MacPGP headers all messages with "Version 2.3" and not "Version 2.3a") 3> The signature file intended to show the applications is intact from the author is not included with the compressed application on any of the sites I have seen MacPGP2.3 on. The implications are left as an exercise for the reader. MacPGP2.3 has been in release for some time now, yet no one has commented (that I have seen) on the absence of a signature file or detached signature with the release. Is this because I just can't find the signature, or is there no signature available? -uni- (Dark) From anonymous at extropia.wimsey.com Thu Mar 3 05:11:15 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 3 Mar 94 05:11:15 PST Subject: "Children's Letters to Benificent Stalin" Message-ID: <199403031232.AA17647@xtropia> Uu> URBANA -- A University of Illinois student has been arrested for Uu> threatening the life of President Clinton, U.S. Attorney Frances Hulin Uu> announced today. Uu> Christopher James Reincke, 18, of Townsend Hall, Urbana, Uu> allegedly sent an electronic mail message to the White House on Dec. 4 Uu> threatening Clinton, Hulin stated in a press release. About all this proves is that whitehouse.gov reads their e-mail after all, bless their little cotton socks, but one has to use a bit of heavy rhetoric to get any attention. As has been mentioned in another forum, there are Federal laws that require immediate and vigorous investigation of any threat made on the life of the president, serious or not. I am curious as to the practicability of using this (not personally, mind you) as a "barium test" of encryption and remailer security. "Barium" is the old British intelligence term for inserting a dummy message inside normal "secure" communications channels as a check. The content of this message would be so explosive that if the opposition had compromised the communications system, a certain, observable reaction would be forthcoming. To my knowledge, no serious barium testing has been done of either the remailers or PGP, among other "secure" privacy measures. The Sacramento child-molestation case seems to indicate that if PGP was compromised by law enforcement assets (to FBI level in that particular case) this fact would not be revealed for a purpose as politically-insignificant as breaking up a child molestation ring. From pfarrell at netcom.com Thu Mar 3 05:25:55 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 3 Mar 94 05:25:55 PST Subject: DC 'punks meeting Message-ID: <30511.pfarrell@netcom.com> I'm willing to try to russle up a suitable place for a physical meeting in the DC area in parallel with next Sat's politically oriented left coast meeting. But the number of folks attending will change where I can hold it. If you are interested in attending a DC-area meeting next Saturday, 3PM EST until 5 or so, please send me email. Thanks Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From m5 at vail.tivoli.com Thu Mar 3 05:45:20 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 3 Mar 94 05:45:20 PST Subject: Clipper (Re: Dorothy Denning) In-Reply-To: <199403030249.SAA28948@netcom9.netcom.com> Message-ID: <9403031345.AA23344@vail.tivoli.com> Robert Cain writes: > > 2) Some kinds of technology greatly enhance our [the > > government's] power if we control them. > > 2) Some kinds of technology greatly enhance the power of those > that are ruthless and dangerous. Gee, these statements seem kinda similar... > > 3) Crypto Technology is a major threat to our power unless we > > control it. > > 2) Crypto technology could well be a major threat to the > world's safety unless we control it. I don't understand why I can't participate in making that decision. Why should I trust the government to do so in a way that's even close to representing my values? Isn't this supposed to be a representative democracy? How did such decisions get moved out of the realm of public debate? > > 4) Maybe we can stop it if we act quickly, at a cost to society > > that's low enough that we won't cause a major revolt > > 4) Maybe we can stop it if we act quickly while still providing > society the benefits it wishes. Uhh... I'd rather not pay my government to "provide" me with "benefits" like privacy; I'll take care of that myself, thanks. > > 5) If we pull that off, the success will help consolidate our power. > > 5) If we pull that off, the success will help protect society > from being disrupted, damaged or held hostage by those > wishing power. Says who? Why should I believe it? > > 6) The public believes almost anything we tell them, at least for > > a while, as long as we sound sincere. > > 6) The public feels we are interested in their private lives > and we must change that perception toward our actual > concerns. Yea right. Pull the other one. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From habs at warwick.com Thu Mar 3 07:00:51 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Thu, 3 Mar 94 07:00:51 PST Subject: DC 'punks meeting Message-ID: <9403031605.AA00267@uucp.warwick.com> Pat Wrote: > I'm willing to try to russle up a suitable place for a physical > meeting in the DC area in parallel with next Sat's politically oriented > left coast meeting. But the number of folks attending will change > where I can hold it. I can't make that meeting, but I will be in the Baltimore area on the weekend of 19th. hakw Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From KEPERRIER at setpoint.com Thu Mar 3 08:03:10 1994 From: KEPERRIER at setpoint.com (Kent Perrier) Date: Thu, 3 Mar 94 08:03:10 PST Subject: Need info on Encyption book Message-ID: <9403031603.AA13543@toad.com> Hi all, I have joined the "Small Computer Book Club" and in their "Top 10 Best Sellers" is a book by Gilbert Held called _Top_Secret_ - Data Encryption Techniques. Below is the text description: "Learn how to get people the information they need...without prying eyes getting a look at it, too. This book/disk package introduces you to techniques you can use to secure messages transmitted over internal company networks or public electronic message systems. You'll learn how to protect your communications with techiques for transposing characters in text, replacing characters, with new ones, using arrays, and more. Plus, your free disk features source code for the book's enciphering programs. Softcover, with 3.5" disk. 218pp 1993." Has anyone heard of this book and is it with the $19.95 that they want for it? Thanks Kent Perrier keperrier at setpoint.com (work) kperrier at neosoft.com (play) Corporations don't have opinions, people do. These are mine. PGP 2.3a Public Key available by request From hughes at ah.com Thu Mar 3 08:03:41 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 3 Mar 94 08:03:41 PST Subject: "Children's Letters to Benificent Stalin" In-Reply-To: <199403031232.AA17647@xtropia> Message-ID: <9403031554.AA00897@ah.com> >To my knowledge, no serious barium testing has been done of either the >remailers or PGP, among other "secure" privacy measures. And a good thing too for the remailers, since they're not secure yet. This is not a problem, however. There are two often overlooked aspects of crypto deployment that the current remailers satisfy nicely: 1) People have to get in the habit of using security tools. 2) The non-cryptographic software infrastructure has to support security tools. For practical purposes, these two aspects are more important than the actual security of the systems created, because the best system is worthless if it goes unused. The remailers work sufficiently well to satisfy these two criteria, well enough to support transparent encryption and remailing in the mail user agents, e.g. elm, rmail. Unfortunately, progress along these lines has been slow. The problem is not primarily technical, however. The way I see it, this is yet another manifestation of one of the really bad social values in the Unix and Internet community. Namely, that integration and ease-of-use just aren't cool. Value and respect are accorded to those endeavors which require high levels of abstractional difficulty or complex optimizations, not to the person who rights an auto-installation routine. There is something of a contempt for the person who's installing software if they can't just tweak the Makefile or some configuration headers a bit. Very few programs don't take some greater or lesser skill as a programmer in order to get working. And Unix-lovers wonder why more people don't use Unix. This hierarchy of value mimics society at large, where design engineers are accorded much more respect that manufacturing engineers. A design engineer creates a nice product and gives it to someone lower on the chain to figure out how to make. This is changing somewhat, but the placement of design over manufacture is still firmly in place. Let me praise Sameer Parekh here for writing an auto-install script for the current remailer. His work is not finished, but it's better than nothing. Also let me critique the ease of use of some of the other crypto applications we have. As far as interface goes, PGP sucks. I've been trying to get a good system running on MSDOS to read my encrypted mail more easily. When PGP gets an error, watch out, and don't expect predictable behavior. PGP doesn't have enough separation of function to determine what the problem is in an automated fashion. Installation of Secure Drive requires, to my knowledge, futzing with disk partition tables in order to use it on an existing harddisk. More programmer skills. The makers of this and similar efforts should find some code for a disk defragmenter and write a program to automatically create a partition, safely moving the existing information out of the way or over to the other partition. The remailers, and regular encryption of email, for that matter, are going to remain mostly unused until these capabilities are integrated into the average mail user agent, and then become part of the standard distributions for these packages. And lastly, for those that might want to call me a hypocrite, remember that I'm working on packaging digital money into a business, the necessary and inevitable ease-of-use packaging for this technology. Eric From hfinney at shell.portal.com Thu Mar 3 08:06:49 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 3 Mar 94 08:06:49 PST Subject: Standard for Stenography? Message-ID: <199403031607.IAA08429@jobe.shell.portal.com> From: Jef Poskanzer > > > Firstly, congratulations for Sergey Goldgaber's stubborn pushing of > >this topic, for Bill Stewart's observation: "simple stego-programs, > >stealthy encryption programs" > > I disagree with pretty much everything in your message, and since I'm the > one who opened the topic and who is writing the code, my opinion would seem > to count for quite a bit more than yours. I'm not going to repeat the > reasons why the kind of standard you propose is a bad idea, you can fetch > the messages as easily as I can. > > Cc:ed to the list only so that no one thinks Gary's proposal was accepted. > The permutation idea remains the best. I share Jef's disagreement with the spectacularly bad "neon sign" steganography header, but I don't think Sergey's approach was correct and I hope he does not feel the issue is closed yet. Bill Stewart is IMO far more experienced and has far better understanding of the issue than Sergey, who has been a list member for only a few weeks and again IMO suggests a very naive security-through-obscurity approach. Bill Stewart, Norm Hardy, and other list members who have more experience and who have discussed these issues in the past will I think agree that the correct approach is to separate the function of the stegonography program to be a simple and clean insertion, and to have other components be responsible for assuring that what is inserted is statistically indistin- guishable from what is replaced. This notion that a "secret offset" will prevent the stego from being discovered is highly naive IMO. The correct approach is to make it so that the stego cannot be recognized even if the opponent knows where it is. Adding offsets is like attempting to "improve" regular RSA by putting a secret amount of noise padding at the front (not of a stego file, but of an openly encrypted file). This is unnecessary if you trust your encryption, and if you don't trust it then this approach should not make you trust it. Similarly, if your stego is so weak that knowing where it is in the file will allow the opponent to detect it, adding a random offset should not make you feel secure. The correct approach is to have statistical identity between what you are inserting and what you are removing. The stego program itself should then be as simple as possible. Now I will add my own little moral lesson, in the spirit of Tim and Jef. Sometimes when these discussions are re-hashed, old-timers are too busy or bored to join in. New list members express naive views that are not vigor- ously refuted. This is OK, but then some other new member takes these views to represent list consensus. I think it is great that Jef is working on a steganography implementation, but IMO the notion of "random offsets" is so fundamentally misguided that I hope he will reconsider. Hal Finney hfinney at shell.portal.com From hughes at ah.com Thu Mar 3 08:08:44 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 3 Mar 94 08:08:44 PST Subject: clipper==bad, but how do you explain this to average joe 6-pack? In-Reply-To: <9403030526.AA17582@prism.poly.edu> Message-ID: <9403031559.AA00930@ah.com> >How soon would it be before they will decide that anyone who is afraid >of what the NSA and its fans must be paranoid, so paranoid that they >must be insane and thus, must be put in a mental institution because they >are a danger to themselves and others. Never underestimate the capacity for opressive national governments to put dissidents in mental institutions. Eric From fhalper at pilot.njin.net Thu Mar 3 08:29:15 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Thu, 3 Mar 94 08:29:15 PST Subject: spooks Message-ID: <9403031629.AA09423@pilot.njin.net> If there are any spooks on this list aren't they required by law to say that they are if somoeon asked if anyone on on th list was employed by CIA, DOD, FBI or NSA? Reuben Halper From pmetzger at lehman.com Thu Mar 3 08:53:45 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 3 Mar 94 08:53:45 PST Subject: spooks In-Reply-To: <9403031629.AA09423@pilot.njin.net> Message-ID: <9403031652.AA28856@andria.lehman.com> Frederic Halper says: > If there are any spooks on this list aren't they required by law to > say that they are if somoeon asked if anyone on on th list was > employed by CIA, DOD, FBI or NSA? No. Where did you get such an idea? .pm From jef at ee.lbl.gov Thu Mar 3 09:10:41 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Thu, 3 Mar 94 09:10:41 PST Subject: Standard for Stenography? Message-ID: <9403031710.AA14345@hot.ee.lbl.gov> >I think it is great that Jef is working on a steganography implementation, >but IMO the notion of "random offsets" is so fundamentally misguided that I >hope he will reconsider. I already did - the offsets idea was my second thought, permutation is third. I'm a big fan of the rigidly separated software tools approach. Just look at the pbmplus tookkit. But I also think it's perfectly ok to combine functions when there's a good enough reason. I think this is such a case. The problem is the length field - you've got to have it, and it's recognizable because it begins with a run of 0s. So the stego program should hide it. Mac Stego hides it by XORing with the 2nd-to-lsb of the following 32 bytes - that's a hack, and it won't slow an attacker down for a microsecond. jsteg, if I remember right, does some variable field width encoding - better, but it also remains recognizable to some extent. My solution is to store the file's bits in a specified pseudorandom permutation of the image's available bit positions. It's kind of like the frequency hopping of spread spectrum radio. This hides the length field very thoroughly. It also happens to hide anything else recognizable about the original file. Yes, you should use Stealth PGP for complete security, and my man page will tell you this. However, even with regular PGP the permutation will give you good security against casual attacks, perhaps even commercial attacks. Now, if you can think of a natural, simple interface for a standalone file permutation generator, I'll be happy to separate that part out, and make pnmstego just read bits and stick them in the image in order. The problem with separating it is the bits you want to leave alone. Either the file permutation generator has to generate *trinary* output, which seems gross, or the stego pipeline will have to include an initial DEstego step to extract the unmodified bits from the image. Either of those possibilities is more complicated than just building the permuter into pnmstego. --- Jef From solovay at math.berkeley.edu Thu Mar 3 09:25:31 1994 From: solovay at math.berkeley.edu (Robert M. Solovay) Date: Thu, 3 Mar 94 09:25:31 PST Subject: Next Physical Gypherpunks meeting Message-ID: <199403031725.JAA21991@math.berkeley.edu> Is it scheduled for March 5 or March 12th? --Bob Solovay From mmarkley at microsoft.com Thu Mar 3 09:25:48 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Thu, 3 Mar 94 09:25:48 PST Subject: Forbes magazine against the Clipper? Message-ID: <9403031726.AA02703@netmail2.microsoft.com> I just noticed in the March 14, 1994 issue of Forbes magazine that there is a small blurb about Clipper/Skipjack. >From page 26 "HIGH-TECH SNOOPS" "The Administration is about to browbeat American computer manufacturers (as well as cable and telephone operators) into installing in its machines a special chip that would enable the government to eavesdrop on all computer and telephonic transmissions." It goes on to somewhat describe the governments theory on why they need to do this. Then the article says the following. "This is a really dumb idea. High-tech exports will be devestated. Foreigners aren't going to buy equipment with such a decoding device. More to the point, criminals and terrorists won't either." "The Clinton Administration promises that the enormous power that the Clipper Chip gives the feds will not lead to abuses of our privacy. Baloney." This is not a full reproduction of the article but covers the main direction of it. All quotes are fully intact and not paraphrased. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From sergey at delbruck.pharm.sunysb.edu Thu Mar 3 09:36:21 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Thu, 3 Mar 94 09:36:21 PST Subject: standard for stegonography? Message-ID: On Tue, 01 Mar 94, you wrote: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Then that generator is used to make a *permutation* > of the bit locations in the image, and the file's bits are stored in > the permuted order. Will this be reversible? Will a plain-text header be neccessary for the intended recipient to how to reverse the function? > I'm not going to have ITAR problems with this, am I? RNGs are still > legal to export? Haven't you heard? Everything mathematical is under restriction now! ;) Sergey From mnemonic at eff.org Thu Mar 3 09:38:00 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 3 Mar 94 09:38:00 PST Subject: Internet World article on Clipper Message-ID: <199403031738.MAA16760@eff.org> A Chip Over My Shoulder: The Problems With Clipper Column for July 1994 issue of Internet World By Mike Godwin "Only in a police state is the job of a policeman easy." --Orson Welles Your government is deeply troubled by the possibility that you can keep a secret. Or, to put it more precisely, the government is disturbed by the prospect of widespread powerful encryption tools in individual hands. Once you can keep your communications and data truly secret, officials worry, the value of wiretapping, an important law-enforcement and intelligence tool, will evaporate. It's unclear whether the government's arguments are valid. But regardless of whether they are, the government's latest efforts to prevent us from adopting powerful and uncrackable encryption technologies raise serious questions about personal liberty, the role of government, and the possibility of privacy in the 21st century. If you're not already familiar with these efforts, here's an update. The Clinton Administration has embarked on an ambitious plan to prevent a mass market for uncrackable encryption from arising. The first step in this plan has already been announced: the Administration has called for the entire federal government to adopt the Clipper Chip--an encryption standard with a "back door"--for communications and data security. In addition, the government has declared its intention to use every legal method short of outright prohibition to discourage alternative forms of encryption technology. "Just what is this Clipper Chip?" you may be wondering. The short answer is: the chip is an encryption device, developed to National Security Agency specs, that keeps your communications and data secret from everyone ... except the government. To understand how the chip works, you need to look at what officials call its "key escrow encryption method." Manufactured by a private company called Mykotronix, the chip uses an NSA-developed algorithm called "Skipjack, " which, by all accounts so far, is a remarkably powerful algorithm. But the chip also includes the "feature" that its primary encryption key can be divided up mathematically into two "partial keys." The government proposes that each partial key be held by a separate government agency--the Administration has picked the Department of the Treasury and the National Institute of Standards and Technology (NIST)--from which the keys can be retrieved when government officials obtain a wiretap order. The NSA and the FBI love this idea. With the Clipper Chip in your phone or computer, they believe, you have the power to keep your information private from crooks and industrial spies and anyone else who wants to pry--except of course for law enforcement and the NSA. Law enforcement and intelligence agencies would be barred from seeking those escrowed keys in the absence of legal authorization, normally a court order. "And of course you needn't worry about us," say government officials. "We're here to protect you." Chips Off the New Block The current initiative has been a long time coming. It was in April of last year the Clinton Administration first announced Clipper--the announcement was met with a public outcry from civil-liberties and industry groups. Civil libertarians were concerned about the government's insistence on its need to prevent citizens from having access to truly unbreachable privacy technologies. Computer and telecom industry leaders worried about a standard that might crush a potentially vital market in such technologies. At first the Administration expressed a willingness to listen. The Digital Privacy and Security Working Group, a coalition of industry and public-interest organizations headed by the Electronic Frontier Foundation, outlined its objections and expressed the hope of engaging in talks with the Administration about the issue. In early February of this year, however, the Clinton Administration and various agencies announced to the world that, in spite of the grave misgivings of civil-liberties and industry groups, it would be proposing the Clipper Chip's encryption scheme as a new Federal Information Processing Standard (FIPS). The standard, stresses the government, will be entirely "voluntary"--but the government plans to use export-control laws and other methods to frustrate the market for any competitive form of encryption technology. Current export-control laws restrict the sales in foreign controls of encryption hardware and software. The laws have not been entirely effective in keeping commercial encryption technologies out of foreign hands--it's possible these days to buy encryption products in Moscow, for example. But the laws do succeed in deterring the American software industry from developing powerful and easy-to-use encryption products, since any company that does so is denied the right to sell the product on the global market. Still, if Clipper is voluntary, you may ask, what does it matter to *individuals *what standard the government adopts? The government also adopted the ADA programming language, after all, yet there are still people programming in all sorts of languages, from BASIC to C++. The answer is simple--"freedom of choice" is meaningful only if there are real choices. The government's export-control strategy is designed to make sure that there aren't any choices. If commercial software companies aren't allowed to sell encryption to the world market, they're unlikely to develop strong, easy-to-use alternatives to Clipper. And that means individuals won't have access to alternatives. Now, it's perfectly possible, in theory, to thwart the government-approved Clipper scheme by using a non-commercial encryption application, such as PGP, to pre-encrypt your messages before sending them through Clipper-equipped devices. But PGP and other products, because of their slowness or difficulty, are never likely to expand beyond the circle of hobbyists that enthusiastically support them. For encryption products to give rise to a genuine consumer market, they have to be quick and almost transparently easy to use. The government knows this, which is why their focus is on nipping (clipping?) the commercial encryption software market in the bud. It's the commercial market that really matters. The government's side When asked to substantiate the need for Clipper, or the threat of unbreakable encryption, the government often talks about crime prevention. As a practical matter, however, wiretaps are almost always used *after* crimes are committed--to gather evidence about the individuals the government already suspects to have been involved in a crime. So, the hypothetical cases involving nuclear terrorism or murder-kidnappings aren't really convincing--it's the rare case in which a wiretap prevents a crime from occurring. As a practical matter, the single most important asset to law enforcement is not wiretaps but informants. And nothing about unbreakable encryption poses the risk that informants are going to disappear. One of the more rational statements of the government's case for Clipper comes from my friend Trotter Hardy, a law professor at William and Mary, who writes: "The government's argument, I take it, is that the benefit is law enforcement. That strikes me as at least as great a benefit as minimum wage laws; perhaps more, since it protects everybody (at least in theory), whereas [minimum] wage laws primarily benefit their recipients. Maybe EPA regs are the better analogy: everybody gets reduced pollution; with Clipper, everybody gets reduced criminal activity. Is that not a reasonable trade-off?" But the problem is that the government refuses to be forthcoming as to what kind of trade-off we're talking about. According to government statistics, there are fewer than 1000 state and federal law-enforcement wiretaps per year, and only of a minority of these wiretaps leads to convictions. Yet we are being asked to abandon the chance for true privacy and to risk billions of dollars in trade losses when there has never been shown to be any crime associated with uncrackable encryption whatsoever. And we're also being asked to believe that the kind of criminals who are smart enough to use encryption are dumb enough to choose the one kind of encryption that the government is guaranteed to be able to crack. Moreover, there are fundamental political issues at stake. This country was founded on a principle of restraints on government. A system in which the privacy of our communications is contingent on the good faith of the government, which holds all the encryption keys, flies in the face of what we have been taught to believe about the structure of government and the importance of individual liberty. In short, the government fails to make its case in two separate ways--pragmatically and philosophically. Trotter goes on to write: ".... I don't think the government cares whether an accountant in India can password protect a spreadsheet. I would guess that even Clipper or DES [the government's current Digital Encryption Standard] or whatever would be more than enough protection for such a person. I think the government cares that it be able to detect foreign intelligence that is relevant to US security or interests. I am not sure where I come out on the question, but at the very least it seems to me that the government is reasonable in this desire." Yet there are some premises here that need to be questioned. Do we really suppose that "foreign intelligence" is dependent on the American software industry to develop its encryption tools? Diffie-Helman public-key encryption and DES are already available worldwide, yet Microsoft can't export software that contains either form of encryption. No, the real issue is that, to the extent that a mass market arises for encryption products, it makes the NSA's job more difficult, and it may at some future time make some investigations more difficult as well. When asked to quantify the problem, however, the government invariably begs off. Instead, government spokespeople say, "Well, how would you feel if there were a murder-kidnapping that we couldn't solve because of encryption?" To which my answer is, "Well, I'd feel about the same way that I'd feel if there were a murder-kidnapping that couldn't be solved because of the privilege against self-incrimination." Which is to say, I understand that limits on government power entail a loss in efficiency of law-enforcement investigations and intelligence-agency operations. Nevertheless, there is a fundamental choice we have to make about what kind of society we want to live in. Open societies, and societies that allow individual privacy, are *less safe*. But we have been taught to value liberty more highly than safety, and I think that's a lesson well-learned. What's more, we need to be able to engage in rational risk assessment, and that's something that the government resists. Instead, the government subscribes to the reasoning of Pascal's Wager. Pascal, you may recall, argued that the rational man is a Christian, even if the chances that Christianity is true are small. His reasoning is quasi-mathematical--even if the chances of Christianity's truth are small, the consequences of choosing not to be a Christian are (if that choice is incorrect) infinitely terrible. Eternal torment, demons, flames, the whole works. This is precisely the way that the government talks about nuclear terrorism and murder-kidnappings. When asked what the probability is of a) a nuclear terrorist, who b) decides to use encryption, and c) manages otherwise to thwart counterterrorist efforts, they'll answer "What does it matter what the probability is? Even one case is too much to risk!" But we can't live in a society that defines its approach to civil liberties in terms of infinitely bad but low-probability events. Open societies are risky. Individual freedom and privacy are risky. If we are to make a mature commitment to an open society, we have to acknowledge those risks up front, and reaffirm our willingness to endure them. We face a choice now. After a century of technological development that has eroded our ability to keep our personal lives private, we finally possess, thanks to cheap computing power and advances in cryptography, the ability to take privacy into our own hands and make our own decisions about how much, and how well, to protect it. This prospect is frightening to a government that has come to rely on its ability to reach into our private lives when it sees the need to do so. But I have faith that our society is not dependent on our government's right to mandate disclosure of our personal records and private communications--that a mature society can tolerate a large degree of personal privacy and autonomy. It's a faith I hope you share. From qjones at infi.net Thu Mar 3 09:38:48 1994 From: qjones at infi.net (Wayne Q Jones) Date: Thu, 3 Mar 94 09:38:48 PST Subject: Applied Crypto In-Reply-To: <9403012345.AA19252@pilot.njin.net> Message-ID: They dont ....I was there today. mrcnext.......? On Tue, 1 Mar 1994, Frederic Halper wrote: > Does anyone know if Project Guttenberg(or anyone else) has electronic books > such as applied cryptography? > Thanks, > Reuben Halper > **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From lefty at apple.com Thu Mar 3 09:53:10 1994 From: lefty at apple.com (Lefty) Date: Thu, 3 Mar 94 09:53:10 PST Subject: Need info on Encyption book Message-ID: <9403031752.AA23634@internal.apple.com> >Has anyone heard of this book [_Top_Secret_ - Data Encryption Techniques] and >is it with the $19.95 that they want for it? Only if you have a pressing and immediate need for a doorstop, or need special help solving the "Cryptoquotes" in your local paper. Based on my inspection of a copy at a local bookstore, it's utter and complete rubbish. Spend the extra thirty bucks and get a copy of Bruce Schneier's book _Applied Cryptography_ instead. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From a2 at ah.com Thu Mar 3 09:55:24 1994 From: a2 at ah.com (Arthur Abraham) Date: Thu, 3 Mar 94 09:55:24 PST Subject: Dorthy Denning In-Reply-To: <9403021557.AA10445@ah.com> Message-ID: <9403031745.AA01291@ah.com> Robert Cain writes: > exist and that liklihood is very small. Persuasion is not working and > the press has been whipped into a near hysterical state over this by we > and our friends (yes, we on the internet are considered to be the force > that has derailed their hopes and that was unforseen.) > How did it happen that "we on the internet" was an unforseen force? The first answer is obvious: they didn't realize that cohesive action would arise out of the internet. The second is not so obvous, but illuminates part of the Clipper strategy: The Clipper promoters assumed the the issue to be beyond most citizen's technical horizo. However, the unexpected thing which happened was that the initial few who did understand rapidly interneted the information to others.i Without the internet, the information, and opposition, would have spread more slowly. Cain observes that Denning and friends are afraid of the *unknown* that will come out of the new communications technologies. The reaction to Clipper, and how developed, should convince them they are right. -a2 From mg5n+ at andrew.cmu.edu Thu Mar 3 10:09:43 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 3 Mar 94 10:09:43 PST Subject: Need info on Encyption book In-Reply-To: <9403031603.AA13543@toad.com> Message-ID: > You'll learn how to protect your communications with > techiques for transposing characters in text, replacing > characters, with new ones, using arrays, and more. Haha... sounds more like "How to encrypt messages so that prying eyes can read them too." Character substitution? You'll need to do a lot better than that to beat cryptanalysis. A simple character substitution array wouldn't fool most people on this list if they took a serious crack at it. From bsteve at zontar.attmail.com Thu Mar 3 10:24:51 1994 From: bsteve at zontar.attmail.com (Steve Blasingame) Date: Thu, 3 Mar 94 10:24:51 PST Subject: D.Denning Reply Message-ID: <9403031641.AA27701@zontar.attmail.com> Here is Dorothy Denning's reply to my response to her Newsday article. The shocking features are that she does not seem able to differentiate legality from morality, and doesn't seem to believe that law should flow from a popular majority, but from the state. Sure sounds like she wants a police state to me. Steve Blasingame bsteve at zontar.com -------------------- From daemon Mon Feb 28 09:06:58 1994 Date: Mon Feb 28 11:25:34 -0500 1994 From: netcomsv!chair.cosc.georgetown.edu!denning Subject: Re: Newsday Editorial To: internet!attmail!zontar!bsteve Reply-To: netcomsv!chair.cosc.georgetown.edu!denning (Dorothy Denning) Thanks for your comments. I have tried to address the law enforcement issues you raised in a more thoughtful way in the attached. Dorothy Denning --------------- Encryption and Law Enforcement Dorothy E. Denning Georgetown University February 21, 1994 Summary Although encryption can protect information from illegal access, it can also interfere with the lawful interception of communications by government officials. The goal of this report is to describe the effect of encryption technology and the government's new Escrowed Encryption Standard [EES] on law enforcement, mainly from the perspective of law enforcement. The information presented here was obtained from public documents and testimonials by law enforcement officials, from private conversations with people in the FBI and other law enforcement agencies, and from comments I received by people in law enforcement on an earlier version of this report. Some of this research was performed in conjunction with my earlier study of the FBI's proposal on Digital Telephony [DT, Denning]. The following summarizes the key points, which are discussed in greater depth in the sections that follow: 1. The need for wiretaps: Court-authorized interception of communications is essential for preventing and solving many serious and often violent crimes. Electronic surveillance not only provides information that often cannot be obtained by other means, but it yields evidence that is considerably more reliable and probative than that obtained by most other methods of investigation. No other investigative method can take its place. 2. The threat of encryption to lawful surveillance: Because encryption can make communications immune from lawful interception, it threatens a key law enforcement tool. The proliferation of high quality, portable, easy-to-use, and affordable encryption could be harmful to society if law enforcement does not have the means to decrypt lawfully intercepted communications. Although encryption of stored files is also of concern, 99% of the issue is telephone communications (voice, fax, and data). 3. Digital Telephony: Encryption is not the only threat to lawful electronic surveillance. Advances in telecommunications also threaten the ability of law enforcement to conduct authorized interceptions. 4. Encryption policy and the EES: The government's Escrowed Encryption Standard offers a balanced solution to the encryption problem that takes into account the equities of public safety, effective law enforcement, and national security along with those of privacy, security, and industry success. The technology and accompanying procedures provide strong encryption and a high level of security, while accommodating the need for real-time or near real-time decryption of intercepted communications. The program is the best known solution, at least for the intended initial application, mainly voice, fax, and data encryption over the public switched network. 5. Criminal use of Non-EES Encryption: Although some criminals may seek to use other forms of encryption, the escrowed encryption standard may succeed and become ubiquitous as the chief form of encryption, making it much harder for criminals to evade interceptions by using non-standard, non-interoperable encryption. 6. International problem: The impact of encryption on law enforcement is an international problem. The U.S. government exercised strong leadership by recognizing the problem and developing a solution before it becomes serious. 1. The Need for Wiretaps Law enforcement views court-authorized interception of communications as essential for preventing and solving many serious and often violent crimes, including terrorism, organized crime, drugs, kidnaping, major white collar crime brought against the government, and political corruption [DT, DT Cases, Kallstrom]. In testimony before the Computer Systems Security and Privacy Board, James Kallstrom, former Chief of the FBI's Engineering Section, estimated that wiretaps are used in excess of 90% of all cases involving terrorism, often with the result of preventing a terrorist act. For example, in a Chicago case code-named RUKBOM, the FBI successfully prevented the El Rukn street gang, which was acting on behalf of the Libyan government, from shooting down a commercial airliner using a stolen military weapons system [Kallstrom, DT Cases]. Examples of other terrorist attacks successfully prevented with the help of electronic surveillance include the bombing of a foreign consulate in the U.S. and a rocket attack against a U.S. ally. Electronic surveillance is used against organized crime, widespread fraud, bribery, and extortion. It was used to help solve a case involving corruption associated with organized crime control of the International Longshoremen's Union, which cost the citizens of New York city 10-12 cents on every dollar spent on consumer items coming through the port of New York, and to help solve another case involving organized crime control over the construction trade of New York City, which had led to 3-5% of all construction contracts being escalated by that percentage [Kallstrom]. Evidence obtained from electronic surveillance in a case involving the Concrete and Cement Workers Union prevented an economic loss to the public of $585 million [DT Cases]. According to the FBI, the hierarchy of La Cosa Nostra has been neutralized or destabilized through the use of electronic surveillance, and thirty odd years of successes would be reversed if the ability to conduct court-authorized electronic surveillance was lost. Almost two thirds of all court orders for electronic surveillance are used to fight the war on drugs, and electronic surveillance has been critical in identifying and then dismantling major drug trafficking organizations. In an operation code named "PIZZA CONNECTION," an FBI international investigation into the importation and distribution of $1.6 billion worth of heroin by the Sicilian Mafia and La Cosa Nostra resulted in the indictment of 57 high-level drug traffickers in the U.S. and 5 in Italy [DT Cases]. The FBI estimates that the war on drugs and its continuing legacy of violent street crime would be substantially, if not totally, lost if law enforcement were to lose its capability for electronic surveillance. Wiretaps are used for cases involving murders and kidnapings. As the result of wiretaps, sufficient evidence was obtained to arrest and convict a serial-murderer who had been operating for three to four years, and to locate and subsequently convict two other persons who had been involved with the murders [DT Cases]. By intercepting voice, fax, and communications on a local bulletin board system, the FBI prevented the proposed kidnaping and murder of a young child for the purpose of making a "snuff murder" film [Kallstrom]. Through wiretaps, the FBI prevented a group from bombing a man's house and killing him and his family [Kallstrom]. Electronic surveillance has been used to investigate aggravated governmental fraud and corruption. A recent military-procurement fraud case ("Ill-Wind") involving persons in the Department of Defense and defense contractors has so far led to 64 convictions and about $260 million in fines, restitutions, and recoveries ordered. In another case, U.S.District Court Judge Robert Collins was convicted of soliciting and accepting bribes [DT Cases]. John Kaye, Prosecutor for Monmouth County, New Jersey, reported that almost every police officer indicted in his county has been indicted because of a wiretap [Kaye]. In the decade from 1982 to 1991, state and federal agencies were granted 7,467 court orders for interceptions under Title III of the Omnibus Crime Control and Safe Streets Act and equivalent state statutes. At the end of 1991, these had led to 35,851 arrests and 19,259 convictions. Convictions resulting from interceptions conducted in the last few years are still accumulating, as trials regarding those subjects are held. Because the number of arrests associated with wiretaps is a small fraction of all arrests each year, some people have questioned whether wiretaps are necessary or worthwhile given the availability of other investigative techniques. By law, wiretapping cannot be used if other methods of investigation could reasonably be used instead. Such normal investigative methods usually include visual surveillance, interviewing subjects, the use of informers, telephone record analysis, and Dialed Number Recorders (DNRs). However, these techniques often have limited impact on an investigation. Continuous surveillance by police can create suspicion and therefore be hazardous; further, it cannot disclose the contents of telephone conversations. Questioning identified suspects or executing search warrants at their residence can substantially jeopardize an investigation before the full scope of the operation is revealed, and information can be lost through interpretation. Informants are useful and sought out by police, but the information they provide does not always reveal all of the players or the extent of an operation, and great care must be taken to ensure that the informants are protected. Moreover, because informants are often criminals themselves, they may not be believed in court. Telephone record analysis and DNRs are helpful, but do not reveal the contents of conversations or the identities of parties. Other methods of investigation that may be tried include undercover operations and stings. But while effective in some cases, undercover operations are difficult and dangerous, and stings do not always work. Law enforcers claim that no other method can take the place of wiretaps [Kallstrom]. Each court order must provide evidence for the need to wiretap by demonstrating that normal investigative procedures have been tried and have failed or reasonably appear unlikely to succeed or would be too dangerous [USC 18, DDKM]. This does not mean that the other methods are not used in those cases, as indeed they are, but only that they are inadequate to successfully investigate and prosecute the cases. Wiretaps not only provide information that cannot be obtained by other means, but yield evidence that is considerably more reliable and probative than that obtained by most other methods of investigation. A wiretap is also less dangerous than sending in a civilian informant or undercover agent who is wired since the risk of discovery puts that person's life in jeopardy. Finally, a wiretap may be less invasive of privacy than placing a bug in a subject's home or using an undercover agent to establish an intimate relationship with the subject. Although the number of arrests from wiretaps is relatively small compared to the total of all arrests, those criminals that are arrested and convicted with the aid of wiretaps are often the leaders of major organized crime, drug trafficking, and terrorist groups. In reviewing a proposal for a wiretap, law enforcement agencies determine whether the subjects of the proposed interception are worthy targets of investigation and whether the interception is worth doing. The law enforcement community views electronic surveillance as essential to effective law enforcement, and law enforcement as essential not only to public safety and our economic well-being, but to a free society. In his remarks at the Computer Ethics Conference, Alan McDonald of the FBI summed it up: "We have been fortunate as a society to enjoy unparalleled freedom. It has resulted because we live under a compact of ordered liberty. One need only consider the number of countries where law enforcement is ineffective and where the violence and corruption of organized crime reign to see true diminishments of freedom, liberty, and personal privacy" [McDonald]. 2. The Threat of Encryption to Lawful Surveillance Encryption has been available to criminals for a long time. Until recently, however, voice encryptors were extremely bulky and the quality of the voice low, so criminals who tried encryption would typically cease using it [Kallstrom]. But recent advances in encryption technology are leading to products such as the AT&T 3600 Telephone Security Device that are small, portable, easy-to-use, affordable, and have high quality audio. Law enforcers expect that criminals will flock to such devices, not only to hide their communications from the government, but to safeguard them from their competitors [Kallstrom, Meeks]. The effect could be that criminals are able to make their communications immune from government search and seizure even under probable cause of criminal activity. The proliferation of such encryption products ultimately could be harmful to society if government officials do not have the means to decrypt lawfully intercepted communications, at least in most cases. On behalf of the National District Attorney's Association, President Robert Macy writes: "In an increasingly dangerous world, law enforcement cannot afford to be blindfolded by advanced technologies including encryption devices" [Macy]. Roy Kime, Legislative Counsel for the International Association of Chiefs of Police, makes the analogy that people in law enforcement are being "outgunned" by the criminals with respect to advances in technology [Kime]. In testimony before Congress, Donald Delaney, Senior Investigator with the New York State Police, said he believed that if we adopted an encryption standard that did not permit lawful intercepts, we would have havoc in the United States [Delaney]. Although there are no "dead bodies" as yet, Kallstrom believes there will be a "horror show" if the encryption that proliferates in the market does not factor in an equity for law enforcement [Kallstrom]. Criminals can use encryption to conceal stored information as well as communications. In a child pornography case on the West coast, encrypted data files have slowed down the investigation of a large international ring dealing with child pornography and the possible smuggling of children [Kallstrom]. However, although law enforcement is concerned about the use of encryption to conceal computer files, their primary concern is with communications, particularly telephone conversations. This is because intercepts play a much more important role in investigations than documents. Real-time intercepts pick up the criminal dialogue, the plotting and planning that glues crimes together. By revealing conversations about possible future activities, wiretaps also may be used to prevent crimes from occurring. Thus, while being able to decrypt files is valuable, 99% of the issue today is telephone conversations [Kallstrom]. In addition, while communications over high speed computer networks are expected to become an issue, the primary concern today is with voice, fax, and data over the public switched network (telephone system). 3. Digital Telephony Encryption is not law enforcement's only concern about wiretaps. They are also concerned about changes in telecommunications technologies. Many of the new digital-based technologies and services such as ISDN, fiber optic transmissions, and the increasing number of mobile telecommunication networks and architectures cannot be tapped using the traditional methods used to intercept analogue voice communications carried over copper wire. In addition, increases in transmission speed have made interceptions more difficult. Although it is technically feasible to intercept the new communications, not all systems have been designed or equipped to meet the intercept requirements of law enforcement. According to the FBI, numerous court orders have not been sought, executed, or fully carried out because of technological problems. To address these problems, the Department of Justice proposed Digital Telephony legislation [DT] that would require service providers and operators to meet their statutory assistance requirements by maintaining the capability to intercept particular communications. So far, the proposal has not been introduced in Congress. 4. Encryption Policy and the EES Law enforcement seeks an encryption policy that takes into account the equities of public safety, effective law enforcement, and national security along with those of privacy, security, and industry success [Kallstrom]. They support the use of encryption by law abiding citizens and organizations to protect sensitive information, and recognize the importance of encryption to safeguarding information assets [Settle]. They generally favor strong encryption over weak or "dumbed down" encryption [Kallstrom]. To implement lawful interceptions of encrypted communications, they need a real-time or near real-time decryption capability in order to keep up with the traffic and prevent potential acts of violence. Since there can be hundreds of calls a day on a tapped line, any solution that imposes a high overhead per call is impractical. These requirements for strong encryption and near real-time decryption led to the Escrowed Encryption Standard [EES] and its related key escrow system. Upon receiving a chip's unique key components from the two escrow agents, law enforcers can readily decrypt all conversations encrypted with the chip until the wiretap terminates, at which time all chip-related keys are destroyed. The escrow agents need not get involved in the decryption of each conversation, which would be overly cumbersome. Law enforcers consider the EES to be the best known approach for addressing the dual need for secure communications and court-ordered access, at least for the intended initial application, namely voice, fax, and data encryption of telephone communications transmitted over the public switched network. The EES will significantly enhance communications security by making strong encryption available in a way that makes illegal wiretaps virtually impossible, while permitting those that are lawfully authorized. The key escrow mechanisms and procedures are being designed to provide a high level of protection for keys and to protect against compromises or abuses of keys, thereby assuring that no person or entity, including government, can improperly access one's EES communications. Although there is no evidence of widespread abuse of wiretaps by law enforcement officials, the EES will effectively thwart any potential abuse, thereby providing greater protection from illegal government wiretaps than currently exists. The Presidential Decision Directive [PDD] on escrowed encryption is viewed as offering a balanced solution to the encryption problem that is consistent with basic tenets found in the Constitution and in the Bill of Rights, which does not grant an absolute right to privacy, but rather seeks to balance individual privacy with the need to protect society as a whole [McDonald]. William A. Bayse, Chief Scientist of the FBI, observed: "It is well recognized that Anglo-American law has historically balanced the personal privacy of the individual with the legitimate needs of Government. ... As can be seen from a review of the Fourth Amendment to the U.S. Constitution ..., an individual's privacy rights are not absolute, and they give way to more compelling Governmental rights when criminality is demonstrated or suspected." [Bayse]. Similarly, Alan McDonald noted "... the dictum of the Bill of Rights, and the Fourth Amendment in particular, is a balance between individual liberty and privacy and the legitimate need of Government to protect society as a whole -- a balance to prevent the tyranny of absolutist Government and the tyranny of lawlessness and anarchy. ... The electronic surveillance statutes, like the Fourth Amendment, are founded on the concept of balancing fundamental individual and governmental interests -- personal privacy and the public safety. ... Encryption technology creates no legal rights under our Constitution, the Fourth Amendment, or under our electronic surveillance statutes" [McDonald]. 5. Criminal Use of Non-EES Encryption Some people have argued that criminals will not use EES, but rather will use encryption methods that defeat law enforcement. While acknowledging that some criminals may use other means, law enforcers assume most vendors will not manufacture an encryption device unless they perceive a large, legal market [Kallstrom]. The hope is that the EES, or some other approach that takes into account the law enforcement equities, will proliferate in the legitimate encryption market in this country and become transparent, thereby cutting down on the availability and use of encryption that does not include the law enforcement equities [Kallstrom]. There is some evidence that through market forces and government purchasing power, the EES may become the de facto national standard for telephone encryption. When AT&T announced its 3600 Telephone Security Device in Fall 1992, the device used a DES chip for encryption, and did not include a capability for law enforcement access. Priced at $1200, it would have been attractive to criminals, and could have led to the promulgation of encryption technology that would have posed a major threat to law enforcement. However, when the government announced the key escrow initiative on April 16, 1993, AT&T simultaneously announced that the TSD would use instead the new Mykotronx MYK-78 chip, aka "Clipper", which uses the EES. The government ordered several thousand of the modified devices. Since EES products can be exported to most places, there is an additional incentive for vendors to incorporate the EES into their products rather than, say, the DES, which is subject to stricter export controls. However, there are other factors relating to the nature of the technology and to public acceptance that could interfere with widespread adoption of EES by vendors. Criminals need to talk with many people outside their circle in order to carry out their activities, for example to rent or purchase needed goods and services. To conduct those conversations, which may be incriminating, they will either need to use an encryption method identical to that used by the other parties or else forego encryption entirely. Assuming EES dominates in the legitimate market, criminals may prefer to use it over communicating in the clear since the EES will at least protect them from their competitors. Criminals are often sloppy in protecting their conversations from law enforcement, making incriminating statements over the phone while acknowledging their phones may be tapped. Even if criminals do not use the EES, the government's objective of making strong encryption available to the public in a way that is not harmful to society will be achieved. Criminals will not be able to take advantage of the strong algorithm to thwart law enforcement. Since it is extremely difficult to develop high quality, strong encryption products, law enforcement may be able to access many non-EES encrypted criminal communications. 6. An International Problem The impact of encryption on effective law enforcement is an international problem, and U.S. law enforcers have observed other countries looking at solutions based on "dumbing down" the encryption or on key escrow. The U.S. government exercised strong leadership by recognizing the problem and developing a solution before it became serious. While the U.S. solution will not necessarily provide an international solution, it as a starting point for solving a global problem. References [Bayse] Bayse, William A., Written statement presented at Part I of the Forum on Rights and Responsibilities of Participants in Networked Communities, panel on Privacy and Proprietary Interests, Computer Science and Telecommunications Board, National Research Council, October 1992. [Delaney] Delaney, Donald P., statement in "Hearings before the Subcommittee on Telecommunications and Finance of the Committee on Energy and Commerce, House of Representatives," June 9, 1993; Serial No. 103-53, pp. 163-164. [DDKM] Delaney, Donald P; Denning, Dorothy E.; Kaye, John; and McDonald, Alan R., "Wiretap Laws and Procedures: What Happens When the Government Taps a Line," September 23, 1993; available from Georgetown University, Department of Computer Science, Washington DC, or by anonymous ftp from cpsr.org as cpsr/privacy/communications/wiretap/ denning_wiretap_procedure.txt. [EES] "Escrowed Encryption Standard," Federal Information Processing Standard Publication (FIPS PUB) 185, National Institute for Standards and Technology, 1994. [Denning] Denning, D. E., "To Tap or Not to Tap," Comm. of the ACM, Vol. 36, No. 3, March 1993, pp. 25-35, 42-44. [DT] "Digital Telephony," U.S. Department of Justice, Federal Bureau of Investigation. [DT Cases] "Digital Telephony Case Examples," distributed with press packet for Presidential Decision Directive on "Public Encryption Management." [Kallstrom] Kallstrom, James K., Presentation at the Computer System Security and Privacy Advisory Board Meeting, National Institute of Standards and Technology, July 29, 1993. [Kaye] Kaye, John, Presentation at the Computer System Security and Privacy Advisory Board Meeting, National Institute of Standards and Technology, July 29, 1993. [Kime] Kime, Roy, Presentation at the Computer System Security and Privacy Advisory Board Meeting, National Institute of Standards and Technology, July 29, 1993. [Macy] Macy, Robert H., Letter submitted to the Computer System Security and Privacy Advisory Board on behalf of the National District Attorneys Association for June 2-4 Meeting, May 27, 1993. [McDonald] McDonald, Alan R., Written statement presented at 2nd National Computer Ethics Conference, April 29, 1993. [Meeks] Meeks, Bud, Presentation at the Computer System Security and Privacy Advisory Board Meeting, National Institute of Standards and Technology, July 29, 1993. [PDD] Presidential Decision Directive on "Public Encryption Management," and Statement by the Press Secretary, The White House, April 16, 1993. [Settle] Settle, James C., Presentation at INFOEXPO '93, Information Security and Virus Prevention Conference and Exhibition, National Computer Security Association, June 11, 1993. [USC 18] Title 18 USC, Sections 2510-2521. (These sections codify Title III of the Omnibus Crime Control and Safe Streets Act of 1968, as amended by the Electronic Communications Privacy Act of 1986.) ------------------------ From cowen at glia.biostr.washington.edu Thu Mar 3 10:29:44 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Thu, 3 Mar 94 10:29:44 PST Subject: No Subject Message-ID: <9403031840.AA12486@glia.biostr.washington.edu> about this meeting you all are having. once you have had the meeting will those of us that are un able to attend for one reason or another, be able to find out what went on??? ie a sort of points made at he meeting and other general info, in a post to this list. i would love to be there. but i don't have access to the irc. and my computer time is whenever i get the chance. thanks charles the monster maker From banisar at washofc.cpsr.org Thu Mar 3 11:07:39 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Thu, 3 Mar 94 11:07:39 PST Subject: Clipper Radio Debate Tonigh Message-ID: <00541.2845547700.4151@washofc.cpsr.org> Clipper Radio Debate Tonight Clipper Debate on CBS Radio Tonight The Clipper Chip will be debated on CBS National Radio on Thursday, March 3. Dorothy Denning, professor of computer science at Georgetown University, will argue is favor of the Clipper proposal Marc Rotenberg, CPSR Washington director, will argue against the Clipper proposal. The program will run on 150 CBS radio stations across the country between 8 pm and 9 pm EST. Internet users interested in more information about Clipper, should explore the CPSR Internet Library at CPSR.ORG. Clipper materials may be found at cpsr/privacy/crypto/clipper or by sending email to clipper-info at cpsr.org. From wex at media.mit.edu Thu Mar 3 11:30:37 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Thu, 3 Mar 94 11:30:37 PST Subject: YA semi-novice question Message-ID: <9403031930.AA19033@media.mit.edu> Can someone please tell me how 3-way calling would work under Clipper (or other encrypted phone system)? That is, I'm Alan talking to Betty. During the conversation Clive calls me and I want to "add" him so that we have a 3-way conversation. How do the key/session exchanges happen? --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 na53607 at anon.penet.fi We are Chaos Boys. We are coming to a paradigm near you. From rarachel at prism.poly.edu Thu Mar 3 11:32:01 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 3 Mar 94 11:32:01 PST Subject: PC Expo, Mac World, Comdex, etc.. In-Reply-To: <9403031432.AA09033@jungle.meaddata.com> Message-ID: <9403031919.AA04499@prism.poly.edu> That internet guy who handed out the flyer was in NYC. at the last internet expo at Javitz. I don't know how much setting up a booth would cost, however, doing it that way is not as effective as simply handing out disks to every Joe Yuppie who goes out the door. People will visit whatever booths they are interested in. However someone handing out disks as to those who walk out is far more likely to get the disks accepted as they are freebies. Especially if the target is ignorant to crypto and Billary. :-) At some point he may try the hypertext thinggie, if it sparks some interest he may look and use the software. If he doesn't recycle the disks, he may pass them on to others... At some point some big cheeze will get his hands on it, and start worrying about how the WireTap act, Clipper and other issues may affect his company. (Don't forget to include a mention that we suspect that Clipper has other back doors beside the key-escrow and "Imagine how much damage a hacker who tripps over this back door can do to your COMPANY!!! The old FUD method...) Disks, in bulk are cheap and we can get them preformatted. I have (a long time ago) written a disk image duplicator program called DIM (BTW: I lost the sources to the most recent version, so I don't plan to update it anymore) but we can use it to mass duplicate disks. If we could get just four-five folks in every expo to chip in $20 do the duplication and distribution, we can have an effective awareness raising campaign.. MEI Microcenter sells preformatted (DOS) disks in bulk for $0.39 cents! Two $20 contributions can buy about 100 disks! That's quite a lot of people to wake up. The biggest problem is designing the software to be in the form of animation so it'll be watched. Plain text is nice too, but not everyone has the time to read. Most folks like TV and like to vegetate infornt of the TV. If we can have a self running animated demo of sorts (without having to install to the guys hard drive!) and still have enough room for neat stuff like PGP and SecureDrive and such, we have got it made. Another issue is printing flyers to go with the disks so we can get them interested in viewing/copying the disks. (Perhas include a program to duplicate the disks on the demo disk so that the DOS virgins can spread the disk...) Also, we need to have professional looking labels on the disks. I'd be weary of accepting a disk that has a cheap looking label. My 1st reaction would be "Is this a trojan???" Quality control and virus checking MUST be included in the package. Perhaps when the program 1st runs it can do a CRC of all the files on the disk to make sure that they have not been altered and tell the viewer of this... Once we have the collection of programs ready, I can ftp a disk image over to a few FTP sites so that other cypherpunks can join in on the fun. (Also a postscript file for the flyers and such...) 1st things 1st, I reccomend that Secure Drive 1.3x and PGP 2.3x and PGPShell are on the disk. Are there any other crypto packages that your average y yuppie, (possibly ODS virgin) would find useful? Remember that we need enough space on the disk to include clipper articles. We probably can't distribute the New York Times articles, so we'll have to write our own (and insert the FUD factor!!!) We need to write/use a freeware hypertext/hypermedia program to list, print, and extract those files. A small disk copy program can be included which would simply read in the whole disk, ask the viewer for a blank, formatted disk and write to it. We can use the user's hard drive for temp space (check the DOS TEMP variable 1st!) possibly XMS and EMS so that the user doesn't have to swap disks. Batch files are neat but may not always work right on every machine. Keep in mind that with the DOS wars we can't use any special features found in any DOS above 3.30 (DR DOS, IBM DOS, MS-DOS, etc.) We should use EGA/CGA for the demo, (check for EGA and use it!) and use highly compressed, or better yet vector images for the animation so that we don't fill up the disk quickly. We could use text mode graphics and ANSI like pictures, but we'd need our own display program as not all machines have ANSI installed, and we can't ask a DOS virgin to do that. We also don't want to modify the user's hard drive if we can help it as that would keep their fears down. From hughes at ah.com Thu Mar 3 12:16:22 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 3 Mar 94 12:16:22 PST Subject: Next Physical Gypherpunks meeting In-Reply-To: <199403031725.JAA21991@math.berkeley.edu> Message-ID: <9403032006.AA01702@ah.com> The next physical meeting will be Saturday, March 12, 12:00 noon PST. This is not an official announcement, but the time and date won't change. The title, for now, is Cypherpunks distributed meeting Politics, Strategies, and Action We're going to try to carry this one on the MBONE. Details are in the process of working themselves out. The EFF looks like it will be hosting one meeting at its offices in DC. There will be another in the Boston area, but I don't know the location yet. I haven't yet tried to jump-start a New York site. Colorado is interested, but needs to come up with a voice-over-IP site. If we do MBONE, we'll have a San Diego participant, but I don't know if he's going to be hosting a meeting or not. If you have a T1, a sparc, a speaker/microphone, a meeting room, and the desire to host a meeting, get in touch with me. We'll need some coordination. Eric From tcmay at netcom.com Thu Mar 3 12:29:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 12:29:01 PST Subject: Having Meetings is the Most Important Issue In-Reply-To: <9403031943.AA01625@ah.com> Message-ID: <199403032026.MAA26066@mail.netcom.com> (I'm copying the main list as well, as I make some points about the general idea of having local gatherings. I suspect more detailed comments on the mechanics of arranging the meetings, establishing the links, etc., should best be kept on the cypherpunks-meeting-planners at ah.com list.) Thanks, Eric, for creating this sub-list. I don't plan to do most of my writing here, though. (Praise the stars.) I've been engaged in a dialog with Pat Farrell about planning the D.C. meeting, getting a place, etc. It sounds like the EFF venue may be the best solution. Let me very briefly make again some of the points I made to Pat and Eric: - having any meeting at all is much more important than whether it is linked partly or fully to the Bay Area meeting. Even if only 5 people show up, this is a start. (I agree that 5 people in attendance does not justify elaborate preparations, special conference rooms, etc. Hence, folks may want to rendezvous at a pizza place or similar. If attendance grows, you can then think of larger, better-connected places.) - most geographic areas are, for whatever reason, not having any meetings at all. This is really too bad, as the physical Cypherpunks meetings in Mountain View have really been important in "gluing together" many activities, and the 5 hours of discussions and debate amongst 20-40 people is very invigorating (few fall asleep, unusually). (If the Bay Area can draw as many as 50 people to a meeting--as our last two meetings have done--then I'm convinced the other major tech areas could draw at least 10 folks each. Maybe not at first, but maybe even than 10 as time goes on.) - the phone or MBONE or whatever link between the groups need not last for long...just long enough to establish a sense of connectivity and community and to discuss certain items of mutual interest. The last time we linked, last April, the main intersite link was for not much more than an hour, as I recall. (It worked well, with Derek Atkins, Mike Godwin, and others in Cambridge, and a bunch in the Northern Virginia area.) - even a brief call-in period would be nice. That is, we could allocate some time, say, 2 p.m. PST, for brief call-ins from folks who want to update the main group (Bay Area, by history and default) on what they're doing and get verbal feedback. Ten minutes per call, several calls perhaps. (Just an idea, perhaps for future meetings....just don't give Detweiler our number!) - regarding travel distances....I'm not too sympathetic. I drive 50 miles over dangerous mountain roads to get from Santa Cruz to the meeting site, Eric Hughes drives 40 miles from Berkeley, John Gilmore 40 miles from San Francisco, and others are as far away as Santa Rosa, about 60-70 miles north. And we do it each and every month! - so, I'm enthusiastic that finally the remote sites will begin to take off. Colorado seems already to be rolling along, and D.C. (which was planned by them to have a natural focus on lobbying and education of Congresscritters) may be reawakening from its slumber. - anybody heard anything from Austin lately? Cheers! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 3 12:33:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 12:33:58 PST Subject: Minutes for Meetings? In-Reply-To: <9403031840.AA12486@glia.biostr.washington.edu> Message-ID: <199403032034.MAA26699@mail.netcom.com> > about this meeting you all are having. once you have had the meeting > will those of us that are un able to attend for one reason or > another, be able to find out what went on??? ie a sort of points > made at he meeting and other general info, in a post to this list. > i would love to be there. but i don't have access to the irc. > and my computer time is whenever i get the chance. > thanks > charles the monster maker Sometime minutes of meetings get posted, usually not. It's a lot of work to do this, both in the writing and in taking good notes during a meeting. I've written up minutes for two meetings, I recall, and Arthur Chandler did for a recent meeting. Not much reaction to either, except nit-picking of details by others, so there's not much incentive for any of us to bother. Being an anarchy, we have no officially assigned minutes takers. Another issue raised by some (to me, at least) is that formal minutes could be used against us by some agency or entity, or at least that some folks would be sufficiently worried about being quoted that they would feel less free to speak up on controversial issues. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cowen at glia.biostr.washington.edu Thu Mar 3 13:20:28 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Thu, 3 Mar 94 13:20:28 PST Subject: No Subject Message-ID: <9403032131.AA14047@glia.biostr.washington.edu> re the use of clipper and other laws to imprison people for use of any code not the clipper.. why not just make jails everywhere and put everyone in one and then let out only those that are working for the gov't and other "good folks" and leave the rest of us in jail. if this happens. where i have no freedoms i'll just disappear. can't find me in the mountains and though i might spend my time in labs i have also spent time on lonely hill tops looking at nature and being away from it all free our lines, or someone else will enslave us charles the monster maker From mike at EGFABT.ORG Thu Mar 3 13:22:26 1994 From: mike at EGFABT.ORG (Mike Sherwood) Date: Thu, 3 Mar 94 13:22:26 PST Subject: Need info on Encyption book In-Reply-To: <9403031603.AA13543@toad.com> Message-ID: KEPERRIER at setpoint.com (Kent Perrier) writes: > Hi all, > > I have joined the "Small Computer Book Club" and in their "Top 10 Best > Sellers" is a book by Gilbert Held called _Top_Secret_ - Data Encryption > Techniques. Below is the text description: > > "Learn how to get people the information they need...without prying > eyes getting a look at it, too. This book/disk package introduces > you to techniques you can use to secure messages transmitted over internal > company networks or public electronic message systems. You'll learn how to > protect your communications with techiques for transposing characters in > text, replacing characters, with new ones, using arrays, and more. Plus, > your free disk features source code for the book's enciphering programs. > Softcover, with 3.5" disk. 218pp 1993." > > Has anyone heard of this book and is it with the $19.95 that they want > for it? If this is the one I'm thinking of, with source in basic, the algorithms used are mostly primitive things that have been cracked a long time ago. while it may be useful as a text for someone who isn't at all familiar with cryptography to start with, don't be fooled by claims that simple xor is a strong encryption algorithm. I dont think the book covers any serious encryption algorithms (des, idea, public key crypto, etc) but the most memorable thing about it was that it was funny that they believed what they were saying, so my memory may be faulty. -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From banisar at washofc.cpsr.org Thu Mar 3 13:37:12 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Thu, 3 Mar 94 13:37:12 PST Subject: Clipper Petition Passes 40, Message-ID: <00541.2845556887.4178@washofc.cpsr.org> Clipper Petition Passes 40,000 =============================================== Computer Professionals for Social Responsibility (CPSR) March 3, 1994 Washington, DC The CPSR Internet Petition to oppose the Clipper Proposal has now passed 40,000 signatures. The petition has been signed by users at over 2,600 sites, including 1,100 companies and 800 colleges. For specific sites, MIT has the highest single vote tally, with over 600 messages. Messages continue to arrive at a rate of over 1,000 per day. To sign on to the letter, send a message to: Clipper.petition at cpsr.org with the text "I oppose Clipper" (no quotes) You will receive a return message confirming your vote. To obtain a copy of the petition, email a blank message to petition-info at cpsr.org For more information on Clipper, email clipper-info at cpsr.org. You will receive a copy of the Clipper FAQ. Please distribute and ask your friends and colleges to sign. Thanks for your help. ================================================ From sergey at delbruck.pharm.sunysb.edu Thu Mar 3 15:25:56 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Thu, 3 Mar 94 15:25:56 PST Subject: Standard for Stenography? In-Reply-To: <9403030632.AA13653@hot.ee.lbl.gov> Message-ID: On Wed, 2 Mar 1994, Jef Poskanzer replied to Gary Jeffers: > I disagree with pretty much everything in your message, and since I'm the > one who opened the topic and who is writing the code, my opinion would seem > to count for quite a bit more than yours. I'm not going to repeat the > By the way, this discussion is an example of something I have labelled the > "silence is invisible" phenomenon. > Jef I think this "silence" has a good side. I've only read this list for a short time, but I already respect the oppinions of a few regulars. I don't expect every idea I post to the list to be completely new (quite the opposite, usually). The few replies I, and most other newbies, get are usually not very thought out, and have as many holes in them as the original suggestion. We debate back and forth for a short while, but seem to be generally ignored. The 'elders' on the list stay silent. Its when those respected few regulars speak that my ears prick up. I, for one, haven't read all the literature on the subject. So the oppinions of someone who has are greatly valued. If genuine intrest is shown in something you've proposed it tells you that you're on the right track. Input coming from the 'elders' is doubly important. It would be nice if constructive, intelligent criticism was offered on every post. Unfortuantely, newbies tend to get flamed more often than praised. In that regard, I believe that the "silence" from those who know better is usually good. If I recieved the sort of annoyed response that Gary Jeffers got from you on one of my first post, I don't think I would have stuck around for long. Perhaps some of the senior cypherpunks would prefer a moderated list where all newbie discussion is nipped in the bud. In that case, I suggest that they form the "eLyTe-cYpHeRpUnKs" list, and distribute it privately among themselves. I believe that fresh blood is essential for the development of the "cypherpunks"; so, this route is not recommended. Sergey From mech at eff.org Thu Mar 3 15:33:00 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 3 Mar 94 15:33:00 PST Subject: Job Opening: EFF Seeking Executive Director Message-ID: <199403032331.SAA25304@eff.org> Position Announcement Executive Director THE ELECTRONIC FRONTIER FOUNDATION Summary: The Electronic Frontier Foundation (EFF) is seeking an inventive, entrepreneurial, public service-oriented chief executive with a strong background in operations. The Executive Director will expand the scope of the Foundation's activities by developing diverse projects, and will build organizational capacity by implementing sound management, fundraising and membership programs. The new Executive Director will work collaboratively with EFF's current Executive Director, who is moving over to become the Director of Policy in order to provide full time leadership to EFF's intensive and expanding public policy activities. EFF was started in 1990 by Mitchell Kapor, founder of Lotus Development Corporation, and John Perry Barlow, an author and lecturer interested in digital technology and society. Both founders remain active in the organization. EFF identifies significant issues related to information and communication technologies, and creates activities that seek to understand how they will affect society, and change the way that people think, work and interact. Current EFF activities focus on public policy, civil liberties, and public awareness. The new Executive Director will develop EFF projects which integrate the current array of policy initiatives, and will be designed to study and add value to the discourse around particular problems or ideas by bringing together information, resources and individuals outside of EFF who are already working in key areas. Other activities will be intended to promote strategic dialogue and education about specific issues, to encourage the development of new tools and paradigms, or to promote action for social, political, or economic change that expands EFF's current work related to: - information infrastructure; - the development and application of law; - evolution of new technology; and - protection of civil liberties. In addition, new projects will may address topics such as: - changes in social fabric and the meaning of community; - opportunities and effects on commerce/economics; and - international issues. Activities may include conducting research, creating forums to encourage discourse, inventing technical solutions, framing and reframing issues, convening working groups, promoting education and public awareness, persuading, organizing, lobbying and advocating, coalition building, dissemination and publications. About the Electronic Frontier Foundation: Programs EFF's current programs are designed to explore how civil liberties and the practices of democracy are affected in the unique domain created when individuals use electronic media to communicate. EFF has been involved in public interest litigation, providing on-line legal information for computer users, electronic conferencing and broad public education through print and electronic publications and communications activities. EFF has led the public debate on communications privacy, and supports efforts to force broad access to government information. As advancements in technology have stimulated investment in a national information and communications infrastructure, EFF has devised and promoted policy proposals, formed public interest/private sector coalitions, encouraged legislative reform, and organized grass roots support to ensure that the emerging national network is affordable, democratic and widely accessible. EFF also has explored issues related to privatization of the Internet, and information privacy. Management and Administration EFF presently has 8 full time professional staff, and a ten member Board of Directors who meet quarterly. Board members at EFF are committed, active and visible. EFF is a membership organization with a current enrollment of several thousand. The membership program has potential for involving thousands of technology users who are concerned about the future of communications networks, and want to participate in influencing the evolution of the networked world. Membership will be an increasingly important component of EFF's funding and advocacy base in coming years. In 1994, will have an annual budget of $1.6 million. Funds come from corporations, individual donors, grants, and membership. An important goal for the next few years will be to diversify EFF's funding base through a variety of fundraising methods, including major donor programs, membership, foundation grants, and earned income. Responsibilities of the Executive Director: o Management and Administration: The Executive Director sets the tone for a vital and positive organizational culture at EFF, orchestrates the activities of the staff, and ensures that EFF's strategic and operational planning, fiscal practices, and daily administration run smoothly and efficiently. o Resource Development: EFF is in the process of developing and expanding a comprehensive fundraising program Over the short term, the Executive Director will directly identify and secure funding from a variety of sources, including individuals, corporations and foundations. Over the longer term, the Executive Director will be responsible for planning and overseeing the implementation of a fundraising strategy that supports current activities and lays the groundwork for expansion into project areas defined by the Board and staff. o Membership Development and Member Relations: The Executive Director will develop and oversee the implementation of an expansion plan to increase EFF membership that integrates EFF's goals for fundraising, public awareness, and programs, and will work with staff to define and maintain a roster of member services and opportunities for activism. o Project Development and Management: The Executive Director will work with EFF's Board and staff to define, fund, and launch projects, then will oversee their smooth operations. o Board Development and Relations: The Executive Director serves as an ex officio member of the Board of Directors, and is responsible for leveraging the resources represented by the Board and other advisors to benefit the organization. o External Relations and Public Awareness The Executive Director will be in charge of planning and delegating responsibility for a cohesive program for external communications and public awareness that advances EFF through media placement, speaking engagements, and publications. Qualifications: The Executive Director must be skilled at organization building, program development and staff management, with at least ten years of proven experience in a responsible senior executive position. Candidates should enjoy seeing through a range of projects from initial vision through planning to implementation, and attending to the details of staffing, funding, project oversight and evaluation. Qualifications must include a track record of successful, creative fundraising and revenue development. This position is suitable for someone who enjoys engaging in lively exchange of ideas, but who also leans towards the pragmatic application of ideas to problem solving. Applicants will be asked to demonstrate an interest in EFF's work in law and public policy, civil liberties, computer and communications technology, opportunities for commercial development, and social evolution. Candidates must be able to represent the organization in public, so excellent communication skills--including the ability to write and speak persuasively to a range of audiences--are essential. This position requires a flexible and organized individual with advanced interpersonal skills, high energy level, problem solving approach, and the ability to generate and sustain multiple activities. Applicants should enjoy and be effective at negotiating collaborations and partnerships with other organizations and individuals. Diplomacy, political sensibility, and a sense of humor would come in handy. Candidates may come from a variety of backgrounds, including, but not limited to business management, academia, a research or policy institute, a senior fundraising position, public interest leadership, philanthropy, a think tank, or a research and development setting. We encourage individuals with eclectic backgrounds combined with a track record of accomplishments to apply. Experience managing a nonprofit organization is high capital, particularly if it includes development of effective fundraising programs, partnerships, and broad-based membership. Experience with budgeting and financial accountability is required. Because much of EFF's work is conducted electronically, candidates must have direct experience using electronic networks (should have a current email address), and should be aggressive in learning about and using computers and other forms of electronic communication. Compensation: Salary in the low six figures, commensurate with experience. Full benefits include health, disability and life insurance, pension, and vacation. How to apply: This position is located in Washington, DC. Deadline for applications is 31 March 1994. No phone calls please. To apply, send complete vitae, a brief writing sample and a compelling cover letter including salary history, to our executive recruiter: Lisa A. Breit & Associates 54 Rich Valley Road Wayland, Massachusetts 01778 Fax: 508-358-9110 You are encouraged to apply by email (ASCII only please). Address to: search at eff.org The Electronic Frontier Foundation is an equal opportunity employer. From eb at sr.hp.com Thu Mar 3 15:46:41 1994 From: eb at sr.hp.com (Eric Blossom) Date: Thu, 3 Mar 94 15:46:41 PST Subject: YA semi-novice question In-Reply-To: <9403031930.AA19033@media.mit.edu> Message-ID: <9403032345.AA12469@mwmax.sr.hp.com> Alan Wexelblat writes: Can someone please tell me how 3-way calling would work under Clipper (or other encrypted phone system)? That is, I'm Alan talking to Betty. During the conversation Clive calls me and I want to "add" him so that we have a 3-way conversation. How do the key/session exchanges happen? Basically it doesn't, unless you have extra hardware. This is the same problem that you have with ISDN phones. No extensions. If you were going to do it, somebody acts as a hub, call it H, and the other two users A and B connect to the hub. Note that A and B are not directly connected. A <----> H <----> B A and H negotiate a session key. B and H negotiate a session key. H acts as a digital mixer. H decrypts input from A using the A/H key and forwards it to B encrypted under B/H. H decrypts input from B using the B/H key and forwards it to A encrypted with the A/H session key. In the middle of all this (H) all components of the conversation are in the clear. They are mixed appropriately and sent out to the other participants encrypted under the respective session keys. Eric Blossom From jeremy at crl.com Thu Mar 3 15:59:22 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Thu, 3 Mar 94 15:59:22 PST Subject: clipper + enaction = illegal alternate encryption In-Reply-To: <01H9GN16SBXU000676@UNCVX1.OIT.UNC.EDU> Message-ID: On Tue, 1 Mar 1994 VACCINIA at UNCVX1.OIT.UNC.EDU wrote: > Jeremy at crl.com writes: > > >Now why bother going through all the trouble to take out the chip? Why > >not just leave it in there and send RSA encrypted over your phone line? > >Once they _DO_ decrypt your clipper, they will still have another barrier. > >Leaving the chip in there does make it a little harder even for law > >enforcement doesn't it? > > This is the reason all other forms of encryption will be outlawed if the > clipper proposal goes through. I foresee at least two lines of enforcement. > The first is that one is held in contempt of court (assuming they can find > some charges to press) until you give them your key. How long can they keep > you in the slammer on a contempt charge? This option is already available > and seems to work, at least so far. I am talking about the clipper of today, not tommorow. When the government decides to outlaw all other schemes of encryption then we have a different story. I was responding to someone who was going out of their way (or said they would) to remove the chips from his/her equipment. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From fhalper at pilot.njin.net Thu Mar 3 16:00:22 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Thu, 3 Mar 94 16:00:22 PST Subject: RIPEM & MacPGP Message-ID: <9403040000.AA29955@pilot.njin.net> I have a friend that uses RIPEM and I use PGP if he sent me his RIPEM public key ther wouldn't be any problems between the 2 would there? Any opinions on which is the better program(seems like PGP is, RIPEM is still kinda raw) Reuben Halper PGP key available on request From sergey at delbruck.pharm.sunysb.edu Thu Mar 3 16:02:44 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Thu, 3 Mar 94 16:02:44 PST Subject: Standard for Stenography? In-Reply-To: <199403031607.IAA08429@jobe.shell.portal.com> Message-ID: On Thu, 3 Mar 1994, Hal wrote: > I share Jef's disagreement with the spectacularly bad "neon sign" > steganography header, but I don't think Sergey's approach was correct > and I hope he does not feel the issue is closed yet. I never thought it was. Thank you for joining in the discussion, BTW. > Bill Stewart is IMO far more experienced and has far better > understanding of the issue than Sergey, who has been a list member for > only a few weeks and again IMO suggests a very naive > security-through-obscurity approach. I welcome any and all of Bill Stewart's comments on this issue. I have, since the beginning, noticed a distinct dislike of "security-through-obscurity" among the senior members of this and other similar lists/newsgroups. Many people preach this dislike. Most don't seem to understand its foundations fully; neverthelless, they consider it a closed issue and usually don't bother to explain why. I am glad that you are offering your insight on this, Hal. > Bill Stewart, Norm Hardy, and other list members who have more experience > and who have discussed these issues in the past will I think agree that the > correct approach is to separate the function of the stegonography program > to be a simple and clean insertion, and to have other components be > responsible for assuring that what is inserted is statistically indistin- > guishable from what is replaced. > This is the most elegant solution, I agree. > This notion that a "secret offset" will prevent the stego from being > discovered is highly naive IMO. The correct approach is to make it so > that the stego cannot be recognized even if the opponent knows where it is. That would be ideal, I agree. > Adding offsets is like attempting to "improve" regular RSA by putting a > secret amount of noise padding at the front (not of a stego file, but of > an openly encrypted file). This is unnecessary if you trust your encryption, > and if you don't trust it then this approach should not make you trust it. I do not trust my encryption to be foolproof. If I believed that adding noise at the front of the file would help, I would do it. I still wouldn't trust it, but I would feel safer with every new security-through-obscurity layer. > Similarly, if your stego is so weak that knowing where it is in the file will > allow the opponent to detect it, adding a random offset should not make you > feel secure. The correct approach is to have statistical identity between > what you are inserting and what you are removing. The stego program itself > should then be as simple as possible. This is my defense of security-through-obscurity: Security-through-obscurity adds layers upon layers of potential effort needed by one's opponents to get at whatever it is that you are obscuring. A good analogy would be the length of one's secret key. A one bit key, you would agree, is not very effective. The bits in the key, the more effort your opponent would have to expend in brute-force analysis. Similarly, the more layers of obscurity one has, the more effort your opponent would have to expend in bypassing/guessing your methods. I have often heard it said that one should always assume that one's opponent knows everything except one's secret key. To me, this makes no sense! If your opponent is good enough and determined enough to get by all the layers of obscurity you may have put up, than its just one more step to getting your secret key. You have stated that my oppinion is naive. Please enlighten me. > Now I will add my own little moral lesson, in the spirit of Tim and Jef. > Sometimes when these discussions are re-hashed, old-timers are too busy or > bored to join in. New list members express naive views that are not vigor- > ously refuted. This is OK, but then some other new member takes these views > to represent list consensus. > So the views of these naive new members should be "vigorously refuted" (ie. flamed) in the intrest of other naive new members? Have you considered changing that to "constructively criticised"? > I think it is great that Jef is working on a steganography implementation, That it is! > but IMO the notion of "random offsets" is so fundamentally misguided that I > hope he will reconsider. > I dissagree. In a perfect world, with perfect encryption and perfect steganography "random offsets" may be superfluous. As it stands now, we need all the obscurity we can get. > Hal Finney > hfinney at shell.portal.com > Sergey From eileen at photon.poly.edu Thu Mar 3 13:16:30 1994 From: eileen at photon.poly.edu (Eileen Tronolone) Date: Thu, 3 Mar 1994 16:16:30 -0500 (EST) Subject: PC Expo, Mac World, Comdex, etc... (fwd) In-Reply-To: <9403031858.AA04241@prism.poly.edu> from "Arsen Ray Arachelian" at Mar 3, 94 01:58:17 pm Message-ID: <9403032116.AA26345@photon.poly.edu> Also Sprach Arsen Ray Arachelian: > > >I LOVE IT! LET'S DO IT!!!!!!! > > Disks are dirt cheap. $0.39 per disk in 150 packs. > If we could get a few people to chip in $20, we can > buy quite a lot, over a hundred. The hard part is > duplicating them. (BTW: those disks come preformatted > for DOS. This is from MEI Microcenter.. 800-634-3478) What we need are people to take a portion of them and format them for Unix and Macintosh and any other versions of PGP that are there. Can the Unix version of PGP fit on a single disk? Also, we have to have the sort of people involved who won't just take the disks and walk with them. > The hardest part is printing labels that look > professional enough to prevent most of the yuppies > from being suspicious about a few kids handing out > disks. Piece of cake. My lover has his own desktop publishing buisness. With an HPLJ4 at home. No problem. We can make professional-looking handouts too. (We'll have to wear suits too in order to > not get them scared off... Sad, but effective..) You have to wear a suit (or at least reasonably dressy clothing) to be taken seriously at any Expo at all. One concern I have - did Zimmerman sell out to RSA yet? He was being sued as I recall, and the latest info I have is that he watered down version 2.3 to shut them up temporarily. What is the latest on that, and is 2.3 still the latest version of PGP? -- Eileen Tronolone | internet: eileen at photon.poly.edu | EARTH System Administrator | usenet: redsonja at olias.linet.org | JUICE! Polytechnic University | voice: (718) 260-3846 | -- RTF Brooklyn, NY 11201 | Self possession is 9/10 of the law.| From tcmay at netcom.com Thu Mar 3 16:24:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 16:24:54 PST Subject: Newbies on the List In-Reply-To: Message-ID: <199403040025.QAA03656@mail.netcom.com> Sergey Goldgaber writes: (quoting Jef P.) > > By the way, this discussion is an example of something I have labelled the > > "silence is invisible" phenomenon. > > > Jef > > I think this "silence" has a good side. I've only read this list > for a short time, but I already respect the oppinions of a few regulars. > I don't expect every idea I post to the list to be completely new (quite > the opposite, usually). The few replies I, and most other newbies, get are > usually not very thought out, and have as many holes in them as the original > suggestion. We debate back and forth for a short while, but seem to be > generally ignored. The 'elders' on the list stay silent. I want to take this opportunity to say that I do _not_ disparage the enthusiasm of newcomers like Sergey G. and Gary Jeffers. The "problem," to the extent theere is one, is that newcomers frequently have a bunch of things they really want to say (which is good), but lack the context to see how their points fit in with what's possible to do, what's already been done, and what is naive (which is bad). And after a while, having said what they wanted to say their posts taper off. (A few of us are still blabbing incessantly a year and a half after joining the list. Hey, it beats working for a living.) Gary sent me some e-mail inquiring about the archive of past postings--regrettably, my current understanding is that the toad.com archives are not (yet?) available for browsing and retrieval of past posts. Maybe someday. Chronological age has little to do with being an "old-timer" or a "newcomer." For example, Sameer Parekh is but a freshman at Berkeley, but he is surely and old-timer. Stick around for several months on the list, and you'll be an old-timer. > Its when those respected few regulars speak that my ears prick up. I, for > one, haven't read all the literature on the subject. So the oppinions of > someone who has are greatly valued. If genuine intrest is shown in > something you've proposed it tells you that you're on the right track. > Input coming from the 'elders' is doubly important. Here are some things newcomers can do: 1. Immediately run out and buy a copy of Bruce Schneier's "Applied Cryptography." Do this before doing anything else. It covers so many of the areas we deal with that to not have it handy is a waste of your and our time. The book is pricey, at $45, but go out and mow some lawns or donate some blood if you can't afford it. You can't afford to be on this list without it (or some equivalent texts). 2. Read the various articles on crypto that are mentioned here fairly often (and which will be in the FAQ). 3. Speaking of FAQs, some good ones already exist in sci.crypt. The "Crypt Cabal" puts out a good one every month or so. Others exist. Read them. 4. In general, read sci.crypt and talk.politics.crypto. And comp.org.eff.talk. And maybe the Clipper and PGP groups. 5. Speaking of PGP, some good stuff in the documentation for PGP. 6. Finally, hold off on posting for at least a few weeks after joining the list. Too many folks "shoot their wad" by hyperenthusiastically expounding on a basically flawed idea too early in their history on the list. > It would be nice if constructive, intelligent criticism was offered on > every post. Unfortuantely, newbies tend to get flamed more often than > praised. In that regard, I believe that the "silence" from those who > know better is usually good. The problem is that about 700-800 people are on this list--though I find this hard to believe...and certainly many of them must be deleting nearly everything unread. If each "Has anyone ever heard of foo?" post was carefully replied to.... > If I recieved the sort of annoyed response that Gary Jeffers got from you > on one of my first post, I don't think I would have stuck around for long. > Perhaps some of the senior cypherpunks would prefer a moderated list > where all newbie discussion is nipped in the bud. In that case, I > suggest that they form the "eLyTe-cYpHeRpUnKs" list, and distribute it > privately among themselves. I believe that fresh blood is essential for > the development of the "cypherpunks"; so, this route is not recommended. I think the response Gary got were actually quite polite, especially the ones that stated the fact that his views were likely wrong and should not, by silent assent, be taken as the consensus of the list. No one called him names or told him to get off the list. Even my comments on "stenography" were not all that harsh, in my opinion. (And we've since exchanged e-mail.) I don't think any of us want to see newbies "nipped in the bud." But we certainly all want to see newbies brought up to speed. A moderated list is not being sought by anyone I know, at least not for the Cyperpunks list (though Perry Metzger has proposed his own moderated list on crypto issues). Many newcomers to crypto have become serious contributors in short order. Likewise, many old-timers (like David Sternlight) have never reached the point of being a "contributor," so draw your own conclusions. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 3 16:32:11 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 3 Mar 94 16:32:11 PST Subject: Having Meetings is the Most Important Issue Message-ID: <199403040032.QAA07000@mail.netcom.com> (I sent this off several hours ago and it still hasn't appeared at my site, so I'm sending it again.) From wcs at anchor.ho.att.com Thu Mar 3 16:40:56 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 3 Mar 94 16:40:56 PST Subject: Standard for Stenography? Message-ID: <9403040039.AA14605@anchor.ho.att.com> Hal Finney writes: > Bill Stewart, Norm Hardy, and other list members who have more experience > and who have discussed these issues in the past will I think agree that the > correct approach is to separate the function of the steganography program > to be a simple and clean insertion, and to have other components be > responsible for assuring that what is inserted is statistically indistin- > guishable from what is replaced. It's somewhat of a tradeoff, though, since you really *do* need to have the system be convenient enough to use and standardized enough that everybody will use it. My own programming approaches tend to solve this through reasonably clean programs connected by shell scripts or C frontends grossly infected with Creeping Featurism; the faults of this widely-used approach are well-known (:-). The important decisions, in my opinion, are whether to have an explicit stego program or something that appears to be more general-purpose, and whether to make sure the cyphertext you're hiding looks random. If you're going to have an a program that admits to doing stego, the main risks in having it do a fancy job are detectability and portability, and it sounds like Jef's handling that well. And Xenon's ranting has helped encourage someone to release Stealth-PGP:-) so that's good. Carl Ellison's "tran" program takes an interesting approach for data scrambling - it takes a simple checksum of the first N bytes of the data, which is order-invariant (I think it was a byte-wise XOR?) and uses it as a random-number seed for scrambling blocks of data; it's easy to reverse because the checksum is the same after scrambling. (I forget if the scrambling is also a self-inverse or not, which lets you use one program for both directions; wouldn't be too hard to do.) That might be a clean approach if you're still looking for a satisfactory scrambling method, though you could also do bitwise things instead of bytesized, since you have to split the text out into bits for stego anyway. Bill From wcs at anchor.ho.att.com Thu Mar 3 16:50:48 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 3 Mar 94 16:50:48 PST Subject: Need info on Encyption book Message-ID: <9403040050.AA14673@anchor.ho.att.com> > >Has anyone heard of this book [_Top_Secret_ - Data Encryption Techniques] and > >is it with the $19.95 that they want for it? > > Only if you have a pressing and immediate need for a doorstop, or need > special help solving the "Cryptoquotes" in your local paper. If I'm not mixing it up with a similar book I saw in the store, I wouldn't be *quite* that negative; I'll comment on the two together. They're not academic books, and if you're using PGP there's not much you'll gain from them. The big weaknesses I saw were: - not mentioning that the techniques discussed are way outdated and easily broken by professionals (they tend to say this for the simpler methods, just not for the more complex ones.) - not discussing the *existence* of mathematical crypto techniques; it's ok not to go into details, depending on the scope of the book, but there should at least be pointers to the topics. One interesting feature of the books I looked at was that one of them came with a floppy disk with code on it. I didn't notice anything on the first few pages about "Not for export" or a mention that the government treats crypto as munitions that need special permits to export - I assume the authors are unaware of this, or that the NSA doesn't really care about this level of crypto any more than they care about rot-13 being exported :-) - but you'd think the publishers would notice.... Bill From smb at research.att.com Thu Mar 3 17:00:14 1994 From: smb at research.att.com (smb at research.att.com) Date: Thu, 3 Mar 94 17:00:14 PST Subject: Standard for Stenography? Message-ID: <9403040100.AA21896@toad.com> I welcome any and all of Bill Stewart's comments on this issue. I have, since the beginning, noticed a distinct dislike of "security-through-obscurity" among the senior members of this and other similar lists/newsgroups. Many people preach this dislike. Most don't seem to understand its foundations fully; neverthelless, they consider it a closed issue and usually don't bother to explain why. Obscurity is certainly a help. Attacking an unknown system is very much harder than attacking a known one. And everyone in the business knows that. However -- in the real world, as opposed to an academic exercise, you cannot keep an algorithm secret forever. Partners will betray you, spies will steal copies, enemies will capture them. Do you trust everyone on cypherpunks? Should you? If your algorithm is not strong enough to withstand an attack by an enemy who has captured it, you're in trouble. And although you can replace the algorithm, it's a lot harder than changing keys -- good cryptoalgorithms take a *lot* of work, and the details often matter a lot. Besides, your old traffic will then be readable. Security through obscurity is more than a buzzword. It's a necessity in this business. --Steve Bellovin From wcs at anchor.ho.att.com Thu Mar 3 17:10:21 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 3 Mar 94 17:10:21 PST Subject: Standard for Steganography Message-ID: <9403040109.AA14831@anchor.ho.att.com> Jef Poskanzer writes: > The problem is the length field - you've got to have it, and it's > recognizeable because it begins with a run of 0s. [several hiding approaches.] Actually, you don't really need it, at least for PGP. PGP messages keep track of how much real stuff the message has, and ought to be able to do the right thing if there's extra stuff at the end; I'd guess that Stealth-PGP can do the same. I realize PGP isn't the only thing people will want to hide, but most things need hiding have enough structure to them thatpadding wiht garbage at the end is no problem. On the other hand, if you do have a length field, you do have to do something reasonable with it, and just putting it at the beginning makes it difficult to do other stuff with the stego program, like inserting text bitplanes into a picture.... Bill From ebrandt at jarthur.cs.hmc.edu Thu Mar 3 17:18:22 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 3 Mar 94 17:18:22 PST Subject: Standard for Stenography? In-Reply-To: <9403031710.AA14345@hot.ee.lbl.gov>; from "Jef Poskanzer" at Mar 3, 94 9:10 am Message-ID: <9403040118.AA22060@toad.com> Jef said: > My solution is to store the file's bits in a specified > pseudorandom permutation of the image's available bit positions. > It's kind of like the frequency hopping of spread spectrum radio. > This hides the length field very thoroughly. It also happens to > hide anything else recognizable about the original file. What you're doing can be written as steg(permute(pkey, )) Note that the permutation is really a second layer of encryption, a bit transposition cipher. The obscurity-only approach of "#define PERMUTE_KEY 0xdeadbeef" would be pretty weak. If an opponent is to be unable to detect images with embedded steganography (stegnant images?) by looking for the length field, the permutation needs to be strong: large keyspace, strong PRNG, etc. Granted, it doesn't need to be as strong as the message cipher, because the plaintext is lousy (mostly encrypted), the payoff to the opponent on breaking it is less, and the target pool is much larger. But you do have the hassles of a second cipher -- at the very least, you need to distribute keys. Probably *private* keys, with their attendant distribution explosion. I think the Right Thing to Do is to require that the length indication or eof marker be inside the strong encryption (Stealth PGP or what have you). Now, we may not want to do that. First, we may have good reasons to preserve modularity by doing the length in the stegger. If the encryption is stealthy, we can get away with *only re-encrypting the length information*. Big win speedwise. If the encryption is not stealthy, it seems to me that we need a PGP headerstripper, not a permuter. The bulk of the file, after all, *is* stealthy. Tangentially, why choose bit permutation for your second-level encryption? There are plenty of schemes that will be a lot faster than doing all that bitmangling. Eli ebrandt at jarthur.claremont.edu From cfrye at ciis.mitre.org Thu Mar 3 14:21:12 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 3 Mar 94 17:21:12 EST Subject: spooks Message-ID: <9403032221.AA15217@ciis.mitre.org> >If there are any spooks on this list aren't they required by law to say that >they are if somoeon asked if anyone on on th list was employed by CIA, DOD, FBI >or NSA? Hardly. The intel folks don't have to say diddley and might be prohibited by law from saying anything, the FBI probably doesn't need to since there's no criminal investigation under way (or is there?), and why in hell would DOD employees need to reveal their presence? We encourage open, anonymous From wcs at anchor.ho.att.com Thu Mar 3 17:34:46 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 3 Mar 94 17:34:46 PST Subject: Standard for Stenography? Message-ID: <9403040134.AA15184@anchor.ho.att.com> Sergey writes: > I have often heard it said that one should always assume that one's > opponent knows everything except one's secret key. To me, this makes no > sense! If your opponent is good enough and determined enough to get by > all the layers of obscurity you may have put up, than its just one more > step to getting your secret key. If your cryptography methods are good enough to withstand an opponent who has full documentation of your algorithms and methods, lots of funds, and everything except your keys, then you don't need to waste your time with all the other stuff. And if you can't protect a couple of keys, it doesn't really matter how much other security you have. On the other hand, steganography is almost by definition an obscurity technique, and while security-by-obscurity is a naive waste of time, obscurity-by-obscurity is hard to argue against real clearly :-) On the other hand, if your cyphertext looks like random bits anyway, it doesn't take a lot to make them invisible. The real need is to make your data look like Somebody Else's Problem.... Bill From jef at ee.lbl.gov Thu Mar 3 17:54:14 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Thu, 3 Mar 94 17:54:14 PST Subject: Standard for Stenography? Message-ID: <9403040154.AA16047@hot.ee.lbl.gov> Eli makes a reasonable case for leaving out the length field altogether. The desteg program would produce a file of width*height bits, and it would be up to the next layer to produce text from that. However, I'm not sure it's a *compelling* case. If adding the length doesn't actually hurt security, I'm inclined to keep it. >Tangentially, why choose bit permutation for your second-level >encryption? There are plenty of schemes that will be a lot faster >than doing all that bitmangling. Slowness is not necessarily bad - it also makes it harder for attackers to search through large numbers of images for ones with hidden data. But the main thing that the permutation gives you is that it spreads out the data bits among unmodified bits, making statistical tests harder. For a 1000 byte message in a 640x480 image, only 2% of the bits will be changed. If that 2% was all jammed into the first 80000 pixels of the file, it might be detectable; if it's spread evenly throughout the file, it's probably safer. --- Jef From sergey at delbruck.pharm.sunysb.edu Thu Mar 3 18:25:03 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Thu, 3 Mar 94 18:25:03 PST Subject: Newbies on the List In-Reply-To: <199403040025.QAA03656@mail.netcom.com> Message-ID: On Thu, 3 Mar 1994, Timothy C. May wrote: > The "problem," to the extent theere is one, is that newcomers frequently > have a bunch of things they really want to say (which is good), but > lack the context to see how their points fit in with what's possible > to do, what's already been done, and what is naive (which is bad). And > after a while, having said what they wanted to say their posts taper > off. > Flaming is no solution to this "problem". In fact, this "problem" can, with proper guidance, lead to an enriching growing experience (forgive me for sounding camp). Most very "naive" newbies usually get responses that are anything but helpfull; unless their queries are phrased in a submissive, almost servile tone. At the very least, a certain humility is expected. This pattern is by no means limited to this list, or even the whole Internet. It is the "presumptuous" _and_ "naive" newbies that get flamed the most. They are the safest targets. It may be wise to realize that even the _most_ presumptuous and _most_ naive newbie has potential for enriching the group tremendously. In these cases, flaming usually turns out to be even more naive than whatever it was the newbie has/hasn't done to deserve the flame. The senior, as many have pointed out, should know better. > Gary sent me some e-mail inquiring about the archive of past > postings--regrettably, my current understanding is that the toad.com > archives are not (yet?) available for browsing and retrieval of past > posts. Maybe someday. > A great pity. I suspect that some the contents of the archive may be far more educational than even the fabled "Applied Cryptography". :) > Chronological age has little to do with being an "old-timer" or a > "newcomer." Thank you for pointing that out. However, it was not my intention to imply age differences with the terms "newbie", "elder", or "senior". Nor was it my intention to put anyone on the defensive. > For example, Sameer Parekh is but a freshman at Berkeley, > but he is surely and old-timer. Stick around for several months on the > list, and you'll be an old-timer. > > 1. Immediately run out and buy a copy of Bruce Schneier's "Applied > Cryptography." Do this before doing anything else. It covers so many > of the areas we deal with that to not have it handy is a waste of your > and our time. The book is pricey, at $45, but go out and mow some > lawns or donate some blood if you can't afford it. You can't afford to > be on this list without it (or some equivalent texts). > For some, actual "live" conversations hold more in the way of being educational than any textbook, no matter how well written. Your suggestion is well taken, nonetheless. > 2. Read the various articles on crypto that are mentioned here fairly > often (and which will be in the FAQ). > 3. Speaking of FAQs, some good ones already exist in sci.crypt. The > "Crypt Cabal" puts out a good one every month or so. Others exist. > Read them. > 4. In general, read sci.crypt and talk.politics.crypto. And > comp.org.eff.talk. And maybe the Clipper and PGP groups. > 5. Speaking of PGP, some good stuff in the documentation for PGP. > 6. Finally, hold off on posting for at least a few weeks after joining > the list. Too many folks "shoot their wad" by hyperenthusiastically > expounding on a basically flawed idea too early in their history on > the list. It would be ideal if every "newbie" had the time/energy to do all these before posting. It may minimize the chances of "reinventing the wheel". Luckily, I believe the "cypherpunks" list is a fine way to learn a little about cryptography. Not only by reading, but by participating as well. It may not be as effective as actually managing to read and understand a 400+ page reference book on cryptography. Nor would I urge any prospective cryptographers to to take this as their only route of study. But it may be a good (dare I say "fun"?) introduction. > The problem is that about 700-800 people are on this list--though I > find this hard to believe... That is a problem. There aren't enough! 700 dabbling cypherbabies and maybe a dozen serious cypherpunks are less than a handfull. Perhaps the list needs to be subdivided (or renamed to something more boring :) But I don't think we need to worry about there being too many of us. > and certainly many of them must be > deleting nearly everything unread. If each "Has anyone ever heard of > foo?" post was carefully replied to.... I do not seriously expect a constructive, intelligent reply to every post. I was meerly listing it as another ideal. Constructive replys need not be public, BTW. Especially if the topic(s) has been thoroughly covered previously. > I think the response Gary got were actually quite polite, especially > the ones that stated the fact that his views were likely wrong and > should not, by silent assent, be taken as the consensus of the list. > No one called him names or told him to get off the list. Even my > comments on "stenography" were not all that harsh, in my opinion. Yes. And, names would be comparatively mild to trashing his account (something which many readers are very capable if not willing to do). And that would be mild compared to sending him a mail bomb. In any case, the responses he recieved were mostly less than helpfull. I certainly expected more from certain senior members of this list. > I don't think any of us want to see newbies "nipped in the bud." But > we certainly all want to see newbies brought up to speed. Flaming them(us) does not usually "get them up to speed". > Many newcomers to crypto have become serious contributors in short > order. Likewise, many old-timers (like David Sternlight) have never > reached the point of being a "contributor," so draw your own > conclusions. I hope I'll have the time to become a serious contributor (seriously :). I certainly have the intrest. > --Tim May Sergey From exabyte!smtplink!mikej at uunet.UU.NET Thu Mar 3 18:44:04 1994 From: exabyte!smtplink!mikej at uunet.UU.NET (exabyte!smtplink!mikej at uunet.UU.NET) Date: Thu, 3 Mar 94 18:44:04 PST Subject: Mail server for crypto files on csn.org? Message-ID: <9402037627.AA762722747@smtplink.exabyte.com> -----BEGIN PGP SIGNED MESSAGE----- Problem: the time-varying directory name changes too fast for reliable mail server access to the crypto software on csn.org:/mpj/ for those who don't have live ftp access, but are legally qualified to get that software under the ITAR. It IS possible, but you have to get README.MPJ then request the software right away (before I log in to csn.org to check my mail the next time -- usually one to three times a day whenever I feel like it). Proposed solution #1: change the ITAR. Unfortunately, I can't do this unilaterally. Write your Congressional Representative about changing the ITAR. Proposed solution #2: set up a "secure" mail server on csn.org itself. My idea is to have a filter program scan incoming mail for requests for crypto programs. The request would have to contain a statement that the requestor won't break the law, as well as the names of the files requested. If the mail scanning program is able to detect a valid destination for crypto software, it could then mail uuencoded or radix-64 encoded copies of the software requested in the message. Here is where I confess some ignorance and ask for help: How do I do this? Could someone send me source code for any automatic mail handling programs they have written for a Sun host, or perhaps point me at some good documentation? I could probably muddle through this in time, but I'm not to proud to accept a head start. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLXYgQj9nBjyFM+vFAQFccQQAo/zjyDzpsH0Ik1pGI6D+0ST8M7I84TYe /O9rqZRc4HpX5N4htPML9dm6+RrJoNzm9vXvxqhdptAB1nxzkRJgnVpTtH9nhFAM 6hX5k52H2t4Htq5diuAtk31CQG8t0GzA7iJ1qVhqwMG/pgoddRoX+cyVd5rdzX9j TN5+NZYugbU= =nSyZ -----END PGP SIGNATURE----- From sergey at delbruck.pharm.sunysb.edu Thu Mar 3 19:01:22 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Thu, 3 Mar 94 19:01:22 PST Subject: Standard for Stenography? In-Reply-To: <9403040134.AA15184@anchor.ho.att.com> Message-ID: On Thu, 3 Mar 1994 wcs at anchor.ho.att.com wrote: > Sergey writes: > > I have often heard it said that one should always assume that one's > > opponent knows everything except one's secret key. To me, this makes no > > sense! If your opponent is good enough and determined enough to get by > > all the layers of obscurity you may have put up, than its just one more > > step to getting your secret key. > > If your cryptography methods are good enough to withstand an > opponent who has full documentation of your algorithms and methods, > lots of funds, and everything except your keys, then you don't > need to waste your time with all the other stuff. And if you can't > protect a couple of keys, it doesn't really matter how much other > security you have. I have never heard a serious, reputable claim about the unbreakablity of an algorithm. Any newbie that dares to pretend otherwise is promptly referred to the example of the NSA. The biggest single purchaser of computer hardware, and employer of mathematicians. Dozens of years ahead of public research and all classified. The point is, that in the real world, we'll never know if our algorithms are "good enough to withstand an opponent who has full documentation of your algorithms and methods lots of funds, and everything except your keys." This opponent need not be the NSA, per se, BTW. With "lots of funds" they may have access to at least some of the NSA's findings. And, who knows, the NSA may regularly hire its services out to the highest bidder. You may trust your encryption alone, but if it ever comes to that, I'll hide any sensitive information I may have every way I can. > security-by-obscurity is a naive waste of time, I still don't see why. > obscurity-by-obscurity is hard to argue against real clearly :-) > On the other hand, if your cyphertext looks like random bits anyway, > it doesn't take a lot to make them invisible. It certainly lookss like it takes a lot! The Mimic function seems, to me, to be the only effective practical steganography application. Most of the rest of the informed members of this group seem to be debating the relative visibility/invisibility of their respective systems. > The real need is to make your data look like Somebody Else's Problem.... Here's to somebody elese's problems! > Bill > Sergey From sergey at delbruck.pharm.sunysb.edu Thu Mar 3 19:14:29 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Thu, 3 Mar 94 19:14:29 PST Subject: Standard for Steganography In-Reply-To: <9403040109.AA14831@anchor.ho.att.com> Message-ID: On Thu, 3 Mar 1994 wcs at anchor.ho.att.com wrote: > Jef Poskanzer writes: > > The problem is the length field - you've got to have it, and it's > > recognizeable because it begins with a run of 0s. [several hiding > > approaches.] > Actually, you don't really need it, at least for PGP. PGP messages keep > track of how much real stuff the message has, and ought to be able to > do the right thing if there's extra stuff at the end; I'd guess that > Stealth-PGP can do the same. I realize PGP isn't the only thing people > will want to hide, but most things need hiding have enough structure > to them thatpadding wiht garbage at the end is no problem. > > On the other hand, if you do have a length field, you do have to > do something reasonable with it, and just putting it at the beginning > makes it difficult to do other stuff with the stego program, > like inserting text bitplanes into a picture.... > > Bill > Sorry to have to bring this up, but... As some of the newbies have pointed out, in previous messages on this thread: The length field, or any standard-length header scattered (standardly :) through the beginning of the file will cost one no loss in security if it is encrypted. The encryption could easily be standardized via a public-key based algorithm like PGP. The stego-program could be kept simple by meerly having it call PGP to do the header-encryption work. Sergey From rishab at dxm.ernet.in Thu Mar 3 21:55:47 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 3 Mar 94 21:55:47 PST Subject: Right to vote Message-ID: There has been some discussion over the last week about what is a 'right', and whether the right to vote is a right or not, as the basis is a ruling by the Supreme Court. However there seems to be strong support for the right to vote in several amendments. Apart from the lenthy 12th amendment describing the process of electing Presidents and Vice-Presidents, there are: Amendment XV (1870) Section 1. THE RIGHT OF CITIZENS OF THE UNITED STATES TO VOTE shall not be denied or abridged by the United States or by any state on account of race, color, or previous condition of servitude. Amendment XIX (1920) THE RIGHT OF CITIZENS OF THE UNITED STATES TO VOTE shall not be denied or abridged by the United States or by any state on account of sex. Amendment XXIV (1964) Section 1. THE RIGHT OF CITIZENS OF THE UNITED STATES TO VOTE in any primary or other election for President or Vice President, for electors for President or Vice President, or for Senator or Representative in Congress, shall not be denied or abridged by the United States or any state by reason of failure to pay any poll tax or other tax. Amendment XXVI (1971) Section 1. THE RIGHT OF CITIZENS OF THE UNITED STATES, who are 18 years of age or older, TO VOTE, shall not be denied or abridged by the United States or any state on account of age. Note: ele tronic versions of the US and other constitutions are available through gopher, or ftp at wiretap.spies.com, Gov/World. Many international treaties and other UN and government documents are under the Gov/ directory. ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ----------------------------------------------------------------------- From rarachel at prism.poly.edu Thu Mar 3 22:28:45 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 3 Mar 94 22:28:45 PST Subject: PC Expo, Mac World, Comdex, etc.. In-Reply-To: <9403040535.AA21606@ nextsrv.cas.muohio.EDU > Message-ID: <9403040616.AA00778@prism.poly.edu> Absolutely. A Mac version would be great. (My main machine is a Mac but keep in mind that unless we target Mac World Expo, 99% of the atendees will be PC folks.) Actually if you do your stack any time soon, please send it my way so I can "port" it to the PC somehow. (Probably, just by grabbing pictures and stuff...) BTW: Speaking of vapor ware, I'm making some progress with the SecureDrive like thing for the Mac.... I feel like I'm walking through molasses when reading about the extents file in Inside Mac, but I'll eventually have it sink in my brain and get something to work. (Incase you aren't familiar with SecureDrive, it's a device driver that automatically encrypts a whole partition.) The driver I'm working on will use a file to store the encrypted volume on. Once the drive is mounted anything stored on it is secured. I'm going to leave the crypto code open. I'll probably provide a module for DES and IDEA, and leave some open specs so others can write their own modules and stuff. I'd encourage others to use these modules in other software that they'll write... They're basically stand alone code. I haven't decided if the crypt modules will be just code resources or INITs with Gestalt selectors installed. Depends on how feasable the stuff is with drivers... Anyhow, enough on vaporware. Two things to add to the Mac version of this disk: Curve Crypt, and Mac PGP. If you know of any other Mac stuff to throw in, please do so. I strongly sugggest we use 1.44Mb disk since Apple is braindamagedly trying to push new drives that won't support the old 800K GCR disks. :-( HELP REQUEST: If anyone knows how to read a file off a Mac HFS volume using sector reads/writes or knows of sample code (C, Pascal, Basic,68000, etc.) please send it my way. Basically I need to figure out where a file lives in terms of sectors and blocks. Hint: you can't call FSRead/FSWrite from a disk device driver because the file read/write routines are non-reentrant. From rarachel at prism.poly.edu Thu Mar 3 22:37:27 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 3 Mar 94 22:37:27 PST Subject: PC Expo, Mac World, Comdex, etc... (fwd) Message-ID: <9403040625.AA14688@prism.poly.edu> Forwarded message: From mpjohnso at nyx10.cs.du.edu Thu Mar 3 22:41:04 1994 From: mpjohnso at nyx10.cs.du.edu (Michael Johnson) Date: Thu, 3 Mar 94 22:41:04 PST Subject: Export of "Top Secret Data Encryption Techniques" Message-ID: <9403040639.AA28140@nyx10.cs.du.edu> > >Has anyone heard of this book [_Top_Secret_ - Data Encryption Techniques] and ... > One interesting feature of the books I looked at was that one of them > came with a floppy disk with code on it. I didn't notice anything > on the first few pages about "Not for export" or a mention that > the government treats crypto as munitions that need special permits > to export - I assume the authors are unaware of this, or that the > NSA doesn't really care about this level of crypto any more than > they care about rot-13 being exported :-) - but you'd think the > publishers would notice.... I was curious about that, too, but found out that the NSA declared it to be exportable. Note that there is no requirement that exportable crypto be marked as such. I've looked at the stuff in the book, and determined that I could probably crack most of it if I cared enough and had a fast computer. I also found that the author made a mistake in implementation that could cause some messages to not decrypt even if you have the right key, if you have a different brand of math coprocessor than the sender had. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| From hfinney at shell.portal.com Thu Mar 3 22:56:55 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 3 Mar 94 22:56:55 PST Subject: Security through Obscurity Message-ID: <199403040657.WAA02068@jobe.shell.portal.com> Security through Obscurity Here's my view of the problems with the security through obscurity approach. First I'll discuss encryption, then steganography. I use StO to mean "Security through Obscurity". It's true that obscurity can't hurt and might help. If you can not only keep your key secret, but your algorithm as well, then the attacker will have a much harder time breaking your encryption. And traditionally this has been done. I understand that much of the work in breaking the codes during WWII was involved in finding out the algorithm; once that was done then finding the keys was a considerably smaller problem. I think the the "No StO" maxim refers to a design methodology for the creation of cryptographic algorithms. In this technique, you divide the algorithm into those parts which must be kept secret, and those which don't have to be. The parts you keep secret you call the key, and you accept that you will have to take extreme measures to protect those secrets. The other parts are less protected. In other words, you conceptually draw a line between those parts which have to be protected at all costs, and those which don't. You then analyze the algorithm's strength on the assumption that the secret parts are kept secret. You also carry out the analysis on the assumption that the non-secret parts fall into enemy hands. In the end, an algorithm is judged on this basis. In the context of this design technique, StO would refer to the hope that the non-secret parts are also kept from enemy hands. While this may be desirable and beneficial, it breaks the rules of the method. The advantage of this method is that it allows you to do a clean cost versus benefit analysis. You calculate the cost in terms of what it takes to keep the keys secret, and you calculate the benefits in terms of how much security you gain if you keep the keys, and only the keys, secret. To also give credit for the additional security of keeping the non-key portions secret, you would also need to calculate the costs of keeping those parts secret. Since historically it has been very difficult to keep all parts of a cryptographic method secret, one has to consider these costs to be very high. Avoiding StO means avoiding falling into the trap of counting the benefits of keeping the non-key parts secret without counting the costs. In this light, there is no inherent violation of the NoStO principle in a cryptographic system which keeps the algorithm secret. It simply means that the algorithm has to be considered as secret as the key, and protected just as securely as the key is protected. In many circumstances this would be excessively costly but in some limited situations it may be practical. As long as you fully recognize that this line between the secret and the non-secret portions is drawn to put the algorithm on the "secret" side, you are properly avoiding StO. In the context of commercial or public-domain cryptographic algorithms, it is basically impossible to keep algorithms secret. That is why any cryptosystem of this nature which relies on a secret algorithm is scorned as violating the NoStO principle. It is generally not practical to expect to keep a secret which is made widely available. To sum up, obscurity is not bad. What is bad is to confuse obscurity with security. Now, in the context of steganography, we should make clear what problem we are trying to solve. There are several components to this problem, but I will focus just on the last step: hiding one bit pattern in another. Generally we do this by replacing some of the bits in the target data with bits from the data we are hiding. In encryption, the opponent's desire is to find out the original message. What is the opponent's desire in steganography? I feel it is to be able to prove or determine with some degree of certaintly that there is a hidden message. We use steganography in a context where sending such a message openly is for some reason undesirable. Hence our goal is to prevent the opponent from knowing that a message exists. A test, then, for the success of a steganographic technique is this: given some sampling of data items, half of which have embedded hidden messages, can the opponent guess which ones have such messages with better than 50% accuracy? If not, the steganography is fully successful. If he can do slightly better than 50%, it may still be useful depending on the situation. If he can guess with 100% accuracy, the steganography has failed and is totally worthless. Now, how does the NoStO maxim guide our attempts to evaluate steganographic algorithms? Again, the basic principle would be a need to separate that which would be kept secret from that which would be publicly known. Any system which relies on keeping secret some information which must be widely disseminated is not correctly accounting for costs when it touts its benefits. In the systems we have been discussing for a layered approach to stega- nography, the actual embedding step has no secret component. Rather, the message is first encrypted and possibly transformed in such a way that it is statistically identical to the bits which it is replacing. The actual steganographic step simply does the replacement. In this layered approach, there is no provision for key information to be used in steganography. Rather, the receiver of the message has only publicly available data. This means that when we "draw our line" we exclude nothing from the knowledge of our opponent. In counting the benefits of the steganographic algorithm we assume that the opponent will use exactly the same technique to de-steganize the message as our intended recipient will. Therefore, we are forced to assume that the opponent can successfully extract the hidden message. Now, the question that he must still answer is, is this in fact a message or is it just random noise? In order to meet the goal above of making such a guess impossible with better than 50-50 chances, it follows that the message must appear identical to random noise. Any pattern in the message, such as a plaintext header, will make the steganography useless. This is also why proposals to scramble or permute the bits as they go into the data, or to use a special offset instead of the beginning of the data (then wrapping the bits around when we come to the end) do not fundamentally help the situation. By the basic premise above, we assume that the opponent will be able to undo such artifices just as the intended recipient will. This way, again, we count our costs and benefits on fair grounds. Now, it is true that this is assuming that there is no "key" information used in the steganography. The NoStO principle would lead us to investigate keyed steganography, where the receiver has specific secret information which the opponent would not have. But if we are going to do this, we have to accept the costs. That key must be kept just as secret as the keys in an encryption system. We can't just let it be something obscure like a checksum based on a public key, information which the opponent will have as well. It has to be *secret*. That is what NoStO tells us. If we want the benefit of a key, we have to pay the cost. It's not clear whether keyed steganography has any benefits over the unkeyed system discussed above which is used as part of a chain which includes (presumably keyed!) encryption. It would seem that the stego would still have to match the statistics of the bits being replaced, and if you can do that then the unkeyed approach would work. But perhaps there are useful solutions along these lines. The important point, again, is that if you want a secret, you have to keep it secret. Looking at the advantages of a system which benefits if some information is withheld from the opponent without calculating the costs of actually keeping that information secret is the foolhardy behavior which the NoStO principle warns against. Hal Finney hfinney at shell.portal.com From rishab at dxm.ernet.in Thu Mar 3 23:12:53 1994 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Thu, 3 Mar 94 23:12:53 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: <9403020433.AA16707@prism.poly.edu> Message-ID: rarachel at prism.poly.edu (Arsen Ray Arachelian) writes: > Perhaps having a usenet news group for encoded mail might be better. > Something where everyone can occasionally either send a PGP'ed message > with the subject being an encoded version of the receipient's name, > or with just random junk that's PGP'ed... This would create enough > traffic to be able to hide messages in. Have you looked at alt.anonymous? I haven't, but the description on one list says it's on encrypted messages to unknown recipients. Like the blind mailing list thing - everyone gets everything, and only what was intended for you will decrypt with your key. ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ----------------------------------------------------------------------- From karn at qualcomm.com Thu Mar 3 23:33:27 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 3 Mar 94 23:33:27 PST Subject: Export of "Top Secret Data Encryption Techniques" In-Reply-To: <9403040639.AA28140@nyx10.cs.du.edu> Message-ID: <199403040733.XAA02834@servo.qualcomm.com> Speaking of the exportability of cryptography textbooks, I've filed a 15-day Commodity Jurisdiction Request with the State Dept for Bruce Schneier's book "Applied Cryptography". No official response yet, though I did get a phone call from an amused Commerce Dept engineer who wanted me to know how much they enjoyed my filing (I did have fun with some of the sections). Phil From rarachel at prism.poly.edu Thu Mar 3 23:46:07 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 3 Mar 94 23:46:07 PST Subject: Insecurity of public key crypto #1 (reply to Mandl) In-Reply-To: Message-ID: <9403040731.AA02331@prism.poly.edu> > Have you looked at alt.anonymous? > I haven't, but the description on one list says it's on encrypted messages to > unknown recipients. Like the blind mailing list thing - everyone gets > everything, and only what was intended for you will decrypt with your key. I haven't either. :-) I don't like the idea of a blind mailing list as it is hard to filter it. I already have enough problems just with reading cypherpunks, and the way I've solved it is via two accounts. One for cypherpunks mail and the other for normal private email. Addinmg any sort of extra noise would make things much harder. It would be nice if I could use a new mailer that automated the filtering process and presented several folders (personal, cypherpunks, blind-mail) and knew how to filter blind mail to pick up only mail intended for me, and automatically be able to handle message signing, posting to the blind list, etc. Message signing/verifying isn't a simple issue when you're dialing up a unix box and using its mail program. Unfortunatly, SLIP access is not given so I can't use a mailer on my own end to help automate this a bit. Storing a private key in my unix account is a bad idea. There have been plenty of break ins to the machines I use, luckily I haven't had my accounts screwed with (or if they're compromised, nobody fucked with my mail...) :-) But actually having a news group and a few automated junk mailers post to that to foil traffic analysys is needed... From phantom at u.washington.edu Fri Mar 4 00:07:41 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 4 Mar 94 00:07:41 PST Subject: Big Brother Inside pays off Message-ID: I got a call this afternoon from Paul Andrews at the Seattle Times, wanting to ask me a few questions. After playing phone tag for an hour or so, we got connected. We discussed cypherpunks, steganography, and clipper. He seemed to have a good handle on how scary the clipper (and tessera) recommendations were. I was able to supply him with a little more information (contact #s) and answer some questions he had. His article will be in this sundays' Seattle Times, but it sounds like he may be gearing up to write another. In any case, I'm going to keep in touch. It looks like someone in the downtown area had the big brother inside logo on their windows desktop screen and _that_ is what caught his attention. I'm glad it served the purpose it was meant for -- catching people's attention and making them think. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From ian at geography.leeds.ac.uk Fri Mar 4 01:42:17 1994 From: ian at geography.leeds.ac.uk (Ian Turton) Date: Fri, 4 Mar 94 01:42:17 PST Subject: UK wants to end right to silence Message-ID: <12660.9403040943@geography.leeds.ac.uk> > > I just saw some very disturbing news in a programme (Reportage) on BBC > World Service TV. Apparently there are moves by the Government in Britain > to REPEAL THE RIGHT TO SILENCE. So far, as in the US (5th amend.) if arrested > in Britain you have the right to remain silent but if you wish to say anything > it may be used as evidence against you. Well close - note UK != Britain and even Britain doesn't have an all encompassing legal system. 1) The right to silence has already gone in Northern Ireland (part of the UK) along with jury trial (for terorist trails). The Govt plans to include this provision in the latest Criminal Justice Bill which is certainly for England and Wales but might not affect Scotland (I'm not sure, most of Scots law is different). 2) The right to silence at present means I don't have to say anything when arrested and the prosecution can not mention this to the court even if I come up with some plausible alibi when the case comes to trial. 3) The planned change is to allow the prosecution to mention this silence to the court and allow the jury to draw their own inferences, so the defence that I didn't trust the police not to frame me if I said anything may still be valid (more so if I have an Irish accent). It will still be impossible (well really hard) to convict someone simply because they stayed silent. > > The Government want to repeal the right to silence, obliging those arrested to > give an account AT THE 'SCENE OF CRIME'. A refusal to speak will be taken > as an indication of guilt. not quite - there is some doubt that any jury will believe that the questions where asked at the scene of the crime rather than in the police station infront of a double tape recorder. It is at present an arrestable offence to refuse to give police officers certain information when they ask this includes at least your name and address (there may be more but that was enough for them last time I didn't talk to the police). But in general I doubt that this will work. > > The defendent will also have to give witness in court, even if attorneys > believe that the witness or manner of giving it may be detrimental to the > defendents case. Even the judiciary are upset at this proposal and it is unlikely to make it through to law, especially considering the way the House of Lords have taken the Police and Magistrates Bill (a related bill) to pieces this month. The judges are upset since they will have to ask the defendant questions and are not at alll sure what they can do if he refuses to answer. > > Of course, libertarians are strongly against this, etc. But that it could > come about at all in Britain, is an indication of the powerful backlash of > the Right, whether with "Back to basics," "Family values," capital punishment > (in the US), or other reactions to crime that are nothing short of extremist, > however widespread "social decay" may be perceived to be by a generation that > can't understand the society to come. Ah well they say we must get tough on terrorists (and remember that unlike the US we have terrorists in the UK) and while we're at it we will catch more criminals, which is the best way to measure police efficiency, and any way if you're inoccent you've nothing to fear. > ----------------------------------------------------------------------- > Rishab Aiyer Ghosh "What is civilisation > rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic > Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" > H-34C Saket New Delhi 110017 INDIA > ----------------------------------------------------------------------- > all in all its bad but the general public love the idea and they have the votes :-( Ian Turton - School of Geography, Leeds University 0532 -333309 From sergey at delbruck.pharm.sunysb.edu Fri Mar 4 01:48:29 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Fri, 4 Mar 94 01:48:29 PST Subject: Security through Obscurity In-Reply-To: <199403040657.WAA02068@jobe.shell.portal.com> Message-ID: On Thu, 3 Mar 1994, Hal wrote: > Security through Obscurity > Thank you for a very enlightening post, Hal. Just a couple of comments: > To sum up, obscurity is not bad. What is bad is to confuse obscurity > with security. If I have understood you correctly, there is nothing wrong with equating obscurity with a practical, albeit temporary, increase in security. Equating obscurity with ultimate security is a mistake. As is equating a "strong" algorithm with ultimate security. > In encryption, the opponent's desire is to find out the original message. > What is the opponent's desire in steganography? I feel it is to be able > to prove or determine with some degree of certaintly that there is a > hidden message. We use steganography in a context where sending such a > message openly is for some reason undesirable. Hence our goal is to > prevent the opponent from knowing that a message exists. I would like to propose that there is a goal, in addition to those you have revealed, for the opponent as well as the legitimate user of steganography. The opponent would, ideally, wish to not only determine that there is a message within the data; in addition, he would prefer to be able to extract that message for analysis. Therefore, I believe that it would be to the advantage of the stego-user to not only hide the existence of his message, but to do so in such a way that the cost of successfully extracting that message, by his opponent, is maximized. > A test, then, for the success of a steganographic technique is this: > given some sampling of data items, half of which have embedded hidden > messages, can the opponent guess which ones have such messages with > better than 50% accuracy? If not, the steganography is fully successful. > If he can do slightly better than 50%, it may still be useful depending > on the situation. If he can guess with 100% accuracy, the steganography > has failed and is totally worthless. If one accepts the additional goal proposed above, the value of an extra test is obvious. This test may consist of an attempt at message extraction, as per your guidelines. > Now, it is true that this is assuming that there is no "key" information > used in the steganography. The NoStO principle would lead us to > investigate keyed steganography, where the receiver has specific secret > information which the opponent would not have. But if we are going to > do this, we have to accept the costs. That key must be kept just as > secret as the keys in an encryption system. We can't just let it be > something obscure like a checksum based on a public key, information which > the opponent will have as well. It has to be *secret*. That is what > NoStO tells us. If we want the benefit of a key, we have to pay the cost. I have to take exception with the assertions made in this paragraph. Using the principles of public-key systems, the steganography key itself does not have to be kept secret. The sender, reciever, and indeed the opponent would all have access to this key without compromising the security of the system. The challenge, for the opponent, lies in figuring out which public-key the sender has used. I have no statistics on exactly how difficult this challenge would prove; but, considering the number of public-keys currently availiable and projecting several years into the future, the challenge may be a very significant one. The benefits of using offsets, in general, are clear (assuming one accepts the additional (and essential, I believe) function of steganagraphy programs, outlined above). The method I proposed for calculating the default offset from the checksum-value of the reciever's public-key was intended to provide a practical increase in security over defaulting to no offset (or a constant offset). For maximum security, a completely non-standard offset is called for. > Hal Finney > hfinney at shell.portal.com Thanks for your input yet again, Hal. Sergey From jeremy at crl.com Fri Mar 4 02:01:47 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Fri, 4 Mar 94 02:01:47 PST Subject: Stegonography In-Reply-To: <9403020432.AA11900@bsu-cs.bsu.edu> Message-ID: On Tue, 1 Mar 1994, Anonymous wrote: > There's been a lot of discussion lately about trying to make stego files > not have any identifying marks, so that usage of stego would be > indistinguishiable from noise. A more effective option might be to > insert obvious (or somewhat obvious) stego messages in lots of graphics. > Take every graphic file you own and hide something in it with a stego > program. Put PGP messages in them (even including the obvious ---- > BEGIN PGP MESSAGE ---- headers). Or a BBS ad. Or just cute little > messages. Then distribute the files that way. Hopefully, people will > take these images and pass them on without ever knowing there was stuff > in them. If enuff people do this, graphics will become so "polluted" > with stego messages that your truly secret PGP messages will be hidden > in plain sight along with all the other graphic files full of stuff, and > won't stand out. Plus, you could plausably deny having put it there, > claiming that it must have been that way when you got it, and that you > didn't know it was there. > This goes along one of the more cute ways of annoying any snooper on your lines. If you periodically send noise over a suspicious line, you will give the people who are trying to monitor you a great headache. This is one of the tactics that you can use to foil any attempts to crack your communications. Then again, wouldn't it be weird if the noise you sent over actually decrypted into something intelligible? This says something about 'noise'. I know that it takes an incredible amount of mathematics to prove, but there must be a way to separate what is truly random noise, from that which appears to be. The calculations to crack this are probably more expensive than the information it contains, so it is hence uneconomical. But still, it makes me wonder. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From cpsr at access.digex.net Fri Mar 4 02:05:34 1994 From: cpsr at access.digex.net (Dave Banisar) Date: Fri, 4 Mar 94 02:05:34 PST Subject: Guardian Article on Clipper Message-ID: <9403040509.AA13710@Hacker2.cpsr.digex.net> The Guardian (UK) March 3, 1994, Page 17 Are These Men A Threat To Free Speech? US law enforcement agencies want to decode 'secret' electronic mail, prompting a furious row about citizens' rights by Mike Holderness With modern communications systems you can send letters, orders and memos around the world in minutes. But you don't want your competitors, or their governments, siphoning the details of your bid for that dam contract in the Far East out of the Internet. So what do you do? And when you receive an electronic message announcing you've won the deal, how do you know it's genuine? It's possible to fake electronic mail: you must worry about the possibilities for creative industrial espionage this opens up. Then again, you might be a Cabinet minister, setting up a meeting with your boyfriend on the mobile phone. Wouldn't it be good to know that no one could tap the message? The answer to all these problems lies in encryption technology. The solution the US government proposed earlier this month, however, has generated a furious row in the on-line world about government interference in citizens' right to communicate in private. The disturbing implications for people outside the US have gone largely unremarked. Computer programs that can do practically unbreakable encryption are available to the public in the US and elsewhere. One, named PGP for Pretty Good Privacy, is increasingly used to authenticate electronic messages (Computer Guardian, November 25, 1993). It can encrypt the whole message, or send the main text "in clear", followed by an encrypted block containing a mathematical "fingerprint" of the message and the sender's name and address. The program can thus verify whether a signature belongs to the purported sender and whether the message arrives as it left. This worries law-enforcement agencies. What if drug dealers and terrorists start using unbreakable encryption? The US government's Key Escrow Encryption system - commonly known by its working title, Clipper - is its answer. Clipper uses an encryption chip suitable for building into a mobile phone or a modem. Its method of encryption, developed by the US National Security Agency (NSA), depends on "keys" - codes used mathematically to mangle the text or speech. The recipient can only get the original back if they have the key and can use it to un-mangle - decrypt - the message. PGP depends on a "public-key" system. Users sending signed messages encrypt the signature with keys known only to them. They also issue public keys, which are mathematically derived from the private key, and allow anyone to verify the signature. If someone sends them a message encrypted with their public key, only the private key will extract it. By contrast, each Clipper chip will have an encryption key built in. When the chip is manufactured, two parts of the key will be lodged with two separate US government agencies. (In legal jargon, this is like "holding the keys in escrow".) A secret "super-key" allows law enforcement agencies to retrieve the serial number of the chip used on the link they're tapping. Under US guidelines released last month, if a law enforcement agency wants to eavesdrop on encrypted communications it should send details of a search warrant to the agencies holding the key components. This is a red rag to the inhabitants of Internet discussion forums, the world's largest functioning anarchy. There, discussions of the right (under the First Amendment to the Constitution) to unrestricted free speech can and do slip effortlessly into the belief that, as one participant put it, "The people must be allowed to discuss anything, including revolution." According to Brian Yoder, president of California company Networxx, "The US Constitution doesn't grant the government the power to maintain this kind of surveillance capability over the population. Period. The assumption is that anything that enhances the ability of the police to catch criminals is OK, but that is not what the Constitution says, and that's not the kind of country I want to live in." Cryptology specialist Dr Dorothy Denning at Georgetown University was part of a team reviewing the NSA's design process. She points out that Clipper "will not make it any easier to tap phones, let alone computer networks. All it will do is make it possible to decrypt communications that are encrypted with the standard, assuming the communications are not super-encrypted with something else. Law enforcers still need to get a court order." But who trusts the NSA? The Clipper design is secret. Many assume the Agency has built in a "trap-door" allowing it to break encryption without the keys. No one has proposed making non-Clipper encryption illegal, but the US government clearly hopes to establish it as an industry standard. For example, while it's usually illegal to export any form of encryption technology from the US, it will be legal to export Clipper. However, non-US companies using it to protect their communications will have to live with the uneasy knowledge that the NSA could be listening in - and the NSA, like its UK sibling organisation GCHQ in Cheltenham, has a long history of intercepting foreign commercial messages for the benefit of home companies. (GCHQ declined to say whether it had been involved in any discussions over Clipper.) The protests have started. A petition organised by Computer Professionals for Social Responsibility against Clipper, and in favour of a Bill to permit export of competing encryption systems, gathered more than 20,000 electronic signatures in its first two weeks. Wired magazine has proclaimed, "This is a pivotal moment in history", accusing "the Clinton-Gore administration" of "attempting a stealth strike on our rights". It has asked readers to sign the CPSR petition and "call or write your Congressional representatives and let them know how you feel." Encryption and authentication are important for much more than the privacy of the frequently obscure or banal discussions on the Internet. Medical and financial records are now commonly held on computers, and a growing proportion of business transactions take place on-line. Cyberspace is where your money is. For private communications, Emma Nicholson MP takes a relaxed view: "In communicating, we should start from a belief that everyone listens to everything. Gossip is what makes the world go round. I have very few secrets. I would be deeply concerned if a device were marketed that could stop interception - I would support the FBI completely." Computer-law barrister Alistair Kelman, however, believes any attempt to enforce the Clipper chip as a worldwide standard would meet stiff opposition. The European Commission could be expected to object that it fell foul of Treaty of Rome provisions against misuse of a dominant position. "If you want to have a world standard for encryption, fine," Kelman said, but the EC could respond, "Let's get together and settle on something that meets our requirements as well." From jpp at markv.com Fri Mar 4 02:13:16 1994 From: jpp at markv.com (jpp at markv.com) Date: Fri, 4 Mar 94 02:13:16 PST Subject: reply-to feeds an anon pool, jpp=pr0duct=cypher Message-ID: <9403040212.aa01433@hermix.markv.com> I have built an 'easy anonymous reply' program. You can now use reply-to addresses of the form jpp=0x123456 at markv.com, where 0x123456 is a public key id. The obvious advantages are 'easy' reply-to's, no stored return address of any kind, and automatic encryption. The obvious disadvantages are the need to scan through alt.test for messages, that I have a list of all the 'bad' folks out there who want anonymous addresses (though it is not clear how terible it is for me to have a list of their public keys), and that I keep logs of the mail messages. My logs will be kept until I am sure the stuff works, and then I will junk'em. So encrypt, and use remailers if you need to -- I won't try to stop a government search of my disk. As a 'prop' to Pr0duct Cypher, I have a special hack that will send mail addressed to jpp=pr0duct=cypher at markv.com to alt.test encrypted with that famous CypherPunk's public key. (And as a courtesy to you all, I allow you to spell the address in any case, and with the letter oh instead of the digit 0 if you want.) I might sell similar addresses for digicash -- send me mail with a bid if you are interested. Below is the help file you would get if you mailed to jpp=poolhelp at markv.com. Try it out... Jay Prime Positive's mail pool service. If you send mail to jpp=0x123456 at markv.com, my program will look up the key matching 0x123456 on my 'pool' key ring. If it finds a matching key, it will encrypt the whole message (including headers) with that key. Then it will post the result to alt.test with a subject line matching 'Ignore 0x123456 blah blah blah' where blah blah blah is the key's 'identifier.' My mail program will be run for any address which begins jpp=0x, so you can only use PGP keyid's. As a result, my program won't let you use a key if the key id is already in use. See below. To add a key to the 'pool' key ring, send mail to jpp=poolnew, the body of the message should contain the public key in pgp format. If the key has a 0x123456 key id which is the same as a key already on the keyring, my program will send a message by reply mail, and post a message to alt.test, which has a subject 'Ignore jpp=poolnew key already in use', and a body mentioning the key clash. It will also post using the clashed with key, the same thing, encrypted for the 'legitamite' user of that key with all your mail information, so that they can talk to you about the problem. I will reward you if you can show me that you have managed to 'steal' a 0x123456 key id -- if you can get yours added to my 'pool' keyring, even though there is already one there. I will reward you more highly if you tell me how to fix the problem. To remove your key from the keyring, send a signed message (in simple english, spanish, or esperanto) asking me to remove your key. Send the mail to jpp=poolmaster at markv.com. For any other request, send mail to jpp=poolmaster at markv.com (in english, or very simple spanish or esperanto). If you want to improve this help message, send a copy to jpp=poolmaster at markv.com, and I will (probably) replace this message with yours. For now, and untill I am sure this code is debuged, I will keep comprehensive logs of the running of my code. Use remailers, and encryption as you think apropriate. All bets are off until I announce this service as operational -- all service you get before that date is accidental (on my part). j' -- O I am Jay Prime Positive jpp at markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org From gtoal at an-teallach.com Fri Mar 4 03:33:29 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 4 Mar 94 03:33:29 PST Subject: How to do encrypted telnet without being root (tutorial, includes src) Message-ID: <199403041131.LAA06991@an-teallach.com> People have been talking about encrypted telnets for ages, but I still haven't seen one I can easily use. And most suggestions would actually require a sysadmin to install a special telnet daemon. Here's a suggestion for how to do encrypted telnet sessions *without* any system code. It's quite simple - there's a process called 'remote' which sits between your keyboard/screen and the actual machine you're using. Very much like the way the 'script' program works, or perhaps 'screen' (though the latter is much much more complex than script). 'remote' encrypts all screen output. Next, there's a program called 'local'; you run local on your directly- connected local host. Normally local is transparent, and works again pretty much like 'script' (except of course there's no logging :-) ); however when local sees a certain magic string has been printed, it then assumes the data following will be encrypted, and it decrypts everything that's sent to your screen. (This 'in band' data is a little unclean, but it's what makes the whole scheme possible in user-level code) Actually it's *slightly* more complicated than this; when local sees the magic string, it starts up a conversation with whatever it's running on top of, and does some sort of key exchange to use with the encryption. (This conversation works by looking at the data that would otherwise be sent to the screen, and replying by simulating data as if it had been typed) I took two hours last night to actually hack up a version of these programs - the hack uses rot13 as its encryption method, and the key exchange is completely bogus. But it does show the method in action, and it wouldn't take much to adapt this to use a real encryption function. Left as the proverbial exercise for the reader. So, in summary... % local % telnet remotehost # (one that lets you log in with a 1-time password?) % remote Here's an actual log of such a session. I run the remote program first just to show you that the encryption does something - the process is so transparent that you might not follow it otherwise :-) Anyway, the point of this mechanism is that - like pgp - it is *user* code that you can take with you anywhere; you don't need the co-operation of the sys admins at each pair of sites you use. If anyone wants to take this ball and run with it to produce something that's a little more secure than rot13, be my guest. The only copyright here is the Berkeley one attached to the original 'script' source. Once you've got the idea, you might consider rewriting that bit from scratch too. G Script started on Fri Mar 4 10:44:32 1994 suilven% cd src/utel suilven% ./remote | Start encrypted session REMOTE: Asking local to start an encrypted session | [%MAGIC-PGP-START-SESSION%] | Expects a typed actually this stuff doesnt matter | key-exchange [%I-REPLY%] | wibble-wobble/actually this stuff doesnt matter | - this is clearly [%WHAT-DO-YOU-SAY?%] | a dummy exchange nothing really | [%FAIR-ENOUGH-ANYTHING-ELSE?%] | this is a dummy key exchange | [%THANK-YOU%] | fhvyira% cjq | % pwd /hfe/ubzr/tgbny/fep/hgry | fhvyira% | ^D [%ZNTVP-CTC-RAQ-FRFFVBA%] | 'end of session' message suilven% suilven% ./local LOCAL: I'll switch to encrypted mode when someone talks to me! suilven% telnet localhost Trying 127.0.0.1... Connected to localhost.an-teallach.com. Escape character is '^]'. BSDI BSD/386 1.0 (suilven.an-teallach.com) (ttyp8) | We're now running | over a telnet link login: gtoal Password: BSDI BSD/386 1.0 Kernel #6: Wed Oct 6 11:42:35 GMT 1993 pgp password: suilven% cd src/utel suilven% ./remote | start encryptor, do REMOTE: Asking local to start an encrypted session | key exchange (hidden) [%MAGIC-PGP-START-SESSION%] | local notices this rune suilven% echo Not obvious, but this is an encrypted telnet... Not obvious, but this is an encrypted telnet... suilven% | ^D, end encryption [%MAGIC-PGP-END-SESSION%] | local spots this magic suilven% logout | string and stops decrypt Connection closed by foreign host. | now a ^D to end local suilven% LOCAL: Done. (I won't be looking for encrypted output any more...) suilven% Script done on Fri Mar 4 10:46:24 1994 And for your edification, here's the code. (bsd systems only - tested on BSDI and 386BSD) *BIG NOTE*... there are (ahem) one or two rather hacky bits in here. As I said, it was a two-hour hack just to prove the point that code like this can be written easily and it doesn't take a systems manager to install it. (Also, being code you compile yourself, you might trust it a little more). Noticably the rot13 encryption neatly allows me to avoid problems sending binary data. Doing this for real, your output to screen/read from output stream code should encode each encrypted byte as two hexascii bytes for portability; also a few newlines here and there to keep the buffers flushed wouldn't hurt. And there's a *filthy* piece of code to do keyboard stuffing in here. This is *not* how you'd do it in a production program. A security hole a mile wide. I couldn't be bothered learning how to do internal pipes for this quick proof-of-concept hack, so I used a file in /tmp to communicate through... *BIG NOTE #2* This only does screen output; keyboard input is also left as a trivial exercise to the reader... # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # Makefile # local.c # remote.c # echo x - Makefile sed 's/^X//' >Makefile << 'END-of-Makefile' Xall: remote local X echo All up to date X Xremote: remote.c X cc -o remote remote.c X Xlocal: local.c X cc -o local local.c END-of-Makefile echo x - local.c sed 's/^X//' >local.c << 'END-of-local.c' X/* X This is a trivial (2 hour) hack to the 'script' command X to show the general principle involved in hacking up a user-level X encrypted telnet equivalent. This particular hack uses 'rot13' X as its 'encryption'; feel free to make it (ahem) more robust. X */ X X/* X X X +---------+ +----------+ +-------------------+ Xkeyboard---->| |----->| |----->|-\ | X | local | | remote | | | remote process | X vdu<----| |<-----| |<-----|-/ | X +---------+ ^ +----------+ +-------------------+ X | X | X This line may include a telnet session... X X*/ X X/* X * Copyright (c) 1980 Regents of the University of California. X * All rights reserved. X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that the following conditions X * are met: X * 1. Redistributions of source code must retain the above copyright X * notice, this list of conditions and the following disclaimer. X * 2. Redistributions in binary form must reproduce the above copyright X * notice, this list of conditions and the following disclaimer in the X * documentation and/or other materials provided with the distribution. X * 3. All advertising materials mentioning features or use of this software X * must display the following acknowledgement: X * This product includes software developed by the University of X * California, Berkeley and its contributors. X * 4. Neither the name of the University nor the names of its contributors X * may be used to endorse or promote products derived from this software X * without specific prior written permission. X * X * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X * SUCH DAMAGE. X */ X X#ifndef lint Xchar copyright[] = X"@(#) Copyright (c) 1980 Regents of the University of California.\n\ X All rights reserved.\n"; X#endif /* not lint */ X X#ifndef lint Xstatic char sccsid[] = "@(#)script.c 5.13 (Berkeley) 3/5/91"; X#endif /* not lint */ X X/* X * script X */ X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X Xchar *shell; Xint master; Xint slave; Xint child; Xint subchild; Xchar *fname; X Xstruct termios tt; Xstruct winsize win; Xint lb; Xint l; Xchar line[] = "/dev/ptyXX"; Xint aflg; X X Xstatic int debug = 0; X X#define NULLFILE "/dev/null" X#define LOGFILE "utel.log" X Xstatic int suppress_debug = (0!=0); X Xstatic void debugf(char *s, ...) { Xstatic int checked = 0; Xint string_length; XFILE *nullfile; XFILE *errfile; Xstatic char buff[256]; Xva_list ap; X if (checked == 0) { checked = 1; X /* Only want to log if logfile exists already... */ X errfile = fopen(LOGFILE, "r"); X suppress_debug = (errfile == NULL); X if (errfile != NULL) fclose(errfile); X } X X nullfile = fopen(NULLFILE, "w"); X if (nullfile == NULL) { X errfile = fopen(LOGFILE, "a"); X if (errfile != NULL) { X fprintf(errfile, "Major error - cannot open %s\n", NULLFILE); X fflush(errfile); X fclose(errfile); X } X exit(1); X } X X va_start(ap, s); X string_length = vfprintf(nullfile, s, ap); X if (string_length < 126) { X vsprintf(buff, s, ap); X } else { X sprintf(buff, "[%d char debugf string excised]\n", string_length); X } X va_end(ap); X X fclose(nullfile); X X if (suppress_debug) return; X errfile = fopen(LOGFILE, "a"); X if (errfile != NULL) { X fprintf(errfile, "%s", buff); X fflush(errfile); X fclose(errfile); X } X} X X X Xint session_started = (0!=0); X X#define STATE_SIZE 128 Xtypedef struct cypherstate { X char whatever[STATE_SIZE]; X long int byteno; X /* Add useful stuff here as need be... */ X} CYPHER_STATE; X Xvoid new_cypher(CYPHER_STATE *s) X{ X int i; X /* Random mockup code as a placeholder... */ X for (i = 0; i < STATE_SIZE; i++) { X s->whatever[i] = 0; X } X s->byteno = 0L; X} X X#define MAX_KEYLINELEN 4096 X/* Need to hack this to allow for errors... */ X Xstatic void getline(int masterfd, char *answer) X{ Xchar *s; Xint i; Xint rc; Xchar c; X i = 0; X s = answer; X for (;;) { X rc = read(masterfd, &c, 1); X if (rc != 1) continue; X if (c == '\r') continue; X if (c == '\n') break; X i += 1; X if (i == MAX_KEYLINELEN) { X fprintf(stderr, "Protocol failure - line too long\n"); X break; X } X *s++ = c; X } X *s = '\0'; X} X Xvoid expect(int masterfd, char *line) X{ Xstatic char answer[MAX_KEYLINELEN]; X answer[0] = '\0'; X getline(masterfd, answer); X debugf("Expect: Want '%s', Got '%s'\n", line, answer); X if (strcmp(line, answer) != 0) { X /*fprintf(stderr, "\r\nProtocol failure - wanted '%s' - got '%s'\r\n", X line, answer); X fflush(stderr);*/ X return; X } X /*fflush(stderr);*/ X} X Xvoid faketype(char *s) X{ X /* Ask out other half to send this text as if it had been typed. */ X FILE *hack; X debugf("faketype: sending '%s'\n", s); X hack = fopen("/tmp/typeme", "r"); X if (hack != NULL) { X char *ptr; X char tmp[128]; X fgets(tmp, 127, hack); X ptr = strchr(tmp, '\n'); X if (ptr != NULL) *ptr = '\n'; X fprintf(stderr, "Oops - last line (%s) not sent yet!\n", tmp); X fclose(hack); X return; X } X hack = fopen("/tmp/typeme.tmp", "w"); X if (hack == NULL) { X fprintf(stderr, "Can't faketype to /tmp/typeme\n"); X return; X } X fprintf(hack, "%s\n", s); X fclose(hack); X rename("/tmp/typeme.tmp", "/tmp/typeme"); X} X X/* This procedure is invoked at a random time in the middle X of a session of 'local' when the MAGIC-PGP-START-SESSION X string is recognised as just having been printed... */ Xvoid NEGOTIATE_SESSION_KEYS( X int masterfd, FILE *out, X CYPHER_STATE *outkey, CYPHER_STATE *inkey) X{ Xstatic char keyline[MAX_KEYLINELEN]; Xchar *ptr; X X new_cypher(outkey); X new_cypher(inkey); X /* Engage in a conversation with the program at the other X side to negotiate a session key. How you do this is X up to you. */ X faketype("Hello big boy!"); expect(masterfd, "Hello big boy!"); X /* At this point, the other half *must* poll the file and X send the data or we're in trouble */ X expect(masterfd, "[%I-REPLY%]"); X getline(masterfd, keyline); X expect(masterfd, "[%WHAT-DO-YOU-SAY?%]"); X faketype("Nice weather..."); expect(masterfd, "Nice weather..."); X expect(masterfd, "[%FAIR-ENOUGH-ANYTHING-ELSE?%]"); X faketype("Thank you for calling "); X expect(masterfd, "Thank you for calling "); X expect(masterfd, "[%THANK-YOU%]"); X session_started = (0==0); X} X XCYPHER_STATE outstate, instate; X Xchar rot13(char c) X{ Xreturn(isalpha(c) ? ((c > (islower(c) ? 'z' : 'Z')-13) ? c - 13 : c + 13) : c); X} X Xchar decrypt_stream_cypher(CYPHER_STATE *s, char byte) X{ X return(rot13(byte)); /* bwahahahaha! */ X} X Xvoid ENCRYPT_KEYBOARD_INPUT(char *buff, int count) X{ X /* First iteration - keyboard input in clear, X only screen output to be encrypted */ X} X Xvoid DECRYPT_SCREEN_OUTPUT(char *buff, int count) X{ X int i; X if (session_started) { X for (i = 0; i < count; i++) { X buff[i] = decrypt_stream_cypher(&outstate, buff[i]); X } X } X} X Xint scanfor_start(int masterfd, char c) X{ X#define MAGIC "[%MAGIC-PGP-START-SESSION%]" X#define MAGICLEN strlen(MAGIC) Xstatic char *buffer = NULL; Xstatic int nextfree = 0; X c &= 127; X if (c == 13) return(0!=0); X /* An expensive hack, but who cares... */ X if (buffer == NULL) { X buffer = malloc(MAGICLEN+1); X memset(buffer, ' ', MAGICLEN-1); X buffer[MAGICLEN] = '\0'; X } X if (c == '\n') { X if (memcmp(buffer, MAGIC, MAGICLEN) == 0) { X NEGOTIATE_SESSION_KEYS(masterfd, stdout, &outstate, &instate); X /*printf("LOCAL: starting session\r\n");*/ X return(0==0); X } X } X memmove(buffer, buffer+1, MAGICLEN-1); X buffer[MAGICLEN-1] = c; X#undef MAGIC X#undef MAGICLEN X return(0!=0); X} X Xvoid scanfor_end(int masterfd, char c) X{ X#define MAGIC "[%MAGIC-PGP-END-SESSION%]" X#define MAGICLEN strlen(MAGIC) Xstatic char *buffer = NULL; Xstatic int nextfree = 0; X c &= 127; X if (c == 13) return; X /* An expensive hack, but who cares... */ X if (buffer == NULL) { X buffer = malloc(MAGICLEN+1); X memset(buffer, ' ', MAGICLEN-1); X buffer[MAGICLEN] = '\0'; X } X if (c == '\n') { X if (memcmp(buffer, MAGIC, MAGICLEN) == 0) { X /*printf("LOCAL: starting session\r\n");*/ X session_started = (0!=0); X /* Go quiescent again. Maybe it would be better X to exit the local program entirely??? */ X } X } X memmove(buffer, buffer+1, MAGICLEN-1); X buffer[MAGICLEN-1] = c; X#undef MAGICLEN X#undef MAGIC X} X Xint filter_incoming_text(int masterfd, char *s, int len) X{ Xint i; Xint rc; X /* Watch the incoming stream for the magic string that X denotes the start of a key exchange; when it's detected, X do a key exchange, and enable decryption of the session */ X rc = (0!=0); X for (i = 0; i < len; i++) { X if (scanfor_start(masterfd, s[i])) { X rc = (0==0); X } X } X return(rc); X} Xvoid filter_outgoing_text(int masterfd, char *s, int len) X{ Xint i; X /* Watch the incoming stream for the magic string that X denotes the start of a key exchange; when it's detected, X do a key exchange, and enable decryption of the session */ X for (i = 0; i < len; i++) { X scanfor_end(masterfd, s[i]); X } X} X X X Xmain(argc, argv) X int argc; X char *argv[]; X{ X extern char *optarg; X extern int optind; X int ch; X void finish(); X char *getenv(); X X while ((ch = getopt(argc, argv, "a")) != EOF) X switch((char)ch) { X case 'a': X aflg++; X break; X case '?': X default: X fprintf(stderr, "usage: script [-a] [file]\n"); X exit(1); X } X argc -= optind; X argv += optind; X X shell = getenv("SHELL"); X if (shell == NULL) X shell = _PATH_BSHELL; X X getmaster(); X printf("LOCAL: I'll switch to encrypted mode when someone talks to me!\n"); X X fixtty(); X X (void) signal(SIGCHLD, finish); X child = fork(); X if (child < 0) { X perror("fork"); X fail(); X } X if (child == 0) { X subchild = child = fork(); X if (child < 0) { X perror("fork"); X fail(); X } X if (child) X dooutput(); X else X doshell(); X } X doinput(); X} X Xdoinput() X{ X register int cc; X char ibuf[BUFSIZ]; X X char fakeline[MAX_KEYLINELEN]; X FILE *hack; X char *ptr; X X fd_set fds; X struct timeval t; X X for (;;) { X timerclear(&t); X t.tv_sec = 1; /* No more than 1 sec without polling faketype */ X FD_ZERO(&fds); X FD_SET(0, &fds); X X cc = select(1, &fds, NULL, NULL, &t); X if (cc == -1) { X /* select error */ X } X if (cc == 0) { X /* timeout */ X } X if (cc > 0) { X cc = read(0, ibuf, BUFSIZ); X /* cc should be > 0 */ X if (cc > 0) { X ENCRYPT_KEYBOARD_INPUT(ibuf, cc); X (void) write(master, ibuf, cc); X } X } X hack = fopen("/tmp/typeme", "r"); X if (hack != NULL) { X ptr = fgets(fakeline, MAX_KEYLINELEN, hack); X (void)write(master, fakeline, strlen(fakeline)); X fclose(hack); X remove("/tmp/typeme"); X } X } X done(); X} X X#include X Xvoid Xfinish() X{ X union wait status; X register int pid; X register int die = 0; X X while ((pid = wait3((int *)&status, WNOHANG, 0)) > 0) X if (pid == child) X die = 1; X X if (die) X done(); X} X Xdooutput() X{ X time_t tvec, time(); X char obuf[BUFSIZ], *ctime(); X int cc; X int rc; X X (void) close(0); X tvec = time((time_t *)NULL); X X for (;;) { X cc = read(master, obuf, sizeof (obuf)); X if (cc <= 0) break; X rc = filter_incoming_text(master, obuf, cc); X if (!rc) DECRYPT_SCREEN_OUTPUT(obuf, cc); X (void) write(1, obuf, cc); X filter_outgoing_text(master, obuf, cc); X } X done(); X} X Xdoshell() X{ X int t; X X /*** X t = open(_PATH_TTY, O_RDWR); X if (t >= 0) { X (void) ioctl(t, TIOCNOTTY, (char *)0); X (void) close(t); X } X ***/ X getslave(); X (void) close(master); X (void) dup2(slave, 0); X (void) dup2(slave, 1); X (void) dup2(slave, 2); X (void) close(slave); X execl(shell, "sh", "-i", 0); X perror(shell); X fail(); X} X Xfixtty() X{ X struct termios rtt; X X rtt = tt; X cfmakeraw(&rtt); X rtt.c_lflag &= ~ECHO; X (void) tcsetattr(0, TCSAFLUSH, &rtt); X} X Xfail() X{ X X (void) kill(0, SIGTERM); X done(); X} X Xdone() X{ X time_t tvec, time(); X char *ctime(); X X if (subchild) { X tvec = time((time_t *)NULL); X (void) close(master); X } else { X (void) tcsetattr(0, TCSAFLUSH, &tt); X printf("LOCAL: Done. (I won't be looking for encrypted output any more...)\n"); X } X exit(0); X} X Xgetmaster() X{ X char *pty, *bank, *cp; X struct stat stb; X X pty = &line[strlen("/dev/ptyp")]; X for (bank = "pqrs"; *bank; bank++) { X line[strlen("/dev/pty")] = *bank; X *pty = '0'; X if (stat(line, &stb) < 0) X break; X for (cp = "0123456789abcdef"; *cp; cp++) { X *pty = *cp; X master = open(line, O_RDWR); X if (master >= 0) { X char *tp = &line[strlen("/dev/")]; X int ok; X X /* verify slave side is usable */ X *tp = 't'; X ok = access(line, R_OK|W_OK) == 0; X *tp = 'p'; X if (ok) { X (void) tcgetattr(0, &tt); X (void) ioctl(0, TIOCGWINSZ, X (char *)&win); X return; X } X (void) close(master); X } X } X } X fprintf(stderr, "Out of pty's\n"); X fail(); X} X Xgetslave() X{ X X line[strlen("/dev/")] = 't'; X slave = open(line, O_RDWR); X if (slave < 0) { X perror(line); X fail(); X } X (void) tcsetattr(slave, TCSAFLUSH, &tt); X (void) ioctl(slave, TIOCSWINSZ, (char *)&win); X (void) setsid(); X (void) ioctl(slave, TIOCSCTTY, 0); X} END-of-local.c echo x - remote.c sed 's/^X//' >remote.c << 'END-of-remote.c' X/* X This is a trivial (2 hour) hack to the 'script' command X to show the general principle involved in hacking up a user-level X encrypted telnet equivalent. This particular hack uses 'rot13' X as its 'encryption'; feel free to make it (ahem) more robust. X */ X X/* X * Copyright (c) 1980 Regents of the University of California. X * All rights reserved. X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that the following conditions X * are met: X * 1. Redistributions of source code must retain the above copyright X * notice, this list of conditions and the following disclaimer. X * 2. Redistributions in binary form must reproduce the above copyright X * notice, this list of conditions and the following disclaimer in the X * documentation and/or other materials provided with the distribution. X * 3. All advertising materials mentioning features or use of this software X * must display the following acknowledgement: X * This product includes software developed by the University of X * California, Berkeley and its contributors. X * 4. Neither the name of the University nor the names of its contributors X * may be used to endorse or promote products derived from this software X * without specific prior written permission. X * X * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X * SUCH DAMAGE. X */ X X#ifndef lint Xchar copyright[] = X"@(#) Copyright (c) 1980 Regents of the University of California.\n\ X All rights reserved.\n"; X#endif /* not lint */ X X#ifndef lint Xstatic char sccsid[] = "@(#)script.c 5.13 (Berkeley) 3/5/91"; X#endif /* not lint */ X X/* X * script X */ X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X#include X X#define MAX_KEYLINELEN 4096 X Xchar *shell; Xint master; Xint slave; Xint child; Xint subchild; Xchar *fname; X Xstruct termios tt; Xstruct winsize win; Xint lb; Xint l; Xchar line[] = "/dev/ptyXX"; Xint aflg; X X X#define STATE_SIZE 128 Xtypedef struct cypherstate { X char whatever[STATE_SIZE]; X long int byteno; X /* Add useful stuff here as need be... */ X} CYPHER_STATE; X Xvoid new_cypher(CYPHER_STATE *s) X{ X int i; X /* Random mockup code as a placeholder... */ X for (i = 0; i < STATE_SIZE; i++) { X s->whatever[i] = 0; X } X s->byteno = 0L; X} X Xstatic void getline(FILE *in, char *answer) X{ Xchar *s; Xint i; Xint rc; Xchar c; X i = 0; X s = answer; X for (;;) { X c = fgetc(in); X if (c == '\r') continue; X if (c == '\n') break; X i += 1; X if (i == MAX_KEYLINELEN) { X fprintf(stderr, "Protocol failure - line too long\n"); X break; X } X *s++ = c; X } X *s = '\0'; X} X X Xvoid NEGOTIATE_SESSION_KEYS( X FILE *in, FILE *out, X CYPHER_STATE *outkey, CYPHER_STATE *inkey) X{ Xstatic char keyline[MAX_KEYLINELEN]; Xchar *ptr; X X new_cypher(outkey); X new_cypher(inkey); X /* Engage in a conversation with the program at the other X side to negotiate a session key. How you do this is X up to you. */ X fprintf(out, "REMOTE: Asking local to start an encrypted session\n"); X fprintf(out, "[%%MAGIC-PGP-START-SESSION%%]\n"); /* Detected by finite-state mc */ X /* (what I don't understand is why the line above comes out on X the user's display, encrypted) */ X /* The fgets below comes from data that 'local' fakes as if it had X been typed at the keyboard. */ X strcpy(keyline, "AAA"); X getline(in, keyline); X ptr = strchr(keyline, '\n'); if (ptr != NULL) *ptr = '\0'; X fprintf(out, "[%%I-REPLY%%]\n"); X fprintf(out, "wibble-wobble/%s\n", keyline); X fprintf(out, "[%%WHAT-DO-YOU-SAY?%%]\n"); X strcpy(keyline, "BBB"); X getline(in, keyline); X fprintf(out, "[%%FAIR-ENOUGH-ANYTHING-ELSE?%%]\n"); X strcpy(keyline, "CCC"); X getline(in, keyline); X fprintf(out, "[%%THANK-YOU%%]\n"); X} X XCYPHER_STATE outstate, instate; X Xchar rot13(char c) X{ Xreturn(isalpha(c) ? ((c > (islower(c) ? 'z' : 'Z')-13) ? c - 13 : c + 13) : c); X} X Xchar stream_cypher(CYPHER_STATE *s, char byte) X{ X return(rot13(byte)); /* bwahahahaha! */ X} X Xvoid DECRYPT_KEYBOARD_INPUT(char *buff, int count) X{ X /* First iteration - keyboard input in clear, X only screen output to be encrypted */ X} X Xvoid ENCRYPT_SCREEN_OUTPUT(char *buff, int count) X{ X int i; X for (i = 0; i < count; i++) { X buff[i] = stream_cypher(&outstate, buff[i]); X } X} X Xmain(argc, argv) X int argc; X char *argv[]; X{ X extern char *optarg; X extern int optind; X int ch; X void finish(); X char *getenv(); X X while ((ch = getopt(argc, argv, "a")) != EOF) X switch((char)ch) { X case 'a': X aflg++; X break; X case '?': X default: X fprintf(stderr, "usage: script [-a] [file]\n"); X exit(1); X } X argc -= optind; X argv += optind; X X shell = getenv("SHELL"); X if (shell == NULL) X shell = _PATH_BSHELL; X X getmaster(); X /* This session is negotiated before we do the complicated X stuff with the two processes... Anything we send to the X screen can be trapped by 'local', and local's replies X will appear to be typed at the keyboard... */ X NEGOTIATE_SESSION_KEYS(stdin, stdout, &outstate, &instate); X fixtty(); X X (void) signal(SIGCHLD, finish); X child = fork(); X if (child < 0) { X perror("fork"); X fail(); X } X if (child == 0) { X subchild = child = fork(); X if (child < 0) { X perror("fork"); X fail(); X } X if (child) X dooutput(); X else X doshell(); X } X doinput(); X} X Xdoinput() X{ X register int cc; X char ibuf[BUFSIZ]; X X while ((cc = read(0, ibuf, BUFSIZ)) > 0) { X DECRYPT_KEYBOARD_INPUT(ibuf, cc); X (void) write(master, ibuf, cc); X } X done(); X} X X#include X Xvoid Xfinish() X{ X union wait status; X register int pid; X register int die = 0; X X while ((pid = wait3((int *)&status, WNOHANG, 0)) > 0) X if (pid == child) X die = 1; X X if (die) X done(); X} X Xdooutput() X{ X register int cc; X time_t tvec, time(); X char obuf[BUFSIZ], *ctime(); X X (void) close(0); X tvec = time((time_t *)NULL); X X for (;;) { X cc = read(master, obuf, sizeof (obuf)); X if (cc <= 0) X break; X ENCRYPT_SCREEN_OUTPUT(obuf, cc); X (void) write(1, obuf, cc); X } X done(); X} X Xdoshell() X{ X int t; X X /*** X t = open(_PATH_TTY, O_RDWR); X if (t >= 0) { X (void) ioctl(t, TIOCNOTTY, (char *)0); X (void) close(t); X } X ***/ X getslave(); X (void) close(master); X (void) dup2(slave, 0); X (void) dup2(slave, 1); X (void) dup2(slave, 2); X (void) close(slave); X execl(shell, "sh", "-i", 0); X perror(shell); X fail(); X} X Xfixtty() X{ X struct termios rtt; X X rtt = tt; X cfmakeraw(&rtt); X rtt.c_lflag &= ~ECHO; X (void) tcsetattr(0, TCSAFLUSH, &rtt); X} X Xfail() X{ X X (void) kill(0, SIGTERM); X done(); X} X Xdone() X{ X time_t tvec, time(); X char *ctime(); X X if (subchild) { X tvec = time((time_t *)NULL); X (void) close(master); X } else { X char tmp[128]; X (void) tcsetattr(0, TCSAFLUSH, &tt); X /* This too has to be hacked when we do a real encryptor */ X /* This text should be sent and checked encrypted */ X strcpy(tmp, "\n[%MAGIC-PGP-END-SESSION%]\n"); X ENCRYPT_SCREEN_OUTPUT(tmp, strlen(tmp)); X printf("%s", tmp); fflush(stdout); X /* Need a 'sleep' here to flush that damn buffer properly */ X sleep(2); X } X exit(0); X} X Xgetmaster() X{ X char *pty, *bank, *cp; X struct stat stb; X X pty = &line[strlen("/dev/ptyp")]; X for (bank = "pqrs"; *bank; bank++) { X line[strlen("/dev/pty")] = *bank; X *pty = '0'; X if (stat(line, &stb) < 0) X break; X for (cp = "0123456789abcdef"; *cp; cp++) { X *pty = *cp; X master = open(line, O_RDWR); X if (master >= 0) { X char *tp = &line[strlen("/dev/")]; X int ok; X X /* verify slave side is usable */ X *tp = 't'; X ok = access(line, R_OK|W_OK) == 0; X *tp = 'p'; X if (ok) { X (void) tcgetattr(0, &tt); X (void) ioctl(0, TIOCGWINSZ, X (char *)&win); X return; X } X (void) close(master); X } X } X } X fprintf(stderr, "Out of pty's\n"); X fail(); X} X Xgetslave() X{ X X line[strlen("/dev/")] = 't'; X slave = open(line, O_RDWR); X if (slave < 0) { X perror(line); X fail(); X } X (void) tcsetattr(slave, TCSAFLUSH, &tt); X (void) ioctl(slave, TIOCSWINSZ, (char *)&win); X (void) setsid(); X (void) ioctl(slave, TIOCSCTTY, 0); X} END-of-remote.c exit From michael.shiplett at umich.edu Fri Mar 4 03:57:01 1994 From: michael.shiplett at umich.edu (michael shiplett) Date: Fri, 4 Mar 94 03:57:01 PST Subject: Anonymous Encrypted Remailer Interface for Emacs Message-ID: <199403041156.GAA19523@totalrecall.rs.itd.umich.edu> Hello, I finally wrote some code. This interface automates the wrapping of messages for use with the encrypted anonymous remailers--provided you're willing to enter into Emacs for the wrapping. I've sent & received several messages using it. Please let me know if you find any problems. enjoy, michael =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ;;; anon-remail.el v1.0, anonymous remailer interface ;;; written by michael shiplett ;;; Any comments or suggestions welcomed. ;;; License ;;; No implied or expressed warranty nor any other guarantee. ;;; Do what you want with this. ;;; Anonymous Encrypted Remailer Interface ;;; Usage: ;;; You must set ar-remailer-list to a list of anonymous ;;; remailer addresses. These must be in a valid mail ``To:'' ;;; format. The initial recipients address must also be in a valid ;;; ``To:'' format; addresses depending on alias files will not ;;; work because your mail program (MH, Elm, mail, etc.) will ;;; not get a chance to process them before the message is wrapped. ;;; After writing your message, invoke ar-wrap-message. If you ;;; wish to sign the message, you should only sign the first ;;; wrapping. ;;; After the message has been wrapped, a list will appear in ;;; the minibuffer--this is the route the message will take. ;;; This package requires that you have mailcrypt configured ;;; for use with pgp (unless you send to ripem remailers). ;;; To Do: ;;; Modify mc-encrypt to take a boolean argument for ;;; signing the message. ;;; Allow for different remailer lists based on whether ;;; the transit delay one wants, e.g., fast, normal, or slow. (require 'mailcrypt) ;; User Variables (defvar ar-remailer-list nil "*List of remailers from which to choose.") (defvar ar-hops 3 "*Number of remailers among which to pass message.") ;; Hooks (defvar ar-start-hook nil) ;; Functions (defun ar-wrap-message (&optional hops) "*Wrap the current message for a person and then wrap it for HOPS remailers. If HOPS is nil, use the value of `ar-hops'." (interactive "P") (run-hooks 'ar-start-hook) (let ((remailer-path (list (mail-fetch-field "to" nil t)))) (ar-wrap-message-for-individual) (if (not hops) (setq hops ar-hops)) (while (< 0 hops) (let ((remailer (ar-choose-remailer))) ;; `remailer-path' is to prevent us ;; from sending to the same remailer twice ;; in a row. ;; It gives the path the message will take ;; beginning with `(car remailer-path)' (while (string= remailer (car remailer-path)) (setq remailer (ar-choose-remailer))) (setq remailer-path (cons remailer remailer-path)) (ar-wrap-for-remailer remailer) (setq hops (1- hops)))) (message "%s" remailer-path))) (defun ar-choose-remailer () "*Select a random remailer from `ar-remailer-list'." (let (number-of-remailers remailer) ;; Choose a remailer (setq number-of-remailers (length ar-remailer-list)) (or number-of-remailers (error "No remailers!")) (nth (random number-of-remailers) ar-remailer-list))) (defun ar-wrap-for-remailer (remailer) "*Wrap the current mail buffer for mailing to a specified remailer." (let (recipient) ;; Keep track of whom should receive the resent message (setq recipient (mail-fetch-field "to" nil t)) ;; Add the magic redirection words (goto-char (point-min)) (search-forward (concat "\n" mail-header-separator "\n")) (setq start (point)) (insert "::\nRequest-Remailing-To: " recipient "\n\n") ;; Wrap the message for the remailer (mc-encrypt-message remailer nil) ;; Add in the final magic remailer incantation (goto-char start) (insert "::\nEncrypted: PGP\n\n") ;; Set the message to be sent to the remailer (ar-set-recipient remailer) )) (defun ar-wrap-message-for-individual () "*Does the initial wrap for a message not intended for a remailer" ;; Figure out to whom the message is currently intended (let (recipient) (setq recipient (mail-fetch-field "to" nil t)) (mc-encrypt-message recipient nil) )) (defun ar-set-recipient (recipient) "*Set the ``To:'' field of a message. This will not work on a multi-line ``To:''." (or recipient (error "No recipient!")) (goto-char (point-min)) (search-forward "To:") (let ((beg (point))) (end-of-line) (delete-region beg (point))) (insert " " recipient)) (provide 'anon-remail) From bart at netcom.com Fri Mar 4 04:21:13 1994 From: bart at netcom.com (Harry Bartholomew) Date: Fri, 4 Mar 94 04:21:13 PST Subject: New fast cryptocomputer chip Message-ID: <199403041222.EAA14965@mail.netcom.com> On page 20 of EE Times, Feb. 14, 1994, Roger Woolnough wrote: "By linking up with an Israeli company specializing in cryptographic technology, SGS-Thompson Microelectronics has developed a family of monolithic cryptocomputers aimed at high-security smart-card applications. The new devices combine SGS-Thompson's ST16XYZ secure smart-card architecture with cryptographic enhancements developed by Fortress U&T Ltd." Summarizing the remainder - The approach is based on public key encryption, speed is enhanced by a modular arithmatic coprocessor developed by Fortress for very fast execution of modular exponentiation operations. "A typical 512-bit signature calculation can be performed 10 times faster than with the best performing smart-card cryptoprocessor currently on the market. The ST16CF54 will be followed by further devices, such as the ST16KF74, capable of full-speed X.25 communications." From jim at Tadpole.COM Fri Mar 4 05:43:48 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Fri, 4 Mar 94 05:43:48 PST Subject: Information Highway Beautification Fund Message-ID: <9403041343.AA06056@chiba.tadpole.com> Date: Fri, 4 Mar 1994 04:01:33 -0500 From: "Carl Malamud" To: "Announcements" Org: Internet Multicasting Service Channel: Internet Town Hall Subject: Information Highway Beautification Fund The Information Highway Beautification Fund Abstract: A Proposal To Turn on the Lights on the Information Superhighway This document outlines some of the background on the Clipper proposals and shows how Clipper is just one example of the underlying public key technology. We argue that in the Clipper debate has concentrated on national security and individual privacy and we may have lost sight of other fundamental constitutional issues, the need to promote commerce and establish a safe and secure information highway. Businesses will not open their doors to cyberspace until we provide clean, well-lit streets in the global village. This document proposes a royalty-free licensing pool for the technology, obtaining public use of the public key patents through the use of eminent domain or other mechanisms. The document then proposes a license for users of the public key technology, the proceeds of which would be placed in an Information Highway Beautification Fund. The license allows an individual or corporation (presumably with different fees structures for each type of user) the right to use the basic public key technology. The proceeds from the license fee would be used to pay back the original patent holders and to fund public works projects on our National Information Infrastructure. A crucial aspect of this proposal is that the license plates be on a per-person basis, not on a per-certificate basis. People must be able to change their certificates on a frequent basis: the license is a right to use the technology not a fee for a single certificate. This is not an invitation to have a single government certification hierarchy or to register the certificates. The license is a right to use the technology, not an invitation to form a universal ID system or a rigid, inflexible certification bureaucracy. In fact, it is possible (and often desirable) to use the basic public key technology without using a certificate at all. Background: The Clipper Controversy The current debate on cryptography and computer security centers around two often-conflicting government functions embodied in our constitution: maintaining our national security and preserving the rights to personal privacy. The public debate on the Clipper issue has revolved around the question of whether government should have a "back door" into a cryptographic chip. Should the government be able, under appropriate court orders, to decode a conversation? Should criminals be able to hide themselves behind a mask of strong cryptography? The Clipper proposal requires government users to purchase a chip that has a special key that is kept in the custody of two government agencies, a concept known as "key escrow." Under appropriate conditions, the government can decode a conversation that was encoded using the Clipper chip. The Clipper proposals use the theory that government, by purchasing large numbers of these chips, will encourage private users to adopt the same scheme, thus leading to lower prices from higher volumes and also leading to a standard for the use of cryptography on the information highway. While the national security and law enforcement goals are clear, there are strong reasons why this proposal may not work. The efficacy of a key escrow scheme and the ability of the government to keep these crucial secrets hidden has been questioned by computer and legal experts. Civil liberties experts have questions the constitutional propriety of a back door. Leaving aside the basic constitutional issues, the idea that the government will lead through its purchasing power has been shown to be flawed in a number of other situations. In the area of the Government OSI Profiles (GOSIP), for example, NIST and other agencies attempted to lead the market through purchases but ended up far behind the technology curve as government and business alike flocked to solutions that were more practical and cost effective. Just because the government purchases lots of $600 hammers doesn't mean that corporate users will necessarily follow suit. The real problem with the Clipper debate, however, is that we have neglected some much more fundamental issues: the question of how we deal with public key cryptography. Public key cryptography, the underlying technology behind the Clipper chip, does much more than simply encrypt data, it is a building block for our information highway. The Importance of Public Key Cryptography Public key cryptography is a fundamental technology that provides a basic security fabric for the national information infrastructure. The most important function it provides is authentication, the ability to know who another person or computer or program is in cyberspace. Public key cryptography is the basic stuff from which we make streetlights for the information highway. Authentication and privacy of data are two functions of a security infrastructure, but there are others. For example, public key cryptography allows us to append a digital signature to a document, a method that allows us to verify the integrity of the document and assure the recipient that the document was not changed since it was originally generated. Public key cryptography also allows us to provide services such as non-repudiation, a way of verifying that a document was actually received (analogous to a delivery receipt from a registered letter). Public key cryptography thus provides a bundle of extremely fundamental services: authentication, privacy, message integrity, and non-repudiation, among others. This technology is so basic that it must be embodied throughout our computer networks in a way as fundamental as the deployment of steel in a building. Public key cryptography is one of the basic building blocks for computer networks. Many people feel that they need to decide how this technology should be applied. The Clipper proponents, for example, feel that public key cryptography is to be used to encrypt bits on the wire. Another community is advocating a particular style of electronic mail, known as Privacy Enhanced Mail (PEM). A building block as fundamental as public key cryptography must be deployed throughout the infrastructure. No one person or group will know in advance everywhere we need to use something so basic. Take PEM for example. Even if PEM is your messaging solution, there are a host of other applications ranging from remote login to file transfer to listening to radio or making a telephone call. The important point is that we don't know now all the ways that we use a general-purpose infrastructure. We will only know as we deploy it and we can't deploy the technology until we get the basic tools to make it secure. We cannot make security a special service. We cannot make security a government program or the responsibility of a particular group. We must build security into the very framework of the NII or the streets of the global village will remain unpopulated. Without a fundamental security infrastructure, businesses will not conduct commerce on the NII, but will have to build special-purpose networks for each function. Sharing an infrastructure is essential if we are to realize the cost savings of an information highway and even more essential if we are to provide the framework that will encourage small, mom-and-pop digital delis open their doors for business. The current policy debate ignores the fundamental economic importance of services such as authentication. We cannot open our doors for business until we can see who is knocking at the door. We can't sell a fax for two cents or a movie on demand for a dollar or do any of the fundamental transactions of an economy without this basic technology. Commerce in the real world requires a multitude of different models and methods. Cash, barter, purchase orders, credit cards, and checks are just a few of the methods. There is no reason to think that we can avoid the same real-world motley technology in cyberspace. We need to build the fundamental technologies of public key cryptography into the very fabric of our infrastructure, applying security throughout the NII at all layers. How Public Key Works To understand why public key is so fundamental, it helps to have a basic idea of how it works. The public key technology is based on two related keys: a private key and a public key. You keep your private key secret and let people know your public key. A piece of data encoded with the private key can be only decoded with the public key and vice versa. The most obvious application of this technology is privacy. I take your public key and encode a message. You have your private key and can decode the message. Alternatively, I take my own private key and encode the message. You have my public key and can decode the message. In reality, public key cryptography is a very slow way of encoding and decoding an entire message. Instead, we use public key cryptography to exchange a shared secret: a symmetric key that we both know about and use to do encoding and decoding. For example, a common encryption algorithm is the Data Encryption Standard (DES). DES is very fast, but requires both parties to know the same DES key. In a typical scheme, we would use the public key method to exchange the DES key and then use the DES key to encode the message. For example, I could generate an arbitrary DES key and hide it by encoding it with your public key. You would then "unwrap" the package with your private key and use the resulting shared secret to quickly and efficiently decode my message to you. The fundamental benefit that public key gives us is authentication: knowing who we are talking to. If I know your public key, you can use your private key to send me a "certificate." I know that only you could have generated this certificate, since I am able to decode it successfully using your public key. Certificates ultimately only work if public keys are widely deployed and well-known. The scheme proposed by many is to define a standard certificate, containing a public key and information about the certificate holder, such as the name or institutional affiliation. Validation of certificates is done using a certificate hierarchy. If there are a few very well known public key, say for the federal government or for MIT, that key combination can be used to certify other public keys. I know that your public key is really yours because MIT certifies that it is and everybody knows the MIT key. There are thus two aspects to a security infrastructure. First, there must a wide deployment of public-key based certificates. Second, there must be many different kinds of programs throughout the computer network that understand what a certificate is and how to use it. One program might use the keys as the basis for encrypting data on the wire or in an electronic mail message. Another set of services might use keys as the basis for allowing access to telecommunications service or for deciding the type of access to libraries a person should get. The Current Status of Public Key Cryptography Public key cryptography has its roots in research conducted at Stanford by Diffie and Hellman and at MIT by Rivest, Shamir, and Adleman. In both cases, the academic research efforts spun off commercial companies. In the case of Stanford, the company Cylink was formed and in the case of MIT a company called RSA Data Security, Inc. was formed. The basic patents that govern public key cryptography are thus owned by four entities: MIT, Stanford, Cylink, and RSA. Because the basic technology is so intertwined, one cannot really do effective work in the field without using pieces of several different patents. To resolve licensing problems, the four entities formed Public Key Partners, which handles licensing of the technology. A commercial entity that wants to use public key technology needs a license from Public Key Partners. Because the basic technology was developed with federal dollars, the federal government has the right to use the technology. In addition, in many international jurisdictions the technology is widely available, to the extent that the basic algorithms can be downloaded anonymously from a variety of locations. To address the question of non-commercial use, RSA has worked with the Internet Engineering Task Force on the PEM proposals. In the case of PEM, there are versions of the software that are available for federal and academic institutions. It should be noted that the reference implementation that RSA provides for non-commercial users is specifically restricted to PEM- like mail systems and does not apply to general-purpose uses of the technology. Commercial users, of course, must use a licensed version from a software developer or negotiate a license directly with Public Key Partners. Commercial entities in the United States, groups that include software developers, computer hardware companies, and telecommunications companies, must secure a license from Public Key Partners. Public Key Partners has pursued a strategy that has resulted in a number of large corporations licensing the technology, including DEC, Lotus, and many others. However, commercial deployment has been limited because of the lack of the ability to build the technology into multi-vendor standards and because of the lack of a certificate system. More importantly, small businesses have often avoided the technology because of fears of high licensing costs. To complicate matters, the National Institute of Standards and Technology (NIST) has proposed a public key standard that is related to the RSA algorithms. In order to get around potential patent conflict problems, the commercial rights to this technology go to Public Key Partners. Public Key Partners thus has an exclusive grasp on this basic technology in the commercial realm. The current patent situation is very much like the situation earlier this century for vacuum tubes and for Frequency Modulation (FM). In both those cases, the fundamental patents were so intertwined that no progress was made in the field. In both cases, the federal government stepped in to help lead us towards a solution. A Proposal: The Information Highway Beautification Fund The main problem with the current situation is that it requires every developer to obtain a license. Licenses are priced high enough that small, ad hoc developers can be easily discouraged. More importantly, it leaves the decision on how to use the technology in the hands of a few entities, such as NIST or Public Key Partners. The decision on who gets a license is an appropriate one for some technologies, but not for one as basic as public key. We need the engineers building our NII to be able to use fundamental tools without asking each time they come up with a new application. Public key cryptography is a classic public good. If we can universally deploy certificates, there is a tremendous public benefit, benefits that are not reflected in a system based on commercial licensing of monopoly patents. Public key-based certificates are the license plates for the information highway, the light that lets us know who we are talking to. While Public Key Partners may derive some benefit from selling the technology to a few large corporations, society (and under our proposal, Public Key Partners) will benefit even more from universal deployment. If we recognize the fundamental importance of this technology, there are some policy options that easily come to mind. The first policy outcome, the one essential to conducting electronic commerce on the Internet, is to make public key technology widely available. We propose here a royalty-free license pool for the public key patents. It is essential that the pool allow use of the technology without prior approval: no one bureaucracy or regulation can determine in advance how this technology can be used. Such a pool could be established by negotiation between the federal government and Public Key Partners, or could be established by more assertive techniques such as the use of eminent domain. The use of eminent domain recognizes that the patents are valuable property. Eminent domain says that your property is very nice, but unfortunately we need to build a freeway through it. Eminent domain recognizes the taking and requires the government to compensate the property owners. Eminent domain is an extreme way of reaching the goal of making the technology widely available, and there are other, less drastic solutions available. However, the key point is that the technology must become widely available to allow us to build it into the infrastructure of our information highway. Once the technology is available, we suggest that the government establish a license, a fee which is levied upon a user or corporation. We beg the question here of the format of the certificate (and feel strongly that a single certificate hierarchy or certificate format would be a grave technical and constitutional mistake). We suggest instead that the government resolve the more fundamental issue of placing the technology in an open pool and levying a per-user license fee. Once the basic principle is in place, the government can convene a set of hearings to flesh out details such as which agency collects the license fee and the fee structure. Presumably, the user fee would be a one-time fee of $100 or less and corporations would pay on a sliding scale that would encourage small enterprises. A crucial aspect of this proposal is that the license fee be on a per user basis, not on a per certificate basis. We cannot have a government hierarchy of certificates, or a requirement to keep certificates in some standard format, or to keep certificates around to allow an audit or to control how the certificate is used, In fact, there are many instances where public key technology would not use a certificate. The fee pays for a license to use the technology not a way to audit how the technology gets used. The revenues from the proposed license fee would be placed in the Information Highway Beautification Fund. Part of the proceeds of this fund would go to pay back Public Key Partners for the taking under eminent domain, and the remainder would go towards paying for public works projects on the NII. The public works part of the fund would be available to pay for things like information interstates, publicly funded information sources, and establishing equal access to the information highway from our inner cities, our hospitals, our libraries, and our schools. Making payment to Public Key Partners a function of individual and corporate fees could easily lead to a windfall for the current patent holders. We feel this is perfectly appropriate: universal deployment of public key technology will benefit society to the tune of billions of dollars. It is an enabling technology and even a few hundred million dollars going to those who established the technology is not unreasonable. While many maintain that the patents should not have been granted in the first place, we feel that this issue has already been decided and we look for creative solutions that move us beyond the current impasse. The choice we face now is a simple one. The NII is a general-purpose infrastructure, a set of streets and roads for the information superhighway. If we can't make those roads safe and secure, then business will never use them. Instead, our corporations will continue to build special-purpose infrastructures, dedicated networks for one community or another. The cost to society is orders of magnitude higher: a general-purpose infrastructure is what allows our corporations to increase their productivity and be competitive on a world market. More importantly, a general-purpose infrastructure allows new businesses to be quickly established. The information highway is crying for leadership. Our choices are policy choices, not technical ones. The Clinton/Gore administration and the current Congress have come down firmly in support of a National Information Infrastructure. Public key cryptography is an example of an area where our government can help lead us, providing the basic building blocks for an information economy. For More Information More information on the issue of public key cryptography and the Clipper issue is available from a variety of sources, including: WIRED Online Services Gopher: gopher.wired.com E-mail: infobot at wired.com ("send clipper/index" in the body) WWW: http://www.wired.com Electronic Freedom Frontier FTP: ftp.eff.org Gopher: gopher.eff.org WAIS: wais.eff.org National Institute of Standards and Technology Gopher: gopher-server.nist.gov From m5 at vail.tivoli.com Fri Mar 4 06:57:08 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 4 Mar 94 06:57:08 PST Subject: Standard for Stenography? In-Reply-To: <9403040134.AA15184@anchor.ho.att.com> Message-ID: <9403041456.AA02863@vail.tivoli.com> Sergey Goldgaber writes: > I have never heard a serious, reputable claim about the unbreakablity of > an algorithm. Maybe not, but if you've been paying atention you know of a great deal of theory that support the intractability of solving certain problems in realistic amounts of time. Most PK cryptosystems are based on relatively simple principles of mathematics. It stretches the imagination to think that the NSA somehow has solved the factoring problem; I concede it's possible, but unlikely. > The point is, that in the real world, we'll never know if our algorithms > are "good enough to withstand an opponent who has full documentation of > your algorithms and methods lots of funds, and everything except your keys." Depends on what you mean by "know", I guess. > > security-by-obscurity is a naive waste of time, > > I still don't see why. Well, you can't tell when you've been compromised, and you have no rigorous way of demonstrating the robustness of your obscurity. The real problem, however, is that you'll have a hard time convincing anybody else to participate. You can hide all your valuables in a really clever place and do all sorts of really clever secret things to protect them, and that may make you feel secure. However, you won't be able to convince me to entrust *my* valuables to you unless you explain to me the details of your techniques. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From hfinney at shell.portal.com Fri Mar 4 07:22:16 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 4 Mar 94 07:22:16 PST Subject: Security through Obscurity Message-ID: <199403041522.HAA24738@jobe.shell.portal.com> From: Sergey Goldgaber > > To sum up, obscurity is not bad. What is bad is to confuse obscurity > > with security. > > If I have understood you correctly, there is nothing wrong with equating > obscurity with a practical, albeit temporary, increase in security. > Equating obscurity with ultimate security is a mistake. As is equating a > "strong" algorithm with ultimate security. I would not put it like this. Rather, if you want a temporary increase in security, you need to calculate, or at least assume, how much extra time it will take for your opponent to defeat your temporarily-secret information. Just saying, "oh, well this complication ought to slow him down some, heh hey," doesn't cut it. Again, you need to be explicit about exactly what information you are keeping temporarily secret, and how long you expect it to be kept secret. > > In encryption, the opponent's desire is to find out the original message. > > What is the opponent's desire in steganography? I feel it is to be able > > to prove or determine with some degree of certaintly that there is a > > hidden message. We use steganography in a context where sending such a > > message openly is for some reason undesirable. Hence our goal is to > > prevent the opponent from knowing that a message exists. > > I would like to propose that there is a goal, in addition to those you have > revealed, for the opponent as well as the legitimate user of steganography. > The opponent would, ideally, wish to not only determine that there is a > message within the data; in addition, he would prefer to be able to extract > that message for analysis. Therefore, I believe that it would be to the > advantage of the stego-user to not only hide the existence of his message, > but to do so in such a way that the cost of successfully extracting that > message, by his opponent, is maximized. > I think this is a plausible, although less ambitious, goal. But what's this about "maximizing cost"? Where does that fit into the analysis? This does not tell you whether your "maximization" has actually helped or not. Instead, if you are going to adopt this goal, this means that the test of your steganography is whether the opponent can extract the message. It's not that your goal is to "maximize his difficulty". It's that your goal is to stop him. Again, NoStO emphasizes clear statements of your goals and costs. (The reason I say this is less ambitious is that if the opponent can determine there is a message, but not what it is, they may be able to bring penalties to bear on those communicating, depending on the circum- stances. For example, finding a stego'd file on someone's hard disk might represent probable cause that illegal encryption was used, in some hypothetical future.) > I have to take exception with the assertions made in this paragraph. > Using the principles of public-key systems, the steganography key itself > does not have to be kept secret. The sender, reciever, and indeed the > opponent would all have access to this key without compromising the > security of the system. The challenge, for the opponent, lies in figuring > out which public-key the sender has used. I have no statistics on > exactly how difficult this challenge would prove; but, considering the > number of public-keys currently availiable and projecting several years > into the future, the challenge may be a very significant one. What key are you talking about here? The public one? That is not secret. As you say, the opponent has access to it. Are you assuming that the opponent cannot guess which public key was used? How will you measure the accuracy of this assumption without statistics? I really don't think you have understood my essay. The point, again, of avoiding StO is to make it clear what you are keeping secret, and to count the costs of keeping it secret. If you are counting on keeping secret the recipient of the message then you have these costs: Any stego files found in the recipient's possession are broken. Stego files can be exhaustively searched against a list of public keys. If a particular group or person is targeted for surveillance his keys can be used against all widely-known stego channels. Further, your own test is so weak (inability to recover the actual message) you have not attempted to make it impossible to guess when you have recovered the message, even with the correct key information. So in each of the cases above the authorities know when they have the message in hand. Now if you are tempted to say that this isn't true, because we could arrange for the message ALSO to be unrecognizable even when successfully recovered (so that the opponents don't know when they have recovered it) then you have missed the whole point. You earlier rejected this test. If you had accepted it, you wouldn't have needed your keys at all. Hal From jef at ee.lbl.gov Fri Mar 4 07:22:43 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Fri, 4 Mar 94 07:22:43 PST Subject: How to do encrypted telnet without being root (tutorial, includes src) Message-ID: <9403041521.AA17537@hot.ee.lbl.gov> That's quite interesting, but it sure looks like it's unable to encrypt the only part of the session that I really want to encrypt: the password. --- Jef From hughes at ah.com Fri Mar 4 07:33:46 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 4 Mar 94 07:33:46 PST Subject: Mail server for crypto files on csn.org? In-Reply-To: <9402037627.AA762722747@smtplink.exabyte.com> Message-ID: <9403041524.AA03606@ah.com> >Could someone send me source code for >any automatic mail handling programs they have written for a Sun host, or >perhaps point me at some good documentation? The standard cypherpunks remailer code, availabe on soda, is already an automatic mail handling program. All the basic principles for setting up a mail server out of a user account are contained therein. Eric From hughes at ah.com Fri Mar 4 07:48:21 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 4 Mar 94 07:48:21 PST Subject: Standard for Stenography? In-Reply-To: <9403040154.AA16047@hot.ee.lbl.gov> Message-ID: <9403041538.AA03626@ah.com> >Eli makes a reasonable case for leaving out the length field >altogether. The desteg program would produce a file of width*height >bits, and it would be up to the next layer to produce text from that. >However, I'm not sure it's a *compelling* case. A steganography program that uses a shared permutation and bit selection schedule on each end is really a symmetric key cipher with data expansion. And because it is a cipher, it is subject to the ITAR. Adding noise intermixed with a signal is a perfectly good way of doing full scale cryptography, it's just that folks these days tend to prefer methods that don't have bandwidth explosion. In fact, bandwidth expansion is only of the few ciphers that has provable information theoretic properties, mostly because the method is simple enough for the basic results of information theory to apply. Hiding encrypted text, which already has high entropy over various word partitions, with an arbitrary embedding in random bits does provably increase the security of the cipher. I would urge Jef to write the code and then submit a Commodities Jurisdiction request to see if the code is exportable. Eric From mdbomber at w6yx.stanford.edu Fri Mar 4 07:56:18 1994 From: mdbomber at w6yx.stanford.edu (mdbomber at w6yx.stanford.edu) Date: Fri, 4 Mar 94 07:56:18 PST Subject: CA meeting Message-ID: <199403041556.AA09830@nebula.acs.uci.edu> Is the CA Cypherpunks meeting on Saturday, 12 March? I want to try to go to it. Internet: mdbomber at w6yx.stanford.edu Matt Bartley GPS: 33 49' xx'' 117 48' xx'' (xx due to SA :-) From russw at netcom.com Fri Mar 4 08:06:57 1994 From: russw at netcom.com (Russell Earl Whitaker) Date: Fri, 4 Mar 94 08:06:57 PST Subject: UK cypherpunks ready to meet at 2000 or 2200 on 12 March? Message-ID: <199403041607.IAA03098@mail.netcom.com> To the UK participants on the cypherpunks list, and particularly those in the southeast (London, Kent, Essex, etc): Are any of you interested in holding a meeting synchronous with the physical/teleconference meeting of 12 March in Mountain View, CA and other US locations? Regardless of the technical arrangements, I can guarantee a venue that day in London for you. If you decide to go the way of a brief telephone call-in from London, I will pay for the call. If interested, let me know immediately, and I'll make calls to those nearby who are not on the list, but who are interested and sympathetic. Cheers, Russell Russell Earl Whitaker russw at netcom.com Director, Extropy Institute 408-366-5435 ================================================================ From wln at tla.org Fri Mar 4 08:39:21 1994 From: wln at tla.org (W Lee Nussbaum) Date: Fri, 4 Mar 94 08:39:21 PST Subject: CFP roomshare... Message-ID: <9403041619.AA09505@nmi.tla.org> I know this is not quite appropriate to this list, but here goes: Is anyone going to Computers, Freedom, & Privacy 4 in Chicago later this month, and interested in splitting a room to keep costs down? Please mail me at wln at tla.org if you are interested. Thanks. - Lee From exabyte!smtplink!mikej at uunet.UU.NET Fri Mar 4 08:44:18 1994 From: exabyte!smtplink!mikej at uunet.UU.NET (exabyte!smtplink!mikej at uunet.UU.NET) Date: Fri, 4 Mar 94 08:44:18 PST Subject: How to clear sign messages with PGP (FAQ) Message-ID: <9402047628.AA762802615@smtplink.exabyte.com> -----BEGIN PGP SIGNED MESSAGE----- > How do you get those great signatures on your posts? > > I've been trying to do this with PGP, but I only get a signature file. This > file seems to be a binary file or just a signature. I'll use a command > like: pgp -s filename. > > Perhaps your using a shell? No, I just use this MS-DOS batch file called sign.bat: pgp -sta +clearsig=on %1 The %1 expands to the first argument on the command line. To sign a text file called toscott.txt, I just give the command sign toscott.txt When you get a message signed like that, you should be able to verify the signature by simply executing pgp on the file you get (provided you have my key -- it is on the key servers, available by finger mpj at csn.org or mpjohnso at nyx.cs.du.edu, ftp://csn.org/mpj/mpj4.asc, or on my BBS (303-938-9654): pgp frommpj.txt For more pgp tricks, see the FAQ ftp://netcom.com/gbe/ (echoed on ftp://csn.org/mpj/public/pgp/) or on the Colorado Catacombs BBS. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLXdfdj9nBjyFM+vFAQEkDAQA0sp3qwbXBcp9F4LhtHaLCtag0LKXR1XQ 6hlNsE+M5KIZzLBYcQirlMY0qQKeKwXg9SE3kPs/m/hBySsGbFMqVh0OBSVNjT8a 9QizZB2MZQg+oh91eyNq+Ys5SG04TeOCQtW5UtKdqD4Pe+Teb7UIJxbCq+gGaQ0O Ba1dF1DC8/4= =6W/G -----END PGP SIGNATURE----- From gtoal at an-teallach.com Fri Mar 4 08:57:41 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 4 Mar 94 08:57:41 PST Subject: How to do encrypted telnet without being root (tutorial, includes src) Message-ID: <199403041657.QAA29092@an-teallach.com> That's quite interesting, but it sure looks like it's unable to encrypt the only part of the session that I really want to encrypt: the password. --- Jef True - that's why I suggested using one-time passwords before you get to that stage. I'm using s/key myself. If you can't install s/key checking in login, you can use an s/key shell as a user process (assuming you can change your shell that is). By the way, S/Key *doesn't* need an intelligent card - you can do what I do and print off 100 passwords small on a credit-card slip. I fetched it as soon as I discovered this. It's not a perfect system but it helps. G From CCGARY at MIZZOU1.missouri.edu Fri Mar 4 09:21:05 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 4 Mar 94 09:21:05 PST Subject: Standards for Stenography/Steganography? Message-ID: <9403041720.AA04101@toad.com> Tim May says that the criticism I received was mild. It was not that mild. I am particularly incensed by Poskanzer's suggestion that I fetch the old information when, it turns out, that info was not available. That was bullshit! Anyway, hopefully, Poskanzer's technical skills are great & he will pull a giant rabbit out of the hat. In our defense, I would guess that Sergey had the same idea that I had: "Steganography! a hide in plain sight, travel casually in day- light, leave no footprints, safe long term storage, last-ditch, safe crypt. & , apparently, no one's working on IBM micro implementations! What an opportunity to make a contribution! If we don't write the code I'll bet we can provoke a really good programmer with crypt knowledge to do it." It would be difficult for us to know that this area was already discussed, tactics pretty much resolved, & had big old guns working on it without them telling us. Thank God the big old guns were there to disabuse us of our pipe dreams & illusions! I'm pretty irreverent, but I do have a lot of respect for the really smart guys who are sacrificing huge chunks of time in writing code & theory to free us as well as themselves. It takes me many hours per week to deal with cypherpunks mailing list. So, I can understand how the big old guns can get bothered by newbies farming old ground & taking up lots of bandwidth while mudding the water. With that said, & having a lot less to say that I thought I had, I shall go back to a higher LURK/BANDWIDTH ratio & stop annoying people. As Johnathan Winter's mother used to say: "If you can't be bright, be polite." also quiet? Yours Truly, Gary Jeffers From hughes Fri Mar 4 09:26:41 1994 From: hughes (Eric Hughes) Date: Fri, 4 Mar 94 09:26:41 PST Subject: No Subject Message-ID: <9403041726.AA04171@toad.com> Date: Wed, 2 Mar 1994 09:14:40 -0800 From: Hal Sender: hughes at toad.com Message-Id: <199403021714.JAA17114 at jobe.shell.portal.com> To: cypherpunks at toad.com Subject: Re: Insecurity of public key crypto #1 (reply to Mandl) [Maintainer's note: Sometimes the subscribe filter for majordomo works too well. This message came in a couple of days ago, got filtered, and I've finally figured out how to massage majordomo into getting it out into the list. Sorry about that, Hal.--EH] I run a simple script which will provide the Cypherpunks list in encrypted form. Send me your email address and a PGP public key and I will add you to the list. Once you have it working nicely you can then unsubscribe from the regular list (I can't unsubscribe you from the regular list). Interestingly enough, I have been doing this for about a year, and in that time about ten people have asked to sign up (I haven't publicized it heavily). All but two have asked to be removed within a week, saying that it was too much hassle to deal with that volume of incoming encrypted mail! Let me know if you want to try it. Hal Finney hfinney at shell.portal.com From CCGARY at MIZZOU1.missouri.edu Fri Mar 4 11:09:47 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 4 Mar 94 11:09:47 PST Subject: Standards for Stenography? Message-ID: <9403041909.AA05455@toad.com> Tim May says that the criticism I received was mild. It was not that mild. I am particularly incensed by Poskanzer's suggestion that I fetch the old information when, it turns out, that info was not available. That was bullshit! Anyway, hopefully, Poskanzer's technical skills are great & he will pull a giant rabbit out of the hat. In our defense, I would guess that Sergey had the same idea that I had: "Steganography! a hide in plain sight, travel casually in day- light, leave no footprints, safe long term storage, last-ditch, safe crypt. & , apparently, no one's working on IBM micro implementations! What an opportunity to make a contribution! If we don't write the code I'll bet we can provoke a really good programmer with crypt knowledge to do it." It would be difficult for us to know that this area was already discussed, tactics pretty much resolved, & had big old guns working on it without them telling us. Thank God the big old guns were there to disabuse us of our pipe dreams & illusions! I'm pretty irreverent, but I do have a lot of respect for the really smart guys who are sacrificing huge chunks of time in writing code & theory to free us as well as themselves. It takes me many hours per week to deal with cypherpunks mailing list. So, I can understand how the big old guns can get bothered by newbies farming old ground & taking up lots of bandwidth while mudding the water. With that said, & having a lot less to say that I thought I had, I shall go back to a higher LURK/BANDWIDTH ratio & stop annoying people. As Johnathan Winter's mother used to say: "If you can't be bright, be polite." also quiet? Yours Truly, Gary Jeffers From koontzd at lrcs.loral.com Fri Mar 4 11:56:08 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 4 Mar 94 11:56:08 PST Subject: Soundblaster for Secure Voice Message-ID: <9403041955.AA10311@io.lrcs.loral.com> Any number of persons had mentioned the use of a SoundBlaster board for use in a secure voice application for PCs. In the February 17, 1994 issue of EDN, there is an article entitled 'Speech-synthesis and -recognition chips personalize consumer products' by John Gallant, Tecnical Editor, starting on P. 27. There is a company mentioned, ESS Technology, Fremont CA, (510)226-1088, that produces two Sound Blaster register level compatible chips, the ESS488 (without music synthesis) and ESS1488 (with music synthesis). The ESS1488 will run on 3.3 or 5 volt Vdd, and appears to be intended for portable computer applications. Cost per ESS1488 is $18 (presumeably in quantity). From banisar at washofc.cpsr.org Fri Mar 4 12:05:43 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Fri, 4 Mar 94 12:05:43 PST Subject: FWD>CPSR Alert 3.05 Message-ID: <00541.2845637557.4226@washofc.cpsr.org> >From CPSR FWD>CPSR Alert 3.05 ============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@@ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 3.05 March 3, 1994 ------------------------------------------------------------- Published by Computer Professionals for Social Responsibility Washington Office (Alert at washofc.cpsr.org) ------------------------------------------------------------- Contents [1] Welcome to the CPSR Alert [2] FBI Digital Telephony Bill Returns [3] Clipper Petition Passes 40,000 Signatures [4] Clipper and Cantwell [5] FCC and Electronic Mail [6] NTIA Privacy Inquiry [7] DIAC Conference Announcement [8] New Files at the CPSR Internet Library [9] Upcoming Conferences and Events ------------------------------------------------------------- [1] Welcome to the CPSR Alert We should take a moment to welcome the new readers of the CPSR Alert. In the last month, the number of subscribers has more than tripled. We'd like to thank you for your interest in CPSR and tell you about a few more services available. If you have FTP/Gopher/WAIS access you should explore the CPSR Internet Library at CPSR.ORG. There is a wide range of materials covering Clipper, civil liberties, information policy and the NII. Many of the Administration's materials are available from CPSR.ORG. We also provide archives for the Taxpayers Assets Projects, Privacy International, and the Cypherpunks mailing list. If you are interested in Clipper and other civil liberties issues, you should consider attending the Computers, Freedom & Privacy conference in Chicago, March 23-26. CPSR sponsored the first CFP in 1991. It is now a leading event for people interested in civil liberties and privacy. (see calendar for more information). In April, CPSR is sponsoring a two-day conference on the National Information Infrastructure at MIT. Featured speakers include Benjamin Barber, Herb Schiller and Tom Grudner. (see section 7 for more information). If you are interested in NII policy, you might want to get a copy of the CPSR NII report, "Serving the Community: A Public Interest Vision of the NII." The report is based on a series of principles developed by the Telecommunications Policy Roundtable and provides a very useful overview of the NII policy debate. The paper is available electronically by sending email to listserv at cpsr.org. In the message body write the command "GET CPSR NII_POLICY" (no quotes). The paper will automatically be mailed to you. You can also get the paper through ftp/wais/gopher at cpsr.org/nii/cpsr_nii_policy.txt. To request a paper copy (about 30 pages) send email to cpsr at cpsr.org. Welcome again to the CPSR Alert. ------------------------------------------------------------- [2] FBI Digital Telephony Bill Returns The Federal Bureau of Investigation has reintroduced its controversial 1992 proposal to require that communications service providers redesign their equipment to facilitate electronic surveillance. The Bureau has sent a draft to Congress but so far, no Senator or Congressperson has stepped forward to sponsor it. The draft bill, ironically named the Digital Telephony and Communications Privacy Improvement Act of 1994, mandates that common carriers (phone, cable and computer network companies) modify their switches and computers to ensure that surveillance can be conducted concurrently from a remote government facility. It requires that manufacturers and support companies assist carriers. In an addition to the 1992 bill, the 1994 bill also mandates that systems be designed to collect transactional information that users generate and make that information available to law enforcement agencies. This information includes data on calls made and received. Under the NII, future information collected may include all manner of transactions, including purchases, financial and medical information. Any company that fails to comply with the requirements of the bill would be fined $10,000/day and shut down. Companies would have three years from the date of enactment to comply. The Attorney General would have the authority to enact these penalties and would be encouraged to cooperate with the Federal Communication Commission. The FCC would issue rules to cover the cost of complying with the procedures. An internal FBI memo released to CPSR under a Freedom of Information Act lawsuit estimates the cost of compliance at $300 million. Communications Daily reports that other experts have estimated that the cost will be over one billion dollars. The bill also revises sections of the Electronic Communications Privacy Act to extend the legal protection of ECPA to cordless phones and clarifies ECPA to allow for monitoring of computer systems by system managers. The 1992 bill was never formally introduced due to lack of a sponsor after industry, civil liberties groups and the public criticized it. Copies of the 1994 and 1992 drafts are available from the CPSR Internet Library. (see below for details). Also available are educational materials about the Digital Telephony proposal. To obtain a video copy of the ABC Nightline special on the original FBI proposal, send $14.98 plus 3.98 s/h to MPI Home Video, 15825 Rob Roy Dr., Oak Forest, IL 60452 and request a copy of the 5/22/92 program "FBI Pushes for Wiretap Powers." The program features a debate between former FBI Director William Sessions and CPSR Washington Director Marc Rotenberg. Available from CPSR is a 450-page sourcebook of materials on privacy and cryptography, including the materials on the original digital telephony proposal with commentary. The CPSR Sourcebook is available for $50. Send a check to CPSR, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003 --------------------------------------------------------------- [3] Clipper Petition Passes 40,000 The CPSR Internet Petition to oppose the Clipper Proposal has now passed 40,000 signatures. The petition has been signed by users at over 2,600 sites, including 1,100 companies and 800 colleges. For specific sites, MIT has the highest single vote tally, with over 600 messages. Messages continue to arrive at a rate of over 1,000 per day. To sign on to the letter, send a message to: Clipper.petition at cpsr.org with the text "I oppose Clipper" (no quotes) You will receive a return message confirming your vote. To obtain a copy of the petition, email a blank message to petition-info at cpsr.org For more information on Clipper, email clipper-info at cpsr.org. You will receive a copy of the Clipper FAQ. Thanks for your help. --------------------------------------------------------------- [4] The Cantwell Bill and Clipper We've received several inquiries concerning H.R. 3627, Rep. Maria Cantwell's bill to liberalize export controls on encryption software. Some people have been given the impression that the Cantwell bill is a response to the Administration's Clipper initiative and that passage of the legislation would effectively put the Clipper issue to rest. Because of the confusion surrounding this proposed legislation, we think it's important to provide some clarifying information. Rep. Cantwell introduced H.R. 3627 on November 22, 1993. Her comments on the purpose of the legislation appeared in the Congressional Record on November 24, 1993, at Volume 139, Page 3110. According to Rep. Cantwell: The legislation I am introducing today is needed to ensure that American companies do not lose critical international markets to foreign competitors that operate without significant export restrictions. Without this legislation, American software companies, some of America's star economic performers, have estimated they stand to lose between $6 and $9 billion in revenue each year. American hardware companies are already losing hundreds of millions of dollars in lost computer system sales because increasingly sales are dependent on the ability of a U.S. firm to offer encryption as a feature of an integrated customer solution involving hardware, software, and services. * * * This legislation takes some important steps to resolve a serious problem facing some of our most dynamic industries. It would give the Secretary of Commerce exclusive authority over dual use information security programs and products, eliminates the requirement for export licenses for generally available software with encryption capabilities, and requires the Secretary to grant such validated licenses for exports of other software with encryption capabilities to any country to which we already approve exports for foreign financial institutions. * * * My legislation is straightforward. It would allow American companies to sell the commercial software they develop in the United States to their overseas customers including our European allies -- something that is very difficult if not impossible under present policies. Rep. Cantwell's remarks contained no reference to the Administration's Clipper initiative, which had first been announced some seven months earlier. Indeed, there is no provision in H.R. 3627 that would in any way rescind the Administration's recent decision to adopt key-escrow Clipper technology as the government encryption standard. The legislation would do precisely what Rep. Cantwell said it would do -- relax restrictions on the export of strong encryption products outside of the United States. Some have suggested that passage of the Cantwell bill would create an environment in which it is less likely that Clipper will become the de facto encryption standard within the United States. This view was expressed by the Electronic Frontier Foundation (EFF) and several large corporations in a letter to the President last December which expressed "tentative" support for Clipper on a "voluntary" basis. CPSR dissented from this position in a subsequent letter to the President and expressed its opposition to the Clipper proposal under any circumstances. While it is possible that the Cantwell legislation would make it less likely that Clipper will become the de facto privacy standard, such a result is by no means a certainty. It is, in fact, possible that passage of the legislation would provide better U.S. encryption products overseas than would be available within the United States -- particularly if, as many fear, Clipper eventually becomes a mandatory standard in this country. We believe that the Cantwell bill is a step in the right direction, as it would remove current disincentives to the development of strong encryption products by U.S. companies. But the proposed legislation is not a panacea -- it would not address the threat to privacy in the United States created by the Clipper initiative. Export controls on cryptography are a related issue, but they are not central to the Clipper controversy. The Administration's adoption of the key-escrow Clipper standard must be opposed and reversed. --------------------------------------------------------------- [5] FCC and Electronic Mail [Note: The Taxpayers Assets Project is circulating a letter to encourage public participation in FCC proceedings through the Internet. CPSR has endorsed the letter and encourages other organizations and individuals to support this effort. Please repond by March 15.] SIGNATURES NEEDED FOR LETTER ASKING THAT INTERNET BE USED TO BROADEN DEMOCRATIC DEBATE OVER FCC PROCEEDING The following is a letter that will be sent to Reed Hundt, the Chair of the FCC, asking that the FCC use the Internet to broaden democratic participation in FCC proceedings. Specifically, Hundt is asked to 1) set up listserves for discussions of FCC rulemakings and inquiries, 2) accept public comments by electronic mail, and 3) provide easier access to the new FCC.GOV internet node. If you are willing to sign the letter, send the following information to Michael Ward of the Taxpayer Assets Project at: Internet: TAP at ESSENTIAL.ORG Fax: 202/234-5176 Postal: P.O. Box 19367, Washington, DC 20036 Voice: 202/387-8030 Name: _________________________ Affiliation: _________________________ (Optional, will be listed as: for purposes of identification only) Postal Address:__________________________ __________________________ __________________________ Voice: __________________________ Internet: __________________________ -------------------------------------------- March 15, 1994 Honorable Reed Hundt Chairman, Federal Communications Commission 1919 M Street, Room 814 Washington, D.C. 20554 Dear Chairman Hundt: We are writing to ask that you use the Internet to broaden opportunities for democratic participation in FCC proceedings. We applaud the FCC for its recent announcement that it has established FCC.GOV as an Internet node, and that the FCC Daily Digest is now available for free by ftp from FCC.GOV. We were also pleased that you have asked the FCC staff to examine methods and procedures for accepting comments on FCC dockets electronically. The measures discussed below would build on your efforts, and are intended to make it easier and less costly for citizens to follow the FCC's work. 1. The FCC should provide Internet electronic mail discussion "lists" on all FCC rulemakings and inquiries. Citizens should be able to sign up for a proceeding by sending a message to the FCC.GOV listserve, with a simple message such as "subscribe pcs-auction-rules-93-253." These Internet discussion lists use today's technology to empower citizens, by enhancing their ability to follow important policy debates. In an Internet discussion list, a citizen can send a message to the FCC listserve, and that message will be echoed to every subscriber on the list. The persons receiving the message will have an opportunity to respond, and a real dialogue can take place. As discussions and debates on the Internet email lists unfold, citizens will have opportunities to gain a much deeper understanding of the issues raised in the proceedings, and how they will be affected by the FCC's actions. 2. In considering methods for accepting comments from the public in FCC dockets, the Commission should provide citizens the opportunity to file comments via electronic mail which is gatewayed through the Internet. These comments should be separate from the dialogue on the discussion lists, and reflect the commentors final views on the subject matter. Several federal agencies now provide opportunities to file comments by electronic mail. For example, OMB's Office of Information and Regulatory Affairs (OIRA), began accepting comments on its Circular A-130 by electronic mail in 1992. 3. As you have already indicated, it will be important that the FCC take steps to ensure that the use of electronic communications is consistent with the legal requirements that the public record be complete and accessible. We understand that the Commission will have to devise ways of ensuring that this broadened public dialogue becomes part of the public record and is in compliance with the Administrative Procedures Act. The Commission should make these comments available to the public both online and through the FCC's reading room. 4. Many citizens can access the Internet via electronic mail, but do not have access to ftp or gopher technologies. Thus, it would be very helpful if the FCC.GOV would provide an "email ftp" service for obtaining files from FCC.GOV, as well as an ability to subscribe to the Daily Digest through electronic mail. Of all the vaunted promises of the information superhighway, the most important is that new information technologies provide opportunities to enhance democratic processes. One of the most important and valuable aspects of the Internet has been its role in restoring civic discourse on a wide range of issues. By adopting these recommendations, the FCC will gain a deeper understanding of the opportunities for enhanced democratic discourse, and it will broaden citizen opportunities to participate in debates over FCC policies. Sincerely, James Love, Taxpayer Assets Project Jeff Chester, Center for Media Education Marc Rotenberg, Computer Professionals for Social Responsibility ---------------------------------------------------------------------- James Love, Taxpayer Assets Project; internet: love at essential.org P.O. Box 19367, Washington, DC 20036; v. 202/387-8030; f. 202/234-5176 12 Church Road, Ardmore, PA 19003; v. 215/658-0880; f. 215/649-4066 ---------------------------------------------------------------------- --------------------------------------------------------------- [6] NTIA Privacy Inquiry DEPARTMENT OF COMMERCE National Telecommunications and Information Administration [Docket No. 940104-4004] Inquiry on Privacy Issues Relating to Private Sector Use of Telecommunications-Related Personal Information AGENCY: National Telecommunications and Information Administration (NTIA), Commerce ACTION: Notice of Inquiry; Request for Comments SUMMARY: NTIA is conducting a comprehensive review of privacy issues relating to private sector use of telecommunications-related personal information associated with the National Information Infrastructure. Public comment is requested on issues relevant to such a review. After analyzing the comments, NTIA intends to issue a report, which may make recommendations to the Information Infrastructure Task Force and Congress in the area of telecommunications and information policy, as appropriate. DATES: Comments should be filed on or before March 30, 1994, to receive full consideration. ADDRESS: Comments (seven copies) should be sent to the Office of Policy Analysis and Development, NTIA, U.S. Department of Commerce, 14th St. and Constitution Ave., N.W., Room 4725, Washington, D.C. 20230. FOR FURTHER INFORMATION CONTACT: Carol Mattey or Lisa Leidig, Office of Policy Analysis and Development, 202-482- 1880. AUTHORITY: National Telecommunications and Information Administration Organization Act of 1992, Pub. L. No. 102- 538, 106 Stat. 3533 (1992) (to be codified at 47 U.S.C. s. 901 et seq.). A full copy of the notice is available at the CPSR Internet Library (see below for details). --------------------------------------------------------------- [7] DIAC Announcement "Developing an Equitable and Open Information Infrastructure" Directions and Implications of Advanced Computing (DIAC-94) Symposium Cambridge, MA, USA April 23 - 24, 1994 Benjamin Barber on Electronic Democracy Herbert Schiller on Media Control and Alternative Programming Tom Grundner on Grassroots Networking The National Information Infrastructure (NII) is being proposed as the next-generation "information superhighway" for the 90's and beyond. Academia, libraries, government agencies, as well as media and telecommunication companies are involved in the current development. Computer Professionals for Social Responsibility (CPSR) and other organizations believe that critical issues regarding the use of the NII deserve increased public visibility and participation and are using the DIAC Symposium to help address this concern. The DIAC-94 symposium is a two-day event and will consist of presentations on the first day and workshops on the second day. The DIAC Symposia are held biannually and DIAC-94 will be CPSR's fifth such conference. We encourage your participation both through attending and through conducting a workshop. Sponsored by Computer Professionals for Social Responsbility Co-sponsored by the Internet Society and the MIT Communications Forum. Other co-sponsors are being sought. Please contact us if your organization would like to help with this event. For more information on co-sponsorship or on general issues, contact conference chair, Coralee Whitcomb, cwhitcom at bentley.edu. ------------------------------------------------------------- [8] New Files at the CPSR Internet Library Dr. Dorothy Denning's paper presenting the law enforcement view of cryptography and privacy issues. /cpsr/privacy/crypto/ denning_crypto_law_enforcement_feb_94.txt NTIA Call for Comments on Privacy Issues related to Private Sector use of Telecommunications Related Information. /cpsr/privacy/misc_privacy/ntia_privacy_comments_notice_feb_94.txt The inaptly named FBI Digital Telephony and Communications Privacy Act of 1994, Feb 1994 draft. /cpsr/privacy/communications/wiretap/ fbi_wiretap_bill_draft_feb_94.txt The CPSR Internet Library is a free service available via FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact ftp-admin at cpsr.org. ---------------------------------------------------------------- [9] Upcoming Conferences and Events "Computers, Freedom and Privacy 94." Chicago, Il. March 23-26. Sponsored by ACM and The John Marshall Law School. Contact: George Trubow, 312-987-1445 (CFP94 at jmls.edu). Directions and Implications of Advanced Computing (DIAC)-94 "Developing an Equitable and Open Information Infrastructure" Cambridge, MA. April 23 - 24, 1994. Sponsored by CPSR. Contact: cwhitcomb at bentley.edu or doug.schuler at cpsr.org. Computer-Human Interaction 94. Boston, Mass. April 24-28. Sponsored by ACM. Contact: 214-590-8616 or 410-269-6801, chi94office.chi at xerox.com "Navigating the Networks." 1994 Mid-Year Meeting, American Society for Information Science. Portland, Oregon. May 22 - 25, 1994. Contact: rhill at cni.org Rural Datafication II: "Meeting the Challenge of Providing Ubiquitous Access to the Internet" Minneapolis, Minnesota. May 23-24, 1994. Sponsored by CICNet & NSF. Contact: ruraldata-info-request at cic.net. Send name, mailing address and e-mail address. "Information: Society, Superhighway or Gridlock?" Computing for the Social Sciences 1994 Conference (CSS94). University of Maryland at College Park. June 1-3, 1994. Contact: Dr. Charles Wellford 301-405-4699, fax 301-405-4733, e-mail: cwellford at bss2.umd.edu. Abstracts for papers due March 1. Contact William Sims Bainbridge (wbainbri at nsf.gov). Grace Hopper Celebration of Women in Computer Science. Washington, DC June 9-11. Contact: 415 617-3335, hopper-info at pa.dec.com DEF CON ][ ("underground" computer culture) "Load up your laptop muffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July 22-24, Contact: dtangent at defcon.org. Conference on Uncertainty in AI. Seattle, WA. July 29-31. Contact: 206-936-2662, heckerma at microsoft.com. Symposium: An Arts and Humanities Policy for the National Information Infrastructure. Boston, Mass. October 14-16, 1994. Sponsored by the Center for Art Research in Boston. Contact: Jay Jaroslav (jaroslav at artdata.win.net). Third Biannual Conference on Participatory Design, Chapel Hill, North Carolina, October 27-28, 1994. Sponsored by CPSR. Contact: trigg at parc.xerox.com. Submissions due April 15, 1994. (Send calendar submissions to Alert at washofc.cpsr.org) ======================================================================= To subscribe to the Alert, send the message: "subscribe cpsr-announce " (without quotes or brackets) to listserv at cpsr.org. Back issues of the Alert are available at the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert and on America Online in the Mac Telecomm folder. Computer Professionals for Social Responsibility is a national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Founded in 1981, CPSR has 2000 members from all over the world and 23 chapters across the country. Our National Advisory Board includes a Nobel laureate and three winners of the Turing Award, the highest honor in computer science. Membership is open to everyone. For more information, please contact: cpsr at cpsr.org or visit the CPSR discussion conferences on The Well (well.sf.ca.us) or Mindvox (phantom.com). ======================================================================= CPSR MEMBERSHIP FORM Name ___________________________________________________________ Address ___________________________________________________________ ___________________________________________________________ City/State/Zip _____________________________________________________ Home phone _____________________ Work phone ______________________ Company ___________________________________________________________ Type of work ______________________________________________________ E-mail address _____________________________________________________ CPSR Chapter __ Acadiana __ Austin __ Berkeley __ Boston __ Chicago __ Denver/Boulder __ Los Angeles __ Loyola/New Orleans __ Madison __ Maine __ Milwaukee __ Minnesota __ New Haven __ New York __ Palo Alto __ Philadelphia __ Pittsburgh __ Portland __ San Diego __ Santa Cruz __ Seattle __ Washington, DC __ No chapter in my area CPSR Membership Categories __ $ 75 REGULAR MEMBER __ $ 50 Basic member __ $ 200 Supporting member __ $ 500 Sponsoring member __ $1000 Lifetime member __ $ 20 Student/low income member __ $ 50 Foreign subscriber __ $ 50 Library/institutional subscriber (Corporate memberships also available) Additional tax-deductible contribution to support CPSR projects: __ $50 __ $75 __ $100 __ $250 __ $500 __ $1000 __ Other Total Enclosed: $ ________ Make check out to CPSR and mail to: CPSR P.O. Box 717 Palo Alto, CA 94301 ------------------------ END CPSR Alert 3.05 ----------------------- From jim at bilbo.suite.com Fri Mar 4 12:06:36 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 4 Mar 94 12:06:36 PST Subject: more steganography talk Message-ID: <9403042001.AA02468@bilbo.suite.com> Stuff that Sergey Goldgaber, Hal, and others wrote induced the following ideas in my head: Goal - create a steganography system that hides cyphertext in such a way that only the true recipient of the message will be able to prove an encrypted message is hidden within a public message. Nobody else will be able to determine if the public message also contains an embedded encrypted message. In Hal's words: > A test, then, for the success of a steganographic > technique is this: given some sampling of data items, > half of which have embedded hidden messages, can the > opponent guess which ones have such messages with better > than 50% accuracy? If not, the steganography is fully > successful. If he can do slightly better than 50%, it may > still be useful depending on the situation. If he can > guess with 100% accuracy, the steganography has failed > and is totally worthless. > If the LSBs of most picture files were truly random, then good steganography would be trivial. Anyone could just plop an unremarkable encrypted message (Stealth-PGP) in the LSB's, starting at the beginning of the file. Since one sequence of truly random bits statistically looks like any other sequence of truly random bits, nobody would be able to prove the picture file contained a hidden encrypted message. Unfortunately, I doubt that most, or even many, picture files have truly random LSBs. It would be possible to write frame grabber or scanner software to purposely place random bits in the LSB of picture files to generate a source of useful picture files. When this software became widely used, good steganography would become trivial. Unfortunately, I don't have much confidence that this could be pulled off on a large enough scale. If it could be done, great, but I'm not holding my breath. Assuming the LSBs of most picture files are not truly random, and wont be any time soon, the next approach to good steganography would be to figure out how to transform a sequence of random bits (your encrypted message) into a sequence of bits that resemble the kinds of bit patterns you see in typical picture files. If you could do this, and do it without requiring more secret keys, then good steganography becomes trivial again. [Actually, you don't have to transform your random bits into a *sequence* of typical picture file LSB bits. The steganography algorithm could deposit the bits anywhere in the picture file, as long the process was reversible and the result was undetectable.] "Reversible, undetectable, without requiring additional keys." Sounds like a good set of requirements for a steganography system. I have an idea to help with the "reversible" part and the "no additional secret keys" part, and it suggests a direction for the "undetectable" part. The idea: Encrypt a widely known value with the recipient's public-key and use the result as an initialization vector for a clever transformation/steganography algorithm. The message recipient recovers the encrypted message by re-calculating the initialization vector using the same widely known value and his public-key and reversing the transformation/steganography step. The initialization vector will be different for each message recipient. The "widely known value" could be a large block of bytes. A large file of random bits could be shipped with the steganography executable. The intent is to make it more difficult and time consuming for the opponent to determine if a public message contains a hidden encrypted message. It's not fool-proof. The opponent could try to discover a hidden message by reversing the process using every known public-key. Worse, an opponent could narrow the search by only trying the public-keys of suspected recipients. However, I think it is an improvement over the techniques being used today. One significant property this technique does *not* possess is deniability. A perfect steganography system will produce results that will let a recipient claim that they did not know a message contained a hidden encrypted message (e.g. most picture files had truly random LSBs). If somebody sent you a hidden message using your public-key and the initialization vector technique, your claim of ignorance might not hold up. Anybody could use your public-key to recover the random bit sequence. They would not recover the contents of the hidden message, but they would be able to show that your file did contain what appears to be a hidden message. It might be enough to tip the scales of justice against you. In my mind, the perfect steganography system depends upon either an environment containing ubiquitous random bit sequences or a reversible algorithm that can transform non-random bit sequences into random bit sequences without using encryption (unlikely). However, I believe a less-than-perfect, but still useful steganography system could be created using the initialization vector technique described above. Jim_Miller at suite.com From hughes at ah.com Fri Mar 4 13:00:18 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 4 Mar 94 13:00:18 PST Subject: more steganography talk In-Reply-To: <9403042001.AA02468@bilbo.suite.com> Message-ID: <9403042051.AA04295@ah.com> >The idea: Encrypt a widely known value with the recipient's >public-key and use the result as an initialization vector for a >clever transformation/steganography algorithm. How many public keys are there can there be? Assume one hundred each for 10 billion persons. That's 2^40 keys, or an effective key length of 40 bits. Since there are not more than 2^16 public keys right now (a generous estimate) we can assume that this technique is insecure for public keys. Of course, if the public key is not actually public, but only in the possession of the sender, that's another matter, but just try keeping a public key under close distribution sometime. Both PGP and PEM fail to support protocols to restrict the distribution of 'public' keys. Public should mean that the key is held by someone other than the holder of the private key, not that the key is necessarily available to everyone. Eric From jeremy at crl.com Fri Mar 4 13:04:32 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Fri, 4 Mar 94 13:04:32 PST Subject: Increasing the encrypted/unencrypted ratio (was Re: Insecurity of public key crypto #1 (reply to Mandl)) In-Reply-To: Message-ID: On Wed, 2 Mar 1994, Anthony D Ortenzi wrote: > > Well, I know that this might be a bit of a "crazy" idea, but would the > best way to distribute an encrypted mailing list be to have a PGP setup > where there is a public key to the mailing list, and all recipients are > given copies of the secret key? I know that it might be a bit stupid > from the security side, but if each person was using PGP, the secret key > would be PGP encrypted and sent with that person's public key, ensuring > that only subscribers would get it, and then using that secret key to > decrypt the messages as they are recieved? > > > Just wonderin'.... > Anthony > > I think you are probably not thinking about how Public key systems work. It doesn't matter which key you use, public or private, each one reverses the effect of the other. In this case what you are calling the secret key would really be the public key, and vice-versa. You are just asking that the public key be known only among the recipients of the list. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From baum at newton.apple.com Fri Mar 4 13:17:12 1994 From: baum at newton.apple.com (Allen J. Baum) Date: Fri, 4 Mar 94 13:17:12 PST Subject: SF Chron comes out against Clipper Message-ID: <9403031823.AA08647@newton.apple.com> Well, not exactly the Chron, per say, but... this morning a new column debuted about computer networks, the internet, the information highway, and other extrememly trendy topics. The first column was all about Clipper, and why it was a bad idea. I didn't bring it with me today, so I'm not remember lots of details. The writer has an email address on the well (rbr at well.sf.ca.us??). ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, 20525 Mariani Ave, MS 305-3B * * Cupertino, CA 95014 baum at apple.com * ************************************************** From jim at bilbo.suite.com Fri Mar 4 13:41:46 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 4 Mar 94 13:41:46 PST Subject: even more steganography talk Message-ID: <9403042136.AA03953@bilbo.suite.com> Another way to describe a successful steganography system... I am the opponent. I possess a collection of files that might contain hidden encrypted messages. My task is to determine if they do contain hidden encrypted message. A casual inspection of the files does not reveal any bit patterns that deviate significantly from patterns found is most examples of these kinds of files. However, I suspect these files contain hidden messages that were deposited using a steganography algorithm initialized from a public-key generated initialization vector. To test my hypothesis, I will reverse the steganography process using a large collection of public-keys and then examine the resulting bit sequences. -------- If the steganography algorithm is a good one, reversing the steg process will produce a sequence of bits that appears relatively random, even if there is *no* hidden message. What does "appears relatively random" really mean? How do you measure the randomness of a sequence of bits? I'm not an expert in this field, but I would guess you could measure the randomness by attempting to compress the bit sequence. If the bit sequence does not compress much, it is relatively random. How much is "not much"? In other words, what threshold compression percentage value should you use to declare one bit sequence random and another not random? I don't know. To generalize, an opponent will perform some kind of test to determine if the result of reversing the steg process produces a random bit sequence or a non-random bit sequence. The test will have some threshold value below which indicates a random sequence. If the output of the reverse steganography step always falls below the threshold, even if there is no hidden message, then the opponent will not be able to determine if a file contains a hidden message. Jim_Miller at suite.com From jeremy at crl.com Fri Mar 4 13:53:17 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Fri, 4 Mar 94 13:53:17 PST Subject: Standard for Stenography? In-Reply-To: <9403030632.AA13653@hot.ee.lbl.gov> Message-ID: On Wed, 2 Mar 1994, Jef Poskanzer wrote: > > By the way, this discussion is an example of something I have labelled the > "silence is invisible" phenomenon. It goes like this: there's a discussion; > some of the participants work out an answer, and as far as they're concerned > the discussion is over. However, other participants don't understand the > answer, and keep on talking. In a physical meeting, the talkers would > notice the annoyed looks on the faces of everyone else; or if the meeting > had a good facilitator, he or she would catch on to the misunderstanding > and correct it; but in cyberspace, those feedback mechanisms don't happen. > --- > Jef > I agree that it does not happen in that way in cyberspace, but I disagree that it does not happen at all. Confused people in cyberspace tend to talk of topic instead of being silent. If you are a good moderator, you can almost read the minds of the people who are confused. I admit it takes more skill in cyberspace, but it is still quite possible. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From mnemonic at eff.org Fri Mar 4 14:13:54 1994 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 4 Mar 94 14:13:54 PST Subject: SF Chron comes out against Clipper In-Reply-To: <9403031823.AA08647@newton.apple.com> Message-ID: <199403042211.RAA22121@eff.org> Allen Baum writes: > this morning a new column debuted about computer networks, the internet, > the information highway, and other extrememly trendy topics. > > The first column was all about Clipper, and why it was a bad idea. > I didn't bring it with me today, so I'm not remember lots of details. > The writer has an email address on the well (rbr at well.sf.ca.us??). Can someone mail me a hard copy of this piece? We need it for our files. A photocopy would do. --Mike Godwin EFF 1001 G St. NW Suite 950 East Washington, DC 20001 From jim at bilbo.suite.com Fri Mar 4 15:18:38 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 4 Mar 94 15:18:38 PST Subject: more steganography talk Message-ID: <9403042313.AA05531@bilbo.suite.com> Eric Hughes writes: > Assume one hundred each for 10 billion persons. That's > 2^40 keys, or an effective key length of 40 bits. Since > there are not more than 2^16 public keys right now (a > generous estimate) we can assume that this technique is > insecure for public keys. > I'm not really sure what you mean by "insecure for public keys". I'm not trying to achieve "security through obscurity". I'm trying to achieve "deniability through obscurity". If the reverse steg process makes it look like all, or even many, files contain hidden messages, even when they don't, then you can plausible deny knowledge of a suspicious bit pattern in any specific file. Jim_Miller at suite.com From mcb at net.bio.net Fri Mar 4 16:34:15 1994 From: mcb at net.bio.net (Michael C. Berch) Date: Fri, 4 Mar 94 16:34:15 PST Subject: New mailing list? Message-ID: <199403050033.QAA23619@net.bio.net> I was thinking about Alan's proposal for a moderated real-world-crypto list (which sounds good, by the way!), and it brought up my main problem with cypherpunks, which is sheer volume, volume, volume! It's not a "noise" problem -- since the end of the LD foolishness the greatest part of what has been posted here has been intelligent, thoughtful stuff. But since c'punks has grown to the size of a newsgroup in volume, simply getting through it is *difficult*. My proposal is pretty simple: splitting the list into cypherpunks-tech and cypherpunks-policy. (Cypherpunks-announce would be left alone of course.) I think a large number of readers would want to be on both lists, but a large number (like myself) would *not*, and if nothing else, it would cut down the mailer load on toad. In short, technical crypto articles, reviews of papers, steganography stuff, PGP-specific stuff, all source code, etc., would go to the cypherpunks-tech list; while policy articles, Clipper stuff, political discussions, anarcholibertarian/extropian material, social implications of digital cash, etc., would go to the cypherpunks-policy list. I *know* there are people out there who would rather that the political stuff not get in the way of their technical discussions, and then there are people like me who are more focused on the policy issues (and regardless of technical background, are never going to be code-level crypto hacks). Comments? -- Michael C. Berch mcb at net.bio.net / mcb at postmodern.com From mcb at net.bio.net Fri Mar 4 16:53:44 1994 From: mcb at net.bio.net (Michael C. Berch) Date: Fri, 4 Mar 94 16:53:44 PST Subject: Gun conversion info banned Message-ID: <199403050052.QAA24822@net.bio.net> Mike Godwin writes: > > "labeling for an unlawful medical device" -- the Orgone Accumulator. > > Likewise FDA seizures of Scientolgy literature in the '60s as "labeling > > for an unlawful medical device" -- E-meters. Then there are the moves > > against vitamin literature in recent FDA raids. I don't think the courts > > have ever faced the specific issue of regulatory censorship. > > These cases are pre-Brandenburg v. Ohio. In Brandenburg, the Supreme Court > held that mere advocacy of illegal conduct is Constitutionally protected. But the Court has upheld various police-power suppressions of advertising material, etc., even after Brandenburg (1969, right?) under the "commercial speech" exception, like Pittsburgh Press v Human Relations Comm. 413 U.S. 376 (1973). [Glommed from my 1979 Con Law textbook.] This is a doctrine that commercial expression is less Constitutionally protected than political and literary expression for historical and public policy reasons. I don't know what the present state of the commercial speech exception is, but it has definitely been a nasty stain on First Amendment jurisprudence since Valentine v Chrestensen in 1942. -- Michael C. Berch mcb at net.bio.net / mcb at postmodern.com From mech at eff.org Fri Mar 4 16:56:07 1994 From: mech at eff.org (Stanton McCandlish) Date: Fri, 4 Mar 94 16:56:07 PST Subject: CPSR "explains" why Cantwell bill doesn't matter much - a rebuttal Message-ID: <199403050053.TAA25315@eff.org> I'm finding myself, unfortunately, needing to respond to a widely distributed article of sorts from the 3.05 issue of CSPR Alert. The article was unsigned, so I can't address it to anyone by name. The article states: >Some people have been given the impression that the Cantwell bill is a >response to the Administration's Clipper initiative and that passage of >the legislation would effectively put the Clipper issue to rest. >Because of the confusion surrounding this proposed legislation, we >think it's important to provide some clarifying information. Avoiding the passive verb structures, this can better be rephrased as "Some people have assumed that..." People are not given impressions, they _form_ impressions themselves. It is indeed important to clarify information. However the attempt to do so that I see here does not in fact clarify. To wit: >Indeed, there is no provision in H.R. 3627 that would in any way >rescind the Administration's recent decision to adopt key-escrow >Clipper technology as the government encryption standard. The >legislation would do precisely what Rep. Cantwell said it would do -- >relax restrictions on the export of strong encryption products outside >of the United States. To my knowledge, no one in the know has suggested that the purpose of the Cantwell bill is to "recind" the Clipper EES. It is plain from a reading of EFF's material on the subject, Cantwell's own commentary on the bill, and, of course, the bill itself, that HR 3627 is not intended to directly challenge Clipper (unlike Senator Leahy's proposed hearings, also supported by EFF), but is intended to liberalize export restrictions, pulling an important rug out from under Clipper/Skipjack's metaphoric feet. If one cares to read the mass of Feb. 4 documents issued by the White House, Dept. of State, and other agencies, it is abundantly clear that clamping down export restrictions on all cryptographic products, except those supporting the Administration's EES, is a major part of the proposed Clipper deployment plan. It's been more than adequately debated over the last several months that the such a clampdown is necessary if Clipper is to be a so-called success. The measure is aimed at making it difficult for any non-EES crypto application to compete with Clipper, thereby establishing Clipper as a de facto standard. Given this, _any_ attempt to reduce export restrictions is a positive move for privacy-advocates to support, and serves as a strong, though indirect, countermeasure against Clipper. >Some have suggested that passage of the Cantwell bill would create an >environment in which it is less likely that Clipper will become the de >facto encryption standard within the United States. This view was >expressed by the Electronic Frontier Foundation (EFF) and several large >corporations in a letter to the President last December which expressed >"tentative" support for Clipper on a "voluntary" basis. The writer of the message I am replying to here is well aware that this entire matter has been thoroughly dealt with and fully explained. I've done this so many times, I am hesitant to do so again, but these recurring misinterpretations leave me little choice but to clarify one more time: >From EFF's Dec. 8 Cryptography and Policy Statement: >>[There] was a misunderstanding of what the DPSWG offered the >>administration in this proposal [the letter referred to above], leading to >>the belief that both the DPSWG (a coalition of over 50 computer, >>communications, and privacy organizations and associations) and it's >>principal coordinating organization, the Electronic Frontier Foundation, >>have offered to ease their opposition to Clipper. >> >>We see it as a pragmatic effort to get the government to wiggle on >>these issues: one step in the right direction, with many more to >>follow. This step is that we insist that use of Clipper and key >>escrow must be completely voluntary. It's not voluntary if users of >>the Skipjack algorithm are forced to use key escrow. It's not >>voluntary if users who do choose escrow are forced to use the >>government's choice of escrow agents. It's not voluntary if >>manufacturers such as AT&T are pressured into withdrawing competing >>products. It's not voluntary when competing products can't be sold in >>a worldwide market. It's not voluntary if the public can't see the >>algorithm they are "volunteering" to use. It's not voluntary if the >>government will require anyone to use Skipjack or escrow, even when >>communicating with the government. >>... >>But NSA is digging in, and a legislative fight looks more likely. >>If diplomacy fails, EFF must fight for our rights. Thus, we are >>going to need all the allies we can find, from IBM, Apple, Lotus, >>and Sun, to cryptographers, cypherpunks, and folks on the net. >> >>EFF wants the public and the Administration to know (as we have >>frequently stated to them face to face) that the Electronic Frontier >>Foundation would fight to the end any attempt by the Administration to >>do any more than let companies use Clipper if they want and to let people >>buy it if they want -- and only in a market which has other strong >>encryption schemes available because export controls have been lifted. If one actually reads this, one finds that our definition of "voluntary", which has been made _very_ clear to the Administration in repeated face-to-face meetings, stipulates: 1) no forced key escrow, and no forcing of governmental-only escrow for even those that _want_ key escrow 2) no governmental pressure on the marketplace 3) no export restrictions 4) no classified algorithm 5) no FIPS standard, and no forcing _anyone_, even govt. agencies, to use it. In other words, if the entire Clipper scheme were reworked such that Clipper was nothing more than the open, _truly_ voluntary, publicly examinable successor to DES - a quite innocuous govt. crypto standard - then and only then would EFF and the Digital Privacy and Security Working Group offer it's "tentative" support. Please keep in mind that, barring secret NSA backdoors, there is nothing inherently "bad" or "wrong" about the Clipper/Skipjack encryption. Only the methodology involved is reprehensible and unAmerican. >CPSR dissented from this position in a subsequent letter to the President >and expressed its opposition to the Clipper proposal under any >circumstances. Please note that EFF also signed this letter. Any opposition to CPSR being perceived here is 100% illusory. At any rate, I'd also like to point out that the DPSWG letter and the EFF '93 crypto-policy statement are at this point old history. They are no longer applicable (an example line: "It is December, the escrow system is still uncertain, and the Administration is still drafting a report which was due in July" - how timely does this sound?) Dragging such a dead horse out for another beating is quite unfathomable to me. I sincerely hope this will the very last time I have to clarify this matter, partly because I'm tired of repeating myself, but mostly because this sort of inter-organization baiting is counter-intuitive and counter-productive for all organizations and individuals involved, and could cost us (by which I mean those opposing Clipper, in general) a lot of credibility. To continue with the present matter, however: >While it is possible that the Cantwell legislation would make it less >likely that Clipper will become the de facto privacy standard, such a >result is by no means a certainty. It is, in fact, possible that >passage of the legislation would provide better U.S. encryption >products overseas than would be available within the United States -- >particularly if, as many fear, Clipper eventually becomes a mandatory >standard in this country. This is false on its face. Please support the notion that crypto which, somehow, becomes illegalized in this country would be allowed to be manufactured for export purposes only. That's absurd; it's like imagining a "gun control" law that banned using firearms in the US, but encouraged everyone to buy guns and ship them to other countries. At any rate, EFF intends to help see to it that Clipper does _not_ become mandatory, nor that non-Clipper crypto is outlawed [pretty much the same in effect]. No ifs, ands or buts about it. Even beyond this, this scenario is completely unrealistic, not least because the best crypto in the world is _already_ available outside the US. No amount of lawmaking is going to stop it, short of destroying every computer, phone line, fax machine and printing press in the country. Even this will not put the crypto genie back in the bottle anyway. Fact is, some of the best crypto in the world wasn't even made in the US in the first place. Ever heard of IDEA? >We believe that the Cantwell bill is a step in the right direction, as >it would remove current disincentives to the development of strong >encryption products by U.S. companies. On this much I think we can be in complete agreement. >But the proposed legislation is not a panacea -- Of course it isn't. Please quote anyone saying that it is. >it would not address the threat to privacy in the United States created by >the Clipper initiative. Export controls on cryptography are a related >issue, but they are not central to the Clipper controversy. The >Administration's adoption of the key-escrow Clipper standard must be >opposed and reversed. Export control reform is indeed central to the issue. Without export controls, the major market-leverage crutch of the entire Clipper scheme is ripped away, revealing the "poor lame beggar" act to be a scam. Law enforcement doesn't "need" the "protection from terrorists, drug dealers and child pornographers" supposedly to be provided by Clipper, any more than the American people need another hole in their privacy. But you know that. If all you mean to say is that the Cantwell bill is not the only way fight Clipper, and will not solve all of the problems, you'd be right. But why don't you just say so, instead of taking this as yet another opportunity for grandstanding? It's unbecoming of an organization on the same side as the rest of us. In closing, I'd just like to say that everyone realizes that Cantwell is not the be-all and end-all of pro-privacy, anti-Clipper action. You can bet I added my signature to _your_ petition, and I hope everyone does, whether it will work or not. Better to have tried and failed that never to have lifted a finger. With that, I must ask you, have _you_ sent in your letter of support for the Cantwell bill yet? If not, it's real easy: State your reasons for supporting the bill, and send them to cantwell at eff.org. The results, already numbering in the thousands, are regularly printed out and delivered to Rep. Cantwell personally. With high regard, but a fair amount of exasperation, S.McC. "We must all hang together, or assuredly we shall all hang separately." - Benjamin Franklin, at signing of Declaration of Independence; July 4 1776 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From fhalper at pilot.njin.net Fri Mar 4 18:10:59 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Fri, 4 Mar 94 18:10:59 PST Subject: reply-to feeds an anon pool, jpp=pr0duct=cypher Message-ID: <9403050210.AA17485@pilot.njin.net> What is that "famous Cypherpunks public key?" Reuben Halper From jpp at markv.com Fri Mar 4 19:18:23 1994 From: jpp at markv.com (jpp at markv.com) Date: Fri, 4 Mar 94 19:18:23 PST Subject: reply-to feeds an anon pool, jpp=pr0duct=cypher In-Reply-To: <9403050210.AA17485@pilot.njin.net> Message-ID: <9403041908.aa18245@hermix.markv.com> I think this is Pr0duct Cypher's public key --- but I could be wrong. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAi0xHTIAAAEEAKeIU9S010e1AxYy2R379ptHunqM0kRMgWnOwfCnVets8jTh r7B87pzFNVj6kBs8F9TKQdk62JR5Kiq2rVODFSLmN2JThnhfDu/tAYAz8fJsWkxG n5IhcjxkQpfb2LDs4EBJgWhI9HxIfCvhSkFdrFe9JBfm0KKB5sGoFIWXVYodAAUT tCFQcjBkdWN0IEN5cGhlciA8YWx0LnNlY3VyaXR5LnBncD4= =j/dW -----END PGP PUBLIC KEY BLOCK----- From wcs at anchor.ho.att.com Fri Mar 4 21:01:04 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 4 Mar 94 21:01:04 PST Subject: more steganography talk Message-ID: <9403050500.AA01957@anchor.ho.att.com> Eric Hugher, replying to somebody, writes: > > The idea: Encrypt a widely known value with the recipient's > > public-key and use the result as an initialization vector for a > > clever transformation/steganography algorithm. > > How many public keys are there can there be? > Assume one hundred each for 10 billion persons. That's 2^40 keys, or > an effective key length of 40 bits. Since there are not more than > 2^16 public keys right now (a generous estimate) we can assume that > this technique is insecure for public keys. If you're going to go to the trouble of using a public key, including handling generation, distribution and validation of public keys, you might as well use a "clever transformation/steganography algorithm" that's good enough that a brute-force search of all the public keys won't reverse it. A good candidate for such an algorithm would be IDEA - and if this sounds like I'm reinventing PGP, it's intentional :-) Essentially, you're proposing wrapping PGP in PGP, or in weakened-PGP. Better to just use Stealth-PGP to eliminate the distinctive markers that make PGP easy to find, maybe run the code through tran for extra scrambling if you're not running pnmstega, and then steganize. And make sure that if you write PGP, The Next Generation, you make it stealthy so people who don't have the right keys just see noise. Bill From sergey at delbruck.pharm.sunysb.edu Fri Mar 4 22:22:00 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Fri, 4 Mar 94 22:22:00 PST Subject: Standard for Stenography? In-Reply-To: <9403041456.AA02863@vail.tivoli.com> Message-ID: On Fri, 4 Mar 1994, Mike McNally wrote: > Maybe not, but if you've been paying atention you know of a great deal > of theory that support the intractability of solving certain problems > in realistic amounts of time. Most PK cryptosystems are based on > relatively simple principles of mathematics. It stretches the > imagination to think that the NSA somehow has solved the factoring > problem; I concede it's possible, but unlikely. Granted. > > > The point is, that in the real world, we'll never know if our algorithms > > are "good enough to withstand an opponent who has full documentation of > > your algorithms and methods lots of funds, and everything except your keys." > > Depends on what you mean by "know", I guess. know = 100% objective certainty > > > > security-by-obscurity is a naive waste of time, > > > > I still don't see why. > > Well, you can't tell when you've been compromised, How can you tell that you've been compromised if you stick to non-security-by-obscurity methods? > and you have no > rigorous way of demonstrating the robustness of your obscurity. That would be difficult. But, lack of objective measures does not mean that security-through-obscurity is innefective. BTW, there may be some statistics on the effectiveness of StO, somewhere. (Anyone out there heard of any?) > The real problem, however, is that you'll have a hard time convincing > anybody else to participate. I am not trying to convince everyone hide their data in the same place I am hiding it. Simply consider hiding it, rather than leaving it out in the open! That's not too crazy a proposition, is it? > You can hide all your valuables in a really clever place and do all > sorts of really clever secret things to protect them, and that may > make you feel secure. However, you won't be able to convince me to > entrust *my* valuables to you unless you explain to me the details of > your techniques. Take your encrypted data. Stick it in a file, using a variable offset. That's all there is to it. Sergey From tcmay at netcom.com Fri Mar 4 23:06:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 4 Mar 94 23:06:07 PST Subject: French Govt Confirms Plans To Issue Smart Card ID Cards 03/04/94 Message-ID: <199403050706.XAA15145@mail.netcom.com> Someone sent me this message and suggested I forward it to the List. I'll just send it along via the normal channels. By the wa, this is just one of several indications that non-U.S. nations are just as far along as the U.S. is in moving toward a Surveillance State. I mentioned this a few weeks back, and some List members from Norway, Australia, and elsewhere contributed tidbits from their own countries. Germany, France, and the United Kingdom are very far along in such developments, and generally lack the same kind of civil liberties consciousness that the U.S. has (this is not a criticism of Europeans, but a statement of fact. Lacking robust constitutions--not that the U.S. document is looking particularly robust these days--the police have extensive powers of search and seizure, and of detention, and of surveillance, that even the American Security Apparatus can only envy. The Germans are on the verge of rescinding some constitutional provisions to allow for increased police surveilance. Ironically, the Bundesnachrichtendienst (BND) seeks these powers ostensibly to combat Neo-Nazism and nuclear terrorism, while Neo-Nazi murderers are slapped on the wrist. Read "The Economist" for details of events in Europe, or "Germany Alert," a newsletter out of New York written by German ex-pats to educate the world about the dangers of fascism in Germany and Europe today. The links to Clipper and the "family keys" being prepared for the French, Japanese, and other nations tell us that the key deals have already been cut. Here's the article, this one about France. Subject: French Govt Confirms Plans To Issue Smart Card ID Cards 03/04/94 (fwd) To: tcmay at netcom.com Date: Fri, 4 Mar 94 23:05:30 Tim, you might wanna forward this to cypherpunks under the information liberation front. I don't have a list of currently working remailers so I really can't forward it anonymously now. Its scary. > PARIS, FRANCE, 1994 MAR 4 (NB) -- The French government has > confirmed its plans to replace citizen's paper-based ID cards with > credit card-sized "smart card" ID cards. > > According to Charles Pasqua, the French Interior Minister, the smart > ID cards have already been trialled in several regions of France and > will be phased in across the whole of the country by the end of next > year. The new cards are distinctive, Newsbytes notes, owing to their > blue color. > > Initially, the cards can be read by anyone with a suitable card > reader and will include name, address and date of birth > information. Plans are in hand, however, to allow advanced card > readers to link to the French central database and automatically > update the card with new information, such as change of address > etc., as it becomes available. > > According to Pasqua, the main reason for the introduction of the > cards was one of national security, as he noted that, since the > cards began their trials in 1988, more than 500,000 had been issued > and not one forgery had turned up. In comparison, out of three > million paper ID cards issued in 1992, around 10,000 were forged. > > Visitors to France, Newsbytes understands, will shortly be > issued a computerized stamp, including a barcode readable tag > affixed to their passport. Visitors with "right to remain," (a > term applied to visitors staying longer than six months) will be > issued with the smart ID cards in due course. > > Smart cards are all the rage in France at the moment, Newsbytes > notes. Almost all Visa cards issued by French banks are smart cards, > with the electronics supplied by Thomson CSF and other French > technology companies. > > The cards contain details of recent transactions, as well as act > as an "electronic purse" for smaller value transactions using a > personal identification number (PIN) as authorization. "Purse > transactions" are usually separate from the card credit/debit > system, and, when the purse is empty, it can be reloaded from the > card at a suitable ATM or retailer terminal. > > (Steve Gold/19940304) > > > From hughes at ah.com Fri Mar 4 23:28:13 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 4 Mar 94 23:28:13 PST Subject: New mailing list? In-Reply-To: <199403050033.QAA23619@net.bio.net> Message-ID: <9403050719.AA06416@ah.com> No offense, Michael, but you've made a Frequently Offered Suggestion. I really should put the answer in a cron job. The mailing list won't be split. >My proposal is pretty simple: splitting the list into cypherpunks-tech >and cypherpunks-policy. This proposal has been put forward before. No doubt it will be put forward again. But it's not going to happen. I sound cranky, I know. Let's be explicit. The list is not going to be split because I don't want it to be split. By my fiat. It's not fair and it's not democratic and it's not going to change. Cypherpunks is where the politics meets the code. It is the interplay between software design and political desire which is where the all the good stuff happens. Policy separated from development lags the reality of deployment, and necessarily. There's already a newsgroup for this: talk.politics.crypto. Technicality separated from sociality is unaware and harbors deep-seated contradictions. There's already a newsgroup for this: sci.crypt. Programmers implement culture, and cypherpunks write code. I want each reader of these words to reflect on the phrase "implementing culture". If you do not realize the magnitude of this principle and have some respect for its enormity, I would sincerely suggest that your time would be better spent reading some political philosophy and some technological history and pondering over your desires, to make sure that you know them. Eric From sergey at delbruck.pharm.sunysb.edu Fri Mar 4 23:45:18 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Fri, 4 Mar 94 23:45:18 PST Subject: Security through Obscurity In-Reply-To: <199403041522.HAA24738@jobe.shell.portal.com> Message-ID: On Fri, 4 Mar 1994, Hal wrote: > From: Sergey Goldgaber > > > > If I have understood you correctly, there is nothing wrong with equating > > obscurity with a practical, albeit temporary, increase in security. > > Equating obscurity with ultimate security is a mistake. As is equating a > > "strong" algorithm with ultimate security. > > I would not put it like this. Rather, if you want a temporary increase > in security, you need to calculate, or at least assume, how much extra time > it will take for your opponent to defeat your temporarily-secret information. > Just saying, "oh, well this complication ought to slow him down some, heh > hey," doesn't cut it. Again, you need to be explicit about exactly what > information you are keeping temporarily secret, and how long you expect it > to be kept secret. > I agree. Your cost assesments will, however, be different for each individual StO method. I was generalizing. > > I would like to propose that there is a goal, in addition to those you have > > revealed, for the opponent as well as the legitimate user of steganography. > > The opponent would, ideally, wish to not only determine that there is a > > message within the data; in addition, he would prefer to be able to extract > > that message for analysis. Therefore, I believe that it would be to the > > advantage of the stego-user to not only hide the existence of his message, > > but to do so in such a way that the cost of successfully extracting that > > message, by his opponent, is maximized. > > > > I think this is a plausible, although less ambitious, goal. But what's > this about "maximizing cost"? Where does that fit into the analysis? This > does not tell you whether your "maximization" has actually helped or not. Well, if we adopt the method of comparing the cost of implementing a given steganography method to the cost of breaking it as a valid measure of its effectiveness; then, it would make sense to "maximize" the cost of breaking it as a means of making the method more effective (ie. making the method more obscure would make it more effective). > Instead, if you are going to adopt this goal, this means that the test of > your steganography is whether the opponent can extract the message. It's > not that your goal is to "maximize his difficulty". It's that your goal is > to stop him. Again, NoStO emphasizes clear statements of your goals and > costs. The more difficult it is for one's opponent to extract the message, the more effective the method is. Thus, "maximizing his difficulty" is a valid goal. As I see it, this is a goal of most encryption systems. To make decryption as difficult as possible, if not impossible (ie. maximum difficulty). > > (The reason I say this is less ambitious is that if the opponent can > determine there is a message, but not what it is, they may be able to > bring penalties to bear on those communicating, depending on the circum- > stances. For example, finding a stego'd file on someone's hard disk > might represent probable cause that illegal encryption was used, in some > hypothetical future.) > I am well aware of this. I was not proposing the above goal as a substitute, but an addition to the one you pointed out. > > I have to take exception with the assertions made in this paragraph. > > Using the principles of public-key systems, the steganography key itself > > does not have to be kept secret. The sender, reciever, and indeed the > > opponent would all have access to this key without compromising the > > security of the system. The challenge, for the opponent, lies in figuring > > out which public-key the sender has used. I have no statistics on > > exactly how difficult this challenge would prove; but, considering the > > number of public-keys currently availiable and projecting several years > > into the future, the challenge may be a very significant one. > > What key are you talking about here? The public one? That is not > secret. As you say, the opponent has access to it. Are you assuming that > the opponent cannot guess which public key was used? How will you measure > the accuracy of this assumption without statistics? I am assuming that it will cost the opponent effort. I have no statistics to show exactly how much effort it would cost him; as I believe it would be different in every individual case. However, it is clear that the effort needed would increase. > I really don't think you have understood my essay. The point, again, of > avoiding StO is to make it clear what you are keeping secret, and to count > the costs of keeping it secret. If you are counting on keeping secret the > recipient of the message then you have these costs: > I do not think you have understood _my_ essay. My proposal was for a default, variable offset in certain steganography applications. The benefit of this is obvious: having no offset or a non-variable offset would make for generally poorer security; as, the effort required in figuring out where one's file is located is nonexistant. Effort increases when a variable offset is implemented. > Any stego files found in the recipient's possession are broken. This need only be the case if the recipient keeps his recieved files (which were sent using the _default_ settings) in their original format. Any compromise in security can be avoided if he resets the offset to a custom value. > > Stego files can be exhaustively searched against a list of public keys. > Regularly encrypted files can be searched against random secret keys. The effort involved in both is greater than not having to search at all. > If a particular group or person is targeted for surveillance his keys can > be used against all widely-known stego channels. If no offset, or a non-variable offset, is used than one's opponent wouldn't even have to try to recover the file! That is why I only proposed a default offset, while pointing out that maximum security can only be achieved through custom offsets! > Further, your own test is so weak (inability to recover the actual message) > you have not attempted to make it impossible to guess when you have > recovered the message, even with the correct key information. So in each > of the cases above the authorities know when they have the message in hand. In my original post I made it clear that my proposal was an addition to, not a subsitition for, the goal you set. Therefore, the ideal steganography program would make it impossible to guess that there is a message _as_well_as_ make it impossible to tell where the message is located. These functions are not mutually exclusive. > Now if you are tempted to say that this isn't true, because we could arrange > for the message ALSO to be unrecognizable even when successfully recovered > (so that the opponents don't know when they have recovered it) then you > have missed the whole point. You earlier rejected this test. If you had > accepted it, you wouldn't have needed your keys at all. > > Hal You proposed that a successful steganography program should hide the message in a file in such a way that one's opponent would have to guess about the existance of a message in that file. I do not dispute that goal. I simply offer an additional one. Let me give an example: Steganography Program A hides data at no offset, with a 49% probability of hostile recognition. This program would pass your proposed test. Because it offers no offset, successfull extraction of the data requires only X ammount of effort from one's opponent. Steganography Program B hides data at a variable offset, with a 49% probability of hostile recognition. This program would also pass your proposed test. Because it offers a variable offset, successfull extraction of the data requires X+Y ammount of effort from one's opponent. User C hides data in all 100 of his GIF files using Steganography Program A. User D hides data in all 100 of his GIF files using Steganography Program B. Opponent E searches through every GIF file of both user C and D. He guesses that there is data in 49 files belonging to user C, and 49 belonging to user D. He successfully extracts the data from all 49 of user C's files, expending X ammount of effort. Successfull extraction of user D's data, however, costs him X+Y effort. As this is a hypothetical example, we may subsitute $1 for X ammount of effort, and $1 for Y ammount. Successfull extraction of C's data would cost his opponent $1, while D's data would cost $2. More realistically, substiture $10,000 for both X and Y; or $100,000; or $1,000,000. Now, would you rather use? Program A or B? I, for one, would rather use B, realizing that both X and Y are unknown. Sergey From ebrandt at jarthur.cs.hmc.edu Fri Mar 4 23:51:28 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 4 Mar 94 23:51:28 PST Subject: Standard for SteGAnography In-Reply-To: Message-ID: <9403050751.AA13101@toad.com> > know = 100% objective certainty Well, OTP gives you this. Probabilistic encryption does too, I think (the original version -- not the practical version). Quantum cryptography is pretty close, depending on how much trust you place in the laws of physics. Granted, none of these are very useful. The question is, 100% objective certainty of *what*? If breaking a scheme were provably exponential-time, that'd be enough for me. > Sergey Eli ebrandt at hmc.edu From sergey at delbruck.pharm.sunysb.edu Sat Mar 5 00:03:32 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Sat, 5 Mar 94 00:03:32 PST Subject: more steganography talk In-Reply-To: <9403042001.AA02468@bilbo.suite.com> Message-ID: On Fri, 4 Mar 1994, Jim Miller wrote: > In my mind, the perfect steganography system depends upon either an > environment containing ubiquitous random bit sequences or a > reversible algorithm that can transform non-random bit sequences into > random bit sequences without using encryption (unlikely). Such is the function of Mimic, available at ftp.cs.cornell.edu in /pub/wayner/Mimic It holds the most promise for steganography, in my oppinion. Unfortunately, it may be difficult to implement, initially. Sergey From sergey at delbruck.pharm.sunysb.edu Sat Mar 5 00:22:13 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Sat, 5 Mar 94 00:22:13 PST Subject: Standard for SteGAnography In-Reply-To: <9403050751.AA13101@toad.com> Message-ID: On Fri, 4 Mar 1994, Eli Brandt wrote: > > know = 100% objective certainty > > Well, OTP gives you this. Probabilistic encryption does too, I > think (the original version -- not the practical version). Quantum > cryptography is pretty close, depending on how much trust you place > in the laws of physics. Granted, none of these are very useful. > Newbie questions: What is OTP? What about probabilistic encryption vs quantum cryptography? How do they give one 100% certainty that they can't be broken? > The question is, 100% objective certainty of *what*? If breaking a > scheme were provably exponential-time, that'd be enough for me. > 100% objective certainty of the scheme's invulnerability. > > Sergey > > Eli ebrandt at hmc.edu > > Sergey :) From hughes at ah.com Sat Mar 5 00:51:54 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 00:51:54 PST Subject: some technical steganography In-Reply-To: <9403042136.AA03953@bilbo.suite.com> Message-ID: <9403050842.AA06538@ah.com> >What does "appears relatively random" really mean? How do you >measure the randomness of a sequence of bits? Randomness is the wrong measure. Suppose I take 2^10 random bits and prepend 16 zeros. How random is this? Almost as random, and this can be made precise. How compressible is it? Almost incompressible. Now, what about 2^20 bit? 2^30? It is not randomness but recognizability which is at issue. Then the next issue arises. >If the reverse steg process makes it look like all, or even many, >files contain hidden messages, even when they don't, then you can >plausible deny knowledge of a suspicious bit pattern in any specific >file. The situation of one file is the wrong problem. Suppose you have a collection of files. What you want is deniability for the group of files as a whole. This is much trickier, and the obvious thing doesn't work. Suppose the files contain some bytes of an RSA encrypted session key concatenated to the bytes of a file encrypted with the session key. This is a reasonable scheme, and is basically how a stealth-PGP might work. Because the mode of representation is concatenation, the session key is represented as some arbitrary number X mod N, the public key modulus. Recall that N is public. Now let k be the length of N in bits, rounded up to the nearest multiple of eight. Since the encrypted key is represented as bytes, the bit length is a multiple of eight. Now the probability that a random number between 0 and 2^k will be less than N is N/2^k. Easy. If N is not chosen specifically with this purpose, the fraction N/2^k is on average about 1/4. The important thing is not that this number is small but that it is less than one, say p. Now take an arbitrary string of bits and apply the (public) extraction technique for a given public key, and from this extract a candidate for the encrypted session key. Now you can check the candidate against the modulus. If the candidate is greater than the modulus, then you can reject that public key as being a possible recipient of that message. The probability that a public key rejects none of a group of files grows exponentially small, therefore. Each time a file is not rejected as a possible message with respect to a particular recipient key, the probability lowers by p. You could even check all possible keys. You may not be able to identify the recipient, but in aggregate the opponent will be able to ascertain that messages are being sent. That is sufficient. Steganography not only seeks to hide individual messages, but also the fact that communication is taking place. There are some defenses. One can look for public keys which give high N/2^k ratios. Unfortunately, this almost assuredly makes factoring the modulus easier, if only by lowering the search space. One can make sure the collection of files contains some ringers, such that the ratio of ringers to real messages is 2^k-N:N. This is certainly possible if one is simply storing files, but if the collection of files were intercepted in transit, the sender would have to make sure to send files in the correct ratio. Yet this requires that the sender look out for you and your security! What is most broken here is the N/2^k ratio itself, that is, the artifact of the byte-oriented encoding. In other words, a random modular number is not random in the byte length representation. More to the point, one can't simply lop the front off a PGP message and get stealth-PGP. So one way to solve this is to introduce some indeterminism into the modular representation, so that the session key is evenly distributed in all of its relevant representations. This would mean that every session on the range [0..2^k) was valid, and was taken mod N to decrypt a session key. This yields non-random session keys mod N, which might be acceptable, since the entropy of the modular distribution doesn't drop all that much. Still, this requires the sender's software to be secure. Another way would be to use arithmetic coding to spread out the N/2^k ration throughout the whole file. For an exact solution, one would have to use rational cooefficients rather than 2-adic coefficients, but an approximate solution should be adequate. One needs for the approximate case, however, an estimate of the candidate acceptance rate p above to make sure that the approximation is good enough. This solution doesn't require the sender's software to be any more secure than is in the sender's interest. In steganography, like cryptography, the different layers of abstraction forcibly interfere with each other. The pun here was that an RSA key (represented by a modular integer) was being put into a different representation where it didn't work. These kinds of level-shifting behavior are all-too-common, and are the cause of much protocol failure. Eric From ebrandt at jarthur.cs.hmc.edu Sat Mar 5 00:59:38 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sat, 5 Mar 94 00:59:38 PST Subject: Standard for SteGAnography In-Reply-To: Message-ID: <9403050859.AA13734@toad.com> > Newbie questions: What is OTP? What about probabilistic encryption > vs quantum cryptography? OTP is one-time pad. There was an article on quantum cryptography in the October '92 Scientific American. For probabilistic encryption, I think the sci.crypt FAQ has a reference. > How do they give one 100% certainty that they can't be broken? OTP and some flavors of probabilistic encryption are information- theoretically secure. For OTP, this is obvious if you think about it a bit. Quantum cryptography relies on the math of quantum mechanics, whose validity is ultimately empirical but rather well tested. > 100% objective certainty of the scheme's invulnerability. My point is, invulnerability to *what attack*? An attacker may know the algorithm, or not; may have known plaintext; may be able to choose plaintext; may be able to read a channel, or to garble it, or to change it; may have limited or unlimited space and time; might be able to factor in polynomial time -- there are a lot of parameters here. And it makes no sense at all to say, "Well, let's just consider the strongest possible attack." Eli From pcw at access.digex.net Sat Mar 5 05:30:58 1994 From: pcw at access.digex.net (Peter Wayner) Date: Sat, 5 Mar 94 05:30:58 PST Subject: more steganography talk Message-ID: <199403051330.AA13596@access2.digex.net> On Fri, 4 Mar 1994, Jim Miller wrote: > In my mind, the perfect steganography system depends upon either an > environment containing ubiquitous random bit sequences or a > reversible algorithm that can transform non-random bit sequences into > random bit sequences without using encryption (unlikely). Such is the function of Mimic, available at ftp.cs.cornell.edu in /pub/wayner/Mimic It holds the most promise for steganography, in my oppinion. Unfortunately, it may be difficult to implement, initially. Sergey ------------------------ Sorry to be so distracted. This is a very interesting topic for me, but I've been bogged down with more prosaic topics. I think the Mimic FUnction implementation that I did is a very general standard for steganography. On the current level, it just deals with text, but you can make it do bits by just using the alphabet of just plain {0,1}. Here are the important points about it: 1) If the grammars are made complex enough, they can simulate anything you can compute with a computer. I.e. You can encode data in a Turing-complete way. 2) Even if you limit yourself to plain old context-free grammars, you still have a class of encryption functions that can be as powerful as RSA. I.e. You can show that any general program that can infer the grammar used in a Mimic function can also break RSA. This proof is done by translating RSA encryption into a context-free grammar. 3) If you use Turing-complete grammars, then the result is technically "undecidable." I.e. it may be technically "unbreakable." I don't put much stock in this claim, but it is interesting to note that there is _no_ possible brute-force attack on these systems. I do believe, though, that there could be many practical "incomplete" attacks that worked in general cases. 4) It is still unclear how to generate RSA-level strength with Mimic Functions. The simplest way may be just to encrypt with RSA first. Understanding what makes grammars hard and easy to grok is a hard question. 5) That being said, I think that Mimic grammars are one of the most natural ways to specify steganography. There are many other forms that are Turing-complete, but I think that grammars are one of the most natural ways to specify what you want to happen. 6) The process is slightly difficult to implement, but I've got two running versions (as I've mentioned before on the list). One in C and the other in Pascal. Your choice if you live in the Continental US. It is not clear to me if the software is "exportable". I considered applying to the commerce department to get a free assessment of the cryptographic strength, but then I found out that they were denying licenses to systems that I could break. So they're not a great oracle for these questions. From julf at penet.fi Sat Mar 5 06:22:57 1994 From: julf at penet.fi (Johan Helsingius) Date: Sat, 5 Mar 94 06:22:57 PST Subject: Next Physical Gypherpunks meeting In-Reply-To: <9403032006.AA01702@ah.com> Message-ID: <199403051422.AA18947@lassie.eunet.fi> > If you have a T1, a sparc, a speaker/microphone, a meeting room, and > the desire to host a meeting, get in touch with me. We'll need some > coordination. Count me in! Finally got myself onto the MBONE... Julf From hfinney at shell.portal.com Sat Mar 5 07:32:51 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 5 Mar 94 07:32:51 PST Subject: Truly Stealthy PGP Message-ID: <199403051533.HAA07296@jobe.shell.portal.com> Eric points out the difficulty of making a "stealth PGP" which is 100% indistinguishable from a string of random bits. The problem is that we have to encode the RSA encrypted number, m, which is less than n, the RSA modulus. PGP first puts out two bytes of bit length, then m. This obviously won't do, since the bit length is generally much less than 2^16 and so these two bytes are a dead giveaway. However, we could leave these two bytes off and just output m as raw bits, padded to the length of n. The recipient knows n so he would be able to extract m. The problem here, as Eric points out, is that m is less than n, so the high bits of m will look non-random. If the high two bytes of n are, say, 0x0C12, then m's high two bytes will never be bigger than this. This will allow the opponent to do much better than 50% on guessing which files have embedded messages. This was discussed some time back on the pgp developers' list, and at that time the suggestion was made to add a multiple of n to m so that it covered a fuller range of values. The recipient would then just take the exponent mod n and try that. Mathematically, call L the next multiple of 256 above n. (0x10000... in the example above.) We want to choose k so that M = m + k*n is randomly distributed between 0 and L-1 if m is randomly distributed between 0 and n-1. This may not be possible in this form. Perhaps there is another deterministic and reversible transformation would accomplish it, though. In that case we would have M = f(m,n) such that f can be reversed given M and n (we can recover m). As a trivial example of this problem, given n=2 and L=3, try to come up with a way to turn a random 0/1 value into a random 0/1/2 value which is both reversible and produces each of 0/1/2 with 33% probability. Seems pretty tough! Hal From hfinney at shell.portal.com Sat Mar 5 08:02:06 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 5 Mar 94 08:02:06 PST Subject: Security through Obscurity Message-ID: <199403051602.IAA08056@jobe.shell.portal.com> From: Sergey Goldgaber > Well, if we adopt the method of comparing the cost of implementing a > given steganography method to the cost of breaking it as a valid measure of > its effectiveness; then, it would make sense to "maximize" the cost of > breaking it as a means of making the method more effective (ie. making > the method more obscure would make it more effective). I don't think this is a valid measure of steganography's effectiveness. I proposed my own measure, which I think is valid. I think the fundamental problem with your measure is that it counts a system which is easy to break but very easy to implement as effective. I would count such a system as ineffective. > > Instead, if you are going to adopt this goal, this means that the test of > > your steganography is whether the opponent can extract the message. It's > > not that your goal is to "maximize his difficulty". It's that your goal is > > to stop him. Again, NoStO emphasizes clear statements of your goals and > > costs. > > The more difficult it is for one's opponent to extract the message, the > more effective the method is. Thus, "maximizing his difficulty" is a > valid goal. As I see it, this is a goal of most encryption systems. To > make decryption as difficult as possible, if not impossible (ie. maximum > difficulty). I don't think this is right either. The problem is that "as difficult as possible" does not allow for a measure of success. Something which is "as difficult as possible" may nevertheless be useless. This whole notion of maximizing difficulty as a goal is completely misguided. The correct goal is to achieve secrecy. If you have not done that, then maximizing difficulty is pointless. Your goal in making a parachute is to create something that will land you safely. It isn't to "maximize slowness of fall". Suppose I made a parachute out of lead, designing it to maximize slowness among lead parachutes. Will you jump out of an airplane with it? I'd think not. The problem is that this is the wrong goal. > I do not think you have understood _my_ essay. My proposal was for a > default, variable offset in certain steganography applications. The > benefit of this is obvious: having no offset or a non-variable offset > would make for generally poorer security; as, the effort required in > figuring out where one's file is located is nonexistant. Effort > increases when a variable offset is implemented. OK, let me ask this: what is the harm done if the opponent guesses the right offset? How bad are things? Some of your security has been lost. How much? Suppose your stego method is not completely invisible and does give away its existence to some extent. Would you still use it if protected by your offsets, or would you refrain until you had an undetectable stego? How much would you trade off the protection provided by your offsets against the protection provided by undetectable stego? Suppose I am a naive user of your program asking these questions. When I receive a stego'd file and put it on my disk, should I re-format it to change the offset? How much security does this gain me? Is it worth it? Should I have more than one public key, so that the opponent would have more offsets to guess? How much does this help? How much should I worry if I think I may be targetted for surveillance, which would increase the chance of them trying my keys as the offsets? Should I avoid controversial issues, keep a low profile, so that I can prevent this from happening? How much should I trade off against the benefit of making my offset less likely to be tried? I think if you are seriously proposing that your offset scheme adds security, you need to be able to answer questions like these. If it really adds security, you must be willing to pay a cost to achieve that security (recall the NoStO principle: count your costs when you count your benefits!). If you can answer questions like these then you are not violating StO, in my opinion. Hal From xeryus at eskimo.com Sat Mar 5 09:08:29 1994 From: xeryus at eskimo.com (Ophir Ronen) Date: Sat, 5 Mar 94 09:08:29 PST Subject: Meeting in Seattle? Message-ID: Morning(or whatever fits your time zone) all, Is anyone in Seattle setting up a link for the meeting? If so, please let me know. Thanks, -Xeryus From hughes at ah.com Sat Mar 5 10:27:54 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 10:27:54 PST Subject: Truly Stealthy PGP In-Reply-To: <199403051533.HAA07296@jobe.shell.portal.com> Message-ID: <9403051818.AA07188@ah.com> >This was discussed some time back on the pgp developers' list, and at that >time the suggestion was made to add a multiple of n to m so that it covered >a fuller range of values. The recipient would then just take the exponent >mod n and try that. What I suggest is making the exponent (the encrypted session key) completely random over the length assigned to it, since that's visible, and just live with a slightly non-flat distribution of exponents mod n. It turns out that this can be made to work just fine. >Mathematically, call L the next multiple of 256 above n. n is the modulus. Divide L by n to get L = t * n + s, s in [0,n). Assume x is random in [0,L). The entropy of x mod n is E = - s (t+1)/L log (t+1)/L - (N-s) t/L log t/L Rearranging, we get: (get out some paper, do the algebra) E = log L/t - s(t+1)/L log( 1 + 1/t ) This makes sense, since if s is zero, E = log n, which is just the entropy of the random distribution of [0,n). What is the smallest value of E? In other words, what's the upper bound of the randomness we can lose? It happens when when t = 1 and when n = L/2+1. This maximize the expression in t and maximizes s at n-2. This minimum value of E is E_min = log L - ( ln 2 - 2/L ln 2 ) In other words, the most entropy we can lose is two bits. That's right, only two bits. Since the entropy of the session key is the length of the modulus, for a 1000 bit key the entropy loss is negligible. Therefore, my recommendation is that the session key representation be chosen randomly over [0,2^k) and to use as an actual session key this value mod n. The effective entropy loss is small enough not to worry about. Eric From hughes at ah.com Sat Mar 5 10:36:45 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 10:36:45 PST Subject: Truly Stealthy PGP In-Reply-To: <9403051818.AA07188@ah.com> Message-ID: <9403051827.AA07207@ah.com> Scratch that. I made an algebra error. I'll repost with the right answer. Eric From tcmay at netcom.com Sat Mar 5 10:58:41 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 5 Mar 94 10:58:41 PST Subject: Stego in Jazz?...The Miles Files Message-ID: <199403051859.KAA14089@mail.netcom.com> Straightahead jazz fans take note! More significant bits follow: * Critics who claim jazz = noise now will understand that jazz evolved in the 1940s as a stego method for communicating with agents in the field. * Hitler was right in suspecting "that Negro music." * Agent Parker developed method of putting signals in Bird calls, with great sax appeal. * Unveiling below of "crypto-jazz" movement. Cryptids are spreading the PGP word. Jazz raves to be the Next Big Thing. From: esharp at panix.com (Elliot Sharp) Newsgroups: rec.music.bluenote Subject: crypto-jazz Date: 3 Mar 1994 12:10:51 -0500 Organization: PANIX Public Access Internet and Unix, NYC Message-ID: <2l55mr$b5s at panix.com> Summary: a night of Keywords: Sharp,Ribot,Berne on Tuesday, March 15, the Cooler (416 W. 14, NYC) will present a night of crypto-jazz with: 10 pm Elliott Sharp's THE CRYPTIDS (Sharp-reeds, guitar w/ Reuben Radding-bass, David Gould-drums) 11 pm Marc Ribot - solo guitar 12 am Tim Berne's BLOODCOUNT (Berne-reeds with quartet) From gtoal at an-teallach.com Sat Mar 5 11:04:23 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 5 Mar 94 11:04:23 PST Subject: Update on user-level hack to do telnet encryption posted recently Message-ID: <199403051903.TAA24567@an-teallach.com> OK folks, I've started tidying up that hack code I posted recently which outlined a method for rolling your own telnet-style encryption. In particular, I've done the hard bit of making it work with an arbitrary binary 1:1 stream cypher, rather than the original hack which *had* to encrypt printable text as printable text (to get it through 7 bit terminal links). [Note, anyone who didn't look at it too closely because they thought it was only for telnet - look again: it's useful for *any* local to remote connection, even kermit down a serial line, as long as you're calling between unixes.] Now, what I need are volunteers - preferably outside the US and any other country where any relevant patents are valid - to work on a suitable stream cypher. Note you don't have to use any patented technology, as long as whatever you come up with is sufficiently secure for your needs - this will eventually be issued as a modular system, with the default encryption module being rot13. If you don't really care much about the strength of encryption (assuming your only opponents are kids who sniff packets who won't have enough crypto experience to decode even an trivial cypher) then there's a lot to be said for everyone implementing their own variation... just for the amusement of tying up the time of all those more competant people who feel they have to know everything that's going on everywhere in the world. Machine cycles they can afford aplenty; man years are a different question... Anyway, back to the project: Currently there's a trivial interface that you can work to - I suggest for demo purposes just using a hard-coded known key at each end, and we'll do the key exchange stuff after we've got the stream cypher working. Here's the header file: /* Placeholder module for arbitrary stream encryption */ #define STATE_SIZE 128 typedef struct cypherstate { char *unique_tag; char whatever[STATE_SIZE]; long int byteno; /* Add useful stuff here as need be... */ } CYPHER_STATE; void new_cypher(CYPHER_STATE *s, char *unique_tag); char stream_cypher(CYPHER_STATE *s, char byte); Put any state you need in the struct, initialise it (with a known secret key for now) in new_cypher; and supply a function that does a 1:1 encoding of a byte in stream_cypher. Make the function stateless apart from the CYPHER_STATE parameter so that it can be used to encode multiple streams without interference. With a bit of help from you guys, this project shouldn't take more than a week to get a prototype running... When I have a feel for what sort of encryption methods people want, and how precisely they're implemented, I'll know better how to generically code the key-exchange part too. I don't think it's appropriate for me to post any more source over the net. Anyone who wants to discuss this in public rather than by mail, I suggest we stick to alt.sources.d Anyone wants the current sources, send mail to gtoal at an-teallach.com Thanks G PS The sources I have probably won't work anywhere except on BSD systems. If you want to make the framework bit work on other versions of unix, drop me a line about that too. Your programming will have to be up to the level of writing a clone of the unix 'script' command, which is all this program is really. PPS Americans: please don't get either you or me in trouble by mailing me unsolicited gifts of crypto code. I don't want it. The crypto part of this project is for those people in countries where there's no legal barrier to them participating. From phantom at u.washington.edu Sat Mar 5 11:15:28 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sat, 5 Mar 94 11:15:28 PST Subject: Seattle Times, 3/6/94 Message-ID: The Seattle Times' front page story (1984 + 10 years) leads into a few articles on pg 18 that deal with encryption/clipper/privacy. Paul Andrews seems to have a _few_ misconceptions about exactly what the clipper chip will do, but all in all it seems like a good wake-up call. This article is the first in a series in privacy, it says. I'm glad something like this made the front page. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From MINITERS at Citadel.edu Sat Mar 5 11:21:26 1994 From: MINITERS at Citadel.edu (Syl Miniter 803-768-3759) Date: Sat, 5 Mar 94 11:21:26 PST Subject: Looking for listserver Message-ID: <01H9M6T2CNC28WY1E2@citadel.edu> i am interested in setting up a listserver and I would appreciate it if someone can point at a source of some basics on the Internet thanks Syl From pmetzger at lehman.com Sat Mar 5 12:12:11 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 5 Mar 94 12:12:11 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <199403051903.TAA24567@an-teallach.com> Message-ID: <9403052010.AA10820@andria.lehman.com> Graham Toal says: > OK folks, I've started tidying up that hack code I posted recently which > outlined a method for rolling your own telnet-style encryption. I really think this project is a serious mistake. People should, if they insist, produce software compatible with the draft RFCs on telnet encryption and authentication -- although such code has already been written. The notion of putting in all this effort just to avoid having to deal with your system administrator, especially when he should be happy to install such code given the recent rash of internet breakins, seems misplaced to me. Perry From hughes at ah.com Sat Mar 5 12:13:51 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 12:13:51 PST Subject: Truly Stealthy PGP In-Reply-To: <9403051827.AA07207@ah.com> Message-ID: <9403052004.AA07317@ah.com> >Scratch that. I made an algebra error. I'll repost with the right >answer. Scratch the scratch. I thought I'd made an error in my entropy expression, but I hadn't. More confusion to follow, no doubt. I hope it just won't be mine. I kept thinking that the location of the minimum entropy was wrong. I worked out some examples with real numbers to prove to myself that my intuition about the location of the minimum entropy was incorrect. Intuition about entropy is difficult to develop, and I still don't completely have all of it. A word to the wise. Eric From mimir at illuminati.io.com Sat Mar 5 12:30:20 1994 From: mimir at illuminati.io.com (Al Billings) Date: Sat, 5 Mar 94 12:30:20 PST Subject: Meeting in Seattle? In-Reply-To: Message-ID: On Sat, 5 Mar 1994, Ophir Ronen wrote: > Is anyone in Seattle setting up a link for the meeting? If so, please let > me know. I'm in Seattle but my impression is that there aren't many people on the list here. -- (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | | mimir at io.com | Just for yourself." | | Sysop of The Sacred Grove (206)322-5450 | | | Admin for Troth, The Asatru E-Mail List | -Noble Drew Ali- | (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) From gtoal at an-teallach.com Sat Mar 5 13:10:03 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 5 Mar 94 13:10:03 PST Subject: Update on user-level hack to do telnet encryption posted recently Message-ID: <199403052110.VAA27482@an-teallach.com> > OK folks, I've started tidying up that hack code I posted recently which > outlined a method for rolling your own telnet-style encryption. I really think this project is a serious mistake. People should, if they insist, produce software compatible with the draft RFCs on telnet encryption and authentication -- although such code has already been written. The notion of putting in all this effort just to avoid having to deal with your system administrator, especially when he should be happy to install such code given the recent rash of internet breakins, seems misplaced to me. Perry, I'm no longer interested in what you have to say. You've been a wet blanket and have pooh-poohed every practical suggestion I've ever seen anyone making - weren't you one of the first people to post to the netphone project telling us we were all wasting our time? Cypherpunks write code, except when asked not to by Perry Metzger. The point of this code, in case you missed it, is so that people can take responsibility for their own encryption and not have to trust software installed by someone else, just like we all use pgp rather than Clipper. Now, if you don't have anything useful to contribute, shut up and stop trying to discourage those who do. G From hfinney at shell.portal.com Sat Mar 5 13:20:23 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 5 Mar 94 13:20:23 PST Subject: Truly Stealthy PGP Message-ID: <199403052121.NAA19624@jobe.shell.portal.com> From: hughes at ah.com (Eric Hughes) > What I suggest is making the exponent (the encrypted session key) > completely random over the length assigned to it, since that's > visible, and just live with a slightly non-flat distribution of > exponents mod n. It turns out that this can be made to work just > fine. > > n is the modulus. Divide L by n to get L = t * n + s, s in [0,n). > Assume x is random in [0,L). The entropy of x mod n is > E = log L/t - s(t+1)/L log( 1 + 1/t ) > > What is the smallest value of E? In other words, what's the upper > bound of the randomness we can lose? It happens when when t = 1 and > when n = L/2+1. This maximize the expression in t and maximizes s at > n-2. This minimum value of E is > > E_min = log L - ( ln 2 - 2/L ln 2 ) > > In other words, the most entropy we can lose is two bits. That's > right, only two bits. Since the entropy of the session key is the > length of the modulus, for a 1000 bit key the entropy loss is > negligible. I'm not sure the point of this entropy calculation. For the case n = L/2+1, t=1, it seems to me that the RSA-encrypted session key (sk^e mod n) is never going to have the high bit set, so with K such messages it should be possible to tell that something is going on with probability 1 - 2^-K. > Therefore, my recommendation is that the session key representation be > chosen randomly over [0,2^k) and to use as an actual session key this > value mod n. The effective entropy loss is small enough not to worry > about. > > Eric > If the session key is chosen from [0,L), still the encrypted session key m = sd^e mod n will be uniform in [0,n). I don't quite follow here how exactly we go from something uniform in [0,n) to something uniform in [0,L), if that is what Eric is proposing. Hal From pmetzger at lehman.com Sat Mar 5 13:32:28 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 5 Mar 94 13:32:28 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <199403052110.VAA27482@an-teallach.com> Message-ID: <9403052131.AA10882@andria.lehman.com> Graham Toal says: > I really think this project is a serious mistake. People should, if > they insist, produce software compatible with the draft RFCs on telnet > encryption and authentication -- although such code has already been > written. The notion of putting in all this effort just to avoid having > to deal with your system administrator, especially when he should be > happy to install such code given the recent rash of internet breakins, > seems misplaced to me. > > Perry, I'm no longer interested in what you have to say. You've been > a wet blanket and have pooh-poohed every practical suggestion I've > ever seen anyone making - weren't you one of the first people to > post to the netphone project telling us we were all wasting our time? No I was not. As for this current "idea", with an implementation of an encrypted STANDARD telnet already written and likely available soon for anonymous FTP, I think I'm being sane, not "a wet blanket". You can already get a version of the Cray telnet that implements the authentication code and hack in a reimplementation of the encryption code if you wish. See below for that. However, producing silly non-standard telnet hacks makes little sense. > Cypherpunks write code, except when asked not to by Perry Metzger. > > The point of this code, in case you missed it, is so that people can > take responsibility for their own encryption and not have to trust > software installed by someone else, just like we all use pgp rather > than Clipper. You can't help trusting code installed by someone else. How many of us write our own operating systems from scratch? So long as you have the source code, and the source code to the telnet I am speaking of is widely available, what is the difference? The source code for the authenticating telnet is available from ftp.cray.com(128.162.15.3):src/telnet/telnet.94.02.07.NE.tar.Z Now, David Borman has not been very forthcoming with the encrypting version of this system (although all the hooks are already there) and if anyone wants to take a crack at adding in an implementation of the draft encryption standard (which should be quite quick) that would indeed be a useful effort. I will happily mail a copy of the draft RFC to anyone who doesn't have it and can't get it. Perry From pmetzger at lehman.com Sat Mar 5 13:39:43 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 5 Mar 94 13:39:43 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <9403052131.AA10882@andria.lehman.com> Message-ID: <9403052139.AA10905@andria.lehman.com> "Perry E. Metzger" says: > As for this current "idea", with an implementation of an encrypted > STANDARD telnet already written and likely available soon for > anonymous FTP, I think I'm being sane, not "a wet blanket". By the way, I forgot to mention, the 4.4 BSD domestic release already includes the encrypted telnet. In order to head off foolish reimplementation, perhaps someone would be willing to release the relevant patches to the NE release to turn it into a full encrypting telnet? The code is, after all, already under the Berkeley copyright and thus releasable. Perry From pmetzger at lehman.com Sat Mar 5 13:42:03 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 5 Mar 94 13:42:03 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <9403052131.AA10882@andria.lehman.com> Message-ID: <9403052141.AA10925@andria.lehman.com> "Perry E. Metzger" says: > The source code for the authenticating telnet is available from > > ftp.cray.com(128.162.15.3):src/telnet/telnet.94.02.07.NE.tar.Z > > Now, David Borman has not been very forthcoming with the encrypting > version of this system (although all the hooks are already there) and > if anyone wants to take a crack at adding in an implementation of the > draft encryption standard (which should be quite quick) that would > indeed be a useful effort. I will happily mail a copy of the draft RFC > to anyone who doesn't have it and can't get it. I didn't realize it, but the telnet RFCs and encryption draft RFCs are also available in the same directory on ftp.cray.com Perry From blancw at microsoft.com Sat Mar 5 13:57:46 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 5 Mar 94 13:57:46 PST Subject: New mailing list? Message-ID: <9403052158.AA01627@netmail2.microsoft.com> "I want each reader of these words to reflect on the phrase "implementing culture". If you do not realize the magnitude of this principle and have some respect for its enormity, I would sincerely suggest that your time would be better spent reading some political philosophy and some technological history and pondering over your desires, to make sure that you know them." Okay, Teach. :>) Thanks for the clarification, Eric. I remember some critical statements made about your attitude toward modifications to list and the suggestions which you apparently shot down. I remained silent but wondering. "Cypherpunks is where the politics meets the code. .... Policy separated from development lags the reality of deployment, and necessarily. " These are some things I have thought about, upon reading complaints against the tangential discussions which come up on the list: It is not unimportant to engage in these conversations as they develop, to allow for the associated efforts to achieve precision on attitudes/expectations which counter the rest of the intellectual atmosphere of acceptance, especially when one might be required to produce just cause why things should go in one direction (yours) rather than another (theirs); when you might have to answer to 'authorities' for non-complicity to collectivist programs. Some people do (and some should) struggle for better justification in their own mind, of their position relating to what they themselves do (writing & distributing code which permits alternatives to government-supplied arrangements), of what they advocate to others that they ought to do (positive or negative support for a method/plan of action), or would prevent (as in thwart the progress/implementation of Clipper). It is not unimportant to be clear about the propriety of the motives behind an argument, to be satisfied that one is correct - that it isn't merely 'whining' because one is not getting one's way, or because the government & its advisors are not sufficiently lenient in their outlook; that there is philosophical, logically consistency in the actions/solutions proposed. It is not unproductive to maintain a general awareness among all those who would deem to be of the same "attitudinal alignment". Else how could such a group survive as advocates of ideas promoting complete independence & total autonomy. (euphemism) I myself would welcome the existence of a more thorough elaboration on this subject, from yourself and the others who founded the list: an explanatory FAQ for reference, especially on the matter of "implementing culture", since this implies more than simply effects dealing with government. Blanc From hfinney at shell.portal.com Sat Mar 5 14:03:00 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 5 Mar 94 14:03:00 PST Subject: Stealth PGP Message-ID: <199403052203.OAA21880@jobe.shell.portal.com> I never saw the posting below here, only on sci.crypt. It seems relevant to the present discussion. I did take a look at the source code to stealth pgp; it is quite simple and nicely done. However it doesn't do anything special about disguising the encrypted session key. It just strips off the two length bytes PGP puts at the front. Not only is this revealing, it also doesn't always work. Apparently the program can't always reconstruct the original mpi length if the encrypted key's size happens to be much less than the modulus. It does print a warning in that case that the file won't be able to be de-stealth'd successfully. Stealth PGP is a nice start but it needs to be improved to be truly stealthy. > >From: qwerty at netcom.com (-=Xenon=-) > >Subject: Stealth for PGP Available. > >Message-ID: > >Organization: PGP Info Clearinghouse. > >Date: Thu, 24 Feb 1994 08:34:24 GMT > >Lines: 188 > > -----BEGIN PGP SIGNED MESSAGE----- > > I have placed Stealth1.0 up for anonymous ftp at netcom.com in > /pub/qwerty as stealth.tar.Z. I am not the author of Stealth. "Henry > Hastur" is the author. I will gladly forward mail to him if you tell me to > do so. My address is qwerty at netcom.com. So far it is only written for > Unix, so don't e-mail me asking for a DOS version or whatever. I'm just a > cheerleader and propagandist, who finally got some very kind soul to > "write me a real encryptor". > > Why Stealth? Wired magazine just gave a plug for the Mac program "Stego" > (ftp to sumex-aim.stanford.edu in /info-mac/cmp) by Romana Machado, which > will, like any steganograph, hide a message in a carrier message. Problem > is, anybody can reverse it, and if you are using PGP, immediately tell > you are one of those drug dealing, child molesting, cryptography users ;-). > Once Stealth is incorporated into such steganographs, then people can't > easily tell that what they've extracted out of that picture of Madonna is > even a message at all. If they don't have the right secret key to decrypt > it, then all they get is garbage. "What message?!" > > Questions: > > 1) What does Stealth have to do with farming? > 2) How do stealth encryptors make the Clipper chip look like a stupid > waste of YOUR tax money? > > [Answers: 1) Zip, 2) By demonstrating that even if the Clipper keys are > stolen, without your secret key they can't even tell you are using PGP]. > > -=Xenon=- > > Stealth V1.0 by Henry Hastur > ---------------------------- > > Stealth is a simple filter for PGP which strips off all identifying header > information to leave only the encrypted data in a format suitable for > steganographic use. That is, the data can be hidden in images, audio > files, text files, CAD files, and/or any other file type that may contain > random data, then sent to another person who can retrieve the data from > the file, attach headers, and PGP decrypt it. > > Stealth is not intended to replace the standardized methods of using > encryption (e.g. ASCII-armoured PGP email) ; in an ideal world we would > all be able to send openly encrypted mail or files to each other with no > fear of reprisals, however there are often cases when this is not possible, > either because the local government does not approve of encrypted > communication, or perhaps because you are working for a company that > does not allow encrypted email but doesn't care about Mandelbrot > GIFs. This is where Stealth and steganography can come into play. > > > Compiling > - - --------- > > Stealth has currently only been tested on BSD and SVR4 Unix (and as > such should work with most varieties of Unix), with both non-ANSI > compilers and ANSI compilers with 'minimal ANSI' flags. In order to > compile the program, you should just be able to extract the files > from the tar file provided, then type 'make'. If that fails you may > need to change the definition of CC and CFLAGS in the makefile to > get it to compile. On machines with gcc, the GNU C compiler, Stealth > can be compiled by simply changing the 'CC=cc' line in makefile to > 'CC=gcc'. > > Stealth has not yet been tested on MS-DOS, but the only likely problems > are with 16-bit integers (you may need to change some occurrences of > int to long in order to get stealth to work), and you will need to > remove the -DUNIX flag from compilations. Hopefully, version 1.1 > will be released shortly with full DOS compatibility. > > > Usage > - - ----- > > Stealth always reads from its standard input and writes to the standard > output, though when adding headers to data the data has to be stored in a > temporary file (see Security Concerns below). > > Command line arguments : > > -c Conventional encryption used rather than public key > -a Add headers (defaults to strip headers) > -v Verbose output. > > Stealth needs to be able to find your pubring.pgp file, which it does > by first checking in the directory pointed to by $PGPPATH, then the > current directory. > > > Examples > - - -------- > > To encrypt a file with PGP and store it in the file pgp.stl prior to > sending : > > pgp -ef < secrets.dat | stealth > pgp.stl > > To encrypt a file with conventional (IDEA) encryption, and pass to a > steganography program called steg_program : > > pgp -fec < secrets.dat | stealth -c | steg_program > > To take the output from a steganographic extraction tool, add headers > for key "Your Id", and decrypt : > > steg_program | stealth -a "Your Id" | pgp -f > secrets.dat > > To take the conventionally encrypted output from a steg program, attach > headers and decrypt : > > steg_program | stealth -ac | pgp -f > secrets.dat > > > Limitations > - - ----------- > > Files can be signed, but can only be encrypted to one recipient - extra > RSA headers for all but the first recipient will be stripped from the > file. In addition, if you specify conventional encryption but pass an > RSA-encrypted file into the filter the RSA-block will be stripped. In > either case, stealth will print out warnings to inform you of this. > > Stealth provides no support for ASCII-armoured PGP messages - it will > only work with the binary output format, and the output will have to > be converted to a useable form after processing, either with a > steganography program or a standard utility such as uuencode. > > Finally, for technical reasons there are potential problems with public > keys of size (typically) 2^n + 1 or 2^n + 2 (e.g. 513 or 1026). If you > are encrypting to a key of a peculiar size, it's possible that the algorithm > used to add headers could fail, but fortunately this can be detected while > stripping the headers, and a warning will be printed. If this warning > appears, > you will probably want to encrypt the data again until a suitably sized > RSA-block is created. > > It is NOT neccesary to remove garbage data that the steganography program > may have added to the end of the PGP-encrypted data. PGP output contains > an encrypted end-of-file mark that allows the program to decrypt correctly > and ignore any trailing garbage. > > > Security Concerns > - - ----------------- > > After passing through the stealth filter, the PGP-encrypted data is > essentially white noise, with no identifying marks, and whilst it may > well have enough peculiarities for an expert cryptanalyst to recognize > it as encrypted data, the probability is much less than would be the > case with a PGP header identifying the recipient attached. > > One other concern is that stealth has to create a temporary file when > reading in data to attach headers, and depending on the build options > chosen the program will store it in either $PGPPATH, the current directory > or /tmp. On Unix machines, the file will be deleted as soon as it is opened, > making it difficult to capture, but on other operating systems the file > will only be deleted when it has been used. (In either case the file will > be zeroed before being closed). > > In addition, some operating systems will use temporary files on your disk > to emulate unix pipes (e.g. MS-DOS) - these files will not be zeroed when > finished with ! > > > Export Restrictions > - - ------------------- > > Stealth is probably not covered by current export restrictions under the > US ITAR regs, but I'm not a lawyer, so if in doubt check it out yourself. > It was written outside the US and imported, so should soon be available > on some European ftp sites as well as US sites. > > > Henry Hastur > > > > > -----BEGIN PGP SIGNATURE----- > Version: 2.3 > > iQCVAgUBLWwfawSzG6zrQn1RAQEjlQP/d85opZ6aMXfFpDu/KQz0DAzFxXNjiSZy > 9l56kIUkmAx0aT5qF3UAg2UTDagiJlFNz6UXFhEKBkDV4JLJPq5C8HtsdpCiSLWr > vVD2IEdASEd9ALCQMLS/YxVv6GG85n+phyoEV5ALsD1f0y4Nbk2Gfb+rexk5rN3a > hFYRUekVuNY= > =pkdK > -----END PGP SIGNATURE----- From hughes at ah.com Sat Mar 5 14:04:51 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 14:04:51 PST Subject: Truly Stealthy PGP In-Reply-To: <199403052121.NAA19624@jobe.shell.portal.com> Message-ID: <9403052155.AA07488@ah.com> OK. Here's the situation again, hopefully more clearly. Unfortunately, more clearly in mathematics often means more notation. Let n be the modulus, and #n be the length of the modulus in bits. Let k be the smallest multiple of eight greater than #n. Let L = 2^k be the bit length of the byte container for n and numbers mod n. Call an encrypted session key as it appears in the cyphertext Q. We want the Q's to be randomly distributed over the interval [0,L). Suppose the encrypted session key R = Q mod n. The integer R is in the interval [0,n), and so can't be evenly distributed over [0,L). The session key S = R^d mod n, where d is the private exponent. The entropy I calculated was the entropy of the distribution of the R's with the prior condition that the Q's were randomly distributed. In other words, if the key is byte-oriented and if the public representation of the encrypted session key reveals zero information, the distribution of the encrypted session keys must be non-random. I calculated exactly how non-random that could possibly be, and the answer was, not much. One more time. We want the encrypted key, as it appears to the world, to look random. So let's assume it _is_ random, and see how that affects the rest of the system. If the encrypted session key, as represented, is random over a range of bytes, it can't be completely random over the modulus in question, since the modulus doesn't divide two to the number of bits. There's some left over, and therefore some numbers map to more encrypted session keys than others. Now, since we have a non-random distribution, we need to see how that affects security, since a non-random distribution lowers the search space for brute force search. I calculated exactly how much it can lower the size of the search space. The maximum decrease in entropy is two bits, or a factor of four smaller. This isn't enough to worry about for large moduli. Therefore, we can conclude that it is safe to use a representation of the encrypted session key which is random. I've left out how we go from a non-uniform encrypted session key (which must be generated with a distribution of the entropy calculated) to a uniform distribution in the representation of the encrypted session key. This is not at all obvious. >If the session key is chosen from [0,L), still the encrypted session >key m = sd^e mod n will be uniform in [0,n). No, in fact it won't be uniform. That was the calculation I just did. >I don't quite follow here >how exactly we go from something uniform in [0,n) to something uniform in >[0,L), if that is what Eric is proposing. You just can't get uniformity over both intervals at the same time. What I showed is that you can tolerate non-uniformity in one range in order to get uniformity in the other. Eric From hayden at krypton.mankato.msus.edu Sat Mar 5 14:08:37 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 5 Mar 94 14:08:37 PST Subject: Looking for listserver In-Reply-To: <01H9M6T2CNC28WY1E2@citadel.edu> Message-ID: On Sat, 5 Mar 1994, Syl Miniter 803-768-3759 wrote: > i am interested in setting up a listserver and I would appreciate it if > someone can point at a source of some basics on the Internet Use archie to located Majordomo (I should know where the source site is, but I don't). It's a relatively straight-forward listserver that uses perl as its processing language. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From 73211.3713 at CompuServe.COM Sat Mar 5 15:53:22 1994 From: 73211.3713 at CompuServe.COM (Loren Fleckenstein) Date: Sat, 5 Mar 94 15:53:22 PST Subject: stego Message-ID: <940305234908_73211.3713_DHI59-2@CompuServe.COM> I'm a newspaper reporter researching a how-to story on crypto. 1) Besides RIPEM, PGP and ViaCrypt PGP, any suggestions for capsule reviews of other public-key products? I'm interested only in public-key implementations. 2) Are there stego programs out there that will weave cipherdata into digital pictures or audio? 3) Has anyone reviewed the AT&T secure phones & modems? Your thoughts? Please reply by e-mail as I am not a list subscriber. I also am a big believer in encrypting all traffic, so here is my public key. I am not looking to quote anyone -- all I need are ideas. However, if you say something temptingly quotable, I'll email you back for permission. Short of your grant of permission, I consider your material for background purposes, i.e., I'm free to use it without attributing where I got it. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi16V84AAAEEAMNVRFU+CqFRhaOnnZ5hdY8D0o/3tdwzV08D1p/gLP9l8fYZ LKVFsuIQKzna4PSMoJyeUVWUcBftLQCNX0K+phzqTdpMPEnH82ToH8JGgRg873Fq WaQkzj3M+K3ExYVC2EVFfAvOa1iCyRCSrEr2hfQOP99XYMFS7w8UUf0SamE5AAUR tAVsZGZqcg== =nH+6 -----END PGP PUBLIC KEY BLOCK----- -- Loren Fleckenstein 37211.3713 at cserve.com reporter, The Press-Enterprise office tel. (909) 654-0564 From jim at bilbo.suite.com Sat Mar 5 17:38:04 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 5 Mar 94 17:38:04 PST Subject: some technical steganography Message-ID: <9403060133.AA22869@bilbo.suite.com> Eric Hughes wrote: > > >What does "appears relatively random" really mean? How do you > >measure the randomness of a sequence of bits? > > Randomness is the wrong measure. Suppose I take 2^10 > random bits and prepend 16 zeros. How random is this? > Almost as random, and this can be made precise. How > compressible is it? Almost incompressible. Now, what > about 2^20 bit? 2^30? > > It is not randomness but recognizability which is at issue. > One of my assumptions was that the stuff you're trying to hide is not recognizable. In one of my posts I used the phrase "unremarkable encrypted message". I should have said "unrecognizable encrypted message". I assert that an "unrecognizable encrypted message" will be a random sequence of bits. Is my assertion correct? Should I be using the phrase "high entropy" instead of "random"? Assume for the moment that there is a way to produce an unrecognizable encrypted message using public-key encryption. (I leave it to the experts to figure out the best way do that.) I still believe that if the reverse stego process frequently produces high entropy bit sequences, even if there is no hidden message, then the steganography system is successful. If the reverse stego process *always* produces a high entropy bit sequence, then the steganography system is perfect. Of course, this assumes there is no other way to detect a hidden message besides reversing the stego process and testing the result. Obviously, if the forward stego process (inserting the bits) leaves telltale traces, then it doesn't matter what the reverse stego process produces. To summrise, I believe a successful steganography system will include the following steps and have the following properties: step 1) encrypt you plaintext. step 2) hide the encrypted message in a public message (duh) property 1) the result of the encryption step should be a random sequence of bits. property 2) the bit insertion process must not leave telltale traces. property 3) the reverse stego process should product frequent "false hits". In other words, the reverse stego process should frequently produce high entropy bit sequences, even if there is no hidden message. Am I correct? Jim_Miller at suite.com From jef at ee.lbl.gov Sat Mar 5 17:46:04 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Sat, 5 Mar 94 17:46:04 PST Subject: better way to generate a permutation? Message-ID: <9403060145.AA21067@hot.ee.lbl.gov> I'm putting the polish on pnmstega/pnmdestega. Currently they spend the largest part of their time generating the permuted list of bit positions to use for storing the data bits. Not surprising, I knew the first version would be slow - it actually mallocs an array, fills it with numbers, and shuffles them. Now I'm looking for suggestions on better methods. I looked in Knuth, Sedgewick, and Schneier, and didn't find anything. Send email if you've got an idea. Something with a bit vector might work. --- Jef From hughes at ah.com Sat Mar 5 21:37:13 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 21:37:13 PST Subject: some technical steganography In-Reply-To: <9403060133.AA22869@bilbo.suite.com> Message-ID: <9403060528.AA07968@ah.com> >I assert that an "unrecognizable encrypted message" will be a random >sequence of bits. Is my assertion correct? It's neither correct or incorrect because the specific notion of randomness hasn't been specified. Your statement is falsifiable, however, since sometimes a non-random string of bits is what you want to get out, if what you would expect to get out normally was also non-random. And you want them to be non-random in the same way. >Should I be using the >phrase "high entropy" instead of "random"? No. This was the notion of random I pointed out that didn't work. If you add 16 zeros to the front of a gigabit random message, that's pretty recogizable, even though the entropy is may be very close to maximum. >Of course, this assumes there is no other way to detect a hidden >message besides reversing the stego process and testing the result. Don't count on it. Statistical tests can find correlations you hadn't suspected were there. In fact, for some message types, _not_ finding the correlations may indicate dithering, or maybe a steganographic message. >property 3) the reverse stego process should product frequent "false >hits". In other words, the reverse stego process should frequently >produce high entropy bit sequences, even if there is no hidden >message. If the prior probabilities of the message type that you're hiding in are not random, the steganographic extraction shouldn't be either, because then there's a distinction between an unaltered container and an incoded one. Eric From hughes at ah.com Sat Mar 5 22:01:23 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 22:01:23 PST Subject: Stealth PGP In-Reply-To: <199403052203.OAA21880@jobe.shell.portal.com> Message-ID: <9403060552.AA08011@ah.com> >However it doesn't do anything special about disguising the >encrypted session key. And as Hal and I have been discussing, that's not at all an obvious problem. A filter for PGP messages cannot make them completely random for all the reasons presented. The session keys must be generated differently if the encrypted form if them is to have a flat distribution. To wit, PGP itself must change in order to make a random PGP output format. Eric From hughes at ah.com Sat Mar 5 22:14:10 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 5 Mar 94 22:14:10 PST Subject: Update on user-level hack to do telnet encryption posted recently Message-ID: <9403060605.AA08029@ah.com> Perry doesn't like Graham's hack for telnet style encryption. Graham doesn't like Perry's attitude. Such a _small_ teapot. For the forseeable future, there will be the need for link encryption where one is connecting to a site where the far end doesn't have encrypted telnet available, _for_whatever_reason_at_all. There are lots of reasons, e.g. site managers are busy and the user did not plan in advance. It doesn't really matter. If you can't alter the remote end except by a user process, that's what you use. Perry is absolutely correct that this hack is very bad as a long-term solution, but it is labelled a hack, after all. Nevertheless, there is need for a short term solution. Graham seems to have provided one part of that. Great. Just because you shouldn't need to be using it in two years is no reason to say it shouldn't be written. Eric From rishab at dxm.ernet.in Sun Mar 6 01:11:34 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 6 Mar 94 01:11:34 PST Subject: No Subject Message-ID: Everyone's talking about encrypted telnet. Has anyone at least READ the Kerberos FAQ? It's been in use for a while, and, to quote... > Kerberos is a network authentication system for use on physically > insecure networks, based on the key distribution model presented by > Needham and Schroeder.[3] It allows entities communicating over > networks to prove their identity to each other while preventing > eavsdropping or replay attacks. It also provides for data stream > integrity (detection of modification) and secrecy (preventing > unauthorized reading) using cryptography systems such as DES. > Practically speaking, Kerberos is mostly used in application-level > protocols (ISO model level 7), such as TELNET or FTP, to provide user > to host security. It is also used, though less frequently, as the > implicit authentication system of data stream (such as SOCK_STREAM) or > RPC mechanisms (ISO model level 6). It could also be used at a lower > level for host to host security, in protocols like IP, UDP, or TCP Being more 'official' than PGP, only a totally export-safe version has got out to ftp.funet.fi. Of course, it could be possible to patch PGP or something else into Bones, as the non-encrypting Kerberos is called. > An experimental Telnet Authentication Option has been > defined, and is described in RFC1416. (see also RFC1411). > These RFC's only define how > /authentication/ is to be performed; the standard for full encryption > is still under development. > An implementation of Kerberos V4 telnet is available via anonymous ftp > from ftp.uu.net, in /networking/telnet.91.03.25.tar.Z, but it predates > The IETF Common Authentication Technology Working Group is > currently defining security extensions for the FTP protocol. An > Internet Draft describing their work, and the source code for a > modified ftp/ftpd with the extensions, are now available > thumper.bellcore.com:pub/lunt/ftp.tar.Z > net-dist.mit.edu:tytso/ftp-wg/ftp.tar.Z ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ----------------------------------------------------------------------- From rishab at dxm.ernet.in Sun Mar 6 01:13:35 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 6 Mar 94 01:13:35 PST Subject: No Subject Message-ID: sdw at meaddata.com (Stephen Williams): > on pictures with few colors and a large amount of a small number of > colors (like cartoons, etc. with a backround), you could use the > unused color table entries. You set these to be the same colors as > the correspondingly largest used colors and use them when juxtaposed > with their color. This, and other similar methods will of course only work with GIFs; the problem is that GIFs compress, and the loss of compression caused by adding to the color table could be noticed, as could the fact that there are multiple entries with the same value. It's also somewhat more complicated for stego users to figure out where the data is - unless you use a 'standard' header or format, which is as known to the NSA as to cypherpunks. What worries me more about many stego methods is their assumption that 'stegging' a picture will not be noticed. I am not so sure, even if you stick to the LSB of an 8-bit blue channel of a 24-bit hi-res scan. Things like the abnormal frequency of 1s as mentioned earlier, are almost as easy to build into your stego program as to detect. I've worked a lot with images, particularly image recognition, and have seen many surprising similarities among pictures of some category that are human-noticable only after considerable statistical analysis (or filtering through sophisticated neural networks). It may well be possible to develop highly CPU-intensive techniques that can detect, or indicate suspicion towards, 'stegged' images. Unless, of course, equally complex stego techniques are developed, which will probably have the extremely low message-to-image ratio of the old 'letter to granny' codes. (Message in third letter of alternate words, etc., in innocuous, plausible letter.) This whole cat and mouse game with the authorities reminds me of the reaction I had to the story in Wired 2.02 on the Stealth watchers. OK, intrepid renegades take zoom-lens photos and listen in to secret frequencies, but only because US authorities don't REALLY mind. Come on, if Big Brother were really serious, Phil Zimmerman (and most of us on this list) would have been shot long ago, democracy be damned. As it so happens, PEOPLE still vote, not SPIES. From julf at penet.fi Sun Mar 6 02:45:50 1994 From: julf at penet.fi (Johan Helsingius) Date: Sun, 6 Mar 94 02:45:50 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <199403052110.VAA27482@an-teallach.com> Message-ID: <199403061045.AA21401@lassie.eunet.fi> > Perry, I'm no longer interested in what you have to say. You've been > a wet blanket and have pooh-poohed every practical suggestion I've > ever seen anyone making - weren't you one of the first people to > post to the netphone project telling us we were all wasting our time? > > Cypherpunks write code, except when asked not to by Perry Metzger. Sigh. If trying to avoid re-inventing square wheels and duplicating stuff that has already been done is being a wet blanket, then I have to say I am very proud to join Perry in the "pseudo-tentacle wet blanket club". One of the major reasons I still read this list is so that I can find out when I am wasting my time - if somebody has come up with a workable solution, and it seems likely to gain wide acceptance, it is rather stupid of me to hide in my magical cyberspace fairytale virtualland and write code that no-one is going to pick up and use. But of course I am free to do so, should I so desire... Julf From gtoal at an-teallach.com Sun Mar 6 04:39:22 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sun, 6 Mar 94 04:39:22 PST Subject: Update on user-level hack to do telnet encryption posted recently Message-ID: <199403061234.MAA27780@an-teallach.com> As for this current "idea", with an implementation of an encrypted STANDARD telnet already written and likely available soon for anonymous FTP, I think I'm being sane, not "a wet blanket". You can already get a version of the Cray telnet that implements the authentication code and hack in a reimplementation of the encryption code if you wish. See below for that. However, producing silly non-standard telnet hacks makes little sense. Perry, I *already* have the bsd4.4 Kerberized telnet with DES that comes with the BSDI distribution (original code in the US, a re-implementation on supplementary floppies in the UK) - I've had it for half a year now, and you know what? - it's of no use to me at all. Not *one* of the dozen odd sites I telnet to is running it. Maybe in several years time we'll all be running the same encrypted telnet, but for now I want *something* to keep the nosey little kids from reading my packets and if I have to ftp a short source and compile it every time I log in somewhere then that's what I'll do. I bet my telnet sessions are secure a lot sooner than yours are. The degree of that security depends to some extent on how much help I get implementing a stream cypher because I'm not sure I trust myself to do it properly. So I would really appreciate if you don't think this project is worthwhile, that you simply don't contribute rather than going out of your way to encourage others not to as well. G From leonar716 at aol.com Sun Mar 6 04:54:57 1994 From: leonar716 at aol.com (leonar716 at aol.com) Date: Sun, 6 Mar 94 04:54:57 PST Subject: delete from list Message-ID: <9403060753.tn279686@aol.com> delete my name from cypherpunks BBS From pmetzger at lehman.com Sun Mar 6 07:16:57 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 6 Mar 94 07:16:57 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <9403060605.AA08029@ah.com> Message-ID: <9403061516.AA17049@andria.lehman.com> Eric Hughes says: > For the forseeable future, there will be the need for link encryption > where one is connecting to a site where the far end doesn't have > encrypted telnet available, _for_whatever_reason_at_all. There are > lots of reasons, e.g. site managers are busy and the user did not plan > in advance. It doesn't really matter. If you can't alter the remote > end except by a user process, that's what you use. I strongly disagree. If you truly insist, run your own telnetd on the remote machine. Don't run a hack. However, the right solution is to get the site manager to replace their telnet, a process that takes minutes and which, given the current epidemic of line tapping, is of obvious necessity even to the brain damaged. As I've noted, however, its trivial to run your own telnetd on another port if you absolutely insist. Perry From sinclai at ecf.toronto.edu Sun Mar 6 07:18:13 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Sun, 6 Mar 94 07:18:13 PST Subject: Standard for SteGAnography In-Reply-To: <9403050751.AA13101@toad.com> Message-ID: <94Mar6.101754edt.11542@cannon.ecf.toronto.edu> > > know = 100% objective certainty > Well, OTP gives you this. Probabilistic encryption does too, I > think (the original version -- not the practical version). Quantum > cryptography is pretty close, depending on how much trust you place > in the laws of physics. Granted, none of these are very useful. Don't forget Dining Cryptographer's nets and CalShad nets. From pmetzger at lehman.com Sun Mar 6 07:26:47 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 6 Mar 94 07:26:47 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <199403061234.MAA27780@an-teallach.com> Message-ID: <9403061526.AA17058@andria.lehman.com> Graham Toal says: > Perry, I *already* have the bsd4.4 Kerberized telnet with DES that comes with > the BSDI distribution (original code in the US, a re-implementation on > supplementary floppies in the UK) Not the same program at all. Why don't you actually read some of the RFCs instead of making yourself look foolish? > Not *one* of the dozen odd sites I telnet to is running it. Have you asked them to run it? Have you considered simply running the daemon yourself on another port instead of implementing some crude hack? Perry From werner at mc.ab.com Sun Mar 6 10:07:08 1994 From: werner at mc.ab.com (tim werner) Date: Sun, 6 Mar 94 10:07:08 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <9403061516.AA17049@andria.lehman.com> Message-ID: <199403061806.NAA19210@sparcserver.mc.ab.com> >From: "Perry E. Metzger" >Sender: owner-cypherpunks at toad.com >... As I've noted, however, >its trivial to run your own telnetd on another port if you absolutely >insist. > >Perry How do you do that? From mg5n+ at andrew.cmu.edu Sun Mar 6 10:48:27 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 6 Mar 94 10:48:27 PST Subject: Stealth PGP Message-ID: There are actually several clever ways that you can get around the problem with the RSA encrypted data being less than the modulus. The simplest is to encrypt it more than once. Suppose you have a modulus m of legnth n. You then create a block of data to encrypt, b, of legnth n. If b is less than m, encrypt it with RSA. If not, don't encrypt it. Then take 2^n-b-1 (which, btw, is the same as xoring b with all one-bits). If that result is less than m, encrypt it with RSA. Since m is greater than half of 2^n (it must be, otherwise it would be less than legnth n), all possible plaintexts will be encrypted at least once with RSA, some twice. This does leave a somewhat uneven distribution of values when comparing plaintext and ciphertext (which can be minimized by more encryptions), but that only shows up when and if the message is decrypted; as long as you use random padding properly before encrypting, the encrypted data will look completely random. My ideal "Stealth-PGP" would work something like this: Take a file, encrypt it with a random session key, prepend the session key to the file, encrypt the first n bytes (which include the session key and part of the encrypted data) with RSA if it's less than m, XOR it (reverse all bits), and then encrypt with RSA if that's less than m. Actually, putting the data inside the RSA might not be a good idea, it would not work well for small files unless you added a legnth byte. Maybe the RSA part could just be filled with random padding... From banisar at washofc.cpsr.org Sun Mar 6 11:06:16 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 6 Mar 94 11:06:16 PST Subject: Time Article on Clipper Message-ID: <9403061401.AA55948@Hacker2.cpsr.digex.net> Time Magazine June 7, 1994 TECHNOLOGY WHO SHOULD KEEP THE KEYS? The U.S. government wants the power to tap into every phone, fax and computer transmission BY PHILIP ELMER-DEWITT Until quite recently, cryptography -- the science of making and breaking secret codes -- was, well, secret. In the U.S. the field was dominated by the National Security Agency, a government outfit so clandestine that the U.S. for many years denied its existence. The NSA, which gathers intelligence for national security purposes by eavesdropping on overseas phone calls and cables, did everything in its power to make sure nobody had a code that it couldn't break. It kept tight reins on the ''keys'' used to translate coded text into plain text, prohibiting the export of secret codes under U.S. munitions laws and ensuring that the encryption scheme used by business -- the so-called Digital Encryption Standard -- was weak enough that NSA supercomputers could cut through it like butter. But the past few years have not been kind to the NSA. Not only has its cover been blown, but so has its monopoly on encryption technology. As computers -- the engines of modern cryptography -- have proliferated, so have ever more powerful encryption algorithms. Telephones that offered nearly airtight privacy protection began to appear on the market, and in January U.S. computermakers said they were ready to adopt a new encryption standard so robust that even the NSA couldn't crack it. Thus the stage was set for one of the most bizarre technology-policy battles ever waged: the Clipper Chip war. Lined up on one side are the three- letter cloak-and-dagger agencies -- the NSA, the CIA and the FBI -- and key policymakers in the Clinton Administration (who are taking a surprisingly hard line on the encryption issue). Opposing them is an equally unlikely coalition of computer firms, civil libertarians, conservative columnists and a strange breed of cryptoanarchists who call themselves the cypherpunks. At the center is the Clipper Chip, a semiconductor device that the NSA developed and wants installed in every telephone, computer modem and fax machine. The chip combines a powerful encryption algorithm with a ''back door'' -- the cryptographic equivalent of the master key that opens schoolchildren's padlocks when they forget their combinations. A ''secure'' phone equipped with the chip could, with proper authorization, be cracked by the government. Law-enforcement agencies say they need this capability to keep tabs on drug runners, terrorists and spies. Critics denounce the Clipper -- and a bill before Congress that would require phone companies to make it easy to tap the new digital phones -- as Big Brotherly tools that will strip citizens of whatever privacy they still have in the computer age. In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it. The battle lines were first drawn last April, when the Administration unveiled the Clipper plan and invited public comment. For nine months opponents railed against the scheme's many flaws: criminals wouldn't use phones equipped with the government's chip; foreign customers wouldn't buy communications gear for which the U.S. held the keys; the system for giving investigators access to the back-door master codes was open to abuse; there was no guarantee that some clever hacker wouldn't steal the keys. But in the end the Administration ignored the advice. In early February, after computer- industry leaders had made it clear that they wanted to adopt their own encryption standard, the Administration announced that it was putting the NSA plan into effect. Government agencies will phase in use of Clipper technology for all unclassified communications. Commercial use of the chip will be voluntary -- for now. It was tantamount to a declaration of war, not just to a small group of crypto-activists but to all citizens who value their privacy, as well as to telecommunications firms that sell their products abroad. Foreign customers won't want equipment that U.S. spies can tap into, particularly since powerful, uncompromised encryption is available overseas. ''Industry is unanimous on this,'' says Jim Burger, a lobbyist for Apple Computer, one of two dozen companies and trade groups opposing the Clipper. A petition circulated on the Internet electronic network by Computer Professionals for Social Responsibility gathered 45,000 signatures, and some activists are planning to boycott companies that use the chips and thus, in effect, hand over their encryption keys to the government. ''You can have my encryption algorithm,'' said John Perry Barlow, co-founder of the Electronic Frontier Foundation, ''when you pry my cold dead fingers from my private key.'' The seeds of the present conflict were planted nearly 20 years ago, when a young M.I.T. student named Whitfield Diffie set out to plug the glaring loophole in all traditional encryption schemes: their reliance on a single password or key to encode and decode messages. Ultimately the privacy of coded messages is a function of how carefully the secret decoder keys are kept. But people exchanging messages using conventional coding schemes must also find a way to exchange the key, which immediately makes it vulnerable to interception. The problem is compounded when encryption is employed on a vast scale and lists of keys are kept in a central registry. Diffie's solution was to give everybody two keys -- one that could be widely distributed or even published in a book, and a private key known only to the user. For obscure mathematical reasons, a message encoded with either key could be decoded with the other. If you send a message scrambled with someone's public key, it can be turned back into plain text only with that person's private key. The Diffie public-key encryption system could solve one of the big problems facing companies that want to do business on the emerging information highway: how to collect the cash. On a computer or telephone network, it's not easy to verify that the person whose name is on a credit card is the one who is using it to buy a new stereo system -- which is one of the reasons catalog sales are rife with fraud. But if an order confirmation encoded with someone's public key can be decoded by his or her private key -- and only his or her private key -- that confirmation becomes like an unforgeable digital signature. However, public-key encryption created a headache for the NSA by giving ordinary citizens -- and savvy criminals -- a way to exchange coded messages that could not be easily cracked. That headache became a nightmare in 1991, when a cypherpunk programmer named Phil Zimmermann combined public-key encryption with some conventional algorithms in a piece of software he called PGP -- pretty good privacy -- and proceeded to give it away, free of charge, on the Internet. Rather than outlaw PGP and other such programs, a policy that would probably be unconstitutional, the Administration is taking a marketing approach. By using its purchasing power to lower the cost of Clipper technology, and by vigilantly enforcing restrictions against overseas sales of competing encryption systems, the government is trying to make it difficult for any alternative schemes to become widespread. If Clipper manages to establish itself as a market standard -- if, for example, it is built into almost every telephone, modem and fax machine sold -- people who buy a nonstandard system might find themselves with an untappable phone but no one to call. That's still a big if. Zimmermann is already working on a version of PGP for voice communications that could compete directly with Clipper, and if it finds a market, similar products are sure to follow. ''The crypto genie is out of the bottle,'' says Steven Levy, who is writing a book about encryption. If that's true, even the nsa may not have the power to put it back. Reported by David S. Jackson/San Francisco and Suneel Ratan/Washington Copyright 1994 Time Inc. All rights reserved. Transmitted: 94-03-06 13:04:08 EST From hfinney at shell.portal.com Sun Mar 6 11:21:28 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 6 Mar 94 11:21:28 PST Subject: Truly Stealthy PGP (algorithm) Message-ID: <199403061922.LAA26901@jobe.shell.portal.com> (I'm having a bit of trouble with my mail UA; all of my saved messages on this thread keep disappearing, so I apologize for a slight lack of continuity here. I'm having to work solely from memory of the earlier discussion.) If I understand Eric's general idea, we would keep trying session keys under a set of rules which would lead to the desired statistical distribution of the encrypted key. Here is an algorithm which would work. (I hope I am remembering the notation Eric used correctly.) Let L be the next power of 256 above the modulus n. Let t be the integer part of L/n, so that L = n*t + s with s in [0,n). Call the PGP IDEA session key SK, and the encrypted version of that m = SK^e. Now do these steps: 1) Pick a random SK in [0,n). 2) RSA-encrypt it to form m = SK^e mod n. 3) Choose a random k in [0,t]. 4) Calculate the "stegged" encrypted key as M = m + k*n. This will be uniform in [0,(t+1)*n) if m is uniform in [0,n), which I think it is. 5) if M is not in [0,L) (i.e. if M >= L) then go back to step 1. 6) Otherwise store M as a raw binary number taking log base 256 of L bytes. The idea is that once we get M uniform in [0,(t+1)*n) we can make it uniform in [0,L) simply by rejecting those candidates which were too high. This will only happen if k=t and m>=s. Now, it seems to me that the worst case for rejection is when n=L-1, in which case t=1, s=1, and almost one-half of all initial SK choices will be rejected. Following Eric's reasoning, this would be an effective loss of one bit of key length, from say 1024 to 1023, which is tolerable. (Eric actually suggested that as many as two bits could be lost, but I don't see that happening with this algorithm. It doesn't really matter anyway because both 1 and 2 are so small.) Using this algorithm with the current Stealth PGP would produce a "truly stealthy" version which I think would be indistinguishable from random bytes without access to the receiver's private key. Hal From banisar at washofc.cpsr.org Sun Mar 6 11:41:42 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 6 Mar 94 11:41:42 PST Subject: Time Article on Clipper Message-ID: <9403061445.AA48291@Hacker2.cpsr.digex.net> > Message-Id: <9403061401.AA55948 at Hacker2.cpsr.digex.net> > Date: Sun, 6 Mar 1994 14:01:55 -0500 > From: Dave Banisar > To: clipper at washofc.cpsr.org > Subject: Time Article on Clipper > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > Time Magazine June 7, 1994 > > > TECHNOLOGY > > WHO SHOULD KEEP THE KEYS? > oops I got ahead of myself there. That should be March 14. Look for it on your newsstand tomorrow. From gtoal at an-teallach.com Sun Mar 6 12:00:49 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sun, 6 Mar 94 12:00:49 PST Subject: Update on user-level hack to do telnet encryption posted recently Message-ID: <199403062000.UAA17352@an-teallach.com> > Perry, I *already* have the bsd4.4 Kerberized telnet with DES that comes with > the BSDI distribution (original code in the US, a re-implementation on > supplementary floppies in the UK) Not the same program at all. Why don't you actually read some of the RFCs instead of making yourself look foolish? Well if you have nothing useful to contribute but won't shut up anyway, I will. This conversation is over. > Not *one* of the dozen odd sites I telnet to is running it. Have you asked them to run it? Have you considered simply running the daemon yourself on another port instead of implementing some crude hack? I already do this. Goodbye. :: ^From.*metzger |/dev/null G From pmetzger at lehman.com Sun Mar 6 12:09:16 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 6 Mar 94 12:09:16 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <199403062000.UAA17352@an-teallach.com> Message-ID: <9403062009.AA17340@andria.lehman.com> Graham Toal says: > Well if you have nothing useful to contribute but won't shut up anyway, > I will. This conversation is over. For the benefit of those who aren't being petulant, I will repeat: The existing, already implemented and available, cryptographic authentication (but not encrypted) version of the new BSD telnet is available from: ftp.cray.com(128.162.15.3):src/telnet/telnet.94.02.07.NE.tar.Z This is not theoretical code; it really exists. See for yourself. No, it doesn't just do kerberos. The proposed telnet encryption and authentication RFCs are available in the same directory. The BSD 4.4 domestic distribution already has the encrypted version of the code in it; perhaps someone should "liberate" it. Those wishing to run an encrypted telnet to a remote machine that does not support the new telnet options should ask the remote system administrator to install the new telnet, which compiles on virtually every architecture around, including SVR4 (or at least Solaris). Failing that, you can run your own telnetd on the remote host. Sorry if suggesting that people use already existing code is being a "wet blanket". Perry From jmueller at gac.edu Sun Mar 6 13:42:04 1994 From: jmueller at gac.edu (Joel T Mueller) Date: Sun, 6 Mar 94 13:42:04 PST Subject: PGP (surprise, surprise..) Message-ID: <9403062141.AA06273@gac.edu> Greetings, Could anyone tell me, is it true that PGP 2.3 was watered down to appease the RSA folks? If so, would it be a better idea to use 2.2? Thanks. -- Joel Mueller - GAT/O -d+(---) -p+ c++@ l+ u++ e m+ s+/- n- h-- f+@ g+(-) w+ t(--) ry? PGP 2.3a Public Key : finger jmueller at gac.edu or on keyservers. 0C6D75 01 0E 16 A7 29 C4 48 75 54 CD 99 09 88 88 3C 39 From fhalper at pilot.njin.net Sun Mar 6 13:48:51 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Sun, 6 Mar 94 13:48:51 PST Subject: Mondex card Message-ID: <9403062148.AA23777@pilot.njin.net> I don't know if you all have heard of the Mondex card that is going to be impl -emented in England. Does anyone have any info/articles on it (the New York Times had a small piece in the Sunday Magazine)? Will foreigners be given Mondex cards when they enter the country? Reuben Halper PGP key available on request From jim at bilbo.suite.com Sun Mar 6 16:17:41 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Sun, 6 Mar 94 16:17:41 PST Subject: some technical steganography Message-ID: <9403070012.AA20650@bilbo.suite.com> > >> I assert that an "unrecognizable encrypted message" will be a >> random sequence of bits. Is my assertion correct? > > It's neither correct or incorrect because the specific > notion of randomness hasn't been specified. > I don't understand what you mean by "specific notion of randomness hasn't been specified". How many different "notions of randomness" are there? > Your statement is falsifiable, however, since > sometimes a non-random string of bits is what you want to > get out, if what you would expect to get out normally was > also non-random. And you want them to be non-random in the > same way. > I agree. The output of the reverse stego process should produce similar results, regardless of the presence of a hidden message. That's the point I've been trying to make. I've been attempting to make that point by describing a hypothetical stego system that, when run in reverse, produces a random sequence of bits. I suppose there could be other hypothetical stego systems that produce non-random output, but then you would need a decryption system that could understand and decrypted that non-random output. I prefer random bit sequences. Or perhaps I should say - bit sequences with no apparent structure. > > Of course, this assumes there is no other way to detect a > > hidden message besides reversing the stego process and > > testing the result. > > > > Don't count on it. Statistical tests can find > correlations you hadn't suspected were there. In fact, > for some message types, _not_ finding the correlations > may indicate dithering, or maybe a steganographic > message. > I agree completely. This is a large part of what makes effective steganography so difficult to achieve. Jim_Miller at suite.com From norm at netcom.com Sun Mar 6 16:34:06 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 6 Mar 94 16:34:06 PST Subject: Format of PGP ciphered message Message-ID: <199403070034.QAA26077@mail.netcom.com> Is there any specification of the format of a PGP enciphered message short of the program itself? From wcs at anchor.ho.att.com Sun Mar 6 16:51:22 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 6 Mar 94 16:51:22 PST Subject: PGP (surprise, surprise..) Message-ID: <9403070050.AA04935@anchor.ho.att.com> Joel Mueller asks: > Could anyone tell me, is it true that PGP 2.3 was watered down to > appease the RSA folks? If so, would it be a better idea to use 2.2? > Thanks. No, of course it wasn't. There was some hoax article on the network purporting that PGP was rigged, which didn't even have Phil's name right. First of all, you can look at the code yourself, and see the differences between 2.2 and 2.3 and successors - the discussion on the net centered around bug fixes and getting things to work consistently across platforms. Second (or zeroth), RSA has been annoyed at Phil for a while :-) Among other things that have been done to deal with this, Phil is no longer developing mainstream freeware PGP, though he has worked on licensed commercial versions like ViaCrypt. The PGP official development is going on outside the US, where it's not covered by the PKP/RSA patents and where there isn't a problem exporting the code (US ITAR doesn't forbid importing crypto software.) So don't worry. If you're concerned about not violating RSA's patent, buy the VIaCrypt port for $100 (plus shipping and sales tax.) Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From pmetzger at lehman.com Sun Mar 6 17:05:49 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 6 Mar 94 17:05:49 PST Subject: Format of PGP ciphered message In-Reply-To: <199403070034.QAA26077@mail.netcom.com> Message-ID: <9403070104.AA17554@andria.lehman.com> Norman Hardy says: > Is there any specification of the format of a PGP enciphered message short > of the program itself? Yes. It comes with the PGP docs. Perry From avalon at coombs.anu.edu.au Sun Mar 6 18:21:38 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Sun, 6 Mar 94 18:21:38 PST Subject: Update on user-level hack to do telnet encryption posted recently In-Reply-To: <9403062009.AA17340@andria.lehman.com> Message-ID: <9403070221.AA21299@toad.com> Has anyone got an encrypted version of that port bouncer program done yet ? And a `client' to go with it (be useful). I figure this could be used to solve the telnet problem... but does anyone have any suggestions for rlogin or just disable it ? From dmandl at panix.com Sun Mar 6 18:21:43 1994 From: dmandl at panix.com (David Mandl) Date: Sun, 6 Mar 94 18:21:43 PST Subject: PGP (surprise, surprise..) Message-ID: <199403070221.AA19552@panix.com> jmueller at gac.edu says: >Greetings, > > Could anyone tell me, is it true that PGP 2.3 was watered down to >appease the RSA folks? If so, would it be a better idea to use 2.2? Thanks. Completely untrue. I can assure you that RSA was no more appeased by 2.3 than by 2.2, though there is now of course a truly legal version in ViaCrypt PGP. Source code for the guerilla-ware versions is as always available for your inspection, and you're free to compile it yourself. You should use the latest one, period (I believe it's currently 2.3a for MS-DOS and UNIX; MacPGP is 2.3). --Dave. -- Dave Mandl dmandl at panix.com From hughes at ah.com Sun Mar 6 18:37:08 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 6 Mar 94 18:37:08 PST Subject: some technical steganography In-Reply-To: <9403070012.AA20650@bilbo.suite.com> Message-ID: <9403070228.AA09368@ah.com> >How many different "notions of randomness" >are there? Notions of randomness fall into two basic categories, probabilistic and statistical. The dividing line between the two of them is whether you are doing inference forward or reverse. In both cases the randomness means evenly distributed. Probabilistic randomness is inference forward. One assumes a distribution of states before, the priors, and calculates the expected distribution of states after, the posteriors. Quantum mechanical randomness is probabilistic randomness, since quantum randomness is held to be inherent in nature, and from that predictions can be made about the future. The analysis of gambling strategies is probabilistic, since one assumes something random, like dice rolls or deck shuffles, and infers what the likely outcomes might be. Statistical randomness is inference backward. One takes an observed set of posteriors and tries to deduce whatever is available about the priors. Cryptographic randomness is of this nature, since one is presented with ciphertext and asked to figure out the plaintext. Two major questions about statistical randomness and decidability, "Can I see a pattern in it?", and compressibility, "Can I make a smaller representation of it?" Something is statistically random if one cannot answer questions about it more accurately than by guessing. There are various sorts of statistical randomness, depending on what analytical tools are available. If you allow any Turing machine, you get algorithmic complexity concepts like Kolmogorov-Chaitin randomness. There is randomness which is incompressibility to a particular coder. There is randomness with respect to statistical measures; one can take the difference of an observed posterior distribution and a probabilistically calculated posterior distribution and apply standard statistical tests. How far is this distribution from expected, and is the likelihood for this difference? >I prefer random bit >sequences. Or perhaps I should say - bit sequences with no apparent >structure. Your clarification makes a difference. Randomness as lack of structure can be quantified by looking for conditional probabilities. E.g. P( x_0 = 1 | x_3 = 0 ) is the conditional probability that x_0 is 1 in the case that x_3 = 0. If this probability is not 1/2 exactly, then you have a correlation. Conditional probabilities in general get hairy fast, even when the predicates, i.e. the events, are limited to particular bits equalling zero or one, and the standard propositional connectives "and", "or", & "not". There are questions of independence whose resolution requires a detour into predicate logic. E.g. P( x = 0 | x = 1 ) = 0, clearly, because the two events are logically dependent. One of the ways of measuring these probabilities in the aggregate is with entropy measures. The entropy of a probability distribution is the expected value of the negative logarithm. If you can determine an entropy which is not maximal, then you've found a correlation, even if exploiting the correlation might not be obvious. This maximality must be exact, and not approximate. For example, in the example I gave with 16 zero bits prepended to a random message, the bit entropy deviates ever so slightly from maximal, but that indicates a correlation. The problem is that that entropy is a probabilistic entropy, not a statistical one. Had we measured the same entropy value, it would not have allowed us to conclude anything, if all we had was the entropy. We could have also just looked at the first few bits. Anyway, since entropies are expected values on probabilities, one can also have conditional entropies as well. The criteria for non-recognizability is that all conditional entropies are maximal. This, again, is a probabilistic notion, since the calculation of all conditional entropies for a particular message is an exponential time algorithm. Eric From craig at hebron.connected.com Sun Mar 6 18:52:28 1994 From: craig at hebron.connected.com (ANGeL) Date: Sun, 6 Mar 94 18:52:28 PST Subject: New mailing list? In-Reply-To: <199403050033.QAA23619@net.bio.net> Message-ID: I agree completely. I've been kind of lurking since I joined the list, mainly because I don't know much technical cryptography, and have been here mainly to learn more. This list traffic is starting to get to be just too much. (65 new messages today) /|NGeL of |>eATH 21 keystrokes south of Seattle (on a clear day) Finger me for my PGP 2.3a public key. Have you terrorized a Republican today? From craig at hebron.connected.com Sun Mar 6 18:53:23 1994 From: craig at hebron.connected.com (ANGeL) Date: Sun, 6 Mar 94 18:53:23 PST Subject: Meeting in Seattle? In-Reply-To: Message-ID: > > Is anyone in Seattle setting up a link for the meeting? If so, please let > > me know. > > I'm in Seattle but my impression is that there aren't many people on the > list here. > You could be wrong about that. Maybe we could set up a link. /|NGeL of |>eATH 21 keystrokes south of Seattle (on a clear day) Finger me for my PGP 2.3a public key. Have you terrorized a Republican today? From craig at hebron.connected.com Sun Mar 6 18:54:38 1994 From: craig at hebron.connected.com (ANGeL) Date: Sun, 6 Mar 94 18:54:38 PST Subject: basic RSA info Message-ID: I'm working on writing some simple code fora class, and I was wondering if anyone had some information on the RSA algorithm that I could look at. I don't know a lot about cryptology at the moment, so I'd need it in layman's terms. /|NGeL of |>eATH 21 keystrokes south of Seattle (on a clear day) Finger me for my PGP 2.3a public key. Have you terrorized a Republican today? From jdwilson at gold.chem.hawaii.edu Sun Mar 6 18:58:38 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Sun, 6 Mar 94 18:58:38 PST Subject: spooks In-Reply-To: <9403031629.AA09423@pilot.njin.net> Message-ID: <9403070258.AA08019@gold.chem.hawaii.edu> > > If there are any spooks on this list aren't they required by law to say that > they are if somoeon asked if anyone on on th list was employed by CIA, DOD, FBI > or NSA? > Reuben Halper > If undercover police can tell you that they are not a cop and then arrest you without your being able to claim entrapment, why should the three letter agency agents be compelled to do so by law? (Not an arguement in favor of this but a question as to what law would require this.) -Jim From hfinney at shell.portal.com Sun Mar 6 19:40:47 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 6 Mar 94 19:40:47 PST Subject: Where'd pgptools go? Message-ID: <199403070341.TAA01514@jobe.shell.portal.com> I notice on csn.org:/mpj there is now pgptl10d.zip, PGP Tools version 1.0d. However, 1.0d is not the whole PGP Tools program. It is just an addendum which implements Diffie-Hellman. Apparently pgptl10c.zip is still needed to give you the whole of PGP Tools. Does anyone know of an FTP site which still has pgptl10c available? Thanks - Hal From rcain at netcom.com Sun Mar 6 20:44:14 1994 From: rcain at netcom.com (Robert Cain) Date: Sun, 6 Mar 94 20:44:14 PST Subject: Screen and secure sessions Message-ID: <199403070444.UAA19567@mail.netcom.com> What follows is part of a dialog I am having with netcom support right now about the use of the Screen hyper-shell. I've been using it between home and work and it is awesome if you have never seen it. The man pages for it in ascii are ~rcain/pub/screen.man if you are on netcom and want to check out what it can do. There is someplace here I could put it for anon ftp if somebody could tell me the name of that drirectory from a netcom shell. The dialog starts as a discussion of the problem I have with the two or three minute inactivity timeout on the San Jose modems and is mostly about the low impact I see it having on resource usage. If you know all about Screen or aren't really interested in a bunch of justification, go forward about 100 lines to get to the part that discusses crypto. Peace, Bob > Netcom Support sez: > > > > Robert Cain writes: > > > > > > [some stuff deleted] > > > > > > First the short duration of your modem timeout pushes the envelope of > > > the ridiculous. I'm not sure what it is but when a brief conversation > > > or call of nature causes it to disappear *IT IS TOO DAMNED SHORT*. > > > > I'm sorry you have a problem with our policy, but we have no > > intent to change it in the future. We'll take your suggestions > > under consideration, but as I said we have no plans to modify > > it at this time. > > You certainly sound intransigent. What would the implications of > doubling it be for example? You could at least try it for a while > and see if it has the effect of increasing the load on modem banks > signifigantly. What is the currently programmed inactivity interval > anyway? I lost it again in the middle of this damned note because > I got a phone call. Damn I hate it when that happens. At lest > this time there was a "vi -r" message in my mailbox after logging > on. > > > > > > > I have a solution to this that I am using on our sun network at > > > work. It is a package called "screen" that has wonderful features > > > like multiple windows (all stacked one atop the other) that are > > > easy to create and switch between if you want several contexts > > > available at once. The most exciting feature is that if I wish > > > to or if my line goes down, I can reconnect to it at the next > > > login and pick up as if nothing had happened. This would be a > > > wonderful feature at netcom too. I know that your no nohup > > > hacks prevent us from having processes that persist when we log > > > off (OR ARE FORCED OFF) but if you changed that specifically > > > for the screen processes and it's descendants to instead reduce > > > them to the lowest possible priority until a reconnect then all > > > this hassle would go away and netcom could offer a very neat > > > feature. IBM mainframes have had disconnect/reconnect forever and > > > I've never understood the lack of it on Unix. Here it is! It > > > is a very friendly and powerful capability. Users would love it > > > and the cost to netcom would be entries in process tables and > > > swap space for the processes. You seem to have more than enough > > > of those kinds of resources now. Please consider it. > > > > The use of "Screen" is not supported on Netcom because of its drain on > > system resources. It violates our policy against running detached > > backround processes. This is also a policy we have no plans to modify > > at this time. > > Hmmm, I'm not sure you read me. What I am suggesting would not > violate the intent of your policy WRT detached background processes. > Let me try and persuade you. > > If whatever you use to kill processes upon detachment, logout or forced > by timeout, could instead merely lower their priority to the minimum > then, as I said, they would not load the system's cycle capacity, > merely occupy some process specific tables and some swap space. I am > pretty sure that in one of the netcom newsgroups (to which I am posting > a copy of this) we hassled this out and it was determined what the cost > in real memory was for a process's tables that was totally swapped > out. It was truly insignifigant in proportion to the size of real > memory that is on the systems. There is little drain on system > resources if you do this unless the number of processes becomes > absurdly high. > > Yes, there is a cost for swap space. Is it possible to set up your > unix to use more than one swap area? If so then it could be arranged > that a user's pages were swapped into storage he is paying for > (possibly after he/she had exceeded some limit in the system swap > area) and then this would become a revenue generator for netcom rather > than a drain on resources. If that is not a thing you know how to do > then you could simply establish a daemon that checks the number of > processes (or the total size) and warns the user when he is in > violation of the limit. That limit should be based on a determination > of the real cost in process tables and swap space rather than just set > arbitrarily. I don't see how my request does much more than offer > serial line users enjoy!!>. They can and do stay logged in indefinitely and in effect have > various processes running all the time without concern about an > inactivity timeout. > > Arguing against having a bunch of virtual windows makes no sense > because you can effect that if you know emacs reasonably well anyway. > Screen is just an easier way that doesn't require one to learn emacs. > As a hypershell, Screen has *many* powerful features for power users. > For fairly naive users only a fairly few keystrokes need be > remembered to use it's most useful features. In combination with > the menu program you offer it would be very powerful across a slow > line. > > One of Screen's features is a rather elaborate filtering mechanism whereby > all incoming keystrokes and outgoing screen data can be filtered by > user programs. I would like to use this to add encryption for my phone > line. It would be straightforward to encrypt my outgoing and incoming > data here at my PC that is acting as a terminal since I think my terminal > emulator has similar filter hooks so the same programs that I used on > the netcom end or my work end would function on this end as well if I > explicitly wrote them to be that way. Given that, I would make Screen > effectively my login shell, have it negotiate (via the filters) a > secure link with my terminal emulator here at home and then go through > another password process before invoking my startup shell. Viola I no > longer have to worry about someone grabbing my real password nor can I > be snooped or spoofed between my system and a system at netcom. This > has *HUGE* advantages to users and I will use a cypher (IDEA) in a mode > that is *very* fast so that the system load that would be introduced > by the crypdec filters would not be all that great. I have all the > necessasary C libraries of long integer math routines and hard crypto > functions as well as the theoretical knowledge of crypto needed to code > what's left to write such a filter. > > Hell, Screen's capability would *greatly* enhance Netcom's account > attractiveness and good crypto could be used as a big selling point in > attracting commercial accounts where you make substantial profit per > account. In fact when I get this to work I wouldn't be surprised if > users demand it. :-) > > I have the man pages for Screen in my ~rcain/pub directory if anybody > at netcom wants to check out Screen's capabilities. I could also > make them temorarily available for incoming anon ftp if requested. > Now, while all this is true in theory, in all honesty I am too deeply involved in other things (like a day job) to actually do the implementation I speak of but I *do* have all the tools if anybody else wants to take a shot at writing the filters. Since screen runs across rlogin just fine, if this were done I could rlogin to any other machine on the net and have a secure session across the net. I think it could also be made to be secure across "talk" or "irc" sessions and even email between machines. It could also be used as the front end to any text based telnet port too. So if you want to be able to dial in securely at least and communicate with a system that is secure, and across systems that are secure badly enough to put the time into it (or pay me enough to quit my day job :-), here is a chance to maybe make some history. I think this is the right way to get a start on global network security. Screen offers such a rich environment for single windowed connections already that it is a natural starting point given that it's author has thought ahead to the kinds of filters we need. It also could care less what shell you run and it is transparent to the applications running below it (from the experience I have had to date) It is a work of art to begin with IMHO and with this crypdec capability there would hardly be a reason not to use it since if you don't know it and don't want to learn, you won't know Screen is there until you invoke it's commands with the ctrl-A key (which can be changed to anything else as an escape if you use applications that are fond of ctrl-A.) Peace and hoping, Bob -- Bob Cain rcain at netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------ -- From markh at wimsey.bc.ca Sun Mar 6 21:29:15 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Sun, 6 Mar 94 21:29:15 PST Subject: Where'd pgptools go? Message-ID: > I notice on csn.org:/mpj there is now pgptl10d.zip, PGP Tools version > 1.0d. However, 1.0d is not the whole PGP Tools program. It is just an > addendum which implements Diffie-Hellman. Apparently pgptl10c.zip is still > needed to give you the whole of PGP Tools. Does anyone know of an FTP > site which still has pgptl10c available? Thanks - > > Hal on wimsey.bc.ca: /pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/RSA/PGP/PGPTOOLS: total 328 -rw------- 1 markh user 0 Feb 23 11:11 DO_NOT_EXPORT -r--r--r-- 1 markh user 21076 Feb 23 11:10 mgmny10e.zip -r--r--r-- 1 markh user 143871 Feb 23 11:10 pgptl10c.zip cd into /pub/crypto/software and read the README file for the current value of XXXXXXXX -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- anon ftp -- wimsey.bc.ca:/pub/crypto From markh at wimsey.bc.ca Sun Mar 6 21:53:09 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Sun, 6 Mar 94 21:53:09 PST Subject: Screen and secure sessions Message-ID: On a related note. There's a program called term which is popular in the Linux community. from the latest term version announcement: (For those that don't know: Term is a user level slip replacement. It ISN'T slip, but achieves much of the functionality. Error correction, compression, and multiplexing across a serial line are all supported, enabling X windows across a serial line and such.. } Now, term already allows compression across the line (yes it has features for dealing with lines which can't handle certain characters). You can have several sessions going, file transfers and even X clients. I believe that it wouldn't take too much work to add DH key exchange and IDEA or triple DES? (GNU GMP might be a good place to look for the multiple precision math, but there are lots of choices). Am I going to do it? Well, not this week. If anyone has time to work on this, the term source is available by anon ftp from ftp tartarus.uwa.edu.au in /pub/oreillym/term. Last time I looked term would run on many popular Unix (or Unix-like) systems. Mark -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- anon ftp -- wimsey.bc.ca:/pub/crypto From sergey at delbruck.pharm.sunysb.edu Mon Mar 7 00:41:15 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Mon, 7 Mar 94 00:41:15 PST Subject: Standard for SteGAnography In-Reply-To: <9403050859.AA13734@toad.com> Message-ID: On Sat, 5 Mar 1994, Eli Brandt wrote: > My point is, invulnerability to *what attack*? An attacker may know > the algorithm, or not; may have known plaintext; may be able to > choose plaintext; may be able to read a channel, or to garble it, or > to change it; may have limited or unlimited space and time; might be > able to factor in polynomial time -- there are a lot of parameters > here. And it makes no sense at all to say, "Well, let's just > consider the strongest possible attack." > > Eli My original response was concerning an algorithm "good enough to withstand an opponent who has full documentation of your algorithms and methods lots of funds, and everything except your keys." That opponent may, concievably, be the NSA or another person/organisation with access to similar resources. The consensus seems to point to such an opponent as being one who could mount the "strongest possible attack". It may not be practical to consider such a general danger when designing particular encryption schemes; but, it is likewise impractical to make sweeping generalizations concerning a given scheme's invulnerability. Sergey From ebrandt at jarthur.cs.hmc.edu Mon Mar 7 01:03:20 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 7 Mar 94 01:03:20 PST Subject: Standard for SteGAnography In-Reply-To: Message-ID: <9403070903.AA24454@toad.com> > My original response was concerning an algorithm "good enough to withstand > an opponent who has full documentation of your algorithms and methods lots > of funds, and everything except your keys." That's what they have; what can they *do*? As I've been trying to get across, that is not a full specification of capabilities. Enough. Eli ebrandt at hmc.edu From Lyle_Seaman at transarc.com Mon Mar 7 07:33:45 1994 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Mon, 7 Mar 94 07:33:45 PST Subject: Corporations In-Reply-To: Message-ID: Sandy Sandfort writes: > On Tue, 1 Mar 1994, David L Womack wrote: > > then, is offshore. My understanding is that > > corporate earnings are subject to the host > > country's tax, NOT U.S. tax. And, tax waivers > > are not difficult to get from these other countries. > > Yup. And a variation of this is what's called double > invoicing. It's one of the things that made Hongkong > great. Now, knowing all this, every reader of this list should be **deeply** suspicious of any official "trade deficit" figures. Lyle From mpjohnso at nyx10.cs.du.edu Mon Mar 7 08:18:35 1994 From: mpjohnso at nyx10.cs.du.edu (Michael Johnson) Date: Mon, 7 Mar 94 08:18:35 PST Subject: Where'd pgptools go? In-Reply-To: <1994Mar7.035353.15506@mnemosyne.cs.du.edu> Message-ID: <9403071616.AA17095@nyx10.cs.du.edu> Hal writes: >I notice on csn.org:/mpj there is now pgptl10d.zip, PGP Tools version >1.0d. However, 1.0d is not the whole PGP Tools program. It is just an >addendum which implements Diffie-Hellman. Apparently pgptl10c.zip is still >needed to give you the whole of PGP Tools. Does anyone know of an FTP >site which still has pgptl10c available? Thanks - OOPS -- I must have prematurely deleted something. I still have it on the Colorado Catacombs BBS (303-938-9654), and I'll put it back up on csn.org within a day or so. I thought I merged the new with the old to create the latest .zip file.... ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| From hughes at ah.com Mon Mar 7 08:42:22 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 7 Mar 94 08:42:22 PST Subject: Truly Stealthy PGP (algorithm) In-Reply-To: <199403061922.LAA26901@jobe.shell.portal.com> Message-ID: <9403071634.AA10351@ah.com> >If I understand Eric's general idea, we would keep trying session keys >under a set of rules which would lead to the desired statistical >distribution of the encrypted key. I actually said nothing about how to get the particular distribution of keys specified, since that was another issue. I was more concerned with just getting the one result across. >Here is an algorithm which would work. It does work, and I'll put down a proof sketch below. Notation alert: >Let L be the next power of 256 above the modulus n. Let t be the integer >part of L/n, so that L = n*t + s with s in [0,n). Call the PGP IDEA session >key SK, and the encrypted version of that m = SK^e. Now do these steps: >1) Pick a random SK in [0,n). This random number in [0,n) is the wrong distribution, but that's OK, since we'll be throwing some numbers away. >2) RSA-encrypt it to form m = SK^e mod n. RSA encryption is a bijection (an 1-1 map). If it were not, there would be two or more possible decryptions for a given ciphertext. Therefore RSA encryption is a permutation, and a permutation of probabilities preserves expected values of functions of the probability, such as entropy. Since we assume the entropy of the SK is maximal (probabilistic entropy), therefore the entropy of the m's is maximal. So the m's have a flat distribution. (As always, the above statements about bijection hold only if SK is multiple of one of the divisors of the modulus. But then if you do find one of those, you've also factored the modulus and thus broken the key. We assume this doesn't happen, since if it does little of this matters anyway.) >3) Choose a random k in [0,t]. >4) Calculate the "stegged" encrypted key as M = m + k*n. Hal now observes that M is uniformly distributed. This is correct, and happens because m is in [0,n) and we are adding a multiple of n to m. This means that each M has a unique represenative as some pair . Since both m and k are independently random (max entropy, flat distribution), so is M. >5) if M is not in [0,L) (i.e. if M >= L) then go back to step 1. >The idea is that once we get M uniform in [0,(t+1)*n) we can make it >uniform in [0,L) simply by rejecting those candidates which were too high. What we have here is a Markov chain. We have accepting states and rejecting/retrying states. Since the probabilities in the chain are independent of each other and are also time-invariant, the distribution of final probabilities is the same as the distribution of normalized accepting probabilities. In simple terms, you can just retry until you get it right. Since the probabilities are all the same before, they will all be the same after, only larger to account for the fact that some possibilities didn't work. [re: rejection and retry] >This will only happen if k=t and m>=s. That's right, and that means that for m < s you have valid k in [0,t+1) and for m >= s only for [0,t). If you go back an look at the entropy expression, you'll see exactly this difference in relative probability for the two parts of [0,n). >Now, it seems to me that the worst case for rejection is when n=L-1, in >which case t=1, s=1, and almost one-half of all initial SK choices will >be rejected. Right, but the worst case for rejection is not the same as the worst case for entropy loss, which occurs at n=L/2+1 and s=t-1, i.e. at the other end of the spectrum entirely. >Following Eric's reasoning, this would be an effective loss >of one bit of key length, from say 1024 to 1023, which is tolerable. Actually not. The loss of effective key length happens based on the posterior distribution of the session keys, not on the number of rejections that happen in the process. >Using this algorithm with the current Stealth PGP would produce a >"truly stealthy" version which I think would be indistinguishable from >random bytes without access to the receiver's private key. Indeed. Observe, though, that as far as deployment went, this would require modification to PGP itself for it to be anything like widespread. Eric From norm at netcom.com Mon Mar 7 08:47:55 1994 From: norm at netcom.com (Norman Hardy) Date: Mon, 7 Mar 94 08:47:55 PST Subject: Format of PGP ciphered message Message-ID: <199403071648.IAA23312@mail.netcom.com> Thanks! From conrad at merl.com Mon Mar 7 08:54:32 1994 From: conrad at merl.com (Eric Conrad) Date: Mon, 7 Mar 94 08:54:32 PST Subject: RSAREF help requested Message-ID: <9403071654.AA20575@merl.com> I need to use RSAREF to do 3 simple things: generate a keypair, encrypt a file, and decrypt a file. This is so that I can safely encrypt online information with the public key, while keeping the private key offline. PGP does what I want, but I can't use it due to legal reasons. Ripem does too much (all the mail and key management stuff), and is too complex for my purposes. I've begun writing the C code using the RSAREF libraries to do what I want, but I'd rather not recreate the wheel. Has anyone written the simple tools I described? ...Eric From cowen at glia.biostr.washington.edu Mon Mar 7 10:44:15 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Mon, 7 Mar 94 10:44:15 PST Subject: No Subject Message-ID: <9403071854.AA05340@glia.biostr.washington.edu> about joe6pack>>> though joe 6-pack might not vote, and likely won't even understand about the crypto of it all. he would understand the police listening in on his conversations with jill 6-pack. and not like it to well. i do think though that the ge that the general public should know, what the congress is getting itself into other topics before congress get aired why not this one. making it simple for simple minds, might be beyond some folks though there has been talk here about how to go about the process. which on the surface looks so easy. but the general populace of the US of A has a bit of problem with concepts at times. big bangs and lots of noise and death, that sure does catch attention, for about 20 seconds. the computer folks are going to be fighting with the gov't types til the end of time and the joe 6-packs are going to be stuck in the middle. but we need them more than we need to alienate them. they do pay taxes, some of them do vote, and some of them are the rich and famous we want to get our point across to. not every rich man knows about computers. we as a group or as individuals should at least try to let the joe 6-packs that we know in on the secrets the gov't and the FBI and the NSA are trying to hide from him. maybe that is the point of a so called free nation. and sure we might not run this country, but public outcry most times turns heads in congress. charles the monster maker From jeremy at crl.com Mon Mar 7 11:04:00 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Mon, 7 Mar 94 11:04:00 PST Subject: basic RSA info In-Reply-To: Message-ID: On Sun, 6 Mar 1994, ANGeL wrote: > I'm working on writing some simple code fora class, and I was wondering > if anyone had some information on the RSA algorithm that I could look > at. I don't know a lot about cryptology at the moment, so I'd need it in > layman's terms. > > /|NGeL of |>eATH > 21 keystrokes south of Seattle (on a clear day) > Finger me for my PGP 2.3a public key. > Have you terrorized a Republican today? > >From what I know, RSA thrives on the following formula. Every key in an RSA public key system has two parts. One part is a very very large number, and the other is a relatively small number. We will call the large number 'l' and the small number 's'. These two numbers are calculated beforehand (shown in a later equation). To encrypt plaintext (which is what we call the stuff to be encrypted) with an RSA key, you use the following formula: [ E stands for encrypted text. P stands for plaintext ] P^s E = ------ l In this example. Let's use the letter 'A' for our plaintext. Let's say we have a key with l = 85 and s = 3. (don't worry about where those numbers came from, we'll make them later). If we use the ASCII standard, the character 'A' has a value of 65. So if we plug in all the values we get: 65^3 E = -------- = 2307 and a remainder of 92 119 To decrypt, you use the private key. In this case, the private key is l = 119 s = 32 and the new equation is: 92^32 D = ------- = 6937619471... and a remainder of 65 119 So we have encrypted with one key, and decrypted with the other. Now as to how we arrived at these two key parts, I will explain. When you make an RSA key, you generate three numbers. Two of them are prime and one is just odd. We'll name these P Q and E respectively. The first part of the key is P * Q, the second part of the key is E. In the above example, P = 17 Q = 7 E = 3. So we end up with the key {119, 3}. This is the public key. To make the private key, we keep the first part the same, but we change E. The new E now equals: (P - 1)(Q - 1) E = -------------- Eo (Eo means the old value of E) So the value of E for the private key is (16 * 6) / 3 = 32. Now that I think about it. I am sure to have messed something up. Please send a flame back attacking what I foobared. Thank you. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From warlord at MIT.EDU Mon Mar 7 11:48:05 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 7 Mar 94 11:48:05 PST Subject: Format of PGP ciphered message In-Reply-To: <199403070034.QAA26077@mail.netcom.com> Message-ID: <9403071947.AA24030@toxicwaste.media.mit.edu> Currently, the only documenation is in the file PGFORMAT.TXT that is in the PGP distribution. -derek From mech at eff.org Mon Mar 7 12:12:47 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 7 Mar 94 12:12:47 PST Subject: A useful quote/stat to spread Message-ID: <199403072012.PAA00645@eff.org> "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", _TIME_, Mar. 4 1994 From mg5n+ at andrew.cmu.edu Mon Mar 7 12:37:19 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 7 Mar 94 12:37:19 PST Subject: basic RSA info In-Reply-To: Message-ID: Jeremy Cooper wrote: > Now that I think about it. I am sure to have messed something up. > Please send a flame back attacking what I foobared. Thank you. okay... overall pretty good tho. > When you make an RSA key, you generate three numbers. > Two of them are prime and one is just odd. The encryption exponent must not contain any common factors with (p-1)(q-1). This means that it is always odd, but that's not necessarily the only factor that you need to check. > P^s > E = ------ > l The remainder, not the quotient. Usually written as E = P^s mod l From eman at netcom.com Mon Mar 7 12:54:58 1994 From: eman at netcom.com (Emanuel Barros) Date: Mon, 7 Mar 94 12:54:58 PST Subject: clipper & corp. espionage Message-ID: <199403072055.MAA04077@mail.netcom.com> Hi, I'm new to the list. I was wondering if the clipper chip passed. what's stopping corrupt government people from selling access to the encryption to the highest bidders to spy on competitors communications. just curious. Emanuel(eman at netcom.com) From fhalper at pilot.njin.net Mon Mar 7 13:16:44 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Mon, 7 Mar 94 13:16:44 PST Subject: Public Key Message-ID: <9403072116.AA15856@pilot.njin.net> Kent, would you send me your key again. I have to talk to you. Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From gnu Mon Mar 7 13:23:50 1994 From: gnu (gnu) Date: Mon, 7 Mar 94 13:23:50 PST Subject: Welcome to the foia-keys announcement list; request update Message-ID: <9403072122.AA06378@toad.com> You expressed interest in my FOIA request for the Clipper key database. Here's a minor update on the request. We send all our FOIA requests by registered mail, return reciept requested. According to the Post Office, NIST received our request on 28 Feb 94. This means that their response is due ten or twenty business days after that day. Based on experience, we believe that an actual timely response is unlikely; the government doesn't feel an obligation to follow the law. However, I encourage you to call or write NIST's FOIA officer (Karl Bell, Deputy Director of Administration, NIST, Building 101, Gaithersburg, Maryland) to indicate your interest in both the content and the timeliness of his response. John Gilmore gnu at toad.com From dmandl at lehman.com Mon Mar 7 13:23:50 1994 From: dmandl at lehman.com (David Mandl) Date: Mon, 7 Mar 94 13:23:50 PST Subject: clipper & corp. espionage Message-ID: <9403072119.AA21144@disvnm2.lehman.com> > Hi, I'm new to the list. I was wondering > if the clipper chip passed. what's stopping > corrupt government people from selling access > to the encryption to the highest bidders to spy > on competitors communications. > just curious. > > Emanuel(eman at netcom.com) Nothing. --Dave. From patrickb at panix.com Mon Mar 7 14:17:22 1994 From: patrickb at panix.com (Patrick Breitenbach) Date: Mon, 7 Mar 94 14:17:22 PST Subject: Mondex card Message-ID: <199403072217.AA18242@panix2.panix.com> Recent articles on Mondex: The Economist, 1/29/94 NewsBytes, "The Cashless Card: UK Banks Introduce Mondex", 1/6/94 >From what I can tell: Mondex appears to be a rather agressive attempt at an open system for digital cash. The three major players are NatWest, Midland Bank and British Telecom. Unlike many other efforts, they are using a completely anonymous method rather than auditing all transactions. The cards are smart (IC chips embedded on a credit card sized card. I am not sure of the security specifics. They will be capable of representing 5 core currencies and many more temporarily. The "Mondex" name has been reserved in 30 countries and market research has been done in Japan, the US, Germany and France as well as the UK. They are piloting in the British town of Swindon (not sure of the size). Other interesting moves along these lines: Electronic Payment Services/MAC Network are piloting prepay Lufthansa/German Post/2 German Banks looking at multi-app card patrick breitenbach patrickb at panix.com From warlord at MIT.EDU Mon Mar 7 14:25:40 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 7 Mar 94 14:25:40 PST Subject: Screen and secure sessions In-Reply-To: Message-ID: <9403072222.AA25374@toxicwaste.media.mit.edu> I've actually spoken to the author of Term regarding adding an encryption layer to the protocol. I took a look and was trying to find an easy way to hook it in. The most difficult part would be the key exchange... The possibilities I came up with were using DH to get either a DES, 3-DES, or IDEA key, or using Charon to get a kerberos session key (DES). I think DH is a better solution... In my copious amounts of free time.... ;-) If you are interested in this project, let me know.. I'm more than happy to discuss what I've found so far, and discuss design, etc. -derek From lefty at apple.com Mon Mar 7 15:13:24 1994 From: lefty at apple.com (Lefty) Date: Mon, 7 Mar 94 15:13:24 PST Subject: clipper & corp. espionage Message-ID: <9403072312.AA00708@internal.apple.com> >Hi, I'm new to the list. I was wondering >if the clipper chip passed. what's stopping >corrupt government people from selling access >to the encryption to the highest bidders to spy >on competitors communications. > >just curious. Um, the goodwill and general trustworthiness of our elected officials and their duly-designated appointees? Just a guess, mind you. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From ub075 at freenet.victoria.bc.ca Mon Mar 7 17:42:26 1994 From: ub075 at freenet.victoria.bc.ca (Ryan A. Perkins) Date: Mon, 7 Mar 94 17:42:26 PST Subject: New Remailer Message-ID: <9403080147.AA04763@freenet.victoria.bc.ca> With a fair number of remailers down lately, I thought that I'd announce my remailer. It's been running for a long time now, and I still haven't got PGP to work. The remailer is rperkins at nyx.cs.du.edu. No logs are kept by me of this service. Aburt, the operator does not know about the remailer, but if he asks me to remove it, I will. -- Ryan Perkins - 1:340/13 | I feel that suicide jumpers see a glimpse of ub075 at freenet.victoria.bc.ca | sanity as they throw themselves from the ledge. Ask for PGP 2.3 public key | That's why they scream all the way down. 8C5357 : 9F FF BA 93 54 D5 18 78 4B 1E DA GC E3 4E From ub075 at freenet.victoria.bc.ca Mon Mar 7 17:56:17 1994 From: ub075 at freenet.victoria.bc.ca (Ryan A. Perkins) Date: Mon, 7 Mar 94 17:56:17 PST Subject: New Remailer Message-ID: <9403080201.AA06163@freenet.victoria.bc.ca> >With a fair number of remailers down lately, I thought that I'd announce >my remailer. It's been running for a long time now, and I still haven't >got PGP to work. The remailer is rperkins at nyx.cs.du.edu. Couple other things. Mail to rperkins at nyx10.cs.du.edu and rperkins at nox.cs.du.edu will work too. It supports the "##" paste header, and will strip all lines after a "." on the first column of a line. -- Ryan Perkins - 1:340/13 | I feel that suicide jumpers see a glimpse of ub075 at freenet.victoria.bc.ca | sanity as they throw themselves from the ledge. Ask for PGP 2.3 public key | That's why they scream all the way down. 8C5357 : 9F FF BA 93 54 D5 18 78 4B 1E DA GC E3 4E From mech at eff.org Mon Mar 7 18:14:58 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 7 Mar 94 18:14:58 PST Subject: Leahy to hold hearings on Clipper Chip! Message-ID: <199403080212.VAA10363@eff.org> Forwarded message: From: jberman at eff.org Jerry Berman Date: Mon, 7 Mar 1994 19:09:22 -0500 Subject: Leahy to hold hearings on Clipper Chip! Dear Friends on the Electronic Frontier: I have some good news to share with you. Senator Leahy just sent me a letter indicating that he *will* be scheduling hearings on the Administration's Clipper Chip proposal. I would like to thank all of you who sent us messages to forward to him urging hearings. I'm sure that stack of messages we printed out made a significant impact on the Senator -- the stack was over seven inches tall! (We look forward to the day when no trees will have to be sacrificed in the furtherance of democracy!) And if you haven't written a message to Rep. Cantwell yet about her proposed amendment to the Export Control Act, please do so and forward it to cantwell at eff.org. This is an address we set up to enable us to collect messages in support of her bill. We have been printing out messages and delivering them each week -- so far we've received over 4500 letters of support. For more information on the Cantwell bill, send a message to cantwell-info at eff.org. Thanks again. We'll let you know as soon as the Clipper hearing gets scheduled. Sincerely, Jerry Berman EFF Executive Director -.-.-.-.-.-.-. forward from Sen. Leahy -.-.-.-.-.-.-.-.-.-. United States Senate Committee on the Judiciary Washington, DC 20510 March 1, 1994 Mr. Jerry Berman Executive Director Electronic Frontier Foundation 1001 G Street, Suite 950 East Washington, DC 20001 Dear Jerry, Thank you for forwarding to me the many thoughtful and informative messages you received over the Internet regarding the Administration's recent approval of an escrowed encryption standard, known as the Clipper Chip. Many of the messages urge Congress to hold hearings to review the Administration's Clipper Chip standard. In fact, I intend to hold a hearing before the Judiciary Subcommittee on Technology and the Law, which I chair, to consider the important issues raised by the Clipper Chip. I will let you know when a date for the hearing is scheduled. Thank you again. Sincerely, /s/ PATRICK J. LEAHY United States Senator PJL/jud -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. JOIN EFF!! ========== EFF's work as a civil liberties organization in Washington has been very successful, but the realization of our goals of freedom and privacy online can only come with the active and vocal participation of the entire online community. Now that you have personally experienced both the threat of the loss of your privacy and the power having won the first battle, won't you take that next step and become a member of EFF? By joining EFF, you will help us to expand our reach to educate and involve an even greater number of people in the shaping of these critical issues. Your tax-deductible donation will tie you into the EFF information network and support our public policy and legal work. As a member, you will be guaranteed timely the timely information and mechanism you need to respond on these issues. Our voices in unity *do* make a difference. -------- 8< ------- cut here ------- 8< -------- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION ================================================ Print out in monospaced (non-proportional) font and mail to: Membership Coordinator Electronic Frontier Foundation 1001 G Street, NW, Suite 950 East, Washington, DC 20001 SIGN ME UP! ----------- I wish to become a member of the Electronic Frontier Foundation. I enclose: ___ Regular membership -- $40 ___ Student membership -- $20 * Special Contribution I wish to make an additional tax-deductible donation in the amount of $__________ to further support the activities of EFF and to broaden participation in the organization. PAYMENT METHOD: --------------- ___ Enclosed is a check or money order payable to the Electronic Frontier Foundation. ___ Please charge my: ___ MasterCard ___ Visa ___ American Express Card Number: _____________________________________________ Expiration Date: _________________________________________ Signature: _______________________________________________ NOTE: We do not recommend sending credit card information via email! YOUR CONTACT INFORMATION: ------------------------- Name: __________________________________________________________ Organization: __________________________________________________ Address: _______________________________________________________ _______________________________________________________ Phone: _____________________ FAX: _____________________ BBS: _____________________ BBS Name: ____________________ E-mail addresses: ______________________________________________ ______________________________________________ PREFERRED CONTACT ___ Electronic: Please contact me via the Internet address listed above. I would like to receive the following at that address: ___ EFFector Online - EFF's biweekly electronic newsletter (back issues available from ftp.eff.org, pub/EFF/Newsletters/EFFector). ___ Online Bulletins - bulletins on key developments affecting online communications. NOTE: Traffic may be high. You may wish to browse these publications in the Usenet newsgroup comp.org.eff.news (also available in FidoNet, as EFF-NEWS). ___ Paper: Please contact EFF through the US Mail at the street address listed above. NOTE: Paper documents available upon request. "Networks & Policy" Newsletter automatically sent via US Mail. PRIVACY POLICY -------------- EFF occasionally shares our mailing list with other organizations promoting similar goals. However, we respect an individual's right to privacy and will not distribute your name without explicit permission. ___ I grant permission for the EFF to distribute my name and contact information to organizations sharing similar goals. [This form from eff.org 3/7/94 Cantwell--please leave this line on the form!] The Electronic Frontier Foundation is a nonprofit, 501(c)(3) organization supported by contributions from individual members, corporations and private foundations. Donations are tax-deductible. From jef at ee.lbl.gov Mon Mar 7 19:38:20 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Mon, 7 Mar 94 19:38:20 PST Subject: random number generator for pnmstega - comments? Message-ID: <9403080338.AA24987@hot.ee.lbl.gov> I combined the "minimal" generator from PGP with another one. The key length is still 31 bits. The way I figure it, that's enough to deter exhaustive search by most entities, but it's not so much that there will be export problems. As long as I put strong cautions in the doc about relying on this RNG as your primary cipher, and as long as it seems likely to be secure against cryptanalysis, I think this is a good compromise. The minimal generator by itself is known to be insecure. By using it as input to a shift register, I think enough complexity is added that it becomes an unknown again. Comments are welcome. --- Jef /* libpbm6.c - pbm utility library part 6 ** ** Simple, portable, reasonably robust random number generator. ** ** Copyright (C) 1994 by Jef Poskanzer. ** ** Permission to use, copy, modify, and distribute this software and its ** documentation for any purpose and without fee is hereby granted, provided ** that the above copyright notice appear in all copies and that both that ** copyright notice and this permission notice appear in supporting ** documentation. This software is provided "as is" without express or ** implied warranty. */ #include "pbm.h" /* This is a combination of a linear congruential generator and a feedback ** shift register. Values from the LCG are used to keep a circular buffer ** filled; results are produced by xoring three values from the table. ** The modulus of the LCG must be a power of two for this to produce ** equidistributed results. This LCG actually uses a modulus that's ** a power of two minus one, but that's close enough. ** ** DO NOT MODIFY, IMPROVE, EXPAND, ENHANCE, OR IN ANY WAY CHANGE this ** generator. It is used for cryptographic storage of data - if the ** sequence is changed, the data will become unrecoverable. ** ** The linear congruential generator is: ** Minimal Standard Pseudo-Random Number Generator ** Author: Fuat C. Baran, Columbia University, 1988 ** Based on code in "Random Number Generators: Good Ones are Hard to Find", ** by Stephen K. Park and Keith W. Miller in Communications of the ACM, ** 31, 10 (Oct. 1988) pp. 1192-1201. ** ** The feedback shift register is similar to the one described in "Algorithms", ** Robert Sedgewick, 1983, page 38. */ #define A 16807L #define M 2147483647L /* Mersenne prime 2^31 -1 */ #define Q 127773L /* M div A (M / A) */ #define R 2836L /* M mod A (M % A) */ static long value = 1; #define TABLESIZE 55 #define TAP1 0 #define TAP2 23 #define TAP3 (TABLESIZE-1) static long table[TABLESIZE]; static int offset; static long lcg() { long hi, lo; hi = value / Q; lo = value % Q; value = A * lo - R * hi; if ( value <= 0 ) value += M; return value; } void pm_srandom( seed ) long seed; { if ( seed == 0 ) /* Zero doesn't work in this RNG anyway, so we use it as a flag. */ value = time( 0 ) ^ getpid(); else value = seed; for ( offset = 0; offset < TABLESIZE; ++offset ) table[offset] = lcg(); } long pm_random() { offset = ( offset + 1 ) % TABLESIZE; table[offset] = lcg(); return table[offset] ^ /* TAP1 is zero, optimize */ table[( offset + TAP2 ) % TABLESIZE] ^ table[( offset + TAP3 ) % TABLESIZE]; } From catalyst-remailer at netcom.com Tue Mar 8 08:44:51 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Tue, 8 Mar 94 08:44:51 PST Subject: Decoding the Electronic Future Message-ID: <199403081645.IAA06909@mail.netcom.com> US News & World Report Copyright, 1994, U.S. News & World Report All rights reserved. U.S.NEWS & WORLD REPORT, MARCH 14, 1994 DECODING THE ELECTRONIC FUTURE By Vic Sussman WILL ENCRYPTION SECURE OR DENY PRIVACY RIGHTS? Would you hand over a spare set of house keys to your local police to help them fight crime, trusting that they would never enter your home without good reason? According to opponents of the so-called Clipper chip, a powerful new telecommunications encoding device, that is an apt metaphor for what the White House, the FBI and the supersecret National Security Agency are asking of a gullible American public. Clipper backers insist the innovation will not only help in an increasingly desperate fight against crime but actually give Americans more privacy than ever. The Clipper controversy--which has sparked frenzied debate and angry protests in recent weeks--swirls around a small sliver of silicon that can be built into telephones. Ordinary phones can be tapped with anything from cheap scanners to quaint-tech alligator clips. But Clipper phones use encryption technology to scramble voice, fax, electronic mail and other data transmissions into digital gibberish. Only other Clipper phones can unscramble the information, which makes the Clipper an untappable system. Well, almost. A phone that can't be tapped is every cop's nightmare, because anyone from drug traffickers to terrorists would be able to scheme and plot with impunity. So under a plan hatched by the NSA and backed by the White House, government agents would be able to unscramble Clipper's secret code by using two mathematical keys. To guard against abuse, the keys would be held by two government agencies. Authorities would first have to get a warrant--standard wiretap procedure--before obtaining the decoders. Key escrow, as it's called, may sound good on paper, but critics maintain it will be both invasive and ineffectual. In addition, Democratic Sen. Patrick Leahy of Vermont maintains that Clipper is a ``misstep in export policy.'' U.S. companies would have a tough time selling compromised telecommunications products overseas and consequently would have to manufacture both domestic and foreign versions, an expensive proposition. IBM, Apple, Microsoft and the Software Publishers Association, among many others, oppose Clipper. Leahy's Technology and the Law Subcommittee is planning March hearings on these issues. HISTORY'S SHADOW. Critics are also doubtful that Clipper's decoding keys will be sufficient to deter government recklessness, pointing to past abuses by the FBI, NSA and CIA. But Georgetown University computer scientist Dorothy Denning contends that much more stringent controls against illegal eavesdropping exist today. ``The greater danger,'' she insists, ``is losing the ability to wiretap, giving organized crime and terrorism the advantage.'' Law enforcement authorities also say they are looking for no more authority than they already have--to make lawful requests to have the telecommunications industry cooperate in crime prevention. But Marc Rotenberg, Washington director of Computer Professionals for Social Responsibility, a public-interest group that has collected more than 50,000 signatures on an anti-Clipper petition, doesn't buy that argument. In fact, he says, the government has admitted the system could be easily breached by the NSA, which wouldn't need a warrant if it made its demand under the rubric of national security. Many valid concerns about Clipper, says Rotenberg, ``are similarly dismissed with the claim of national security, a dangerous way to design our civilian communications infrastructure.'' The Clipper chip has been proposed as a voluntary standard. But once the Internal Revenue Service, the Pentagon and other agencies order tens of thousands of Clipper phones, it will be impossible to do government business using any other equipment. Indeed, the biggest fear raised by Clipper is that it is the digital camel's nose under the electronic tent. Another White House proposal, for instance, would require that all future telecommunications systems--everything from phones to online services--be ``wiretap friendly,'' says Jerry Berman, executive director of the Electronic Frontier Foundation. Even the most vociferous Clipper opponents concede a legitimate need for electronic surveillance, but many would like to see Congress rather than agencies like the NSA determine the proper balance of government needs and individual rights. Cliff Stoll, whose book THE CUCKOO'S EGG focused attention on computer espionage, thinks the Clipper controversy is overblown by both sides. In fact, he contends, the typical telephone or computer user doesn't need any encryption more powerful than pig Latin. Erhaps-pay. From sdw at meaddata.com Tue Mar 8 09:10:46 1994 From: sdw at meaddata.com (Stephen Williams) Date: Tue, 8 Mar 94 09:10:46 PST Subject: stego In-Reply-To: <940305234908_73211.3713_DHI59-2@CompuServe.COM> Message-ID: <9403081711.AA24995@jungle.meaddata.com> It just came to mind about a funny stego (usage) thread in an in-company newsgroup at a company I was contracting at. They were 'downsizing' and planning on laying off a fairly large percentage of people. There was a discussion obliquely related in one of the local talk groups. The seemingly related messages all furthered the point in a diplomatic way, except the first letter of each line spelled a more direct statement. (JERKS, SUCKS, ...) It was pretty funny, especially when people responded to the ostensible message and then later found out about the stego one. One person started it and those that noticed followed up likewise. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net sdw at meaddata.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together From shipley at merde.dis.org Tue Mar 8 10:04:51 1994 From: shipley at merde.dis.org (Evil Pete) Date: Tue, 8 Mar 94 10:04:51 PST Subject: (forward message on privacy) Message-ID: <9403081804.AA24829@merde.dis.org> ------- Forwarded Message Date: Sun, 6 Mar 1994 21:04:02 -0800 From: lile at netcom.com (Lile Elam) Message-Id: <199403070504.VAA22694 at mail.netcom.com> To: kw-comm at remarque.berkeley.edu Subject: chips... Today I ran into a situation that made me completely nausiated and feel like my privacy had been completely invaded... It involves a chip which is implanted in animals and used for identification... Prehaps I over-reacted but my gut tells me that I haven't. That's what makes me still feel nausiated when I think about it. So I thought I would see what you thought about it. My housemate and I are looking to get some cats for our house. We decided to go to the Peninsula Humane Society (in the south San Francisco area) and see about adopting them from there as this is where lost or stray animals are kept and if unclaimed after a month, are put to sleep. I fell in-love with a beautiful black simi-long hair cat named "Hawk", a five year old male with yellow eyes. We got along really well (I am a cat person by nature) and I decided to adopt him. He is very gental and loving which seems so strange for such a big male cat. I kept calling him "she" :). So, I went to the front desk and spoke with the Animal Coordinator/Advisor. Everything was going great and they were impressed that my dad's a veterinarian. Said it sounded like we could provide Hawk with a wonderful home. Then the woman said, "All we have to do is implant a microchip in the animal and you'll be set". Well, I turned pale and said, "What's this chip and why is it needed?" I was told that it was used to identify the animal in case it became lost. A identifaction number is stored on this microchip and can be used to find the pet's owner and home. Well, I said I didn't want a chip in this cat and that it was a violation of privacy. There was a woman standing next to me, awaiting getting her pet, and she turned to me and said, "I don't see what the problem is?" I responded, "Well, if their doing this to animals, how soon will it be before they implant the same sort of thing in us?" She said, "Oh, I hadn't thought about it like that." and became quiet. I told the attendant that I was strongly opposed to this chip implant and couldn't accept the cat with it. So she is going to check with her boss tomorrow to see if I can get the cat without the chip. She said she understood my concerns about big brother and that a few people have had similar reactions. I'll send you an update tomorrow and let you know if I can get the cat without the chip... I was really upset about this. My housemate asked me why and I said, "It's too close. Don't forget that we are animals too! We can't really talk til we're 2 so I could see this I.D. microchip being used in human babies. And what about people who might suffer from memory loss? A reason to use a chip in adults would be to "identify" you if you forgot who you were or if you were not using your born identity. The possiblities are endless!" And with the NII coming, well it's as bad as the clipper chip, if not worse! So, am I totally over-reacting? I really do feel like this chip is wrong and don't know what to do... Below is the brocure contents about the C.H.I.P. program. How do you feel about it? thanks, - -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C. H. I. P. Campaign to Help Identify Pets Peninsula Humane Society 12 Airport Blvd. San Mateo, CA 94401 Seventy percent of missing animals never come home because they have no permanent I.D. or their owners don't know how to find them. Here at PHS, only 3% of the stray cats and 57% of the stray dogs brought to the shelter ever return to their family. Because you care about your animals, your home is as secure as possible. But thefts, accidents and natural desasters such as fires and earthquakes, do happen - even to caring and responsible pet owners like you. Despite your best efforts, your animal could get loose and become lost. That's why your newly adopted friend has become part of our new Campaign to Help Identify Pets (CHIP). PHS is working in conjunction with InfoPet, maker of computerized identification microchips, to expand our lost and found services. With the new microchip implant program, we hope to reunite as many animals as possible with their families. High-Tech Identification: - ------------------------- When you adopted your animal, a tiny microchip implant, no larger than a grain of rice, was implanted under his/her skin. There was no additional cost for this implant, and the procedure was easy and required no anesthetic. It was as simple as a routine vaccination. The microchip contains a unique I.D. number which can be activated by a special hand-held scanning device (much like bar codes in grocery stores). In the future, if your animal becomes lost and is brought to the shelter or a local participating veterinary hospital, his/her unique I.D. number will be read by the scanner. This number can then be traced through a computer database that stores vital information such as your name, address and phone number. If your animal was adopted from PHS, his/her records will be kept on a computer at our shelter, and InfoPet's national registry, will list the PHS Adoptee" and our phone number next to his I.D. number. When other, non-PHS aniamls are "chipped" by a private veterinarian, their records go on file directly with th InfoPet national computer registry. InfoPet National Registry: - -------------------------- Although your adopted pet is automatically registered with PHS, for an additional fee of $30 you can also register your animal directly with the InfoPet national registry. (To do so, use the InfoPet form that was given to you at the time you brought your animal home from the shelter.) The InfoPet database is accessable 24 hours a day and can be reached by calling toll free 1-800-INFOPET. If you choose to register directly with InfoPet, they will replace the PHS Adoptee listing with your animal's record which includes your name, address, phone number, and other facts that will be helpful to someone trying to reunite you with your pet. Regardless of where you are registered, however, keep in mind that the registries are only helpful if they are kept up to date with current information. If you move or change your phone number, be sure to notify PHS and/or InfoPet right away. Licensing and Microchip Identification: - --------------------------------------- The microchip does not replace the need to license your animal with the San Mateo County Animal Services Division. By law, every dog and cat must be licensed and have proof of rabies vaccination. In addition, under the current ordinance in the unincorporated areas of San Mateo County, dogs and cats must be spayed or neutered unless the owner possesses a breeding or unaltered animal permit. You have 60 days to licenses your animals(s). A current tag should be worn by both dogs and cats at all times. However, the microchip implant is an acceptable alternative to waaring a tag for cats only. Dogs are encuraged to have the implant in the event their collar is broken or lost. Commonly Asked Questions: - ------------------------- Q) How is the chip implanted? Is it painful? A) Done with a specialized sterile needle containing the chip, the injection is simple and requires no anesthetic. The procedure takes seconds and causes no more discomfort than a routine injection. Q) Is the chip large? Will it bulge under the skin? A) The microchip is 11 mm in length or the size of a grain of rice. Once implanted it is invisible from the skin's surface. Q) Will the chip move around in my animals body? A) No, it is injected under the skin. The body naturally forms a wall around the chip and keeps it secure. Q) Will the implant mictrochip cause any medical problems? A) No, it is made of bio-comptible glass which is naturally accepted by the tissue of your animal. Q) Why should I microchip my animal when he already has a license or never goes outside? A) For extra protection. Animals can accidently escape the confines of your home or lose their collars in a variety of situations. Q) Can the I.D. number be changed? A) No, it is unalterable and provides permanent identification. Q) Can the information be accidently erased or deactivated in any way? A) The microchips have a lifespan of approximately 20 years. To date, no chip has gone inactive. Q) Can other companion animals get the microchip implant? A) Right now PHS will only implant adopted cats and dogs. Howerver, microchips have been implanted in other animals. Contact InfoPet or your local veterinarian for more information. Q) Are all microchips the same? Can the InfoPet chip be read by other company scanners? A) No, unfortunately there are several different companies currently producing microchips and scanning devices. At this time, most of the chips can only be read by the scanning devices produced by the sanme ccompany. It is our hope that a common scanning device will be available in the future. In the meantime, PHS will check each animal brought to the shelter first for the InfoPet chip (the chip being used throughout San Mateo County) and then for the other chip that is being used in a few other communities in the bay area. Q) What happens if I move out of the area? A) Notify InfoNet's computer bank (Tool-Free: 1-800-INFOPET), then contact your new veterinarian, aniaml shelter or humane society in your new location to find out if they have the InfoPet microchip scanning program available. For More Information, Please call: (415) 340-7022, ext.320 ------- End of Forwarded Message From rcain at netcom.com Tue Mar 8 10:08:38 1994 From: rcain at netcom.com (Robert Cain) Date: Tue, 8 Mar 94 10:08:38 PST Subject: Wrong permissions for screen.man Message-ID: <199403081809.KAA05938@netcom9.netcom.com> -- Bob Cain rcain at netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------ From sergey at delbruck.pharm.sunysb.edu Tue Mar 8 10:58:36 1994 From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber) Date: Tue, 8 Mar 94 10:58:36 PST Subject: more steganography talk In-Reply-To: <199403051330.AA13596@access2.digex.net> Message-ID: On Sat, 5 Mar 1994, Peter Wayner wrote: > Sorry to be so distracted. This is a very interesting topic for > me, but I've been bogged down with more prosaic topics. I think > the Mimic FUnction implementation that I did is a very general > standard for steganography. On the current level, it just deals > with text, but you can make it do bits by just using the alphabet > of just plain {0,1}. > > Here are the important points about it: > > 1) If the grammars are made complex enough, they can simulate > anything you can compute with a computer. I.e. You can encode > data in a Turing-complete way. I find it fascinating how complimentary cryptography and AI are! > is done by translating RSA encryption into > a context-free grammar. I wonder if anyone has actually gone to all the trouble of developing some kind of binary CFG? It should be easier to design than an equally effective human-language Turing-complete CFG. > that there could be many practical "incomplete" attacks > that worked in general cases. What kinds of "incomplete" attacks could possibly work against Mimic functions implementing Turing-complete CFGs? > 4) It is still unclear how to generate RSA-level strength > with Mimic Functions. Can't you simply use a Turing-complete CFG, and meta-CFG? Do such things exist on computer media? > Understanding what makes grammars hard and easy to grok is a > hard question. Why not just ask an AI? :) > 6) The process is slightly difficult to implement, but I've > got two running versions (as I've mentioned before on the > list). One in C and the other in Pascal. Do you know if anyone has ported either of those over to anything other than the Mac? Good to have you join the discussion, BTW... Sergey From cort at ecn.purdue.edu Tue Mar 8 11:11:10 1994 From: cort at ecn.purdue.edu (Cortland D. Starrett) Date: Tue, 8 Mar 94 11:11:10 PST Subject: keeping secrets from myself Message-ID: Here is a practical problem that has me frustrated.... Situation: Assume that I am the treasurer at my local church. This implies responsibility to record each Sunday's offering (the money collected) in the church financial books. An account is maintained for each member of the church. Money received from members each Sunday is credited to their respective accounts. Each January, a report is prepared for each parishioner showing a summary of the charitable contributions for the previous year. This information is used for tax purposes. Currently, the treasurer knows EVERYTHING about EVERYONE (regarding charitable giving). As a privacy advocate, this is indeed uncomfortable (for giver and treasurer). Problem: I want to know as little as possible about church member giving. Give and Take: It will be difficult/impossible to prevent the treasurer from seeing each weeks' checks. However, a privacy improvement may be achieved if the running totals are kept hidden. How can I provide a comprehensive year-end statement to each parishioner while maintaining maximum privacy? Does cryptography have anything to offer to this situation? What procedures/protocols could be implemented? What privacy enhancements could be included with the church accounting software? Cort. From hughes at ah.com Tue Mar 8 11:28:31 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 8 Mar 94 11:28:31 PST Subject: ANNOUNCE: Cypherpunks meeting March 12 Message-ID: <9403081911.AA13066@ah.com> ANNOUNCEMENT ============ Monthly Cypherpunks Meeting Saturday, 12 March 1994 MBONE: 12:00 noon PST - 3:00 p.m. PST Bay Area physical: 12:00 noon PST - 6:00 p.m. Cygnus Support Offices, Mt. View, CA Theme for March: Politics, Strategy, and Action The time has come to go on the offensive. We have labored too long in reaction to the government attempts to restrict cryptography. This meeting will be a planning meeting for real-life strategies in the political arena. -- The Free Communication Amendment to the Constitution of the United States Section 1. Free, private, and secure speech being necessary to the stability of a free state, the right of the people to possess, to import into or to export from the United States and all territory subject to its jurisdiction, to manufacture, to buy, to sell, and to use communications and cryptography devices shall not be denied, abridged, or infringed by the United States or by any of the states. Section 2. Anonymous listening and anonymous speech being necessary for the free expression of unpopular beliefs and opinions, the right not to identify oneself and the right to use a pseudonym to identify oneself, to listen and to speak, for both public and private speech, shall not be denied, abridged, or infringed by the United States or by any of the states. -- Anti-Clipper legislation -- Senate hearings on Clipper -- HR 3627, removal on civilian encryption equipment from the ITAR -- Positioning of cryptography in the marketplace of ideas Jim Warren, the miracle man behind the passage of California AB 1624, which mandated public access to legislation data which were already computerized, will be speaking at Mt. View. About the MBONE. We have considered a real-time audio conference via the MBONE. Interest has been expressed from the following places: Boston, Washington, D.C., Boulder, Austin, New York, Cleveland, San Diego, Seattle, Finland, Germany Unfortunately, it is unclear whether Cygnus Support, where the SF Bay Area cypherpunks meet, will be ready for the MBONE by this Saturday. Nevertheless, with enough other sites participating, there will be an MBONE conference at this time regardless of whether the Mt. View site is able to participate. There will have to be some spontaneous symmetry breaking for running that channel should Mt. View be unable to join. It may be possible for Mt. View to participate by making a direct connection to an MBONE site and have an audio mix happen there. This has yet to be tested. Specific announcements with addresses and directions for each of the MBONE sites will follow. This one should be good. Eric ------------------------------------------------------- [Directions to Cygnus provided by John Gilmore. -- EH] Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From karn at qualcomm.com Tue Mar 8 11:36:49 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 8 Mar 94 11:36:49 PST Subject: Response to CJ request for Applied Cryptography Message-ID: <199403081935.LAA04889@servo.qualcomm.com> United States Department of State Bureau of Politico-Military Affairs Office of Defense Trade Controls Washington, DC 20522-0602 MAR 2 1994 [stamped] In reply refer to ODTC Case CJ 038-94 YOUR LETTER DATED: February 12, 1994 REQUEST FOR COMMODITY JURISDICTION DETERMINATION FOR: "Applied Cryptography" Cryptographic Book by Bruce Schneier Your commodity jurisdiction (CJ) request was referred to the Departments of Commerce and Defense for their review and recommendations. As a result, the Department of State has determined that the referenced commodity is not subject to the licensing jurisdiction of the Department of State since the item is in the public domain. However, this ruling covers only the subject book and not the two source code disks that the book references and that are available from the author. Should you require further assistance on this matter, please contact Maj. Gary Oncale at (703) 875-5655. Sincerely, [signed] William B. Robinson Director Office of Defense Trade Controls Phil Karn 7431 Teasdale Avenue San Diego, CA 92122 From cme at sw.stratus.com Tue Mar 8 14:19:49 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Tue, 8 Mar 94 14:19:49 PST Subject: Standard for Stenography? Message-ID: <199403082219.RAA10365@galt.sw.stratus.com> Bill Stewart wrote: >Carl Ellison's "tran" program takes an interesting approach for data >scrambling - it takes a simple checksum of the first N bytes of the data, >which is order-invariant (I think it was a byte-wise XOR?) >and uses it as a random-number seed for scrambling blocks of data; >it's easy to reverse because the checksum is the same after scrambling. The old tran used the sum of the bytes. The new tran uses the histogram of the bytes (of the first block -- 8KB or the whole message). This carries more information. That seeds a PRNG (currently subtract-with-borrow, but it could be made stronger -- e.g., with DES or IDEA encrypting the output before use) which then drives a pairwise byte swap over each 8KB block of the stream. This is a self-inverse. I can send code to anyone interested. It's also on ripem.msu.edu. - Carl From jim at bilbo.suite.com Tue Mar 8 16:02:00 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 8 Mar 94 16:02:00 PST Subject: INFOPET Message-ID: <9403082356.AA04709@bilbo.suite.com> I just called 1-800-INFOPET and sure enough, INFOPET is for real. The guy who answered the phone was quite proud of their efforts, claiming to have over a million people (yes, he used the word "people") in their database (people == pet owners, veterinarians, animal shelters). Jim_Miller at suite.com From phantom at u.washington.edu Tue Mar 8 16:11:43 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Tue, 8 Mar 94 16:11:43 PST Subject: intricacies of cpunks link-up? Message-ID: I've mailed eric on this, but no response yet and our time is running out. If seattle was to get a group meeting set up for saturday and we wanted to link up with the bay area meeting, what _exactly_ should I be asking for? MBONE connections? (is this video, btw, or just an audio link?) I was hoping to get this set up, but.. we'll see. answers appreciated. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From mech at eff.org Tue Mar 8 17:08:07 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 8 Mar 94 17:08:07 PST Subject: EFF's Barlow v. Denning on Clipper - AOL March 10, 9PM EST LIVE Message-ID: <199403090107.UAA08118@eff.org> CLIPPER CHIP DEBATE Thursday, March 10, 9 pm eastern Dorothy Denning, cryptologist and chair of the computer science department at Georgetown University, will debate John Perry Barlow, cognitive dissident and co-founder of the Electronic Frontier Foundation, in the TIME Odeon on America Online this Thursday at 9 pm. Philip Elmer-DeWitt, TIME senior writer, and Robert Pondiscio, TIME public affairs director, will moderate. The floor will be open to questions from the audience. You need an America Online account to participate. Call America Online at 703-448-8700 to subscribe. Philip Elmer-DeWitt ped at panix.com ped at well.com TIME Magazine philiped at aol.com Read TIME on America Online, where we get paid to take abuse. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From wcs at anchor.ho.att.com Tue Mar 8 17:58:26 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 8 Mar 94 17:58:26 PST Subject: Church Accounting - keeping secrets from myself Message-ID: <9403090051.AA26529@anchor.ho.att.com> Cortland Starrett (cort at ecn.purdue.edu) asked a question about how a church treasurer could keep track of running totals of donations from parishioners without being blatantly reminded of what they are except at tax time. Secrecy doesn't have to be real high, since the treasurer does see each check as it comes in, and could keep track separately. One technique that could be adapted is to add a large random number to each person's initial balance, and then subtract that at the end of the year to get the total for tax purposes. Pick a bunch of numbers, say between 100K and 900K save them in a file, and give everyone a copy of their number. Also add up the total of the random numbers so that you can get the whole spreadsheet to balance. Then everybody's running total can be visible without it conveying any useful information except to people who want to track changes from week to week, since you can't tell if $654321 means you gave $1 (with a random number of 654320) or $554321. The total number shouldn't cause overflow problems for 32-bit integers unless you've got more than 3-4000 people. For convenience, you may want to derive the random number from a hash of the person's name, in case they or use lose records. Not letting the left hand know what the right hand is doing..... Bill P.S. Of course, this is just another example of how taxation negatively affects people's lives - if you weren't paying income taxes, you wouldn't need to keep track of deductions to charities, and you could just pay in cash. From jpp at markv.com Tue Mar 8 18:12:43 1994 From: jpp at markv.com (jpp at markv.com) Date: Tue, 8 Mar 94 18:12:43 PST Subject: INFOPET In-Reply-To: <9403082356.AA04709@bilbo.suite.com> Message-ID: <9403081811.aa29443@hermix.markv.com> If you had a 'breed' pet (like a dog, or cat with papers, or an exotic bird) and paid in the thousands of dollars, you would view this device as a way to discorage thieves. Think of it as the Lojack of pets. But I certainly don't advocate puting them in people... And *I* don't have one... I think... The size of a grain of rice... Hmmm... I wonder what exactly is in those 'inventory controll' poles beside the doors at shops... I supose I'd better stay away from the free vacinaiton programs offered by the government in the future... I wonder if the CIA/FBI/NSA had these things back in the swine flu days... Man that shot hurt... Oh dear this is truely an evil line of thought... j(...1984 is fiction, 1984 is fiction, 1984 is fiction...)' -- O I am Jay Prime Positive jpp at markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org From nobody at jarthur.cs.hmc.edu Tue Mar 8 18:17:36 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Tue, 8 Mar 94 18:17:36 PST Subject: Decoding the Electronic Future Message-ID: <9403090217.AA28982@toad.com> US News & World Report Copyright, 1994, U.S. News & World Report All rights reserved. U.S.NEWS & WORLD REPORT, MARCH 14, 1994 DECODING THE ELECTRONIC FUTURE By Vic Sussman WILL ENCRYPTION SECURE OR DENY PRIVACY RIGHTS? Would you hand over a spare set of house keys to your local police to help them fight crime, trusting that they would never enter your home without good reason? According to opponents of the so-called Clipper chip, a powerful new telecommunications encoding device, that is an apt metaphor for what the White House, the FBI and the supersecret National Security Agency are asking of a gullible American public. Clipper backers insist the innovation will not only help in an increasingly desperate fight against crime but actually give Americans more privacy than ever. The Clipper controversy--which has sparked frenzied debate and angry protests in recent weeks--swirls around a small sliver of silicon that can be built into telephones. Ordinary phones can be tapped with anything from cheap scanners to quaint-tech alligator clips. But Clipper phones use encryption technology to scramble voice, fax, electronic mail and other data transmissions into digital gibberish. Only other Clipper phones can unscramble the information, which makes the Clipper an untappable system. Well, almost. A phone that can't be tapped is every cop's nightmare, because anyone from drug traffickers to terrorists would be able to scheme and plot with impunity. So under a plan hatched by the NSA and backed by the White House, government agents would be able to unscramble Clipper's secret code by using two mathematical keys. To guard against abuse, the keys would be held by two government agencies. Authorities would first have to get a warrant--standard wiretap procedure--before obtaining the decoders. Key escrow, as it's called, may sound good on paper, but critics maintain it will be both invasive and ineffectual. In addition, Democratic Sen. Patrick Leahy of Vermont maintains that Clipper is a ``misstep in export policy.'' U.S. companies would have a tough time selling compromised telecommunications products overseas and consequently would have to manufacture both domestic and foreign versions, an expensive proposition. IBM, Apple, Microsoft and the Software Publishers Association, among many others, oppose Clipper. Leahy's Technology and the Law Subcommittee is planning March hearings on these issues. HISTORY'S SHADOW. Critics are also doubtful that Clipper's decoding keys will be sufficient to deter government recklessness, pointing to past abuses by the FBI, NSA and CIA. But Georgetown University computer scientist Dorothy Denning contends that much more stringent controls against illegal eavesdropping exist today. ``The greater danger,'' she insists, ``is losing the ability to wiretap, giving organized crime and terrorism the advantage.'' Law enforcement authorities also say they are looking for no more authority than they already have--to make lawful requests to have the telecommunications industry cooperate in crime prevention. But Marc Rotenberg, Washington director of Computer Professionals for Social Responsibility, a public-interest group that has collected more than 50,000 signatures on an anti-Clipper petition, doesn't buy that argument. In fact, he says, the government has admitted the system could be easily breached by the NSA, which wouldn't need a warrant if it made its demand under the rubric of national security. Many valid concerns about Clipper, says Rotenberg, ``are similarly dismissed with the claim of national security, a dangerous way to design our civilian communications infrastructure.'' The Clipper chip has been proposed as a voluntary standard. But once the Internal Revenue Service, the Pentagon and other agencies order tens of thousands of Clipper phones, it will be impossible to do government business using any other equipment. Indeed, the biggest fear raised by Clipper is that it is the digital camel's nose under the electronic tent. Another White House proposal, for instance, would require that all future telecommunications systems--everything from phones to online services--be ``wiretap friendly,'' says Jerry Berman, executive director of the Electronic Frontier Foundation. Even the most vociferous Clipper opponents concede a legitimate need for electronic surveillance, but many would like to see Congress rather than agencies like the NSA determine the proper balance of government needs and individual rights. Cliff Stoll, whose book THE CUCKOO'S EGG focused attention on computer espionage, thinks the Clipper controversy is overblown by both sides. In fact, he contends, the typical telephone or computer user doesn't need any encryption more powerful than pig Latin. Erhaps-pay. From tomj Tue Mar 8 18:49:15 1994 From: tomj (Tom Jennings) Date: Tue, 8 Mar 1994 18:49:15 -0800 (PST) Subject: (forward message on privacy) (fwd) In-Reply-To: <9403090221.AA01084@wps.com> from "Flesh" at Mar 8, 94 06:21:38 pm Message-ID: <9403090249.AA01170@wps.com> > Today I ran into a situation that made me completely nausiated and feel like > my privacy had been completely invaded... It involves a chip which is > implanted in animals and used for identification... Humans are worth more money, and genotyping will do the same thing, for cheaper, and with little outcry. Implanted chips means at least a doctors visit for every humasn in the country; genotyping only happens like fingerprinting, when you get a drivers license or soemthing. I think the underlying concern is OK, but misplaced worrying about kitty-cats. Cats can certainly be violated, but usually aren't aware of it ahead of time, and there's not much they can do about it :-) Consider also they generally *kill* cats they can't return. A chip implant under these circumstances seems not a problem. -- Tom Jennings -- tomj at wps.com -- World Power Systems -- San Francisco, Calif. From jim at bilbo.suite.com Tue Mar 8 19:11:08 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 8 Mar 94 19:11:08 PST Subject: Decoding the Electronic Future Message-ID: <9403090304.AA07956@bilbo.suite.com> [..] Law enforcement authorities also say they are looking for no more authority than they already have--. [..] Perhaps LE is not asking for more *authority*, but they sure are asking for more *capability*. If LE had the capability to do everything they're currently authorized to do (wiretaps, search and seizure, follow people, undercover officers, sting operations, obtain financial records, public security cameras, etc), on a nationwide scale, the US would truly be a police state. It's not so much the amount of "authority" that is keeping the US from being a police state, it is LE's level of capability. Don't give LE more capabilities. One person's opinion, Jim_Miller at suite.com From huntting at glarp.com Tue Mar 8 19:17:38 1994 From: huntting at glarp.com (Brad Huntting) Date: Tue, 8 Mar 94 19:17:38 PST Subject: chips... In-Reply-To: <9403081804.AA24829@merde.dis.org> Message-ID: <199403090314.UAA00343@misc.glarp.com> > Today I ran into a situation that made me completely nausiated and > feel like my privacy had been completely invaded... It involves a > chip which is implanted in animals and used for identification... > [....] "Well, if their doing this to animals, how soon will it be > before they implant the same sort of thing in us?" She said, "Oh, > I hadn't thought about it like that."... Several years ago (like mid or early 80's if I recall), there was just such a program for marking children. It involved implanting a "microchip" on the surface of a tooth. I remember hearing about it on one of those "human interest" stories that air on slow news days when the local TV stations burn through the local police blotter and government press releases too quickly and need to kill time with unimportant trivia lest they mention something that actually matters. Unfortunatly, that's all I remember about it. brad From MIKEINGLE at delphi.com Tue Mar 8 19:46:31 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Tue, 8 Mar 94 19:46:31 PST Subject: ViaCrypt PGP for Unix, CompuServe Message-ID: <01H9QU2FITZO9N47FQ@delphi.com> I got a flyer from ViaCrypt today about these: ViaCrypt PGP for MS/DOS $99.98 one user, $299.98 five user ViaCrypt PGP for Unix $149.98 one user, $449.98 five user ViaCrypt PGP for C$ $119.98 one user The Unix versions are for: SunOS 4.1.x, RS/6000 AIX, HP 9000 700/800 UX, SCO 386/486 UNIX (others soon). The Compu$pend version integrates into CompuServe Information Manager or CS Navigator for Windows. Includes the regular PGP and an integration program for CompuServe. DigiSig+ cryptographic modules: RSA, DES, and DSS. Developers' Kit $950 two user for MS/DOS. DigiSig+ D150. Software crypto engine. $80 to $20 depending on quantity. DigiSig+ D350. Parallel port crypto device, looks like a modem. $625 DigiSig+ D355. As above but plugs into serial port. $635 DigiSig+ D360. Internal board for PC. $595 Memory card - securely stores a secret key. $30 for two. From flesh at wps.com Tue Mar 8 19:52:02 1994 From: flesh at wps.com (Flesh) Date: Tue, 8 Mar 94 19:52:02 PST Subject: (forward message on privacy) Message-ID: <9403090351.AA01505@wps.com> Forwarded message: From hughes at ah.com Tue Mar 8 20:28:59 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 8 Mar 94 20:28:59 PST Subject: EFF's Barlow v. Denning on Clipper - AOL March 10, 9PM EST LIVE In-Reply-To: <199403090107.UAA08118@eff.org> Message-ID: <9403090421.AA14437@ah.com> You don't suppose someone with a brand spanking new $10 credit AOL account and who also had an Internet connection could provide a live feed of the debate to the world, do you? Nah. Eric From pfarrell at netcom.com Tue Mar 8 21:11:12 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 8 Mar 94 21:11:12 PST Subject: DC Physical Meeting This Saturday Message-ID: <199403090511.VAA22280@netcom8.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- This Saturday, March 12 starting at 3:00 PM EST and running until 5:30 PM, there will be a physical Cypherpunks meeting at the EFF's offices in downtown Washington DC. The meeting title is: Cypherpunks distributed meeting Politics, Strategies, and Action The meeting will run in parallel with several other c'punk meetings. If the technology works, we will have realtime audio feeds from other sites. If not, we'll call in using speakerphones (bring your long distance credit card as EFF is _not_ sponsoring us.) With the Clinton Administration's continued insistance on Clipper and the current revision of the FBI's Digital Telophony bill, we c'punks "inside the Beltway" need to get organized. Please do not bring PCs or floppies. We will be inside EFF's offices, and should not bring in, nor take out, any hardware or magnetic media. Paper copies of the MD5 hash of your PGP/ViaCrpyt keys for swapping are fine. We can use email or the keyservers to exchange the actual keys. Some EFF staffers are interested in getting signatures for their ViaCrypt keys. So this will be a good chance to expend the web of trust. Directions: EFF is at the Metro Center stop of the Metro. There is nearby street parking. The Metro stop is literally inside the building lobby. Address is 1001 G street, North West. This is the corner of 11th and G. EFF is in suite 950 East, but the meeting is on the 8th floor. Coming by the metro, leave the station through the Woodies Deli. Go though there, and there will be a set of double doors oposite an escalator. Go though the doors, around a corner and up two escalators. You should then be in the lobby of the EFF building. Off the street, We are next door to the Grand Hyatt, which is right across the street from the Washington Convention Center. Once again, come in and you should be in the lobby of our building. We will send folks down on the hour to let you into the EFF's secure space. Outside of those times, you can set up an appointment, or you will need to call up to get an EFF staff member to come down and let you in. Call 202-347-5400. ext 224 and ext 205 will probably get answered Saturday. Questions: Contact pfarrell at netcom.com or leave a voicemail (up until about noon Saturday) at (703) 267-2986) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLX1aIR9bGnaOb/KNAQF5BgIAx6SwF1q2H2W/Pt85g7TdfWV+vQIuU6oZ k42HeH8+CiRftiIGbtueso9v/hF1sLYAyUs+/4NAYPXegLpLzbrUbQ== =GlHV -----END PGP SIGNATURE----- From mpjohnso at nyx10.cs.du.edu Tue Mar 8 21:55:53 1994 From: mpjohnso at nyx10.cs.du.edu (Michael Johnson) Date: Tue, 8 Mar 94 21:55:53 PST Subject: Where'd pgptools go? Message-ID: <9403090535.AA27672@nyx10.cs.du.edu> Hal writes: >I notice on csn.org:/mpj there is now pgptl10d.zip, PGP Tools version >1.0d. However, 1.0d is not the whole PGP Tools program. It is just an >addendum which implements Diffie-Hellman. Apparently pgptl10c.zip is still >needed to give you the whole of PGP Tools. Does anyone know of an FTP >site which still has pgptl10c available? Thanks - I've merged the old & new files, now -- and put 10c back, just in case I missed something. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| From warlord at ATHENA.MIT.EDU Tue Mar 8 22:19:50 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Tue, 8 Mar 94 22:19:50 PST Subject: ANNOUNCE: Boston Area Cypherpunks Meeting Message-ID: <199403090618.BAA24930@charon.MIT.EDU> There will be a meeting of the Boston Area Cypherpunks on Saturday, March 12, 1994 in MIT Room 1-115 starting at 3pm EST. The plan is to have an audio link to the other cypherpunks meetings around the country and around the world. The title for this meeting is: Politics, Strategies, and Action All further announcements about the Boston Area meeting will be made on the mailing list "cypherpunks-east at MIT.EDU". (Send sub/unsub requests to cypherpunks-east-request) Directions to MIT 1-115: Via T: Get off at Kendall, on the Red Line. Walk away from the marriott hotel, and walk until the street dead ends at Amhust. Take a right, and then keep walking. Follow the path across Ames street, and keep walking past the Great Sail, and when the path splits, take the 45-degree right path. Keep walking until you reach the steps into the building, and go in. Walk to the other end of the corridor. You will be in a large cathedral-like lobby (lobby 7) in front of 77 Mass Ave. Follow the signs for 1-115 from here. Via Bus: Take route 1 to 77 Mass ave and follow the signs Via Car: Drive to Cambridge. MIT building 1 is on the corner of Mass Ave. and Mem Drive, slightly south of 77 Mass Ave. Find a place to park, and enter the building from Mass Ave. Follow the signs to room 1-115. -derek From mbriceno at netcom.com Tue Mar 8 22:55:25 1994 From: mbriceno at netcom.com (Marc Briceno) Date: Tue, 8 Mar 94 22:55:25 PST Subject: chips... Message-ID: <199403090654.WAA07961@mail.netcom.com> X-Anon-Password:legal9road X-Anon-To:cypherpunks at toad.com >> Today I ran into a situation that made me completely nausiated and >> feel like my privacy had been completely invaded... It involves a >> chip which is implanted in animals and used for identification... > >> [....] "Well, if their doing this to animals, how soon will it be >> before they implant the same sort of thing in us?" She said, "Oh, >> I hadn't thought about it like that."... > >Several years ago (like mid or early 80's if I recall), there was >just such a program for marking children. It involved implanting >a "microchip" on the surface of a tooth. > Routine implants of transponder devices into humans are not a question of if, but only of when. I predict that they will become routine before the end of the decade. First they will be voluntary, used primarily in children to facilitate identification in case of abduction, some years later they will become mandatory for all drivers, to combat the use of fake driver licenses, and soon thereafter transponders will become the primary, if not sole accepted form of ID for all business transactions. A generation from now transponders will be mandatory used not only for identification, but for routine tracking of the movements of every citizen. If you think this sounds crazy, go to Germany, where you will find a camera on every major intersection, tracking your every move. -=T.A.Z. From 71431.2564 at CompuServe.COM Wed Mar 9 07:08:36 1994 From: 71431.2564 at CompuServe.COM (Bradley W. Dolan) Date: Wed, 9 Mar 94 07:08:36 PST Subject: FinCen Message-ID: <940309145545_71431.2564_FHA66-1@CompuServe.COM> This may be old news to you guys, but some of it was new to me: bdolan at well.sf.ca.us ... From: Bradley Parsons Subject: Clipper's Grandaddy: FinCEN To: uwsa at shell.portal.com Date: Wed, 9 Mar 94 1:57:27 CST Mailer: Elm [revision: 70.85] Status: R >From acad.stedwards.edu!parsons Wed Mar 9 01:42:56 1994 Newsgroups: alt.politics.clinton Path: acad.stedwards.edu!parsons From: parsons at acad.stedwards.edu (Bradley J. Parsons) Subject: Clipper's Daddy: FinCEN Sender: parsons at acad.stedwards.edu (Bradley J. Parsons) Message-ID: <1994Mar9.071635.3171 at acad.stedwards.edu> Date: Wed, 9 Mar 1994 07:16:35 GMT Distribution: usa Organization: Austin, Texas From: Ralf Brown Date: Mon, 7 Mar 1994 04:09:18 GMT 1.6: Big Brother

Big Brother Wants to Look Into Your Bank Account (Any Time It Pleases)

By Anthony L. Kimery ------------------------------------------------------- There wasn't much to go on. The police salvaged the slip of paper that a small-time East Coast drug dealer tried to eat before being arrested, but on it they found scribbled only a telephone number and what appeared to be the name "John." This frustrated the police. They had anticipated more incriminating information on the man they believed was the supplier not only to the dealer they'd just busted, but also to dozens of other street corner crack peddlers. With two slim leads, the police weren't technically equipped to do much more than antiquated detective work that probably wouldn't yield evidence they could use to indict John. So they turned to the quasi-secretive, federal Financial Crimes Enforcement Network (FinCEN) for the digital sleuthing they needed. Less than 45 minutes after receiving the official police request for help, FinCEN had retrieved enough evidence of criminal wrongdoing from government databases that the district attorney prosecuting the case was able to seek indictments against John on charges of money laundering and conspiracy to traffic narcotics. The local police were impressed. Launched with a low-key champagne reception at the Treasury Department in April 1990, FinCEN is the US government's (perhaps the world's) most effective financial crime investigation unit. Even Russian President Boris Yeltsin asked for its help in locating stolen Communist Party funds. This state-of-the-art computer-snooping agency is quietly tucked away under the auspices of the Treasury Department. Its mission is to map the digital trails of dirty money, be it the laundered profits from drug sales, stolen S&L loot, hidden political slush funds, or the financing conduits of terrorists. It's the only federal unit devoted solely to the systematic collation and cross-analysis of law enforcement, intelligence, and public databases. Until August 1993, FinCEN headquarters was an old Social Security Administration building with a ceiling ravaged by asbestos abatement crews, but that didn't seem to faze director Brian Bruh (he retired in October). With 25 years of experience in law enforcement, Bruh is a seasoned federal cop who has headed up criminal investigations at both the IRS and the Pentagon. Prior to overseeing FinCEN, he was the chief investigator for the Tower Commission, President Reagan's blue ribbon probe into the Iran-Contra scandal. FinCEN was his crowning achievement, and he took pride in directing visitors to FinCEN's computer command center as he touted the agency's successes. In private and in testimony to Congress, statistics roll off Bruh's tongue. Last year FinCEN's computer operations center responded to priority requests for tactical intelligence on nearly 12,000 individuals and entities, doubling the 1991 workload. The 1993 total will be three times the 1991 sum. Longer-term strategic analytical reports have been completed for 715 investigations involving 16,000 other individuals and entities. Two of the government's biggest strikes against organized drug-money laundering - operations Green Ice (a lengthy DEA operation that resulted in the arrests of high-ranking Cali and Medellin cartel financial officers and the seizure of US$54 million in cash and assets) and Polar Cap V (a spinoff of Green Ice that culminated in April 1990) - owe a great deal to FinCEN for having identified and targeted money laundering activities via computer. In the Polar Cap operation, FinCEN's computer tracking documented more than US$500 million in financial activity by 47 individuals who have since been indicted on drug trafficking and money laundering charges. Inside FinCEN's new digs on the second floor of a gleaming high-rise office building down the road from the CIA in Vienna, Virginia (otherwise known as "Spook City"), the talents of the IRS, FBI, DEA, Secret Service, and other traditional federal cops such as customs agents and postal inspectors are pooled. According to senior intelligence officers, these investigative units can access the resources of the CIA, the National Security Agency (which intercepts data on electronic currency movements into and out of the United States, some of which make their way into FinCEN's analyses), and the Defense Intelligence Agency. Bruh and other FinCEN officials openly acknowledge their association with the CIA, but they refuse to discuss further any aspect of FinCEN's dealings with it or any other intelligence agency. In addition to the CIA, intelligence officials have admitted, off the record, that the National Security Council and the State Department's Bureau of Intelligence and Research (INR) have also joined FinCEN's impressive intelligence crew. In short, FinCEN is a one-of-a-kind cauldron containing all the available financial intelligence in the United States. "It's the first ever government-wide, multi-source intelligence and analytical network brought together under one roof to combat financial crimes," said Peter Djinis, director of the Treasury Department's Office of Financial Enforcement and one of the few Treasury officials close to FinCEN activities. "FinCEN is absolutely necessary," said a senior General Accounting Office (GAO) official involved in an audit of FinCEN required by new anti-money- laundering laws passed last year. The agency's report wasn't released by press time, but according to the GAO official, no irregularities were uncovered. However, the GAO's scrutiny skirted emerging concerns about privacy, civil rights, and the appropriate role of the intelligence community. FinCEN's mission requires the involvement of the intelligence community, particularly in tracking the financial dealings of terrorists and in conducting financial counterintelligence, although few are willing to discuss the trend openly. Because these activities cross into the world of cloaks and daggers, some watchdogs are concerned that such endeavors will encroach on privacy and civil rights. When you look at the power of FinCEN and its proposed offspring, their fears seem justified.

How to Bust a John

The whiz kids at FinCEN are good. Very good. That's why state and local police have come to depend on FinCEN to pull them out of the electronic- sleuthing quicksand. The case of John the drug supplier is a good example of one of their less-complex assignments, and it illustrates the adeptness with which the government can collate existing financial data. Seated at a computer terminal inside FinCEN's former command post, a FinCEN analyst began the hunt. He started by querying a database of business phone numbers. He scored a hit with the number of a local restaurant. Next he entered the Currency and Banking Database (CBDB), an IRS database accessed through the Currency and Banking Retrieval System. CBDB contains roughly 50 million Currency Transaction Reports (CTRs), which document all financial transactions of more than US$10,000. By law these transactions must be filed by banks, S&Ls, credit unions, securities brokers, casinos, and other individuals and businesses engaged in the exchange of large sums of money. The analyst narrowed his quest by searching for CTRs filed for transactions deemed "suspicious." Financial institutions must still file a CTR, or IRS Form 4789, if a transaction under US$10,000 is considered suspicious under the terms of an extensive federal government list. There was a hit. A series of "suspicious" CTRs existed in the restaurant's ZIP code. Punching up images of the identified CTRs on his terminal, the FinCEN analyst noted that the transactions were made by a person whose first name was John. The CTRs were suspicious all right; they were submitted for a series of transactions each in the amount of US$9,500, just below the CTR threshold of US$10,000. This was hard evidence that John structured the deposits to avoid filinga Form 4789, and that is a federal crime. Selecting one of the CTRs for "an expanded review," the analyst got John's full name, Social Security number, date of birth, home address, driver license number, and other vital statistics, including bank account numbers. Plunging back into the IRS database, the analyst broadened his search for all CTRs filed on behalf of the suspect, including non-suspicious CTRs. Only 20 reports deemed suspicious popped up on the screen, but more than 150 CTRs were filed in all. A review of the non-suspicious ones revealed that on several, John listed his occupation as the owner or manager of the restaurant identified by the telephone number on the slip of paper taken from the arrested drug dealer. The connection between the name and the phone number originally given to FinCEN was secured. The FinCEN analyst then tapped commercial and government databases, and turned up business information on the restaurant showing that John had reported an expected annual revenue for his eatery of substantially less than the money he had been depositing, as indicated by the CTRs. Fishing in a database of local tax assessment records, the analyst discovered that John owned other properties and businesses. With the names of these other companies, the analyst went back into the CTR database and found that suspicious transaction reports were filed on several of them as well. As routine as such assignments as this case may be, the chumminess between FinCEN and the intelligence community raises serious questions about the privacy and security of the financial records of citizens John and Jane Doe, considering the intelligence community's historic penchant for illegal spying on non-criminals. Given the vast reach and ease with which the government can now tap into an individual's or business's financial records on a whim, these questions have received far too little scrutiny.

Whose Privacy?

"There are legitimate concerns" regarding privacy, a ranking House banking committee staffer conceded in an interview with Wired. "Quite frankly, there hasn't been much congressional oversight with respect to the intelligence community's involvement with FinCEN. When you start trying to look into this, you start running up against all kinds of roadblocks." The GAO official involved in auditing FinCEN agreed that questions regarding the intelligence community's involvement and attendant privacy concerns haven't been addressed. If such issues have been the subject of discussion behind the closed doors of the House and Senate intelligence committees, no one is talking openly about it. Meanwhile, the potential for abusive intrusion by government into the financial affairs of private citizens and businesses is growing almost unnoticed and unchecked. Two of the latest electronic inroads into the financial records of private citizens and businesses are "Operation Gateway," a FinCEN initiative, and the proposed Deposit Tracking System, which other intelligence agencies would like to see established. Both are inherently prone to abuse and provide a disturbing indication of the direction in which the government is moving. Gateway is a pilot program launched in Texas this July that gives state and local law enforcement officials direct access to the massive federal Financial Database (FDB) through a designated FinCEN coordinator. The FDB contains the records that financial institutions have been filing under the Bank Secrecy Act for the last 23 years - CTRs, suspicious transaction reports, International Transportation of Currency or Monetary Instruments reports, and Foreign Bank and Financial Accounts reports. In addition, Congress is expected to grant FinCEN authority to tap into the database of Forms 8300, which are reports of payments over US$10,000 received in a trade or business. These documents principally contain information on deposits, withdrawals, and the movement of large sums of currency. It is FinCEN's intent to give all state governments individual access to the FDB. Under the Gateway proposal, results from all queries would be written into a master audit file that will constantly be compared against other requests and databases to track whether the subject of the inquiry is of interest to another agency or has popped up in a record somewhere else. State coordinators designated by FinCEN will do the logging on, as FinCEN is uncomfortable with giving 50,000 federal agents and 500,000 police officers direct electronic access to its database. "This is very sensitive information," concedes Andy Flodin, special assistant to the FinCEN director. "We'd have to have additional security safeguards before we could open it up to every police agency." But while the FDB contains only records on major money movements and thus is not as much of a threat to individual privacy, the Deposit Tracking System (DTS) is a potential menace. If implemented, the estimated US$12.5 million computer system could be used to penetrate the security of bank accounts belonging to you, me, and 388 million other bank account holders in the US. The government argues that such a system is necessary for two reasons: first, to assess adequately the funding needed for federal deposit insurance and second, to locate the assets of individuals ordered by courts to make restitution for financial crimes - like the savings and loan crooks. (It seems the government can't trace most of the money they stole.) The first reason stems from a requirement of the seemingly innocuous Federal Deposit Insurance Corporation Improvement Act of 1991 - one of Congress's legislative responses to the savings and loan debacle. The Act requires the FDIC to study the costs, feasibility, and privacy implications of tracking every bank deposit in the United States. So far the DTS exists only on paper. The FDIC's completed feasibility study is currently being examined by Congress, but it is unlikely to act on it before late next year. For the time being, the US$12.5 million price tag seems to be the biggest drawback to its implementation. Concerns about the DTS have been widespread, although it has received scant attention in the mainstream press. But according to Diane Casey, executive director of the Independent Bankers Association of America, the DTS "would fundamentally change the relationships among banks, consumers, and the government in ways that have implications beyond banking policy. Our open and democratic society would be changed profoundly if any agency of the government maintained the scope of information on private citizens described in this proposal. It raises questions about our democracy that would have to be addressed by the highest policy-making levels of government." The American Bankers Association (ABA) voiced equally serious concerns. The ABA doubts "whether there are any privacy safeguards that would be adequate to effectively protect this database from use by government agencies and, eventually, private parties," an ABA spokesman explains. "It is inconceivable to the ABA that such a database could be used only by the FDIC in deposit insurance coverage functions. Such a database...would provide a wealth of information for investigations being conducted by the FBI, the Drug Enforcement Administration, and the IRS, to name but a few. Like the baseball diamond in Field of Dreams, build this database and they will come. Eventually, whether legally or illegally, they will gain access to this database." The FDIC forcefully argued against the DTS in the 234-page draft report it submitted to Congress in June 1993, but it may not have the bureaucratic clout necessary to kill the proposal. Wired was told by intelligence analysts and congressional sources dealing with oversight of the intelligence community that federal law enforcement and intelligence agencies are privately clamoring for the system, apparently disregarding both the privacy issues and the system's start-up cost (which does not include the additional US$20 million a year the feasibility study said would be required for facilities, for salaries and benefits, and for routine hardware and software maintenance). Further driving the intelligence agencies's desire for the DTS is the much- hyped role of economic intelligence gathering, a key focus of the Clinton administration's reform of the intelligence community. Agencies like the CIA view the system as a boon to their ability to monitor foreign financial dealings in the US, according to both congressional and intelligence sources.

Adding Intelligence to the Equation

Regardless of the form it takes, the sources said, the DTS and any other financial databases that come down the pike could be easily interfaced to FinCEN's Artificial Intelligence/Massive Parallel Processing (AI/MPP) program, a criminal targeting system that will go online in a few years. Because laundered money is moved undetected along with the millions of legitimate computerized wire transfers that occur daily, FinCEN's computer investigations naturally demand expert systems that can single the dirty money out of the crowd. FinCEN's current Artificial Intelligence capability allows it to search the Financial Database for suspicious, preprogrammed patterns of monetary transactions. While not very flexible, the system has successfully identified previously unknown criminal organizations and activities. But FinCEN has a hush-hush US$2.4 million contract with the US Department of Energy's Los Alamos National Laboratory to develop what Bruh and other FinCEN officials de-scribed as a powerful "money flow model." Unlike FinCEN's current system, Los Alamos's AI software will look for unexplained, atypical money flows. Coupled with a massively parallel computer system, the AI/MPP could perform real-time monitoring of the entire US electronic banking landscape. FinCEN's AI capabilities currently exploit the Financial Database for proactive targeting of criminal activity. The system automatically monitors the entire FDB database, constantly identifying suspicious financial activity in supercomputer-aided, rapid-response time. In addition to the FDB, FinCEN is applying AI to the Criminal Referral Forms that must be filed with FinCEN whenever banks, examiners, and regulators uncover financial activities they suspect are illegal. In the near future, all of these government databases will be interfaced by way of AI/ MPP technology. "MPP is critical to FinCEN's ability to analyze (banking) data to its full capacity," Bruh insists. The pure power of such a "database of databases" terrifies critics. Though FinCEN and other authorities discount the potential for abuse, tell that to the CIA. Its charter forbids it from engaging in domestic surveillance; nonetheless, it spied on Americans for seven consecutive presidential administrations (it says it finally ceased its internal spying in the mid- 1970s). FinCEN's AI operation has been employed legitimately with great success. Perhaps its least-known project was assisting the CIA in identifying and tracking the flow of money between Iran's state-sponsored Islamic fundamentalist terrorist organizations and the men linked to the bombing of the World Trade Center. According to a Treasury official and confirmed by Anna Fotias, FinCEN's congressional liaison, FinCEN identified suspicious transaction reports filed by a bank in New Jersey on wire transfers from Germany to the accounts of two of the men charged in the bombing. With the bank account in Germany identified, further AI processing - utilizing intelligence from the CIA's DESIST computer system, the world's most extensive database on terrorists - identified a company as a front for an Iranian terrorist group. Coupled with DESIST's data on the two men's terrorist connections, FinCEN was able to identify a number of previously unknown conduits of terrorist funding in the US and abroad. Similarly, FinCEN was crucial in identifying Iraqi assets in the US that were frozen in the wake of Iraq's invasion of Kuwait, according to a Treasury official. Still, given the CIA's less-than-spotless record, privacy advocates are likely to find it disturbing that there are some within the walls of CIA headquarters - apparently unbeknownst to anyone at FinCEN - who want to mesh DESIST with FinCEN's eventual AI/MPP ability and with all the databases FinCEN routinely surveys. The justification for creating such a system is compelling: More likely than not it would identify scores of previously unknown financial conduits to terrorists. Advocates of a full-time DESIST/FinCEN system carry their argument one step further: Hooked into the yet-to-be-authorized Deposit Tracking System, the DESIST/FinCEN system would be able to identify terrorist financial movements in real-time, thus providing early warning of potentially imminent terrorist actions. Some within the intelligence community take it still another step: They would have the system tied into the private computers that hold credit card transactions "so that we could have nearly instant time-tracking capability," according to one source who works closely with the CIA's Counterterrorist Center. Conversely, a CIA/FinCEN/DTS endeavor could monitor on a real-time basis the financial activity of narcotics traffickers, since drug dealing also is within the purview of the CIA. The agency's Counternarcotics Center, or CNC, already works closely with FinCEN. Before the CIA would be allowed to tap into a system as sensitive as the proposed Deposit Tracking System, it would have to clear plenty of civil liberties hurdles, not the least of which is the prohibition on the CIA from gathering intelligence on US citizens. As long as the DTS itself was shielded from direct access by the CIA, proponents could argue that the operation was allowable under law. Opponents, on the other hand, fear that the CIA would find a way to download, copy, or otherwise secretly access the DTS. "The risk of the CIA getting its hands on this is serious - we know the kind of unscrupulous people who populate the spook world," said a Washington-area private investigator who conducts many legitimate financial investigations for a CIA-linked firm. "This kind of financial data, when coupled with other information like a person's credit history, could be used for blackmail, bribery, and extortion," said the investigator, who has a military intelligence background. Bruce Hemmings is a veteran CIA clandestine-services officer who retired in 1989. Prior to the DTS proposal, he told Wired that the CIA routinely digs for financial dirt on people from whom the agency wants specific information. Typically they are foreign intelligence officers working in the US under a diplomatic guise, and this financial information is often used as leverage in getting them to talk. In less civilized venues, this is called blackmail. DTS could present an inviting mechanism for quieting unwanted dissent or for defanging an unruly congressional leader bent on exposing some questionable CIA operation. Although still in its embryonic stage and in spite of the looming privacy obstacle it will inevitably confront, FinCEN is seen by many in the government as the catalyst for a powerful, all- seeing, all-knowing, global, financial-tracking organization. In fact, FinCEN is al-ready working closely with INTERPOL, and Bruh's deputy just resigned to head up INTERPOL's US office. As the privacy debate heats up, FinCEN's digital dirty-money trackers go on about their work, hoping they don't have to choose sides if what they do becomes a full-blown privacy invasion problem. As Bruh puts it, "There's tons of crooks out there who are disguising their criminal profits. FinCEN needs to computerize as much as possible to be able to identify the really significant criminals and their activities." The question then becomes, at what point does it stop? * * * Anthony L. Kimery covers financial industry regulatory affairs as an editor at American Banker Newsletters. ------------------------------------------------------- Copyright (c) 1993 Wired magazine Requesting information from the Wired InfoBot (other than the help file) indicates your acceptance of the following terms and conditions: (1) These articles and the contents thereof may be reposted, remailed, or redistributed to any publicly accessible electronic forum provided that this notice remains attached and intact. (2) These articles may not under any circumstances be resold or redistributed for compensation without prior written agreement of Wired. (3) Wired keeps an archive of all electronic address of those requesting information from the Wired InfoBot. An electronic mailing list will be compiled from this archive. This list may from time to time be used by the staff of Wired Online Services for the purpose of distributing information deemed relevant to Wired's online readers. If you wish to have your name removed from this mailing list, please notify us by sending an electronic mail message to infoman at wired.com. If you have any questions about these terms, or would like information about licensing materials from Wired, please contact us via telephone (+1.415.904.0660), fax (+1.415.904.0669), or email (info at wired.com). From cowen at glia.biostr.washington.edu Wed Mar 9 09:43:14 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Wed, 9 Mar 94 09:43:14 PST Subject: No Subject Message-ID: <9403091753.AA17699@glia.biostr.washington.edu> all this about newbies>> i for one am a newbie,, gee i hate that word,, at least to this list. though i have been in and around computers since 81. over 13 years now most of what i have been around is the bbs, and programing, and hardware of computers. also i am an information freak from early childhood. the major pitch of my crypto has been word based, not computer based but i understand the princibles behind it. though my main concern of late has been the up swing in government and criminal investigators involment in the computer field. most notablly with the clipper and other chips. i have always been a privacy advocate. having done things in early youth that in a world ruled by "big brother" i would surely be targeted for. i do not want the US of A or most of the free world to be ruled by "big brothers" that is why i read this list and others. yes in the past i have posted rants, and raves. but that is life. i talk the good ole heart and soul while others talk the techno ascept of the issues at hand. ' charles the monster maker From hayden at krypton.mankato.msus.edu Wed Mar 9 10:03:30 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 9 Mar 94 10:03:30 PST Subject: he's baaaaaaaack Message-ID: I noticed following on comp.org.eff.talk this morning. Seems our friend is back, although it could be forged (dunno). (headers left intact) ---------- Forwarded message ---------- Subject: (fwd) Re: Time Poll Reports that 80% Oppose Clipper Newsgroups: alt.privacy.clipper,talk.politics.crypto,alt.privacy,comp.org.eff.talk,alt.politics.datahighway Relay-Version: ANU News - V6.1 08/24/93 VAX/VMS V5.5-1; site vax1.mankato.msus.edu Path: vax1.mankato.msus.edu!msus1.msus.edu!news.gac.edu!msc.edu!apctrc!paperboy.amoco.com!news.ans.net!howland.reston.ans.net!europa.eng.gtefsd.com!library.ucla.edu!ihnp4.ucsd.edu!ames!purdue!yuma!lamar.ColoState.EDU!tmp Newsgroups: comp.org.eff.talk,alt.privacy,alt.privacy.clipper,talk.politics.crypto,alt.politics.datahighway Subject: Re: Time Poll Reports that 80% Oppose Clipper Message-ID: <1994Mar7.225027.119747 at yuma> From: tmp at lamar.ColoState.EDU (L.Detweiler) Date: 7 Mar 94 22:50:27 GMT Followup-To: alt.privacy.clipper,talk.politics.crypto,alt.privacy,comp.org.eff.talk,alt.politics.datahighway References: <2ldaj8$h3k at news1.digex.net> Nntp-Posting-Host: lamar.acns.colostate.edu X-Newsreader: TIN [version 1.2 PL2] Lines: 11 Xref: vax1.mankato.msus.edu comp.org.eff.talk:2152 alt.privacy:916 talk.politics.crypto:744 alt.politics.datahighway:471 : ''The crypto genie : is : out of the bottle,'' says Steven Levy, who is writing a book about : encryption. If that's true, even the nsa may not have the power to put it : back. @#$%^&* cryptoanarchists are everywhere. now `cryptoanarchy' is an official media term! @#$%^&*! who wants to bet me any amount of $$$$ that the Levy book will be a great paen to the cypherpunks? Oh, the glorious cypherpunks, the digital warriors, the knights in incandescent armor, I bow before you. From collins at newton.apple.com Wed Mar 9 10:28:01 1994 From: collins at newton.apple.com (Scott Collins) Date: Wed, 9 Mar 94 10:28:01 PST Subject: Why the chip in my dog won't work in humans. Message-ID: <9403091743.AA29237@newton.apple.com> >> Today I ran into a situation that made me completely nausiated and feel like >> my privacy had been completely invaded... It involves a chip which is >> implanted in animals and used for identification... I have such a chip in my dog. Why? Animal services can destroy a stray animal after as little as 48 hours. My dog doesn't speak English, and if she loses her tags and gets lost --- she's a stray! Animal services scan (and you have to be pretty close, like those door-opening-id-cards) all the animals that are picked up. If there's a chip, the animal WON'T BE DESTROYED. They'll call the Infopet service, who will in turn call me, and I'll come pick her up. Additionally, I have pre-authorized emergency medical attention for her. If she needs help, she'll get it even if they don't know where I am. And, as others mentioned, if she is stolen then the next time she is taken in to the vet (my vet and many others in CA scan as a matter of course) or picked up by animal services ... I will know about it. I love my dog. She's a good companion; and I take good care of her. She has never lost her tags or `gotten loose'. But if she ever does... ...this chip will help me recover my property. Whoa! what happened to loving companion? How did we go from friend to chattel? The truth of the matter is that the law considers and dog _owners_ act as though dogs are property. They have value. They need to be protected like any other piece of property. I love my dog, but that doesn't change the fact that if she fell in love with YOU and wanted YOU to be her master and decided she no longer loved ME ... she would still stay with me, because she's mine. - --- - Is this the edge of a slippery slope for putting chips in human beings? I don't think so. The reasons for having such a device in a dog are completely different from the reasons for having them in an human being. In one case it is essentially to identify property (like a brand on a cow -- we still don't brand humans), in the other it is to make a certain kind of deception more difficult. Marking children as though they were animals or property? Grotesque. Marking adults for identification? Hopeless. Dogs don't even know what a chip is, let alone that they have one implanted in them. They won't remove or replace it; but a human bent on such a course will. Therefore, as identification or proof of permission, it will be no better than the cryptographic system beneath it. In which case, it will be pointless to have an implant rather than a smart card. Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From cowen at glia.biostr.washington.edu Wed Mar 9 10:41:07 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Wed, 9 Mar 94 10:41:07 PST Subject: No Subject Message-ID: <9403091851.AA17998@glia.biostr.washington.edu> re the issuing of smart cards in france. when will we in the US of A be issued our ID card? already in some states you hve to have so much id just to get a drivers liscence that it is not funny. recently my fiancee lost her date book, for her it is a purse anything about her that would be needed to form another history via id was in there. and being adopted she did not have a copy of her birth certificate.. makes you wonder if the "smart card" is reaaly the better idea. to make it seem good to folks, lets have encryption in the card we can access certain parts of the card, via our own password, given it would have to be a hard to get password, something like 2BeoR^3%iT in at least 10 charactors long. we could all have them hooked to our money supply that would cut down on the fake card/money/credit business a bit and give us more ability to be controled by the governing bodies if we fail to pay the IRS one year, they could just take it out at their stations in the big office at the IRS building. or even the voting, pass it through the voting booth reader and key int he ones you want to help control your life. neato,, do away with all the bulky change i carry around too!! charles the monster maker From marc at security.ov.com Wed Mar 9 11:06:48 1994 From: marc at security.ov.com (Marc Horowitz) Date: Wed, 9 Mar 94 11:06:48 PST Subject: I hate to blast the whole list with this, but.... Message-ID: <9403091906.AA02087@dun-dun-noodles.aktis.com> When requesting to be added to an Internet mailing list, *ALWAYS* try to send mail to listname-request at host to reach the administrators. We've gotten three messages to cypherpunks-east at mit.edu today asking to be added. Don't send mail to the list! If you want to be added, we'll be happy to do it if you send mail to cypherpunks-east-request at mit.edu. If you ever decide you no longer want to be on cypherpunks, send mail to cypherpunks-request at toad.com. And so forth. I'm on large lists which get several requests sent directly to the list every day by people who don't know any better. This is annoying All future list maintenance requests sent directly to cypherpunks-east will be met with scorn and derision, and quite possibly ignored. Thank you for your assistance. Marc From gtoal at an-teallach.com Wed Mar 9 11:40:08 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 9 Mar 94 11:40:08 PST Subject: chips... Message-ID: <199403091936.TAA11490@an-teallach.com> an57322, I believe? Bwahahaha. Which adds to my theory that the major use of anonymity and |<00|_ anon handles on the net is posturing and self-grandification. Go sit in the corner with Xenon... Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 8 Mar 1994 22:53:47 -0800 From: Marc Briceno Subject: Re: chips... Sender: owner-cypherpunks at toad.com Precedence: bulk X-Anon-Password:legal9road X-Anon-To:cypherpunks at toad.com -=T.A.Z. I'd change that password if I were you, TAZ, if someone else hasn't already done so... And when you get a new account, remember to post to penet.fi instead of the list directly. G From GERSTEIN at SCSUD.CTSTATEU.EDU Wed Mar 9 12:20:26 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN) Date: Wed, 9 Mar 94 12:20:26 PST Subject: keeping secrets from myself Message-ID: <940309151935.202248e2@SCSUD.CTSTATEU.EDU> On 8-MAR-1994, Cortland D. Starrett (cort at ecn.perdue.edu) said... ========== Here is a practical problem that has me frustrated.... Situation: Assume that I am the treasurer at my local church. This implies responsibility to record each Sunday's offering (the money collected) in the church financial books. An account is maintained for each member of the church. Money received from members each Sunday is credited to their respective accounts. Each January, a report is prepared for each parishioner showing a summary of the charitable contributions for the previous year. This information is used for tax purposes. Currently, the treasurer knows EVERYTHING about EVERYONE (regarding charitable giving). As a privacy advocate, this is indeed uncomfortable (for giver and treasurer). Problem: I want to know as little as possible about church member giving. Give and Take: It will be difficult/impossible to prevent the treasurer from seeing each weeks' checks. However, a privacy improvement may be achieved if the running totals are kept hidden. How can I provide a comprehensive year-end statement to each parishioner while maintaining maximum privacy? Does cryptography have anything to offer to this situation? What procedures/protocols could be implemented? What privacy enhancements could be included with the church accounting software? Cort. =========== I would think that the easiest way to take care of this would be to assign each member a randomly generated id (probably alphanumeric, and you can keep it around 6 characters), and then just use that number from then on. When a new member joins, create a new id and once they have a copy of it, put the id in a file that is stored out of your hands (but accessable if need be) in case you need to add someone else or if someone forgets their id. I know that this isn't as secure as some of the other methods suggested, but this (the method above) would seem to make the most sense simply because once it's started, there's not that much upkeep: 1- Member gets an id. 2- Member makes a deposit using just their id and only looking at the check amounts. For this, you would have to trust yourself or get some envelopes that only show the amount through a window. When you are done doing all the checks on the computer, dump them all into a bag or something and then start endorsing them. 3- At the end of the year, all you have to do is print a list of the id's and how much they have in their "account". At no time does anyone but the member know their id (unless they happen to share with someone, and it's up to them). As treasurer, you only know the account numbers. If you really didn't want to take the chance that you might learn some of the numbers (doubtful, as there would probably be 100's [maybe 1000's] of members), you could get someone else in the church (that you trust) to assign the id's and just have them let you know the new id's as they come along. Just my 0.02� worth. Adam Gerstein -=-=-=-=-=-=-=-=- Have _you_ said no to Clipper yet? To sign on to the letter, send a message to: Clipper.petition at cpsr.org with the message "I oppose Clipper" (no quotes) You will receive a return message confirming your vote. From hughes at ah.com Wed Mar 9 12:27:41 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 9 Mar 94 12:27:41 PST Subject: on tmp@lamar.acns.colostate.edu Message-ID: <9403092020.AA16279@ah.com> No, the Usenet post from that site is not forged. I just corresponded with LD himself there. Eric From mech at eff.org Wed Mar 9 13:42:28 1994 From: mech at eff.org (Stanton McCandlish) Date: Wed, 9 Mar 94 13:42:28 PST Subject: 80% of even the *NON*net public oppose Clipper (...when informed) Message-ID: <199403092033.PAA05551@eff.org> "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 EIGHTY PERCENT, folks. You know what that means. This is now the time to spread the word on Clipper, far, fast and wide. If there are 3 local newspapers in your area, send an op-ed or letter to the editor, to ALL of them, and magazines too. If you are a pro writer, time to start writing articles. Redistribute Clipper to the net, and especially to BBSs. The problem here is one, and one only: not enough people know about Clipper yet. When EVERYONE does, even Clinton dares not go against the will of 80% of the populace. Do you run a BBS? Make an anouncement about Clipper (and the 80% opposition rate!) as one of your login screens. Put it in your .signature or your .plan, print up some flyers, put it in your zine, wear it on a t-shirt, whatever it takes to get the message out. Leahy's hearings are going to be something else. The Cantwell bill will help. But nothing will be as effective as mass public outcry. Don't just sit here. Usenet will be here tomorrow, too. Do something to educate someone about Clipper and the threat it poses to our privacy NOW. After that, if you have yet to send in your short letter of support for the Cantwell bill (HR2637), which will reduce export restrictions on non-Clipper cryptography, please do it today. Send to cantwell at eff.org. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 From frissell at panix.com Wed Mar 9 15:08:21 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 9 Mar 94 15:08:21 PST Subject: In Memorium Message-ID: <199403092307.AA27329@panix.com> Sandy Sandfort's [sandfort at crl.com] inamorata, Diane Somers, died in a traffic accident on Tuesday afternoon. DCF And Death shall be no more: Death, thou shalt die! --- WinQwk 2.0b#1165 From MATTKELLY at antioc.antioch.edu Wed Mar 9 17:24:50 1994 From: MATTKELLY at antioc.antioch.edu (Matt_Kelly) Date: Wed, 9 Mar 94 17:24:50 PST Subject: please remove me from cypherpunks-announce list Message-ID: <01H9S4Q9SSEG00010W@antioc.antioch.edu> Please remove me from ALL (including cypherpunks-announce) lists. Thanks. From tcmay at netcom.com Wed Mar 9 17:57:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 9 Mar 94 17:57:49 PST Subject: The Coming Police State Message-ID: <199403100158.RAA27863@mail.netcom.com> An alarmist title? Perhaps. But likely accurate. Since the theme of the upcoming Cypherpunks meeting on March 12th, with sites around the world tied together, is "politics" and since Eric Hughes has encouraged "rants," I'm making these comments now. The war is upon us. All _three_ of the major U.S. weekly news magazines have articles on cops in cyberspace, the threat of Clipper, and the fast computerization of the surveillance society. Books are being written on crypto issues (beyond the excellent Schneier book, I mean), and the issues have resonance amongst a skeptical public. Strange bedfellows, ranging from Pat Robertson and Phyllis Schlafly to civil libertarians on the other side have come out against Clipper. (I suspect had Bush won, Robertson and Schlaffly would be much quieter about Clipper, just as many Democrats are being somewhat circumspect in their criticisms of Clipper today. People need to realize this issue cuts across all party lines. Ditto for non-U.S. people as well, despite the U.S.-centric focus of these comments.) The Cypherpunks fill an important niche that none of the other major groups wants to--or are able to--fill. The EFF, CPSR, and ACLU have different skills than we have, have more money (we have _none_, of course, as an organization), and are mostly "centralized lobbying" groups (all are headquartered in Washington, D.C.). Cypherpunks are scattered around the world, with only this mailing list and the physical meetings creating any real nexus. By default, of course, the Bay Area has tended to dominate, in raw numbers, in physical meetings, and in the early history of the list, but hopefully this will change as the Cypherpunks continue to grow and as other sites become more active in their chose areas of expertise. And the Cypherpunks mailing list has an interactive mailing list filled with some of the world's best cryptographers and security experts (you know who you are), and several hundred creative folks, many of whom actually write code! Plenty of problems face us, but we have plenty of talent, too. And of course we have justice and the inevitability of technology on our side. IS A POLICE STATE REALLY COMING? "Not if we can help it," of course. But right now things look pretty grim. George Orwell got it mostly right, even in choosing a corporatist model of Britain as the setting instead of the more-expected Stalinist models of the time. (I'm an anarcho-capitalist, personally, so I have nothing against corporations _per se_. But I despise the situation of "state socialism," which is what fascism really is, in which corporations are given special rights and responsibilities in exchange for being supported or selectively rewarded by the State.) In the U.S. at least (and more on Europe and Asia later), the cyberspatial police state is no longer associated with just one political party. The Clipper program and Digital Telephony were started under the Reagan (probably_ and Bush (for sure) administrations, and now the Clinton and Gore folks have shown themselves to be enthusiastic supporters of Big Brother. The National Health Care program, perhaps temporarily stalled on a side street by the current Whitewater/Hillary circus, may have implications for this police state that are unclear....national ID cards, FinCEN-type monitoring of alcohol and tobacco purchases, even biometric identity systems. And the National Information Infrastructure, the NII, has the potential for further concentrating and regulating the presently anarchic networks. Driver's licenses for the information highway? Learner's permits? Revoked licenses for "hurtful speech" and other thoughtcrimes? WHAT ARE WE FACING? -- Digital Telephony II for easy access to _all_ communications channels. If this becomes law, expect all equipment makers to add wiretapping capabilities. All operating system makers may have to add tap points to allow government access (so much for "secure operating systems," such as Norm Hardy and others are working on). -- Clipper and its Big Brethren for easy access to the contents of files. The State will use its power to enforce standards, control exports, and punish corporations so as to ensure competitors do not arise. -- The likely criminalization (via civil forfeiture, a la the Drug War) of unapproved crypto alternatives. (As Whit Diffie has noted, this will not completely stop unapproved use, but will force it underground and marginalize it, causing most folks to so fear prosecution and forfeiture of their homes and companies that they'll avoid unapproved crypto and will help narc out others.) -- Expansion of these tools to other "New World Order" nations, including rapidly-developing systems in Germany, France, Britain, Japan, and other countries. (Reports of "family keys" being prepared for these countries, of restrictions on private use of crypto already in place in some of these countries, and of positive reaction to the American Clipper system.) -- The State getting involved in the "Digital Superhighway" increases the potential for licensing, control, speech codes, etc. For example, one can imagine "fair access" laws which ostensibly make getting on the Net easier and cheaper (not really, of course) but which come with strings attached. Limitations on pseudonyms, restrictions to only RSA-approved public keys (cf. a frightening proposal by Carl Malamud to "nationalize" public-key technology and then give every citizen his own public key...such a system would destroy most of the exciting possibilities some of us foresee and would create a complete surveillance market--this is just one possible future being bandied about by the technocrats and "policy wonks"). (I know some List members, especially those connected with the EFF, have a more charitable view of the NII. But even Mike Godwin has quipped about the "Digital Snooperhighway.") So, is it all hopeless? WHAT COULD DERAIL THE CYBERSPACE POLICE STATE? 1. Defeat of the Digital Telephony Bill. Groups like the EFF and CPSR effetively stopped the first attempt, but a new one was recently unveiled. In many ways, much worse than the first one. This one has to be stopped as well! (In general, all readers of this List should be signing the various petitions that come along, including the "I oppose Clipper" and "I support the Cantwell Bill" ones. You should make your own decisions, of course, but it is hard to imagine that any of you would be opposed to these sentiments. The key is to to make sure a significant fraction of you 700-800 readers sign these petitions! That's a hefty voting bloc, and would give Cypherpunks some additional respect or influence amongst the petition circulators.) 2. Work closely with EFF, CPSR, and other groups (ACLU?) in their efforts to stop these developments. Being that many of us know a fair amount about crypto, security, and computers, we could provide technical assistance to these organizations. (The Washington, D.C. group could, as we have often discussed, have an especially beneficial effect on the debate, as Congressional staffers could be brought up to speed by Cypherpunks in the area. Be sure to concentrate equally on Republicans and right wingers as on Democrats and left wingers!) (In my opinion, our "outlaw" image continues to serve us well. While the "suits" talk to Congresscritters, there's still a role to be played for more guerilla-oriented folks such as ourselves. Sure, there's a downside, and not all are comfortable being portrayed as "anarchists" or "cypher criminals," but that's how we got started--not that we are all either anarchists or criminals!--and there's been little pressure to change. For now, it lets us play a kind of "good cop-bad cop" game....or, "hybrid vigor," with the Cypherpunks filling a different niche than the suits of EFF and CPSR fill.) 3. Widespread repudiation of the Clipper program and its evil Big Brethren, the Capstone, Skipjack, Tessera, "iPower," and related technologies. We talk about Clipper a lot here, and about ways to defeat it, so I won't go into this here. 4. Active sabotage, to include: - Boycotts of AT&T for building Clipperphones, of VLSI Tech for building the Mykotronx chips, of National Semiconductor for building the "iPower" PCMCIA card, and of others who are becoming known for being involved (more on this later, when I am liberty to say more). (My old company, Intel, is a 20% owner of VLSI Tech, actual manufacturer of the Clipper chip--draw your own conclusions.) - "Big Brother Inside" stickers. Thanks to the several of you who actually got these stickers _made_....it was at the special meeting last April that I drew this logo on the whiteboard and then did a posting of the ASCII design. While I will not encourage you to surreptitiously place these stickers on boxes containing the products of the aforementioned companies, let your conscience be your guide. Wink. - Ridicule and "psychological warfare." I upset a few people when I called this "disinformation" a while back. I don't mean actual lies, but, rather, *creative speculation* and the sowing of doubts in people's minds. For example, most of us (safe to say, I think) understand that the real danger, the real threat, of Clipper is the imminent outlawing of alternatives to Clipper. We understand this even though the "facts" on Clipper are nominally that Clipper will be "voluntary." We "know" this is not so, both in terms of reasonable historical projections and in terms of the already-developing policies on exports which will make non-Clipper schemes much harder to export than Clipper. Hence, we need to "fill in the gaps" for people and point out to them that crypto alternatives to Clipper are likely to be banned or otherwise made nearly impossible to use. This banning may happen in various ways, ranging from outright bans on non-escrow crypto methods (yes, enforcement difficulties abound) to use of RICO and conspiracy laws to effectively make alternatives to Clipper too difficult to use--how'd you like to face subpoena of your bank records or IRS visits everytime a non-Clipper crypto scheme was detected? (IRS is understaffed, so this won't be trivial, but other things may be possible.) - Help to convince companies _not_ to use Clipjacked phones. Ideally, create a mood in which the use of Clipper marks one as a stooge of Big Brother and as not having a good work environment. (This can begin to work as potential hires ask pointedly, for example, about the Clipper policy of the company.) - Talks with journalists. We can reach far more people this way than by nearly anything else we do. Steven Levy will be at the Saturday meeting, preparing both an article on these issues, and a book for future publication (being an optimist, even I don't believe he'll be barred from publishing such a book). Other journalists are similarly interested. And the coverage by the major news magazines and newspapers is increasing, as noted above. WHAT ELSE CAN WE DO? - Increase deployment of crypto tools. Get the genie _all of the way_ out of the bottle. Make outlawing crypto too painful. Integrate PGP with standard mailers (a project that's been stalled for more than a year now). - Voice PGP or similar. A half-dozen projects are reportedly in various stages of completion. 486 PC prices are dropping into the noise, so that even dedicated Mac users (like me) can consider buying a 50 MHz or better 486 box and using it with a SoundBlaster-type processor card. But when will these systems actually appear? Time is of the essence. - New systems. I've said it before: we had some early wins with the Cypherpunks remailers, but follow-ons have been slow in coming. We often see a spate of good ideas--such as on digital money, or steganography, or the like--but then these ideas don't become "standards." This could be for a variety of reasons, so I'm not casting stones here. But it's a phenomenon we should think about and try to resolve. Let's find a way to get more "outposts" in cypherspace built, deployed, and maintained. Voice PGP, as mentioned above, would be a natural one. - Remailer sites in non-U.S. countries. This needs to be a higher priority. Get a robust remailer, using PGP or ViaCrypt PGP (for bulletproof legality reasons), in at least a dozen countries. Digital postage will help incentivize remailer operators to get into the business, to maintain the systems in a less-lackadaisical way (no offense, but seeing remailers drop like flies as student accounts expire or vanish mysteriously is not confidence-building). The "second generation remailer" stuff needs to be incorporated at least partly. - Private networks, like Little Garden, offer greater robustness against intrusions by regulatory authorities. The more of these ad hoc, anarchic nets, the less chance the State will have of (somehow) nationalizing or otherwise taking control of them. Especially if nodes are outside the U.S. - Several of us have expressed some serious interest in leaving the U.S., for various reasons. I am one of these folks. Many issues here, but creating more offshore locales for Cyperpunks activity, with good connections to other Nets, lots of encryption, etc., will be helpful. (Compiling a kind of "Cyberspace Retirement Places Rated" database is one project I am thinking of taking on after I finish the Cypherpunks FAQ. Lists of various places, their local laws and policies, tax situation, extradition treaties with the main police states, Net connections, etc. Maybe even some R&D trips down to the Caymans, Turks and Caicos Islands, Belize, etc. Contact me if interested.) - "Active Measures." More covert efforts to disrupt Clipper-type activities. Use your own imagination here. - Research the deep and disturbing links between various government programs. FinCEN and the siphoning-off of S&L funds by CIA proprietaries, the NSA's economic intelligence units and the surveillance of business dealings, the infiltration of Silicon Valley companies by government "sheep-dipped" agents, the links between the NSA and the German Bundesnachrichtendienst, the links between the Witness Protection Program and the three main credit reporting agencies (to falsify credit records, to hide assets, etc.). Granted, some of this stuff borders on "conspiracy theory" (a hobby of mine, perhaps unsurprisingly). But a lot of it is substantiated, if one knows where and how to look. James Bamford has been quoted as saying that he could fill an entire new book with the machination of the Surveillance State. And a lot more.... CONCLUSIONS We are at one of those important cusp points in history. The technologies of networks and of encryption make it very easy for exciting new structures to develop (cryptoanarchy, privacy, transnational entities, persistent organizations, anonymous systems, digital banks). But the same technologies make it possible for a cyberspatial police state to develop. The race is on. Some on this list (sometimes me, too) say "We've already won." Duncan Frissell and Sandy Sandfort often point out just how unenforceable the existing laws are, how few people comply with the tax laws, and how the internationalization of commerce has made national borders into permeable membranes. As I like to say, in my .sig, "National borders are just speed bumps on the information highway." But there are dangers of a repressive crackdown brought on by these new technologies, or as a _result_ of them. National ID cards like the "baby blue" cards the French are preparing, could allow checkpoints at all points-of-sale terminals (gotta collect sales tax, you know), monitoring of health status, and all sorts of other "security state" (both sense of the word) accouterments. The long-rumored "ban on cash" could occur, with draconian penalties for illicit cash (tax-avoiding!) transactions...confiscation of property works well here. (Some of the very same things that the crypto enthusiasts advocate, like ATMs tied to offshore bank havens, could actually be the reason cash is banned. That is, maybe they can't stop you from accessing your Bank of Caicos account, but they sure can try to make it hard for you to spend you CaicosCredits!) Who will win? I hope we will. But even the optimists--in whose camp I place myself--must surely concede the victory will not come without effort. We Cypherpunks may be remembered by generations hence as the MinuteMen of this revolution. --Tim May, who hopes to see many of you, physically or virtually, at the Saturday meeting. .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From qjones at infi.net Wed Mar 9 20:09:46 1994 From: qjones at infi.net (Wayne Q Jones) Date: Wed, 9 Mar 94 20:09:46 PST Subject: FinCen In-Reply-To: <940309145545_71431.2564_FHA66-1@CompuServe.COM> Message-ID: The "roadblocks" put up by intelligence is no surprise. Afterall what did happen to the 10 millions of the Iran-Contra drug money? What about the DEA agent who stole several hundred thousand dollars in drug money? FinCen is one way of hiding the illegal drug escapades of the intelligence community. Wayne **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From pfarrell at netcom.com Wed Mar 9 20:22:50 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 9 Mar 94 20:22:50 PST Subject: Wanted Sun DIN to audio adapter Message-ID: <84352.pfarrell@netcom.com> I'm looking for someone in the DC area who can lend me a Sun audio adaptor plug for this weekend's meeting. One end has mini-DIN that plugs into the Sun, and the other has standard microphone and headphone/speaker jacks. I've got one located on the net, but that will cost FedEx money to get from and back to its owner. I'd rather spend the money on pizza and beer. Please get back to me, or Dan Brown (brown at eff.org) if you can help. Thanks. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From 68954 at brahms.udel.edu Thu Mar 10 00:19:31 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Thu, 10 Mar 94 00:19:31 PST Subject: The Coming Police State In-Reply-To: <199403100158.RAA27863@mail.netcom.com> Message-ID: Mr. May's rant was very inspiring I must say. Got me thinking on a few ideas here. Myself bieng a rather unorganized person, I'll just present these ideas in a spontaneous order. The idea of cheap, anarchist, free, toasternets, which are under the control of those supporting anonimity, encryptian services etc. is something that interests me a great bit. A system that can provide truly secure anon-remailers, because even the sysop deletes records and doesnt read them, is promising. I myself am trying to start such a system with some of my freinds throughout the net. Here are some ideas we are kicking around. First, we would need a IP connection, preferably one that is from a rather free, or non-questioning source. We may have one set up in the future from a fellow ex-hacker(as if you can ever be a ex-hacker) turned businessman. A connection that would bewilling to stand up to some pressure from authorities is desirable, otherwise as soon as you cause a stir, you may just find that your feed is costing a bit too much, or that you just cant seem to get the feed working properly etc...use your paranoia here. So really a symp[athetic source is really desirable in this case, since we most likely will be playing in the realm of the grey-legal areas. My personal opinion is to operate such a crypto-net with a double-blind, so that we running it cannot know the true addres of the users, only enuff to bill them if so desired. This way no records could be seized, and noone can be forced to reveal user names etc.. It would protect both the usrs, and suppliers. If billing is needed, then someone would need to help set up a accounting system that relies simply on anon-numbers, and such. Also, perhaps providing very secure, well-encrypted, and veryvery private space on a system would be helpful. maybe charging for a ten meg box that is fully encrypted with the users key, that only he can acces. Not even the system operators could read the contents. Once agin this protects both parties. And if somehow the telephony bill goes thru, lets pray it doesnt, than tap-proof storage would be a hot commodity for many people, but it would raise some serious legal questions for the suppliers. Now after a few of these nets are established, we could provide various other services. I think perhaps encrypted telnets between them, or automated chaining of remailers, etc.. Perhaps a large group of such crypto-nets could have a greater impact on the surveilance, s they could provide support for one another, as well as spreading the noise around a bit more. I also think that once they are spr4ead we could work together to allow more and more people acces to local dial-ups that allow anonimity. Meaning perhaps with much work we could coat the globe with the ability for people to have a completely anon account, still billed if desired, from any site. This would be a great feat IMO, as I myself find it difficult at times to find dial-ups in places I visit, and a anon dial-up would be a greeat boon. My personal philosophy that guides my actions is that as a service provider I do not need to know the name etc.. of the user, as long as I can bill him if needed. There is no need for me to know wht he is doing, o where he is telnetting to etc. With this in mind, I hope to be able to set-up a crypto-net, or as us romantic Sci-Fi fans call them, Data-haven 8) You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From sameer at soda.berkeley.edu Thu Mar 10 01:20:19 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Thu, 10 Mar 94 01:20:19 PST Subject: REMAIL: [Finally, I hope] The easy to install cypherpunks remailer Message-ID: <199403100920.BAA11626@soda.berkeley.edu> Hopefully it will work this time. I've stripped it down a little, and i've added some flexibility. It doesn't try to compile pgp for you, or find perl. You have to do that yourself. That was where most of my problems lay previously. Now it *should* work even if you're using your .forward file-- the functionality of your .forward file should not be lost, I hope. I *sure* hope this can be an actual release this time. (It's been *way* too long. [interesting how my cypherpunk coding increases in the days before a meeting. ;-]) Here's the readme. Available in soda.berkeley.edu:/pub/cypherpunks/remailer/remail-install.tar.gz The Cypherpunks Anonymous Remailer Installation Version 1.0 Installer: Sameer Remailer: Eric Hughes & Hal Finney, with minor modifications by Sameer ----------------------------------------------------------------------------- This is the Cypherpunks Anonymous Remailer Installation Suite Version 1.0. By simply running the script "install_remail" included in the archive, you can very easily install a cypherpunks anonymous remailer service in almost any UNIX account. The anonymous remailer uses the .forward file to pipe all mail to the remailer system. If mail to the remailer account is not acted upon by the remailer software, it goes to wherever mail should go based on what the .forward file said before the remailer was installed. (Hopefully.. no guarantees.) % gunzip RemailInstall.tar.gz % mkdir install % cd install % tar xfv ../RemailInstall.tar You might have to edit the remail_install program slightly if your system's "test" does not support the -x flag.. Try the following once you've untarred the remailer: % test -x bounce If that returns an error, you have to edit the -x and replace it with a -f in the beginning of the script "install_remail": EXECTEST=-x should be changed to: EXECTEST=-f Execute the installer program: % install_remail Answer all the questions. You need a perl and a pgp binary on your system already compiled. (You don't need pgp if you don't want PGP functionality, of course.) The program self-tests, and mails me that the remailer is running, if you want it to. I will forward that notice to the cypherpunks list and the person maintaining the list of active remailers. Remember that running a remailer is a sensitive issue on the net. If you choose to run a remailer, keep in mind that some powerful net-personalities object to anonymous remailers, possibly endangering your access to the internet. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Running "remailer_remove" *should* clear up any problems that my script might create in your account, but I will guarantee nothing. There are so many strange versions of UNIX out there.. If it doesn't work, however, please tell me and a later release of this installer will hopefully fix that problem. Later releases will hopefully also incorporate a remailer with delays, mixing, and other nice features. Stay free, Sameer sameer at soda.berkeley.edu From tcmay at netcom.com Thu Mar 10 01:40:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 10 Mar 94 01:40:48 PST Subject: The Coming Police State In-Reply-To: Message-ID: <199403100941.BAA17639@mail.netcom.com> Grand Epopt Feotus writes: > Mr. May's rant was very inspiring I must say. Got me thinking on > a few ideas here. Myself bieng a rather unorganized person, I'll just > present these ideas in a spontaneous order. Thanks. As longtime readers of Cypherpunks will know, I used to write more such articles. It's hard to keep saying the same things, though, so many of the early members don't write as much as they used to. The upcoming special meeting was enough of a motivation to inspire a longer essay than usual these days. > The idea of cheap, anarchist, free, toasternets, which are under > the control of those supporting anonimity, encryptian services etc. is > something that interests me a great bit. A system that can provide truly > secure anon-remailers, because even the sysop deletes records and doesnt > read them, is promising. I myself am trying to start such a system with > some of my freinds throughout the net. Here are some ideas we are > kicking around. Anyone contemplating a "Mom and Pop remailer" should also think about implementing the basic features of an "ideal mix," the remailer mix scheme described by David Chaum in his 1981 "Communications of the ACM" paper. It's been discussed here many times, particularly by Hal Finney and myself, and others, in exchanges about the properties remailers (mixes) should have. I recently wrote a long article on "Remailers: The Next Generation," which you may want to reread. Of course, truly good remailers open up the operators for interesting liability issues, lacking the ability to log users and isolate problem users or recipients. Just so you're ready for this. > My personal opinion is to operate such a crypto-net with a > double-blind, so that we running it cannot know the true addres of the > users, only enuff to bill them if so desired. This way no records could Not as secure as a real mix needs to be. If you can bill them, you can trace them. Unless a form of digital postage is used, so that no billing is needed (and hence no logging, tracing). > protect both the usrs, and suppliers. If billing is needed, then someone > would need to help set up a accounting system that relies simply on > anon-numbers, and such. Well, there's the rub, isn't it? > Also, perhaps providing very secure, well-encrypted, and veryvery > private space on a system would be helpful. maybe charging for a ten meg > box that is fully encrypted with the users key, that only he can acces. The obvious question: why would Joe User want storage space on someone else's system when he could encrypt on his own system? Unless you plan to locate the storage space outside the U.S. legal jurisdiction, which is where things get interesting of course. (I know some folks who've been talking about doing this for years now.) > Not even the system operators could read the contents. Once agin this > protects both parties. And if somehow the telephony bill goes thru, lets > pray it doesnt, than tap-proof storage would be a hot commodity for many > people, but it would raise some serious legal questions for the suppliers. Which is the rationale for multi-jurisdictional sites, to preclude legal actions from succeeding. Then it's between the user and the authorities alone as to what he's doing making a connection and sending encrypted stuff (or not encrypted, if code books and/or zero knowledge approaches are used). > Now after a few of these nets are established, we could provide > various other services. I think perhaps encrypted telnets between them, > or automated chaining of remailers, etc.. Perhaps a large group of such Yes, this is the whole idea, the whole motivation for the existing web or Cyperpunks remailers. Strenght in numbers, really _big_ numbers. > My personal philosophy that guides my actions is that as a > service provider I do not need to know the name etc.. of the user, as > long as I can bill him if needed. There is no need for me to know wht he > is doing, o where he is telnetting to etc. With this in mind, I hope to > be able to set-up a crypto-net, or as us romantic Sci-Fi fans call them, > Data-haven 8) I wish you well. Some fortunes will someday be made by people who actually do provide such services. Many have talked about it, some are playing around with remailers (no insult intended--play is good), but no "commercial services" have yet appeared. Data havens, a la Sterling, or even a la BlackNet, are indeed one such market. Probably not the first, though. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From an57322 at anon.penet.fi Thu Mar 10 03:32:52 1994 From: an57322 at anon.penet.fi (T.A.Z.) Date: Thu, 10 Mar 94 03:32:52 PST Subject: chips... Message-ID: <9403101117.AA26246@anon.penet.fi> >> Today I ran into a situation that made me completely nausiated and >> feel like my privacy had been completely invaded... It involves a >> chip which is implanted in animals and used for identification... > >> [....] "Well, if their doing this to animals, how soon will it be >> before they implant the same sort of thing in us?" She said, "Oh, >> I hadn't thought about it like that."... > >Several years ago (like mid or early 80's if I recall), there was >just such a program for marking children. It involved implanting >a "microchip" on the surface of a tooth. > Routine implants of transponder devices into humans are not a question of if, but only of when. I predict that they will become routine before the end of the decade. First they will be voluntary, used primarily in children to facilitate identification in case of abduction, some years later they will become mandatory for all drivers, to combat the use of fake driver licenses, and soon thereafter transponders will become the primary, if not sole accepted form of ID for all business transactions. A generation from now transponders will be mandatory used not only for identification, but for routine tracking of the movements of every citizen. If you think this sounds crazy, go to Germany, where you will find a camera on every major intersection, tracking your every move. -=T.A.Z. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an57322 at anon.penet.fi Thu Mar 10 03:33:47 1994 From: an57322 at anon.penet.fi (T.A.Z.) Date: Thu, 10 Mar 94 03:33:47 PST Subject: chips... Message-ID: <9403101121.AA26621@anon.penet.fi> >> Today I ran into a situation that made me completely nausiated and >> feel like my privacy had been completely invaded... It involves a >> chip which is implanted in animals and used for identification... > >> [....] "Well, if their doing this to animals, how soon will it be >> before they implant the same sort of thing in us?" She said, "Oh, >> I hadn't thought about it like that."... > >Several years ago (like mid or early 80's if I recall), there was >just such a program for marking children. It involved implanting >a "microchip" on the surface of a tooth. > Routine implants of transponder devices into humans are not a question of if, but only of when. I predict that they will become routine before the end of the decade. First they will be voluntary, used primarily in children to facilitate identification in case of abduction, some years later they will become mandatory for all drivers, to combat the use of fake driver licenses, and soon thereafter transponders will become the primary, if not sole accepted form of ID for all business transactions. A generation from now transponders will be mandatory used not only for identification, but for routine tracking of the movements of every citizen. If you think this sounds crazy, go to Germany, where you will find a camera on every major intersection, tracking your every move. -=T.A.Z. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an57322 at anon.penet.fi Thu Mar 10 03:33:47 1994 From: an57322 at anon.penet.fi (T.A.Z.) Date: Thu, 10 Mar 94 03:33:47 PST Subject: chips... Message-ID: <9403101121.AA26683@anon.penet.fi> >> Today I ran into a situation that made me completely nausiated and >> feel like my privacy had been completely invaded... It involves a >> chip which is implanted in animals and used for identification... > >> [....] "Well, if their doing this to animals, how soon will it be >> before they implant the same sort of thing in us?" She said, "Oh, >> I hadn't thought about it like that."... > >Several years ago (like mid or early 80's if I recall), there was >just such a program for marking children. It involved implanting >a "microchip" on the surface of a tooth. > Routine implants of transponder devices into humans are not a question of if, but only of when. I predict that they will become routine before the end of the decade. First they will be voluntary, used primarily in children to facilitate identification in case of abduction, some years later they will become mandatory for all drivers, to combat the use of fake driver licenses, and soon thereafter transponders will become the primary, if not sole accepted form of ID for all business transactions. A generation from now transponders will be mandatory used not only for identification, but for routine tracking of the movements of every citizen. If you think this sounds crazy, go to Germany, where you will find a camera on every major intersection, tracking your every move. -=T.A.Z. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an57322 at anon.penet.fi Thu Mar 10 04:17:54 1994 From: an57322 at anon.penet.fi (T.A.Z.) Date: Thu, 10 Mar 94 04:17:54 PST Subject: chips... Message-ID: <9403101205.AA00832@anon.penet.fi> >> Today I ran into a situation that made me completely nausiated and >> feel like my privacy had been completely invaded... It involves a >> chip which is implanted in animals and used for identification... > >> [....] "Well, if their doing this to animals, how soon will it be >> before they implant the same sort of thing in us?" She said, "Oh, >> I hadn't thought about it like that."... > >Several years ago (like mid or early 80's if I recall), there was >just such a program for marking children. It involved implanting >a "microchip" on the surface of a tooth. > Routine implants of transponder devices into humans are not a question of if, but only of when. I predict that they will become routine before the end of the decade. First they will be voluntary, used primarily in children to facilitate identification in case of abduction, some years later they will become mandatory for all drivers, to combat the use of fake driver licenses, and soon thereafter transponders will become the primary, if not sole accepted form of ID for all business transactions. A generation from now transponders will be mandatory used not only for identification, but for routine tracking of the movements of every citizen. If you think this sounds crazy, go to Germany, where you will find a camera on every major intersection, tracking your every move. -=T.A.Z. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From 68954 at brahms.udel.edu Thu Mar 10 05:54:14 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Thu, 10 Mar 94 05:54:14 PST Subject: The Coming Police State In-Reply-To: <199403100941.BAA17639@mail.netcom.com> Message-ID: On Thu, 10 Mar 1994, Timothy C. May wrote: > Anyone contemplating a "Mom and Pop remailer" should also think about > implementing the basic features of an "ideal mix," the remailer mix > scheme described by David Chaum in his 1981 "Communications of the > ACM" paper. It's been discussed here many times, particularly by Hal > Finney and myself, and others, in exchanges about the properties > remailers (mixes) should have. I recently wrote a long article on > "Remailers: The Next Generation," which you may want to reread. > I myself am very new to the net, and also to crypto, soI have not seen these papers before. Is ther an archive where I could find them? Or could you possibly mail me a copy of your "Remailers: The Next Generation" if it is not already archived someplace I could find it. I do have a fw questions about remailers myself actually. Would I still be able to recieve mail at my account? Just how much attention does it bring? Is it feasible for a student on a conservative system(read fascist) to get away with a low profile one? I know low profile is not the goal, but I do want to help if possbile. > Of course, truly good remailers open up the operators for interesting > liability issues, lacking the ability to log users and isolate > problem users or recipients. Just so you're ready for this. > this is a concern of mine actually. I am really more worried about what would happen to fellow cypherpunks interested in this if the prototypes were quickly attacked by the law, than wether I would get in trouble or not. I myself am rooted in the U.S. as far as the forseeable future goes, so I definetly need to consider these things. What would be the legal implications of me operating a site with a physical location outside the U.S. from a site in the U.S. By telnetting to it or something? Would that system be subject to the laws of my nation, or would the be subject to the nation of there physical location. hehe, actually this may be a good idea, just to add to legal confusion for the lawyers to shovel thru if they want to get to me or the system. This way we could have a foreign IP addres, a US operator and perhaps users from various nations, rendering us a nice thick soup of legalities. > The obvious question: why would Joe User want storage space on someone > else's system when he could encrypt on his own system? Unless you plan > to locate the storage space outside the U.S. legal jurisdiction, which > is where things get interesting of course. (I know some folks who've > been talking about doing this for years now.) > Yeah it would be hairy at the least. Well one reason to allow storage space is for those who do not have a system at home, students using labs, those who only acces is on a company machine, which could easily be watched, or if encryptian becomes illegal, or heavily restricted, it would take pressure off of some people to let someone else hold the evidence so to speak. I never thought of putting it outside US jurisdiction myself, but it's a good idea, hmmm. > > Yes, this is the whole idea, the whole motivation for the existing web > or Cyperpunks remailers. Strenght in numbers, really _big_ numbers. > This reminds me of something, what is the policy towardsreposting letters here to various boards on BBSs where there may be interested people? Like would you mind if I posted your rant there? I have posted a few things from cypherpunks already, like anon-remailerinfo and how to use and set-up one, in the Undergroud Forum on ISCA, which is a very big system. I would think it is welcomed but thought I should check it out. I think that the more people you touch the more people you'll eventually have involved more deeply. > Data havens, a la Sterling, or even a la BlackNet, are indeed one such > market. Probably not the first, though. > gee, can you tell I just finished Islands In The Net 8) hehe. Amazing the power of a meme huh? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From dwomack at runner.utsa.edu Thu Mar 10 07:04:25 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Thu, 10 Mar 94 07:04:25 PST Subject: money... Message-ID: <9403100238.AA20964@runner.utsa.edu> I'd appreciate any opinions/info available on whether a rumor I heard is true or not. I just learned that US bills, $20 and above, have a magnetic strip embedded in the bill, on the left hand side. Looking at the front of the bill, under the "U" in United States, it's clearly visible on those bill printed in 1990 and thereafter. Supposedly, bills in the $5 and $10 amounts have started being fixed in such a way. Now...the interesting part. The rumor is that it is possible to detect, at a modest distance, the existance of and the amount of currancy being carried. Thus, if a person boarded an airplane carrying $12,000 in cash in a money belt, it would be possible to detect that fact. The rumor expands that this has in fact already been implemented at one airport (at least). Any thoughts? From 68954 at brahms.udel.edu Thu Mar 10 07:31:08 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Thu, 10 Mar 94 07:31:08 PST Subject: D.C. meet Message-ID: Could someone possibly be able to direct me on how to get to the EFF building from Union Station? I want to take a trin in from Wilmington and then go to the meet from there, possibly I'll have to catcha metro or something? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From gtoal at an-teallach.com Thu Mar 10 08:03:02 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 10 Mar 94 08:03:02 PST Subject: FinCen Message-ID: <199403101602.QAA28777@an-teallach.com> From: Wayne Q Jones The "roadblocks" put up by intelligence is no surprise. Afterall what did happen to the 10 millions of the Iran-Contra drug money? What about the DEA agent who stole several hundred thousand dollars in drug money? FinCen is one way of hiding the illegal drug escapades of the intelligence community. It's precisely because of the CIA's illegal funding of covert activities (ones they can't even get a black budget for) that I posted on eff.talk, the day that Ames was uncovered, that he most likely slipped through the detection-net of overspending precisely *because* agencies like this and the CIA cooperate to hide the illegal income of top CIA agents. It's almost certain that FINCen has tweaked their algorithm specifically to bypass people like Ames. And we still haven't seen the drug connection in that case surface. But don't worry, it will. Head of anti-drugs operations for the last years? Don't kid me... So much for 'checks and balances'. G From nobody at soda.berkeley.edu Thu Mar 10 08:07:24 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Thu, 10 Mar 94 08:07:24 PST Subject: magstripes in $$ Message-ID: <199403101607.IAA00526@soda.berkeley.edu> Someone worries about magnetic strips in U.S. currency... Yeah. I do too. On a slightly related topic, I know of an instance where the Secret Service located a stolen color copier with somewhat greater speed than one might have expected. Is it possible that these machines either: (1) contain transponders or (2) hide a "signature" in their output ??? From hughes at ah.com Thu Mar 10 08:30:49 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 10 Mar 94 08:30:49 PST Subject: The Coming Police State In-Reply-To: <199403100941.BAA17639@mail.netcom.com> Message-ID: <9403101623.AA19072@ah.com> >The obvious question: why would Joe User want storage space on someone >else's system when he could encrypt on his own system? Reliability in case of disk failure. Disk failure includes disk seizure. My private keys ought well to exist somewhere other than in their usual place of residence and around that physical environs. Likewise, they ought to be stored somewhere other than publically known storage locations like safe deposit boxes. And private keys are ony the first sort of sensitive data whose loss has extremely large consequences. And, as Tim points out, if the data site if offshore, so much the better. Eric From bdolan at well.sf.ca.us Thu Mar 10 08:47:27 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Thu, 10 Mar 94 08:47:27 PST Subject: Ames, Coke, & $$ Message-ID: <199403101647.IAA11416@well.sf.ca.us> qjones at infi.net, I agree with your opinion of Ames' income and the reason why it "wasn't noticed". [See my 2/24 post here.] The interesting question is: what did he do to make them want to bust him? From jim at bilbo.suite.com Thu Mar 10 09:18:05 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 10 Mar 94 09:18:05 PST Subject: The Coming Police State Message-ID: <9403101712.AA15099@bilbo.suite.com> > - Help to convince companies _not_ to use Clipjacked > phones. Ideally, create a mood in which the use of Clipper > marks one as a stooge of Big Brother and as not having a good > work environment. (This can begin to work as potential > hires ask pointedly, for example, about the Clipper > policy of the company.) > Cypherpunks could be the keepers (and distributors) of a "piss list" of companies that use Clipper/Capstone/Tessera products. Jim_Miller at suite.com From arthurc at crl.com Thu Mar 10 09:19:12 1994 From: arthurc at crl.com (Arthur Chandler) Date: Thu, 10 Mar 94 09:19:12 PST Subject: Who Owns the Words? Message-ID: I realize that a thread similar to this one was debated on this list a month or so ago; but the problem has special urgency for me right now, and so I've made the posited situation much more specific. I'd be much obliged if anyone would post or email me their feelings, or references to legal precedents, on this issue. Many thanks. A dilemma: if you are writing a paper, and you want to quote someone's posted (say, to cypherpunks) remarks, what are the obligations? 1) None: by posting, people make their words public domain. 2) No legal obligations, but it would be polite to ask permission. 3) Whatever is posted is de facto copyright, and the person whose words you took could sue you for breach of copyright. Now let's shift to a MOO or IRC: You keep a log of a conversation. Would the same rules/customs apply if you wanted to include that log in a paper? Does it matter if the conversation was held in a private room or in a public place on the MOO? Does it matter whether the paper is written to fulfill a class assignment or is intended for publication in a for-profit magazine? From mnemonic at eff.org Thu Mar 10 09:36:05 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 10 Mar 94 09:36:05 PST Subject: Who Owns the Words? In-Reply-To: Message-ID: <199403101735.MAA29147@eff.org> Arthur writes: > A dilemma: if you are writing a paper, and you want to quote someone's > posted (say, to cypherpunks) remarks, what are the obligations? > 1) None: by posting, people make their words public domain. > 2) No legal obligations, but it would be polite to ask permission. > 3) Whatever is posted is de facto copyright, and the person whose > words you took could sue you for breach of copyright. (3) is closest to the truth. You can still quote someone within Fair Use guidelines, however. > Now let's shift to a MOO or IRC: > You keep a log of a conversation. Would the same rules/customs apply > if you wanted to include that log in a paper? Yes. > Does it matter if the conversation was held in a private room or in a > public place on the MOO? No. > Does it matter whether the paper is written to fulfill a class > assignment or is intended for publication in a for-profit magazine? Yes. The former poses no copyright problems. --Mike From mg5n+ at andrew.cmu.edu Thu Mar 10 10:24:07 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 10 Mar 94 10:24:07 PST Subject: The Coming Police State In-Reply-To: <199403100158.RAA27863@mail.netcom.com> Message-ID: > - New systems. I've said it before: we had some early wins with the > Cypherpunks remailers, but follow-ons have been slow in coming. We > often see a spate of good ideas--such as on digital money, or > steganography, or the like--but then these ideas don't become > "standards." This could be for a variety of reasons, so I'm not casting > stones here. But it's a phenomenon we should think about and try to > resolve. Let's find a way to get more "outposts" in cypherspace built, > deployed, and maintained. Voice PGP, as mentioned above, would be > a natural one. > > - Remailer sites in non-U.S. countries. This needs to be a higher > priority. Get a robust remailer, using PGP or ViaCrypt PGP (for > bulletproof legality reasons), in at least a dozen countries. Digital > postage will help incentivize remailer operators to get into the > business, to maintain the systems in a less-lackadaisical way (no > offense, but seeing remailers drop like flies as student accounts > expire or vanish mysteriously is not confidence-building). The > "second generation remailer" stuff needs to be incorporated at least > partly. Just to throw some statistics into the works here. I've been keeping logs of usage of my remailer and my remailer list server... (which I know is horribly uncypherpunkish- unfortunantly I've found it to be necessary. (Originally, I had no logs.) Every few days, someone will toss a screwball message into my mail filter that doesn't have the proper headers and it'll foul things up. For example, today I got a message from "xxx at cosmos". His mailer did not use the FQDN... I get a lot of other crap like that too.) But the logs provide some relevant statistics... In the last two weeks, I've had requests for the remailer list requests from: Unknown country (ie .com .org .edu), probably mostly US, but not necessarily: 77 (breakdown: .com 25 .edu 43 .org 3 .net 6) .gov: 1 (nasa, btw) .ca 9 .uk 6 .de 6 .au 3 .it 1 .se 1 .ch 1 .nl 1 .no 1 ---- Total requests: 107 The problem is not lack of interest, but lack of usage. These stats are just for the last two weeks (2/24-3/10); my software has been operational for more than a month. Probably close to 200 people have requested the info. I think it would be a fair assumption to say that most never used a remailer or just experimented with it once or twice. Probably only a small fraction actually used one of the remailers. I suppose the learning curve is just too steep for most people, or the remailers are just too much trouble, or they're just not useful enuf. Of these 107, only 16 got an anon address from my remailer. Even fewer tried using it. And although I mention where to get the software, exactly zero of my 100+ interested people have actually set up a remailer themselves. And the hacktic.nl never seems to have gotten off the ground either. (And the caltech remailer seems to be gone. :( And I'm using too many ands.:) I agree, we need more remailers outside of the US. But I think we need more than just remailers. We have remailers. We have software. We need a PLAN. From ejohnson at pmip.dist.maricopa.edu Thu Mar 10 10:26:38 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Thu, 10 Mar 94 10:26:38 PST Subject: The Coming Police State Message-ID: <199403101826.LAA08734@pmip.dist.maricopa.edu> : James Bamford has been : quoted as saying that he could fill an entire new book with the machination : of the Surveillance State. Does anyone know what James Bamford is up to these days? Any chance he will write such a book? --Eric From mnemonic at eff.org Thu Mar 10 10:34:33 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 10 Mar 94 10:34:33 PST Subject: D.C. meet In-Reply-To: Message-ID: <199403101834.NAA00782@eff.org> Take the Red Line from Union station to Metro Center. At Metro Center, take the exit that leads up into Woodward & Lothrop's. Enter through the W&L deli, and bear left. Take escalators up to Washington Center atrium. Bear right to doors into Washington center (if you're in the Hyatt, you didn't bear right enough). Enter the lobby (reception desk is to your left, bank of elevators is straight ahead, and hallway takes 45 degree angle to your right). Follow the hallway to your right. At its end is a second bank of elevators. Take those elevators to the ninth floor. When you get off on the ninth floor, go straight ahead past the two receptionist stations, then bear left down a white hallway until you come to a short staircase. Take the stairs down one flight. You're at EFF. --Mike > > Could someone possibly be able to direct me on how to get to the > EFF building from Union Station? I want to take a trin in from > Wilmington and then go to the meet from there, possibly I'll have to > catcha metro or something? > > > You're eqipped with a hundred billion nueron brain, that's > wired and fired, and it's a reality generating device, but > you've got too do it. Free youself ----Tim Leary---- > > > From hughes at ah.com Thu Mar 10 10:35:25 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 10 Mar 94 10:35:25 PST Subject: Who Owns the Words? In-Reply-To: <199403101735.MAA29147@eff.org> Message-ID: <9403101828.AA19507@ah.com> >> Does it matter whether the paper is written to fulfill a class >> assignment or is intended for publication in a for-profit magazine? >Yes. The former poses no copyright problems. And this brings up fair use, which seems to be mostly absent from Mike's answers. Mike, is not a short quotation considered fair use, in whatever medium, lacking any specific prohibition against it? Eric From klbarrus at owlnet.rice.edu Thu Mar 10 10:56:59 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 10 Mar 94 10:56:59 PST Subject: MAIL and Coming Police State Message-ID: <9403101856.AA11959@rufous.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- > First, we would need a IP connection, preferably one that is from a > rather free, or non-questioning source [...deleted] A connection > that would bewilling to stand up to some pressure from authorities > is desirable Yeah, what you need is to run your own site, or have the explicit permission to run a remailer from whoever owns the site. For example, here on owlnet, the user policy forbids forwarding mail to a non-standard program. I mention this because I have asked and been told repeatedly by an attorney friend of mine that running a remailer on a system where you don't have authorization to do so is a violation of the ECPA. (i.e. access beyond what the system administration intends for you to have). So you definitely need sysadmin approval to withstand even the slightest pressure. So maybe I'm glad all the remailers I set up have expired ;-) As far as other properties, I've tried digital cash and time delay: One remailer I ran used digital cash (a very simple system), another batched mail and sent out once a day. I didn't keep logs so I don't know how popular these two remailers were, but I have a feeling not very popular at all. I also tried num-latency delays, but the remailer which did this wasn't able to run for very long, so I couldn't tell if it was a popular feature or not. Good luck! Karl Barrus -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLX9tIYOA7OpLWtYzAQHpvgP5AclUZUtUmJxlrC+D8XA7d2nbCDKAm3os 1gDVIBFn/KsFk2RrbFdPdhoip1Dj2AUEVk3Zfm3bqkqly5uu3PKwALz0dYZjTDhx C+hdemVNAs1ErwPS9oPKuPA82RSKfM3NqEXejR06oKwRcSO0QNkq1TFTTe8wBpSe zvxtNlYokbM= =qv05 -----END PGP SIGNATURE----- From sdw at meaddata.com Thu Mar 10 11:01:23 1994 From: sdw at meaddata.com (Stephen Williams) Date: Thu, 10 Mar 94 11:01:23 PST Subject: (forward message on privacy) In-Reply-To: <9403090351.AA01505@wps.com> Message-ID: <9403101902.AA03287@jungle.meaddata.com> > > Forwarded message: > >From tomj Tue Mar 8 18:49:17 1994 > From: tomj (Tom Jennings) > Message-Id: <9403090249.AA01170 at wps.com> > Subject: Re: (forward message on privacy) (fwd) > To: flesh at fido.wps.com (Flesh) > Date: Tue, 8 Mar 1994 18:49:15 -0800 (PST) > In-Reply-To: <9403090221.AA01084 at wps.com> from "Flesh" at Mar 8, 94 06:21:38 pm > X-Mailer: ELM [version 2.4 PL23] > Mime-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > Content-Length: 897 > > > Today I ran into a situation that made me completely nausiated and feel like > > my privacy had been completely invaded... It involves a chip which is > > implanted in animals and used for identification... My first worry was whether it could be read at a distance, like doorway radar scanners in the Mall. That would impose a privacy problem on the human possibly accompanying the animal. If not (apparantly that's the case now), then I don't have a problem with it. Also, you could always remove it if needed. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net sdw at meaddata.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together From pmetzger at lehman.com Thu Mar 10 11:51:47 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 10 Mar 94 11:51:47 PST Subject: money... In-Reply-To: <9403100238.AA20964@runner.utsa.edu> Message-ID: <9403101951.AA13777@andria.lehman.com> David L Womack says: > I'd appreciate any opinions/info available > on whether a rumor I heard is true or not. > > I just learned that US bills, $20 and above, > have a magnetic strip embedded in the bill, on > the left hand side. Looking at the front of > the bill, under the "U" in United States, > it's clearly visible on those bill printed > in 1990 and thereafter. You didn't look very closely. Shine a light through the bill, and you will be able to read on the strip the words "TWENTY USA" on the strip in question. It isn't to my knowledge magnetic -- just non-xeroxable. There is also a second security feature -- look closely at the third ring around Andrew Jackson, and you will see that it is not a ring at all but microprinting reading "The United States of America". Perry From jim at bilbo.suite.com Thu Mar 10 12:18:01 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 10 Mar 94 12:18:01 PST Subject: anonymous credit? Message-ID: <9403102011.AA18196@bilbo.suite.com> I'm wondering is anonymous electronic credit is possible. At first, it seemed to me to be an unlikely thing. Banks and credit companies usually want to determine if a person is a good risk, before extending them credit. If a person has a bad credit history, they have a hard time getting credit cards and loans. How could a bank determine your credit history if they don't know who you are? Assuming you did get a credit card using an anonymous id, if you abused your credit and lost the use of the credt card, you could just re-apply under a different anonymous id. There would be no continous credit history under a single identity. After thinking about this a little is now seems to me that anonymous credit is possible, but it wouldn't work like current credit cards. A few assumptions... 1) there will be more people who pay their bills than people who don't pay their bills. 2) some people will pay their bills late and be subject to fees and interest. 3) there will always be some people who try to cheat the system by getting an anonymous credit line, spending it, then disappearing. Given these assumptions, I can see anonymous electronic credit working as follows: Anyone can get an anonymous credit line. You purchase an anonymous credit line by forking over some anonymous digital cash up front. The more you fork over, the higher the initial credit line. In return for the upfront cash, you get an anonymous credit id and an credit line to accompany it. Your initial credit line will be equal to the amount of your upfront money, perhaps minus a startup fee. You can increase you credit line by paying your bills on time, thus establishing a mini-credit history with that credit company. The *rate* of increase is the important factor, which I'll get back to later. Instead of working like current credit cards, which give the credit companies a detailed record of what you purchased, where you purchased, and when, anonymous credit will work more like a generic loan. To tap your credit line, you will use your anonymous credit id to make withdraws, converting a portion of your credit line into anonymous cash using a Chaum-ian anonymous cash withdraw protocol. You can then spend the anonymous cash anywhere you like, without revealing the details of your spending habbits to the credit company. The credit company would only by able to track your withdraws and your repayments. The credit company might charge a service fee for each withdraw. They would most likely charge interest, fees for late payment, and perhaps also a yearly fee. Basically, it works much like an anonymous bank account, except you can establish a good repayment history and increase your credit line. The rate at which the credit company increases your credit line will depend upon the credit company's assement of the risks invovled in carrying anonymous credit lines. The credit company knows that you can simply disappear at any time, therefore it won't want to increase your credit line too fast. However, the higher your credit line, the more interest it can earn. Also, competition between different credit companies will affect the rate of increase. If most people repay their credit lines, the credit company will make money. If credit lines don't grow too large, too fast, the credit company will not lose too much money from cheaters. The credit company should be able to determine a rate of increase that will make them a profit. Does any of this sound reasonable? Jim_Miller at suite.com From gtoal at an-teallach.com Thu Mar 10 12:39:38 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 10 Mar 94 12:39:38 PST Subject: Surveillance cameras Message-ID: <199403102025.UAA16022@an-teallach.com> "T.A.Z." wrote: :Routine implants of transponder devices into humans are not a question of :if, but only of when. I predict that they will become routine before the and wrote, and wrote, and wrote... Marc, when I said "And when you get a new account, remember to post to penet.fi instead of the list directly." I didn't mean for you to take it to heart quite so strongly and post the same thing four times! G PS London has the same degree of camera surveillance as you said Germany has. There's a big centre at Kings Cross Station where all the Railway Police have their monitors (of all the Underground entrances) and another one at New Scotland Yard where all the transport police have theirs. The ones in the underground - which are ostensibly just for mass crowd volume monitoring - have an absolutely deadly killer zoom lens that's centrally steerable. It's *way* overkill for the use it's supposed to be for... From rarachel at edison.poly.edu Thu Mar 10 13:55:49 1994 From: rarachel at edison.poly.edu (Arsen Ray Arachelian) Date: Thu, 10 Mar 94 13:55:49 PST Subject: Mac SecureDrive status report... Message-ID: <9403102155.AA27959@edison> Okay, so far I have all the information I need. The secure drive for the Mac will require the user to have a fairly optimized drive to start off with. Why? Because I've wasted way too much time trying to figure out how to work with the damn extents... I don't have any driver code written yet. The reason for this is that I'm not ready to risk loosing my hard drive until I have two full backups. :-) This is a two part project as you know. The 1st project is a freeware encryption only driver... The 2nd part is an encryption/compression driver. I've written most of the routines for the 2nd project to do the free/full space management and caches. Once I write the freeware program I will have a working driver (I hope) and will be able to implement the compressing driver. I do plan to make some money off of this and give Stacker, X2 and E-disk a bit of competition, so I figure somewhere around the $30-$50 range for the compressing/encrypting driver... I'm going to make the compressing driver have a possibly self-optimizing when idle routine, but I may decide to drop this if it takes too long... Let me know if you have any suggestions/etc. NOTE: DO NOT REPLY TO THIS MESSAGE!!! Send your replies to rarachel at photon.poly.edu. The reason for this is that there's some trouble with Photon right now, and I am using another machine to get my mail :-I Hopefully this will be fixed soon... From mnemonic at eff.org Thu Mar 10 15:01:28 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 10 Mar 94 15:01:28 PST Subject: Who Owns the Words? In-Reply-To: <9403101828.AA19507@ah.com> Message-ID: <199403102301.SAA08221@eff.org> Eric writes: > Mike, is not a short quotation considered fair use, in whatever > medium, lacking any specific prohibition against it? Well, in music it's problematic. In film and TV even more so. But it seems to be okay in text, in general. --Mike From jim at Tadpole.COM Thu Mar 10 17:25:56 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Thu, 10 Mar 94 17:25:56 PST Subject: money... Message-ID: <9403110126.AA11598@chiba.tadpole.com> I posted this several months ago. BTW, I just noticed my first $10. I really doubt they can detect the money from a distance. If you're really carefull, you can pull the little strip out. Jim. From rarachel at photon.poly.edu Thu Mar 10 21:06:50 1994 From: rarachel at photon.poly.edu (Arsen Ray Arachelian) Date: Thu, 10 Mar 94 21:06:50 PST Subject: Clipper: Denning v Barlow Debate on AOL Message-ID: <9403110507.AA08887@photon.poly.edu> This is a captured chat from the Time Magazine, Time Odeon Online Forums. On America Online, my handle is RayDude. I unfortunately didn't get into the confrence in time to catch its begining. However as there's a transcript of every such confrence, I'll post that up as well. As I just go this immediatly after the confrence, there's no *OFFICAL* transcript posted online, however when one becomes available, I will send it here... (In the AOL "audience" you can only chat with those in your own row. All messages preceded by (6) are by those in my row. This is kind of messy, but you can still follow all the simultaneous discussions with a bit of effort.) You can send me internet mail at rarachel at photon.poly.edu if you wish, or RayDude at aol.com, however I prefer the photon machine. Barlow1 : improved traffic analysis. Content is less important than context, and most agents will Barlow1 : support this. Shuddup : (6) I really don't accept the traffic analysis argument. That's too much work! COUNTMINDO : (6) i just don't like having a product forced on me, we don't all have to buy FORD's if we want to COUNTMINDO : (6) deal with the government RPTime : Another question from the audience. JCMaille asks... Barlow1 : By the way, I'm not seeing my responses. Am I still online? Question : Does the government have a constitutional right of access to my personal communications? RPTime : Yes, John you are! RayDude : (6) RE: Traffic analysis: bet on it. It can be done and very easily over the internet as is. Kyrahn : (6) or as if gun controll has taken semi automatic guns and or automatics RayDude : (6) It will be much easier when the cable companies give you a net-feed. RPTime : Dr. Denning, why don't you go first? Barlow1 : hello? Shuddup : (6) But why bother with TA? Cost high, payoff low. Most of us are not evil! MegSaint : (6) Shuddup, since when has inefficency ever stopped the governmnt from doing something? Barlow1 : hello? DDenning : The Supreme Court ruled that wiretaps with a court order are Constitutional. Barlow1 : hello? DDenning : At one time, communications were not even protected under the RayDude : (6) To cite an example, my girlfriend went on vacation to HK. I'm not Chinese, but because I called HK, COUNTMINDO : (6) JPB is having troubles DDenning : 4th Amendment. The government could wiretap without a court order! Shuddup : (6) Right, but there;s almost always a reason - even if it is just to prove that we can... DDenning : Now a court order is required. RayDude : (6) AT&T sent me an offer to call HK for much less. This was half a year AFTER I called Hong Kong!!! Kyrahn : (6) crazy RayDude : (6) AT&T keeps track of EVERY call you make. If telephones have this much traffic analysis, PhilipED : To put the question another way, do citizens have a right to use powerful encryption? RayDude : (6) so will the info highway! Shuddup : (6) Sure, but again - why? DDenning : Right now there are no laws preventing the use of any encryption. Shuddup : (6) AT&T sells phone time. They have a reason. DDenning : Clipper is voluntary. You can still use something else. RPTime : We have to apologize. John Barlow has temporaily lost his connection... MegSaint : (6) I think we lost JPB! Shuddup : (6) BIG BROTHER! PARANOIA! RayDude : (6) No, they are REQUIRED to keep records by the FCC, another branch of the government. Kyrahn : (6) I've lost my mind :> Shuddup : (6) :-) PhilipED : Dr. Denning, in your opinion... COUNTMINDO : (6) they got him RayDude : (6) hehehe! PhilipED : would a law outlawing powerful encryption be unconstiotutional? Shuddup : (6) >:-( Kyrahn : (6) it's not paranoia when they really plan to do it Shuddup : (6) The problem is to figure out why. Never ascribe to malice what can be explained by stupidity! MegSaint : (6) Or beauracracy, which may be the same thing DDenning : I don't think so. But that doesn't mean it will happen. Shuddup : (6) Right.. COUNTMINDO : (6) they want to keep the status quo, but who's to say that that is right? PaulR42 : (6) Can Clipper break PGP2.3? RayDude : (6) Keep in mind that the NSA no longer have the Russians to spy on. So they need new targets. Us! RPTime : John Barlow is back with us. Sorry for the interruption! MegSaint : (6) Did she mean she doesn't think there will be a law or she doesn't think it will be unconst.? Shuddup : (6) Yeah, but why? What do we got? RayDude : (6) They need to be entertained, so they'll spy on everyone they can citing all sorts of rants PaulR42 : (6) Welcome back, John. COUNTMINDO : (6) hooray back from the beyond Shuddup : (6) ;-) PhilipED : Barlow, Denning just said she didn't think a law banning powerful encryption would be unconstitutional RayDude : (6) about "What if the drug dealers, terrorists, child molesters, and pornographers" get strong crypto? PhilipED : What do you say? Barlow1 : Hi folks. Don't know what happened. Gald to be back Kyrahn : (6) kinda like algebra let stupidity=Beauracracy PhilipED : Gald indeed! MegSaint : (6) Crooks already *have* strong crypto! RayDude : (6) Nope, as far as the cypherpunks can tell PGP is still strong. DES has been broken. Kyrahn : (6) multiply by x agencies PaulR42 : (6) Use the RSA scheme? Barlow1 : Actually, I believe that our current export embargoes are a violation of the 1st Amendment RayDude : (6) That's the point. Crooks already have strong crypto, but the rest of us wont if UncleSam gets his w RayDude : (6) way Barlow1 : which specifically speech without regard to the manner of speech. If we could restrict manner COUNTMINDO : (6) and the crowd began chanting CANTWELL CANTWELL CANTWELL Kyrahn : (6) I am Not a Crook Barlow1 : of speech, it would be constitutional to require that everyone speak English. Which of course it isn't MegSaint : (6) Cantwell? Explain please PaulR42 : (6) BTW, PGP is classified as munitions. RayDude : (6) Neither am I. But face it, the NSA doesn't want anyone to have strong crypto except themselves. PhilipED : John, can you make the case why ordinary law-abiding citizens need powerful encryption? Kyrahn : (6) so is any encryption program COUNTMINDO : (6) CANTWELL is the rep. who is trying to pass a bill to do away with the export law on encryption RayDude : (6) Yet, you can FTP PGP from Finland. You can import IDEA from outside the country too. Munitions indee COUNTMINDO : (6) classifying it as a munition Kyrahn : (6) importing is o.k. Barlow1 : Because it is in the nature of digitally networked communications to be quite visible. Everytime MegSaint : (6) Thanks, good informtation. Where have I been? Kyrahn : (6) just don't try to send it Barlow1 : we make any sort of transaction in a digital environment, we smear our fingerprints all over Barlow1 : Cyberspace. RayDude : (6) If you guys want, you can subscribe to the cypherpunks mailing list Kyrahn : (6) 'cause they can throw you in jail COUNTMINDO : (6) no thanks COUNTMINDO : (6) heavy traffic RayDude : (6) by sending a message to cypherpunks-requests at toad.com with subscribe in the subject and body. PaulR42 : (6) What's the address? Barlow1 : If we are to have any privacy in the future, we will need virtual "walls" made of cryptography. MegSaint : (6) RayDude, what's the address? RayDude : (6) Beware, that you'll get over 70 messages a day! Kyrahn : (6) black "ice" PaulR42 : (6) And the NSA on your tail. RayDude : (6) Do you guys know about "SecureDrive?" COUNTMINDO : (6) holy gibson batman Kyrahn : (6) nope Kyrahn : (6) flatman RPTime : Another audience question... Question : isn't like the gun argument? if guns are outlawed only criminals will have guns, well if Question : clipper is standardized, won't criminals be the ones NOT using it? RayDude : (6) SecureDrive is a DOS program that will give you an encrypted hard drive using the IDEA cypher. Very RayDude : (6) secure. RPTime : Dr. Denning? COUNTMINDO : (6) hey that's my question Kyrahn : (6) not grock dos MegSaint : (6) Wow! Kyrahn : (6) am on mac RayDude : (6) I sent about 6 questions so far.. haven't seen any yet.. must be slow.. Kyrahn : (6) patience DDenning : If Clipper becomes the de facto standard, then it will be the chief method RayDude : (6) Re: MAc Secure drive: no worries, I'm writing one for the Mac. Send me a message in two monts. MegSaint : (6) There are over a hundred people here Kyrahn : (6) cool RayDude : (6) two months... sorry PaulR42 : (6) Is it my imagination, but are the main participants fading out....? DDenning : of encryption. That would be what you'd get at Radio Shack. What criminals RayDude : (6) Cool, but very hard to write... Re: fading out, no, were just talking too fast. :-) DDenning : use will depend on what is readily available and what their cohorts are using. MegSaint : (6) Do we have better connections than the net heavies? COUNTMINDO : (6) such as PGP Kyrahn : (6) Raydude-> at AOL? RayDude : (6) As cypherpunks we are planning to give out free disks with crypto at the next PC Expo in NYC. If DDenning : Both parties of a conversation have to use the same thing. Criminals also talk to PaulR42 : (6) Cool, RayDude! RayDude : (6) any of you dudes are in NYC at the time, look us up. :-) (RayDude at aol, or rarachel at photon.poly.edu DDenning : a lot of people outside their immediate circle - e.g., to buy goods and services. Kyrahn : (6) cool DDenning : Also, they can be quite stupid at times. But the main thing is that criminals will Kyrahn : (6) you can reach me here on AOL COUNTMINDO : (6) cypherpunks mbone conference, watch for it soon DDenning : not be able to take advantage of the SKIPJACK algorithm as a way of concealing DDenning : their conversations. This is the whole point. It is not to catch criminals. It is DDenning : to allow people access to a really high quality algorithm in a way that someone COUNTMINDO : (6) what bullshit! MegSaint : (6) Countmindo, "cypherpunks *mbone* conference? I don't get it. DDenning : cannot use it to conceal criminal activity. Kyrahn : (6) it gets deeper all the time Barlow1 : The gun analogy is excellent up to a point. I can't for the life of me imagine why we would think that PaulR42 : (6) Where's the shovel? COUNTMINDO : (6) cypherpunks are putting together an mbone conference, video and audio over the net Barlow1 : even a stupid criminal would use Clipper if something else were available. And when I talk MegSaint : (6) In other words, anyone not using Clipper will be, de facto, a crook. Barlow1 : to people in the administration their big hobgoblin is the *nuclear-armed" terrorist. Any fanatic Kyrahn : (6) that's it RayDude : (6) In other words, crypto except for clipper will be illegal! Barlow1 : smart enough to assemble and detonate a nuclear device is going to be smart enough to download COUNTMINDO : (6) yeah de-facto illegal Barlow1 : PGP from a bulletin board somewhere. RayDude : (6) I wish I had a sparc station to join the mbone conf.. hope one of you will have transcripts. Kyrahn : (6) red flags for anyone not using clipp you wings PaulR42 : (6) Right on, John! Barlow1 : Also, I'd like to point out that the gun analogy doesn't go the whole distance. Crypto is by its RayDude : (6) Fuck clipper, we have to spread PGP far and wide making it tough to outlaw it. COUNTMINDO : (6) cool he kicks dennings ass off my question!! Barlow1 : nature a purely *defensive* technology. You can't shoot people with it. RayDude : (6) Yeah! Barlow!!! Go, Go, Go!!!! PhilipED : Speaking of PGP, Dr. Denning, is that encryption system secure, in your opinion? COUNTMINDO : (6) ooo good one. PaulR42 : (6) Here it is... RayDude : (6) hahahah! RayDude : (6) Lets see if the NSA cracked PGP yet!! PaulR42 : (6) she'll sidestep it. COUNTMINDO : (6) that gets my bet DDenning : I don't know of anyone who's been able to break the IDEA algorithm that it uses. RayDude : (6) Time to pull a Ronnie Reagan, for Denning... Kyrahn : (6) they are working on it COUNTMINDO : (6) oh she said it!!! RayDude : (6) Bullshit! PGP uses RSA and IDEA! RPTime : Back to the audience for a question from Steve HW.. COUNTMINDO : (6) wake up the neighbors MegSaint : (6) Wait, I thought PGP was RSA PaulR42 : (6) What's the diff? Question : This is for Dr. Denning. What is the evidence of harm if the Clipper proposal is not Question : adopted? RayDude : (6) RSA uses public/private keys meaning you can publish your key and anyone can send you a 100% RayDude : (6) private message Kyrahn : (6) the trick is to have something that mutates when someone attemps to "illegally" break it PaulR42 : (6) And IDEA? DDenning : The harm would be to the government. They would not be able to use it and would RayDude : (6) With idea, you can't spread your key. It's the only thing that protects your code. Kyrahn : (6) call it BackFire DDenning : have to resort to something less secure. Also, Clipper is part of a larger COUNTMINDO : (6) awwww poor government RayDude : (6) IDEA uses only one password. PGP gives you a public & private. Your can only read your mail DDenning : project to make hardware available for encryption and digital signatures. This RayDude : (6) if you decrypt it with your private key when someone scrambles it with your public key. MegSaint : (6) So what was Denning talking about then? RayDude : (6) Hence anyone can send you 100% private mail without knowing your secret keyword. Kyrahn : (6) RipemMac use dual components DDenning : will be used, for example, in the Defense Message System. The goverment DDenning : needs a new standard. PaulR42 : (6) OK, I get it now. Kyrahn : (6) but is still under developement :< RayDude : (6) A bit of trivia, did you guys know that our contries founding fathers were crooks? COUNTMINDO : (6) then let the government use what they want and let us use what we want Kyrahn : (6) of course! DDenning : I personally believe that making really powerful encryption like SKIPJACK available RayDude : (6) Thats right, they were sumglers, trying to evade Englands taxes. Hence for the constitution COUNTMINDO : (6) god bless 'em ;) PaulR42 : (6) Explain, RayDude, that can't possibly be true. RayDude : (6) having lots of protections against abuse! DDenning : without key escrow could be harmful to society. Wiretaps have been essential Kyrahn : (6) same thing with most "city" Fathers RayDude : (6) Too bad they didn't put in privacy protection too. :-I Shuddup : (6) Right. Cops got search warrants, I got a door lock; cops make mistakes, but I'm worried about crooks PaulR42 : (6) So even Geo. Washington said "I am not a crook?" RayDude : (6) Their idea was to have a tiny government, only to serve, not to rule. Shuddup : (6) I just want to pick my own size and cost of doorlock! DDenning : for preventing and solving many serious crimes and terrorist activities. Barlow1 : Why on earth would the government have to use something else if they failed to get the rest of Kyrahn : (6) I am Not A Crook!! RayDude : (6) It's a matter of view point. To the Brits he was a crook & traitor. To us a hero. But the Barlow1 : rest of us to buy into this folly? COUNTMINDO : (6) but she said it wasn't to stop criminals RayDude : (6) smuggling was not a publicised thing. PaulR42 : (6) One man's revolutionary is another man's freedom fighter. Barlow1 : Hey, they are already using SKIPJACK. It's a government algorithm and has been in use for a Kyrahn : (6) besides the rest of the world will not use clipper Shuddup : (6) I think she DID say that clipper was to stop illegal wiretaps, or at least that it could. DDenning : CPSR and others are asking the government to drop Clipper. Barlow1 : long time. There are plenty other algorithms which we can use which are truly protected... unless of PaulR42 : (6) And it's a good thing too, Dorothy! Kyrahn : (6) so it stands to reason that the crooks you worry about will use some exotic Shuddup : (6) Right! RayDude : (6) BTW: Over the internet we have an 80% petition rate!!! 80% of the internet opposes clipper! Barlow1 : course, this is only the first step in a process which will outlaw other forms of crypto. And I Kyrahn : (6) and over 100 major companies COUNTMINDO : (6) i signed my electro petition Barlow1 : believe that it must be. Makes absolutely no sense otherwise. MegSaint : (6) I'll be sending in my petition soon. Just got the latest CPSR Alert with the address. RayDude : (6) I put my name on Satan's list, yeah baby I did.. :-) Barlow1 : EFF is not asking the Government to drop Clipper, though we would vastly prefer they did. We're PaulR42 : (6) But most Americans have no idea what the NSA is trying to do with Clipper. And is has such a nice na PaulR42 : (6) me Barlow1 : merely asking that no steps be taken to require it either by law or practice...as, for example, would RayDude : (6) That's why I'm going to give out free disks at PCExpo... If we can raise some Barlow1 : be the case if you had to use a Clipper chip to file your tax return. RayDude : (6) eyebrows from big businesses, we can raise everyone's eyebrows eventially PhilipED : Dr. Denning, do you think this is the "first step in a process to outlaw crypto"? RayDude : (6) eventually. (sorry) COUNTMINDO : (6) no, no way, yeah that's the ticket... DDenning : No I do not. The government has not been using SKIPJACK to my knowledge. Kyrahn : (6) well I got to go/ But keep in touch! DDenning : The Clipper initiative represents the first time that the government has put PaulR42 : (6) Can a MacPGP encrypted message be decyphered by a PC user, and vice versa? Is there PGP for PCs? Kyrahn : (6) :-> MegSaint : (6) Bye Kyrahn Shuddup : (6) bye COUNTMINDO : (6) bye PaulR42 : (6) See ya! RayDude : (6) Oh, DDenning has knowledge about what the gov has been using???? RayDude : (6) Bye K. DDenning : one of their really good algorithms out there in the unclassified arena. They COUNTMINDO : (6) bet your ass she does RayDude : (6) BTW: Which of you wanted the Mac or PC Secure drive? I can send'em to you? HotRodKart : (6) Being that this my first rodeo on the E/F I wonder if this damn thing really works? MegSaint : (6) Paul, I believe the answer to bothe or your questions is "Yes" DDenning : are trying to do this in a way that won't backfire against the public. Other PaulR42 : (6) Thanks, Meg MegSaint : (6) Ray, I would be interested in the Mac Secure Drive DDenning : NSA developed algorithms are not available for purchase by the public. Barlow1 : I appreciate their willingness to make some of that COUNTMINDO : (6) more audience questions, c'mon! Barlow1 : crypto research available to a public which has paid so much for it, but I'm afraid that I would RayDude : (6) I'm here on AOL.. Just send mail to RayDude. :-) MegSaint : (6) Heck, the government developed these algorithims with OUR money! Yes John! RayDude : (6) Or if you have internet access, it'll be faster to send me mail to rarachel at photon.poly.edu Barlow1 : never trust an algorithm which was given to me by any government. And I certainly don't trust PaulR42 : (6) Is Barlow1 JPB's aol address? MegSaint : (6) Will do, RayDude. Barlow1 : a classified algorithm like Skipjack, even without PaulR42 : (6) Right on John!!!! Barlow1 : a back door which everyone can see. I think I'll stick to systems which have been properly vetted MegSaint : (6) Barlow1 may be a temporary address. Barlow1 : to be clear of such compromises, like RSA. I hope others will do likewise and that RSA will become PaulR42 : (6) uh huh Barlow1 : the standard which Clipper shouldn't be. MegSaint : (6) I find it hard to believe that Denning hangs out on AOL RPTime : Time for one more question from our audience... Question : To John Barlow. Isn't society becoming increasingly vulnerable to concerted Question : criminal/terrorist disruption, requiring *stronger* law enforcement tools? RayDude : (6) Meg, gotcha in my address book... will send a copy when it's done. Want a beta, or want to wait? COUNTMINDO : (6) holy right winger, batman PaulR42 : (6) I wonder if Denning listens to the Dead? PaulR42 : (6) Dumb question, sorry COUNTMINDO : (6) naw, funny one MegSaint : (6) I'll take beta. What's life with out a little risk? Barlow1 : Gee. I don't know. It's a scary world. However, I'm willing to take my chances with the few terrorists COUNTMINDO : (6) life without risk = disneyland RayDude : (6) booooo.... stupid question! I've sent so many good ones, why take that one? MegSaint : (6) Some might consider Barlow a terrorist Barlow1 : and drug lords there are out there rather than trusting government with the kind of almost unlimited PaulR42 : (6) I'll bet she hasn't eaten as many shrooms at Dead concerts as JPB RayDude : (6) disneyland=lawyers, lawsuits, cops, big-mickey-brother, etc... bad, bad bad! Barlow1 : surveillance power which Clipper and Digital Telephony would give them. It's a touch choice. But MegSaint : (6) So why did you send the stupid one, RayDude :) Barlow1 : when you look at the evil perpetrated by government over this century in the name of stopping crime, RayDude : (6) That wasn't mine Meg.. But I should have sent a stupid one.. them's the only ones accepted... RayDude : (6) it seems... Barlow1 : it far exceeds that done by other organized criminals. COUNTMINDO : (6) hey mine was accepted :( PhilipED : Dr. Denning, hasn't remote listening technology enhanced police abilities to eavesdrop to the point... RayDude : (6) Sorry :-) MegSaint : (6) Oops, misunderstood your comment. PhilipED : where the loss of a few wire taps won;t mean much? PaulR42 : (6) Hasn't Time Mag cooperated with the CIA and helped them obtain info in the sixties? Shuddup : (6) It wouldbe interesting to know how many questions where sent up! RayDude : (6) Sorry Count... didn't mean it like that... DDenning : No. They need to get the cooperation of the service providers to implement MegSaint : (6) Do they *have* to or are they just supposed to ? COUNTMINDO : (6) is this thing over at 10? HotRodKart : (6) TIME = LEFT RayDude : (6) More like cooperation of the service providers or the service providers will be fined $10K a day!!! DDenning : a wiretap. The loss of some wiretaps could be costly indeed. As an example, RayDude : (6) The FBI digital telephony bill requires that all networks have a spy line or they pay $10K a day! RayDude : (6) if the damn thing passes! DDenning : wiretaps were used to help solve a case that involved plans by a Chicago DDenning : gang from shooting down a commercial airliner. There have been 2 cases where COUNTMINDO : (6) Cub, White Sock, Bull? DDenning : they helped save the lives of kids who were going to be kidnaped for the making DDenning : of a snuff murder film. They helped solve a case where a man's house was going COUNTMINDO : (6) c'mon boss, who's going to use voice encryption anyways? RayDude : (6) Oh yeah, right, surrrre... good ones... PaulR42 : (6) Gag me, Dorothy. DDenning : to be bombed. I could go on. If we take John's arguments about law enforcement DDenning : to their logical conclusion, we'd just get rid of law enforcement. I think it's better RayDude : (6) Why should we as tax payers pay $10Billion a year for Clipper when only 10-15 wiretap warrants are DDenning : to have it. The people in law enforcement hate it as much as the rest of us when RayDude : (6) actually given out to law enforcement agents per year? RayDude : (6) Is $10Billion the cost of 10 or so wire taps a year???? I think not! DDenning : some member of the community does something wrong. And they correct it, RayDude : (6) It's only for spying on us! DDenning : design new procedures and laws where necessary, and go on. Barlow1 : Oh, please. I'm not proposing eliminating police. I'm opposing giving them unlimited powers. COUNTMINDO : (6) foreign countries will laugh at this Barlow1 : Also,these are the same cases cited over and over by everyone from you to Judge Freeh.Surely, we RayDude : (6) BTW: They plan on exporting clipper. What country would be stupid enough to use a chip that will le RayDude : (6) the USA spy on their private stuff? Barlow1 : aren't going to fundamentally change the balance of Barlow1 : power in this country because of these two (undocumented, to my knowledge) stories. RayDude : (6) BTW: there's talk that the recent espionage case is simply media fodder incited by the NSA so that COUNTMINDO : (6) guess it doesn't end at 10... RayDude : (6) they can say "Look, with encryption we wouldn't have been able to catch'em!" DDenning : Clipper is not going to change the balance of power. It does not give RayDude : (6) "So we need clipper and we need to ban all other encryption" RayDude : (6) Ohhh, yeah, clipper isn't going to change the balance... pure raw, grade A-bull$#it! DDenning : law enforcement any additional authority to do wiretaps. Barlow1 : Well, this is where we basically disagree, Dorothy. If we could continue the same level of LE capacity PaulR42 : (6) But it gives them the capability to do so. MegSaint : (6) Does Denning think we're all stupid? Barlow1 : we presently have, I'd have no objection. But I believe, for reasons I'm not sure we have the RayDude : (6) yes HotRodKart : (6) I cant believe she said that HELLOOOOOO any gray matter Barlow1 : bandwidth to discuss here, that we are talking about RayDude : (6) She thinks that since she has a degree in crypto that everyone else is stupid and shouldn't MegSaint : (6) I'm feeling very patronized. RayDude : (6) be allowed to think about crypto Barlow1 : dramatically enhancing their abilities. For one thing, we would greatly reduce the bureaucratic MegSaint : (6) I came with something of an open mind. She isn't helping her cause any. not with me, anyway. Barlow1 : overhead involved in wiretap, which is what keeps it under 900 cases nationwide at the present. RayDude : (6) She's good with crypto, but a real idiot when it comes to anything about the gov't. RayDude : (6) Or maybe they just pay her well... RPTime : And that will have to be the last word on the matter for tonight... DDenning : The overhead of a wiretap is more likely to increase, not decrease. RayDude : (6) booo! COUNTMINDO : (6) oh c'mon COUNTMINDO : (6) just getting fun PhilipED : Not quite! RPTime : Maybe not! ;-) RPTime : THAT will be the final word! RayDude : (6) Why didn't they throw my questions in!!! :-( I had some real Denny-friers in there... COUNTMINDO : (6) thpppppt! Barlow1 : Well, let's get together and talk, Dorothy. RayDude : (6) ;-) RPTime : TIME thanks Dr. Dorothy Denning and John Perry Barlow for being with us tonight... RayDude : (6) Oooh, he's asking her out!!! Maybe he'll ditch her at the curb.. MegSaint : (6) Myabe they decided to shut her up before she did more damange to the adminstraion position RPTime : along with Philip Elmer-DeWitt. Thank you all, and goodnight! RayDude : (6) heheh PhilipED : Thank you both. This was very interesting. RayDude : (6) Oh quit thanking DDenning : Thank you for the opportunity to be here! COUNTMINDO : (6) butt kisser PaulR42 : (6) Well, it's been nice, bye all! And write your congressperson about Clipper! RayDude : (6) each other and give some real issues a thought! MegSaint : (6) Good Night, all. It was fun sitting with you. PaulR42 : (6) Bye JPB, say hi to Jerry for me! RayDude : (6) Well folks, see you whenever... it was fun. :-) RayDude : (6) Hope some of you will join the cypherpunks if you can stand to read that much email a day... COUNTMINDO : (6) futureculture is enough for me thanks MegSaint : (6) Already on a list that nets me 60 letters a day. Don't know if I can afford the airtime DDenning : spelling errors? MegSaint : (6) What? RayDude : (6) Well at least do me a favor and give out PGP to all the folks you know who have PC's or Macs.. COUNTMINDO : (6) huh? RayDude : (6) huh??? RayDude : (6) looks like Denny slipped... MegSaint : (6) Will spread the gospel, at least as far as Kyrahn HotRodKart : (6) PGP? RayDude : (6) Pretty Good Privacy. Excellent crypto program... RayDude : (6) Let me know if you want a copy... Mac or PC... HotRodKart : (6) Thank you HotRodKart : (6) where do you get it? COUNTMINDO : (6) guess this is really over, i was hoping JPB would keep going RayDude : (6) I get off the internet... but... I guess AOL doesn't give access to that... I can mail it to you HotRodKart : (6) PC RayDude : (6) Actually Barlow hit Denning before on the internet.. that's how this got started... Barlow1 : it be too long? RayDude : (6) Hot: where do you live? If you're in NYC, I can just give you a disk... MegSaint : (6) Well, I really should go this time...(What do you suppose they're doing, still in there? HotRodKart : (6) San Diego COUNTMINDO : (6) it be too long hehehehe that's what she said RayDude : (6) Oh well. :-) Want me to mail you a disk or upload it? (It'd be way too long an upload..) HotRodKart : (6) Mail wood b ok RayDude : (6) okay, send me your address in email... HotRodKart : (6) To RayDude? RayDude : (6) Yep... to RayDude... HotRodKart : (6) I think I know how to use it I'll give it my best shot RayDude : (6) Just go up to the Mail menu and hit Compose Mail, then type in RayDude in the "To:" field. COUNTMINDO : (6) well, gone, seeya, nice talking... HotRodKart : (6) got it thanks RayDude : (6) Welp, I guess, that's it for tonight.. :-) Goodnight folks. RayDude : (6) Last words: "Die Clipper, Die, Die Die!! Die Digital Telephony Act, Die, Die, Die!!!" From boldt at math.ucsb.edu Thu Mar 10 21:15:04 1994 From: boldt at math.ucsb.edu (Axel Boldt) Date: Thu, 10 Mar 94 21:15:04 PST Subject: Improvement of remailer security Message-ID: <9403110511.AA13627@emile> I think the recent death-threat-to-Clinton desaster has made clear that the remailers we have are not very secure, mainly because incoming and outgoing mail seems to be monitored at many sites. Even the current pgp encryption scheme offered by some remailers doesn't help much, once the incoming and outgoing messages are known: just take the outgoing message from the remailer, encrypt it with the remailer's public key, compare this to the incoming messages and you know who sent this message (repeat if a chain of remailers was used). Here's a proposal which could close this hole: remailers should allow for a new header 'Encrypt-with:' which takes as argument a public pgp key. This is used just like the 'Request-Remailing-To:' header, i.e. using the '::' construct in the body of the pgp encrypted mail. ('Encrypt-with:' offers no additional security if no pgp encryption is used in the first place.) The semantics is that the remailer, just before passing the message along (and after having decrypted it, of course) encrypts the message using this public key and adds an 'Encrypted: pgp' header to it. To make sure that no remailer on the way knows the contents of the message, we should add one more mechanism: Whenever a remailer encounters a message with an 'Encrypted:' header, and the decrypted message contains another 'Encrypted:' header, the remailer decrypts it again. (Perhaps this feature exists already?) In this way, even if someone knew the contents of every incoming and outgoing mail of the remailer, they couldn't tell which incoming message produced which outgoing message. To trace a message back to its origin through a chain of remailers, one would have to know in addition all the secret keys on the way (except the first one). Axel From rperkins-remailer at nyx.cs.du.edu Thu Mar 10 21:37:23 1994 From: rperkins-remailer at nyx.cs.du.edu (rperkins-remailer at nyx.cs.du.edu) Date: Thu, 10 Mar 94 21:37:23 PST Subject: Delays & random message order? Message-ID: <9403110537.AA00413@nyx.cs.du.edu> Is it just me or is toad.com delaying messages and sending them out in random order? For example, I noticed one post dated 18:00 EST got here at 19:30 EST. The next post, however, was timestamped just before noon (with a received header confirming it was actually received by toad.com at 11:52 PST)... Two posts later there is one from 10:30 PST... My last post took nearly 10 hours to appear on the list, while other posts are getting thru almost immediately. I hope Eric hasn't been experimenting with his no-PGP-sig=delay software; it seems to be stuck in a time-warp... Now if we could only get our anonymous remailers to send messages in this fashion we'd give the NSA a real headache trying to track the messages. :) Sorry to nit-pick...(I'm sure Eric has had enough problems with the list and doesn't need any more) but I thought I was going crazy when I started seeing responses to posts that hadn't been made yet (the person had emailed the message to someone, CC: cypherpunks and the response appeared on the list before the original!) From avalon at coombs.anu.edu.au Thu Mar 10 21:42:15 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Thu, 10 Mar 94 21:42:15 PST Subject: Surveillance cameras In-Reply-To: <199403102025.UAA16022@an-teallach.com> Message-ID: <9403110541.AA11095@toad.com> [...] > G > PS London has the same degree of camera surveillance as you said > Germany has. There's a big centre at Kings Cross Station where > all the Railway Police have their monitors (of all the Underground > entrances) and another one at New Scotland Yard where all the > transport police have theirs. The ones in the underground - which > are ostensibly just for mass crowd volume monitoring - have an > absolutely deadly killer zoom lens that's centrally steerable. > > It's *way* overkill for the use it's supposed to be for... Do the station staff ever use them ? Here in Melbourne, all the underground railway stations have cameras pointing at escalators, up and down the platforms, etc, but if you're doing something silly like riding around on a chair that the ticket guys usually sit upon, you can expect an announcement :) There is also a window that looks into a `monitor' room from a public walkway at one. Oh, and one of the cameras looking up a platform has gum fixed to part of the cover in front of the lens :) From nates at netcom.com Thu Mar 10 21:43:45 1994 From: nates at netcom.com (Nate Sammons) Date: Thu, 10 Mar 94 21:43:45 PST Subject: The Coming Police State Message-ID: <199403110544.VAA11384@netcom10.netcom.com> I cannot help but think that having the gov looking in on us will be good. I know, get my head shrunk, but look: It gives us something to fight for. Look at me: Somewhat of a slacker who for a long while thought there was nothing worth fighting for... now there's the government to fight! What better entity to wage war against? It's the classic "valiant fight" the "good guys against the bad guys" fight. It's the kind of fight you may even feel yourself _wanting_ to fight. I can't help thinking what a kick I'll get out of seeing my kids in the future saying, upon them finding my "Cypherpunk Criminal" T-Shirt in the attic, "Gosh! Dad was a Cypherpunk! Wow!" I'm not (obviously, look at my track record) advocating the Clipper/Capstone/ blah/blah/blah standards or the new draconian legislation proposals... I'm just saying that it's easier to fight when there's something tangible to fight... it's hard now, since there are no laws keeping me from having a copy of PGP on my Mac (yet), to see what we're fighting. Maybe in a year or two there will be. Who knows. This National ID Card *really* scares me. It floods my mind with images of me standing in line to buy a CD (or whatever) and getting to the front of the line, being asked for my National ID card (So the proper taxes can be assesed, and since they cannot sell to non-citizens... blah blah blah) and me saying "Gosh... I must have left it in my other pants" or me pulling out a card with a very obvious blowtorch hole in the center (imagine little semi-toasted copper wires hangin out from behind the melted plastic case) and saying "I had a little accident" To be honest, if given the chance to get a job after I graduate (blessed be that day) that involves me moving to some non-USA (or non-Police State) location, I would be inclined to take it... fast. I have been leaning towards the "Let's overthrow the government!" crowd lately, what with reading all this shit from the FBI, etc... but it's rather pointless to want to overthrow a government as vast and powerful as our own, so I think it's best to just plot a guerilla underground haven for myself. Sorry to waste the bandwidth, but I had to get this off my chest... (Oh, and sorry for not making it to the last Colorado CPs meeting, all hell broke loose at work and I had to fix just about everything...) -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From tcmay at netcom.com Thu Mar 10 22:00:40 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 10 Mar 94 22:00:40 PST Subject: Clipper: Denning v Barlow Debate on AOL In-Reply-To: <9403110507.AA08887@photon.poly.edu> Message-ID: <199403110601.WAA28602@mail.netcom.com> RayDude writes: > This is a captured chat from the Time Magazine, Time Odeon Online Forums. > On America Online, my handle is RayDude. ... > Barlow1 : improved traffic analysis. Content is less important > than context, and most agents will > Barlow1 : support this. > Shuddup : (6) I really don't accept the traffic analysis > argument. That's too much work! > COUNTMINDO : (6) i just don't like having a product forced on me, > we don't all have to buy FORD's if we want to > COUNTMINDO : (6) deal with the government > RPTime : Another question from the audience. JCMaille asks... ... > PaulR42 : (6) Cool, RayDude! K00L, RayDewd! Like, I'm glad dewdz like you can , like, _follow_ this stuff. Maybe you can translate it into ordinary prose for old farts like me, who favore multi-sentence paragraphs and even reasonably thorough explications of ideas that don't fit into a single line of repartee! No insult to Arsen Ray is meant, and there may even be some nuggets in there I missed. But it sure does reinforce my hatred for "IRC" and similar fora for the attention-challenged. From what I could see scrolling by from Ms. Denning, she wasn't getting into the "dewd repartee" either, showing that we have at least one thing in common. Repartee has its place, and we all do it. But the format here is not conducive to getting views exchanged and coherent thoughts developed. What a waste. Me, I'm not as polite as Ms. Denning. About one minute into this I woulda said "Fuck this shit, I'm outta here!" --Tim May From mg5n+ at andrew.cmu.edu Thu Mar 10 22:02:24 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 10 Mar 94 22:02:24 PST Subject: Improvement of remailer security In-Reply-To: <9403110511.AA13627@emile> Message-ID: <0hU0Y5y00awMF4PmwP@andrew.cmu.edu> boldt at math.ucsb.edu (Axel Boldt): > Even the current pgp encryption scheme offered by some remailers > doesn't help much, once the incoming and outgoing messages are > known: just take the outgoing message from the remailer, encrypt > it with the remailer's public key, compare this to the incoming > messages and you know who sent this message (repeat if a chain > of remailers was used). Nope... PGP encrypts the message with a random IDEA key, and then encrypts the IDEA key with RSA. You'd have to guess which IDEA key was used, and encrypt that with RSA. The SS couldn't guess 2^128 possible IDEA keys in a hundred years, even with 10 cray supercomputers... (of course, they might be able to do it a hundred years from now... but by then nobody would care about some stupid 20th century email message.) Karl Barrus's latent-num and truncate-line features on his former tree-remailer handled all of the traffic-analysis problems rather nicely, however... > Here's a proposal which could close this hole: remailers should > allow for a new header 'Encrypt-with:' which takes as argument > a public pgp key. This is used just like the 'Request-Remailing-To:' > header, i.e. using the '::' construct in the body of the pgp encrypted > mail. ('Encrypt-with:' offers no additional security if no pgp > encryption is used in the first place.) The semantics is that the > remailer, just before passing the message along (and after having > decrypted it, of course) encrypts the message using this public key > and adds an 'Encrypted: pgp' header to it. JPP's remailer does this, except it only posts to alt.test. Maybe you could convince him to allow it to also forward to remailers when a remailer public key is specified... :) From tcmay at netcom.com Thu Mar 10 22:11:27 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 10 Mar 94 22:11:27 PST Subject: Surveillance cameras In-Reply-To: <9403110541.AA11095@toad.com> Message-ID: <199403110612.WAA29822@mail.netcom.com> Darren Reed writes: > > entrances) and another one at New Scotland Yard where all the > > transport police have theirs. The ones in the underground - which > > are ostensibly just for mass crowd volume monitoring - have an > > absolutely deadly killer zoom lens that's centrally steerable. > > > > It's *way* overkill for the use it's supposed to be for... > > Do the station staff ever use them ? > > Here in Melbourne, all the underground railway stations have cameras > pointing at escalators, up and down the platforms, etc, but if you're > doing something silly like riding around on a chair that the ticket > guys usually sit upon, you can expect an announcement :) There is also > a window that looks into a `monitor' room from a public walkway at one. Most American airports, especially those with international connections, routinely videotape all passengers. I can't cite a source for this, but I think it's common knowledge (not that this means its true). The recent film "The Pelican Brief" has this as a plot device, with a terrorist captured on tape on his departure to Paris. Paranoid note: Ear shapes are said to be a fairly unique characteristic, hard to disguise, and easy for computers to process ( a line scan). This may mean the return of long hair. (No wonder Singapore bans long hair on men.) "Oh, I'm going to a "Star Trek" convention in London. I'm playing Spock." > Oh, and one of the cameras looking up a platform has gum fixed to part > of the cover in front of the lens :) Wouldn't one of our "Big Brother Inside" stickers work pretty well here? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 10 22:36:39 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 10 Mar 94 22:36:39 PST Subject: The Coming Police State In-Reply-To: <199403110544.VAA11384@netcom10.netcom.com> Message-ID: <199403110637.WAA03791@mail.netcom.com> Nate Sammons, Cypherpunk Criminal, writes: > I cannot help but think that having the gov looking in on us will > be good. I know, get my head shrunk, but look: It gives us something > to fight for. Look at me: Somewhat of a slacker who for a long while > thought there was nothing worth fighting for... now there's the > government to fight! What better entity to wage war against? It's the > classic "valiant fight" the "good guys against the bad guys" fight. > It's the kind of fight you may even feel yourself _wanting_ to fight. Very good comments. Especially your "slacker" comment. Many GenXers I know seem to think all the "good stuff" happened in the 60s--nonsense. Mostly that was a lot of civil rights stuff, a lot of it misguided (don't get me started, and don't misinterpret this to mean I think blacks shouldn't have the vote. What I mean is clear to any libertarian.). The computer revolution, cyberspace, crackdowns on so many things....these are the truly astounding developments, good and bad, and the Zero Generation is in the thick of it! The bulk of this list is probably centered at age 24 with a standard deviation of about 3 years...and a tail that reaches up into the 40s and 50s. > I can't help thinking what a kick I'll get out of seeing my kids in > the future saying, upon them finding my "Cypherpunk Criminal" T-Shirt > in the attic, "Gosh! Dad was a Cypherpunk! Wow!" Will you also show them your Marion Federal Prison shirt? > This National ID Card *really* scares me. It floods my mind with images > of me standing in line to buy a CD (or whatever) and getting to the front > of the line, being asked for my National ID card (So the proper taxes can As well it _should_ scare you! Ensuring that each Citizen Unit adheres to the terms and conditions of his Preventive Medicine Contract will dictate this. Ditto for tax compliance, for checking age credentials, etc. (It is precisely this Big Brother scenario that motivated Chaum and others to work on protocols for showing credentials (age, in a bar, for example) without showing identity. Think of the implications of a national ID card couple with fast bar-code checking and network connections....they'll know every bar you entered, how long you stayed, how many drinks you had ("Your health premiums have been increased...."), what bookstores you entered, what books you bought, and on and on. The Surveillance State is almost upon us. And it's happening under the guise of controlling health care costs, fighting pornography and child molestation, making sure everyone's fair share of taxes is paid, and other such seemingly innocuous things. Everyone should read John Brunner's "The Shockwave Rider" if they haven't already done so. I read it when it first came out in 1975 and the tale of Nickie Halflinger scared me...it also came when I was just getting started in the Homebrew Computer Club, so in many ways it prepared me for my later role as a hunted CyberFelon. ("Shockwave" is also credited by many to be one of the first mentions of "worms" in computers....though Brunner may've been talking to folks at Xerox PARC...wormly cross-fertilization.) > location, I would be inclined to take it... fast. I have been leaning towards > the "Let's overthrow the government!" crowd lately, what with reading > all this shit from the FBI, etc... but it's rather pointless to want > to overthrow a government as vast and powerful as our own, so I think it's > best to just plot a guerilla underground haven for myself. Overthrowing the government may not be such a hot idea...the replacement could be much worse. But finding ways to preserve personal liberty is a good goal. Finding ways to selectively bypass the State is also a good goal. > Sorry to waste the bandwidth, but I had to get this off my chest... > (Oh, and sorry for not making it to the last Colorado CPs meeting, > all hell broke loose at work and I had to fix just about everything...) > > -nate Not a waste of bandwidth at all! Seeing folks get energized does more to promote our cause than the 9th discussion of TEMPEST or the 13th debate about whether DES has been compromised. Besides, the theme for this week is "politics." George Orwell's "1984" (and some other favorite books of many of us) did more to help fight totalitarianism than most technical debates did. Cypherpunks can ride the "shock wave" of one-way functions! Hang Ten, Doodz! Ten to the 300th power, that is. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rarachel at prism.poly.edu Thu Mar 10 23:43:06 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 10 Mar 94 23:43:06 PST Subject: Clipper: Denning v Barlow Debate Message-ID: <9403110730.AA23322@prism.poly.edu> > K00L, RayDewd! Like, I'm glad dewdz like you can , like, _follow_ this > stuff. Maybe you can translate it into ordinary prose for old farts > like me, who favore multi-sentence paragraphs and even reasonably > thorough explications of ideas that don't fit into a single line of > repartee! Not quite as you think. You see, only the posts with (6) in front of them were visible to those in the 6th row. :-) The AOL Time Odeon auditorium is broken up into the stage (everyone sees what gets posted from there, but only those on the stage can send messages to the stage.) >From there on everyone is assigned a row. In my case it was the 6th row. There were 85 people listening to the confrence, probably also generating as much noise as the folks in my row.. However neither Denning nor Barlow can see the conversations in row 6. Neither can the folks in row 50, or 95, or 69 or 666 see what's talked in row six unless they move to row six. :-) Weird, but true. AOL does provide the ability to send questions and comments to those in power on the stage. I sent quite a few flamatory messages down Dennings way of course, however, no comment/question of mine made it. :-) Ah, censorship at its best... (My questions were in the lines of, Dr. Denning, how can someone of your intelligence possibly support the idea of giving full control of everyone's privacy over to the government we all know to be quite corrupt, and the old, why should we pay $10Billion in taxes a year to help the feds catch 10 or so cases a year via wire tapping...) > No insult to Arsen Ray is meant, and there may even be some nuggets in > there I missed. But it sure does reinforce my hatred for "IRC" and > similar fora for the attention-challenged. From what I could see > scrolling by from Ms. Denning, she wasn't getting into the "dewd > repartee" either, showing that we have at least one thing in common. She didn't see any of it, except for the flame questions I sent, and quite possibly a huge ammount of others in the audience. THere were 85 or so folks there... > Repartee has its place, and we all do it. But the format here is not > conducive to getting views exchanged and coherent thoughts developed. > What a waste. Ineed, too bad she couldn't see the comments. Too bad I wasn't on stage with JPB to grill her to a nice shade of dark brown toast.. > Me, I'm not as polite as Ms. Denning. About one minute into this I > woulda said "Fuck this shit, I'm outta here!" Well, I had my fun. :-) I'll post up a clean *official* transcript of this session when one becomes available... From lcottrell at popmail.ucsd.edu Thu Mar 10 23:46:55 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Thu, 10 Mar 94 23:46:55 PST Subject: Improvement of remailer security Message-ID: <199403110746.XAA15270@ucsd.edu> >Even the current pgp encryption scheme offered by some remailers >doesn't help much, once the incoming and outgoing messages are known: >just take the outgoing message from the remailer, encrypt it with the >remailer's public key, compare this to the incoming messages and you >know who sent this message (repeat if a chain of remailers was used). This is incorrect. The message is not encrypted with the public key. It is encrypted with an IDEA key which is encrypted with the remailers public key. Since the remailer does not forward that key (obviously), this attack is not possible. -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From rarachel at photon.poly.edu Thu Mar 10 23:50:18 1994 From: rarachel at photon.poly.edu (Arsen Ray Arachelian) Date: Thu, 10 Mar 94 23:50:18 PST Subject: Clipper: Denning v Barlow Debate on AOL In-Reply-To: <199403110601.WAA28602@mail.netcom.com> Message-ID: <9403110751.AA10429@photon.poly.edu> Also, another limitation of America Online's chat is that you can't send a paragraph. You can only send a small two line (about 50 chars each line) message. Hence all the damn fragmentation... :-) Sorry if it's too much of a hassle for you guys to follow. At least you can see it from my viewpoint as I saw it live. The official version will [un]fortunatly not have all that neat stuff in it... As Gibson (was it Gibson) said on his trip to Singapore as documented in Wired, "I miss all the fractals" referring to the litter on the streeet. :-) Now, imagine if EVERYONE could see all 85 folks talking at the same time in this manner. The fragmentation caused by what you saw was only from about 6 folks + the folks on stage!!!!! From tcmay at netcom.com Thu Mar 10 23:57:37 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 10 Mar 94 23:57:37 PST Subject: Improvement of remailer security In-Reply-To: <199403110746.XAA15270@ucsd.edu> Message-ID: <199403110758.XAA14484@mail.netcom.com> Lance Cottrell, quoting Axel Boldt: > >Even the current pgp encryption scheme offered by some remailers > >doesn't help much, once the incoming and outgoing messages are known: > >just take the outgoing message from the remailer, encrypt it with the > >remailer's public key, compare this to the incoming messages and you > >know who sent this message (repeat if a chain of remailers was used). > > This is incorrect. The message is not encrypted with the public key. It is > encrypted with an IDEA key which is encrypted with the remailers public > key. Since the remailer does not forward that key (obviously), this attack > is not possible. Indeed, but I think Axel Boldt deserves commendation for thinking about remailer security and looking in detail (though not enough, as two posters have noted) at the possible attacks that may be used for traffic analysis. Generally, it makes sense to ask if an attacker can make any correlations between incoming and outgoing messages. In this case, where PGP is using a random session key, it looks like no correlation can be made (except for message length and timing correlatins, which we've discussed before, vis-a-vis message padding and latency). This list is sometimes harsh on points raised, but I think we're far less flamish than the Usenet groups in general. So, don't give up! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From karn at qualcomm.com Fri Mar 11 00:07:25 1994 From: karn at qualcomm.com (Phil Karn) Date: Fri, 11 Mar 94 00:07:25 PST Subject: Response to CJ request for Applied Cryptography In-Reply-To: <9403090012.AA28250@cygnus.com> Message-ID: <199403110807.AAA22284@servo.qualcomm.com> I had to revise my second filing slightly. Early Wednesday morning, I got a phone call from Maj. Gary Oncale stating that my title was too vague. He asked me to resubmit it using a more specific title, so I did. I've appended the revised version here. The only change is the title in the second subject line. I called him back later on Wednesday afternoon to confirm receipt. He had received it, but had not yet assigned an official case number. He thought the number would probably be 079-94. I haven't called back to verify this yet, I will try to remember to do so tomorrow. --Phil Phil Karn 7431 Teasdale Avenue San Diego, CA 92122 karn at unix.ka9q.ampr.org (Internet) 619-587-8281 (voice) 619-587-1825 (fax) ATTN: Maj Gary Oncale - 15 Day CJ Request U.S. Department of State Office of Defense Trade Controls PM/DTC SA-6 Room 200 1701 N. Fort Myer Drive Arlington, VA 22209-3113 Fax +1 703 875 5845 ATTN: 15 Day CJ Request Coordinator National Security Agency P.O. Box 246 Annapolis Junction, MD 20701 Subject: Mass Market Software with Encryption - 15 Day Expedited Review Requested Subject: Commodity Jurisdiction Request for "APPLIED CRYPTOGRAPHY SOURCE CODE DISK" INTRODUCTION This is a Commodity Jurisdiction Request for mass market software with encryption capabilities. It is a followup to an earlier CJR (case 038-94, dated February 12, 1994) regarding the book "Applied Cryptography" by Bruce Schneier, published by John Wiley and Sons, ISBN 0-471-59756-2. In your reply of March 2, 1994, you explicitly limited your determination that the item was outside State jurisdiction to the book itself, explicitly excluding the source code diskettes available from the author. Hence my second request. The newly released diskette that is the subject of the present request should not be confused with the more comprehensive two-diskette set also available from the author. This new diskette is strictly limited to the source code that already appears in the book, which you have already determined to be public domain. Character by character, the information is exactly the same. The only difference is the medium: magnetic impulses on mylar rather than inked characters on paper. I have no DTC registration code. I have reviewed and determined that this diskette, the subject of this CJ request, meets paragraph 1 of the "Criteria for Determining the Eligibility of A Mass Market Software Product for Expedited Handling." I base this determination on the following facts: a) this diskette is readily available from the author by mail-order, thus qualifying it as mass market software; b) sufficient documentation is included to allow installation and use by any end user capable of compiling and executing it. To my knowledge the author provides no "product support" as that term is generally understood; and c) the diskette contains source code for encryption software that provides confidentiality. A duplicate copy of this CJR has been sent to the 15 Day CJ Request Coordinator. DESCRIPTION This diskette contains (and is limited to) the exact same source code printed in Part 5 of "Applied Cryptography", the subject of ODTC Case CJ 038-94. It is not to be confused with the more comprehensive two-disk set previously released by Mr. Schneier and mentioned in his book. Mr. Schneier's announcement (attached) lists the contents of this diskette. ORIGIN OF COMMODITY The diskette is available from Mr. Schneier, a US citizen living in the US. The price is $15. CURRENT USE The software on this diskette is provided for those who wish to incorporate encryption into their applications. Examples of the commercial use of these ciphers include integrity verification, authentication and confidentiality of electronic mail, computer software, voice, video and other information in digitized form. For example, the Internet's Privacy Enhanced Mail (PEM) project uses DES for confidentiality and MD5 for integrity. The Pretty Good Privacy (PGP) package uses IDEA and MD5 for the same purposes. PGP is now widely used around the world. The uses of these ciphers have not changed significantly over time, although their popularity has grown substantially. Their present military utility is unknown, except that it is believed that none of these algorithms are approved for the protection of US classified information. SPECIAL CHARACTERISTICS There are no military standards or specifications that this diskette is designed to meet. There are no special characteristics of the diskette, including no radiation-hardening, no ballistic protection, no hard points (the corners of the diskette are rounded), no TEMPEST capability, no thermal and no infrared signature reduction capability, no surveillance, and no intelligence gathering capability. The diskette does not use image intensification tubes. OTHER INFORMATION I recommend that this diskette be determined to be in the jurisdiction of the Commerce Department. I believe that it qualifies for the general license GTDA for General Technical Data to All Destinations, because it qualifies as "publicly available". ATTACHMENTS I have enclosed the announcement of this diskette's availability as published over various electronic mailing lists by the author. From: schneier at chinet.com (Bruce Schneier) Subject: announcement Date: Tue, 8 Mar 1994 14:21:25 -0600 (CST) ANNOUNCING: APPLIED CRYPTOGRAPHY SOURCE CODE DISK This disk includes all the source code from the book, Applied Cryptography: Vigenere, Beauford, Variant Beauford Enigma DES Lucifer NewDES FEAL-8 FEAL-NX REDOC III LOKI 91 IDEA N-HASH MD5 Secure Hash Algorithm (SHA) Secret Sharing The code is available either on a single 5.25 or 3.5 IBM-PC disk, or on a single 3.5 Macintosh disk. Cost: $15 Bruce Schneier Counterpane Systems 730 Fair Oaks Ave Oak Park, IL 60302 (708) 524-9461 schneier at chinet.com From Audun.Joesang at alcatel.no Fri Mar 11 00:31:52 1994 From: Audun.Joesang at alcatel.no (Audun.Joesang at alcatel.no) Date: Fri, 11 Mar 94 00:31:52 PST Subject: Surveillance Cameras Message-ID: <94031109294511@stkv03.alcatel.no> Last year I experienced to be the victime of efficient CCTV (Closed Circuit TV) surveillance in Bristol UK. My car was parked illegally and got towed away. Later at the police car pound I was told that all the streets could be seen through remote controlled zoom lens CCTV cameras mounted all around town, which made them able to efficiently direct their towing trucks. Somehow the equipment has to be payed off. Audun Josang. I used to be very uncertain, but now I'm not sure anymore. From ian at geography.leeds.ac.uk Fri Mar 11 01:55:52 1994 From: ian at geography.leeds.ac.uk (Ian Turton) Date: Fri, 11 Mar 94 01:55:52 PST Subject: Surveillance cameras Message-ID: <9574.9403110955@geography.leeds.ac.uk> Tim writes: > > Most American airports, especially those with international > connections, routinely videotape all passengers. I can't cite a source > for this, but I think it's common knowledge (not that this means its > true). There was an article in a recent New Scientist (maybe last week) that mentioned the use of infrared scans of faces to identify people since its very hard to change the thermal image of your face by surgery. The plan is to scan every one passing through the airport and forward the image to the FBI (or whoever the local cops are I guess, but it said FBI) and they check out thier database of know terorists (and cypherpunks) and it rings the local gaurds if they get a match. I can try to find the whole article if anyones interested. > --Tim May > > Ian Turton - School of Geography, Leeds University 0532 -333309 From unicorn at access.digex.net Fri Mar 11 05:00:10 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 11 Mar 94 05:00:10 PST Subject: Improvement of remailer security Message-ID: <199403111259.AA03559@access3.digex.net> ->\ I think the recent death-threat-to-Clinton desaster has made clear that the remailers we have are not very secure, mainly because incoming and outgoing mail seems to be monitored at many sites. <- Wait, the threat was posted with a remailer? I heard about the threat, not the remailer.... Details? -uni- (Dark) From mcable at cs.tufts.edu Fri Mar 11 06:22:29 1994 From: mcable at cs.tufts.edu (Matt Cable) Date: Fri, 11 Mar 94 06:22:29 PST Subject: Clipper: Denning v Barlow Debate on AOL In-Reply-To: <199403110601.WAA28602@mail.netcom.com> Message-ID: On Thu, 10 Mar 1994, Timothy C. May wrote: > K00L, RayDewd! Like, I'm glad dewdz like you can , like, _follow_ this > stuff. Maybe you can translate it into ordinary prose for old farts > like me, who favore multi-sentence paragraphs and even reasonably > thorough explications of ideas that don't fit into a single line of > repartee! > > No insult to Arsen Ray is meant, and there may even be some nuggets in > there I missed. But it sure does reinforce my hatred for "IRC" and > similar fora for the attention-challenged. From what I could see > scrolling by from Ms. Denning, she wasn't getting into the "dewd > repartee" either, showing that we have at least one thing in common. > > Repartee has its place, and we all do it. But the format here is not > conducive to getting views exchanged and coherent thoughts developed. > What a waste. > > Me, I'm not as polite as Ms. Denning. About one minute into this I > woulda said "Fuck this shit, I'm outta here!" > > --Tim May > you apparently didn't read the stuff preceeding the log. Those comments (with the (6)'s in front) are only heard by others in your row. Its all organized like an auditorium. Denning and Barlow didn't see any of that going on. *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* \|/ mcable at cs.tufts.edu Matt Cable <0-0> wozz at wozz.ext.tufts.edu MTUC Jackson Labs -----o00-O-00o----- wozzeck at mindvox.phantom.com Tufts University GCS/MU -d+ -p+ c++++ l++ u++ e+ m++(*) s++ !n h+ f* g+ w++ t+ r- y+ *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* From ravage at bga.com Fri Mar 11 06:54:07 1994 From: ravage at bga.com (Jim choate) Date: Fri, 11 Mar 94 06:54:07 PST Subject: ID Chips... Message-ID: <199403111453.AA19371@zoom.bga.com> As I understand it there was a proposal to install such chips in children to prevent kidnapping and such last year in Congress (don't remember if it was House or Senate). I question the validity of the chips use, seems to me that tatooing the ear of the pet and placing this in a database would be much more efficient and a LOT less expensive. It would not require the vet to buy any special equipment or buy access to special databases. Also, what about small towns and rural communities w/ insufficient tax base to purchase the equipment for general use by the community? I can see it now, a black van w/ tinted windows rolls slowly down your street interrogating all the pet transponders determining who lives where and then comparing this w/ the official records of residence... When you take this in concert w/ real-time (or even small delay) financial record searches, the loss of freedom of speech, limitations on assembly, criminalization of crypto, etc. you are building a realy spooky scenario... I think I would prefer to have my cat or dog tatood instead of transpondered. From pat at tstc.edu Fri Mar 11 07:07:48 1994 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Fri, 11 Mar 94 07:07:48 PST Subject: Announce list? Message-ID: <9403111507.AA00817@tstc.edu> What is the cypherpunks announce-list administrative address? From rperkins-remailer at nyx.cs.du.edu Fri Mar 11 07:29:54 1994 From: rperkins-remailer at nyx.cs.du.edu (rperkins-remailer at nyx.cs.du.edu) Date: Fri, 11 Mar 94 07:29:54 PST Subject: MAIL: and re: coming police state Message-ID: <9403111530.AA05943@nyx.cs.du.edu> -----BEGIN PGP SIGNED MESSAGE----- > I myself am very new to the net, and also to crypto, so I have not > seen these papers before. Is ther an archive where I could find them? > Or could you possibly mail me a copy of your "Remailers: The Next > Generation" if it is You can find this document via gopher to chaos.bsu.edu; look in the "Anonymous Mail" directory for "Next Generation Remailers". If the remailer is set up properly you should be able to receive your ordinary mail as well. Make sure though, the remailers I ran on rosebud dropped mail because the incoming mail directory was in a different place (something like /usr/mail instead of /usr/spool/mail). But I liked this behavior so I left it ;) Karl Barrus -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYCOBIOA7OpLWtYzAQHT/QP+MywPIgTPc+HX//IGANwDejJM5KrHS3Le a+nBTgEYBMiijjBwyuqsMyHpya4/jDWDAlnTEe9c0I5f3WIsa8ALNYoWFVysIN46 pfDO6lHevmkbxcgOEhOpfEUgOwayAtXpRLoIj2z00Splkz48bdGPWvvJ8AZzBrQt ukMEyfaP2ss= =C5Dc -----END PGP SIGNATURE----- From eichin at paycheck.cygnus.com Fri Mar 11 07:30:30 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Fri, 11 Mar 94 07:30:30 PST Subject: The Coming Police State In-Reply-To: <199403110637.WAA03791@mail.netcom.com> Message-ID: <9403111521.AA01143@paycheck.cygnus.com> writes: >> prepared me for my later role as a hunted CyberFelon. ("Shockwave" is >> also credited by many to be one of the first mentions of "worms" in >> computers....though Brunner may've been talking to folks at Xerox >> PARC...wormly cross-fertilization.) and I digress wildly: Mid-November, 1988, after the great Morris Worm Stomp[1], a bunch of people who'd helped hunt the Worm were invited to the NCSC[2] to give talks at a "Post-Mortem", as it were. The MIT and Berkeley crowds had the most real technical data on it[3], though at least one of the government labs had done a fair job at decompiling it. The relevant part was that while the NCSC didn't have much useful info on the Worm itself[4] they had *categorized* it, and among their spiffy color slides, they had a "taxonomy" slide which surprised me by including Brunner's worm. The NCSC seems to officially credit Brunner as the first literature reference to the idea... _Mark_ [1] See , by Mark Eichin and Jon Rochlis. [2] National Computer Security Center (*.ncsc.mil) [3] if I may say so myself :-) MIT was represented by Jon Rochlis and myself; we presented a draft of [1]. Berkeley was well represented as well. [4] It turned out that the group that handled it was mostly PC oriented, and didn't have a vax or 68k debugger on hand. From mcglk at cpac.washington.edu Fri Mar 11 07:37:06 1994 From: mcglk at cpac.washington.edu (Ken McGlothlen) Date: Fri, 11 Mar 94 07:37:06 PST Subject: Surveillance cameras In-Reply-To: <9574.9403110955@geography.leeds.ac.uk> Message-ID: <9403111539.AA26963@yang.cpac.washington.edu> ian at geog.leeds.ac.uk (Ian Turton) writes: | There was an article in a recent New Scientist (maybe last week) that | mentioned the use of infrared scans of faces to identify people since its | very hard to change the thermal image of your face by surgery. The plan is | to scan every one passing through the airport and forward the image to the | FBI [...] "Stewardess? Could I get some extra ice?" IR scans can be *so* easily messed up that I'm amazed anyone is seriously suggesting this. A facial scan can be messed up by downing a cold drink. Downing a hot drink. Ambient temperature. Sweating. Sucking an ice cube, though, is one of the easiest. Or just running it across your forehead and cheeks. Even a hat can mess one up as far as recognition purposes go. ---Ken McGlothlen mcglk at cpac.washington.edu mcglk at cpac.bitnet mcglk at c3po.ring.wizards.com (NeXTmail) From smb at research.att.com Fri Mar 11 08:27:45 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 11 Mar 94 08:27:45 PST Subject: The Coming Police State Message-ID: <9403111627.AA19317@toad.com> writes: >> prepared me for my later role as a hunted CyberFelon. ("Shockwave" is >> also credited by many to be one of the first mentions of "worms" in >> computers....though Brunner may've been talking to folks at Xerox >> PARC...wormly cross-fertilization.) and I digress wildly: Mid-November, 1988, after the great Morris Worm Stomp[1], a bunch of people who'd helped hunt the Worm were invited to the NCSC[2] to give talks at a "Post-Mortem", as it were. The MIT and Berkeley crowds had the most real technical data on it[3], though at least one of the government labs had done a fair job at decompiling it. The relevant part was that while the NCSC didn't have much useful info on the Worm itself[4] they had *categorized* it, and among their spiffy color slides, they had a "taxonomy" slide which surprised me by including Brunner's worm. The NCSC seems to officially credit Brunner as the first literature reference to the idea... Personally, I give the credit to David Gerrold, in ``When Harlie Was One''. Here's a netnews posting of mine that explains my reasoning. From GERSTEIN at SCSUD.CTSTATEU.EDU Fri Mar 11 08:44:08 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Fri, 11 Mar 94 08:44:08 PST Subject: Getting started with crypto Message-ID: <940311114226.2022cd25@SCSUD.CTSTATEU.EDU> Hey there all. I've been lurking here for a while, and I wanted to know if any of you can recomend some books for me to read so I can get started with crypto. Reason A) So that I can understand more of what you are saying. Reason B) Because I find the topic fascinating and want to learn more about it, as well as maybe (only possibly) write my own encrytption program (for personal use and the like) Any info would be greatly appreciated.... Adam Gerstein GERSTEIN at SCSU.CTSTATEU.EDU =-=-=-=-=-=-=-=-=-=-= OPPOSE CLIPPER-=-OPPOSE CLIPPER-=-OPPOSE CLIPPER-=-OPPOSE CLIPPER-=-OPPOSE CLIPP From sandfort at crl.com Fri Mar 11 09:13:45 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 11 Mar 94 09:13:45 PST Subject: money... In-Reply-To: <9403100238.AA20964@runner.utsa.edu> Message-ID: On Wed, 9 Mar 1994, David L Womack wrote: > . . . The rumor is > that it is possible to detect, at a modest > distance, the existance of and the amount > of currancy being carried. Thus, if a person > boarded an airplane carrying $12,000 in cash > in a money belt, it would be possible to > detect that fact. The rumor expands that > this has in fact already been implemented at > one airport (at least). > > Any thoughts? > *IF* this is true, you will probably still have the "Taco Bell" solution available to you for the foreseeable future ("Run for the Border"). When that gets shut down, there will still be private aircraft and private yachts. But by that time, you'll be able to just send digital cash out of the country. S a n d y From vhum5462 at sfsuvax1.sfsu.edu Fri Mar 11 09:30:32 1994 From: vhum5462 at sfsuvax1.sfsu.edu (student) Date: Fri, 11 Mar 94 09:30:32 PST Subject: newuser Message-ID: send info please concerning cypherpunks. I am a student in Arthur Chandlers "Cyberspace" class. From matsb at sos.sll.se Fri Mar 11 09:54:26 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Fri, 11 Mar 94 09:54:26 PST Subject: The Puzzle Palace In-Reply-To: <199403101826.LAA08734@pmip.dist.maricopa.edu> Message-ID: On Thu, 10 Mar 1994, Eric Johnson wrote: > Does anyone know what James Bamford is up to these days? Any chance he > will write such a book? And I would like to know if there is a recent issue of The Puzzle Palace and if so, where. I have problems negotiating for it at Stockholm bookstores, they have been stalling for several months. Thank you. //mb From tcmay at netcom.com Fri Mar 11 09:59:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 11 Mar 94 09:59:10 PST Subject: The Coming Police State In-Reply-To: Message-ID: <199403111759.JAA15819@mail.netcom.com> Grand Epopt Feotus wrote: > I myself am very new to the net, and also to crypto, soI > have not seen these papers before. Is ther an archive > where I could find them? Or could you possibly mail me a > copy of your "Remailers: The Next Generation" if it is > not already archived someplace I could find it. I do > have a fw questions about remailers myself actually. > Would I still be able to recieve mail at my account? > Just how much attention does it bring? Is it feasible > for a student on a conservative system(read fascist) to > get away with a low profile one? I know low profile is > not the goal, but I do want to help if possbile. Briefly: 1. Many articles and papers are available at the soda.berkeley.edu site, in pub/cypherpunks. Look around there. The 1981 Chaum paper is not (too many equations for easy scanning), but the 1988 paper on Dining Cryptographers Nets is. 2. The "online gneration" tends to want all material online, I know, but most of the good stuff is to be found in paper form, in journals and books. This is likely to be the case for many years to come, given the limitation of ASCII, the lack of widespread standards (yes, I know about LaTex, etc.), and the academic prestige associated with bound journals and books. Fortunately, you can _all_ find university libraries within driving range. Take my advice: if you do not spend at least an entire Saturday immmersing yourself in the crypto literature in the math section of a large library, perusing the "Proceeedings of the Crypto Conference" volumes, scanning the textbooks, then you have a poor foundation for doing any crypto work. (Epopt is in Delaware, he has said, and his email address confirms. U. of Delaware will surely have CACM, and probably the main crypto books. If not, Princeton is not too far away.) 3. Schneier's book is another essential place to look (though he spends little space on DC Nets). Brassard's little book is also nice. 4. I will forward to Epopt (is this a name or an Illuminati title?) a copy of my article on Second Gen. remailers. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri Mar 11 10:17:42 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 11 Mar 94 10:17:42 PST Subject: The Puzzle Palace In-Reply-To: Message-ID: <199403111818.KAA18494@mail.netcom.com> Mats Bergstrom writes: > > On Thu, 10 Mar 1994, Eric Johnson wrote: > > > Does anyone know what James Bamford is up to these days? Any chance he > > will write such a book? > > And I would like to know if there is a recent issue of The Puzzle Palace > and if so, where. I have problems negotiating for it at Stockholm > bookstores, they have been stalling for several months. Thank you. James Bamford is serving a mandatory 25 years-to-life sentence in the Eric Blair Correctional Facility in Oceania. He was caught on his way to Stockholm attemting to illegally export three copies of "The Puzzle Palace" and under the "Three Strikes and You're Out" law, will face incarceration for the rest of his life. The former director of the NSA, General William Odom, once met Bamford, recoiled, and said "Sir, I consider you an unindicted felon." Bamford is still an editor on a Long Island newspaper (perhasp "Newsday"?) and, so far as I know, has no plans to write a new book. He is also a commentator for either one of the U.S. television networks (ABC, I think). The _paperback_ edition of "The Puzzle Palace" came out in 1983 and had a _few_ new items updated from the 1982 hardback, but not enough to worry about. While I recommend that all readers of this list read the Bamford book, the public-key crypto section is only several pages long and may be disappointing to many of you. I would imagine that some large libraries in Sweden will have it, as it as a standard reference work in political science and history. In the U.S., it is _widely_ available....I see many copies in used book stores. It is possible that I can buy some of these copies, and of other books, and arrange to mail them to deprived folks, especially in other countries. (No promises, and don't flood me with requests. More details to follow, if there's interest.) Steven Levy ("Hackers," "Artificial Life") is writing a book on crypto issues and will be at the Saturday Cypherpunks meeting in Mountain View. I recall that he has talked to Bamford in the past, and certainly plans to interview him for the book. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From karn at unix.ka9q.ampr.org Fri Mar 11 10:20:07 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Fri, 11 Mar 94 10:20:07 PST Subject: 2nd CJ update Message-ID: <199403111817.KAA08508@unix.ka9q.ampr.org> Looks like the stalling tactics have begun. I just got a phone call from "Susan Shea" from the National Security Agency. She said that to "make a better determination" she would need a copy of the diskette. I explained (as I had in my written request) that the diskette in question contained exactly the same source code as was printed in Part 5 of the book Applied Cryptography, byte for byte. But she claimed that as she did not have a copy of that, she would still need the diskette. Right. The NSA doesn't have a copy of Applied Cryptography, and has never seen one. Yet, apparently, they signed off on my original CJ request to export the printed book (the State letter mentions comments from the Department of Defense, which is always a code phrase for the NSA in such situations). Sigh. I will send it off to them. This should buy them about two days, unless I get really extravagant and switch from Priority Mail to Express Mail... Phil PS. Does anybody consider it odd that someone from the NSA would actually identify themselves as such? From smb at research.att.com Fri Mar 11 10:30:00 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 11 Mar 94 10:30:00 PST Subject: 2nd CJ update Message-ID: <9403111829.AA20371@toad.com> Looks like the stalling tactics have begun. I just got a phone call from "Susan Shea" from the National Security Agency. She said that to "make a better determination" she would need a copy of the diskette. I explained (as I had in my written request) that the diskette in question contained exactly the same source code as was printed in Part 5 of the book Applied Cryptography, byte for byte. But she claimed that as she did not have a copy of that, she would still need the diskette. Right. The NSA doesn't have a copy of Applied Cryptography, and has never seen one. Yet, apparently, they signed off on my original CJ request to export the printed book (the State letter mentions comments from the Department of Defense, which is always a code phrase for the NSA in such situations). It's not that ``NSA'' doesn't have the book; it's that that office may not. Or at least, making that claim isn't totally beyond the realm of possibility. As for the original request -- they *don't* want to rule that a book needs a license, of any sort; it opens them up to judges who understand books but not floppies. (Let me commend to this audience Kenneth Pierce's paper ``Public Cryptography, Arms Export Controls, and the First Amendment: A Need for Legislation'', Cornell International Law Journal vol. 17, 1984, pp. 197--236 -- it's a very good summary of the legal issues. Though the details of the ITAR have changed, the underlying legal theories have not.) Sigh. I will send it off to them. This should buy them about two days, unless I get really extravagant and switch from Priority Mail to Express Mail... Phil PS. Does anybody consider it odd that someone from the NSA would actually identify themselves as such? My impression is that they've realized that that game is a bit stupid at this point, and that they're giving up on unnecessary secrecy. From tcmay at netcom.com Fri Mar 11 10:46:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 11 Mar 94 10:46:55 PST Subject: Brunner vs. Gerrold on "worms" and "viruses" In-Reply-To: <9403111627.AA19317@toad.com> Message-ID: <199403111847.KAA22151@mail.netcom.com> Steve Bellovin cites David Gerrold as an early, perhaps the earliest, for mention of worms or viruses in computers: > Personally, I give the credit to David Gerrold, in ``When Harlie Was One''. > Here's a netnews posting of mine that explains my reasoning. > > > >From postnews Wed Jun 24 20:14:53 1992 > Subject: Re: Viruses DO belong here! > Newsgroups: comp.security.misc ... > If we're going to use science fiction as sources -- and for terminology, > why not? -- I'll see your ``Shockwave Rider'' and raise you ``When Harlie > Was One'', by David Gerrold, copyright 1972. (Portions of the book > appeared earlier; I don't know if this section was included.) Anyway, > here are some relevant quotes. (N.B. I'm quoting the original version, > not the later ``Release 2.0''.) > > ``Do you remember the VIRUS program?'' I have my circa 1972 copy of "Harlie" packed away, but my recollection of this issue (sorry, no citations) is as follows" * the _original_ version actually published in 1972 was an abridgement, by Gerrold and his publisher, of his original manuscript. I've read interviews with Gerrold in which he described how the section on viruses was _deleted_. (This is my recollection, from stuff I read around the time of the Morris worm, when Brunner was getting the credit for inspiring Morris Jr. and others, and some were citing "When Harlie was One." Like I said, my recollection may be faulty.) * He also did an expanded version (the "Release 2.0" Steve cited), updating the science and technology. This came out in 1988. * but I also recall Gerrold saying that before Release 2.0 came out, he and his publishers put back in some of the virus stuff into later _printings_ of the 1972 version, seeing the interest in worms and the like that Brunner's book had engendered. (This could help explain Gerrold's mention of a "science fiction author," unless he was self-referentially referring to himself.) If the virus stuff is in the copies actually _printed_ before Brunner's book, I agree that Gerrold deserves more credit than he usually gets. If, however, the comments came from later printings and cannot be found in pre-1976 printings, I think Gerrold cannot claim quite as much credit. I'll try to dig up my old 1972-3 copy, and will look in a used book store in Santa Cruz today for one. (And Bamford, too, for shipment to others.) Not that the fate of the world hinges on this.... --Tim May From jim at bilbo.suite.com Fri Mar 11 10:51:36 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 11 Mar 94 10:51:36 PST Subject: What's so bad about a Surveillance State? Message-ID: <9403111845.AA10599@bilbo.suite.com> It is obvious to me that many people in the government wish to turn the US into a surveillance state. What wrong with that? Seems like a lot of good could come from it. Now that I have you're attention... E-mail me your reasons why a surveillance state is a good thing or a bad thing. I will summarize both the pros and cons and repost them to the list. Jim_Miller at suite.com From m5 at vail.tivoli.com Fri Mar 11 10:54:09 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 11 Mar 94 10:54:09 PST Subject: 2nd CJ update In-Reply-To: <199403111817.KAA08508@unix.ka9q.ampr.org> Message-ID: <9403111853.AA10812@vail.tivoli.com> Phil Karn writes: > Looks like the stalling tactics have begun. I just got a phone call > from "Susan Shea" from the National Security Agency. She said that to > "make a better determination" she would need a copy of the diskette. Well, this *might* be a stalling tactic, or it might just be typical bureaucratic behavior. Put yourself in the bureaucrat's place: you start working on this problem, and you decide everything looks OK for approving the request. You take the approval form to your superior for a sign-off, and she asks "How thoroughly did you examine the material?" Nobody in their right mind would want to be in this position and have to answer "Well, I didn't look at it at all. They said it was the same as this other stuff here." -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From mg5n+ at andrew.cmu.edu Fri Mar 11 11:09:14 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 11 Mar 94 11:09:14 PST Subject: Improvement of remailer security In-Reply-To: <199403111259.AA03559@access3.digex.net> Message-ID: -uni- (Dark) wrote: > Wait, the threat was posted with a remailer? > > I heard about the threat, not the remailer.... > > Details? No, it was done using port 25. However, it would be a good idea to block whitehouse.gov for any of you who run remailers. Appearantly, this wasn't the first time it's happened, but it is the highest profile case. According to several people here, someone at CMU pulled a similar stunt last year. He didn't get arrested, but the SS had a nice long chat with him. Appearantly the SS investigates dozens of such prank mails every year... From tcmay at netcom.com Fri Mar 11 11:09:53 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 11 Mar 94 11:09:53 PST Subject: The Agency Whose Name May Not Be Spoken In-Reply-To: <199403111817.KAA08508@unix.ka9q.ampr.org> Message-ID: <199403111910.LAA25678@mail.netcom.com> > > Phil > > PS. Does anybody consider it odd that someone from the NSA would actually > identify themselves as such? > They've been doing this for years. There's even a nice sign outside the Fort Meade facility saying "National Security Agency." (It also said "No photography allowed," but I snapped some anyway when I was visiting the area in April, 1992. The NSA sign apparently went up only months earlier.) Such "outings" of spy agency names follow a similar progression: ignorance, denial, revelation, overexposure, nonchalance. I can recall when I was attending Langley High School, in Northern Virginia of course, that the CIA headquarters next to Langley H.S. only had a sign saying "Department of Transportation Testing Track," or somesuch. This was circa 1967. (Of course, keeping "secret" the location of the CIA headquarters was a joke....we all knew it, and so did the Russians, etc.) -- in the early 1970s, the CIA became widely known (hated on campus, etc.). -- in the early 1980s, the NSA become widely known (well, widely known to a certain class of activists and folks like us) (Prior to the 1980s, mention of NSA was rarely made. Employees of NSA didn't mention it, and "Fort George Meade" was the only thing mentioned. Prior to the mid-70s, the NSA name never even appeared in Congressional budgets or reports. Its existence was very widely known, though.) -- in the late 1980s, the National Reconnaissance Office (NRO) became known to the public (e.g., the book "Deep Black," about spy satellites...also the works of Richelson and others). Makes you wonder what TLAs are still largely unknown to the public. Paraphrasing "She," "The Agency Whose Name May Not be Spoken." My bet is that FinCEN is just the tip of the iceberg. I have reason to believe an economic espionage unit has been in existence for many years, deriving from the Economic Warfare Unit in World War II. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lefty at apple.com Fri Mar 11 11:29:18 1994 From: lefty at apple.com (Lefty) Date: Fri, 11 Mar 94 11:29:18 PST Subject: The Agency Whose Name May Not Be Spoken Message-ID: <9403111928.AA10197@internal.apple.com> >(Prior to the 1980s, mention of NSA was rarely made. Employees of NSA >didn't mention it, and "Fort George Meade" was the only thing >mentioned. Prior to the mid-70s, the NSA name never even appeared in >Congressional budgets or reports. Its existence was very widely known, >though.) As Bamford mentions in _The Puzzle Palace_, it was, in fact, a Federal offense for NSA employees to state that they worked for the NSA up until, I believe, the mid-to-late-70s. The standing joke in Washington was that "NSA" stood for "No Such Agency". -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From stig at netcom.com Fri Mar 11 11:55:53 1994 From: stig at netcom.com (Stig) Date: Fri, 11 Mar 94 11:55:53 PST Subject: MBONE IN CLEVELAND? In-Reply-To: <9403081911.AA13066@ah.com> Message-ID: Hey, I'm eastbound on I-70. I *might* be able to make cleveland by tomorrow. Can someone please EMAIL me directions to the Cleveland MBONE site??? Thanks much, Stig... the hackvan is finally online. :-) ; -------------------------------------------------------------------------- ; ; I am looking for a new contract and/or 'The Right Job.' ; I do EMACS & GDB extensions, toolbox work, embedded systems, Linux work. ; I write C/C++, LISP, Perl, Tcl/Tk, assembler... My van runs Linux. ; ; ASK FOR MY RESUME: Stig at netcom.com ; ; -------------------------------------------------------------------------- From gtoal at an-teallach.com Fri Mar 11 13:43:12 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 11 Mar 94 13:43:12 PST Subject: Surveillance cameras Message-ID: <199403112141.VAA12634@an-teallach.com> : From: "Timothy C. May" : Most American airports, especially those with international : connections, routinely videotape all passengers. I can't cite a source : for this, but I think it's common knowledge (not that this means its : true). : The recent film "The Pelican Brief" has this as a plot device, with a : terrorist captured on tape on his departure to Paris. : Paranoid note: Ear shapes are said to be a fairly unique : characteristic, hard to disguise, and easy for computers to process ( : a line scan). This may mean the return of long hair. (No wonder Biometric technology, unfortunately, is advancing too rapidly :-( New Scientist this week ran a story on how the US is investing in a new system which takes a 'heat print' of your face. You can be sure your face will go on file next time you enter the US through immigration. They say that the IR photo of your face is much much harder to fool even with cosmetic surgery. I guess you'd have to implant popsicles under your forehead or something :-( G From frode at toaster.SFSU.EDU Fri Mar 11 14:47:51 1994 From: frode at toaster.SFSU.EDU (Frode Odegard) Date: Fri, 11 Mar 94 14:47:51 PST Subject: ID Chips... Message-ID: <9403112245.AA26604@toaster.SFSU.EDU> Jim choate writes: > As I understand it there was a proposal to install such chips in children > to prevent kidnapping and such last year in Congress (don't remember if it > was House or Senate). > ... Do you remember who the representative was? (Or does anyone else?) This is good material to make sure the person does not get re-elected! F. From boldt at math.ucsb.edu Fri Mar 11 14:49:41 1994 From: boldt at math.ucsb.edu (Axel Boldt) Date: Fri, 11 Mar 94 14:49:41 PST Subject: Improvement of remailer security In-Reply-To: <0hU0Y5y00awMF4PmwP@andrew.cmu.edu> Message-ID: <9403112246.AA14599@emile> On Fri, 11 Mar 1994 01:00:37 -0500 (EST), Matthew J Ghio said: > boldt at math.ucsb.edu (Axel Boldt): >> Even the current pgp encryption scheme offered by some remailers >> doesn't help much, once the incoming and outgoing messages are >> known: just take the outgoing message from the remailer, encrypt >> it with the remailer's public key, compare this to the incoming >> messages and you know who sent this message (repeat if a chain >> of remailers was used). > Nope... PGP encrypts the message with a random IDEA key, and then > encrypts the IDEA key with RSA. You'd have to guess which IDEA key was > used, and encrypt that with RSA. The SS couldn't guess 2^128 possible > IDEA keys [...] Thanks for pointing this out. I wasn't aware of the fact that pgp encrypting is not deterministic in the sense that encrypting the same message with the same public key need not result in the same output. I guess that makes my whole suggestion pointless. Axel P.S. Pardon my ignorance: Doesn't this scheme you describe above make the random generator the most attackable part of pgp encryption, thereby sidestepping the whole RSA stuff? From mpd at netcom.com Fri Mar 11 14:57:09 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 11 Mar 94 14:57:09 PST Subject: 2nd CJ update Message-ID: <199403112257.OAA13815@mail.netcom.com> From: Phil Karn writes: > (the State letter mentions comments from the Department of Defense, > which is always a code phrase for the NSA in such situations). > PS. Does anybody consider it odd that someone from the NSA would > actually identify themselves as such? Maybe the agency is getting less paranoid now that it is more publicly known. Back in the early '80s, everyone working there used to say only that they worked for the Department of Defense. I also recall that they used to get quite upset if you called someone's phone inside the agency and said the words "National Security Agency" while talking to them. They answered their phones by simply saying "Hello" and gave no other identifying information. Now they probably have a public relations department. :) -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From wcs at anchor.ho.att.com Fri Mar 11 15:11:48 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 11 Mar 94 15:11:48 PST Subject: money... Message-ID: <9403112310.AA05626@anchor.ho.att.com> Sandy writes: > On Wed, 9 Mar 1994, David L Womack wrote: > > . . . The rumor is > > that it is possible to detect, at a modest > > distance, the existance of and the amount > > of currancy being carried. Thus, if a person Seems nonsensical. Detectors of money containing trace amounts of magnetized metals would have real trouble with other magnetized metal going by, and they're not going to stop people at airports to check whether they're carrying lots of currency or a book snuck out of the library without getting *lots* of abuse from business travellers. Once we've had our National Health ID Smart Cards upgraded to non-privte digicash, maybe they'll think about adding transponders... > *IF* this is true, you will probably still have > the "Taco Bell" solution available to you for the > foreseeable future ("Run for the Border"). > When that gets shut down, there will still be > private aircraft and private yachts. About 5 years ago, the government put a "luxury tax" on boats; you had to get a registration sticker for any size boat that a rational individual might use to get in/out of the country. My immediate reaction was that it was for identifying who might be escaping or smuggling drugs or illegal immigrants. The tax was small, maybe $25, but they could ding you for not having the sticker on your boat. There was some effort by boaters to get rid of it, but I think it's still there. ("Rational individual", above, doesn't count people immigrating from Cuba on windsurfers :-) Bill From warlord at MIT.EDU Fri Mar 11 15:17:28 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 11 Mar 94 15:17:28 PST Subject: Improvement of remailer security In-Reply-To: <9403112246.AA14599@emile> Message-ID: <9403112317.AA16190@toxicwaste.media.mit.edu> > P.S. Pardon my ignorance: Doesn't this scheme you describe above make > the random generator the most attackable part of pgp encryption, > thereby sidestepping the whole RSA stuff? Yes, the reason for all the work on Good (TM) Random Numbers.. :-) -derek From gtoal at an-teallach.com Fri Mar 11 18:09:46 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 11 Mar 94 18:09:46 PST Subject: money... Message-ID: <199403120208.CAA02988@an-teallach.com> Seems nonsensical. Detectors of money containing trace amounts of magnetized metals would have real trouble with other magnetized metal going by, and they're not going to stop people at airports to *If* this were true (which I strongly doubt at the 99% confidence level), it would work not with metal detection but with detection of a tuned circuit which would oscillate at a harmonic if you broadcast a certain frequency at it. There are several patents for such circuits - they're used in little strips that are slid down the spine of library books for instance. It could only ever be a gross detection measure - I guess it could be made to catch sums considerably over the 10,000$ cash limit quite effectively. But the fact is, people can strip a bill down and *look* at these things for themselves. I seriously doubt any such technology would remain invisible to some lab hack who in an idle moment put it under his SEM for a quick peek. (*any* school that fabs its own ICs could do it trivially in seconds.) G From kryten at shell.portal.com Fri Mar 11 18:26:00 1994 From: kryten at shell.portal.com (Greg - Kucharo) Date: Fri, 11 Mar 94 18:26:00 PST Subject: Other Spy Agencies Message-ID: <199403120226.SAA15428@jobe.shell.portal.com> We have talked plenty on the list about the NSA.What about the spy agencies of other nations?What do they have to offer in the way of crypto roadblocks.Maybe an exchange of crypto ideas could turn up intresting info from foreign agencies But I can picture life in San Quentin for espinoge.I can see the scene now, "Im in for triple murder,how about you? I got 40 years for telling the Swedes about RSA so don't screw with me pal!Crypto huh,your one sick con." -- Greg Kucharo kryten at shell.portal.com University of Maximegalon College of Computer Science This .sig contains much that is apocryphal,or at least wildly inaccurate. From tcmay at netcom.com Fri Mar 11 18:34:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 11 Mar 94 18:34:12 PST Subject: Other Spy Agencies In-Reply-To: <199403120226.SAA15428@jobe.shell.portal.com> Message-ID: <199403120234.SAA25171@mail.netcom.com> > We have talked plenty on the list about the NSA.What about the spy agencies of > other nations?What do they have to offer in the way of crypto roadblocks.Maybe > an exchange of crypto ideas could turn up intresting info from foreign agencies > But I can picture life in San Quentin for espinoge.I can see the scene now, > "Im in for triple murder,how about you? I got 40 years for telling the Swedes > about RSA so don't screw with me pal!Crypto huh,your one sick con." > -- > Greg Kucharo > kryten at shell.portal.com University of Maximegalon College of Computer Science I've read many books about the intellignence establishment, including some that deal at length with foreign (non-U.S., that is) intelligence agencies and their practices. Most folks on this list have never heard of Chobetsu or the BND. My point? These books are freely available and the authors know a thousand times what we know about these things...and yet they aren't facing espionage charges. So, discuss away! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rishab at dxm.ernet.in Fri Mar 11 19:20:47 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 11 Mar 94 19:20:47 PST Subject: No Subject Message-ID: > > if the clipper chip passed. what's stopping > > corrupt government people from selling access > > to the encryption to the highest bidders to spy > > on competitors communications. > Nothing. > --Dave. What stops a *corrupt* government from shooting you if you dissent? You have to assume *some* degree of respect of laws or the constitution; the fact is that those in power, *when* in power, could possibly ignore all laws. Obviously, there's no point discussing such situations; obviously however pro- Clipper etc a government may be, it is still very far from any such situation. ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ----------------------------------------------------------------------- From rishab at dxm.ernet.in Fri Mar 11 19:20:48 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 11 Mar 94 19:20:48 PST Subject: No Subject Message-ID: cowen at glia.biostr.washington.edu: though joe 6-pack might not vote, and likely won't even understand about the crypto of it all. he would understand the police listening in on his conversations with jill 6-pack. and not like it to well. i do think The police can listen in anyway... In fact, so can anyone. And it's much easier for the police to listen in now, than it will be after Clipper. Joe 6-pack may not really worry about Clipper. In fact, Joe 6-pack may even be persuaded by Dr. Denning that Clipper will only be bad for criminals. As much of the public does not necessarily share our objection to Clipper, which is a matter of *principle*, really. The only people who might be adversely affected by Clipper *in practice* are those who are lulled into a sense of false security that Clipperphones are secure, when they're not. Joe 6-pack is not even likely to *buy* a Clipperphone, he's quite happy talking to Jill over plaintext lines, and hasn't yet raised a furour over the LE right to (after 'due procedure') listen in to the *plaintext* lines. ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ----------------------------------------------------------------------- From rishab at dxm.ernet.in Fri Mar 11 19:20:48 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 11 Mar 94 19:20:48 PST Subject: No Subject Message-ID: > "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich > Partners, two-thirds said it was more important to protect the privacy of > phone calls than to preserve the ability of police to conduct wiretaps. > When informed about the Clipper Chip, 80% said they opposed it." Reminds me of the hilarious "How to lie with statistics". What 1000 Americans? The sort who read Time magazine? These are probably much more likely to be against Clipper anyway. Any Joe 6-packs? Probably not. "When informed" - what, and how was the information presented? Clipper can be described as an NSA plot to listen in to everyone. Or a measure against drug dealers and mafia that happens to provide more privacy to everyone using ordinary phones at the moment. It's not a good idea to take this debate to the ordinary public. The Congress, yes, Time readers, yes, but not Joe 6-pack, who quite happily gave up his gun is not likely to be concerned about principles of privacy. Particularly as an open debate could easily swing towards, and focus on, possible and current misuses of crypto technology, rather than any benefits. Joe is not as untrusting of governments as cpunks are, nor is he likely to appreciate digicash, anon posting or the Blacknet article. ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ----------------------------------------------------------------------- From jeremy at crl.com Fri Mar 11 19:41:17 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Fri, 11 Mar 94 19:41:17 PST Subject: your mail In-Reply-To: Message-ID: > > Reminds me of the hilarious "How to lie with statistics". What 1000 Americans? > The sort who read Time magazine? These are probably much more likely to be > against Clipper anyway. Any Joe 6-packs? Probably not. > >From what I know, most of these surveys are conducted by random dialing. It's much more compilcated than that though. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From paul at hawksbill.sprintmrn.com Fri Mar 11 19:43:54 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 11 Mar 94 19:43:54 PST Subject: your mail In-Reply-To: Message-ID: <9403120345.AA22974@hawksbill.sprintmrn.com> rishab at dxm.ernet,in writes - > The police can listen in anyway... In fact, so can anyone. And it's much easier > for the police to listen in now, than it will be after Clipper. > > Joe 6-pack may not really worry about Clipper. In fact, Joe 6-pack may even be > persuaded by Dr. Denning that Clipper will only be bad for criminals. > > As much of the public does not necessarily share our objection to Clipper, > which is a matter of *principle*, really. The only people who might be > adversely affected by Clipper *in practice* are those who are lulled into a > sense of false security that Clipperphones are secure, when they're not. > Joe 6-pack is not even likely to *buy* a Clipperphone, he's quite happy talking > to Jill over plaintext lines, and hasn't yet raised a furour over the LE right > to (after 'due procedure') listen in to the *plaintext* lines. I'm fairly "lipped-sealed" when it comes to most chit-chat, keeping my big mouth shut. I ususally chime in when least expeected, and when most insidious. You, on the other end of the spectrum, seem to have a desire to open your mouth without a deep understanding of the encryption dilemma. That's okay. Cypherpunks objectives totally "fix" your subjective scenario(s). Dig around a bit... _______________________________________________________________________________ Paul Ferguson Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From bugs at netsys.com Fri Mar 11 19:47:17 1994 From: bugs at netsys.com (Mark Hittinger) Date: Fri, 11 Mar 94 19:47:17 PST Subject: mo money woe Message-ID: <199403120350.AA11570@netsys.com> > G writes: >But the fact is, people can strip a bill down and *look* at these things >for themselves. I seriously doubt any such technology would remain >invisible to some lab hack who in an idle moment put it under his SEM >for a quick peek. (*any* school that fabs its own ICs could do it >trivially in seconds.) > Then anonymous writes: > On a slightly related topic, I know of an instance where the > Secret Service located a stolen color copier with somewhat > greater speed than one might have expected. > >Is it possible that these machines either: >(1) contain transponders >or >(2) hide a "signature" in their output ??? I was watching CNBC today and saw that some european banks were having trouble with counterfeit 100 dollar bills. They are calling them "super bills" because they only seemed to have three minor flaws that most experts would not detect. They said that a magnifying glass would not be enough to detect these flaws. Cut to your friendly secret service guy looking at two 100 dollar bills under a microscope. The SS said that they would figure out who was doing it and bust them. The guy actually had a smirk on his face. I suppose the quality of the work is so good; that alone narrows down the field of possibilities. The interpol was speculating that over 1 billion of these superbills were now in circulation. Wow. And I figured the US government was going to drive the dollar into oblivion all by itself! Perhaps they will have help along the way. Perhaps people may be driven to Sandy's (et al) digital cash simply because the technology to counterfeit paper cash is becoming more reliable and available with each passing day. It would be one of those weird things that happen if people were driven to bin-bucks not because of the desire for anonymity - but rather the desire to maintain money's store of value function. Gold coins are looking better every day. Superbills - gimme a break. --------- I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat drives with compression, and a large diet coke. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From phantom at u.washington.edu Fri Mar 11 20:02:14 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 11 Mar 94 20:02:14 PST Subject: brainstorming on cpunks' eve Message-ID: As is mentioned in tims' latest Rant(tm), I've been working on ideas for creating other cypherpunk services that would be possible to deply to the net. I've come up with a few, but they are of dubious quality. I'm hoping that by posting ideas I know are flawed/of little use that followup disscussion might refine them. We saw a use for remailers -- to gain a certain anonymity not present in cyberspace. How about information drops? How about digital cash drops (alt.cash.drop anyone?) I know digicash isn't the rage, and such a group would probably do zero good for some time, but I'd like to start talking about the ideas. With payments in digicash, you could supply a public key (newly created, of course). After the cash is generated/remitted by the other party, it would be encrypted and posted to the group. Noone could use the cash as it sat there, since they can't unwrap the cash. (I like to think of it as dropping the cash in a sealed envelope). I'm trying to think of both uses and problems this exhibits. Lots of extra "session keys" is the only drawback I see. Other possible net services: random number services, which don't keep logs of the numbers it produces -- have it spit a statistically-correct random stream each time a port is opened? Would this be that useful? Also, one could set up a hashing/signing service, more akin to a time stamp service. Mail would be sent to your service, which would attach the output of 'date' to the bottom of the msg and then +clearsig it. I'm thinking that chains of two or maybe three reliable machines should be used, since all it takes to break this is to change the clock on the machine you're signing with. With a few (>1) machines, it becomes very clear that the message was sent at a certain time. Perhaps this could be used in the future for "Registered Mail" type exchanges, or perhaps as part of a "Digital Notary" system? As for our media coverage, I'm happy with it so far. I'm willing to bet digicash that we'll see _television_ coverage re: clipper in the next few months. EFF, among others, should be working on that; we've already been able to get the word out via newspapers/magazines and radio. I wouldn't be at all suprised to see a blip on 20/20 or maybe a 15-second spot by Tom Jennings & co. before July. And projects! I'm currently in the middle of finals, but I'm looking forward to getting back to work on the things that _really_ matter. I was wondering what people were thinking about putting together a page for WWW? Would it be useful? Would people browsing around look at it and would it be a medium to disseminate info? Maybe divide it up... RSA, DES, IDEA, 3-DES, etc. Clipper, Capstone, Skipjack, Tessera PGP, stego programs available, RIPEM, etc. EFF, CPSR, Cypherpunks---- |media coverage |remailers |stego |voice pgp |clipper projects-FOIAs, bigbro inside, etc. other sources of info: sci.crypt, alt.pgp, alt.whistleblowers, alt. privacy, alt.security. Ideas and suggestions appreciated. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From phantom at u.washington.edu Fri Mar 11 20:34:00 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 11 Mar 94 20:34:00 PST Subject: Seattle Cypherpunks Physical Meeting Message-ID: When: Tomorrow, March 11, 1pm. Where: Espresso-Roma Cafe, University Way and ~42nd; University District. Since we haven't been able to secure a site where we can use MBONE, we'll be conducting a first physical meeting in a coffee shop. We'll be discussing possible options for next month's meeting tomorrow. Bring questions, topics of conversation, etc. Hope to see you there -- Contact me or blanc for more info: blancw at microsoft.com. ---- Also, we're thinking of setting up a cypherpunks-seattle list. Let me know if you'd like to be included. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From ebrandt at jarthur.cs.hmc.edu Fri Mar 11 20:42:20 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 11 Mar 94 20:42:20 PST Subject: mo money woe In-Reply-To: <199403120350.AA11570@netsys.com> Message-ID: <9403120442.AA01101@toad.com> > Perhaps people may be driven to Sandy's (et al) digital cash simply > because the technology to counterfeit paper cash is becoming more > reliable and available with each passing day. Well, ordinary people won't be driven to digicash by this -- after all, it doesn't much matter to the holder whether a given greenback was printed by the Treasury or not, as long as it circulates. And it *will* circulate even if the printing isn't perfect, because nobody but the SS actually looks at the fine details of bills. (The hard part would probably be the texture, weight, and thickness, but I don't think I'd be allowed to do a study.) The point of anti-forgery features in bills is to restrict to the government the power to debase the currency. :-) Forgery, however, may drive the *government* to digicash, and you can bet it won't be the good kind of digicash. Hmm, we've heard that eliminating cash would hit "drug kingpins". We've heard that Syria(?) is printing large quantities of U.S. bills, so we have the terrorism link. I'm waiting from a story to break which ties child pornography to conterfeiting... Eli ebrandt at hmc.edu From geoffw at nexsys.net Fri Mar 11 20:44:03 1994 From: geoffw at nexsys.net (Geoff White) Date: Fri, 11 Mar 94 20:44:03 PST Subject: The Coming Police State Message-ID: <199403120442.UAA01477@nexsys.nexsys.net> A VIRUS program and a WORM are two different kinds of programs. THEY ARE NOT EQUIVILENT. For more clarification may I suggest "Compuyter's under Attack" by Denning. From mgream at acacia.itd.uts.edu.au Fri Mar 11 20:45:39 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Fri, 11 Mar 94 20:45:39 PST Subject: Other Spy Agencies In-Reply-To: <199403120226.SAA15428@jobe.shell.portal.com> Message-ID: <9403120447.AA25279@acacia.itd.uts.EDU.AU> Earlier, Greg - Kucharo wrote: > We have talked plenty on the list about the NSA.What about the spy > agencies of other nations?What do they have to offer in the way of > crypto roadblocks. In Australia, the Defence Signals Directorate (DSD) is on par with the NSA in terms of responsibilities. The DSD is relatively unknown to most of the population, and indeed their charter was only made public in 1985 as a result of recommendations in the Hope Royal Commission on Australia's Security and Intelligence Agencies (the DSD report, along with another, was not published on "security grounds"). It's rather funny to read advertisements in the Cweath Gazette for DSD positions with duties involving ".. collection, analysis and reporting of foreign radar emissions and .." :-). Read Ball/Richardsons "The Ties that Bind" for a DSD history, but this 10-15 year old publication is out of date wrt. recent changes in DSD operation/etc. Anyway, cutting to the chase. I was having a chat with a local producer of crypto IDE/SCSI/IEEE802.3 cards just last week at our PC94 show. This place had tried to get these products approved for use by Government Departments (the Evaluated Products List) which means the DSD has to actually test and approve the product, but in his words "they wanted the product and a way to crack it in order to evaluate it, we said it couldn't be cracked, and they said 'well we can't evaluate it'". I was going to question him more on this, but I had no time to spare. I'd already waited 15 mins while he babbled with someone with an American accent and when this guy turned around, his nametag said "Department of State" (this was seriously amusing to my friends :-). Apart from that, they're going to Cebit'94 to market this stuff, so there seems to be no export problem. Digging a bit deeper, one finds that their product uses an "ENIGMA varient" for it's security, but DES (and soon IDEA) PLD tables are available. No prizes to those who want to guess which they are going to export :-) Matthew. -- Matthew Gream Consent Technologies M.Gream at uts.edu.au (02) 821 2043 PGPMail accepted From mgream at acacia.itd.uts.edu.au Fri Mar 11 22:38:11 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Fri, 11 Mar 94 22:38:11 PST Subject: Other Spy Agencies In-Reply-To: <9403120447.AA25279@acacia.itd.uts.EDU.AU> Message-ID: <9403120640.AA27013@acacia.itd.uts.EDU.AU> Earlier, Matthew Gream wrote: > of foreign radar emissions and .." :-). Read Ball/Richardsons "The ^^^^^^^^^^ Oops, that's Richelson. (Richardson is a labor powerbroker, who started the sports funding scam as a way to buy marginal labor seats) Matthew. -- Matthew Gream Consent Technologies M.Gream at uts.edu.au (02) 821 2043 PGPMail accepted From rarachel at prism.poly.edu Fri Mar 11 23:11:23 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Fri, 11 Mar 94 23:11:23 PST Subject: Surveillance cameras In-Reply-To: <9403111539.AA26963@yang.cpac.washington.edu> Message-ID: <9403120659.AA29206@prism.poly.edu> RE: IR Face scans... Time to get our hands on some cans of compressed-air dust cleaners... when you hold them upside down and spray, they spray a super-cold liquid which quily evaporates. BTW: you can also just pop a 400mg Niacin capsule... Niacin will quickly dialate all your capilaries bringing lots of blood to your face and making you look like a lobster. That should mess up any scan... so if you're a wanted crook in an airport that uses ir-face biometrics, just pop niacins like them were pop-corn. :-) From joshua at cae.retix.com Sat Mar 12 00:57:07 1994 From: joshua at cae.retix.com (joshua geller) Date: Sat, 12 Mar 94 00:57:07 PST Subject: Seattle Cypherpunks Physical Meeting Message-ID: <199403120856.AAA02510@sleepy.retix.com> anyone else in the la area? josh From freeman at netcom.com Sat Mar 12 01:13:11 1994 From: freeman at netcom.com (Jay Reynolds Freeman) Date: Sat, 12 Mar 94 01:13:11 PST Subject: The Agency Whose Name May Not Be Spoken Message-ID: <199403120914.BAA02231@mail.netcom.com> Tim may darkly hints: > I have reason to > believe an economic espionage unit has been in existence for many > years, deriving from the Economic Warfare Unit in World War II. I hope he is waiting for someone to ask him to elaborate, because I expect several people will do just that... -- Jay Freeman From freeman at netcom.com Sat Mar 12 01:25:39 1994 From: freeman at netcom.com (Jay Reynolds Freeman) Date: Sat, 12 Mar 94 01:25:39 PST Subject: ID Chips... Message-ID: <199403120926.BAA03885@mail.netcom.com> Jim Choate says: > I question the validity of the chips use, seems to me that tatooing the ear > of the pet and placing this in a database would be much more efficient and a > LOT less expensive. I suspect the chip insertion uses vastly less expensive labor, and probably less expensive gadgetry, as well. There might also be a memory-size problem; I have a cat with an ID number tatooed in one ear -- about the only place where it is reasonably visible on casual inspection. The number is about nine years old, and has four digits. One or two more and there would be trouble reading it. (The cat is a survivor of feline leukemia research at U. C. Davis; the ID dates from that program. There's a program whereby surviving animals from the Davis labs are placed out.) -- Jay Freeman From mcb at remarque.berkeley.edu Sat Mar 12 02:05:01 1994 From: mcb at remarque.berkeley.edu (Michael C. Berch) Date: Sat, 12 Mar 94 02:05:01 PST Subject: MAIL and Coming Police State Message-ID: <199403121004.CAA26734@remarque.berkeley.edu> Karl Barrus writes: > I mention this because I have asked and been told repeatedly by an > attorney friend of mine that running a remailer on a system where you > don't have authorization to do so is a violation of the ECPA. (i.e. > access beyond what the system administration intends for you to have). I would be interested in what legal research your attorney friend engaged in in order to come to this conclusion. Possibly it would be a violation if running a remailer was specifically prohibited by the operator (though this sounds more like a contract problem than an ECPA one), but I don't see anything in ECPA that would require affirmative authorization in order to do so. There is plenty of language about unauthorized access to others' communications, but it seems to me that in the case of a remailer you (the remailer operator) are authorized access to the communication BY THE SENDER for the limited purpose of re-sending. Holding this to be a violation is also particularly silly since it would make unlawful the doing of something by instrumentality of software an act which can easily be done (and was done, before the current era of software remailers) by hand. One would solicit for messages to be remailed, receive them normally in your mailbox, manually remove the headers and signature lines, then send them out again to a destination specified by the sender (possibly via out-of-band communication). This has gone on for year on mailing lists and Usenet groups. The example that comes to mind is soc.motss, where several posters offered to repost anonymous or pseudonymous messages for people who were not out of the closet, or would be embarrassed by gay-themed postings from their work or school account. -- Michael C. Berch mcb at postmodern.com / mcb at net.bio.net / mcb at remarque.berkeley.edu From nobody at shell.portal.com Sat Mar 12 02:26:29 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 12 Mar 94 02:26:29 PST Subject: Spy Satellites For Sale Message-ID: <199403121027.CAA21713@jobe.shell.portal.com> The New York Times Friday, March 11, 1994, p. A1 U.S. TO ALLOW SALE OF THE TECHNOLOGY FOR SPY SATELLITES ------------------------- Profit vs. Security Issue ------------------------- Marketing to Private Customers Assailed by Some Who Fear Use by Hostile Nations ------------------------- by Edmund L. Andrews Washington, March 10 -- The Clinton Administration announced today that it would allow companies to market sophisticated spy satellite technology to commercial customers around the world. The decision marks a big change from the comparatively strict limits now imposed on satellite-imaging systems, and it caps more than a year of intense debate among the Commerce Department, the Pentagon and Government intelligence agencies. The move, which could attract new business worth hundreds of millions of dollars to American industry, also marks one of the clearest examples so far of the Administration's intention to emphasize commercial and economic priorities over more traditional cold war-era concerns about national security. Change Raises Concern Some security experts questioned the decision to allow wider access to a technology that has been described as one of the most powerful tools in America's espionage arsenal. But others said the technology was already becoming available in other countries and that American companies should be allowed to profit from the trend. Under the new policy, American companies will be allowed to build and operate for-profit satellite systems that are powerful enough to take photographs from 22,300 miles above the earth and depict objects on the ground as small as one square yard, smaller than a subcompact car or a hot-dog stand. Several American companies, among them the Lockheed Corporation, are hoping to set up satellite imaging services for customers around the world. As envisioned by Lockheed, customers would be able to transmit instructions directly to the satellite, which would turn its cameras to the desired location and then beam the images back to the ground. Such customers might include oil and mining companies and environmental researchers. 'A New Era' Administration officials said that companies would also have greater freedom to export entire satellite systems to foreign countries, though such sales will still require approval from the State Department. "This is 1994," David J. Barram, Deputy Secretary of Commerce, said in an interview today. "This is a new era. We believe national security and economic security are intertwined. In order to have national security, you have to have vibrant and competitive industries that are allowed to do what they do best." But some experts warned that the decision could severely compromise national security by letting hostile countries use America's own spy technology to obtain detailed images of sensitive military installations in the United States or to plan military activities elsewhere in the world. "The main customers for these systems will be the intelligence agencies of other countries," predicted John Pike, director of space policy at the Federation of American Scientists, a nonprofit group devoted to science and public policy. "They have fairly strong safeguards here. But in practice it is going to be difficult to prevent North Korea or Iraq from using a front company to gain spy satellite photos in the same way they acquired nuclear and chemical missile technology." Numerous companies already market commercial satellite images, which can be used for mapping, geologic surveys and even agricultural purposes, like remote monitoring of cattle herds. But currently, the most sophisticated of these services is offered by Spot Image, a French company, and it cannot produce photographs showing land areas smaller than about 10 yards in diameter. And while the Spot system is being upgraded, it will still be unable to view areas smaller than five yards. Lockheed and other American companies have been arguing for permission to operate systems that could depict objects about a square yard in size, a request that had been resisted by the Central Intelligence Agency and National Security Agency. Growing Market Despite the agencies' concerns, Administration officials said today that they fully intended to approve requests like those of Lockheed, and went on to argue that the higher-resolution images are essential if any significant commercial market is to be formed. The Commerce Department says that remote-sensing services, as they are known, currently make up a $400 million market worldwide; the market is expected to grow to about $2 billion by the year 2000. Besides Lockheed, two other American companies have sought permission to operate high-resolution satellite-imaging services. One is the Orbital Sciences Corporation, a small rocket and satellite company based in Dulles, VA. The other is World View Inc., a start-up company in Livermore, Calif. Administration officials said that while the companies intended to adopt the precise technology that has long been used on Government spy satellites, the new policy included a number of safeguards to prevent the technology from falling into the wrong hands. As happens now, the Commerce Department must still approve each application to operate a commercial satellite surveillance system or to sell such a system within the United States -- or to market the services around the world. Sales of such equipment outside the country, however, will be subject to the export-control procedures already in place for products that have military applications, which means that each sale must be approved by the State Department and that sales to hostile countries will likely be blocked. But under the new policy, the Government would be much more likely to approve spy satellite exports. Right to Decode To prevent the misuse of satellite data sold by the new commercial services, the Government said that the companies would have to maintain a record of every job the satellite had been instructed to carry out. Moreover, the satellites cannot scramble their transmissions with coding technology that the Government cannot decipher. An oil company could protect its business secrets -- for example, by transmitting its exploration photos in scrambled form -- but the Government would have the right to decode them. In addition, the new policy leaves room for the Government to shut down a satellite system during what an Administration statement described as "periods when national security or international obligations and/or foreign policies may be compromised." But industry officials who supported the new policy said they had been assured by Commerce Department officials that the country would need to be in a "Persian Gulf situation" before it began shutting down systems. Executives at companies that have pressed for more liberal rules said the new policy gave them virtually everything they wanted. "We are very pleased that the Administration put together such a forward-thinking policy that allows the application of defense technology for commercial purposes," said Brian Dailey, vice president at the Washington office of Lockheed Corporation. Gilbert Rye, corporate vice president at Orbital Sciences, echoed that view. "It's an outstanding development," he said. Security Agencies Sign On Today's decision was supported, at least in public, by the Defense Department and other agencies concerned with national security issues -- despite earlier resistance. Two Central Intelligence Agency officials were present at a news briefing for reporters today, though they did not make any comments. Some longtime national security experts said the new policy made sense, given the proliferation of satellite imaging technology around the world. From m5 at vail.tivoli.com Sat Mar 12 04:58:11 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Sat, 12 Mar 94 04:58:11 PST Subject: "ordinary public" In-Reply-To: Message-ID: <9403121258.AA14182@vail.tivoli.com> rishab at dxm.ernet.in writes: > It's not a good idea to take this debate to the ordinary public... > Time readers, yes... Well, if "Time readers" aren't the ordinary public, then I give up. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From pmetzger at lehman.com Sat Mar 12 05:37:33 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 12 Mar 94 05:37:33 PST Subject: No Subject In-Reply-To: Message-ID: <9403121337.AA24389@andria.lehman.com> rishab at dxm.ernet.in says: > > > "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich > > Partners, two-thirds said it was more important to protect the privacy of > > phone calls than to preserve the ability of police to conduct wiretaps. > > When informed about the Clipper Chip, 80% said they opposed it." > > Reminds me of the hilarious "How to lie with statistics". What 1000 > Americans? The sort who read Time magazine? These are probably much > more likely to be against Clipper anyway. Any Joe 6-packs? Probably > not. You are displaying not inconsiderable ignorance about Time magazine and about such polls. "Time" isn't terribly highbrow -- we aren't talking "The Economist". Furthermore, Time/CNN polls are random sample phone polls conducted by random sample by a fairly prestigious polling company and simply stuck with the Time/CNN "brand name". Those polled would not have been "Time" readers. Although you are correct in your later assertion that the information may have been presented in a slanted manner, it is likely that the sampling and statistical techniques were rigorous. Perry From pmetzger at lehman.com Sat Mar 12 05:42:41 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 12 Mar 94 05:42:41 PST Subject: No Subject In-Reply-To: Message-ID: <9403121342.AA24397@andria.lehman.com> rishab at dxm.ernet.in says: > > > > if the clipper chip passed. what's stopping > > > corrupt government people from selling access > > > to the encryption to the highest bidders to spy > > > on competitors communications. > > Nothing. > > What stops a *corrupt* government from shooting you if you dissent? The knowledge that in the U.S. there would be riots and quite possibly a revolt. > You have to assume *some* degree of respect of laws or the constitution; the > fact is that those in power, *when* in power, could possibly ignore all laws. You understand only half the problem. You must design a government such that even if the government chose to ignore most of its own laws it could not do much harm. The original U.S. constitution set up a government that was extremely limited in its power, and thus could not, say, screw up agriculture because it had no power to regulate agriculture. The government was SO limited that it could not do much harm even if it went crazy. Right now, it would be very difficult for the government to systematically monitor all conversations made by a set of dissidents. Given the FBI Digital Telephony proposal, and Clipper, they would be able to assure that this operation would be childs play into the forseeable future. This is a big change. Before, a corrupt government could not have used the phone system as a weapon without incurring prohibitive expense -- only a small number of conversations could be monitored, and soon cryptography would stop that. With these proposals, they need never fear cryptography would get in the way and they can do mass monitoring. The important point is that before a corrupt government would have had limits to what it could do, and if these initiatives take root, they will have no limits. Perry From pmetzger at lehman.com Sat Mar 12 05:45:17 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 12 Mar 94 05:45:17 PST Subject: No Subject In-Reply-To: Message-ID: <9403121345.AA24405@andria.lehman.com> rishab at dxm.ernet.in says: > The police can listen in anyway... In fact, so can anyone. And it's > much easier for the police to listen in now, than it will be after > Clipper. The police can listen in LEGALLY anyway. However, illegal monitoring, which they are used to being able to do, is becoming increasingly difficult. Illegal monitoring increasingly requires the active cooperation of phone company employees who may talk. Clipper, combined with the FBI Digital Telephony bill, would eliminate this difficulty, and in fact provide monitoring abilities to the police that they never had before. Perry From joshua at cae.retix.com Sat Mar 12 06:08:11 1994 From: joshua at cae.retix.com (joshua geller) Date: Sat, 12 Mar 94 06:08:11 PST Subject: Spy Satellites For Sale Message-ID: <199403121405.GAA28086@cae.retix.com> so (to ask the obvious question) what is to prevent a foreign concern from using cryptography that US intelligence cannot decipher? these people are stupid. josh From pfarrell at netcom.com Sat Mar 12 06:51:46 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 12 Mar 94 06:51:46 PST Subject: The Agency Whose Name May Not Be Spoken Message-ID: <35682.pfarrell@netcom.com> In message Fri, 11 Mar 1994 11:10:15 -0800 (PST), tcmay at netcom.com (Timothy C. May) writes: > Makes you wonder what TLAs are still largely unknown to the public. There are probably a fair number of obscure ones. Two that I know aren't often talked about are: DCA - Defense Communications Agency - responsible for DoD communication, MilNet, STU-III encrypted phones, and assorted odds and ends. DIA - Defense Intellegence Agency - DoD's own personal CIA. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From pfarrell at netcom.com Sat Mar 12 06:52:54 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 12 Mar 94 06:52:54 PST Subject: 2nd CJ update Message-ID: <35672.pfarrell@netcom.com> In message Fri, 11 Mar 1994 10:17:52 -0800, Phil Karn writes: > PS. Does anybody consider it odd that someone from the NSA would actually > identify themselves as such? Not anymore. Both CIA and NSA have recently (past few years) had "open" employees and contractors who can admit where they work. Some can even admit general information about what they do, such as "I'm a SyBase DBA in the administrative organization." In the olden days, the same minor "spooks" would simply tell you they worked "for the government" or "for DoD" So the old "If I tell you I have to kill you" line is left to Maxwell Smart. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From Lyle_Seaman at transarc.com Sat Mar 12 07:49:24 1994 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Sat, 12 Mar 94 07:49:24 PST Subject: In-Reply-To: Message-ID: <0hUSEMmSMUw8A17fhh@transarc.com> rishab at dxm.ernet.in writes: > Reminds me of the hilarious "How to lie with statistics". What 1000 Americans? > The sort who read Time magazine? These are probably much more likely to be > against Clipper anyway. Any Joe 6-packs? Probably not. ... > It's not a good idea to take this debate to the ordinary public. The Congress, > yes, Time readers, yes, but not Joe 6-pack, who quite happily gave up his gun is > not likely to be concerned about principles of privacy. Particularly as an open _Time_ readers *are* Joe 6-pack. Or close enough as makes no difference. Maybe _People_ or _USA Today_ readers are a better approximation, but the circulation of _Time_ is so large that 80% of it is enough to derail any political campaign. Lyle Transarc 707 Grant Street 412 338 4474 The Gulf Tower Pittsburgh 15219 "Gossip is what makes the world go round. I have very few secrets. I would be deeply concerned if a device were marketed that could stop interception..." Emma Nicholson, MP. From adam at bwh.harvard.edu Sat Mar 12 08:22:47 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 12 Mar 94 08:22:47 PST Subject: brainstorming on cpunks' eve In-Reply-To: Message-ID: <199403121622.LAA20537@duke.bwh.harvard.edu> Matt Thomlinson: | Other possible net services: random number services, which don't keep | logs of the numbers it produces -- have it spit a statistically-correct | random stream each time a port is opened? Would this be that useful? If the random number scheme is subject to evesdropping, which it would be over todays net, then the numbers you use, while they may show no pattern, could be known to an attacker, which would probably make them far less useful. A better way to spend your time would be to design a bit of public domain hardware that could be easily built by anyone who wanted a hardware rng. | Also, one could set up a hashing/signing service, more akin to a time | stamp service. Mail would be sent to your service, which would attach | the output of 'date' to the bottom of the msg and then +clearsig it. I'm | thinking that chains of two or maybe three reliable machines should be | used, since all it takes to break this is to change the clock on the | machine you're signing with. With a few (>1) machines, it becomes | very clear that the message was sent at a certain time. Perhaps this | could be used in the future for "Registered Mail" type exchanges, or | perhaps as part of a "Digital Notary" system? If you include the signatures of the previous several messages in the signed message, and issue each a message ID, changing the time becomes easier to detect. If you keep all messages signed that week, and publish a checksum in an easily found source, say the New York Times, then you're repeating work already done at Bell Labs. (I'm sure someone could find a reference if anyone wants to get in touch with these folks?) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Sat Mar 12 08:30:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 12 Mar 94 08:30:26 PST Subject: The Agency Whose Name May Not Be Spoken In-Reply-To: <35682.pfarrell@netcom.com> Message-ID: <199403121631.IAA07143@mail.netcom.com> Pat Farrell writes: > tcmay at netcom.com (Timothy C. May) writes: > > Makes you wonder what TLAs are still largely unknown to the public. > > There are probably a fair number of obscure ones. Two that I know aren't > often talked about are: > > DCA - Defense Communications Agency - responsible for DoD communication, > MilNet, STU-III encrypted phones, and assorted odds and ends. > > DIA - Defense Intellegence Agency - DoD's own personal CIA. Oh, but these are the stuff of Hollywood movies, at least the DIA is. The DCA is more obscure, I'll grant you. I was thinking of even more secretive agencies, such as Ludlum's fictitious (I used to think so, but...) "Consular Ops" and the economic surveillace groups. Gotta get ready for today's meeting. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Sat Mar 12 08:33:58 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 12 Mar 94 08:33:58 PST Subject: Niacin warning (was Surveillance cameras) Message-ID: <199403121634.IAA06561@jobe.shell.portal.com> From: rarachel at prism.poly.edu (Arsen Ray Arachelian) > you can also just pop a 400mg Niacin capsule... Niacin will > quickly dialate all your capilaries bringing lots of blood > to your face and making you look like a lobster. > > That should mess up any scan... so if you're a wanted > crook in an airport that uses ir-face biometrics, just > pop niacins like them were pop-corn. :-) I just want to warn anyone who is thinking of trying this that 400 mg is not the place to start with niacin. The flushing will be extremely intense at that level and you will probably either think you are dying or wish you were. Try 50 or 100 mg to start with. You do build up a tolerance to this effect of niacin pretty fast so experienced users will need higher doses to get the flushing. But for a non-user lower doses are adequate. Hal From hfinney at shell.portal.com Sat Mar 12 08:46:28 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 12 Mar 94 08:46:28 PST Subject: Heavy remailer traffic source? Message-ID: <199403121647.IAA08403@jobe.shell.portal.com> For the last day or two I have been getting several dozen messages (67 today, a similar number yesterday) similar to the following: > From remail at infinity.hip.berkeley.edu Sat Mar 12 00:10:07 1994 > Date: Sat, 12 Mar 94 00:05 PST > To: hfinney at shell.portal.com > From: nobody at infinity.hip.berkeley.edu > Remailed-By: Remailer > Complaints-To: Sameer > Anon-To: remailer at entropy.linet.org > Anon-To: remailer at entropy.linet.org > Anon-To: hfinney at shell.portal.com > Anon-To: nowhere at bsu-cs.bsu.edu > Anon-To: ebrandt at jarthur.claremont.edu > Anon-To: nowhere at bsu-cs.bsu.edu > Anon-To: ebrandt at jarthur.claremont.edu > Anon-To: remailer at entropy.linet.org > Anon-To: remailer at utter.dis.org > Anon-To: remailer at rebma.mn.org > Anon-To: hfinney at shell.portal.com > Anon-To: hfinney at shell.portal.com > Anon-To: remailer at utter.dis.org > Anon-To: remail at infinity.hip.berkeley.edu > Status: R > > ## > Do-Inject: Yes > > -----BEGIN PGP MESSAGE----- > Version: 2.3a > > rQeAYgVzdGRpbgAAAADCSE/UHZnlLco5W9yVWyw5M8XSD7rLnZFAd9IlwX5W2zkM > [...] > MEBR2/p7L6XuKfGQG38t4K4o7J8YbWNPDQ8qP4YeMBAg3Tvzl5tyTWN9/NN7NfCJ > fR3k > =ypSB > -----END PGP MESSAGE----- The "PGP" message appears to be just an ascii-armoring of random bytes. Is this an attempt by someone to provide the "masking" remailer traffic we have been discussing for some time? This is OK, but I think the volume is too high. What is the Do-Inject: header intended to accomplish? The message apparently is intended to provide multiple remailing addresses per message. However, my remailer only does one remail address per message. Also, my remailer does not accept "Anon-To" but only "Request-Remailing-To". So all these messages are ending up in my mail box. Anyone want to explain these? Hal From sonny at netcom.com Sat Mar 12 09:31:22 1994 From: sonny at netcom.com (James Hicks) Date: Sat, 12 Mar 94 09:31:22 PST Subject: "ordinary public" In-Reply-To: <9403121258.AA14182@vail.tivoli.com> Message-ID: <199403121732.JAA11845@mail.netcom.com> m5 at vail.tivoli.com (Mike McNally) writes: > rishab at dxm.ernet.in writes: > > It's not a good idea to take this debate to the ordinary public... > > Time readers, yes... > > Well, if "Time readers" aren't the ordinary public, then I give up. This reminds me...Several years ago I head a quote attributed to Nelson Rockefeller (then Gov. of NY) at a meeting where he said something like "Take your average American making around $75,000 a year..." -James From klbarrus at owlnet.rice.edu Sat Mar 12 09:36:05 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 12 Mar 94 09:36:05 PST Subject: MAIL and Coming Police State Message-ID: <9403121735.AA29376@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >Karl Barrus writes: >> I mention this because I have asked and been told repeatedly by an >> attorney friend of mine that running a remailer on a system where you >> don't have authorization to do so is a violation of the ECPA. (i.e. >> access beyond what the system administration intends for you to have). >I would be interested in what legal research your attorney friend >engaged in in order to come to this conclusion. Possibly it would be a Sure. The attorney is Ed Cavazos (polekat at well.sf.ca.us) - I met him first as a user on his BBS (Bamboo Gardens, WWIVnet, now in Houston after years in Austin) where he runs Modem/BBSLaw net, and then in person a few times at EFH (Electronic Frontiers Houston) meetings or events. He was involved in the Steve Jackson vs. Secret Service case, not as lead attorney, but as an assistant. Since this is the only case involving the ECPA to hit the courts and he was in on it, I'm going to have to go with his judgement, unless somebody can argue super persuasively (and preferably convince him too!) As a side note at the last EFH event, we had about 50 people in a room talking about the Clipper Chip and its cons - people that stayed after his talk on legal issues in cyberspace. Anyway, I've asked him several times about the legality of remailers, and during his last talk he addressed them, again ;). Like a fool, I didn't take notes, but from what I remember, the ECPA: * forbids others reading private communications * makes it a crime to attempt unauthorized access on a system with private communication facilities (i.e. email) * forbids you from access above/beyond what the system intended for you I think there is one more thing that goes along with the ECPA, but I can't remember. I will email polekat and ask again, hopefully in a few days or so he'll be able to get back to me. Again, this is all from memory. Anyway, the last one is the key. It says the even if you are a legit user, the following are still illegal: * you find a way to defeat security * you read files that you aren't supposed to, even if the permissions let you * you run programs or use the system in any way that the system administration didn't intend for you (i.e. you run crack all the time or you run a remailer) Now, I was careful to make a distinction: running a remailer on a current account, and running one on an old account. (Because the four remailers I used to run were on old account of mine when I was a student at UH. Now I am at Rice, and Ed said it is DEFINITELY a violation to run a remailer on an account you aren't even supposed to have anymore) But, he said that even running one on a current account is a violation unless you have permission. I mean, I don't mean to scare anybody or spread FUD - for example I am not out of the remailer business ;) it's just the next one I set up will be with the approval/blessing/whatever of the system administration! > violation if running a remailer was specifically prohibited by the > operator (though this sounds more like a contract problem than an ECPA Well, the way it is prohibited here at Rice is by a policy which forbids sending mail to any unauthorized or nonstandard program. Stuff like filter, procmail, slocal (if MH were on owlnet ;) would be allowed, but definitely not a remailer. > Holding this to be a violation is also particularly silly since it > would make unlawful the doing of something by instrumentality of > software an act which can easily be done (and was done, before the > current era of software remailers) by hand. One would solicit for Yeah, but by this logic why is it illegal to export cryptographic software when you can print it and mail it anywhere you please? Silly, yet illegal. Karl Barrus -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYH9GoOA7OpLWtYzAQE1cQP+MvYFldT0fkfMa66vz8bdj3eqwleuKohb VJzmBZolS2ki0D/Wz01BkCxyhUj4ENLCT1zr6C+mWw7cFhyx+MuTnKKOWPWyiTp7 9NgkyjYhqw66jCIXvP/s828sY831OhcBe7iZTjcuvGTPuPzbuV04J7Exj1DYPfp5 WeGl0kZ5+dE= =i4en -----END PGP SIGNATURE----- From pmetzger at lehman.com Sat Mar 12 09:40:01 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 12 Mar 94 09:40:01 PST Subject: "ordinary public" In-Reply-To: <199403121732.JAA11845@mail.netcom.com> Message-ID: <9403121739.AA24506@andria.lehman.com> James Hicks says: > > Well, if "Time readers" aren't the ordinary public, then I give up. > > This reminds me...Several years ago I head a quote attributed to > Nelson Rockefeller (then Gov. of NY) at a meeting where he said something > like "Take your average American making around $75,000 a year..." Time readers are not ordinary Americans in so far as they can generally read. More seriously, its true that the average Time reader is probably far better educated than the average American. However, "Time" is hardly some deep highbrow publication. Time is just a half notch over People. It bears the same resemblance to a real news source that Velveeta bears to cheese. In any case, the individuals in question were not Time readers; it was just a random sample poll commissioned by Time and CNN. Perry From G.Joly at cs.ucl.ac.uk Sat Mar 12 09:41:51 1994 From: G.Joly at cs.ucl.ac.uk (Gordon Joly) Date: Sat, 12 Mar 94 09:41:51 PST Subject: New member Message-ID: <9403121741.AA12345@toad.com> Me, that is... just in from the cold. Gordon Joly Phone +44 71 380 7934 FAX +44 71 387 1397 Email: G.Joly at cs.ucl.ac.uk UUCP: ...!{uunet,uknet}!ucl-cs!G.Joly Comp Sci, University College, London, Gower Street, LONDON WC1E 6BT & mice-nsc at cs.ucl.ac.uk & http://www.cs.ucl.ac.uk/mice/gjoly.html & From crunch at netcom.com Sat Mar 12 09:58:13 1994 From: crunch at netcom.com (John Draper) Date: Sat, 12 Mar 94 09:58:13 PST Subject: Ride to either Cypherpunks meeting or to Kindness Message-ID: <199403121759.JAA27409@mail.netcom.com> Is anyone living in Marin or SF planning to go down to the Cypherpunks meeting this afternoon. If so, I would like a ride. Please Email me or phone me at 415-381-5847. If not, then is anyone planning to go to "Kindness" this evening. I would at least like to go to that... John D. From G.Joly at cs.ucl.ac.uk Sat Mar 12 10:13:39 1994 From: G.Joly at cs.ucl.ac.uk (Gordon Joly) Date: Sat, 12 Mar 94 10:13:39 PST Subject: Ride to either Cypherpunks meeting or to Kindness In-Reply-To: <199403121759.JAA27409@mail.netcom.com> Message-ID: <9403121813.AA13160@toad.com> John D.> Is anyone living in Marin or SF planning to go down to the Cypherpunks John D.> meeting this afternoon. If so, I would like a ride. Please John D.> Email me or phone me at 415-381-5847. If not, then is anyone John D.> planning to go to "Kindness" this evening. I would at least like John D.> to go to that... John D.> John D. Is this the meeting that is going to be multicast? Gordon Joly Phone +44 71 380 7934 FAX +44 71 387 1397 Email: G.Joly at cs.ucl.ac.uk UUCP: ...!{uunet,uknet}!ucl-cs!G.Joly Comp Sci, University College, London, Gower Street, LONDON WC1E 6BT & mice-nsc at cs.ucl.ac.uk & http://www.cs.ucl.ac.uk/mice/gjoly.html & From arthurc at crl.com Sat Mar 12 10:16:05 1994 From: arthurc at crl.com (Arthur Chandler) Date: Sat, 12 Mar 94 10:16:05 PST Subject: WARES - "Terminate Clipper" t-shirt (fwd) Message-ID: Got this from another group. I haven't ordered the shirt, so can't say yea or nay about it, but thought folks here might be interested. ---------- Forwarded message ---------- Date: Fri, 11 Mar 1994 09:41:24 -0500 From: CountMind0 To: Multiple recipients of list FUTUREC Subject: WARES - "Terminate Clipper" t-shirt (fwd) ---------- Forwarded message ---------- Date: Wed, 09 Mar 94 22:29:15 EST From: FringeWare Inc To: mgardbe at andy.bgsu.edu Subject: WARES - "Terminate Clipper" t-shirt Sent from: sethross at aol.com i just got this really cool t-shirt from this place in Seattle... It's black and it says don't give BIG BROTHER THE MASTER KEY TERMINATE CLIPPER NOW It has a pretty cool multi-colored image of a skeleton key on a chip..,,.. and some other stuff here's the rest of the info.... "...Snail mail orders to: Paul Clark PO Box 59152 Renton, WA 98058 Email COD orders at iplus1hope at aol.com $10 by check, $12 COD, black, XL only, 100% cotton heavyweight" ----- It's pretty a cool shirt; the guy is a pretty wild artist on the outskirts of Seattle. I sent him my address on email and he shipped it c.o.d. about a week after i I ordered it i wore it around today...it's pretty sad how many people don't know wha t's going on sethross at aol.com From dat at ebt.com Sat Mar 12 12:48:22 1994 From: dat at ebt.com (David Taffs) Date: Sat, 12 Mar 94 12:48:22 PST Subject: Seattle Cypherpunks Physical Meeting In-Reply-To: Message-ID: <9403122048.AA00479@helpmann.ebt.com> I'd (probably) be interested in a cypherpunks-seattle list, at least until Portland gets one... or maybe cypherpunks-nw ??? From fhalper at pilot.njin.net Sat Mar 12 13:18:34 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Sat, 12 Mar 94 13:18:34 PST Subject: PowerMacPGP Message-ID: <9403122118.AA16477@pilot.njin.net> Does anyone know if Mr. Zimmerman or anyone else will be writing a Power Macint -osh PGP porgram. What about the other popular encryption programs. Thanks, Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From warlord at MIT.EDU Sat Mar 12 13:27:45 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Sat, 12 Mar 94 13:27:45 PST Subject: PowerMacPGP In-Reply-To: <9403122118.AA16477@pilot.njin.net> Message-ID: <9403122127.AA07013@m1-115-2.MIT.EDU> > Does anyone know if Mr. Zimmerman or anyone else will be writing a > Power Macint -osh PGP porgram. What about the other popular > encryption programs. Thanks, The source code is available. If you have a C compiler, it shouldn't be very hard to build. Then again its a Macintosh, so who really knows? I don't expect to see Phil to do it, since Phil hasn't done any coding for PGP. Also, I don't think that PowerMacs are prominent enough for developers to have them, yet. -derek From an62213 at anon.penet.fi Sat Mar 12 14:31:08 1994 From: an62213 at anon.penet.fi (an62213 at anon.penet.fi) Date: Sat, 12 Mar 94 14:31:08 PST Subject: add cypherpunks Message-ID: <9403122215.AA18818@anon.penet.fi> ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From VACCINIA at UNCVX1.OIT.UNC.EDU Sat Mar 12 18:00:55 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Sat, 12 Mar 94 18:00:55 PST Subject: Clipper Cracks Appear Message-ID: <01H9WCYCG136001758@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Seeing as it is politics week here at cpunks, I have found some interesting comments from our friends at whitehouse.gov. Commentary by John Carey in BusinessWeek Magazine (Big Brother Could Hobble High Tech, 3/24/94 pg. 37) states that: So why is the Whitehouse pushing the retrograde notions? One reason is the Clintonites fear of appearing soft on crime and terrorism. "No one wants the head of the FBI walking around saying: 'I don't have the tools to do my job'" says Bellsouth's Markey. Things aren't entirely bleak. The administration, taken aback by vehement opposition from industry, congress and civil libertarians, is suggesting it may back off. "People are willing to work things out" says White House Staff secretary John D. Podesta, who is involved in technology issues. FBI director Freeh says he's willing to accept higher hurdles to get court appointed surveilence. And there are tantalizing hints that the white house is reconsidering its hard line on the clipper chip. Seems that we are having an effect and cracks are starting to leak compromise from the Gov't. This is, however, just the beginning. A ploy used successfully by many groups (New York city's transit authority are masters at this) is to put forth an outrageous proposal, such as clipper etc. Then they soften the demands so that the opponent becomes disarmed, allowing that which the Gov't had intended to pass all along to go through as a compromise. This cannot be allowed. Time to step up the attack a notch. Write the whitehouse and ask them if they want to go down in history as the presidency that ushered in the era of Big Brother. I know Bill won't read it but someone has to. Keep on your congresscritters (I like that word) and put stuff in your local paper. Arm the populace. Lastly, I think many of you are giving this countries people less credit than they deserve. Many simple men and women founded this country. Try not to be so pompous. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYJyUz2paOMjHHAhAQEbCgP/XobypXWta9OBbOAXePNWY7zznS6HHnxS 4fb7MWKlSjRxe283D2oWV0PnNttMLfAcEOknWT8l9/Z8Ef/RUNMo2vRENToE65If oVoUh/lne+PgVpiyT8+oXc8QSFe+8qWJBNL6L1T5YMpghDYYX7bpCn07dCsUQSIb gFItcKbPp8o= =4HsY -----END PGP SIGNATURE----- From unicorn at access.digex.net Sat Mar 12 18:01:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 12 Mar 94 18:01:05 PST Subject: Voice encryption Message-ID: <199403130201.AA11756@access1.digex.net> I would like someone with enough technical background to design and build a prototype IDEA/DES/RSA device suitable for voice encryption using modular phone jacks and plugs. The prototype and what is learned in the process of designing and manfacturing it, will be used to conduct a feasibility study on the manufacture and marketing of such devices. -uni- (Dark) From qjones at infi.net Sat Mar 12 20:30:48 1994 From: qjones at infi.net (Wayne Q Jones) Date: Sat, 12 Mar 94 20:30:48 PST Subject: No Subject Message-ID: Why not beam a time-delayed virus into one of NSA's arrays, destruct code armed and ready to go?? wayne -- **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From peace at BIX.com Sat Mar 12 21:04:43 1994 From: peace at BIX.com (peace at BIX.com) Date: Sat, 12 Mar 94 21:04:43 PST Subject: Voice encryption Message-ID: <9403130001.memo.88260@BIX.com> Say - why is it cypherpunks instead of cipherpunks? - its hard to remember! Unicorn> I would like someone with enough technical background to design and build a prototype IDEA/DES/RSA device suitable for voice encryption using modular phone jacks and plugs. Well now, I do that for a living. It isn't exactly cheap. The phone jack would probably be to a high speed modem, 14,400 or higher. The other side would be to a E&M (4 wire) jack attached to a handset. The rest is just an AtoD and DtoA converter and amps, probably with a compander, try intel 29xx chips. This gives a 64kbps full duplex data stream that needs compressed to the modem speed, probably with LPC - linear predictive coding. The DES or IDEA would need to operate at modem speeds - full duplex. How much you want to pay? Peace From flesh at wps.com Sat Mar 12 21:14:13 1994 From: flesh at wps.com (Flesh) Date: Sat, 12 Mar 94 21:14:13 PST Subject: your mail In-Reply-To: Message-ID: <9403130514.AA17812@wps.com> > > Why not beam a time-delayed virus into one of NSA's arrays, destruct code > armed and ready to go?? > wayne I don't know about you, but the only thing that comes to mind, is the parable of 'belling the cat.' From ritter at cactus.org Sat Mar 12 21:18:36 1994 From: ritter at cactus.org (Terry Ritter) Date: Sat, 12 Mar 94 21:18:36 PST Subject: Block Mixing Transforms Message-ID: <9403130516.AA27259@cactus.org> Ritter Software Engineering 2609 Choctaw Trail Austin, Texas 78745 (512) 892-0494, ritter at cactus.org Keyed Balanced Size-Preserving Block Mixing Transforms Terry Ritter March 12, 1994 Introduction Modern block ciphers seek to emulate extremely large substitution tables algorithmically, using complex combinations of various simple internal mechanisms. These internal mechanisms include small substitutions and trivial combinings, but the art and mystery of block cipher design is how to couple these simple and weak operations in ways which produce a strong overall cipher. One apparently new type of mechanism which might be useful in block cipher design would take two blocks in, share data between them, and then produce two generally-different blocks as a result. In particular, this mechanism might be used to mix data to (and from) a pair of substitutions, thus hopefully producing a stronger result than the two substitutions operating separately and independently. In most cases, it would be necessary for the mechanism to have an inverse, and to produce output blocks of the same size as the input. The result would be a mechanism which could be inserted anywhere in the internal data paths common in block-cipher designs. Block Mixing Transforms Consider constructs like this: A B | | v v Mixing Transform | | v v X Y X Y | | v v Inverse Transform | | v v A B Capital letters represent data blocks. Alternately, we can describe the transform, in general, as: X := f1( A, B ); Y := f2( A, B ); A := f3( X, Y ); B := f4( X, Y ); The intent of such a system is to mix two input blocks in a complex yet reversible way. This could provide two advantages: 1) It should make each output bit a function of all the input bits (on average), thus providing a way to expand block size while using smaller block-cipher functions. Hopefully the construct would also defeat attempts to "divide-and-conquer" the smaller functions separately. 2) It could provide a way to connect block-cipher functions in sequence, while eliminating any fixed direct connection between the blocks, such connections being vulnerable to "fix-in-the-middle" attack. A mixing transform is not unlike a "butterfly" section in a fast Fourier transform (FFT) [3]. But the usual FFT operates on complex values which are normally represented in floating-point. When implemented in fixed-point (as needed for mixing data blocks), the normal FFT butterfly expands the range of the input values, thus requiring a larger amount of storage (a larger block size) for the result. Fast Hadamard / Walsh transforms [2] behave similarly. For cryptography, we need transforms which are "size preserving" so that we can perform fixed-size block operations (such as DES) either on the input data or on the transformed results. It was not clear to me that this was going to be possible (at least with equations of practical complexity) until Eli Biham provided some examples of size-preserving mixing transforms: X := A - B; Y := 2A - B; A := Y - X; B := Y - 2X; for n-bit blocks, A, B, X, and Y, and arithmetic mod 2^n. There are actually many such transforms, and Biham has found a generalized form: (-1 1 ) (-w w-1) and (w-1 -1) (w -1) where w is some constant. For example, when w = 2: X := -1*A + 1*B = B - A Y := -2*A + (2-1)*B = B - 2A A := (2-1)*X + -1*Y = X - Y B := 2*X + -1*Y = 2X - Y with the arithmetic mod 2^n. To see inverse, note that A = X - Y = (B - A) - (B - 2A) = A B = 2X - Y = 2(B - A) - (B - 2A) = B These are fixed, linear transformations. If we know the input values, and the transformation, we will also know the output values. Even when the full equation is unknown, the simplicity and linearity of these transforms means that they require special protection in cryptographic applications. Mixing transforms can only be used when both the input and the output values cannot be exposed simultaneously. Alas, the transform mentioned above has a problem: Specifically, the least-significant-bit (lsb); that is, lsb(Y) = lsb(B). This is because the expression B - 2A has shifted A left one bit, leaving the bottom bit of B exposed. This provides a bit of direct correlation between an input value and an output value. This is probably sufficient to support a practical "fix-in-the-middle" attack if the transform is used to isolate two DES operations. Consider these correlation experiments on the above transform with 4-bit blocks: x3 x2 x1 x0 y3 y2 y1 y0 b0 64 64 64 64 64 64 64 128 b1 64 64 64 64 64 64 64 64 b2 64 64 64 64 64 64 64 64 b3 64 64 64 64 64 64 64 64 a0 64 64 64 64 64 64 64 64 a1 64 64 64 64 64 64 64 64 a2 64 64 64 64 64 64 64 64 a3 64 64 64 64 64 64 64 64 This is a 0 -> 0 correlation count. For each possible input value (over both A and B), for each input bit which is zero (somewhere in A and B) and each output bit which is zero (somewhere in X and Y), a count is recorded. The count of 128 means that y0, the lsb of Y, occurs twice as often as expected when the lsb of B is zero. Similarly, 64 64 64 64 64 64 64 0 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 a 0 -> 1 correlation count, shows that no cases exist where the lsb of B is a one and the lsb of Y is a zero. Cryptographic Mixing In [8] I introduced a new type of reversible stream-cipher combiner (the first stream-cipher combiner, which we now call "exclusive-OR" or "mod-2 addition" was described by Vernam [12]). "Combiner" is the traditional cryptographic name for a mixing function. [11,5,1] (Non-reversible combiners are also used, typically to make confusion sequences difficult to penetrate. [e.g., 6]) Combiners and mixing transforms have much in common. Basically, a combiner will look like any other two-input one-output function: A B | | v v Mixing Function | v C C B | | v v Inverse Function | v A The capital letters represent the block size; in a typical stream cipher these are byte values. A is the plaintext, B the confusion stream, C the ciphertext. Note that exactly the same confusion stream is needed to recover the original data; this is the heart of stream-cipher security. There are many two-input functions, but most are not useful as cryptographic data combiners, which must be reversible and must have no correlation between either input and the output. Combiners which do have correlation [e.g., 4] fall to statistical attacks [e.g., 10]. If we see mixing transforms as a matched-set of cryptographic combiners, we can see that correlation is a problem with the example transform. (Biham did have an example of one balanced but non-keyed transform based on rotation and subtraction mod 2^n.) Mixing in Mod-2 Polynomials Since the "weak" exclusive-OR form of combiner has long been available, modern combiner designs are normally intended to be "stronger" and, thus, are more complex. But it is not at all clear that "stronger" is what we need in a mixing transform. Presumably, "strength" can be provided more efficiently by some other function, like DES, or a substitution table. Thus, we may really want a modest-strength extremely-fast mixing solution, and one approach is to consider the well-known field of mod-2 polynomials. In mod-2 arithmetic, addition is the same as subtraction X + Y = X - Y and any value added to itself is zero X + X = 0 so, in general, multiplication cannot be achieved by addition X + X <> 2X (assuming X is non-zero) but is instead achieved by shifting. Then 2X + X = 3X so multiplication is not restricted to binary powers. Of course 3X + X = 2X which just shows that mod-2 arithmetic can be surprising. It is interesting to see just how unusual good mixing transforms are. Consider a first approach X := A + B; Y := A - B; (mod-2, mod-p, where p is some primitive mod-2 polynomial of appropriate degree for the size of the data blocks). While this is a reasonable approach in the integers, in mod-2 polys, A + B = A - B. This means that X = Y, and the two resulting identical blocks cannot possibly carry enough information to provide an inverse transform for two arbitrary input blocks. It does not work. Next consider X := A + B; Y := A + 2B; with inverse operations A := (2X + Y) / 3; B := (X + Y) / 3; (mod-2, mod-p), and the division done by multiplying by the inverse of 3, mod p. (Appropriate inverse equations may not always exist; finding the inverse equations is interesting in itself.) This works. But here X is never affected by p at all, thus producing an extremely regular (and un-keyed) transformation. And the inverse multiplication is, in general, far more expensive than multiplication by a small integer. Finally, consider X := 2A + 3B; Y := 3A + 2B; A := 2X + 3Y; B := 3X + 2Y; Again, operations are mod-2 and mod-p, where p is some primitive mod-2 polynomial of appropriate degree for the data blocks X, Y, A and B. This works, and the transform is a self-inverse. The primitive affects the result in both data blocks. And the multiplications are simple. Correlation experiments conducted as before show a nice, balanced, uncorrelated system: 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 64 These functions are extremely fast. Addition is a simple exclusive-OR. Multiplication by two is simply a left-shift and a conditional add of the primitive. Multiplication by three is a multiplication by two plus an addition. Keyed Mixing Transforms The mod-2 polynomial transforms depend on having some primitive of the appropriate degree. Different primitives produce different mixing functions, with similar overall performance. This leads to the possibility of keying the transforms by selecting arbitrary primitives. (Some references to primitive-finding algorithms are given in [9].) Rabin gives the number of degree-n primitives as about p^n / n [7]. Thus, for degree 64, we have about 2^64 / 2^6 or about 2^58 primitives. This means that each randomly-selected degree-64 primitive carries about 58 bits of key. Of course, this key can only be effective to the extent that the linear transformation cannot be attacked and the primitive thus deduced. Some Consequences If a single input bit changes on one of the mixing transform input blocks, we can be sure that at least one bit will change in both output blocks. If two input bits change, we can be sure that these bits will not "cancel" each other; changes will still occur in the output blocks. If many input bits are changed, and the transform primitive is known, it is possible to engineer a no-change in one output block (although this is unlikely to happen by chance). Should this be undesirable, it might be made impossible by design (such as ciphering the input blocks before mixing), or by keying the transform (so the necessary bit patterns are unknown). If it becomes possible to define the input to, and what the output must be from a ciphering element, it will be possible to key-search that element independent of other elements, and this is what we hope to avoid. To prevent this it may be necessary to use keyed input and output transforms, or even multiple ciphering levels between transforms. Applications It is crucial to remember that these simple, high-speed, but linear mixing transforms can be said to have "strength" only if the input and output values are never both available. That is, these structures do not by themselves handle "known-plaintext" attack. (Of course, the same could be said for many other simple internal mechanisms used in block cipher construction.) Simple constructs like A B | | v v MixTrans | | v v C D are not likely to be very useful as ciphers by themselves, even if the mixing transformation is keyed and the blocks are large. On the other hand, constructs like A B | p1 | v v v MixTrans | | v v DES1 DES2 | | | p2 | v v v MixTrans | | v v C D are considerably more interesting. Note that this construct ciphers a double-size DES block at single-DES rates. It seems to require keyed mixing transforms. Similarly, A B | | v v DES1 DES2 | | | p | v v v MixTrans | | v v DES3 DES4 | | v v C D will cipher a double-size DES block at double-DES rates, and at least superficially avoids all weakness in the mixing transform by placing strength in each input and output port. This may avoid the need to key the mixing transform. Alternately, A B | k1 | v v | XOR <- DES1-----| | | | k2 | | v v |---- DES2 -> XOR | | | p | v v v Mixing Transform | | | k3 | v v | XOR <- DES3 ----| | | | k4 | | v v |---- DES4 -> XOR | | v v C D also ciphers at double-DES rates. Of course, larger external blocks mean an increase in the number of internal data paths, making various sorts of interconnection configurations possible. Thus A B C D | p1 | | p2 | v v v v v v MixTrans1 MixTrans2 p3 | | p4 | | v v v v v v -Trans3 MixTrans4 Mix- | | | | v v v v DES1 DES2 DES3 DES4 | | | | | p5 | | p6 | v v v v v v MixTrans5 MixTrans6 p7 | | p8 | | v v v v v v -Trans7 MixTrans8 Mix- | | | | v v v v E F G H will cipher quadruple-size DES blocks at single-DES rates, A B C D | | | | v v v v DES1 DES2 DES3 DES4 | | | | | p1 | | p2 | v v v v v v MixTrans1 MixTrans2 p3 | | p4 | | v v v v v v -Trans3 MixTrans4 Mix- | | | | v v v v DES5 DES6 DES7 DES8 | | | | v v v v E F G H will cipher quadruple-size DES blocks at double-DES rates, and A B C D | k1 | | k2 | v v | v v | XOR <- DES1 ----| XOR <- DES2 ----| | | | | | k3 | | k4 | | v v | v v |---- DES3 -> XOR |---- DES4 -> XOR | | | | | | | | | p1 | | p2 | v v v v v v MixingTransform1 MixingTransform2 p3 | | p4 | | v v v v v v -Transform3 MixingTransform4 Mixing- | | | | | k5 | | k6 | v v | | v | XOR <- DES5 ----| XOR <- DES6 ----| | | | | | k7 | | k8 | | v v | v v |---- DES7 -> XOR |---- DES8 -> XOR | | | | v v v v E F G H will also cipher quad-size blocks at double-DES rates. But in each case, four double-level mixing transforms could be replaced by a single double-size mixing transform: A B C D | | p1 | | v v v v v ---------mix1--------- | | | | v v v v DES1 DES2 DES3 DES4 p2 | | | | v v v v v ix2--------- --------m | | | | v v v v E F G H A B C D | | | | v v v v DES1 DES2 DES3 DES4 | | | | | | p | | v v v v v ---------mix---------- | | | | v v v v DES5 DES6 DES7 DES8 | | | | v v v v E F G H A B C D | k1 | | k2 | v v | v v | XOR <- DES1 ----| XOR <- DES2 ----| | | | | | k3 | | k4 | | v v | v v |---- DES3 -> XOR |---- DES4 -> XOR | | | | | | p | | v v v v v ---------------------mix---------------------- | | | | | k5 | | k6 | v v | | v | XOR <- DES5 ----| XOR <- DES6 ----| | | | | | k7 | | k8 | | v v | v v |---- DES7 -> XOR |---- DES8 -> XOR | | | | v v v v E F G H These are new ciphering architectures. Clearly, it is not known how strong these constructs would be. However, this situation can hardly be considered unusual. Other opportunities exist when constructing completely new block ciphers. These might, for example, be based on byte-wide key- permuted substitutions, thus avoiding differential attacks on fixed "optimal" tables. Thus ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- ------mix------ ------mix------ ------mix------ ------mix------ --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- ------mix------ ------mix------ ------mix------ ------mix------ --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ enciphers 256-bit blocks through 32 keyed 8-bit substitutions by using five levels of input keyed mixing transform and five levels of output keyed mixing transforms of varying size. Clearly, there are a plethora of alternate interconnection possibilities here. For example, the mixing rows could be permuted, different sizes of mixing combined in some rows, the mixing not arranged on 2^n boundaries, etc., etc. Since the mixing transforms are extremely fast, we would expect this 256-bit system to be much faster than 64-bit single-DES. And, S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- ------mix------ ------mix------ ------mix------ ------mix------ --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- ------mix------ ------mix------ ------mix------ ------mix------ --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- --mix-- mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix mix S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S enciphers 256-bit blocks through 64 keyed 8-bit substitutions by using nine levels of mixing transforms of varying size. With the substitutions all keyed, we can probably avoid keying the mixing transforms. Again, there are a plethora of alternate interconnection possibilities. Summary Practical, high-speed, keyed, balanced, and size-preserving block mixing transforms are introduced for cryptographic service. References [1] Arko, R. 1961. Mechanical Signal Combiner. U.S. Patent 3,159,712. [2] Beauchamp, K. 1984. Applications of Walsh and Related Functions. Academic Press. [3] Brigham, E. 1974. The Fast Fourier Transform. Prentice-Hall. [4] Geffe, P. 1973. How to protect data with ciphers that are really hard to break. Electronics. January 4. 99-101. [5] Kohler, H. 1951. Combining Circuits. U.S. Patent 2,567,214. [6] Massey, J., and R. Rueppel. 1989. Method of, and Apparatus for, Transforming a Digital Data Sequence into an Encoded Form. U.S. Patent 4,797,922. [7] Rabin, M. 1980. Probabilistic Algorithms in Finite Fields. SIAM Journal on Computing. 9(2): 273-280. [8] Ritter, T. 1990. Substitution Cipher with Pseudo-Random Shuffling: The Dynamic Substitution Combiner. Cryptologia. 14(4): 289-303. [9] Ritter, T. 1991. The Efficient Generation of Cryptographic Confusion Sequences. Cryptologia. 15(2): 81-139. [10] Siegenthaler, T. 1985. Decrypting a Class of Stream Ciphers Using Ciphertext Only. IEEE Transactions on Computers. C-34: 81-85. [11] Smith, H. 1950. Combining Circuit. U.S. Patent 2,496,317. [12] Vernam, G. 1919. Secret Signaling System. U.S. Patent 1,310,719. --- Terry Ritter ritter at cactus.org (alas, cactus.org dies March 18) ritter at io.com (perhaps temporarily) From pmetzger at lehman.com Sat Mar 12 21:56:02 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 12 Mar 94 21:56:02 PST Subject: No Subject In-Reply-To: Message-ID: <9403130555.AA24908@andria.lehman.com> Wayne Q Jones says: > Why not beam a time-delayed virus into one of NSA's arrays, destruct code > armed and ready to go?? The grey aliens seem to have gotten to you. I'd try to increase the dosage of the drugs you are taking. It will drive them out of your brain; you'll stop hearing things, too. .pm From solovay at math.berkeley.edu Sat Mar 12 22:52:12 1994 From: solovay at math.berkeley.edu (Robert M. Solovay) Date: Sat, 12 Mar 94 22:52:12 PST Subject: The books you showed at the Mountain View meeting Message-ID: <199403130652.WAA29255@math.berkeley.edu> I'd be very greatful for a bibliography of these books [= list of authors and titles. ISBN's and Publishers would help if they are readily available.] I'm sure that many others on the cpunk list would also be interest in this. Thanks, Bob Solovay From rishab at dxm.ernet.in Sat Mar 12 23:04:38 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 12 Mar 94 23:04:38 PST Subject: No Subject Message-ID: unicorn at access.digex.net: > ->\ > I think the recent death-threat-to-Clinton desaster has made clear > that the remailers we have are not very secure, mainly because > incoming and outgoing mail seems to be monitored at many sites. > <- > > Wait, the threat was posted with a remailer? This was the address in the death threat: > The message was signed "Overlord" and purported to be from > "Allmighty at Never.Gonna.Catch.Me." > ... Investigators determined the message originated at the UI, and a > computer trace identified Reincke as the apparent author, Hulin said. Looks like a sendmail hack. Sendmail at most sites recognize the site you telnet to port 25 from even if you explicitly provide another one through 'helo'. So while you can forge the From: line, it will appear as if the mail came from your *real* site before it got to the final site. The only site I know of where you can telnet to port 25 and type 'helo this.is.not.my.site' and have it accepted is MindVox, phantom.com. This was a while ago, and I haven't searched very hard for similar sites. If it was sent through remailers the article would probably have mentioned it. They make much better evil hacker news than just a 'purported' address. -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From unicorn at access.digex.net Sat Mar 12 23:32:41 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 12 Mar 94 23:32:41 PST Subject: DT '94, Clipper, New Property... (long) Message-ID: <199403130732.AA28139@access1.digex.net> Some months ago I published a small work on the list calling for property rights to be assigned to privacy. There was some interest, but for some reason I chose to explore the subject even further. I prefer to release the work through the list, and I would appreciate it if no one distributed it any further without consulting me. Consider this a mailing among friends. Look over the work, let me know if you like it, or better yet send me some hate mail, just as long as you get stirred up. The work below is quite long, and some may find that the message is cut off after the 650 mark. If so, and if anyone really wants to read the end by the time they get to the break, let me know and I will repost with breaks. Should there be enough interest, I will put the work up for ftp somewhere. -----BEGIN PGP SIGNED MESSAGE----- Reliance on The New Property and the Questions of Electronic Privacy and Centralized Power in an Atmosphere of Federal Enforcement Empowerment. - - a legal and philosophical notation - March , 1994 Expansion Generally: The United States of America is characterized of late by a culture of centralization. Increasingly, whether a result of media, advances in infrastructure, sociological factors, or technology in general, the Federal Government has become the problem solving and allocative entity of choice and often the entity of first resort. Causation explanations for the expansion are numerous but, it is the advancing technology model of explanation for expanding federal power that presents the most illustrative backdrop by which to examine centralist trends. This is not because advancing technology suggests an unforeseen departure from the principals embodied in the Constitution of the United States by the "Founding Fathers," (although this supposition in itself has a distinct appeal) but rather because it exposes the double standard that permits the increase of federal power without parallel increases in individualist protections. Technology is a common explanation for the need for greater regulation, but rarely accepted as a legitimate argument in reference to individualist rights, privacy being a key example. This is not, of course, to suggest that the advance of technology is the best, most accurate or only legitimate explanation. Clearly other examples exist and moreover, are equally or more persuasive than the technology model I intend to explore, but the common theme is generally applicable to all the models I have examined. The advance of technology takes on a much more devious meaning when compared to the concepts of property outlined in Reich's "New Property" theories. In 1964, Reich began to publicly question the effect of government expansion and the increasing reliance of the citizenry on government largess, over traditional property. Reich reasoned that government largess required the application of property protections. The difficulty in accepting Reich's "New Property" paradigm and using the model to justify a regulated state with new legal protections are its basic assumptions that: (1) Government is always best suited to serve as the basic controller and decision maker for questions of distributional efficiency. (2) The growth of government largess and regulation is inevitable. (3) The growth of government largess and regulation is desirable, even with the proper protections. (4) The expansion of property protection to government largess and the new property will effectively curb government abuses. After critical analysis of some or all of these assumptions, the new property concept becomes much more workable and, apart from the author's apparent intent, a valuable conceptual tool in the argument against centralizing regulation. As the types of governmental entitlements treated as new property increase in number and scope which is, in Reich's opinion unavoidable, the citizenry must depend on government to assure, protect and insure property rights of such a local and individualized character so as to be incompatible with a majoritarian representative form of decision making. Clearly individualistic concepts like privacy, freedom of contract, and freedom of speech will fall victim to the shortfalls in representation throughout the political process when issues like security and distributive regulation are the other factors on the balance. Additionally, and much more sinister is the use of government largess to affect behavior with the threat of its withdrawal. Often this has the effect of denying otherwise enforceable constitutional protections. History demonstrates that the judicial branch is generally unwilling or unable to police the continual expansion of federal power, or forbid the use of largess withdrawal coercion, and has been so situated since the late 1930's. Simple failure of process is clearly a necessary evil in cases where resort to the federal system is more efficient in accomplishing allocation of resources. (Federal infrastructure projects, interstates for one example.) It is also clearly important not to rule out regulation and oversight as a tool to rectify legitimate market failures. It is important to recognize here, that the standard must be one of careful discretion focused on the proper definition of a market failure, and consistent guidelines for regulation for which I will turn to Stewart, Krier, and Manell. However tolerable the legal process failures may be, an expansion that actively permits and creates largess to be used in coercion is never acceptable. The difficulties begin when centralist regulation is applied to a market in such a way to either: (1) Extend the paternalistic hand of governmental entitlement over newly fabricated individual rights under the pretense of protecting them while at the same time appropriating actual individualistic concepts. (I label these Creationist Entitlements) or: (2) Engulf existing and legitimate individualistic concepts with regulation and then dismissing their loss as an unfortunate casualty of securing protections which are hardly entitlements at all. (Illusionist Entitlements) [The health care legislation is a good example of a creationist entitlement. A troubled industry is made the focus for scrutiny, a national crisis is declared, and every citizen becomes "entitled" to costless health insurance. The absolute right to insurance has been "created." Surely a desirable outcome, but deceptive none the less in that insurance was never considered, by any stretch of the imagination, an individualist right. The net result is the absorption of privacy, freedom of contract concerns, and the reliance on government to insure the citizenry. All these are substituted for the newly created "right" to health insurance and are thus casualties of a creationist entitlement. National security, on the other hand, presents itself as an illusionist entitlement. Violent crime has gripped the national agenda. A crime crisis is declared, and federal law enforcement power is expanded. The civil liberties swallowed up in the process are the casualties of an illusionist entitlement.] The source of justification for such regulation is almost always that a "national crisis" must be solved. The associated externalities, which are almost never shown to result from the lack of regulation are pointed to as creating the need for market preserving regulation. As a result, essential property or personal rights are effectively engulfed in the public sphere, a realm with no interest, and in many instances possessing a negative incentive, in preserving them. The balance that has historically depended on representation to counter the disregard for the individual inherent in the collective is thus bypassed by appointing a trustee with a glaring conflict of interest. In addition the Judicial branch, affords little or no protection. Clearly the distinct difference between individually secured rights and government entitlements, is that the latter are easily taken away by a variety of means not limited to underfunding, lack of resource allocation, coercive largess application, or simple incompetence in administration. The most concerning potential expansions in federal power to date are looming on the horizon. The Digital Telephony and Communications Privacy Improvement Act of 1994, and the Clipper or Key Escrow Proposals together utilize the complexities of what Wilson terms "client politics" and entitlement manipulation to expand the scope of federal law enforcement power, and by extension federal power generally, to an alarming breadth by capitalizing on the current national crisis externality, crime. These proposals in effect make whatever rights to privacy existed within the context of communication, government entitlements. The advances in encryption technology that returned the potential for self secured privacy are effectively eliminated under the nexus of the pending legislation. In return for the high price paid, (Constitutional Amendments I, II, IV, V, X and the oft quoted, rarely guarded right to privacy) the citizenry is presented with a government backed insurance against crime. An illusory entitlement to the benefit of new federal laws and increased funding for enforcement. An entitlement likely to be lost in its effect by nation wide dilution, mismanagement, abuse and incompetence while at the same time empowering the federal mechanism by curtailing what defenses the citizenry retain. There are strong indications that the new bills will create large regimes of government largess coercion, not withstanding the coercive effects of the Key Escrow plan admitted to by the administration. Expansion of Federal Power Generally: In a series of cases including, _Panama Refining Co. v. Ryan_, 293 U.S. 388 (1935); _Railroad Retirement Board v. Alton Railroad_, 295 U.S. 330 (1935); _A.L.A. Schechter Poultry Corp. v. United States_, 295 U.S. 495 (1935), and _Carter v. Carter Coal Co._, 298 U.S. 238 (1936), the United States Supreme Court struck down key segments of legislation in Franklin D. Roosevelt's New Deal Programs. Much of the legislation was considered to have infringed upon traditional notions of private property, and it is thus understandable that the programs, which had lost favor in the years following the President's election, were vigorously challenged. President Roosevelt's re-election and the court's refusal to adopt the legislation led to proposed changes in the structure of the Supreme Court. Under the pretext that the Justices were too old to fully complete their duties, the President proposed that new Justices be appointed for each Justice then on the bench over the age of seventy. As there were six justices then over seventy, the total number of Supreme Court Justices might well be fifteen today were it not for the timely retirement of Justice Van Devanter and the switch opinion of formerly anti-New Deal Justice Roberts in _West Coast Hotel Co. v. Parrish_, 300 U.S. 379 (1937). (The move was commonly referred to as "the switch in time that saved Nine.") In addition, the court modifying bill's key sponsor, Senator Robinson fell to a fatal heart attack. See generally, Stone, et al., Constitutional Law (1991 2d ed.). See also, Leuchtenberg, The Origins of Franklin D. Roosevelt's Court-Packing Plan, 1966 Sup. Ct. Rev. 347. The pro-New Deal decision that followed opened the door for federal expansion under the crack in the law left by the New Court's reading of The Commerce Clause of Article I, section 8 of the United States Constitution. See, e.g., _National Labor Relations Board v. Jones & Laughlin Steel Corp._, 301 U.S. 1 (1937). By 1942, The Commerce Clause was construed so widely by The Court that it reached even private functions so intimate as to include the growth of wheat on private property for self consumption. _Wickard v. Filburn_, 317 U.S. 111 (1942) (Farmer's growth of wheat on private property for own consumption held as affecting commerce and thus within the reach of congressional regulation under The Commerce Clause). The result was to allow nearly any activity to potentially affect interstate commerce when taken in its aggregate. Combined with Justice Stone's outright dismissal of the Tenth Amendment, the power afforded Congress no longer had any practical limits. _United States v. Darby_, 312 U.S. 100 (1941). Describing the rapid growth of Federal power from _Darby_ to date might in itself fill a textbook. Let it suffice then to comment that much of the civil rights legislation of the 1960's found its authority in The Commerce Clause and more on point, that no statute that finds its base for authority in The Commerce Clause has been struck down on those grounds since _Wickard_. The other powers granted Congress are no less encompassing than the Commerce Clause itself. Federal Power and Centralist Regulation: The expansion in federal power has produced an explosion of federal regulation since the first organized attempts to institutionalize regulation in the post depression years. Federal regulation and the wide reading of the Commerce Clause gives states an incentive to buy into, and regulate industries otherwise served by the private sector. This is because the "Dormant Commerce Clause" can be circumvented when states participate in the markets they wish to regulate. This is the "Market Participant" doctrine. See _Hughes v. Alexandria Scrap Corp._, 426 U.S. 794 (1976); _Reeves, Inc. v. Stake_, 447 U.S. 429 (1980); _White v. Massachusetts Council of Construction Employers, Inc._, 460 U.S. 204 (1983). But see _South-Central Timber Development v. Wunnicke_, 467 U.S. 82 (1984). The Dormant Commerce Clause refers to those markets upon which Congress has not yet imposed regulating legislation. Often States are prohibited from regulating these markets under the rational that Congress has the enumerated power to "...regulate Commerce with foreign Nations and among the several States...." U.S. Const. art. I, section 8, cl. 3, and therefore states have given the right to regulate to Congress. _City of Philadelphia v. New Jersey_, 437 U.S. 617 (1978). The exception to the grasp of the Dormant Commerce Clause encourages states to buy into the market and be free of congressional restrictions on interstate discrimination and restrictions on protectionist state regulations. Note however that states can easily accomplish the same regulation by harsh subsidies in markets they participate in. As a result it is as if there existed no deterrent to state regulation at all. "Under existing precedent, the State could accomplish [the] same result [regulation of the industry] in any number of ways.... It seems to me unduly formalistic to conclude that the one path chosen by the State as best suited to promote its concerns is the path forbidden it by the Commerce Clause." _South-Central Timber Development v. Wunnicke_, 467 U.S. 82 (1984) (Justice Rehnquist dissenting). The net result is to encourage "spin off regulation" by the states, and as a result of the buy up of industry required, an increase in government largess and government holdings. (Particularly now that all production from the state interests in the industry is regulated by the issuance of government contracts to manufactures. Government contracts being a privilege, and not a right, withholding them is not subject to tradition constitutional protections.) See, e.g., Charles A. Reich, The New Property, 73 Yale L.J. 733,762 n.5 (1964). Federal legislators then typically respond to the protectionist regulations of states by preempting state practices with federal regulation. This is "double spin off regulation." Spin off regulation and double spin off regulation is not the only cycle of federal growth that feeds off it self to inflate federal power and holdings. The cycle of government largess is equally if not more dramatically vicious. Government largess is used to compel behavior, which in turn creates more government largess. Thus, stifling taxes are imposed, a tax break is given to businesses who comply with regulation, control of these businesses becomes a power in itself which can be used as largess over the employees and downstream of the market. More complicated and devious models are easy to imagine. The New Property, coercion, regulation, and the individual. Reich characterized the increasing reliance of the citizenry on government as a source of wealth as "The New Feudalism." The chief characteristic, and the most convincing in my opinion, that Reich points to is the fact that wealth distributed by the government is conditional and subject to the state. Charles H. Reich, The New Property 73 Yale L.J. 733, 768 n.5 (1964). Reich points to 8 key factors in comparing the use of government largess to traditional understandings of feudalism: (1) Increasingly we turn over wealth and rights to government, which reallocates and redistributes them in the many forms of largess; (2) there is a merging of public and private, in which lines of private ownership are blurred; (3) the administration of the system has given rise to special laws and special tribunals, outside the ordinary structure of government, (4) the right to possess and use government largess is bound up with the recipient's legal status; the status is both the basis for receiving largess and a consequence of receiving it; hence the new wealth is not readily transferable; (5) individuals hold the wealth conditionally rather than absolutely; the conditions are usually obligations owed to the government or to the public, and may include the obligation of loyalty to the government; the obligations may be changed or increased at the will of the state; (6) for breach of condition the wealth may be forfeited or escheated back to the government; (7) the sovereign power is shared with large private interests; (8) the object of the whole system is to enforce "the public interest" - the interest of the state or society or the lord paramount - by means of the distribution and use of wealth in such a way as to create and maintain dependence. Id. at 770. Consider by way of illustrations some of Reich's examples, which I find quite elegant and persuasive. In 1964 the New York Taxi medallion [the license required by the city to operate a taxi] was "a piece of tin worth 300 times its weight in gold." Id. at 735 n.7. Television channels, which are issued at no cost, can be sold at extraordinary sums. Id. at 735. Clearly the ability to deprive citizens of wealth without traditional notions of process is power. The words of Justice Stone illustrate the scope of the congressional spending power and the refusal of the courts to recognize traditional protections : "Threat of loss and not the hope of gain, is the essence of economic coercion." _United States v. Butler_, 297 U.S. 1 (1936) To resort to the mundane (in concept and in source), "He who can destroy a thing, controls a thing." and "...the power to tax is the power to destroy...." _McCuloch v. Maryland_, 17 U.S. (4 Wheat.) 316 (1819). The wider the dependence on government wealth, the wider the power of government. Reich asks the most relevant question in light of government largess coercion. If, or when, the primary property is in the form of governmental distributed wealth, what constraints against the government will be available to the citizenry? Where I depart from Reich is the manner in which to assure individual protections in light of the rise of new property. Reich argues that additional protections are required, perhaps protections that would extend the constitutional umbrella over the new property or government largess. Charles A. Reich, The New Property After 25 Years, 24 U.S.F. L. Rev. 223, 241 (1990). This approach clearly presents the politically difficult problem of granting property rights to all government largess, including such largess as welfare and insurance. In addition, it exposes government largess to the same problem present in all rights not individually secured, namely dependence on government as an enforcement body for rights that often conflict with the general interest of the sovereign. The complexity of allowing government to regulate a market or individualist right and then assigning a governmental oversight authority to prevent government abuse is a wasteful and unpolished solution that merely presents more opportunity for loss in the form of failure of process, abuse or inefficiency. Instead the conceptually simpler approach is to prevent the expansion of federal power into individualist constructs to begin with. The General Effect of Technology on Federal Power: Technology has three basic effects on Federal Power. (1) Technological advances expand existing power. Technology, especially data processing technology, considerably increases the effect of existing power by reducing the cost of information collection, organization, and compilation. Consider the Social Security Number. Clearly, on the eve of its adoption, the Social Security Number was not conceived as an identity measure. Regardless, the number proved exceptionally fitted to identification uses simply by its nature. Each person (theoretically) has but one. No two are alike, and almost every citizen has one by nature of economic coercion (its requirement to file tax return information for one). On its face the number seems benign, but coupled with computing power and the ability to quickly collect, sort and exchange data, the Social Security number has become a powerful tracking tool. In addition, the continued reliance on the number as a secure and accurate identifier creates a dangerous potential for abuse. Technically confidential tax return information is available for the asking provided one has the subject's name, and Social Security Number. It is a simple matter today to track the movements of a citizen by the combined information available from parking tickets, passport records, moving violations, credit card receipts, and telephone records. The travel document that was once a mere request by the government of the United States that the bearer be treated as an American citizen, Comment, Passport Refusal for Political Reasons: Constitutional Issues and Judicial Review, 61 Yale L.J. 171 (1952), is today considered mandatory for travel outside the United States, and bears a bar code. Customs officials are today armed with computer terminals and bar code readers. Driver's licenses, also basically mandatory, are increasingly growing magnetic strips and digitized databases of photos and even fingerprints are seeing increased use. Parking enforcement officials travel about in mini-vans with portable terminals connected by radio link to the Vehicle Registry database prepared to seize any vehicle that might draw a red flag. Many agencies are entirely impotent without the technology appearing as recently as the 1960's. How would the Security and Exchange Commission conduct enforcement without sophisticated data processing equipment today? Data processing technology is not, however, the only impacting advance. What would become of Federal Communication Commission enforcement power without advanced monitoring equipment? (2) Technology justifies new federally empowering legislation. There are few major regulations that seek to address electronic privacy, restrict federal or local power, which justify themselves on advancing technology grounds. The best examples of such legislation in the public sector, The Right to Financial Privacy Act of 1978, Pub. L. No. 95-630, sections 1100-122, 92 Stat. 3697 (codified throughout 12, 31 U.S.C.), The Fair Credit Reporting Act, 15 U.S.C. section 1681 (1988), The Family Educational Rights and Privacy Act, 20 U.S.C. section 1232g(b)(2)(A)-(B)(1988), are sectorized approaches to legislation and offer little if any resort to civil actions. The private sector versions of these acts, The Fair Credit Billing Act, 15 U.S.C. section 1666 (1988), The Fair Debt Collections Practices Act, Id. section 1692, and The Electronic Fund Transfer Act, Id. section 1693, fall far below the pace set by Omnibus legislative efforts in Europe and both the public and private legislation is lacking in its implementation. See Peter Mei, The E.C. Proposed Data Protection Law 25 Law & Pol'y Int'l Bus. 305 n.1 (Fall 1993). Despite the fact that it is seldom if ever used as a justification for legislation to protect the individual, often it is the case that new centralizing regulatory legislation is called for to "cope with recent advances in technology." More interesting still is the propensity to create regulations in the form of "living documents" that usually include a clause to "provide a flexible response to changes in technology." Often the result is to create legislation that possesses no theoretical limit to its scope or enforcement power in seeking to advance the stated purposes. Export regulation can often be so characterized. Some prime examples of technologically justified legislation include: The National Competitiveness Technology Transfer Act of 1989, Pub. L. No. 101-189; Reproductive Technology Legislation, Pub. L. No. 102-493; Genetic Technology Acts, 15 C.F.R. 295.1; and numerous export regulations e.g., 22 U.S.C. 2751. Often these legislative efforts grant powers much beyond that needed to enforce the stated goal, or beyond that which could be justified by the advance of technology alone. (See, e.g., 50 U.S.C. Appx.) (Supposed export justification accomplishes many forms of "fringe benefit regulation."). The New Property and Technology: Technology gives government great power. Government has the power to gather information, to coerce through largess manipulation, to compile records, and to make resistance to policy difficult. At the same time, government uses technology, both directly and as a justifying rational for increased regulation and federal empowerment. The increase in government power, and especially the creation of new types of government largess (Guaranteed Internet Access, Federal Computer Educational Assistance Programs, Universal Health Care) is a threat to individualism in the Unites States. Certainly Charles Reich's concepts of government coercion only gain credibility and ominous implications when the raw power of government augmented with technology is factored in. If indeed we have "no principal that forbids organized society from making use of our dependency to achieve goals of social control," The New Property After 25 years, supra, at 224, then we must either develop such a principal as Reich suggests, Id. at 225, or resist the continual growth of federal power. Considering the current judicial disposition to allow government coercion by the threat of largess withholding, See, e.g., _Steward Machine Co. v. Davis_, 301 U.S. 548 (1937) (Federal tax imposed on employers. Employers who participated in state unemployment funds received 90% refund. Statute upheld and held not to constitute coercion.), it is highly unlikely that largess will see the constitutional protections Reich seeks. Indeed restrictions of these largess coercions, an important legislative tool for federal empowerment, might well invalidate every major regulatory program instituted since the New Deal legislation. Assuming such protections were possible to implement, an assumption that ignores the time, legal, philosophical and momentum restraints, it is difficult to assert that constitutional protections overseen by government would not be watered down by a "balancing" test, or the lack of sufficient redress for the victim of coercion. Reich's model of restricting government with a governmental regime intended to protect citizens from government is simply clumsy. Instead it is today within the power of the citizenry to protect itself from many forms of government largess coercion and control. Consider encryption as an example. Encryption is empowering. With encryption, and specifically public key encryption, the individual thwarts millions of dollars in governmental surveillance development. (The author assumes a basis knowledge of public key encryption on the part of the reader.) If theories are correct, and in the battle between cipher and cryptoanalysis the cipher always wins, the prospect for government control is unusually poor. Consider the crossbow as an analogy. The crossbow was an advance in technology that allowed the common man without training to unhorse and usually kill a mounted, armored knight at range. Chuck Hammill, Address at the Future of Freedom Conference (Nov. 1987). The threat to the balance of power prodded the church and the monarchs to take all steps available to eradicate the use of crossbows; excommunication and death for example. Id. Of course, it was never wrong for the knights to use crossbows against heathens. Today, the advent of public key cryptography threatens government's control over the transfer of information. It is no surprise then that government is desperately trying to maintain a grip over the technology that threatens to be available to everyman. Witness the attempt to legislate the information highway, the Digital Telephony Bill, the Clipper Key Escrow proposal. If these technologies, digital communications, Internet access and encryption, cannot be directly banned or restricted because of constitutional restraints, they can certainly be converted to government largess without constitutional issue. The new feudal, federal system has seen a crossbow in the making, and it seems that the knights want exclusive use rights. What implications would truly anonymous transactions, digital cash have on the current tax collection structure of the United States? The registration of automobiles? Firearms? What impact might truly untraceable and secure communications across an unsecured channel*[reword]? The current technologies threaten to break the current trend of federal empowerment, and worse for the centralists, reverse it. The (Il)legitimacy of Pending Legislation: (1) The Digital Telephony and Communications Privacy Improvement Act of 1994: The Digital Telephony and Communications Privacy Improvement Act expands federal power by placing a positive burden on the common carrier to provide law enforcement with communications intercept and "call setup information" and imposes penalties upon common carriers who do not comply. The Digital Telephony and Communications Privacy Improvement Act of 1994, section 2. See also, Mike Godwin, Section- by-Section Analysis of the 1994 Draft of the Digital Telephony Legislation (1994). Godwin suggests that the new burdens on common carriers are imposed because 18 U.S.C. 2518(4) is not commonly read to impose such a burden, and thus common carriers are often reluctant to provide the kind of solutions to intercept problems law enforcement would like. Mike Godwin, Section-by-Section Analysis of the 1994 Draft of the Digital Telephony Legislation (1994). The specific provision provides "Common carriers shall be required to provide forthwith, pursuant to court order or lawful authorization, the following capabilities and capacities in order to permit the government to conduct electronic surveillance and pen register and trap and trace investigations effectively." Digital Telephony Bill, section 3 (amending 18 U.S.C. 109, section 2237(a)). The draft goes on to provide for simultaneous interception of communications and call setup information. Digital Telephony Bill, section 3 (amending 18 U.S.C. 109, section 2237(a)(1)). The intercepted information then must be forwarded to a facility of the government's choice. Digital Telephony Bill, section 3 (amending 18 U.S.C. 109, section 2237(a)(4)). Penalties for failure to comply are set at $10,000 per day and subjects offending common carriers to F.C.C. sanctions or fines. Digital Telephony Bill, section 3 (amending 18 U.S.C. 109, section 2237(f)). Enforcement power is given to the United States Attorney General or at the Attorney General's request, the Federal Communications Commission. Digital Telephony Bill, section 3 (amending 18 U.S.C. 109, section 2237(e)). Apparently the Digital Telephony Bill does expand federal enforcement power significantly by giving new powers to the Attorney General, placing new burdens on common carriers, and assigning new fines for non-compliance. In addition, the bill would make interception a much easier task for federal and local law enforcement, both of which benefit from provisions of the Digital Telephony Bill. As the technical nuances of forwarding intercept information to the government "location" are not addressed, one wonders if government officials can access any intercept and call setup information they wish, or if they must request the information from the common carrier, presenting evidence of their lawful authority in the process, and have it forwarded. The reference to common carriers raises the question, will these include "public access" internet providers. Note that the Digital Telephony Bill adopts the definition of common carrier in 47 U.S.C. 153(h): "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy. 47 U.S.C. 153(h)(1993). In addition, it is possible that such providers might fall under the "common carrier support services" provider provision of the Digital Telephony Bill. Digital Telephony Bill, section 2. Mr. Godwin suggests this might impose obligations upon local telephone service providers to acquire "transactional information" from Internet providers when e-mail is sent. Mike Godwin, Section-by-Section Analysis of the 1994 Draft of the Digital Telephony Legislation (1994). The implications for anonymous mail in this instance would be dire. Of particular interest is the focus on "pen register" and "call setup" information. Pen register and call setup information has a much lower standard of protection than the actual communication. _Smith v. Maryland_, 442 U.S. 735 (1979)(Installing pen register without warrant did not violate suspects fourth amendment rights). See also, _California v. Greenwood_, 486 U.S. 35 (1988)(Information voluntarily turned over to third parties, including call setup information, not protected by fourth amendment). See also, 18 U.S.C. 3123 (1988). The net effect of this section of the Digital Telephony Bill would be to make such virtually unprotected information trivial to collect. Although the proposed legislation may or may not technically expand authority it most certainly does give law enforcement huge increases in capabilities, especially in data collection. (2) The Escrowed Encryption Standard: On April 16, 1993 the administration announced the Escrowed Encryption Standard initiative. The proposal allegedly seeks to address and reconcile the conflict between privacy of citizens and the intrusive needs of law enforcement. In effect the initiative proposes a standard public key encryption algorithm for voice and data communications. The algorithm is implemented in hardware, the "Clipper" chip, that will be installed in a variety of communications devices. The keys required to decrypt the communications between the devices are segmented and "escrowed" between two agencies. The cooperation of both agencies is required in releasing the key segments to allow wiretapping of any individual device using the Clipper chip. The theory is that the encryption algorithm will provide security for the public from unauthorized eavesdroppers, while allowing law enforcement access to the encrypted communications. The program is described as "Voluntary." See generally, Statement of the White House Press Secretary, April 16, 1993. The Escrowed Encryption Standard is justified by the reliance of law enforcement, and particularly federal law enforcement, on interception of telephone communications in the battle against drugs and terrorism. The Effects of Legislation: Security and privacy are often considered mutually exclusive in their nature. One cannot serve both masters without duplicity. In this respect, the Escrowed Encryption Standard , which is presented as a compromise between the two, is a paradox. Clearly the EES is not at all interested in privacy for citizens. If indeed strong cryptography is such a threat to law enforcement, its availability can only be privacy enhancing in reference to whatever other listeners might seek to overhear. If law enforcement, especially in light of the scope of federal power, does not have the resources to penetrate the currently available strong encryption methods, then EES is not required for privacy. Indeed the EES initiative merely limits privacy to a manageable level under the guise of a government entitlement to privacy. The government here has created an illusionist entitlement to privacy, and given it to the citizenry hobbled, while with the other hand taking what tools were present for the citizens to see to their own privacy in electronic communications. The concept of "standing" illustrates the enhanced privacy available to citizens in the context of one constitutional right, the Fourth Amendment to the Constitution of the United States. The Fourth Amendment is protected by a doctrine called the exclusionary rule. Law enforcement is deterred from violating the Fourth Amendment by the exclusion of such evidence as is illegally obtained from admission at trial. _Mapp v. Ohio_, 367 U.S. 643 (1961). In order to exert this redress, a complaining party is required to have "standing." Simply put, it must be your constitutional rights that have been violated in order to obtain any redress. Were a third party to be searched without the process of a warrant, there would be little redress except for resort to a civil suit, few of which are successful and fewer of which are profitable. _Zurcher v. Stanford Daily_, 436 U.S. 547 (1978). Encryption fills the standing gap. Instead of relying on inefficient process to insure individual privacy in communication, it is now possible for the individual to secure such privacy and protection provided by the amendment but not enforced by the exclusionary rule or civil procedure. If strong encryption presents no threat to law enforcement other than as a cost in time and resources, then it is clear that the scope of domestic monitoring is beyond that which is authorized by court order. According to filings for the year of 1992 state and local authorities performed 846 "intercepts" averaging $46,492 per intercept. Donald P. Delaney, Dorothy E. Denning, Wiretap Laws and Procedures, Sept. 23, 1993. Intercepts under the Foreign Intelligence Surveillance Act of 1978 numbered 484 for 1992, costs are unreported. Id. See also, The Foreign Intelligence Surveillance Act of 1978 50 U.S.C. sections 1801- 1811. Non-FISA intercepts totaled in cost for the year of 1992 near 40 million dollars by these figures. If the implementation of EES is merely a cost cutting measure, and the costs are associated with the economics of decryption of suspect's intercepts using strong encryption, an assertion that lacks any basis, then the EES proposal must total in costs less than 40 million per year and the sum of the FISA intercepts assuming each of these was an interception of encrypted material. If the EES proposal exceeds the cost of these intercepts, we must assume that either: (1) The plan is not economically sound. (2) There are more domestic intercepts than are reported as legitimate. It might be added that EES will not itself reduce the cost of actual interception from the common carrier, while Digital Telephony might. This may explain the similar timing of the initiatives as an attempt to coordinate a cohesive data policy. In addition, encryption technology is a growing and thriving market. The market for security software, fueled by virus and general security interests has attracted many competitors and several contributors in the public domain who have helped to prop up the quality of commercial software. The fact that a market has evolved even in the face of harsh export restrictions suggests that a free marketplace would be a significant force. Clearly regulation is not proper here where: (1) There has been a fairly liquid exchange and availability to consumers of information in the marketplace. (2) There are no restricted commodities (within the United States). (3) There are large numbers of buyers and sellers in the market. (4) There are no localized externalities. Stewart, Krier and Manell, Environmental Law and Policy (3d ed. 1990). In this case the market is restricted by a supposed externality of "national security." The contention that law enforcement and counterintelligence activities will fall apart without the unhindered ability to wiretap is without merit. Supporters of the EES proposal are utilizing a logical fallacy in pointing to the number of convictions obtained by the use of wiretaps as evidence of EES's merits. Indeed law enforcement has relied heavily on their ability to wiretap with basic impunity. The abuses that do come to light surely indicate that more lie undiscovered below the surface of investigatory processes. The assertion that law enforcement cannot properly adjust their methods to rely instead on physical microphones and non-intercept type surveillance is a mere front to preserve the current regime; one of rubber stamp approval and lowered standards of "cause." Law enforcement has found in the ability to wiretap an easy circumvention of the Fourth Amendment because courts have indicated that the key legal principal (the manifestation of an expectation of privacy) is lower in telephone conversations than in the home. How is it that when the citizenry attempts to exert an increased shield of privacy over telephone and electronic conversations by not turning them over to the third party (common carrier) in intelligible form the government seeks to make this impossible? _Smith v. Maryland_, 442 U.S. 735 (1979)(An individual has no legitimate expectation of privacy in the numbers dialed on his telephone because he voluntarily conveys those numbers to the telephone company...) See also, _California v. Greenwood_, 486 U.S. 35 (1988). _Katz v. United States_, 389 U.S. 347 (1967)(What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection). What evil is there in individuals filling the gap that fails to enforce higher protections on our phone and electronic conversations, which incidentally, we rely on today much more than in years past. That the government has an affirmative right to be allowed access to the raw conversation is perhaps understandable. That the government has a right to be provided with a plain meaning translation of what they intercept is not. Even the provisions in the Digital Telephony Bill recognize that the government will not place a duty of translation on the common carrier. The Digital Telephony and Communications Privacy Improvement Act of 1994, section 3(i)(5) (Amending 18 U.S.C. 109 section 2237). Why then is it obvious that this burden should be placed on the citizen? At the very least, the increased expectation of privacy manifest in the attempt to encrypt conversations, even under the EES initiative, should entitle the parties to greater protections of process under the Fourth and Fourteenth Amendments, _Katz_ and _Greenwood_. The EES program is presented as a voluntary program. Unfortunately the government's definition of voluntary falls short. In the case of the EES program, government is trying to establish a de facto standard by requiring all government communications to be made with the new technology. The result is the threat of withholding the government largess of government contracts to the companies that rely on such contracts for their existence. The companies in turn, in the interest of economy, will request that other associations outside of a government context be made with the new technology. Coupled with import/export policies that make competing technologies highly unprofitable to market, the level of coercion is obvious. In order for the EES program to accomplish its goals in relation to crime and the use of strong encryption to deter law enforcement interference, other technologies must not be readily available in the United States. Clearly any group of criminals that might wish to use strong encryption would not adopt a standard labeled at the outset as penetrated by the government. It is hard to take the government's assertion that the program will be voluntary at face value in light of these analysis. The dangers of allowing government to make privacy a collective good distributed, and incidentally seized, by government itself, which is essentially what the EES and Digital Telephony Bill proposals do, should be self apparent. There is little or no reason to believe that this form of government largess will be treated any different as far as coercion by threat of withdrawal is concerned. Coupled together, the ability to eavesdrop on citizenry and cripple a blossoming ability for the individual to secure his or her own privacy, the government has not only eliminated the most significant potential advance in individual and private property, but also gained a good deal of capability in preparing future regulation. Digital cash, which without EES would be potentially untraceable and anonymous, will be tracked as easily or easier in the new regime than the hard currency of today and yesterday. A governmental control of the information structure through subsidy will impose government requirements for disclosure on what would otherwise be private carriers with no such requirements. If these concepts are available to reasoned analysis, they have likely occurred to the administration. Clearly anonymous digital cash and completely untraceable transactions, at little or no cost, are not in the administrations best interest. This suggests that the Digital Telephony, National Information Infrastructure and EES proposals are about, and have always been about, much more than law enforcement, assured access and privacy, but also continued control, regulation, and the status quo. unicorn at access.digex.net -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLYK97xibHbaiMfO5AQGHXwP/ZBVQYOaf63HtFU5FJuRnUj8AyHWRB5Bt /MH0yanuV3+LkaalDXzTt3j/f7gFi5AEJK62CdOMU/T+nMfNg2QGjVTeYY1t9c09 d/NyddXgICd7uEtddced5+jvsMoVwSeDoGn4RLV8hokOvEiLXn9ifcloAnZ55epU FOR//d3uU9Y= =UsvS -----END PGP SIGNATURE----- From wcs at anchor.ho.att.com Sun Mar 13 00:00:27 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 13 Mar 94 00:00:27 PST Subject: "ordinary public" Message-ID: <9403130759.AA16501@anchor.ho.att.com> > rishab at dxm.ernet.in writes: > > It's not a good idea to take this debate to the ordinary public... > > Time readers, yes... > > Well, if "Time readers" aren't the ordinary public, then I give up. Well, they're a subset of the ordinary public that both reads and has some interest in news issues, but that's a reasonably good start. The folks who only watch TV are a bit different audience, and the folks who don't care about news are less likely to vote... From wcs at anchor.ho.att.com Sun Mar 13 00:29:14 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 13 Mar 94 00:29:14 PST Subject: Voice encryption Message-ID: <9403130828.AA16685@anchor.ho.att.com> The problem with secure voice systems isn't doing the encryption, which is relatively easy; it's designing a voice compression system that's cheap enough and fast enough to work with the class of modems you're willing to use. 28.8 kbps modems are now available, using the Rockwell V.FC stuff until V.FAST gets stablized, but there are concerns about whether they'll perform well over international circuits, which are obviously one of the prime markets for secure voice. If you're willing to standardize on thise, you can get by with a number of cheap voice-compression algorithms at 16-24 kbps, but standardization really is somewhat important, as is cost for the consumer market. One of the speakers at today's BayArea cypherpunks meetings was talking about a prototype secure voice phone he's building, with a target price under $1000 for a bump-in-the-cord design. He had an alpha-quality board with him, blue wires and all, and was working on refining the design. Reasonably common DSP parts, Rockwell modem chip. One difficulty of the bump-in-the-cord design is you've got to include phone interfce circuitry, and deal with questions of whether to provide ringing voltage to the phone (90V has safety issues as well as circuit cost) or just provide a cheap speaker ringer. He was looking at Diffie-Hellman for key exchange for simplicity, (which you can afford to license if you're doing a reasonable-sized run of phones, though he hadn't negotiated prices.) The user interface was nice and simple - 3 LEDs and a "GO Secure" button, and the phone was designed to let you answer and originate calls in either secure or aalog-non-secure modes (maybe also digital-non-secure?) for convenience. Phil Zimmerman is working on a voice-PGP, but I don't know what he's doign in any detail. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From wcs at anchor.ho.att.com Sun Mar 13 00:53:35 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 13 Mar 94 00:53:35 PST Subject: brainstorming on cpunks' eve Message-ID: <9403130852.AA16812@anchor.ho.att.com> Matt Thomlinson posted some interesting ideas. > Other possible net services: random number services, For crypto use that's not very helpful - if the numbers go across the net, other people can see them. But they may be somewhat helpful as seed material for your own random number generator, along with hashes of your memory, random Ethernet traffic, etc. A slightly different application is for tax purposes - you may have a machine that needs to be used for business over 50% to make it a business asset rather than a personal one, and the amount of depreciation you can deduct is proportional to the business usage. Even if you can't make a *lot* of money selling random numbers and big primes or attempting to crack other people's keys for a small fee, it *can* be business, and certainly should keep the CPU depreciating rapidly at night.... > Also, one could set up a hashing/signing service, more akin to a time > stamp service. [....] "Digital Notary" system? There's certainly a need for such services. You have to be careful to avoid stepping on Bellcore's work, since I think it's patented, but related services may be practical and profitable. You have to decide how much you're willing to trust the timestamp that the service generated, as you would for a human notary. With a digital notary, there's a risk someone could hose the clock on the notary's machine, get something notarized, and reset the clock, so even if the notary's being perfectly honest it's not risk-free. From rustman at netcom.com Sun Mar 13 01:54:56 1994 From: rustman at netcom.com (Rusty H. Hodge) Date: Sun, 13 Mar 94 01:54:56 PST Subject: Locating Color Copiers In-Reply-To: <199403101607.IAA00526@soda.berkeley.edu> Message-ID: <199403130955.BAA01864@netcom8.netcom.com> nobody at soda.berkeley.edu says... > > On a slightly related topic, I know of an instance where the > Secret Service located a stolen color copier with somewhat > greater speed than one might have expected. > > Is it possible that these machines either: > (1) contain transponders > or > (2) hide a "signature" in their output ??? 1. Why was the secret service looing for stolen property? 2. This is an urban legend. There is no "signature" on the output of Canon CLC copiers. because these copiers are so maintenance-intensive, and since Canon *owns* most of the CLC dealers, it would be very easy for them to check their s/n records when they are servicing the equipment (which needs to be done when the devices are moved)! pretty exciting, huh? -- Rusty H. Hodge, Cyberneticist From m5 at vail.tivoli.com Sun Mar 13 04:27:06 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Sun, 13 Mar 94 04:27:06 PST Subject: golly, mr. science In-Reply-To: Message-ID: <9403131226.AA22246@vail.tivoli.com> Wayne Q Jones writes: > Why not beam a time-delayed virus... Indeed; why not just use the transporter to send Tim and Eric in there, where they can direct tachyon field beams directly into the NSA's plasma couplers. All they have to be careful about are the Berthold rays. Sheesh. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From leonar716 at aol.com Sun Mar 13 05:44:23 1994 From: leonar716 at aol.com (leonar716 at aol.com) Date: Sun, 13 Mar 94 05:44:23 PST Subject: Delete from mailing list Message-ID: <9403130841.tn08248@aol.com> I would like my name deleted from your mailing list. Too much junk mail. From ejo at world.std.com Sun Mar 13 06:01:00 1994 From: ejo at world.std.com (Edward J OConnell) Date: Sun, 13 Mar 94 06:01:00 PST Subject: Canon Copiers In-Reply-To: <199403130955.BAA01864@netcom8.netcom.com> Message-ID: The new models, the 350 and 550 do indeed have a currency recognition feature based on color. I was talking to a serviceman--interestingly, as with all crippling features, this one creates problems, as certain images become uncopiable if the color they use is upsetting the canon. The service man said that often the offending object may be copied simply by placing a sheet of acetate between the imaging area and the sheet to be copied. I used to be skeptical of this feature--someone here conjected that it would be based on color. they were right. Smart. Jay From unicorn at access.digex.net Sun Mar 13 07:55:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 13 Mar 94 07:55:05 PST Subject: Voice encryption Message-ID: <199403131554.AA27960@access3.digex.net> The problem with secure voice systems isn't doing the encryption, which is relatively easy; it's designing a voice compression system that's cheap enough and fast enough to work with the class of modems you're willing to use. <- I dont want to use modems. -uni- (Dark) Who was the bay area speaker you were talking to? From nobody at soda.berkeley.edu Sun Mar 13 08:28:53 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Sun, 13 Mar 94 08:28:53 PST Subject: Color Copiers Message-ID: <199403131628.IAA28202@soda.berkeley.edu> rustman at netcom.com says... >nobody at soda.berkeley.edu says... >> >> On a slightly related topic, I know of an instance where the >> Secret Service located a stolen color copier with somewhat >> greater speed than one might have expected. >> >> Is it possible that these machines either: >> (1) contain transponders >> or >> (2) hide a "signature" in their output ??? >1. Why was the secret service looing for stolen property? >2. This is an urban legend. There is no "signature" on the output of Canon CLC copiers. >because these copiers are so maintenance-intensive, and since Canon >*owns* most of the CLC dealers, it would be very easy for them to check >their s/n records when they are servicing the equipment (which needs to >be done when the devices are moved)! >pretty exciting, huh? >-- >Rusty H. Hodge, Cyberneticist The _event_ is not an urban legend. (The signature hypothesis could be). Check the Chattanooga papers (late '92 or early '93). A copier was ...uh... relocated to a residence. I doubt that the manufacturer was invited to make service calls. The secret service was involved because of what was being copied. It could just be that the SS (funny coincidence of initials) is very good at its job, but I wonder. From peace at BIX.com Sun Mar 13 09:40:47 1994 From: peace at BIX.com (peace at BIX.com) Date: Sun, 13 Mar 94 09:40:47 PST Subject: Voice encryption Message-ID: <9403131240.memo.89012@BIX.com> You don't want to use modems?!?!?!?!?!?!?!?!? Well.. that kind of eliminates most encryption schemes that I know of. Peace oint me to a reference, I have NEVER seen it (mis)spelled Cypher. Peace From Lyle_Seaman at transarc.com Sun Mar 13 09:50:20 1994 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Sun, 13 Mar 94 09:50:20 PST Subject: CIA and the drug trade Message-ID: Since Aldrich Ames has been in the news recently, I think this is apropos. (the suggestion has been made that the CIA failed to uncover his activities because they ascribed his fabulous wealth to the coke business -- not that they would ever admit _that_, of course) From: ww at blythe.org (Workers World Service) Via NY Transfer News Collective * All the News that Doesn't Fit CIA IS UP TO ITS EYEBALLS IN COCAINE DEALS Which banks laundered the money? By Deirdre Griswold No element of the state apparatus is more shielded from public scrutiny than the Central Intelligence Agency--the U.S. secret police whose operations span the globe. What do they really do? How much of the public treasury is diverted into their coffers? How many of the vicious wars now tearing apart poor countries were hatched in their inner sanctums? It seems that one thing they do is ship millions of dollars' worth of cocaine into the United States. That's according to an official of the U.S. Drug Enforcement Agency, Annabelle Grimm, who was interviewed by the program "60 Minutes." The New York Times of Nov. 20 first broke the story. "I really take great exception to the fact that 1,000 kilos came in, funded by U.S. taxpayer money," said Grimm. A thousand kilos is over a ton of pure cocaine. CIA, COCAINE AND DEATH SQUADS The 1990 shipment was arranged by Mark McFarlin of the CIA and Gen. Ram"n Guilln Davis of the Venezuelan National Guard, said the Times story. What possible reason could the CIA give for arranging to ship a ton of cocaine into the U.S., where it was then sold on the streets? It was done to "gain the confidence" of Colombian drug traffickers, explained the agency. McFarlin's history includes a stint in El Salvador, where he worked with "anti-guerrilla forces" in the early 1980s. This is a euphemism for the government death squads that, together with the Salvadoran army, were responsible for the deaths of 70,000 people in the dirty war there. The guerrilla movement represented the workers and peasants. The U.S.-funded killers did the bidding of the landed oligarchy and the multinational corporations that have sucked El Salvador dry. What is the connection between drug trafficking and a rightwing political police agency like the CIA? Plenty. Recently, the CIA was implicated in covert support for the right-wing military in Haiti, which has deposed the popularly elected president, Jean-Bertrand Aristide. At the same time, the State Department was grabbing headlines with its loud but ineffectual negotiations supposedly meant to return Aristide to his country. The Haitian military are known to be deeply involved in the highly lucrative drug trade--a compelling reason why they refuse to relinquish direct control over the government. During the Vietnam war, the CIA used its fleet of secret planes to ferry opium and heroin out of Southeast Asia--at the same time that its agents were assassinating Vietnamese villagers in the notorious Phoenix program. Drugs became a major social problem in the U.S. at this time. (See "The Politics of Heroin in Southeast Asia," Alfred W. McCoy, Harper & Row, 1972) LINKS TO BANKS The biggest question, however, is the tie between covert government agencies like the CIA and the giant banks that launder hundreds of millions of dollars in drug money. It is public knowledge that the CIA deposits large amounts of money in the name of dummy companies. At the highest levels, bank officials obstruct public scrutiny of dubious transactions, including those involving large amounts of cash. When they are working with the CIA, all this can be passed off as necessary in the interests of "national security." In January 1985, Bank of America was fined $4.75 million in a civil penalty for failing to report more than 17,000 large cash transactions. Other huge banks paid lesser fines in this mild crackdown on widespread money laundering. No criminal charges were pursued. In 1989, after Treasury officials estimated that as much as $110 billion was being laundered by U.S. banks each year, the Bush administration announced it would regulate international money transfers by U.S. banks, and would set up a large computer center in Arlington, Va., to monitor information on money laundering. And there it has sat. No big indictments, or even civil fines, have been forthcoming against the big capitalist bankers. Repression and police corruption Instead, all the muscle has gone into sending U.S. paramilitary units into impoverished South American nations like Bolivia and Peru to interdict cocaine supplies--with no results--and beefed-up SWAT teams into oppressed communities in the U.S., where their racism and brutality are notorious. Repression against drug dealers on the street level is worse than futile. As the recent Mollen Commission hearings in New York showed, it is often linked to massive corruption among the police themselves. This latest revelation about the CIA and cocaine shows once again that drug trafficking can only be rooted out through a mass struggle aimed at the vital institutions of capitalist society. They are in it up to their eyeballs. -30- (Copyright Workers World Service: Permission to reprint granted if source is cited. For more information contact Workers World, 55 West 17 St., New York, NY 10011; via e-mail: ww at blythe.org.) From unicorn at access.digex.net Sun Mar 13 10:12:44 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 13 Mar 94 10:12:44 PST Subject: Cypher????? Message-ID: <199403131812.AA14251@access1.digex.net> Hmm.. Perhaps you could point me to a reference, I have NEVER seen it (mis)spelled Cypher. -< how about cypherpunks at toad.com ^^^^^^ From nobody at soda.berkeley.edu Sun Mar 13 10:32:27 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Sun, 13 Mar 94 10:32:27 PST Subject: guava Message-ID: <199403131832.KAA02790@soda.berkeley.edu> -----BEGIN PGP MESSAGE----- Version: 2.3a hEwC4jl+hcpa3SkBAf9xjSn7/o42Bvjh1C3IXkGivzcEBGPlRrXWHQSDTR4W2xma LYGakH4iqh4EgpDi6hgaly2wtOpHj+ufx67fa8EwpgAABexkKVUzppWofs7f5Zw5 m0pcHAQ+/hdtZsk08IZDuQt9YTOVvwwTNfaSUp0YzVb150JhDa1o9N6r4uJ8a7Zy qwCowRurAiTmiaTu+cLwP28mksOwvP8B8P9h8jKh6TAVaYLiZZeV8OqtDM12la5Q fa0oj6Jm4rzbyIfWgeefzjKIvV7YiTnZJbC15u+xcjrksEoIYN8PK1IkqOuEg1mz wjwRra4wKk/R/svOBCquMJiVuYU57ThFpioDpO9pXSkr6sStWjdqTa+heW8iJv/R 4brjkxsa31U9WeMV7RouHohaxiglF9Y6aLnkel4xZb0CLTiHLsQKa7yMV17/P9Jx k7QwioRB0ymZyJXid8CUKsm5Ul6+lz6AG93qbkg6vBO2AhcsQBA5u7NkP0/BUeEy AALMk2WuGFFf0UD32wU7YpwWNhMj/jIsQONgQHuLjVkePICCelJ7stf4tPKcz/lk jTUmHmoJKSf4Ec4I21E1mnQ1ivBfsSmIDmg1uS3UZhlzADQRxvuKNDTs/wrWLLhS 90L+AjgQQwH5f50feLb5l/r3TP2Jda5xrld7wOlllV+0bic/E7pcrgl+BPoMj4Vk wHSNn0jyLj/6Cnt37vOPvEcVs02bgNgnxDJg/BdCo+YZMFfwbNRRtS8Flk7HheMr 8tHQp8vGWjV9Hh6AJhfCKxqn/RBW61vtSTXfsBzflYDJZGI9ae+dayJObZmzCvIL tOdTSgrwJUQ0GEQ1xZL0DSQ0wwp+vWbiHm+4WsCJi5khgXEjHze+jdcZzphwTKy8 NBXSC0riChYRyBmO6WzEiOdIG3RjKzc1WrLwZ7ONsoWV5UR6B69hwKexkmOXCAld i6VnBIzQDLogJbOyQnGnSyRy2IlAikD/037tqsottJHyaLeeNeIo8g+XmhlomhMK Jp2k7xv4GO+ffDpNNOXCm/vZKAp0sN1r6b3QTCAO6LlQo4rcP97KLDfnV2kouRj7 Od3yjG8qwdQ7Kt+w/NiT4QzHD3aIteYBcXsBma2IoOszHiwGTSITfK5DIaCrILU7 fzJ1ESprD4ERNFpO61IOJ564LXys2rnp8uGKiqHigFzw4l//jRPehrODo0l/bdU7 5zpwfyX8M/wKl5LeKr9oDupl67uxkDPSUeGPKh6obXVXiGrH0mpIrrQTDI+33d/U WW3m1/jrCSxM6rpmf/t7Mv80ZMF1SsHtUCBXakJEJMKD7vTwSSN7fv2L0EtNfeXk dyl5hqJHhsId8dHwsq6zuvbM2dhZxyN5/U97sirf9ypBqd+6H7o2B4v258bBAsPt DaPRsYrqyDdqeSiC6LbRD/h1PuQMnkYIAOZBcs7WbNHY9MiEyavLtZuI6k2K5mEt aYTt2w1vLfIsK8HTEsNex+Z5tdRLRqRwrfNGAsz0NOWNtM563j/M36QomQgtZNes J9BQmXer9bn6LVchRZ59o/SCC74Skk3zUUqMstmuKdKxSmcRRiQsquvDV1QgErvN G5EKnV1BaRYIMEqfXoB4zNVtKDAy8ZLUox+TN0LF5h/CVKRYBoC6YtcSGjyoIklJ 5M0rNnrl9YwsqpNsLlFwNoCMUbEEogAtUeAIJA/ZvPhum4dzE2evvVBjBKI6pwFR mHOzSRqEkRv/P7BKfvxXLa4Hgr99GbxqC7nIB/0QvrHX5sF1cCxvo4kPJZLSIWb5 hqPGLN9VCb7fVb0R0G1k66LNgG22vSw5xSREdHRik03266mofLDOv3whYP8GSMEp Qpb4bGfy/pF323mLVjIqGy3a+gAhjeNi/l90snjuZ4bOddUhUDC5kjLgJf+UNnFc oG4IQP7vZ16JrLtVr5nxkGW7aHFc80K3zl+nnhP7Y6yRx3S5MrtLRmtpSAr4ZQ3k ryhbr2q2+G2nll3lxkHkn1QyK4xMMaTXNR6sMZH5qu4dro/Wxj2kDqCapLqZsj+x XVPkvYCe+X4TtI+eILz9thADHZBKkuFSHtZCdrrfanIWjuBSMZCyCevdXrFytBGq XigXT6eWIPTwHeVP2Zam =hRDE -----END PGP MESSAGE----- From phantom at u.washington.edu Sun Mar 13 10:38:39 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sun, 13 Mar 94 10:38:39 PST Subject: cipher vs cypher Message-ID: > Hmm.. Perhaps you could point me to a reference, I have NEVER seen it > (mis)spelled Cypher. sigh... --- Webster's dictionary> cypher cy.pher(chiefly Brit var of) CIPHER Webster's dictionary> --- so it's a british spelling. so what. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From werner at mc.ab.com Sun Mar 13 10:44:07 1994 From: werner at mc.ab.com (tim werner) Date: Sun, 13 Mar 94 10:44:07 PST Subject: Cypher????? In-Reply-To: <9403131237.memo.89010@BIX.com> Message-ID: <199403131843.NAA09344@sparcserver.mc.ab.com> >wcs> Cypher gets spelled both ways, but in the cryptography world it's more >common than cipher, probably. > >Hmm.. Perhaps you could point me to a reference, I have NEVER seen it >(mis)spelled Cypher. According to the Random House College dictionary, cypher is a usually British spelling. But I have been assuming the group name was a take-off on cyberpunks. No? tw From tcmay at netcom.com Sun Mar 13 11:05:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 13 Mar 94 11:05:08 PST Subject: Cypher????? In-Reply-To: <9403131237.memo.89010@BIX.com> Message-ID: <199403131905.LAA04318@mail.netcom.com> > wcs> Cypher gets spelled both ways, but in the cryptography world it's more > common than cipher, probably. > > Hmm.. Perhaps you could point me to a reference, I have NEVER seen it > (mis)spelled Cypher. > > Peace > "Cypherpunks" is to "Cyberpunks" as "Cipherpunks" is to "Ciberpunks." And "cypher" is a perfectly fine alternate spelling of "cipher," used almost exclusively in Britain, and other Empire colonies. Since much of modern crypto (I mean, "cripto") derived from British work (Turing, Colossus, Bletchley Park, Enigma), a kind of homage. Consult any dictionary before saying you have "NEVER" seen it "(mis)spelled" that way. The first reason, the resonance with cyberpunks, was clearly the main reason Jude Milhon ("St. Jude" of "Mondo 2000") quipped: "You guys are just a bunch of cypherpunks." The name stuck. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mg5n+ at andrew.cmu.edu Sun Mar 13 12:03:46 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 13 Mar 94 12:03:46 PST Subject: Cypher????? In-Reply-To: <199403131905.LAA04318@mail.netcom.com> Message-ID: % telnet chem.ucsd.edu Trying 132.239.68.1... Connected to chem.ucsd.edu. Escape character is '^]'. Accel UNIX (chem.ucsd.edu) login: webster Last login: Sun Mar 13 11:38:36 from 146.122.132.195 Word: cypher cy-pher chiefly Brit var of CIPHER Word: cipher 1ci-pher \'suE-fer\ n, often attrib [ME, fr. MF cifre, fr. ML cifra, fr. Ar s.ifr empty, cipher, zero] (14c) 1a: ZERO 1a 1b: one that has no weight, worth, or influence: NONENTITY 2a: a method of transforming a text in order to conceal its meaning -- compare CODE 3b 2b: a message in code 3: ARABIC NUMERAL 4: a combination of symbolic letters; esp: the interwoven initials of a name 2cipher vb ci-phered; ci-pher-ing \-f(e-)ri{nj}\ vi (1530) :to use figures in a mathematical process ~ vt 1: ENCIPHER 2: to compute arithmetically Word: Connection closed by foreign host. From nowhere at bsu-cs.bsu.edu Sun Mar 13 13:12:18 1994 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Sun, 13 Mar 94 13:12:18 PST Subject: REMAIL: Supported Header Lines Message-ID: <9403132112.AA13524@bsu-cs.bsu.edu> Somebody is bombarding my remailer with messages saying "Anon-To: remailer at somewhere..." Obviously someone is trying to chain their message through several remailers. The problem is, my remailer only supports the following header formats: X-Anon-To: user at host Request-Remailing-To: user at host The unsuccessful attempts show up in my inbox and it's getting annoying. I feel like after 50 messages, I'm allowed to say I'm annoyed! Chael -- Chael Hall nowhere at bsu-cs.bsu.edu 00CCHALL at BSUVC.BSU.EDU nowhere at chaos.bsu.edu chall at bsu.edu From rarachel at prism.poly.edu Sun Mar 13 13:15:28 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 13 Mar 94 13:15:28 PST Subject: Niacin warning OOPS!!! In-Reply-To: <199403121634.IAA06561@jobe.shell.portal.com> Message-ID: <9403132103.AA21764@prism.poly.edu> > From: rarachel at prism.poly.edu (Arsen Ray Arachelian) > > you can also just pop a 400mg Niacin capsule... Niacin will > > quickly dialate all your capilaries bringing lots of blood > > to your face and making you look like a lobster. > > > > That should mess up any scan... so if you're a wanted > > crook in an airport that uses ir-face biometrics, just > > pop niacins like them were pop-corn. :-) > > I just want to warn anyone who is thinking of trying this that 400 mg > is not the place to start with niacin. The flushing will be extremely > intense at that level and you will probably either think you are dying > or wish you were. Try 50 or 100 mg to start with. > > You do build up a tolerance to this effect of niacin pretty fast so > experienced users will need higher doses to get the flushing. But for > a non-user lower doses are adequate. OOPS! I goofed! Sorry about that, hope nobody tried that high a dose.. It's kinda hard to know what to reccomend when you're doing 1000mgs of the stuff... These days, I've cut down on it and only do one once a week or so because depending on how much I've eaten before I pop a niacin, I get the flush from hell, or no flush at all... For the least flushing effects, take one after you eat... for defeating the airport security infra-red scans whenever they will come in use, eat nothing, but a single niacin at whatever dosage you feel comfortable with. Beware that on an empty stomach flushing will occur within a very short while (say about 10-15 minutes or less!) so keep that time in mind before you board the plane, and remember to pop one before you get off the plane... An after-effect (after the flushing) is that you may feel chills after a large dose wore off... I'm not sure if that actually messes up an ir camera from ID'ing you off your normal ir scan, or if it's just your body adjusting itself to not having niacin in your blood, or what.... From rarachel at prism.poly.edu Sun Mar 13 13:21:17 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 13 Mar 94 13:21:17 PST Subject: brainstorming on cpunks' eve In-Reply-To: <199403121622.LAA20537@duke.bwh.harvard.edu> Message-ID: <9403132108.AA21816@prism.poly.edu> > If the random number scheme is subject to evesdropping, which > it would be over todays net, then the numbers you use, while they may > show no pattern, could be known to an attacker, which would probably > make them far less useful. A better way to spend your time would be to > design a bit of public domain hardware that could be easily built by > anyone who wanted a hardware rng. Not really, the receiver of these numbers could run it through several crypt programs with random keys gotten from his machine, etc. If you do several hundred rounds with several hundred random keys with random delays, the random numbers resulting from all this abuse should be quite different from anything that whoever is spying on the transmission will see... (Granted, though this would still be a PRNG, it would be better than most, if the purpose of these random numbers is to simply act as a RN server.) > If you include the signatures of the previous several messages > in the signed message, and issue each a message ID, changing the time > becomes easier to detect. If you keep all messages signed that week, > and publish a checksum in an easily found source, say the New York > Times, then you're repeating work already done at Bell Labs. (I'm > sure someone could find a reference if anyone wants to get in touch > with these folks?) I haven't heard about this... can you tell us more? From rarachel at prism.poly.edu Sun Mar 13 13:32:55 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 13 Mar 94 13:32:55 PST Subject: spyproofing your house/work building Message-ID: <9403132120.AA21962@prism.poly.edu> I'm curious about how one would go about spy-proofing one's house.. I suppose the 1st few steps would be to make each room a Faraday cage... What kind of sheet metal would be good to use for this? Would somet thin metal suffice? In terms of isolating the windows from ir-laser pickups, I thought I could attach speakers to every window and tune them to some radio station that doesn't exist, or better yet a RNG so that audio-substraction wouldn't work. (One of the ways of spying is to bounce a laser off a window. The vibrations from the window would cause vibrations in the reflection of the laser beam, so the spy can listen in on your conversation. However if there's a lot of noise outside your house, they would simply hang a mike aimed at the source of the noise and substract the two signals to filter out everything but what they're trying to spy on...) Another thing I've heard is some stuff about the US Embasy refusing to move into a building that was full of bugs in the now defunct USSR, and one of the reasons is that they were detecting lots of micro-wave-emmisions. The article stated that this was a health risk, but someone on here(???) stated that microwaves can be used in place of bouncing an ir-laser beam off a window because any metal objects in the target room would also vibrate with sounds... So as a summary, I would make the room a faraday cage with speakers on it every few feet fed into individual RNG's, then use some of that sound isolation foam all around the metal slabs, then set up the dry wall/floor/ceilings on top of all that... Of course phone taps are still a problem, but hopefully with the PGP-phones.... Have I forgotten anything? From fhalper at pilot.njin.net Sun Mar 13 14:23:25 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Sun, 13 Mar 94 14:23:25 PST Subject: Cypher?? Message-ID: <9403132223.AA17466@pilot.njin.net> Is there really that LITTLE to discuss? I mean how important is it if it should be "cypher" or "cipher"? Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From sameer at soda.berkeley.edu Sun Mar 13 14:38:39 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 13 Mar 94 14:38:39 PST Subject: The blind anon-server Message-ID: <199403132238.OAA18638@soda.berkeley.edu> file://soda.berkeley.edu/pub/cypherpunks/remailer/blind-server.docs This server is running in testing mode. Please contact Sameer if you'd like to help test it. ---------- The Blind Anon-Server ---------- by Sameer Parekh Copyright 1994 Introduction I hatched up the Blind Anon Server because of Eric Hughes's comments about the safety in ignorance. I wanted to run an anon server, maybe similar to Julf's remailer, but I did *not* want to know the connection between anon-ids and real IDs. I still wanted it to be easy to use so that someone who wanted to send mail to an anonymous person need only send it to a standard mail address, instead of using Hal's remailer return address block, which is an incredible pain to use. The system I have hatched up is relatively secure. If you take the proper steps to secure your identity from me, even if I were keeping complete logs, I would still know nothing of your true identity and if my records were subpoenaed, I could freely hand over the contents of my records without any worry that the privacy of my users will be violated. The system requires all commands to be pgp signed. Thus you will create a public/private keypair for your anonymous identity, and all administrative commands to the list regarding this identity must be signed by that key. You can send list commands from *any* address-- an anon remailer, a friend's address, Julf's remailer, whatever.. and as long as it is signed by your identity's key, all will be well. Setup First you have to create your alias on the anonymous server. Creating the alias is easy, but setting it up to work right takes a bit of effort and bookkeeping on your part. (Maybe I'll write a client which can take care of all the bookkeeping.) Create a pgp keypair with a User ID of the form "Psuedonym ". Send your public key to admin at sitename with the subject line, "addkey". This will create for you an anonymous id which can be accessed via "alias at sitename". You should only send one key to the server in any single addkey request. You have to choose an account name which hasn't been used before. In order to get the list of all account names which have been used and are not available, send a message with the subject "sendused address" to admin at sitename and the list of unavailable names will be sent to address, with the body of your request tacked on to the top, so you can use a remailer for the "address" and the body can be an encrypted mailing block-- you need not reveal your identity to me in any case. Starting an account gives you 100 credits. Now if you would like to send a message to someone from your newly formed alias, you can send a signed message to the administration address (admin at sitename) with the "mailmessage" command. For example: ::mailmessage recipient Subject: here's the plans to the stealth bomber Keywords: bomber Here's the plans... --END OF MESSAGE-- The message will be sent out from sitename just as if you had sent it out using a standard mail program from sitename. Then comes the more complex part. You have to tell my anonserver how mail to your alias will actually get to you. There are various levels of security which you can use. Because the remailernet is not very reliable, the idea is that you setup a number of paths which mail can get to you through, so that if one path goes down you can still use the other paths to get mail. You can either configure it so that mail to you goes through every path (for reliability with less security) or one path chosen at random (more secure but less reliable). To add a path to your list of paths, you must send a signed message to the list, with the lines ::addpath firsthop PATH INFORMATION GOES HERE --END OF PATH-- The firsthop is the first hop along the path between my anon server and you. It *can* be your address, in which case there is a good deal of reliability, but you get absolutely no good security. The "path information" is what gets tacked onto the top of the body before the message gets sent to the first hop. Suppose your firsthop was Hal's remailer, hfinney at shell.portal.com.. You would have something like: ::addpath hfinney at shell.portal.com :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.3a hEwCKlkQ745WINUBAfwPrO+z9LMBz7boyyC7gUqX/QCEZkXmJCeZYoskgtH5qqbi y4mYUL5a0ApbzrhPs8ULkPnW2c4Pfr1AfYSSgvrzpgAAAEvJtPOuQsW8IVQfl+iW CAr2gd5jax+t75qbux5U/RRxlbsq4cOeGrO/i/6Km6m71Vsdj0rquEQBvREnXxdj 81YsBM9QlFNxQAB8rrQ= =Ylli -----END PGP MESSAGE----- --END OF PATH-- That pgp message is encrypted for Hal's remailer. When Hal's remailer gets the message, it will have this block on the front of the body. Hal's remailer can then decrypt it.. Maybe on the inside of this block you can put: :: Anon-Send-To: So then there's only one remailer on the chain between myserver and your real address. For more security you can embed *another* hop to another remailer with another encrypted address block. This can continue for as long as you want. The longer the path, the more secure, but the less reliable. Once the path has been added, you will be sent mail (through the anon server) encrypted with your key (all mail to your alias will be sent out encrypted with your key) with the pathnumber that your command created. Store this path number in a safe place, because you will need to use it when you test all your paths for reliability. You can create multiple paths in this fashion. The remailer defaults to "spray" mode-- this means that mail to your alias will be sent through *each* of your paths. This adds reliability at the expense of security. (It makes traffic analysis easier.) If you would like to turn off spray mode, send a command to admin at sitename: ::randmode To turn spray mode on: ::spraymode You can actually use this spray mode for more than just an anon-server. If you'd like to create a mailing list, you can generate a keypair, distribute to everyone on the mailing list the secret key, and everyone can send into the anon server a path to themselves. Using spray mode, mail to the address will go out to every path. This of course means that anyone can subscribe or unsubscribe (Removing paths is described below) people to/from the list. The Credit Scheme When you startup an account, you get 100 credits. When mail is sent out along one of the paths, credit is deducted from the account-- 1 credit per 512 bytes of traffic. Note that if you are in spray mode credits are deducted for *every* path which is active for your alias. If your account does not have enough credit, when a message comes in you will get mail detailing the size of the message that was lost and the amount of credits you have in your account. (Size is listed in 512 byte blocks) Removing paths If a certain path which you have active flakes out and becomes ineffective, you need some way of turning that path off so you're not paying for it in spray mode, and so you don't lose mail in random mode. That's what the disablepath command is for. To run the disablepath command you simply send the command (signed, as always) to admin at sitename: ::disablepath pathnumber Pathnumber, here, is the number of the path which was assigned when you created that path. Hence it is useful for you to keep good records of your active and disabled paths. It is possible to reenable a path once it has been disabled. In order to do this you need to remember the path number *and* the remailer that it's associated with. To recover a path you just send: ::recoverpath firsthop pathnum And the path with the number pathnum is reactivated, with the firsthop that you give it in the recover command. Path Verification You will likely want to keep tabs such that you know when a given path flakes out on you. For this reaon the "regping" option is available. This command lets you tell the system how often you want the anon-server to send a message through every path of yours, with the pathnumber in the message (encrypted, of course) so that you can keep tabs on which paths are flaking out on you. To set your ping frequency, use the regping command: ::regping frequency Where frequency can be none, hourly, daily, or weekly. Remember that you are still being charged for these testpings. The system defaults to weekly. To get a list of all your active paths, use the command "showpaths". This command will send out a listing of the pathnumber and first hop of each of your active paths: ::showpaths Defeating Traffic Analysis The system works in concert with remail at sitename, which does the work to defeat traffic analysis. All mail to each path is first sent through remail at sitename for added difficulty in traffic analysis. remail at sitename is a standard cypherpunks remailer with PGP with a few added features. All outgoing mail is not delivered immediately upon receipt. Outgoing messages are stored in a pool until five minutes after each hour, when all messages in the pool are delivered in a random order, ignoring the order in which they came in. Every minute there is also a chance that a random uuencoded message is injected into the remailernet. Each message injected into the remailer net is sent through a random path of the remailers in the remailernet, usually between five and 20 hops. From rarachel at prism.poly.edu Sun Mar 13 15:25:39 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 13 Mar 94 15:25:39 PST Subject: Barlow v. Denning on AOL (OFFICIAL) Message-ID: <9403132313.AA23713@prism.poly.edu> As promised, here's the official transcript of the Barlow v. Denning debate on AOL: << Here's the official transcript of the Barlow v Denning debate. My comments are within the angle braces, as is this one. No text was changed, only comments and notes were inserted. >> TIME Online Odeon, March 10, 1994 Tonight's TIME Online Odeon is a debate about the controversial "Clipper Chip" policy of the U.S. government. Our guests are John Barlow (Barlow1) and Dorothy Denning (DDenning), who were both interviewed for TIME's Clipper story in the March 14, 1994, issue of the magazine. Philip Elmer-DeWitt (PhilipED), TIME senior writer and author of the story, moderates the debate, and Robert Pondiscio (RPTime) of TIME is the host. Editor's note: I have edited this transcript slightly by moving small pieces of text around to avoid confusion related to overlapping responses. (Tom Mandel) OnlineHost : Good evening and welcome to the Time Online Odeon! Tonight we look from both sides at the Clipper Chip, a semiconductor device that the National Security Agency developed and wants installed in every telephone, computer modem and fax machine. In his article in the current issue of TIME, Philip Elmer-DeWitt writes: "The chip combines a powerful encryption algorithm with a ''back door'' -- the cryptographic equivalent of the master key that opens schoolchildren's padlocks when they forget their combinations. A ''secure'' phone equipped with the chip could, with proper authorization, be cracked by the government. "Law-enforcement agencies say they need this capability to keep tabs on drug runners, terrorists and spies. Critics denounce the Clipper -- and a bill before Congress that would require phone companies to make it easy to tap the new digital phones -- as Big Brotherly tools that will strip citizens of whatever privacy they still have in the computer age. "Lined up on one side are the three-letter cloak-and- dagger agencies -- the NSA, the CIA and the FBI -- and key policymakers in the Clinton Administration (who are taking a surprisingly hard line on the encryption issue). Opposing them is an equally unlikely coalition of computer firms, civil libertarians, conservative columnists and a strange breed of cryptoanarchists who call themselves the cypherpunks." RPTime: Lined up on our stage tonight are John Perry Barlow, Dr. Dorothy Denning and Philip Elmer-DeWitt. Barlow is co-founder of the Electronic Frontier Foundation, which promotes freedom in digital media. A recognized commentator on computer security, he is arguing against the Clipper Chip. Dr. Denning is the chairperson of the Computer Science Department at Georgetown University. A leading expert on cryptography and data security, she favors the adoption of the Clipper Chip. Philip Elmer-DeWitt, TIME's technology editor will lead the questioning of our guests. Audience questions may be sent up using the Interact with Host function....Phil? PhilipED: Dr. Denning, could you *briefly* make the case for why we need the key escrow encryption system? DDenning: The government needs a new encryption standard to replace DES. They came up with a very strong algorithm called SKIPJACK. In making that available, they didn't want to do it in a way that could ultimately prove harmful to society. So they came up with the idea of key escrow so that if SKIPJACK were used to conceal criminal activity, they would be able to get access to the communications. PhilipED: Thanks. Mr. Barlow, could you briefly make the case *against* Clipper? Barlow1: We'll see if I can be brief...We oppose Clipper in large part because of the traffic analysis which it makes possible. We believe that it is in the functional nature of the chip as designed to greatly enhance the ability of government to observe who we are calling, when, and from where, all fairly automatically and centrally. We also oppose Clipper because of the many way in which we believe the escrow system could be compromised, by people and institutions both inside and outside of government. PhilipED: Dr. Denning, what about John's contention that Clipper makes it easier to detect calling patterns? DDenning: I don't buy this. First off, for law enforcement to access any communications, they need a court order. Even if the communications are encrypted. Second, with a court order, they can get access to call setup information and find out what other lines the subject of the investigation is talking to. This is of much more use than anything in the encrypted stream. PhilipED: John, is Dorothy right that you need a court order for call set up info? Barlow1: Dorothy, the government asked for and received over 100,000 calling records last year without a court order. I see nothing in the Clipper documents which indicates that they would require a court order to get this kind of information, which each chip would make readily available to the entire network. Furthermore, my faith in court orders has been eroded by 30 years of government wiretap abuse. DDenning: You need a court order to do implement pen registers and dialed number recorders in order to find out who is talking to whom. Barlow1: But that's only with the present system where putting a pen register on a line requires physical entrance to a company site. PhilipED: Aren't we talking about three different hurdles here, one for a wiretap, one for a pen register (to track calling patterns in real time) and one for phone records? Barlow1: There are three different sources of information, as you say. But there are not three "hurdles." RPTime: Let's take a question from the audience... Question: How would you guarantee that this facility will never be misused? If you can't make that guarantee, why should a democratic society, with a prohibition against prior restraint, consent to this? RPTime: John Barlow? Barlow1: That sounds like a question for Dorothy. I don't think we should, obviously. RPTime: Dr. Denning? DDenning: First of all, there has been no evidence of widespread abuse of wiretaps since passage of the 1968 and 1978 wiretap statutes. Second, there are a lot of security mechanisms going into it to protect against abuse. Third, it will provide much greater protection against illegal wiretaps than we have now, since almost all phone conversations are in the clear. It will make virtually all illegal wiretaps impossible. Fourth, if for some reason it doesn't provide adequate protection, we can destroy the key databases and everyone will have absolute privacy against government wiretaps. I don't think our society will tolerate that kind of abuse. PhilipED: John, isn't Dorothy right that you're better off with compromised encryption than none? Barlow1: Gee, where to begin...First of all, there was plenty of abuse after 1968. Remember Watergate, Dorothy? Second, I believe that Clipper in the Net will dramatically *enhance* certain powers of surveillance over current technical abilities. One of the reasons that wiretap hasn't been more abused is the bureaucratic overhead of current practices. Make it so that it doesn't require 50 agents to conduct a wire tap and you'll see a lot more of it. And Watergate included quite a number of wiretap violations. Indeed, the burglers were caught trying to install one. DDenning: I was talking specifically about wiretap abuses. And there hasn't been any evidence since the 1978 law. Barlow1: As to the assertion that we can always back up and destroy the databases if we don't like it, I can't imagine that someone as bright as yourself would believe that this is possible. Technology and power ratchet into positions which almost never retract without a complete change in the system of authority RPTime: Care to respond Dr. Denning? DDenning: Clipper would prevent the Watergate burglars from getting anywhere since they wouldn't have a court order. Clipper will not make wiretaps cheaper or easier. Wiretaps are becoming more difficult. And there will always be more agents involved because they have to follow exacting procedures, including minimization (throw out all conversations that are not specific to the crime at hand). Barlow1: Dorothy, they were from the *Government* remember? I can't imagine that Nixon wouldn't have been able to find a sympathetic ear from somebody at NIST and somebody else at Treasury. Further, you're not talking about the truly insidious element of this, which is dramatically improved traffic analysis. Content is less important than context, and most agents will support this. RPTime: Another question from the audience. JCMaille asks... Question: Does the government have a constitutional right of access to my personal communications? RPTime: Dr. Denning, why don't you go first? DDenning: The Supreme Court ruled that wiretaps with a court order are constitutional. At one time, communications were not even protected under the 4th Amendment. The government could wiretap without a court order! Now a court order is required. PhilipED: To put the question another way, do citizens have a right to use powerful encryption? DDenning: Right now there are no laws preventing the use of any encryption. Clipper is voluntary. You can still use something else. << Notice that she said "Right now" as if she is aware of a possible bit of legislation that would make all other encryption methods illegal!!!>> RPTime: We have to apologize. John Barlow has temporarily lost his connection... PhilipED: Dr. Denning, in your opinion would a law outlawing powerful encryption be unconstitutional? DDenning: I don't think so. But that doesn't mean it will happen. << NOTE: ^^^^^^ ******* ^^^^^>> RPTime: John Barlow is back with us. Sorry for the interruption! PhilipED: Barlow, Denning just said she didn't think a law banning powerful encryption would be unconstitutional. What do you say? Barlow1: Actually, I believe that our current export embargoes are a violation of the 1st Amendment which specify speech without regard to the manner of speech. If we could restrict manner of speech, it would be constitutional to require that everyone speak English. Which of course it isn't. PhilipED : John, can you make the case why ordinary law-abiding citizens need powerful encryption? Barlow1: Because it is in the nature of digitally networked communications to be quite visible. Everytime we make any sort of transaction in a digital environment, we smear our fingerprints all over Cyberspace. If we are to have any privacy in the future, we will need virtual "walls" made of cryptography. RPTime: Another audience question... Question: Isn't this like the gun argument? If guns are outlawed only criminals will have guns? Well, if Clipper is standardized, won't criminals be the ones NOT using it? RPTime: Dr. Denning? DDenning: If Clipper becomes the de facto standard, then it will be the chief method of encryption. That would be what you'd get at Radio Shack. What criminals use will depend on what is readily available and what their cohorts are using. Both parties of a conversation have to use the same thing. Criminals also talk to a lot of people outside their immediate circle - e.g., to buy goods and services. Also, they can be quite stupid at times. But the main thing is that criminals will not be able to take advantage of the SKIPJACK algorithm as a way of concealing their conversations. This is the whole point. It is not to catch criminals. It is to allow people access to a really high quality algorithm in a way that someone cannot use it to conceal criminal activity. << More like it's to have people think they have a really high quality encryption device while they are spied upon by Uncle Sam's boys.>> Barlow1: The gun analogy is excellent up to a point. I can't for the life of me imagine why we would think that even a stupid criminal would use Clipper if something else were available. And when I talk to people in the administration their big hobgoblin is the "nuclear-armed" terrorist. Any fanatic smart enough to assemble and detonate a nuclear device is going to be smart enough to download PGP from a bulletin board somewhere. Also, I'd like to point out that the gun analogy doesn't go the whole distance. Crypto is by its nature a purely *defensive* technology. You can't shoot people with it. PhilipED: Speaking of PGP, Dr. Denning, is that encryption system secure, in your opinion? DDenning: I don't know of anyone who's been able to break the IDEA algorithm that it uses. << Notice that she sidesteps Barlow's point about gun control and only answers about IDEA. >> RPTime: Back to the audience for a question from Steve HW.. Question: This is for Dr. Denning. What is the evidence of harm if the Clipper proposal is not adopted? DDenning: The harm would be to the government. They would not be able to use it and would have to resort to something less secure. Also, Clipper is part of a larger project to make hardware available for encryption and digital signatures. This will be used, for example, in the Defense Message System. The goverment needs a new standard. I personally believe that making really powerful encryption like SKIPJACK available without key escrow could be harmful to society. Wiretaps have been essential for preventing and solving many serious crimes and terrorist activities. << If Clipper is to be used for digital signatures, what's to stop a cop who did a wire tap from pretending to be the parties he just spied on? There would be no harm to government as there are other encryption methods out there just as strong as skipjack if not more so. The new standard could simply be RSA, IDEA, etc...>> Barlow1: Why on earth would the government have to use something else if they failed to get the rest of rest of us to buy into this folly? Hey, they are already using SKIPJACK. It's a government algorithm and has been in use for a: long time. There are plenty other algorithms which we can use which are truly protected... unless of course, this is only the first step in a process which will outlaw other forms of crypto. And I believe that it must be. Makes absolutely no sense otherwise. << Bingo! >> DDenning : CPSR and others are asking the government to drop Clipper. Barlow1: EFF is not asking the Government to drop Clipper, though we would vastly prefer they did. We're merely asking that no steps be taken to require it either by law or practice...as, for example, would be the case if you had to use a Clipper chip to file your tax return. PhilipED : Dr. Denning, do you think this is the "first step in a process to outlaw crypto"? DDenning: No I do not. The government has not been using SKIPJACK to my knowledge. The Clipper initiative represents the first time that the government has put one of their really good algorithms out there in the unclassified arena. They are trying to do this in a way that won't backfire against the public. Other NSA developed algorithms are not available for purchase by the public. << Yeah, right sure they won't try to outlaw other encryption methods. If the NSA has other algorithms which are not for public use, let the Government use some of those instead!>> Barlow1: I appreciate their willingness to make some of that crypto research available to a public which has paid so much for it, but I'm afraid that I would never trust an algorithm which was given to me by any government. And I certainly don't trust a classified algorithm like Skipjack, even without a back door which everyone can see. I think I'll stick to systems which have been properly vetted to be clear of such compromises, like RSA. I hope others will do likewise and that RSA will become the standard which Clipper shouldn't be. RPTime: Time for one more question from our audience... Question: To John Barlow: Isn't society becoming increasingly vulnerable to concerted criminal/terrorist disruption, requiring *stronger* law enforcement tools? Barlow1: Gee. I don't know. It's a scary world. However, I'm willing to take my chances with the few terrorists and drug lords there are out there rather than trusting government with the kind of almost unlimited surveillance power which Clipper and Digital Telephony would give them. It's a touch choice. But when you look at the evil perpetrated by government over this century in the name of stopping crime, it far exceeds that done by other organized criminals. << Here, here!>> PhilipED: Dr. Denning, hasn't remote listening technology enhanced police abilities to eavesdrop to the point... where the loss of a few wire taps won't mean much? DDenning: No. They need to get the cooperation of the service providers to implement a wiretap. The loss of some wiretaps could be costly indeed. As an example, wiretaps were used to help solve a case that involved plans by a Chicago gang from shooting down a commercial airliner. There have been 2 cases where they helped save the lives of kids who were going to be kidnaped for the making of a snuff murder film. They helped solve a case where a man's house was going to be bombed. I could go on. If we take John's arguments about law enforcement to their logical conclusion, we'd just get rid of law enforcement. I think it's better to have it. The people in law enforcement hate it as much as the rest of us when some member of the community does something wrong. And they correct it, design new procedures and laws where necessary, and go on. << Notice she side-stepped the whole remote listening issue and instead introduced the four horsemen of law enforcement (Terrorists, Drug Dealers, Child Molesters, and Pornographers.) >> Barlow1: Oh, please. I'm not proposing eliminating police. I'm opposing giving them unlimited powers. Also,these are the same cases cited over and over by everyone from you to Judge Freeh. Surely, we aren't going to fundamentally change the balance of power in this country because of these two (undocumented, to my knowledge) stories. DDenning: Clipper is not going to change the balance of power. It does not give law enforcement any additional authority to do wiretaps. << Yeah, right.... Two DAT tapes could contain the whole of the key-escrow databases.. what price would some desperate criminal organization, government, or government agency pay to obtain them?>> Barlow1: Well, this is where we basically disagree, Dorothy. If we could continue the same level of law enforcement capacity we presently have, I'd have no objection. But I believe, for reasons I'm not sure we have the bandwidth to discuss here, that we are talking about dramatically enhancing their abilities. For one thing, we would greatly reduce the bureaucratic overhead involved in wiretap, which is what keeps it under 900 cases nationwide at the present. RPTime: And that will have to be the last word on the matter for tonight... DDenning: The overhead of a wiretap is more likely to increase, not decrease. PhilipED: Not quite! RPTime: Maybe not! ;-) RPTime: THAT will be the final word! Barlow1: Well, let's get together and talk, Dorothy. RPTime: TIME thanks Dr. Dorothy Denning and John Perry Barlow for being with us tonight...along with Philip Elmer-DeWitt. Thank you all, and goodnight! PhilipED: Thank you both. This was very interesting. DDenning: Thank you for the opportunity to be here! Copyright 1994. Time Inc. All rights reserved. From root at pizzabox.demon.co.uk Sun Mar 13 16:01:09 1994 From: root at pizzabox.demon.co.uk (Charlie Root) Date: Sun, 13 Mar 94 16:01:09 PST Subject: no money woe Message-ID: <9403112307.AA04098@pizzabox.demon.co.uk> : From: Mark Hittinger : I was watching CNBC today and saw that some european banks were having : trouble with counterfeit 100 dollar bills. They are calling them : "super bills" because they only seemed to have three minor flaws that : most experts would not detect. They said that a magnifying glass would : not be enough to detect these flaws. : Cut to your friendly secret service guy looking at two 100 dollar bills : under a microscope. The SS said that they would figure out who was doing : it and bust them. The guy actually had a smirk on his face. I suppose : the quality of the work is so good; that alone narrows down the field : of possibilities. : The interpol was speculating that over 1 billion of these superbills : were now in circulation. Wow. : And I figured the US government was going to drive the dollar into : oblivion all by itself! Perhaps they will have help along the way. Erm... if this is the quality of reporting that's getting as far as the US, I guess I'd better pass on the straight dope as told in our press; these 'Superbills' are not just flooding Europe, they're going down heavily in the US too, and they're so good, they're actually being accepted by the feds. They appear to be coming from one of the gulf states - Iraq has been mentioned, though that could just be the US's habit of blaming everything on Iraq at the moment, though it could as likely be correct - and they're of the quality that suggests they weren't done by hack forgers but by a state banking institution with full highly-expensive technical resources behind it. My suspicion is 1) the reason the usual places in the US haven't been told to watch for them is that they're so good there's *nothing* a bank teller or shopkeeper can do to detect them; and 2) this is not a commercial scam (though there's no doubt an element of that - Iraq's coffers must be pretty low just now, for example) but one of the first waves of what will be the 21st Century's standard means of warfare - economic warfare. If I'm correct, then the work we're doing here on digital cash and mathematically guaranteed unforgeability is going to be taken on board by society *much much* sooner than any of us dream. G From ses at osf.org Sun Mar 13 17:06:55 1994 From: ses at osf.org (Sam Shipman) Date: Sun, 13 Mar 94 17:06:55 PST Subject: "Superbills" Message-ID: <9403140106.AA20768@postman.osf.org> >From Charlie Root : >If I'm correct, then the work we're doing here on digital cash and >mathematically guaranteed unforgeability is going to be taken on board >by society *much much* sooner than any of us dream. Well, maybe. But doesn't the timing of this seem a little suspicious to you? "Well, gee, folks, the counterfeiters are just too slick for us. We'll just have to go to Clipper-protected digital transactions [note: NOT digital cash] right away. We sure wish we had time for a national debate, but those incredibly efficient counterfeiters are inflating the currency and stealing us blind." -- Notional FBI/ATF/SS line. >... they're of the quality that suggests they weren't done by hack forgers >but by a state banking institution with full highly-expensive technical >resources behind it. Yeah, but *which* state? Which state could easily turn out billions of "incredibly good" counterfeit US bank notes? Why let some other country beat you to the punch? Maybe they're not really counterfeit, which might be why the SS agent was smirking. Make no mistake, the U.S. Federal Government wants Clipper, and wants to abolish cash, so it can spy on every aspect of its citizens lives with impunity. They understand the implications, and I wouldn't put *anything* past them. --Sam From paul.elliott at hrnowl.lonestar.org Sun Mar 13 17:13:51 1994 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Sun, 13 Mar 94 17:13:51 PST Subject: Question about the Clipper Chip Message-ID: <2d836c1a.flight@flight.hrnowl.lonestar.org> I have heard that the Clipper Chip is only supposed to be used for voice applications. Does anyone know if the inputs and outputs of the Clipper Chip digital or analog? That is does the clipper chip input/output an analog signal with some sort of internal analog to digital converter or does have purely digital inputs and outputs? The reason I ask is, if the chip does analog IO, then it would be possible for the chip to be designed to deliberately leak its own key disguised as a measurement error in the low bits of the analog to digital/analog conversion. From dtangent at dtangentdefcon.org Sun Mar 13 17:25:35 1994 From: dtangent at dtangentdefcon.org (The Dark Tangent) Date: Sun, 13 Mar 94 17:25:35 PST Subject: DEF CON II Announcement Update #4 Message-ID: <2d83abe8.dtangent@defcon.org> Updated Last : 3.13.1994 (I appologise for spelling errors.. the WP died) Late Night Hack Announcement #4 XXXXXXXXXXXXXXXXXXXXXXXX XX DEF CON II Convention Update Announcement XXXXXXXxxxxXXXXXXXXXXXXXXX XX DEF CON II Convention Update Announcement XXXXXXxxxxxxXXXXXX X X DEF CON II Convention Update Announcement XXXXXxxxxxxxxXXXXXXX X DEF CON II Convention Update Announcement XXXXxxxxxxxxxxXXXX XXXXXXXXX DEF CON II Convention Update Announcement XXXxxxxxxxxxxxxXXXXXXXXXX X DEF CON II Convention Update Announcement XXxxxxxxxxxxxxxxXXXXXX XX X DEF CON II Convention Update Announcement XXXxxxxxxxxxxxxXXXXXXXX DEF CON II Convention Update Announcement XXXXxxxxxxxxxxXXXXXXXX X XX DEF CON II Convention Update Announcement XXXXXxxxxxxxxXXXXXXXXXX XX X DEF CON II Convention Update Announcement XXXXXXxxxxxxXXXXXXXXX X DEF CON II Convention Update Announcement XXXXXXXxxxxXXXXXXXXXXXXXXX DEF CON II Convention Update Announcement XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX DEF CON II Convention Update Announcement READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE ============================================================================= What's this? This is an updated announcement and invitation to DEF CON II, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii Coders, Programmers, Crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, Artists, Etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 22, 23, 24 - 1994 (Speaking on the 23rd and 24th) WHERE: Las Vegas, Nevada @ The Sahara Hotel So you heard about DEF CON I, and want to hit part II? You heard about the parties, the info discussed, the bizarre atmosphere of Las Vegas and want to check it out in person? Load up your laptop muffy, we're heading to Vegas! Here is what Three out of Three people said about last years convention: "DEF CON I, last week in Las Vegas, was both the strangest and the best computer event I have attended in years." -- Robert X. Cringely, Info World "Toto, I don't think we're at COMDEX anymore." -- CodeRipper, Gray Areas "Soon we were at the hotel going through the spoils: fax sheets, catalogs, bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds. The documents disappeared in seconds." -- Gillian Newson, New Media Magazine DESCRIPTION: Last year we held DEF CON I, which went over great, and this year we are planning on being bigger and better. We have expanded the number of speakers to included midnight tech talks and additional speaking on Sunday. We attempt to bring the underground into contact with "legitimate" speakers. Sure it's great to meet and party with fellow hackers, but besides that we try to provide information and speakers in a forum that can't be found at other conferences. While there is an initial concern that this is just another excuse for the evil hackers to party and wreak havok, it's just not the case. People come to DEF CON for information and for making contacts. We strive to distinguish this convention from others in that respect. WHAT'S NEW THIS YEAR: This year will be much larger and more organized (hopefully) than last year. We have a much larger meeting area, and have better name recognition. Because of this we will have more speakers on broader topics. Expect speaking to run Saturday and Sunday, ending around 5 p.m. Some of the new things expected include: > An Internet connection with sixteen ports will be there, _BUT_ will only provide serial connections because terminals are too hard to ship. So bring a laptop with communications software if you want to connect to the network. Thanks to cyberlink communications for the connection. > There will be door prizes, and someone has already donated a Cell Phone and a few "Forbidden Subjects" cd ROMs to give away, thanks to Dead Addict. > Dr. Ludwig will present his virus creation awards on Sunday. > A bigger and better "Spot The Fed" contest, which means more shirts to give away. > More room, we should have tables set up for information distribution. If you have anything you want distributed, feel free to leave it on the designated tables. Yes, this year there will be a true 24 hour convention space. > A 24 hour movie / video suite where we will be playing all type of stuff. VHS Format. Mail me with suggested titles to show, or bring your own. We'll use a wall projector when not in use by speakers. > Midnight Tech Talks on Friday and Saturday night to cover the more technical topics and leave the days free for more general discussions. WHO IS SPEAKING:============================================================= This list represents almost all of the speakers verified to date. Some people do not want to be announced until the event for various reasons, or are waiting for approval from employers. A speaking schedule will go out in the next announcement. Phillip Zimmerman, Notorious Cryptographer & author of PGP. Dr. Ludwig, Author of "The Little Black Book of Computer Viruses," and "Computer Viruses, Artificial Life and Evolution" Loyd Blankenship (The Mentor), Net Running in the 90's and RPG. Padgett Peterson, Computer Enthusiest, Anti-Virus Programmer. The Jackal, A Radio Communications Overview, Digital Radio and the Hack Angle. Judi Clark, Computer Professionals for Social Responsibility. Gail Thackery, (Of Operation Sun Devil Fame), Topic to be Announced. To be Announced, The Software Publishers Association, Topic to be Announced. Toni Aimes, Ex U.S. West Cellular Fraud, Cellular Fraud Topics. Mark Lotter, Cellular Enthusiest, Hacking Cell Phones. Lorax, The Lighter Side of VMBs. Peter Shipley, Unix Stud, Q&A on Unix Security. George Smith, Crypt Newsletter, Virus Topic to be Announced. Cathy Compton, Attorney, Q&A Surrounding Seisure Issues, Etc. John Littman, Reporter and Author, Kevin Poulson, Mitnick, and Agent Steal. Red Five & Hellbender, Madmen With a Camcorder, Who Knows? Erik Bloodaxe, Phrack Editor, Wierd Wireless Psycho Shit.. Stay Tuned.. There should be a few round table discussions on Virus, Cellular, Unix and something else surrounding the industry. I'll name the rest of the the speakers as they confirm. I'm still working on a few (Two?) people and groups, so hopefully things will work out and I can pass the good news on in the next announcement, or over our List Server. ============================================================================ WHERE THIS THING IS: It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel is as follows: The Sahara Hotel: 1.800.634.6078 Room Rates: Single/Double $55, Tripple $65, Suite $120 (Usually $200) + 8% tax Transportation: Shuttles from the airport for cheap. NOTE: Please make it clear you are registering for the DEF CON II convention to get the room rates. Our convention space price is based on how many people register. Register under a false name if it makes you feel better, 'cuz the more that register the better for my pocket book. No one under 21 can rent a room by themselves, so get your buddy who is 21 to rent for you and crash out. Try to contact people on the Interactive Mailing List (More on that below) and hook up with people. Don't let the hotel people get their hands on your baggage, or there is a mandatory $3 group baggage fee. Vegas has killer unions. OTHER STUFF: I'll whip up a list of stuff that's cool to check out in town there so if for some reason you leave the awesome conference you can take in some unreal sites in the city of true capitalism. If anyone lives in Las Vegas, I would appreciate it if you could send a list of some cool places to check out or where to go to see the best shows and I'll post it in the next announcement or in the program -> I am asking for people to submit to me any artwork, pictures, drawings, logos, etc. that they want me to try and include in this years program. I am tring to not violate any copywrite laws, but wat cool shit. Send me your art or whatever and I'll try and use it in the program, giving you credit for the work, of course. Please send it in .TIF format if it has more than eight bit color. The program will be eight bit black and white, -> in case you want to make adjustments on your side. PLEASE DONATE "STUFF" FOR THE GIVEAWAY: We are tring to raffle off interesting and old functional items. If you have anything such as old computers, modems, wierd radio stuff, books, magazines, etc that you want to get rid of, please call or mail me with what it is, or bring it along. I don't want to waste peoples time giving away rubber bands or anything, but pretty much anything else will go. *** NEW MAILING LIST SERVER *** We've finally gotten Major Dommo List Serv software working (Kinda) and it is now ready for testing. MTV spent alot of time hacking this thing to work with BSDi, and I would like to thank him. The purpose of the list is to allow people interested in DEF CON II to chat with one another. It would be very sueful for people over 21 who want to rent hotel space, but split costs with others. Just mention you have room for 'x' number of people, and I'm sure you'll get a response from somone wanting to split costs. Someone also suggested that people could organize a massive car caravan from Southern Ca. to the Con. My attitude is that the list is what you make of it. Here are the specifics: Umm.. I TAKE THAT BACK!! The mailing list is _NOT_ ready yet. Due to technical problems, etc. I'll do another mass mailing to everyone letting them know that the list is up and how to access it. Sorry for the delay! MEDIA: Some of the places you can look for information from last year include: New Media Magazine, September 1993 InfoWorld, 7-12-1993 and also 7-19-1993 by Robert X. Cringely Gray Areas Magazine, Vol 2, #3 (Fall 1993) Unix World, ???, Phrack #44, #45 COST: Cost is whatever you pay for a hotel room split however many ways, plus $15 if you preregister, or $30 at the door. This gets you a nifty 24 bit color name tag (We're gonna make it niftier this year) and your foot in the door. There are fast food places all over, and there is alcohol all over the place but the trick is to get it during a happy hour for maximum cheapness. ============================================================================ I wanted to thank whoever sent in the anonymous fax to Wired that was printed in issue 1.5 Cool deal! ============================================================================= FOR MORE INFORMATION: For InterNet users, there is a DEF CON anonymous ftp site at cyberspace.com in /pub/defcon. There are digitized pictures, digitized speeches and text files with the latest up to date info available. For email users, you can email dtangent at defcon.org for more information. For non-net people call: ---- A L L I A N C E ---- SysOp Metalhead One Thousand One Hundred Megabytes Online 612.251.8596 USRobotics 16.8 Dual Standard Synchronet Multinode BBS Software International Informational Retrieval Guild (IIRG) Distro Site Electronic Frontier Foundation (EFF) MEMBER American Bulletin Board Association (ABBA) MEMBER ----------------------------------------------------------------------- o 200+ Message bases. No post call ratio. Nope, not ever. o FidoNet Node [1:282/8004] o CyberCrime international Node [69:4612/2] o Multi User DOOR Games and Multi Channel Chat. o Computer Underground Magazines, History, Updates & Text o Barren Realms Elite Inter-Planetary Multi-Player/Multi-BBS Game o DEF CON Mirrior Archive o Phantasy Magazine, Computer underground Digest & united eXperts unlimited o Distro Site ----------------------------------------------------------------------- For Snail Mail send to: DEF CON, 2709 E. Madison Street Suite #102, Seattle, WA, 98112 For Voice Mail and maybe a human (me), 0-700-TANGENT on an AT&T phone. A DEF CON Mailing list is maintained, and the latest announcements are mailed automatically to you. If you wish to be added to the list just send email to dtangent at defcon.org. We also maintain a chat mailing list where people can talk to one another and plan rides, talk, whatever. If you request to be on this list your email address will be shown to everyone, just so you are aware. ============================================================================= (Note, I have put a copy of Dr. Ludwig's new KOH Data security encryption Virus online at the DEF CON ftp site in /pub/defcon/KOH along with full documentation. Get CrAzY.) VIRUS CREATION AWARDS: Announcing The Second International Virus Writing Contest Sponsored by American Eagle Publications, Inc. P.O. Box 41401 Tucson, AZ 85717 USA and The Crypt Infosystems BBS +1 (818) 683-0854 *** The Goal *** The purpose of this contest is to write a fully functional computer virus that entertains people with political satire. Viruses will be judged on the basis of originality, creativity, functionality, and political incorrectness. *** Eligibility *** Anyone who can write a computer virus is eligible. *** Contest Dates *** The contest is underway from January 1, 1994 until June 30, 1994. Your submissions must be received by June 30 to qualify. The winner of the contest will be announced at the DEFCON conference in Las Vegas, July 22-24, 1994. If you can be present, an official award will be bestowed on you at that time. ************************************************************* Details ************************************************************* The philosopher Friedrik Nietzsche once said that if you want to kill something, you must laugh at it--and laugh at it deeply. So there should be little wonder that political satire is as old as politics itself. Is there something going on in the political arena that you abhor, that makes you sick, that is just plain wrong? Well, here's your chance to make a mockery of it. I've always had this idea that if someone wrote a sufficiently witty virus that really addressed the issues the way the people (not the press, not the politicians) saw them, it might just get passed around by people voluntarily. Let's find out. Write a virus that is itself a political satire. I don't mean a virus that simply displays a message. I mean a living entity whose every move--whose every action--is politically motivated. If you need more than one virus to make your point--perhaps two viruses working together, or something like that, that is fine. ----------------------------------------------------------- Let me give you a simple example: The Political Correctness Virus This virus is a spoof on the "political correctness" movement--which is just a form of self-imposed censorship--that is sweeping american intellectual circles, particularly colleges and universities. This virus is a memory resident boot sector virus which maintains a list of politically incorrect words on your computer system. It also hooks the keyboard interrupt and monitors every keystroke you make. If you type a politically incorrect word into the computer, the PCV springs into action. Politically incorrect words are ranked at three different offense levels. When the PCV encounters such a word, it determines what offense level that word is, and acts accordingly. The least offensive words merely register a beep. More offensive words cause a beep to sound for 10 seconds. The most offensive words cause a siren to sound for two minutes, locking the system for that duration. If you turn the computer off before the two minutes are up, the virus will stop the boot process for five minutes, with sirens, when you turn it back on. If you allow the siren to complete, then you can proceed. The virus has two different word lists, both stored in an encrypted and compressed format. The list is selected at random when the system is infected, after which it cannot be changed. The first list is the "proper" list of political correctness no-no's. For example, a word like "sodomite" is among the worst possible offenses. The second list is an inverted list of no-no's. This list trys to force you to use "sodomite" by flagging words like "gay" and "homosexual" as no-no's. If you allow the PCV to live in your system for three months without getting a single flag, you are given the supreme honor of viewing the word list assigned to you and adding a word to it. If you get more than 3000 flags in a lifetime, the virus will force you to enter a politically correct word before allowing you to start the computer, since you are obviously unwilling to submit to its censorship. The virus also uses powerful means to prevent disinfection, so that, once you get it, you can't get rid of it without a major effort. ------------------------------------------------------------ Now, I know you can get a lot more creative than this--so do it! Design your virus carefully, so that everything it does has meaning. Then send it in. Here are the criteria we'll use: 1. Originality: Your virus must be an original work. Do not send us anything that is not 100% yours. Your message should be original too. Do not just ape what everybody else is saying, especially the media. Also, a refined wit is much to be preferred over vulgarity. Vulgarity is a substitute for original wit. Foul language, porn, etc., are out. Destructive features should be incorporated only if they are VERY appropriate (perhaps if you are commenting on real live genocide in your country, or something like that). In general, though, destructive features will hurt you, not help you. The one exception is modifying anti-virus programs. That is considered to be CONstructive activity. 2. Creativity: Make us laugh, make us cry. Amaze us with how bits and bytes can say something about politics and issues. Think of it like this: displaying a message on the screen is like reading a text file. What we want is the equivalent of a multi-media extrvaganza. Use all the system's resources to tell your message. Don't be afraid to write a virus that has some wierd mode of infecting programs that tells a story, or to write one that sends faxes to the White House, or sends an automatic request for reams of free information to some government agency. 3. Functionality: The virus has to work. If it only works on some machines, or under some versions of DOS, or what-not, then that will count against you. The better it is at infecting systems and moving around, the better off you will be. So, for example, if you write a file-infector, make sure it can jump directories, and--if you're up to it--migrate across a network. 4. Political incorrectness: Since computer viruses are politically incorrect, their message should be too. If you send us a pro-establishment virus, then you will not win this contest. A word to the wise: think twice about what's correct and what's not. Many positions are only superficially incorrect, though they are really quite fasionable among the establishment. Look at it this way: if you could get a well-written letter expressing your view published in a big city newspaper, then it's not sufficiently incorrect. There are a LOT of ideas that are unofficially censored by society-- especially the media and academia. They tend to make themselves out to be the rebels, but they are really the establishment. If you can't think of anything creatively incorrect and sufficiently obnoxious then you shouldn't be writing viruses in the first place. ************************************************************* How to Submit an Entry You may mail your entry to American Eagle Publications at the above address, or you may e-mail it to ameagle at mcimail.com. Alternatively, you can submit it by dialing the Crypt Infosystems BBS and uploading it there. To get on to the system quickly, efficiently and anonymously, log on as VIRUS, using the password CONTEST. An entry consists of: 1. A complete copy of your virus, both source and executable files. 2. If the political satire isn't perfectly obvious, send a verbal description of how the virus works and why it does what it does. This is especially important if you are not an American and you are commenting on something that has not received worldwide attention. I don't care if you're Bulgarian and you're commenting on something we've never heard of--just make sure you explain it, or we won't understand and you'll lose. 3. If you want to be recognized for your work, include your name (real or handle), and a way we can get in contact with you. By submitting an entry, you grant American Eagle Publications, Inc. the right to publish your virus in any form. You agree not to make your virus public prior to July 25, 1994. If you do, you are automatically disqualified from the contest. For the sake of privacy, you may encrypt your entry and send it in with the following PGP key (which we highly recommend if you have PGP): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAi09jVgAAAEEAN3M9LFQXeBprkZuKo5NtuMC+82qNd3/8saHLO6iuGe/eUai 8Vx7yqqpyLjZDGbAS7bvobrcY3IyFeu8PXG4T8sd+g81P0AY0PHUqxxPG3COvBfP oRd+79wB66YCTjKSwd3KVaC7WG/CyXDIX5W6KwCaGL/SFXqRChWdf2BGDUCRAAUR tApDT05URVNUXzk0 =Z20c -----END PGP PUBLIC KEY BLOCK----- Good luck! **************************************************************** P R I Z E S In addition to instant worldwide fame and recognition, you'll get: 1. A cash prize of $100 US. 2. A year's subscription to Computer Virus Developments Quarterly. 3. Your virus will be published in Computer Virus Developments Quarterly, and other fine journals. 4. A handsome engraved plaque recognizing your contribution to the betterment of mankind. 5. A free secret surprise that we cannot tell you about right now, valued at $100. Two runner-ups will receive the secret surprise. !! GO FOR IT !! ============================================================================= STUFF TO SPEND YOUR MONEY ON: > Tapes of last years speakers (four 90 minute tapes) are available for $20 > DEF CON I tee-shirts (white, large only) with large color logo on the front, and on the back the Fourth Amendment, past and present. This is shirt v 1.1 with no type-o's. These are $20, and sweatshirts are $25. > DEF CON II tee-shirts will be made in various colors this year, including a few long sleeve shirts. Sizes will be in large only again, with a few white mediums made. Shirts will be $15, Long Sleve $17, Sweat shirts will be $20. > We will have a few (ten maybe?) embroidered hats with this years logo. Not shure how much they will be.. like $10 maybe. > Full sized 4 color DEF CON II wall posters will be for sale for about $5. > Pre-Register for next year in advance for $15 and save half. > Make all checks/money orders/etc. out to DEF CON, and mail to the address above. Way above. Above the virus awards announcement. If you have any confidential info to send, use this PGP key to encrypt: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50 IDxkdGFuZ2VudEBkZWZjb24ub3JnPg== =ko7s -----END PGP PUBLIC KEY BLOCK----- - The Dark Tangent From nowhere at bsu-cs.bsu.edu Sun Mar 13 18:40:10 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sun, 13 Mar 94 18:40:10 PST Subject: NSA and PGP rabblerousing Message-ID: <9403140240.AA04160@bsu-cs.bsu.edu> From: jtaylo3 at umbc.edu (Randy Taylor) Newsgroups: alt.security,talk.politics.crypto Subject: Re: What codes can NSA crack/not crack? Followup-To: alt.security,talk.politics.crypto Date: 13 Mar 1994 16:57:19 GMT Organization: University of Maryland, Baltimore County Lines: 54 Message-ID: <2lvglf$i43 at news.umbc.edu> References: <2hhe0i$e15 at hp-col.col.hp.com> NNTP-Posting-Host: f-umbc9.umbc.edu X-Newsreader: TIN [version 1.2 PL2] Just my $0.02... I recently took a course here at UMBC called Computer Systems Security taught by a guy who works for NCSC/NSA. A brief topic of discussion was PGP. The guy was really biased against PGP, calling it "illegal", but he also hinted that it had been broken. The hint was wrapped within a "non-denial denial" (for fans of "All The President's Men") and there was no *concrete* information given to support it. One conclusion I drew was that: 1) NSA doesn't like PGP *at all* 2) If NSA hasn't broken PGP, they're working hard on breaking it. One last bit - the guy did admit that PGP would be unbreakable for the forseeable future if the the key length were increased from a max of 1,024 bits to a max of 2,048 bits. Doubling key length doesn't double search time, it's an exponential thing. Oh yeah, this is really the last bit... living in the same area as NSA, one hears all kinds of rumors - but one that I've heard numerous times (and that I give some credence to) is that the NSA measures it's floorspace dedicated to Crays and other supercomputers in *acres*. Kind of frightening, isn't it ? :-) --RT Bill Stewart +1-510-484-6204 (wcs at anchor.ho.att.com) wrote: : In article keithdufour writes: : Nsa can crack anything you got, big boys. You think they play cards : all day? : When you've got mathematically-based crypto systems, you can analyze : how much work it takes to crack them. They're harder to use than : wimpy cryptosystems, but personal computers take care of that problem. : That's why the NSA's trying so hard to push things like Clipper on us, : that work around their weaknesses; otherwise they're out of luck. : Of course, it's still easy to invent cyphers they *can* break, : and the large number of amateur cryptographers does give them some : ongoing business :-) : We all must take this game more serious than trying to beat the Dallas : Cowboys with your high school team!! : My high school chess team could have easily beaten the Dallas Cowboys, : unless you're talking about football or something...... : (My high school soccer team could probably have also beaten them at chess...) : -- : # Bill Stewart AT&T Global Information Solutions (new name for NCR!) : # 6870 Koll Center Pkwy, Pleasanton CA 94566 1-510-484-6204 fax-6399 : # Email: bill.stewart at pleasantonca.ncr.com billstewart at attmail.com : # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From bugs at netsys.com Sun Mar 13 19:09:49 1994 From: bugs at netsys.com (Mark Hittinger) Date: Sun, 13 Mar 94 19:09:49 PST Subject: voice encryption Message-ID: <199403140313.AA04664@netsys.com> Hey guys last week we got ahold of a new board made by IBM that is an actual ISDN board. It is accessible as com1, is hayes compatible, and has the texas instruments DSP chip on it. The claim is 64kb. We will test it and see how it goes. This would be better than the 28.8 stuff but I think that still needs to be done for cellular. --------- I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat drives with compression, and a large diet coke. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From wcs at anchor.ho.att.com Sun Mar 13 19:21:20 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 13 Mar 94 19:21:20 PST Subject: Question about the Clipper Chip Message-ID: <9403140320.AA22125@anchor.ho.att.com> > I have heard that the Clipper Chip is only supposed to be used > for voice applications. Does anyone know if the inputs and outputs > of the Clipper Chip digital or analog? That is does the clipper > chip input/output an analog signal with some sort of internal > analog to digital converter or does have purely digital inputs > and outputs? No, it's strictly digital; any analog circuitry is the responsibility of the equipment designer, as are details like key exchange. I assume the motivation for "voice only" are issues like - Makes Clipper easier to get away with politically - Avoids stepping on the toes of data standards processes - Avoids any federal rules about how to make data standards - Data standards are tougher, since the cyphertext is bigger than the plaintext by the length of the Law Enforcement Abuse Field; for voice this mainly means it takes a bit longer to start up. > The reason I ask is, if the chip does analog IO, then it > would be possible for the chip to be designed to deliberately > leak its own key disguised as a measurement error in the > low bits of the analog to digital/analog conversion. It's still possible to leak data - the LEAF includes a checksum field, which could easily be leaking part of the key if they wanted it to. Leaking the chip's master key in 8 pieces would still leave enough real checksum bits to make sure you were using a real clipper. Bill From wcs at anchor.ho.att.com Sun Mar 13 19:46:50 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 13 Mar 94 19:46:50 PST Subject: voice encryption Message-ID: <9403140346.AA22368@anchor.ho.att.com> > [IBM ISDN board with TI DSP, COM1 interface, 64kbps] The big problem with ISDN is still getting connectivity to the people you want to talk to and getting service at reasonable prices (prices vary widely depending on your phone monopoly's interactions with the regulatory bureaucracy, and/or your distance from long-distance service providers if you want PRI connections.) Do you know if the TI DSP is user-programmable, or if it's just performing most of the ISDN functions? The difficulty with COM1 interfaces, when you're using DOS, is that DOS basically gives you a single character per interrupt, which means a system doing 8000 char/second on COM1 is taking a *lot* of interrupts. There are generally other interfaces that let you handle more characters at once, but they're not transparent to software that's expecting simple COM1, and they're often vendor-specific. (The FOSSIL drivers for 16550 UARTs are addressing the same problem; maybe somebody's got FOSSIL support for ISDN?) On the other hand, if you're doing software to support voice over ISDN, it's probably worth doing some board-specific hacking, especially if you're going to use the on-board DSP anyway. Bill From bugs at netsys.com Sun Mar 13 20:12:06 1994 From: bugs at netsys.com (Mark Hittinger) Date: Sun, 13 Mar 94 20:12:06 PST Subject: voice encryption/isdn Message-ID: <199403140415.AA05313@netsys.com> >> [IBM ISDN board with TI DSP, COM1 interface, 64kbps] >The big problem with ISDN is still getting connectivity to the >people you want to talk to and getting service at reasonable prices Yep. But it may be there some day. Ken Olson called ISDN a joke. I remember seeing somebody in Computer World saying ISDN stood for "I Still Don't kNow". >Do you know if the TI DSP is user-programmable, or if it's just >performing most of the ISDN functions? Hah! We are talking about an IBM board here!! :-) There was some kind of ROM on the board, it may be an 8051 with EPROM? Or possibly a 68701. We will figure it out at some point. Speaking of DSP the new AT&T 3700 modem (from paradyne actually) has a DSP and it seems to be driven by an easily modifyable rom. Just another possibility. While we are blue skying about this - what about the idea of using two cellular connections in parallel? Aside from cost it might create some interesting interception problems. --------- I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat drives with compression, and a large diet coke. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From bugs at netsys.com Sun Mar 13 20:19:27 1994 From: bugs at netsys.com (Mark Hittinger) Date: Sun, 13 Mar 94 20:19:27 PST Subject: digital cash Message-ID: <199403140422.AA05423@netsys.com> While thinking about this whole superbill thing forcing people to digital cash I wondered about the bank that sandy et al are constructing. Are you guys going to simply represent dollars with your digital cash or will you attempt to create your own currency that may simply be converted to/from dollars? I think it should not be digital dollars. --------- I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat drives with compression, and a large diet coke. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From pmetzger at lehman.com Sun Mar 13 20:38:39 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 13 Mar 94 20:38:39 PST Subject: voice encryption In-Reply-To: <199403140313.AA04664@netsys.com> Message-ID: <9403140438.AA00865@andria.lehman.com> Mark Hittinger says: > Hey guys last week we got ahold of a new board made by IBM that is an > actual ISDN board. It is accessible as com1, is hayes compatible, and > has the texas instruments DSP chip on it. The claim is 64kb. We will > test it and see how it goes. This would be better than the 28.8 stuff > but I think that still needs to be done for cellular. And what about the millions of people in areas without ISDN (including me) and all the people who might want to talk with them? When ISDN is universal, obviously digital crypto for voice will be simpler. For the moment, ISDN is not universal, or even common, and is thus not a solution. Perry From pmetzger at lehman.com Sun Mar 13 20:41:23 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 13 Mar 94 20:41:23 PST Subject: digital cash In-Reply-To: <199403140422.AA05423@netsys.com> Message-ID: <9403140441.AA00878@andria.lehman.com> Mark Hittinger says: > Are you guys going to simply represent dollars with your digital cash > or will you attempt to create your own currency that may simply be > converted to/from dollars? I can't for the life of me understand the difference between a "representation" of dollars and something "convertable" into dollars. Perry From hfinney at shell.portal.com Sun Mar 13 21:50:24 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 13 Mar 94 21:50:24 PST Subject: hal@alumni.caltech.edu up Message-ID: <199403140551.VAA24057@jobe.shell.portal.com> The Caltech system had some problems with break-ins so apparently some disk reorganization was done in the clean-up which stopped my remailer for a while. I touched up a bit of the code tonight, nothing too significant, and it seems to be working OK now. Note that this remailer always forwards via the one at shell.portal.com. It does have its own decryption key, but all outgoing mail goes via that address. This makes the mailer more politically acceptable to TPTB. But it does mean that when you "ping" the remailer you won't see the alumni address in the From line, but portal instead. Hal From GRABOW_GEOFFREY at tandem.com Sun Mar 13 22:14:55 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Sun, 13 Mar 94 22:14:55 PST Subject: Cypherpunk meetings. The next step. Message-ID: <199403132214.AA7993@comm.Tandem.COM> ------------ TEXT ATTACHMENT -------- SENT 03-13-94 FROM GRABOW_GEOFFREY @LONGIS -----BEGIN PGP SIGNED MESSAGE----- Greetings all, Yesterdays meetings brought up some interesting ideas. Through the fault of no one, the sound quality of the other locations was somewhat less than exceptional. If any of you who attended the other meetings can send out a summary of what was discussed, I would appreciate it. We at the Wash. location were discussing what the next step should be in the "Clipper vs. Privacy" battle. Several ideas were brought up: - Create our own in-line secure phone encryption device to compete with Clipper-designed machines. - Increase public awareness of Clipper and what it may bring by using methods such as: . Anti-clipper t-shirts, buttons & pins . Anti-clipper memos on any and all BBSs and networks . Anti-clipper letters to the editor of every newspaper . et al - Continued polotical wrestling. Washington attandees: If I've left out anything, please write it down and send it out. G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/qhsAAAEEAN4QxTfSBoeP/FCiaX0/KmCkl6BcKRa1PeoP6ZlPWydg1nOx yZAk8pIdgiGxxgiMBMsqD+SrU+Sl1Fx1AdJ14HJsBp1V6G4rBTZqvFpbNPCfrQfz K/Apg+7bBpi5Qv+sQ0TWIy38zp/laArgcdUOpE4oE2UOUBVEtYvm47K2P+i5AAUR tC9HZW9mZnJleSBDLiBHcmFib3cgPGdyYWJvd19nZW9mZnJleUB0YW5kZW0uY29t Pg== =2NWi - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYNIXIvm47K2P+i5AQF1YwP+LDdw2OZyQCQe+S4FsnYW6GcbLlLShxn+ VS2UNihMtFqMwDjIK48lT17y2dyZ8UBPGx2Gdhr+hWOQGg7URxvCW8RHTMV+0kql m1fyTuuvD6njA7Q2Y5CSHmhuoECnqOJF6QpdVi6tti/QyY266h83kAexIzXa5+Un ViY5zW+zJyY= =0TKT -----END PGP SIGNATURE----- From hfinney at shell.portal.com Sun Mar 13 22:20:02 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 13 Mar 94 22:20:02 PST Subject: Magic Money gripes Message-ID: <199403140620.WAA25305@jobe.shell.portal.com> I hate to complain. Magic Money is something that people have been asking for for a long time, and it's a very nice implementation. A lot of aspects have been really well thought out, particularly the money aging and replace- ment. But I've been playing with it off and on lately and there are some improvements needed IMO. I'll just assume interested readers know how the program works and jump right into it. - The program handles encryption of messages to and from the bank auto- matically, but makes the user have to handle encryption of messages to other people. I can see some justification for this - maybe the message (that is, a coins.dat file) will be sent via secure means like a direct or IR connection, so encryption is not needed. But most of the time it is needed, in which case the user has to use PGP or something as a sep- arate step. - The program distinguishes between bank messages, which are signed blinded coins, and user messages, which are raw coins, by whether they are in ASCII text or not. This is not the significant distinction between these two kinds of messages. - Bank messages look just like other PGP messages. But the user has to know not to try to run them through PGP and instead give them directly to the MM program un-decrypted. The only way he can tell is to notice that the sender address is the bank. If the bank ever sends him a real coin file (which it may to prime the pump) then the user just has to know to treat these messages differently. - There is no way to know which bank an incoming coin file is for. I think this is one of the biggest weaknesses of the system. If more than one bank is competing I have to know which bank a given coin file is associated with and go to that directory to process that coin file. - There is no way to put coin files directly into your allcoins.dat file. There are a couple of cases in which you might want to do this. First, you might pay out some coins and then change your mind before sending them, and want to put them back. Or second, you might receive some coins from a trustworthy person (your mum, say) and just want to add them without going through the bank. - More generally, it is difficult to use the program in a safe way which deals robustly with errors of various types. When I was first building the program I had some bugs which caused coins to appear to be double- spent, to not signature-check properly, to not be found in the proto file, etc. The program did not appear to handle all of these errors safely, sometimes aborting in the middle of a file. In addition, the program always calls its output files coins.dat and output.asc. If you run it twice without renaming these files you can lose data and lose money. Then, when you send the files, you need to manually keep backups in case the email fails. Again, otherwise you will lose money. - The money data structures do not allow for expansion. I'd like to see a way of adding new fields in the future which will be ignored by older versions of the program. For example, in regard to the above, I'd like to see a "bank email address" and possibly a bank key added to the coins.dat file. Then you could mail the coins to someone without including a lot of out-of-band data about the bank they were for. It would be nice if this could be done without totally breaking the current program. At a minimum a version number could be stuck at the front so that old programs would recommend that users upgrade. - The program uses PGP algorithms and data structures, but not its files. The bank's key and user's keys are kept in separate files. There might be advantages in putting these keys into PGP's regular files. Also, the random number generation in PGP looks stronger than MM, since it keeps much more state from run to run. MM seeds based on a very, very elementary hash on a file called rand.dat, which will tend to be fixed, and the time of day. - None of the MM files are encrypted on the disk. The money files could be stolen by someone with access to your computer, and your secret key used for communications with the bank could be stolen as well. This would be a major security flaw in some situations. Having made these complaints, let me reiterate that I am very pleased with this program overall. I also appreciate mpd at netcom.com's efforts in running a server. I have built a Mac client for MM which is not too mac-like but lets you drag-n-drop incoming files onto the MM icon and it handles them right. I'll tweak that a little more then upload it with the other clients. Hal From phantom at u.washington.edu Sun Mar 13 23:13:16 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sun, 13 Mar 94 23:13:16 PST Subject: I hate to nitpick, but... Message-ID: I really hate to pick stuff like this out, but people in washington STATE are sensitive to this stuff, and talking like this might create some confusion, so.. ---- From: GRABOW_GEOFFREY at tandem.com [...] We at the Wash. location were discussing what the next step should be [...] Washington attandees: If I've left out anything, please write it down and ---- NOTE: Above, WASHINGTON == Washington DC, not Washington State. The Washington meeting in _Seattle_ went well -- we had 11 attendees for our first meeting ever. Hopefully, with better planning :) we'll have even more at our next meeting. Since it was our first meeting, much of it was spent introducing ourselves and planning logistics of our monthly meetings. We've decided to pursue MBONE connections in anticipation of the next broadcast Bay Area meeting. We're setting up a local group mailing list to service our local needs. In the event we can't get MBONE, our meetings will be held one week after the Bay Area meetings, in hopes that some kind soul will be able to provide us with rough minutes or the like. I know that this has been done before, although I know it is a thankless job... matt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From rishab at dxm.ernet.in Sun Mar 13 23:44:32 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 13 Mar 94 23:44:32 PST Subject: No Subject Message-ID: Matt Thomlinson : > I was wondering what people were thinking about putting together a > page for WWW? Would it be useful? Would people browsing around look at > it and would it be a medium to disseminate info? Maybe divide it up... I've been working on this for a while, as I mentioned in an earlier post. At the moment, you can use Gopher as an interface to browse articles on policy (Clipper, DT ...) at EFF or CPSR, and at chaos.bsu.edu for digicash and more cpunk stuff. I'm really more interested in WWW because the articles can be hypertextified with cross-references. Right now, you can use Gopher as an index of articles themselves, so there is no point making a WWW html that's just a 'contents' page. In about 3-4 weeks from now, I'll be ready to release fully hypertext WWW html. This will still be quite limited, to policy on Clipper, Digital Telephony, ITAR; FAQs; Cypherpunk stuff -- Digicash, Blacknet(?), anon/remailers; RSA, other patents and papers; Kerberos and other security, maybe. All this will be as cross-referenced as I can manage by next month. There are over 4 megs in (uncompressed) articles, that I've downloaded so far. -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From elbert2 at darmstadt.gmd.de Mon Mar 14 01:32:06 1994 From: elbert2 at darmstadt.gmd.de (elbert2 at darmstadt.gmd.de) Date: Mon, 14 Mar 94 01:32:06 PST Subject: voice encryption Message-ID: <9403140931.AA10234@darmstadt.gmd.de> >> [IBM ISDN board with TI DSP, COM1 interface, 64kbps] last november, on a trade show, i saw AVM presenting a PCMCIA card for ISDN. it ran BTX alias Datex-J alias Minitel, so there *is* a "application for the masses". They said to have production running till CeBit-time. sorry, no further info. From bart at netcom.com Mon Mar 14 02:56:40 1994 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 14 Mar 94 02:56:40 PST Subject: Yet another assault Message-ID: <199403141057.CAA19967@mail.netcom.com> Seen in the Edupage mailing list: ELECTRONIC EAVESDROPPING A measure soon to be introduced on Capitol Hill would require that all network providers, including the Internet and commercial on-line services, build in the capability to record any person's e-mail and deliver it to federal law-enforcement authorities. Government agents will need only to show a person merits investigation, rather than obtain a court order as is the case for telephone eavesdropping. (Business Week 3/14/94 p.55) From frissell at panix.com Mon Mar 14 03:01:15 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 14 Mar 94 03:01:15 PST Subject: Canon Copiers Message-ID: <199403141101.AA23121@panix.com> To: cypherpunks at toad.com E >The new models, the 350 and 550 do indeed have a currency recognition E >feature based on color. I was talking to a serviceman--interestingly, E >as with all crippling features, this one creates problems, as certain E >images become uncopiable if the color they use is upsetting the canon. E >The service man said that often the offending object may be copied E >simply by placing a sheet of acetate between the imaging area and the E >sheet to be copied. E > E >I used to be skeptical of this feature--someone here conjected that E >it would be based on color. they were right. Smart. E > E >Jay But what color? So does this mean I have to go to all the trouble of buying a Canon copier in Canada or the UK and importing it? Not all currency is the same color. DCF --- WinQwk 2.0b#1165 From werner at mc.ab.com Mon Mar 14 04:09:53 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 14 Mar 94 04:09:53 PST Subject: Niacin warning OOPS!!! Message-ID: <199403141209.HAA08904@sparcserver.mc.ab.com> From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 13 Mar 1994 16:03:10 -0500 (EST) > From: rarachel at prism.poly.edu (Arsen Ray Arachelian) > > you can also just pop a 400mg Niacin capsule... Niacin will > > quickly dialate all your capilaries bringing lots of blood > > to your face and making you look like a lobster. > I just want to warn anyone who is thinking of trying this that 400 mg > is not the place to start with niacin. The flushing will be extremely > intense at that level and you will probably either think you are dying > or wish you were. Try 50 or 100 mg to start with. OOPS! I goofed! Sorry about that, hope nobody tried that high a dose.. I started taking some extra vitamins a while back, and the Niacin dose was 150mg, which gave me a barely noticable tingling sensation in my face, but did not cause my face to change color. I was previously taking only Theragran-M. From m5 at vail.tivoli.com Mon Mar 14 06:06:18 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 14 Mar 94 06:06:18 PST Subject: CD-ROM software "shopping" Message-ID: <9403141406.AA24992@vail.tivoli.com> I picked up a new Mac this weekend (a Quadra 650, on the very eve of its obsolescence :-) and with it came a CD from "Software Dispatch" (or something like that) packed with commercial software, and apparently locked with some sort of cryptographic protocol. I'm not sure whether each CD is digitally stamped with a key (seems kinda difficult) or whether the key I typed in from the cardboard envelope at the start-up screen served the purpose of identifying my disk (probably). You call up an 800 number and give them a key from the disk (I can't remember whether it was the same as the key I typed in) and after supplying a credit card number they'll "unlock" whatever packages you want by providing another key for each one. Does anybody know what sort of protocol this is using? The keys are pretty long (about 16 bytes). (Note that I'm really just curious; I don't think I have the attention span to try and "break" it. Besides, I already bought the only things I wanted off it :-) -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jim at Tadpole.COM Mon Mar 14 06:39:56 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Mon, 14 Mar 94 06:39:56 PST Subject: PGP to the rescue? Message-ID: <9403141440.AA14192@chiba.tadpole.com> From: Christopher Cotton Date: Mon, 14 Mar 1994 00:16:27 -0500 ELECTRONIC EAVESDROPPING A measure soon to be introduced on Capitol Hill would require that all network providers, including the Internet and commercial on-line services, build in the capability to record any person's e-mail and deliver it to federal law-enforcement authorities. Government agents will need only to show a person merits investigation, rather than obtain a court order as is the case for telephone eavesdropping. (Business Week 3/14/94 p.55) From ag588 at cleveland.Freenet.Edu Mon Mar 14 07:04:39 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Mon, 14 Mar 94 07:04:39 PST Subject: Locating Color Copiers Message-ID: <9403141504.AA06487@eeyore.INS.CWRU.Edu> > >nobody at soda.berkeley.edu says... >> >> On a slightly related topic, I know of an instance where the >> Secret Service located a stolen color copier with somewhat >> greater speed than one might have expected. .... >1. Why was the secret service looing for stolen property? >> > The Secret Service is a division of the Treasury Department. One of their main duties is tracking down counterfeiters. If someone has stolen a color copy machine, there's a very good chance that it was stolen for the end purpose of counterfeiting. So I would imagine that that would be why the SS would be looking for this particular stolen property. Make sense? -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From hlin at nas.edu Mon Mar 14 07:27:06 1994 From: hlin at nas.edu (Herb Lin) Date: Mon, 14 Mar 94 07:27:06 PST Subject: Clipper and Traffic Analysis Message-ID: <9402147636.AA763669619@nas.edu> In the AOL debate between Barlow and Denning, Barlow asserted that Clipper increases the gov't capability to do traffic analysis. Can someone please describe the technical basis for this claim? (No rhetoric please, just the technical background...) herb From ag588 at cleveland.Freenet.Edu Mon Mar 14 07:34:53 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Mon, 14 Mar 94 07:34:53 PST Subject: Niacin warning OOPS!!! Message-ID: <9403141534.AA12427@eeyore.INS.CWRU.Edu> > [Discussion of popping niacin doses to defeat biometric scanning devices] > > What if the only biometric scans taken of a person were taken while flushing on niacin? Will they result in a consistent, though flushed, scan, thereby enabling the stystem to identify you anyway? If they then nab you and want to verify the scan, all they have to do is inject you with another dose of niacin and check the scan. [Obviously this scenario assumes some fairly major civil rights violations, but for the international traveler....] -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From smb at research.att.com Mon Mar 14 07:37:07 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 14 Mar 94 07:37:07 PST Subject: Clipper and Traffic Analysis Message-ID: <9403141537.AA24364@toad.com> In the AOL debate between Barlow and Denning, Barlow asserted that Clipper increases the gov't capability to do traffic analysis. Can someone please describe the technical basis for this claim? (No rhetoric please, just the technical background...) The LEAF can be decrypted with just the family key; from what's been disclosed so far, local law enforcement agents will be able to do that without contacting the escrow sites. The LEAF contains the unit id of the chip, independent of what phone number it's being used from, or (in the case of cellular phones) where in the country it is. The ordinary signaling channels are (often) encrypted, and in general use a different path than the call itself. From matsb at sos.sll.se Mon Mar 14 07:45:50 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Mon, 14 Mar 94 07:45:50 PST Subject: Other Spy Agencies In-Reply-To: <199403120226.SAA15428@jobe.shell.portal.com> Message-ID: On Fri, 11 Mar 1994, Greg - Kucharo wrote: > "Im in for triple murder,how about you? I got 40 years for telling the Swedes > about RSA so don't screw with me pal!Crypto huh,your one sick con." There has still been zero in the Swedish public media about Clipper. I have introduced the subject in the national Fido echo about datacomm, including the unconfirmed information that .se (together with .uk) is one of the first external countries to apply for a KF. (Swedish Fidonet sysops seem to long for CALLER-ID, which has been postponed here for reasons of privacy, to keep track of their users. Wouldn't this also be beneficial for traffic analysis?) Cryptology in Sweden is probably centerer to the Forsvarets Radioanstalt ('Radio Agency of the Defense') which is as secretive about it's methods as any letter agency. Not until recently did it become known that they compromised the German G-printer during WWII. The teleprinter lines between occupied Norway and Denmark went through Sweden and the traffic was encrypted with this Enigma-like machine (I don't know exactly but it had about ten wheels that had to match in adjustment plus an extra level consisting of cables from the wheelhouse that could be set differently to twist the output). The crack was done all by himself by one legendary genius called Beurling using only pencil and paper. It took him two weeks from the day they picked him up at the university (mathematician of course). After the war he took the former seat of Einstein at the Princeton University but fell into obscurity (allegedly he had serious personal problems). Regardless of being neutral the Swedish Defence has cooperated with USA in covering the Russian's radio traffic from the 40's until now. I'm sure they got something back (more than RSA which is in the public domain). At the moment I have some probes out to laywers to establish the status of the Swedish cryptology laws (if any). A curiosity: The electromagnetic spectrum is considered free here, contrary to most European countries, meaning for example that pirate decoders for TV sattelite transmissions are legal. This will probably change when Sweden, unfortunately, soon enters the European Community. //mb From hughes at ah.com Mon Mar 14 08:29:43 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 14 Mar 94 08:29:43 PST Subject: digital cash In-Reply-To: <199403140422.AA05423@netsys.com> Message-ID: <9403141619.AA04459@ah.com> >Are you guys going to simply represent dollars with your digital cash >or will you attempt to create your own currency that may simply be >converted to/from dollars? Accounts will be able to be denominated in USA dollars, the central bank money issued by the USA's own Federal Reserve. Accounts will also be able to be denominated in other major currencies traded on the Foreign Exchange market. Specifics have not been decided. We will not be issuing a new currency. Eric am Reply-To: uri at watson.ibm.com X-Mailer: ELM [version 2.4 PL20] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 3561 Sender: owner-cypherpunks at toad.com Precedence: bulk Herb Lin says: > In the AOL debate between Barlow and Denning, Barlow asserted that Clipper > increases the gov't capability to do traffic analysis. Can someone please > describe the technical basis for this claim? (No rhetoric please, just the > technical background...) Traffic analysis is "who contacts who, when, where from, where to, for how long and how often". Today most of the "ordinary public" phone communications are analog/voice. Thus when a phone call comes in, you have the source of the call (i.e. the originating phone number), the destination of the call and the voices (you can analyze them with a reasonable chance to identify the speakers). Today it's quite feasible to obscure the identity of the parties (by using pay phones, and so)... But there are no good ways to secure/encrypt analog voice - thus no matter what measures you use, the contents of the dialog will lay bare. Another communication mode emerges: digital e-mail and digitized voice. This may present much harder tracking problem in both party recognition and location. Imagine anonymous TCP/IP connection server and sort of a chain of "remailers" which bounce TCP packets (or should I have said streams? :-). Plus unbreakable encryption, which deny the eavesdroppers any chance to pry the contents open... It is possible today. Now Clipper comes in. Each digital stream coming out of it will have a tag identifying the source (in case of dialog each party will present thus it's chip ID, which uniquely identifies either the party, or it's location). Note, that when the "voice-remailer" technology picks up (I assume it will, for the privacy seems to be worth of the price) - even an "ordinary person" will be able to enjoy the "total" privacy. While Clipper can't deny such privacy to outlaws (i.e. I can superencipher the output of Clipper chip, or I can use another encryption altogether to avoid both decrypting of the contents and identifying with Clipper ID) - it's obvious, that an "ordinary citizen" simply won't bother, just like he/she doesn't go to a train station to make a phone call to preserve his/her privacy. No matter how "randomly" will the digitized [encrypted] voice data stream bounce around through commercial "voice remailers", it will have identifying tags attached to it, allowing to trace it to it's both end points. It's not today, that Clipper chip is about - it's the future that it endangers. Of course, it all is based on assumptions: 1. Americans want privacy and anonymity (since they also want Caller ID, I'm not sure how correct this is). 2. Anonymous "voice remailers" will come up soon after decent voice encryption becomes available cheaply to the masses, AND WILL BE USED BY GREAT MANY people - otherwise the chain "Joe Schmoe has called Remailer1, it called Remailer2, ..., it called Jim Schmoe" is easily reconstructed (and you don't even have the benefits of random delay before bouncing the pieces off in attempt to confuse an eavesdropper whose piece goes out when and where to). 3. The industry will pick up those tools and expand them to the level of public phone service (and the gov't won't scare or bribe them out from this idea). 4. Traffic analysis is a bad thing and we should deny it to an eavesdropper. [Well, is it true? Where's the line betwen "I don't really care" and "Now my freedom i in danger"?] 5. People are good (no, I'm joking! :-). -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- From rarachel at prism.poly.edu Mon Mar 14 08:30:50 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 14 Mar 94 08:30:50 PST Subject: spyproofing your house/work building In-Reply-To: <199403141601.AA23989@zoom.bga.com> Message-ID: <9403141618.AA19048@prism.poly.edu> > A Faraday Cage is made from mesh not solid material. You would need to make > shure it is well grounded and of small dimension mesh. It will protext > against low power monitoring. Is the stuff they make fences out of okay for this? My excuse for putting this up (if I have to make up an excuse) is that I'm going to have lots of PC's in the room and I don't want the FCC complaining... > On the topic of lasers, you might also get a IR viewer and search for a > laser transmission FROM your house to another site. This would be a very > good method of listening in w/ little chance of discovery. Long range > also. Can camcorders be used to detect this? A friend of mine had this old b&w surveilence camera that could pick up an IR beam off a remote. Are the lasers in the same range or do I need IR gear? > Also watch for microwave traps, similar to the Russian trick at the UN > or wherever in the 60's. Any metallic container can be resonated and used > to listen to the room noise. How can I detect this? Will the usual microwave oven leak detectors help? I don't want to confuse high frequency stuff (900Mhz or above) as a reason to be paranoid. :-) From ravage at bga.com Mon Mar 14 08:31:51 1994 From: ravage at bga.com (Jim choate) Date: Mon, 14 Mar 94 08:31:51 PST Subject: ID Chips... In-Reply-To: <199403120926.BAA03885@mail.netcom.com> Message-ID: <199403141630.AA24752@zoom.bga.com> > > Jim Choate says: > > > I question the validity of the chips use, seems to me that tatooing the ear > > of the pet and placing this in a database would be much more efficient and a > > LOT less expensive. > > I suspect the chip insertion uses vastly less expensive labor, and > probably less expensive gadgetry, as well. There might also be a memory-size > problem; I have a cat with an ID number tatooed in one ear -- about the only > place where it is reasonably visible on casual inspection. The number is > about nine years old, and has four digits. One or two more and there would > be trouble reading it. > > (The cat is a survivor of feline leukemia research at U. C. Davis; the > ID dates from that program. There's a program whereby surviving animals > from the Davis labs are placed out.) > -- Jay Freeman > Why do you insist on using roman numerals and the English alphabet? There is no reason that some other symbology would not work w/ a larger character set, say 1st char is state, 2nd char is city, 3rd char is vet, 4th/5th char are customer.... From ravage at bga.com Mon Mar 14 08:33:29 1994 From: ravage at bga.com (Jim choate) Date: Mon, 14 Mar 94 08:33:29 PST Subject: The Coming Police State In-Reply-To: <199403120442.UAA01477@nexsys.nexsys.net> Message-ID: <199403141633.AA24805@zoom.bga.com> Actually a better book for virus and such is: Computer Viruses: A hi-tech disease Ralf Burger ISBN 1-55755-043-3 It includes source codes and working examples. Also in the near future I will be offering a 3M compressed set of disks which contain various Dos viruses and related code to interested parties. From ravage at bga.com Mon Mar 14 08:37:31 1994 From: ravage at bga.com (Jim choate) Date: Mon, 14 Mar 94 08:37:31 PST Subject: ID Chips... In-Reply-To: <9403112245.AA26604@toaster.SFSU.EDU> Message-ID: <199403141637.AA24921@zoom.bga.com> > > > Jim choate writes: > > > As I understand it there was a proposal to install such chips in children > > to prevent kidnapping and such last year in Congress (don't remember if it > > was House or Senate). > > ... > > Do you remember who the representative was? (Or does anyone else?) This > is good material to make sure the person does not get re-elected! > > F. > > unfortunately, no. I have not been able to locate the note I had made at the time (it was on paper because I was nowhere near a pc at the time) and I suspect it might be lost. But, will keep looking. From hughes at ah.com Mon Mar 14 08:38:03 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 14 Mar 94 08:38:03 PST Subject: spyproofing your house/work building In-Reply-To: <9403132120.AA21962@prism.poly.edu> Message-ID: <9403141627.AA04506@ah.com> >Have I forgotten anything? Yes, fully half of it. You need equipment to check whether your modifications are working. Eric From matsb at sos.sll.se Mon Mar 14 08:38:03 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Mon, 14 Mar 94 08:38:03 PST Subject: The Agency Whose Name May Not Be Spoken In-Reply-To: <199403121631.IAA07143@mail.netcom.com> Message-ID: On Sat, 12 Mar 1994, Timothy C. May wrote: > I was thinking of even more secretive agencies, such as Ludlum's > fictitious (I used to think so, but...) "Consular Ops" and the > economic surveillace groups. Yeah, I wonder what Jason Bourne is up to these days. If you can track him you would probably get close to where the real action is. //mb From rarachel at prism.poly.edu Mon Mar 14 08:43:34 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 14 Mar 94 08:43:34 PST Subject: CD-ROM software "shopping" In-Reply-To: <9403141406.AA24992@vail.tivoli.com> Message-ID: <9403141629.AA19461@prism.poly.edu> RE: Software Dispatch CD... While each individual CD doesn't have a unique key, each batch does. >From what I heard, on the average, there are 10 separate batch/keys. So if your friend buys X software off his CD and gives you his key you have a 1 in 10 chance of being able to get the software... (Kinda useless, if you're going to pirate it, you just copy the software, but at least it prevents the serial number lists from hawking the cd-wares...) Also, I think the key they give you contains a private reg. number so if you spread the software you buy they can track you down and hunt you like a dog... :-) Then again, there's nothing preventing you from running a hack program on the CD (other than time of course...) From catalyst-remailer at netcom.com Mon Mar 14 08:51:22 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 14 Mar 94 08:51:22 PST Subject: Magic Money Complaints / ATTN Warlord Message-ID: <199403141652.IAA20000@mail2.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Message to Warlord: - -----BEGIN PGP MESSAGE----- Version: 2.3a hGUCOHQrXMGwavEBAsQIisQa4G1UakyzJXvV0MuEUUQT3K8y2k0ox7x6LPdfSozu V0/IRkUM1peH07i6FK7WY19MunhfkZh2K9rVR+UzuVKp4bG7w+S4bjQk3DRsjiyH 1u58JcGtVaYAAAB0FFCAeBcjzwoH4yRD8GyNyjHPhAE5HPudT1IvenINfDc0HD5I qZs1FhNctxMsukhVJvoK5xtUhBOuCR6CtVxjeVtxniR1kq2sd7RO3sg7FknIuHer l88hJYcZqFpfcb5c+7m3tKjvqzMw2keRSsydVxXQY+M= =rBux - -----END PGP MESSAGE----- Hal Finney wrote: >I hate to complain. Magic Money is something that people have been asking >for for a long time, and it's a very nice implementation. A lot of aspects >have been really well thought out, particularly the money aging and replace- >ment. But I've been playing with it off and on lately and there are some >improvements needed IMO. I'd rather have people playing with it and complaining about it, than ignoring it. I'd about given up hope that anyone would do anything with the program. Someone please set up an emailable server! >I'll just assume interested readers know how the program works and jump >right into it. > - The program handles encryption of messages to and from the bank auto- > matically, but makes the user have to handle encryption of messages to > other people. I can see some justification for this - maybe the message > (that is, a coins.dat file) will be sent via secure means like a direct > or IR connection, so encryption is not needed. But most of the time it > is needed, in which case the user has to use PGP or something as a sep- > arate step. I was lazy. To do this properly, you would have to have the ability to include a message along with the coins, and encrypt it with someone's PGP key, then decrypt it and display it at the receiving end and separate the message from the coins. You would about have to rewrite PGP within the Magic Money client. I could have written a perfect digital cash system, in which case I'd still be designing it and no code would have been written at all yet. But I was lazy. > - The program distinguishes between bank messages, which are signed blinded > coins, and user messages, which are raw coins, by whether they are in > ASCII text or not. This is not the significant distinction between these > two kinds of messages. Yes, it assumes you are going to feed it the message in the same format it was output in. A bank message is signed and encrypted, while a coins.dat is a raw binary file. User-to-user communication is left up to the users. > - Bank messages look just like other PGP messages. But the user has to > know not to try to run them through PGP and instead give them directly to > the MM program un-decrypted. The only way he can tell is to notice that > the sender address is the bank. If the bank ever sends him a real coin > file (which it may to prime the pump) then the user just has to know > to treat these messages differently. Ummm, true. What should I do about this? I wanted Magic Money messages to look just like any other PGP messages, to avoid the possibility of people using the program being singled out. Doing what you suggest would require the server having the ability to encrypt with someone else's public key, unless the bank uses PGP to encrypt a coins.dat file. > - There is no way to know which bank an incoming coin file is for. I think > this is one of the biggest weaknesses of the system. If more than one > bank is competing I have to know which bank a given coin file is > associated with and go to that directory to process that coin file. If you were using multiple banks, that would be a problem. So far there aren't any banks at all, so... but a future version could have the bank's key id in front of a coin file. Then you would have multiple bank public keys in bank.pub, and multiple coin files, and multiple elists. And you would have to know what bank the person you're doing business with uses, so you could send him the proper coins...the complexity grows exponentially. > - There is no way to put coin files directly into your allcoins.dat file. > There are a couple of cases in which you might want to do this. First, > you might pay out some coins and then change your mind before sending > them, and want to put them back. Or second, you might receive some coins > from a trustworthy person (your mum, say) and just want to add them > without going through the bank. This is easy to include, and I considered doing it, but it is dangerous. It would be easy to put coins back into allcoins.dat and then forget and send them out, thus double-spending. If you take coins out and then want to put them back, you can always exchange them with the bank yourself. > - More generally, it is difficult to use the program in a safe way which > deals robustly with errors of various types. When I was first building > the program I had some bugs which caused coins to appear to be double- > spent, to not signature-check properly, to not be found in > the proto file, > etc. The program did not appear to handle all of these errors safely, > sometimes aborting in the middle of a file. Where are these bugs? Are they still present in the latest version? I'd like to get rid of them - what did you change? Error handling is a bitch - in most cases, I just didn't know of a good way to handle an error. What do you do if a signature fails, or a coin is not in the proto-file? Ignore the coin and go on? Then you have the wrong amount of money. > In addition, the program always calls its output files coins.dat and > output.asc. If you run it twice without renaming these files you can > lose data and lose money. Then, when you send the files, you need to > manually keep backups in case the email fails. Again, otherwise you will > lose money. Should it use an incrementing name: coins.000,001,etc. so no files will be lost? This would be an easy change to make. > - The money data structures do not allow for expansion. I'd like to see a > way of adding new fields in the future which will be ignored by older > versions of the program. For example, in regard to the above, I'd like > to see a "bank email address" and possibly a bank key added to the > coins.dat file. Then you could mail the coins to someone without > including > a lot of out-of-band data about the bank they were for. It would be nice > if this could be done without totally breaking the current program. At > a minimum a version number could be stuck at the front so that old > programs > would recommend that users upgrade. Yeah, a mode byte at the beginning so later versions could be downward compatible with the earlier ones. The coins do have an identifier byte before each coin type. Later versions could use different bytes. > - The program uses PGP algorithms and data structures, but not its files. > The bank's key and user's keys are kept in separate files. There might > be advantages in putting these keys into PGP's regular files. Since the keys are only used for digicash purposes - why? See my complaint above about how these changes would require a whole PGP inside the Magic Money client. I can only write so much code. > Also, the > random number generation in PGP looks stronger than MM, since it keeps > much more state from run to run. MM seeds based on a very, very > elementary > hash on a file called rand.dat, which will tend to be fixed, and the > time of day. Ahem...this I will take issue with. Magic Money (and PGP Tools in general) uses an MD5-based random number generator which works as follows: the program takes some input random data and cyclically XOR's it through a buffer, whose size is determined at compile time. At present, it is set to 256 bytes. Then, for each 16 bytes of random data requested, the program takes the MD5 of: the time, a counter, and the 256-byte buffer. Now, if an attacker does not know the contents of the seed file, knowledge of the time and the counter value gets him nothing. The fact that the file does not change is irrelevant, because the non-reversibility of MD5 prevents the attacker from finding out anything about the file. > - None of the MM files are encrypted on the disk. The money files could > be stolen by someone with access to your computer, and your secret key > used for communications with the bank could be stolen as well. This > would be a major security flaw in some situations. Yeah, true. For serious use (real money) you would want either an encrypted filesystem (I use SecureDrive) or a passphrase on your allcoins.dat file and the secret key. The server's secret key, which is the most valuable of all, can't be encrypted because the server has to be able to read it without a user present. >Having made these complaints, let me reiterate that I am very pleased with >this program overall. I also appreciate mpd at netcom.com's efforts in >running a server. Is his server e-mailable? How do you access it? I have built a Mac client for MM which is not too mac-like but >lets you drag-n-drop incoming files onto the MM icon and it handles >them right. I'll tweak that a little more then upload it with the >other clients. How much trouble did you have compiling it big-endian? Magic Money was not intended for serious real-money use. For a real-world usable program, the crypto core would have been buried in many thousands of lines of support code, and the program would never have seen the light of day. It was intended to serve as a minimal but usable digicash program, so people could play with digicash. It is not perfect, but it is the best digicash system in the public domain. (It's the only digicash system in the public domain, but that's beside the point!) Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYQjjsGoFIWXVYodAQEh+AP/eJhhTuNuf82eYvKc4Q7z8wz1wE3rkjwU K3Ca7pmggMq8bIeGmdkNJgLLDZ9llY/WaNKdT43nd9/PoTvUsQLxd4oXNAnk/4ud 4vGRKsI3bOoTmlhOepgjMAUy7w2yCu4niEh0WwZstj2t0lWLqU7YdZK5uleuvk8g fof2Ebl7PEY= =k16k -----END PGP SIGNATURE----- From hughes at ah.com Mon Mar 14 09:01:17 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 14 Mar 94 09:01:17 PST Subject: brainstorming on cpunks' eve In-Reply-To: <9403130852.AA16812@anchor.ho.att.com> Message-ID: <9403141650.AA04577@ah.com> >> Also, one could set up a hashing/signing service, more akin to a time >> stamp service. [....] "Digital Notary" system? >There's certainly a need for such services. You have to be careful >to avoid stepping on Bellcore's work, since I think it's patented, It is patented, and one of the first claims in the patent is just signing a claimed time and the given document. I don't think this would hold up in court, because of obviousness, but the clause is in there. Eric From ag588 at cleveland.Freenet.Edu Mon Mar 14 09:43:22 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Mon, 14 Mar 94 09:43:22 PST Subject: digital cash Message-ID: <199403141743.MAA03434@piglet.INS.CWRU.Edu> > > >Mark Hittinger says: >> Are you guys going to simply represent dollars with your digital cash >> or will you attempt to create your own currency that may simply be >> converted to/from dollars? > >I can't for the life of me understand the difference between a >"representation" of dollars and something "convertable" into dollars. > >Perry > > The Japanese Yen is not a representation of a dollar but it is convertable into dollars. I think what was originally meant was whether the digital cash will be in units equivalent to dollars and readily "convertable" into dollars in the same sense that dollar bills were at one time readily convertable into the amount of gold that they "represented." Anyway, that was my understanding of the question. -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From mnemonic at eff.org Mon Mar 14 10:32:23 1994 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 14 Mar 94 10:32:23 PST Subject: Nature of RSA's patent Message-ID: <199403141832.NAA16824@eff.org> Can someone tell me whether RSA claims to hold process patents or device patents on RSA public-key crypto? From hfinney at shell.portal.com Mon Mar 14 10:33:47 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 14 Mar 94 10:33:47 PST Subject: Magic Money Complaints Message-ID: <199403141834.KAA05710@jobe.shell.portal.com> Pr0duct Cypher writes: > I'd rather have people playing with it and complaining about it, than > ignoring it. I'd about given up hope that anyone would do anything with > the program. Someone please set up an emailable server! Mail to mpd at netcom.com, subject "Bank" will be processed by a Magic Money server. He calls his coins "Tacky Money". Here is his bank's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQA/Ai1uZlUAAAEBgL95EmR/sdhCT3HQF3imtMvUjg9D4oZTgT2JMMRol1qv13h5 i2DUUUL9DKW76VcLKwARAQABtCFNYWdpYyBNb25leSBUZXN0IDxtcGRAbmV0Y29t LmNvbT4= =JDa0 -----END PGP PUBLIC KEY BLOCK----- To make things interesting, here is a $10 Tacky Token. The first person to turn it in gets it! (This is just ascii-encoded; you will have to first use PGP to unencode it then give it to your Magic Money client.) -----BEGIN PGP MESSAGE----- Version: 2.3 rHNiJU1hY2ludG9zaCBIRC9EZXNrdG9wIEZvbGRlci9jb2lucy5kYXQAAAAAwJH2 7q4+nSRosFWmppnv12cAEQEADwGAivX32iM05KNdEdcyFiOnKhWCNrZmG/4ZD6xj 1G3VmWhNOpABQWKVTlG1XIzClfxL =qUK5 -----END PGP MESSAGE----- And as a "token" of my appreciation here's a little gratuity for Pr0duct Cypher: -----BEGIN PGP MESSAGE----- Version: 2.3 hIwCwagUhZdVih0BBACbdgHXUsPpV4q6aRohbDgaEiU6oZqh70ASvuraMYi9ErAp QimzBkNJjiKFB12rBoaOi72CJp4emJO9D+iZXgkdC/5QSQBys0iTkbGIMnd/3Pg0 KqCmHC4lXHcXrJo8lp90xbPvh+fm/F84yiVFz+QKyv+1eIW5i+tgVieKxYDv1aYA AACG+2ZhjCu3gSuxuHE9JOfeW/OhfcaqY8pEMjg0/i5/Zco3g7T4d1zvtKrRTwXa fBvQzcl4O4bdOOaS6Pz168a2NkmUbO4sJe9hb6ca1ZaSx3gSR7CovaqcZ+j7fHZv TmZcsbvfQTEMVsBTFHjVziWSYKShqyadVYR3jnS7gQin+YXJ5hYNKv8= =mN42 -----END PGP MESSAGE----- Here are some more constructive suggestions for how some of the issues I raised might be addressed. - Mark Magic Money messages differently from ordinary PGP messages. (-----BEGIN MAGIC MONEY MESSAGE-----) Alternatively, allow MM msgs to be decrypted by PGP to produce binary files which can be passed to the MM client. - Make the client handle bank and user messages both as either binary or ascii files. Use internal type flags rather than ascii vs binary to distinguish them. - Allow the client to search the PGP public and private key rings for decryption and encryption keys. - Allow the user to specify a user id to encrypt for when he extracts coins for payment, search the PGP public key ring and encrypt for that user. - Check for the existence of an output file and warn the user if it already exists. Allow the name of an output file to be specified on the command line. - Save a copy of all output files in a logging subdirectory. Then if an email message is never received the user can go back and send it again. The file dates and perhaps file names can be used to help the user deter- mine which log file is the copy of the lost one. - Include the bank's key and email address with each coin file. Allow users to combine the initialization and coin-receiving steps (already these appear to be very closely related in the software). This way a user who receives MM coins for a new bank which he has never used before can begin using it in one step. These don't really imply re-implementing PGP. MM already encrypts and decrypts PGP-type messages for the bank. Adding the keyring searches is the main part of extending that capability to user-to-user communication. It also gains the benefit of encrypting the user's secret key. I don't mean to be asking Pr0duct Cypher to do all of these things. If people can agree on the usability issues, maybe other members of the community can join in and make some of these changes. Now that Pr0duct has done the hard work a lot of this is little tweaks which aren't that tough. That's what happened with PGP. BTW, I was astonished by how easily the program built for the Mac. I did #define MSDOS, #define BIGENDIAN, as well as the compatibility flags. Then there were a few of the typical header files incompatibilities. Practically once it linked it worked. Very nice. Hal From danisch at ira.uka.de Mon Mar 14 10:44:36 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 14 Mar 94 10:44:36 PST Subject: Is this list alive? Message-ID: <9403141618.AA07456@deathstar.iaks.ira.uka.de> Is this mailing list still alive? I do not get any message for about one week. Thanks Hadmut From strick at osc.versant.com Mon Mar 14 10:55:11 1994 From: strick at osc.versant.com (strick -- strick AT versant DOT com -- henry strickland) Date: Mon, 14 Mar 94 10:55:11 PST Subject: Nature of RSA's patent In-Reply-To: <199403141832.NAA16824@eff.org> Message-ID: <9403141857.AA01436@osc.versant.com> # From: Mike Godwin # # Can someone tell me whether RSA claims to hold process patents or device # patents on RSA public-key crypto? If you're interested in details of these patents, I have (at home) a copy of (almost all of) the "full wrapper" of the four patents held by Public Key Partners, referenced in RFC1170: Cryptographic Apparatus and Method ("Diffie-Hellman")............................... No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle").................... No. 4,218,582 Cryptographic Communications System and Method ("RSA")................................... No. 4,405,829 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig").................... No. 4,424,414 A couple of others on The List also have copies of the wrappers. But it seems you're asking about the existance of a different type of patent than these? Or you're clarifying what type of patents these are? If they all say "Apparatus" and "Method", is that both a "device" and a "process"? strick From mnemonic at eff.org Mon Mar 14 11:32:56 1994 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 14 Mar 94 11:32:56 PST Subject: Nature of RSA's patent In-Reply-To: <9403141857.AA01436@osc.versant.com> Message-ID: <199403141932.OAA18636@eff.org> > # From: Mike Godwin > # > # Can someone tell me whether RSA claims to hold process patents or device > # patents on RSA public-key crypto? Here's why I'm asking. The relevant statute is 35 USC 271(g): "Whoever without authority imports into the United States or sells or uses within the United States a product which is made by a process patented in the United States shall be liable as an infringer, if the importation, sale, or use of the product occurs during the term of such process patent. In an action for infringement of a process patent, no remedy may be granted for infringement on account of the noncommercial use or retail sale of a product unless there is no adequate remedy under this title for infringement on account of the importation or other use or sale of that product. A product which is made by a patented process will, for purposes of this title, not be considered to be so made after-- 1) it is materially changed by subsequent processes; or 2) it becomes a trivial and nonessential component of another product." I've got a guy who's telling me that PGP-encrypted communications sent into the U.S.A. from abroad can be stopped at the border as infringing "products," pursuant to this statute. It's relevant to the argument whether RSA claims to hold process patents or product patents. The definitions of "product" and "import" are also relevant. --Mike From storm at access.digex.net Mon Mar 14 12:22:40 1994 From: storm at access.digex.net (Don Melvin) Date: Mon, 14 Mar 94 12:22:40 PST Subject: spyproofing your house/work building In-Reply-To: <9403132120.AA21962@prism.poly.edu> Message-ID: <199403142022.AA02431@access3.digex.net> > Have I forgotten anything? > Guard physical access so a mic/camera (1/8") can't be placed after construction. Drapes so the lip readers can't see you. From karn at qualcomm.com Mon Mar 14 12:27:31 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 14 Mar 94 12:27:31 PST Subject: Nature of RSA's patent In-Reply-To: <199403141932.OAA18636@eff.org> Message-ID: <199403142026.MAA20629@servo.qualcomm.com> Why should my incoming PGP-encrypted communications be automatically considered "infringing products", since I've got a copy of ViaCrypt PGP that was produced under license from Public Key Partners? Phil From tcmay at netcom.com Mon Mar 14 12:31:29 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 14 Mar 94 12:31:29 PST Subject: Books, Loompanics, and other weird stuff Message-ID: <199403142032.MAA05871@mail.netcom.com> Branch Cypherians, At the Saturday Cypherpunks meeting (60 people there for all or part of the 6-hour meeting, not counting the remote sites), I displayed a dozen or so books. I've had a number of requests that I post the names, authors, ISBN numbers, and Department of Justice Permission Numbers. These are by no means the most important books to have. We have mentioned the crypto books _many_ times, and also such seminal books as Bamford's "The Puzzle Palace," Kahn's "The Codebreakers," Brunner's "Shockwave Rider," Card's "Ender's Game," and of course Vinge's "True Names." I shall not dwell on these further. (Except to say I did look for used copies of Bamford, for possible mailing to some in foreign countries, but couldn't find any. And I couldn't find any copies at all of "When Harlie Was One," so can't check out the issue of who first talked about worms.) Several points: * I'll list some basic info about these books. * However, these were just a bunch of books I picked to show the range of information about there, the stuff your local library is unlikely to carry. (Things like "How to Create a New Identity," "The Secret Money Market," "Getting Started in the Underground Economy." etc.). Understand that I make no claims that these are the best books available, or that their contents are up to date, useful, etc. * This is why I strongly recommend you get yourself a copy of the wonderfully wacky 280-page catalog from Loompanics Unlimited, Port Townsend, Washington. Details are below. Most of these odd and controversial books I ordered several years ago (1988) from Loompanics...no doubt more current odd books are now available. * Alternative books stores often carry some of these books. For example, the "Anubis Warpus" bookstore in Santa Cruz (across from the Taco Bell on Pacific Avenue) has many of these books, in addition to offering tattoo and peircings (ugh!, but to each their own)...I haven't had my public key tattooed on my arm yet, but I'm considering having "Poor Impulse Control" put on my forehead. * These books are not "crypto" books....I showed them at the "politics" meeting as a change of pace from the usual number theory and crypto-oriented books we pass around. So, here are brief descriptions of the books. Best that you get the Loompanics catalog, which has nice summaries of each of the books and, of course, convenient ordering information. - "How to Launder Money," John Gregg, 1982, ISBN 0-317-03306-9. A small pamphlet, undoubtedly dated material. Useful to provoke ideas, but don't rely on this. - "How to Open a Swiss Bank Account," James Kelder, 1976, ISBN 0-690-01033-8. Also dated....Swiss accounts are passe these days. (I have several of these sorts of books, picked up in various places....your library may have some). - "Getting Started in the Underground Economy," Adam Cash (right), 1987, ISBN 0-915179-46-4. More ideas, but don't rely on it for legal or current advice. Loompanics has a dozen or more titles with themes about black markets, tax avoidance, etc. - "Low Profile: How to Avoid the Privacy Invaders," William Petrocelli, 1981, ISBN 0-07-049658-7. Similarly, Loompanics sells numerous books with this theme. - "How to Create a New Identity," Anonymous, 1983, ISBN 0-8065-1034-X. (Warning: This book comes with the "Law Enforcement Access Field," so that anyone reading the book can be electronically reported to the Witness Security Program, which holds the monopoly on creating fake identities, credit histories, and other legends.) Need I say more? Things are changing especially quickly here, so the material is just a starter. Fake passports and driver's license are now buyable on the streets of major cities (especially in the colored sections) for as little as $25. - "The Enterprise of Law: Justice Without the State," Bruce Benson, 1990, ISBN 0-936488-30-1. This book I threw in to show folks that the anarcho-capitalist system many of us favor does have some strong underpinnings in legal theory. There are several dozen good books on libertarian theory. Most are available by mail order from Laissez-Faire Book in San Francisco. (Dial 800 Info, or SF Info.) - I also showed a book on American Intelligence agencies (NSA, NRO, DIA, State Dept., etc.) by Jeffrey Richelson, but Whit Diffie has already borrowed it, so I can't provide the relevant info right now. Richelson has written several books on foreign intelligence agencies (BND, Mossad, MI5 and 6, etc.) and U.S. intelligence agencies, and is a good "post-Bamford" source. Enjoy finding and reading these. But your first priority should be to get the Loompanics catalog...other books may spark your interest more. I think the catalog is still $5 (well worth it), unless you order another book first, as described below. Good luck! --Tim May From: solmaker at pt.olympus.net (Stephen Schumacher) Newsgroups: misc.books.technical,rec.arts.books,alt.books.reviews,soc.libraries.talk,comp.security.misc,alt.politics.libertarian,alt.zines,alt.wired Subject: review: Secrets of a Super Hacker Date: 7 Mar 1994 11:17:44 -0800 Message-ID: <2lfuko$6rd at olympus.net> SECRETS OF A SUPER HACKER by The Knightmare, introduction by Gareth Branwyn, 205 pp., 8 1/2" x 11", ISBN 1-55950-106-5, March, 1994, Loompanics Unlimited, Box 1197, Port Townsend WA, 98368. Price: $19.95 plus $4.00 for shipping (includes a copy of their must-have 280 page catalog of unusual books). Credit card orders to 206-385-2230 (phone) or 206-385-7785 (fax). This is a very good practical book on breaking into computer systems. It's readable, interesting, informative, balanced, and accurate, with a nice spirit of fun and swashbuckling! Here's the contents: Introduction: Hackers: Heroes or Villains? I: The Basics II: The History of Hacking III: Researching the Hack IV: Passwords and Access Control V: Social Engineering VI: Reverse Social Engineering VII: Public Access Computers and Terminals VIII: On-Site Hacking: The Tresspasser-Hacker IX: Hacking at Hope: Dialing Up Computers With Your Modem X: Electronic Bulletin Board Systems XI: Borderline Hacking XII: What To Do When Inside XIII: This Lawful Land XIV: Hacker Security: How To Keep From Getting Caught XV: Conclusion Further Reading Glossary 8 Appendices The Knightmare covers lots of clever technical tricks for gaining access, but he shows most glee with scores of hilarious "Social Engineering" scams for seducing legitimate users into revealing their passwords. The striking thing about these spoofs is, just reading them, you realize through the laughter how often these simple Social Engineering techniques will produce results and how the credulity of non-security- minded naive users is the weak point of any security system. Sometimes while reading, I wished the book provided more specific info about phone numbers, brand names, specific techniques that work on specific bulletin board systems, etc. But I recognize that such information would go quickly out-of-date, or would be fixed in response to the book's publication, or could implicate the author. The Knightmare is presenting concepts that won't go out-of-date soon, giving the interested non-hacker a comprehensive and comprehensible survey of the field, and tipping off the potential hacker with just enough details to get him/her started and steered in the right direction and minimize the chance of getting caught. On this final point... a few times during the early chapters I thought The Knightmare was being cavalier about personal safety, favorably reporting (for example) Social Engineering advertizing scams that would likely bring the cops to one's doorstep. But The Knightmare was saving his warnings for 2 chapters towards the end, 22 sobering pages that make very clear the risks involved and what definitely NOT to do. A very balanced presentation. As usual with Loompanics books, this one can be read backwards, and pages 167-168 are directed specifically to System Administrators interested in beefing up security. I also appreciated all the hacker philosophy and pragmatic do-no-damage hacker ethics. The Knightmare disdains and derides "crackers" who break into a system in order to wreak havok; for him, "hackers" are peaceable, non- destructive puzzle-solvers and liberators of information. In a world where the govco is ever working to extend and centralize its control over financial data, encryption techniques, cyberspace, and every aspect of people's lives, the hacker may emerge as a modern-day Robin Hood. -- Steve (solmaker at pt.olympus.net) From wex at media.mit.edu Mon Mar 14 12:39:03 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Mon, 14 Mar 94 12:39:03 PST Subject: Clipper Cracks Appear In-Reply-To: <01H9WCYCG136001758@UNCVX1.OIT.UNC.EDU> Message-ID: <9403142038.AA02428@media.mit.edu> I agree with Scott Morham, esp where he says: > A ploy used successfully by many groups is to put forth an outrageous > proposal, such as clipper etc. Then they soften the demands so that the > opponent becomes disarmed, allowing that which the Gov't had intended to > pass all along to go through as a compromise. My fear for a while has been that key escrow is this "outrageous proposal" -- that is, the gov't doesn't really think it can make key escrow acceptable, so it'll propose a "compromise" of using Clipper without the key escrow. The logic behind this is that the LEAF field is not encrypted very strongly; this would allow the NSA/FBI to decrypt a conversation without having to bother with the keys (at least as I understand it; I'd be happy to be told I was wrong). According to notes published on this list, the NSA has already admitted that the LEAF is not itself encrypted with Clipper; we don't know what it is encrypted with, but I wonder: Assume that the LEAF is weakly encrypted. Assume that third parties (such as cypherpunks) try to show this by decrypting the LEAF. Would we be able to *recognize* a decrypted LEAF? Not knowing the SKIPJACK algorithm, it's unclear to me that we could recognize a session key even if we had one! This sort of "security through obscurity" seems to be useful, as it renders the LEAF immune to "known plaintext" forms of attack. Again, I repeat that my knowledge of crypto is rudimentary at best, so it's possible I'm wrong about some or all of this... --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 na53607 at anon.penet.fi We are Chaos Boys. We are coming to a paradigm near you. From mnemonic at eff.org Mon Mar 14 12:43:15 1994 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 14 Mar 94 12:43:15 PST Subject: Nature of RSA's patent In-Reply-To: <199403142026.MAA20629@servo.qualcomm.com> Message-ID: <199403142042.PAA20544@eff.org> Phil writes: > Why should my incoming PGP-encrypted communications be automatically considered > "infringing products", since I've got a copy of ViaCrypt PGP that was > produced under license from Public Key Partners? > > Phil The statute bars import of infringing products, not use of products. --Mike From smb at research.att.com Mon Mar 14 12:55:20 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 14 Mar 94 12:55:20 PST Subject: Clipper Cracks Appear Message-ID: <9403142055.AA29962@toad.com> According to notes published on this list, the NSA has already admitted that the LEAF is not itself encrypted with Clipper; we don't know what it is encrypted with, but I wonder: If you're referring to the meeting at AT&T Bell Laboratories, that is *not* what we were told. Rather, we were told that a unique mode of operation was used. The motivation for using a unique mode for the LEAF itself isn't completely clear; it may be related to the lack of space to send a random IV. The traffic key has to be encrypted a bit oddly, though; 80 bits doesn't mesh well with standard modes of operation of a 64-bit cipher if you want to minimize the number of encryption operations. Obviously, games can be played with the modes of oepration to weaken the cryptosystem. But that's the sort of thing that would stick out like a sore thumb to the review panel -- much more so than any flaws in Skipjack itself. But the question is worth asking of the review panel members. I'll pass it on to Steve Kent. --Steve Bellovin From cfrye at ciis.mitre.org Mon Mar 14 13:06:37 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Mon, 14 Mar 94 13:06:37 PST Subject: Books, Loompanics, and other weird stuff Message-ID: <9403142114.AA02510@ciis.mitre.org> Tim May said: >- I also showed a book on American Intelligence agencies (NSA, NRO, >DIA, State Dept., etc.) by Jeffrey Richelson, but Whit Diffie has >already borrowed it, so I can't provide the relevant info right now. >Richelson has written several books on foreign intelligence agencies >(BND, Mossad, MI5 and 6, etc.) and U.S. intelligence agencies, and is >a good "post-Bamford" source. Richelson, Jeffrey T. _The U.S. Intelligence Community_. 2nd ed. Harper, New York. 1989. ISBN 0-88730-226-2. This book is a required text for at least one class at George Washington University and can be found in their bookstore in D.C. I would imagine the book is still in print and could be ordered if not found in your local (well-stocked) bookstore. -- Best regards, Curtis D. Frye - Job Search Underway!!! cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu "MITRE's in the past, now. Time to move on!" From mech at eff.org Mon Mar 14 13:08:32 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 14 Mar 94 13:08:32 PST Subject: Help Stop Clipper, Your Testimony Wanted Message-ID: <199403142108.QAA21170@eff.org> Path: blogan From: blogan at crash.cts.com (Barry Logan) Subject: Help Stop Clipper, Your Testimony Wanted Organization: CTS Network Services (CTSNET/crash), San Diego, CA Date: Tue, 8 Mar 1994 15:15:30 GMT Message-ID: Sender: news at crash.cts.com (news subsystem) Nntp-Posting-Host: crash.cts.com Lines: 99 ****** P A P E R T I G E R T V S O U T H W E S T ******* For Immediate Release 3.07.94 *Distrubute Widely* This is a request for submissions of video testimony regarding Clipper. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Is it a coincidence that at the point where the net seems poised to include the numbers of people required for it to become a truly democratizing institution, that clipper is introduced through a back door? Unless the conquest of cyberspace goes unchallenged by the public-at- large, First and Fourth Amendment rights will be abrogated in a "fait accompli" out-of-sight of democratic processes. The sanctity of coded messages from Starfleet are meaningless if cybercops patrolling the infobahn do not practice non-interference. This is a battle that cannot be won if fought solely in cyberspace. Outside forces can restrain what transpires and control the dilithium crystals that power the net. The implementation of draconian measures calls for innovative counter measures. Opposition to Clipper is largely confined to net users. We propose to take arguments against the Clipper proposal to the public with a video. Fighting with the traditional weapons of mass media will get the attention of the wider net-disinterested audience (most of whom will intersect with the net in the future), than relying on the net alone to conjure the necessary outcry to make Clipper an issue of public scrutiny. We need your collected clips to put together a composite argument. It will be distributed to public access television stations, key legislators, and also be made available to the general public. Submission guidelines: ~~~~~~~~~~~~~~~~~~~~ -Send us a video of you containing your most cogent thoughts and passionate statement regarding Clipper. -Please limit your comments to privacy issues in general and Clipper in particular. -Send original tapes (we'll return them) in any format, 8mm, Hi8, VHS. ~~~~~~~~ Hi8 is the best. -Because of both the nature of video and the nature Clipper, guerrilla theater is encouraged. -Submissions of arguments in favor of Clipper will also be considered for inclusion. -Contributions from outside the U.S. are welcome. -Suggestions about content and/or format welcome. -Please send your video as soon as possible, but no later than May 1st for consideration. Information about Paper Tiger: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paper Tiger TV is a non-profit volunteer collective based in Manhattan, with working groups in San Diego (PTTV Tiger South West) and San Francisco (PTTV West). Paper Tiger TV produces 30 minute programs shown weekly on public access cable TV and distributed to cable stations, colleges and libraries across the country. The collective has been working for nine years with critical readings on many areas of cultural production including advertisement, TV, films, mainstream publications and cultural events. Although there is no confirmation, it is likely that the finished tape will be uplinked by Deep Dish TV: an association of community and independent producers, public access and cable programmers; a national, alternative satellite network with multi-racial, multi-regional representation producing and distributing television that has a point of view. FEARLESS TV!! We hope that our shows will inspire, educate and empower the political movements that we are a part of. Mail your tapes to: VIEWING HABITS 3270 MT.AACHEN AVE. SAN DIEGO, CA 92111 This is a historic moment, don't blow it. Make history, make video. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 From nates at netcom.com Mon Mar 14 14:07:08 1994 From: nates at netcom.com (Nate Sammons) Date: Mon, 14 Mar 94 14:07:08 PST Subject: pgptools app wanted Message-ID: <199403142207.OAA27743@netcom9.netcom.com> Hello punksters... I am almost done with some remailer software and I need something: an app that takes input from a specified file and sends output to anothe specified file (all on command line) and asks for the key from stdin or from an environment variable. This I need since PGP will not take environment vars or stdin for getting the key for a conventionally encrypted file. I would also like a program that will do nothing but encrypt a file specified on the command line and dump ascii-armoured output to another file, and ask for the password from an environment variable or from stdin. I am asking this since I hope someone else will have already done this or learned pgptools well enough to do it quickly. I thought about modifying PGP, but I also thought that many people would not want to use my remailer if I had to hack PGP to make it work ;-) My remailer implements the following features: :: Latency: ## MINUTES (where ## is an integer or the word "RANDOM") :: Request-Remailing-To: username at machine (of course) :: PleaseDontPad (keeps the mailer from padding the message) :: Encrypted: PGP (message is encrypted with the remailer's pubkey) :: SubjectEnclosed (if message is encrypted, the subject can be hidden inside the encryption envelope, on lines 1-5) :: SuperEncrypted (if the messge is encrypted, it looks for a line in the decrypted message that looks like: (on lines 1-5) SuperEncryptionKey: cjkdsancuiabcdsbakjcdsabkjcdsa and uses that key to decrypt the message again. ) In a configuration file, the owner can specify a few options, also: here's an example: # debuglevel sets the degugging level, 0 = off, 1 = on and 2 = picky. debuglevel 2 # loglevel sets the resolution of logs: # 0 = off. No logs at all. # 1 = Log Synopsis of message (from, to, subject, size, etc... not content) # 2 = Log Full message to the mailbox specified in logmbox # 3 = Log Full text and synopsis loglevel 3 logmbox ./log/mbox logsynopsis ./log/synopsis # This is the directory that all tempfiles, etc are set relative to homedir /staff/nate/dev/perl/remail # set the maximum number of latency minutes for random latency requests maxlatmin 20 # the process number will be appended to this name tempfile ./remailer-temp # defaultsubject specifies the subject to use if none is given, omit to # forward no subject at all. defaultsubject There is no subject. # The mailbox that diagnostic mail and non-remialer mail is sent to. mbox ./mbox # Passphrase for PGP decryption. passphrase nckldanjcsancjkndsakjcdsajk # sourceblock blocks mail coming FROM this address sourceblock detweiler at detweiler.org # destblock blocks mail addressed TO the address. destblock nate at vis.colostate.edu # netblock will block all mail going to that subnet. netblock whitehouse.gov In addition to this, the owner can change the number of padding sizes and their individual sizes... the remailer strips out the padding when it gets a message and adds it to the end when it's about to leave. -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From habs at warwick.com Mon Mar 14 14:29:02 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Mon, 14 Mar 94 14:29:02 PST Subject: 2nd CJ update Message-ID: <9403142215.AA01172@uucp.warwick.com> ------ From: Phil Karn, Mon, Mar 14, 1994 ------ Right. The NSA doesn't have a copy of Applied Cryptography, and has never seen one. Yet, apparently, they signed off on my original CJ request to export the printed book (the State letter mentions comments from the Department of Defense, which is always a code phrase for the NSA in such situations). Perhaps they want to vet the disk to make sure you didn't use stego to hind something "illegal" on|in it. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From sameer at soda.berkeley.edu Mon Mar 14 14:36:10 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Mon, 14 Mar 94 14:36:10 PST Subject: A "standardized" remailer syntax Message-ID: <199403142235.OAA00730@soda.berkeley.edu> In writing my client-end software for my anonymous server I came across the difficulty of building remailer paths because I was unsure that the cypherpunks remailers all act in a similar fashion, with a certain set of syntax. I've been out of touch with the list lately so maybe I missed something, but some sort of standard would be a good idea so that even though the underlying guts of the remailers, and even the latency, padding, and special features of remailers are different, there is a standard set of commands and actions which will make it easier to build tools for the user to make remailing easier. Here's my suggestion.. Header pasting: The '::' header pasting syntax should be available-- i.e. when a message comes into a remailer with a body starting with '::' the lines following until a blank line are pasted into the header. The '##' header pasting syntax-- when a remailer is sending out a message, if the body begins with a '##' line then the lines following that are pasted into the header of the outgoing message. Header commands: "Anon-To","Request-Remailing-To": strips headers and sends the message to the specified recipient. "Encrypted: PGP": The message has a pgp block encrypted with the remailer's key. The remailer will decrypt the pgp block before acting furthur upon the message. I *think* that this is the scheme that all the remailers are using, but I can't be sure. All remailers should have at *least* this functionality. Furthur features can be added-- commands for those could be standardized as well, but I can't think of anything. Comments? I can put this standard up on the ftp site, after some discussion. -Sameer From andy at autodesk.com Mon Mar 14 14:37:44 1994 From: andy at autodesk.com (Andrew Purshottam) Date: Mon, 14 Mar 94 14:37:44 PST Subject: Books, Loompanics, and other weird stuff In-Reply-To: <199403142032.MAA05871@mail.netcom.com> Message-ID: <199403142141.NAA15325@meefun.autodesk.com> For Loompanics / Palladin press type material retail, also checkout gun stores. Traders in San Leandro (I think?) has quite a selection last time (1993) I looked. Andy From smb at research.att.com Mon Mar 14 14:53:27 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 14 Mar 94 14:53:27 PST Subject: LEAF field encryption Message-ID: <9403142253.AA01834@toad.com> As promised, I asked Steve Kent -- a member of the review panel -- about how the LEAF is encrypted. Here's his answer, reposted with permission. ------- Forwarded Message To: smb at research.att.com Subject: Re: Key escrow review In-reply-to: Your message of Mon, 14 Mar 94 15:54:22 -0500. Date: Mon, 14 Mar 94 17:03:18 -0500 From: Steve Kent Steve, You are right.... SKIPJACK is used to encipher the LEAF, but employing a complex mode. The FBI can decode the "outer layer" of the LEAF to get the chip ID, by using the "family key" but it cannot get at the traffic key which is encrpted using the device unique key, the splits for which are held by the escrow agents. Steve ------- End of Forwarded Message From jmueller at gac.edu Mon Mar 14 15:18:33 1994 From: jmueller at gac.edu (Joel T Mueller) Date: Mon, 14 Mar 94 15:18:33 PST Subject: Nature of RSA's patent Message-ID: <9403142317.AA01323@gac.edu> > I've got a guy who's telling me that PGP-encrypted communications sent > into the U.S.A. from abroad can be stopped at the border as infringing > "products," pursuant to this statute. I know you are looking for legal advice, but the idea of some stiff trying to stop a communication at the "border" just seemed rather ludicrous to me. Somehow I don't think he'll have much luck imposing national boundaries on cyberspace, which has no borders, save those of private, individual systems. Once something is on the net, they'd do better of thinking of it as instantly being everywhere, rather than beating their heads against the wall with old, hidebound ideas of restricting the flow of information. -- Joel Mueller - GAT/O -d+(---) -p+ c++@ l+ u++ e m+ s+/- n- h-- f+@ g+(-) w+ t(--) ry? PGP 2.3a Public Key : finger jmueller at gac.edu or on keyservers. 0C6D75 01 0E 16 A7 29 C4 48 75 54 CD 99 09 88 88 3C 39 From habs at warwick.com Mon Mar 14 15:25:01 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Mon, 14 Mar 94 15:25:01 PST Subject: Canon Copiers Message-ID: <9403142314.AA01386@uucp.warwick.com> Jay @ The new models, the 350 and 550 do indeed have a currency recognition @ feature based on color. I was talking to a serviceman--interestingly, as @ I used to be skeptical of this feature--someone here conjected that it @ would be based on color. they were right. Smart. I was the one who said it might be color based. It maybe but once it finds the color it might do something else; I was able to copy one size but not the other. I thought it might be color as the copier has lots or routines for finding and shifting color; very helpful in the graphics are business. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From lefty at apple.com Mon Mar 14 15:33:11 1994 From: lefty at apple.com (Lefty) Date: Mon, 14 Mar 94 15:33:11 PST Subject: Message-ID: <9403142332.AA00528@internal.apple.com> > Why not beam a time-delayed virus into one of NSA's arrays, destruct code >armed and ready to go?? Like, gnarly, dude! Go for it! (Where the hell do these people come from? Why don't they go back there again?) -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jmueller at gac.edu Mon Mar 14 15:45:59 1994 From: jmueller at gac.edu (Joel T Mueller) Date: Mon, 14 Mar 94 15:45:59 PST Subject: Hey... Message-ID: <9403142344.AA01434@gac.edu> It's just occurred to me - say that all the petitions against clipper are ignored, clipper becomes mandatory, and other methods of encryption are outlawed, and clipper gets a user base of several million. One well-placed explosive device that destroys even one of the two escrow databases, and suddenly the government has supplied us with secure encryption that even they can't break. Of course, that is assuming that the government didn't lie and make extra backup copies (just for safety's sake, you understand, against just such a threat) that are kept somewhere out of public scrutiny, so that wiretaps can be made on a large scale without alarming people monitoring the access of the "official" database. Say all this happens. Maybe the government will even be the one to rig the explosion. Suddenly people lose all their reservations about using Clipper products. The government decides to give up escrowing keys (officially). But they can still listen in everywhere, and people won't be guarded. That first paragraph is also assuming that they didn't build in a back door to the encryption system. But then essentially the same scenario would apply. -- Joel Mueller - GAT/O -d+(---) -p+ c++@ l+ u++ e m+ s+/- n- h-- f+@ g+(-) w+ t(--) ry? PGP 2.3a Public Key : finger jmueller at gac.edu or on keyservers. 0C6D75 01 0E 16 A7 29 C4 48 75 54 CD 99 09 88 88 3C 39 From mech at eff.org Mon Mar 14 16:24:26 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 14 Mar 94 16:24:26 PST Subject: Transcript: Barlow v. Denning on America On Line, 02/10/94 Message-ID: <199403150024.TAA28615@eff.org> March 10, 1994 online debate between John Perry Barlow of the Electronic Frontier Foundation, and Dr. Dorothy Denning, over the Clipper Chip scheme, from the Time Online forum of America On Line. 3/10/94 8:49:41 PM Opening "Chat Log 3/10/94 CLIPPER" for recording. OnlineHost : Good evening and welcome to the Time Online Odeon! Tonight we look from both sides at the Clipper Chip, a semiconductor device that the National Security Agency developed and wants installed in every telephone, computer modem and fax machine. OnlineHost : In his article in the current issue of TIME, Philip Elmer-DeWitt writes: "The chip combines a powerful encryption algorithm with a ''back door'' -- the cryptographic equivalent of the master key that opens schoolchildren's padlocks when they forget their combinations. A ''secure'' phone equipped with the chip could, with proper authorization, be cracked by the government. OnlineHost: "Law-enforcement agencies say they need this capability to keep tabs on drug runners, terrorists and spies. Critics denounce the Clipper -- and a bill before Congress that would require phone companies to make it easy to tap the new digital phones -- as Big Brotherly tools that will strip citizens of whatever privacy they still have in the computer age. OnlineHost: "Lined up on one side are the three-letter cloak-and-dagger agencies -- the NSA, the CIA and the FBI -- and key policymakers in the Clinton Administration (who are taking a surprisingly hard line on the encryption issue). Opposing them is an equally unlikely coalition of computer firms, civil libertarians, conservative columnists and a strange breed of cryptoanarchists who call themselves the cypherpunks." RPTime: Lined up on our stage tonight are John Perry Barlow, Dr. Dorothy Denning and Philip Elmer-DeWitt. Barlow is co-founder of the Electronic Frontier Foundation, which promotes freedom in digital media. A recognized commentator on computer security, he is arguing against the Clipper Chip Dr. Denning is the chairperson of the Computer Science Department at Georgetown University. A leading expert on cryptography and data security, she favors the adoption of the Clipper Chip. Philip Elmer-DeWitt, TIME's technology editor will lead the questioning of our guests. Audience questions may be sent up using the Interact with Host function....Phil? PhilipED: Dr. Denning, could you *briefly* make the case for why we need the key escrow encryption system. DDenning: The government needs a new encryption standard to replace DES. They came up with a very strong algorithm called SKIPJACK. In making that available, they didn't want to do it in a way that could ultimately prove harmful to society. So they came up with the idea of key escrow so that if SKIPJACK were used to conceal criminal activity, they would be able to get access to the communications. PhilipED: THanks. Mr. Barlow, could you briefly make the case *against* Clipper. We'll see if I can be brief. We oppose Clipper in large part because of the traffic analysis which it makes possible. We believe that it is in the functional nature of the chip as designed to greatly enhance the ability of government to observe who we are calling, when, and from where, all fairly automatically and centrally. We also oppose Clipper because of the many way in which we believe the escrow system could be compromised, by people and institutions both inside and outside of government. PhilipED: Dr. Denning, what about John's contention that Clipper makes it easier to detect calling patterns. DDenning: I don't buy this. First off, for law enforcement to access any communications, they need a court order. Even if the communications are encrypted. Second, with a court order, they can get access to call setup information and find out what other lines the subject of the investigation is talking to. This is of much more use than anything in the encrypted stream. PhilipED: John, is Dorothy right that you need a court order for call set up info? Barlow1: Dorothy, the government asked for and received over 100,000 calling records last year without a court order. I see nothing in the Clipper documents which indicates that they would require a court order to get this kind of information, which each chip would make readily available to the entire network. DDenning: You need a court order to do implement pen registers and dialed number recorders in order to find out who is talking to whom. Barlow1: Furthermore, my faith in court orders has been eroded by 30 years of government wiretap abuse. PhilipED: Aren't we talking about three different hurdles here, one for a wiretap... Barlow1: But that's only with the present system where putting a pen register on a line requires physical entrance to a phone company site. PhilipED: One for a pen register (to track calling patterns in real time) and one for phone records. RPTime: Let's take a question from the audience... How would you guarantee that this facility will never be misused? If you can't make that guarantee, why should a democratic society, with a prohibition against prior restraint, consent to this? John Barlow? Barlow1: There are three different sources of information, as you say. But there are not three "hurdles." That sounds like a question for Dorothy. I don't think we should, obviously. RPTime: Dr. Denning? DDenning: First of all, there has been no evidence of widespread abuse of wiretaps since passage of the 1968 and 1978 wiretap statutes. Second, there are a lot of security mechanisms going into it to protect against abuse. Third, it will provide much greater protection against illegal wiretaps than we have now, since almost all phone conversations are in the clear. It will make virtually all illegal wiretaps impossible. Fourth, if for some reason it doesn't provide adequate protection, we can destroy the key databases and everyone will have absolute privacy against government wiretaps. I don't think our society will tolerate that kind of abuse. PhilipED: John, isn't Dorothy right that you're better off with compromised encryption than none? Barlow1: Gee, where to begin... First of all, there was plenty of abuse after 1968. Remember Watergate, Dorothy? Second, I believe that Clipper in the Net will dramatically *enhance* certain powers of... DDenning: I was talking specifically about wiretap abuses. And there hasn't been any evidence since the 1978 law. Barlow1: surveillance over current technical abilities. One of the reasons that wiretap hasn't been more abused is the bureaucratic overhead of current practices. Make it so that it doesn't require 50 agents to conduct a wire tap and you'll see a lot more of it. And Watergate included quite a number of wiretap violations. Indeed, the burglers were caught trying to install one. As to the assertion that we can always back up and destroy the databases if we don't like it, I can't imagine that someone as bright as yourself would believe that this is possible. Technology and power ratchet into positions which almost never retract without a complete change in the system of authority RPTime: Care to respond Dr. Denning? DDenning: Clipper would prevent the watergate burglars from getting anywhere since they wouldn't have a court order. Clipper will not make wiretaps cheaper or easier. Wiretaps are becoming more diffiults. And there will always be more agents involved becasue they have to follow exacting procedures, including minimization (throw out all conversations that are not specific to the crime at hand). Barlow1: Dorothy, they were from the *Government* remember? I can't imagine that Nixon wouldn't have been able to find a sympathetic ear from somebody at NIST and somebody else at Treasury. Further, you're not talking about the truly insidious element of this, which is dramatically improved traffic analysis. Content is less important than context, and most agents will support this. RPTime: Another question from the audience. JCMaille asks... Does the government have a constitutional right of access to my personal communications? Dr. Denning, why don't you go first? DDenning: The Supreme Court ruled that wiretaps with a court order are Constitutional. At one time, communications were not even protected under the 4th Amendment. The government could wiretap without a court order! Now a court order is required. PhilipED: To put the question another way, do citizens have a right to use powerful encryption? DDenning: Right now there are no laws preventing the use of any encryption. Clipper is voluntary. You can still use something else. RPTime: We have to apologize. John Barlow has temporarily lost his connection... PhilipED: Dr. Denning, in your opinion... would a law outlawing powerful encryption be unconstitutional? DDenning: I don't think so. But that doesn't mean it will happen. RPTime: John Barlow is back with us. Sorry for the interruption! Barlow, Denning just said she didn't think a law banning powerful encryption would be unconstitutional What do you say? Hi folks. Don't know what happened. Gald to be back Gald indeed! Barlow1: Actually, I believe that our current export embargoes are a violation of the 1st Amendment which specify speech without regard to the manner of speech. If we could restrict manner of speech, it would be constitutional to require that everyone speak English. Which of course it isn't PhilipED: John, can you make the case why ordinary law-abiding citizens need powerful encryption? Barlow1: Because it is in the nature of digitally networked communications to be quite visible. Everytime we make any sort of transaction in a digital environment, we smear our fingerprints all over Cyberspace. If we are to have any privacy in the future, we will need virtual "walls" made of cryptography. RPTime: Another audience question... Isn't this like the gun argument? If guns are outlawed only criminals will have guns? Well, if clipper is standardized, won't criminals be the ones NOT using it? RPTime: Dr. Denning? If Clipper becomes the de facto standard, then it will be the chief method of encryption. That would be what you'd get at Radio Shack. What criminals use will depend on what is readily available and what their cohorts are using. Both parties of a conversation have to use the same thing. Criminals also talk to a lot of people outside their immediate circle - e.g., to buy goods and services. Also, they can be quite stupid at times. But the main thing is that criminals will not be able to take advantage of the SKIPJACK algorithm as a way of concealing their conversations. This is the whole point. It is not to catch criminals. It is to allow people access to a really high quality algorithm in a way that someone cannot use it to conceal criminal activity. Barlow1: The gun analogy is excellent up to a point. I can't for the life of me imagine why we would think that even a stupid criminal would use Clipper if something else were available. And when I talk to people in the administration their big hobgoblin is the "nuclear-armed" terrorist. Any fanatic smart enough to assemble and detonate a nuclear device is going to be smart enough to download PGP from a bulletin board somewhere. Also, I'd like to point out that the gun analogy doesn't go the whole distance. Crypto is by its nature a purely *defensive* technology. You can't shoot people with it. PhilipED: Speaking of PGP, Dr. Denning, is that encryption system secure, in your opinion? DDenning: I don't know of anyone who's been able to break the IDEA algorithm that it uses. RPTime: Back to the audience for a question from Steve HW.. This is for Dr. Denning. What is the evidence of harm if the Clipper proposal is not adopted? DDenning: The harm would be to the government. They would not be able to use it and would have to resort to something less secure. Also, Clipper is part of a larger project to make hardware available for encryption and digital signatures. This will be used, for example, in the Defense Message System. The goverment needs a new standard. I personally believe that making really powerful encryption like SKIPJACK available without key escrow could be harmful to society. Wiretaps have been essential for preventing and solving many serious crimes and terrorist activities. Barlow1: Why on earth would the government have to use something else if they failed to get the rest of rest of us to buy into this folly? Hey, they are already using SKIPJACK. It's a government algorithm and has been in use for a... DDenning: CPSR and others are asking the government to drop Clipper. Barlow1: long time. There are plenty other algorithms which we can use which are truly protected... unless of course, this is only the first step in a process which will outlaw other forms of crypto. And I believe that it must be. Makes absolutely no sense otherwise. EFF is not asking the Government to drop Clipper, though we would vastly prefer they did. We're merely asking that no steps be taken to require it either by law or practice...as, for example, would be the case if you had to use a Clipper chip to file your tax return. PhilipED: Dr. Denning, do you think this is the "first step in a process to outlaw crypto"? DDenning: No I do not. The government has not been using SKIPJACK to my knowledge. The Clipper initiative represents the first time that the government has put one of their really good algorithms out there in the unclassified arena. They are trying to do this in a way that won't backfire against the public. Other NSA developed algorithms are not available for purchase by the public. Barlow1: I appreciate their willingness to make some of that crypto research available to a public which has paid so much for it, but I'm afraid that I would never trust an algorithm which was given to me by any government. And I certainly don't trust a classified algorithm like Skipjack, even without a back door which everyone can see. I think I'll stick to systems which have been properly vetted to be clear of such compromises, like RSA. I hope others will do likewise and that RSA will become the standard which Clipper shouldn't be. RPTime: Time for one more question from our audience... To John Barlow. Isn't society becoming increasingly vulnerable to concerted criminal/terrorist disruption, requiring *stronger* law enforcement tools? Barlow1: Gee. I don't know. It's a scary world. However, I'm willing to take my chances with the few terrorists and drug lords there are out there rather than trusting government with the kind of almost unlimited surveillance power which Clipper and Digital Telephony would give them. It's a touch choice. But when you look at the evil perpetrated by government over this century in the name of stopping crime, it far exceeds that done by other organized criminals. RPTime: Dr. Denning, hasn't remote listening technology enhanced police abilities to eavesdrop to the point... where the loss of a few wire taps won't mean much? DDenning: No. They need to get the cooperation of the service providers to implement a wiretap. The loss of some wiretaps could be costly indeed. As an example, wiretaps were used to help solve a case that involved plans by a Chicago gang from shooting down a commercial airliner. There have been 2 cases where they helped save the lives of kids who were going to be kidnaped for the making of a snuff murder film. They helped solve a case where a man's house was going to be bombed. I could go on. If we take John's arguments about law enforcement to their logical conclusion, we'd just get rid of law enforcement. I think it's better to have it. The people in law enforcement hate it as much as the rest of us when some member of the community does something wrong. And they correct it, design new procedures and laws where necessary, and go on. Barlow1: Oh, please. I'm not proposing eliminating police. I'm opposing giving them unlimited powers. Also,these are the same cases cited over and over by everyone from you to Judge Freeh. Surely, we aren't going to fundamentally change the balance of power in this country because of these two (undocumented, to my knowledge) stories. DDenning: Clipper is not going to change the balance of power. It does not give law enforcement any additional authority to do wiretaps. Barlow1: Well, this is where we basically disagree, Dorothy. If we could continue the same level of LE capacity we presently have, I'd have no objection. But I believe, for reasons I'm not sure we have the bandwidth to discuss here, that we are talking about dramatically enhancing their abilities. For one thing, we would greatly reduce the bureaucratic overhead involved in wiretap, which is what keeps it under 900 cases nationwide at the present. RPTime: And that will have to be the last word on the matter for tonight... DDenning: The overhead of a wiretap is more likely to increase, not decrease. PhilipED: Not quite! Maybe not! ;-) RPTime: THAT will be the final word! Barlow1: Well, let's get together and talk, Dorothy. RPTime: TIME thanks Dr. Dorothy Denning and John Perry Barlow for being with us tonight... along with Philip Elmer-DeWitt. Thank you all, and goodnight! Thank you both. This was very interesting. DDenning: Thank you for the opportunity to be here! From farber at central.cis.upenn.edu Mon Mar 14 17:00:32 1994 From: farber at central.cis.upenn.edu (David Farber) Date: Mon, 14 Mar 94 17:00:32 PST Subject: Spy Satellites For Sale -- lots of reasoning here should apply to cryptography Message-ID: <199403121442.JAA25331@linc.cis.upenn.edu> Resent-From: farber at aurora.cis.upenn.edu (David Farber) Posted-Date: Sat, 12 Mar 1994 02:27:15 -0800 Date: Sat, 12 Mar 1994 02:27:15 -0800 To: cypherpunks at toad.com From: nobody at shell.portal.com Subject: Spy Satellites For Sale Comments: This message is NOT from the person listed in the From line. It is from an automated software remailing service operating at that address. Please report problem mail to . Sender: owner-cypherpunks at toad.com Precedence: bulk Resent-To: farber at pcpond.cis.upenn.edu Resent-Date: Sat, 12 Mar 94 09:37:14 -0500 The New York Times Friday, March 11, 1994, p. A1 U.S. TO ALLOW SALE OF THE TECHNOLOGY FOR SPY SATELLITES ------------------------- Profit vs. Security Issue ------------------------- Marketing to Private Customers Assailed by Some Who Fear Use by Hostile Nations ------------------------- by Edmund L. Andrews Washington, March 10 -- The Clinton Administration announced today that it would allow companies to market sophisticated spy satellite technology to commercial customers around the world. The decision marks a big change from the comparatively strict limits now imposed on satellite-imaging systems, and it caps more than a year of intense debate among the Commerce Department, the Pentagon and Government intelligence agencies. The move, which could attract new business worth hundreds of millions of dollars to American industry, also marks one of the clearest examples so far of the Administration's intention to emphasize commercial and economic priorities over more traditional cold war-era concerns about national security. Change Raises Concern Some security experts questioned the decision to allow wider access to a technology that has been described as one of the most powerful tools in America's espionage arsenal. But others said the technology was already becoming available in other countries and that American companies should be allowed to profit from the trend. Under the new policy, American companies will be allowed to build and operate for-profit satellite systems that are powerful enough to take photographs from 22,300 miles above the earth and depict objects on the ground as small as one square yard, smaller than a subcompact car or a hot-dog stand. Several American companies, among them the Lockheed Corporation, are hoping to set up satellite imaging services for customers around the world. As envisioned by Lockheed, customers would be able to transmit instructions directly to the satellite, which would turn its cameras to the desired location and then beam the images back to the ground. Such customers might include oil and mining companies and environmental researchers. 'A New Era' Administration officials said that companies would also have greater freedom to export entire satellite systems to foreign countries, though such sales will still require approval from the State Department. "This is 1994," David J. Barram, Deputy Secretary of Commerce, said in an interview today. "This is a new era. We believe national security and economic security are intertwined. In order to have national security, you have to have vibrant and competitive industries that are allowed to do what they do best." But some experts warned that the decision could severely compromise national security by letting hostile countries use America's own spy technology to obtain detailed images of sensitive military installations in the United States or to plan military activities elsewhere in the world. "The main customers for these systems will be the intelligence agencies of other countries," predicted John Pike, director of space policy at the Federation of American Scientists, a nonprofit group devoted to science and public policy. "They have fairly strong safeguards here. But in practice it is going to be difficult to prevent North Korea or Iraq from using a front company to gain spy satellite photos in the same way they acquired nuclear and chemical missile technology." Numerous companies already market commercial satellite images, which can be used for mapping, geologic surveys and even agricultural purposes, like remote monitoring of cattle herds. But currently, the most sophisticated of these services is offered by Spot Image, a French company, and it cannot produce photographs showing land areas smaller than about 10 yards in diameter. And while the Spot system is being upgraded, it will still be unable to view areas smaller than five yards. Lockheed and other American companies have been arguing for permission to operate systems that could depict objects about a square yard in size, a request that had been resisted by the Central Intelligence Agency and National Security Agency. Growing Market Despite the agencies' concerns, Administration officials said today that they fully intended to approve requests like those of Lockheed, and went on to argue that the higher-resolution images are essential if any significant commercial market is to be formed. The Commerce Department says that remote-sensing services, as they are known, currently make up a $400 million market worldwide; the market is expected to grow to about $2 billion by the year 2000. Besides Lockheed, two other American companies have sought permission to operate high-resolution satellite-imaging services. One is the Orbital Sciences Corporation, a small rocket and satellite company based in Dulles, VA. The other is World View Inc., a start-up company in Livermore, Calif. Administration officials said that while the companies intended to adopt the precise technology that has long been used on Government spy satellites, the new policy included a number of safeguards to prevent the technology from falling into the wrong hands. As happens now, the Commerce Department must still approve each application to operate a commercial satellite surveillance system or to sell such a system within the United States -- or to market the services around the world. Sales of such equipment outside the country, however, will be subject to the export-control procedures already in place for products that have military applications, which means that each sale must be approved by the State Department and that sales to hostile countries will likely be blocked. But under the new policy, the Government would be much more likely to approve spy satellite exports. Right to Decode To prevent the misuse of satellite data sold by the new commercial services, the Government said that the companies would have to maintain a record of every job the satellite had been instructed to carry out. Moreover, the satellites cannot scramble their transmissions with coding technology that the Government cannot decipher. An oil company could protect its business secrets -- for example, by transmitting its exploration photos in scrambled form -- but the Government would have the right to decode them. In addition, the new policy leaves room for the Government to shut down a satellite system during what an Administration statement described as "periods when national security or international obligations and/or foreign policies may be compromised." But industry officials who supported the new policy said they had been assured by Commerce Department officials that the country would need to be in a "Persian Gulf situation" before it began shutting down systems. Executives at companies that have pressed for more liberal rules said the new policy gave them virtually everything they wanted. "We are very pleased that the Administration put together such a forward-thinking policy that allows the application of defense technology for commercial purposes," said Brian Dailey, vice president at the Washington office of Lockheed Corporation. Gilbert Rye, corporate vice president at Orbital Sciences, echoed that view. "It's an outstanding development," he said. Security Agencies Sign On Today's decision was supported, at least in public, by the Defense Department and other agencies concerned with national security issues -- despite earlier resistance. Two Central Intelligence Agency officials were present at a news briefing for reporters today, though they did not make any comments. Some longtime national security experts said the new policy made sense, given the proliferation of satellite imaging technology around the world. From fhalper at pilot.njin.net Mon Mar 14 17:22:41 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Mon, 14 Mar 94 17:22:41 PST Subject: Super Bills and the US gov. Message-ID: <9403150121.AA12925@pilot.njin.net> This message is in response to the person who implied that the "Super Bills" were created by the US government as a device to get Clipper implemented. I just thought I should put things in perspective. I refuse to beleive the US government would do such a thing for several reasons. 1) I still have some faith in the governments intentions. 2) Do you really think Clipper is that important? I mean I don't exactly think Clipper is the governments top priority. We are trillions of dollars in debt, our economy sucks, health care is being reformed. Be realistic. 3) With our economy showing signs of growth(little growth but its there) why would we commit economic suicide making the dollar fall more? Anyway that is my $.03 Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From TKADISH1 at vaxc.hofstra.edu Mon Mar 14 18:21:03 1994 From: TKADISH1 at vaxc.hofstra.edu (THOMAS E. KADISH--WILSHIRE II) Date: Mon, 14 Mar 94 18:21:03 PST Subject: REQUEST FOR FTP INFO Message-ID: <01H9Z60LRB828Y86MG@vaxc.hofstra.edu> I'M NEW TO THE INTERNET AND FTP. PLEASE REPLY WITH INFO TO COMPLETE THE DOWNLOAD OF INFO CONTAINED IN THE SCI.CRYPT FAQ. I CAN GET INTO THE COMPUTER AT MIT BUT CAN'T GET PAST THE BLOOM-PICAYUNE.MIT.EDU PROMPT. HELP WOULD BE APPRECIATED. TERRORIST From rarachel at prism.poly.edu Mon Mar 14 18:33:03 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 14 Mar 94 18:33:03 PST Subject: NY UNIX Clipper Article Message-ID: <9403150220.AA17160@prism.poly.edu> Vice President Says Clipper Chip Controls Inadequate Gore Indicates Administration's Position is 'Not Locked in Stone' By Jay Levin (C) 1994 >From New York Unix Vol 4 #3. For private use only. WASHINGTON, Feb 11 -- Vice President Gore said controls recently adopted by the Clinton administration that authorise two government agencies to safeguard the electronic "keys" in an encoding device called the "Clipper Chip" are inadequate. Under the Clipper plan, the keys would be stored at the Treasury Department and the National Insitute of Standards and Technology (NIST), whic is part of the Commerce Department. Both Treasury and Commerce are from the same branch of government, the executive branch. "When I saw that I said 'Wow. That is not right,' and I raised hell about that," Gore said in an interview Thursday. Having the key holders from the same branch of government raises concern because there is no systems of checks and balances, Gore said. "That's going to be changed," he said. Clipper gives law-enforcement agencies a key to eavesdrop on computer comunications under a court order. The selection of NIST and Treasury "was spun out of the process at the low level and was not vetted at the top," Gore said. Gore's comments were made after appearing before the first meeting of a private sector advisory panel on the development of a "national information infrastructure" in Washington, D.C. The administration announced Feb. 4 that it intends to push ahead with the voluntary Clipper Chip encryption scheme, despite vehement opposition from computer companies and watchdog groups, such as the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsability. But Gore indicated Thursday that the administration's position is "not locked in stone." "Our determination to solve the problem is locked in stone, and our determination to proceed with this in the absence of of a better solution is locked in stone," he said "...the burden is on those who say there is a better solution because no solution for the national security dimention of the problem is acceptable to us." Mitch Kapor, EFF chairman and a member of the advisory comittee, said he was "encouraged" by the vice president's remarks. "This signals to me that [the administration] is very ready and willing to look at alternatives... both to the administrative procedures and the technology." Computer manufactures, telecomunication companies and civil rights groups argue that Clipper would undermine individuals' rights to privacy and cripple U.S. exports of computer products. "If I'm going to conduct business... engage in confidential conversations... send money and credit card numbers over this infra- structure, I want some guarantee that my communications are private and that some rogue law enforcement officer can't go in and compromise my information," said Esther Dyson, president of EDventure Holdings, Inc. and a panel member. From pmetzger at lehman.com Mon Mar 14 18:53:03 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 14 Mar 94 18:53:03 PST Subject: REQUEST FOR FTP INFO In-Reply-To: <01H9Z60LRB828Y86MG@vaxc.hofstra.edu> Message-ID: <9403150252.AA00916@andria.lehman.com> "THOMAS E. KADISH--WILSHIRE II" says: > I'M NEW TO THE INTERNET AND FTP. And it shows. > TERRORIST I just love the moniker. Most people just want to be known to their neighbors as child molestors -- you go all out, though. .pm From catalyst-remailer at netcom.com Mon Mar 14 19:45:28 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 14 Mar 94 19:45:28 PST Subject: NY UNIX Clipper Article Message-ID: <199403150346.TAA10895@mail2.netcom.com> > "When I saw that I said 'Wow. That is not right,' and I raised > hell about that," Gore said in an interview Thursday. I'm glad the VP jumped on this right away. 8-| From unicorn at access.digex.net Mon Mar 14 20:06:09 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 14 Mar 94 20:06:09 PST Subject: Super Bills and the US gov. Message-ID: <199403150405.AA17302@access1.digex.net> This message is in response to the person who implied that the "Super Bills" were created by the US government as a device to get Clipper implemented. I just thought I should put things in perspective. I refuse to beleive the US government would do such a thing for several reasons. <- I thought the implication was that the government had ANNOUNCED such a thing at an appropiate time to lay the seeds. Consider the most recent CIA scandal. The crime bill and digitel go through the pipes pretty easy after that. It's reason enough to think that if our skill-less spy had used IDEA or TDES, government would be shouting to high heaven about how we NEED CLIPPER NOW to get this crime scourage UNDER CONTROL. The contention that the federal government would mint billions of dollars of "bogus" money to implement an admittedly important but less than crucial scheme is just silly. -uni- (Dark) From wallace at cs.widener.edu Mon Mar 14 20:06:53 1994 From: wallace at cs.widener.edu (wallace at cs.widener.edu) Date: Mon, 14 Mar 94 20:06:53 PST Subject: HELP! Address for getting off the list? Message-ID: <9403150404.AA03195@lucy.cs.widener.edu> Could someone send me the address for removing myself from the list? plz? thnx. - DW - From unicorn at access.digex.net Mon Mar 14 20:10:57 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 14 Mar 94 20:10:57 PST Subject: gore Message-ID: <199403150410.AA17790@access1.digex.net> I think there was some misquoting The message should have read: > "When I saw [the latest public opinion results] I said 'Wow. >That is not right,' and [after consulting the Public Relations people] I >raised hell about that," Gore said in an interview Thursday. -uni- (Dark) From TKADISH1 at vaxc.hofstra.edu Mon Mar 14 20:14:52 1994 From: TKADISH1 at vaxc.hofstra.edu (THOMAS E. KADISH--WILSHIRE II) Date: Mon, 14 Mar 94 20:14:52 PST Subject: REPLY TO COMMENT Message-ID: <01H9Z9YIII9U8Y814K@vaxc.hofstra.edu> > > > From: IN%"catalyst-remailer at netcom.com" 14-MAR-1994 22:55:35.29 > > To: IN%"cypherpunks at toad.com" > > CC: > > Subj: RE: NY UNIX Clipper Article >> > > > "When I saw that I said 'Wow. That is not right,' and I raised > > > hell about that," Gore said in an interview Thursday. > > > > > > I'm glad the VP jumped on this right away. 8-| > > > THRILLED THAT A POLITICIAN EXISTS WHO GIVES A DAMN ABOUT THE CHECKS AND > BALANCES ASPECT OF OUR GOVERNMENTAL SYSTEM. AMAZING THAT NOBODY PICKED UP ON > THIS PROBLEM OF THE KEYS BOTH BEING HELD BY THE SAME BRANCH OF GOVERNMENT. JUST > GOES TO SHOW THAT WHAT JEFFERSON SAID IS TRUE. " THE PRICE OF DEMOCRACY IS > ETERNAL VIGILANCE". > > --Boundary (ID R6RsVVF/HwUKVqN+x2vqcg)-- From qjones at infi.net Mon Mar 14 20:46:08 1994 From: qjones at infi.net (Wayne Q Jones) Date: Mon, 14 Mar 94 20:46:08 PST Subject: In-Reply-To: <9403142332.AA00528@internal.apple.com> Message-ID: Re: Where the hell.... NO smiley attached..... No sense of humor ;-) On Mon, 14 Mar 1994, Lefty wrote: > > Why not beam a time-delayed virus into one of NSA's arrays, destruct code > >armed and ready to go?? > > Like, gnarly, dude! Go for it! > > (Where the hell do these people come from? Why don't they go back there again?) > > -- > Lefty (lefty at apple.com) > C:.M:.C:., D:.O:.D:. > > > **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From m at BlueRose.com Mon Mar 14 21:29:43 1994 From: m at BlueRose.com (M Carling) Date: Mon, 14 Mar 94 21:29:43 PST Subject: reply to comment Message-ID: <9403150503.AA01945@BlueRose.com> "THOMAS E. KADISH--WILSHIRE II" writes: > JUST GOES TO SHOW THAT WHAT JEFFERSON SAID IS TRUE. " THE PRICE OF > DEMOCRACY IS ETERNAL VIGILANCE". The original quote is: "The condition upon which God hath given liberty to man is eternal vigilance." John Philpot Curran (1750-1817) M Carling From hfinney at shell.portal.com Mon Mar 14 21:40:29 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 14 Mar 94 21:40:29 PST Subject: Magic Money promissory notes Message-ID: <199403150541.VAA01023@jobe.shell.portal.com> In the never-ending search for legal bases for digital cash, I thought of promissory notes. A promissory note is basically an unsecured promise to pay back a loan, generally by a specified time with a specified interest rate. My wife's college loan was based on such a note. I think these can be transferred from person to person, with the bearer being eligible to redeem the note. I recall old stories where a person's note was passed from hand to hand, ending up in the hands of the villain. Perhaps a digital cash system like Magic Money could serve as the basis for digital promissory notes. You send me money, I'll send you a certain amount of digital cash. That particular denomination and issue date (determined by the exponent) will be redeemable in one year for X+delta dollars. You can hold the note and redeem it in a year, collecting the interest, or you can pass it on or even sell it. This might make people willing to accept the digital cash as valuable, since they would know that it would actually be worth something in a while. And I don't think there are a lot of laws relating to promissory notes, since I've heard of them being used in very informal situations (scribbled on scraps of paper and such). I will try to look into the legalities in a few days. Hal From bugs at netsys.com Mon Mar 14 21:58:51 1994 From: bugs at netsys.com (Mark Hittinger) Date: Mon, 14 Mar 94 21:58:51 PST Subject: digital cash Message-ID: <199403150601.AA18237@netsys.com> >>Mark Hittinger says: >> Are you guys going to simply represent dollars with your digital cash >> or will you attempt to create your own currency that may simply be >> converted to/from dollars? Perry responds: >I can't for the life of me understand the difference between a >"representation" of dollars and something "convertable" into dollars. Actually there is a very important distinction. It has to do with time. Suppose digital cash is denominated in dollars. Digital cash then represents dollars. Suppose we have a year with 10% inflation. Your digital cash holdings are reduced in real value because of the behavior of the paper currency. Suppose digital cash is not denominated in dollars but instead is made to represent portions of gold stashed in a Swiss wharehouse. Dollars would then be convertible into digital cash at some market determined exchange rate. Again suppose there is a year with 10% inflation. Your digital cash would convert to a different number of paper dollars. The difference between representation of dollars and conversion into dollars is therefore one of time and one of governmental manipulations. These are very important differences for attentive capitalists. --------- I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat drives with compression, and a large diet coke. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From wcs at anchor.ho.att.com Mon Mar 14 22:50:54 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 14 Mar 94 22:50:54 PST Subject: Hey... Message-ID: <9403150650.AA14767@anchor.ho.att.com> > well-placed explosive device that destroys even one of the two escrow > databases, and suddenly the government has supplied us with > secure encryption that even they can't break. > Of course, that is assuming that the government didn't lie and make > extra backup copies (just for safety's sake, you understand, against just Any reasonable information-escrow agent *would* take reasonable precautions against disasters like fires, floods, power problems, etc., and the fact that what the government agencies are doing with the wiretap keys isn't escrow, just storage, doesn't change that. Doesn't require any lying, because that's proper care of information and thet'd be criticized very stongly for failing to do so. On the other hand, if there's a mysterious narco-terrorist fire and they *claim* that all the copies were burned up, the little shreds of belief that get past my normal skepticism will have no chance at all..... Bill From fnerd at smds.com Mon Mar 14 23:57:31 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 14 Mar 94 23:57:31 PST Subject: Good article on NII Message-ID: <9403150735.AA05975@smds.com> The April '94 "Special All-Fabio" issue of Software Development magazine has a good article on the NII: "Highway to Hell?" by Alex Lane. (He means as in "paved with good intentions.") Analysis of where it's likely to lead given wording of various agenda documents and bills, statements of proponents, and the history of various analogous developments (Interstates, space shuttles, telephones, the census, the War on Poverty, ARPANET-->NREN-->NII...) -fnerd quote me - - - - - - - - - - - - - - - blue pill, Pharm. a pill of blue mass, used as an alterative... alterative, adj. tending to alter... -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From nobody at soda.berkeley.edu Tue Mar 15 03:45:57 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 15 Mar 94 03:45:57 PST Subject: No Subject Message-ID: <199403151145.DAA19748@soda.berkeley.edu> ECHOING ECU'S anyone? After a lecture on cosmology, William James was accosted by a little old lady. "Your theory that the sun is the center of the solar system, and the earth is a ball which rotates around it has a very convincing ring to it Mr. James, but it's wrong. I've got a better theory," said the little old lady. "And what is that madam?" inquired James politely. "That we live on a crust of the earth which is on the back of a giant turtle." Not wishing to demolish this absurd theory by bringing to bear the masses of scientific evidence he had at his command, James decided to gently dissuade his opponent by making her see some of the inadequacies of her position. "If your theory is correct, madam," he asked, "what does the turtle stand on?" "You're a very clever man, Mr. James, and that's a very good question," replied the little old lady, "but I have an answer to it. And it is this: the first turtle stands on the back of a second, far larger turtle, who stands directly under him." "But what does this second turtle stand on?" persisted James patiently. To this the little old lady crowed triumphantly. It's no use, Mr. James--it's turtles all the way down." From avalon at coombs.anu.edu.au Tue Mar 15 03:56:49 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Tue, 15 Mar 94 03:56:49 PST Subject: anarchy and sobatage! cryptos beware... Message-ID: <9403151156.AA12030@toad.com> >From a local newspaper, a quote which some of you might find interesting: 'The virtual anarchists pose another security problem for the Internet because they have formed an organised group aimed at sabotaging US Government moves to enfore digitial signiatures on the Internet to allow authorities to identify the source of all messages on the system. According to Listwin, opponents of the scheme have begun advertising for "top-notch nerds" to join the group. "It's like the spy movies where secret agents do blind drops of information. People are doing blind drops on the Internet so that you don't know where the messages come from," Listwin said.' (from an article on the 'recent' breakin at Cisco, The Age, 15/4/94, Charles Wright. Don Listwin is Cisco's vice-pres. of marketting. As a result of this breakin, he says Cisco will move to hand held response challenge cards). Anyone got any suggestions for replies I could send back to the author, relating to the subject of anonymity, digitial signiatures, etc ? Darren From m5 at vail.tivoli.com Tue Mar 15 05:30:58 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 15 Mar 94 05:30:58 PST Subject: digital cash In-Reply-To: <199403150601.AA18237@netsys.com> Message-ID: <9403151330.AA26352@vail.tivoli.com> Mark Hittinger writes: > >I can't for the life of me understand the difference between a > >"representation" of dollars and something "convertable" into dollars. > > Actually there is a very important distinction. It has to do with time. I disagree, and below you disprove yourself. > Suppose digital cash is denominated in dollars. Digital cash then > represents dollars. Suppose we have a year with 10% inflation. Your > digital cash holdings are reduced in real value because of the > behavior of the paper currency. Indeed, just as a check. > Suppose digital cash is not denominated in dollars but instead... > gold ... Dollars would then be convertible into digital cash at > some market determined exchange rate. Again suppose there is a > year with 10% inflation. Your digital cash would convert to a > different number of paper dollars. Right: maybe more, maybe less. The global monetary system is not based on immutable metals prices. You cannot guarantee that gold will track the inflation of the dollar, which itself can only be measured relative to other currencies. Even during times of widespread inflation, some things don't track; if you bought a diginote in 1978 and insited that it be issued in terms of a quantity of 8K RAM chips, you'd be holding something pretty much worthless today. (Then again, 8K RAMs might hold historical value :-) The exact same relationship holds whether the digicash is issued on a base of Swiss Francs, Mexican Pesos, or pet rocks. Everything floats. I really can't think of a way of anchoring the at-issue-time "value" of a digicash note that's not either ridiculous or pointless. > The difference between representation of dollars and conversion > into dollars is therefore one of time and one of governmental > manipulations. Investing in gold at any given time may or may not be wiser or safer than investing in dollars. Your example fails. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From mimsy!anagld!decode!system at uunet.UU.NET Tue Mar 15 05:42:09 1994 From: mimsy!anagld!decode!system at uunet.UU.NET (System Operator) Date: Tue, 15 Mar 94 05:42:09 PST Subject: spyproofing your house/work building Message-ID: <7kB9ic1w165w@decode.UUCP> Don Melvin writes: > > Have I forgotten anything? > > > Guard physical access so a mic/camera (1/8") can't be placed after > construction. > > Drapes so the lip readers can't see you. Make sure the drapes block IR. There are instances of even local police forces flooding the front of a house with IR light, and viewing the activities inside with IR viewers -- all of this through closed drapes. -- system at decode.UUCP (System Operator) Cryptography, Security, Privacy BBS +1 410 730 6734 Data/FAX From ag588 at cleveland.Freenet.Edu Tue Mar 15 05:54:48 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Tue, 15 Mar 94 05:54:48 PST Subject: Nature of RSA's patent Message-ID: <199403151354.IAA18400@piglet.INS.CWRU.Edu> > >> I've got a guy who's telling me that PGP-encrypted communications sent >> into the U.S.A. from abroad can be stopped at the border as infringing >> "products," pursuant to this statute. > >I know you are looking for legal advice, but the idea of some stiff trying >to stop a communication at the "border" just seemed rather ludicrous to >me. Somehow I don't think he'll have much luck imposing national >boundaries on cyberspace, which has no borders, save those of private, >individual systems. Once something is on the net, they'd do better of >thinking of it as instantly being everywhere, rather than beating their >heads against the wall with old, hidebound ideas of restricting the flow >of information. > >-- > Joel Mueller - > GAT/O -d+(---) -p+ c++@ l+ u++ e m+ s+/- n- h-- f+@ g+(-) w+ t(--) ry? > PGP 2.3a Public Key : finger jmueller at gac.edu or on keyservers. > 0C6D75 01 0E 16 A7 29 C4 48 75 54 CD 99 09 88 88 3C 39 > > While am in agreement with your sentiments, the fact remains that governments certainly are attempting to assert their dominion over portions of cyberspace. Are these the final death throes of a doomed species, with corporations and loose confederations of hackers destined to take their places, or will this be part of the justification for a one-world government? -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From mdbomber at w6yx.stanford.edu Tue Mar 15 06:46:38 1994 From: mdbomber at w6yx.stanford.edu (mdbomber at w6yx.stanford.edu) Date: Tue, 15 Mar 94 06:46:38 PST Subject: Seattle Cypherpunks Physical Meeting Message-ID: <199403151445.AA10184@nebula.acs.uci.edu> >anyone else in the la area? Assuming that means the Los Angeles area, I am. Internet: mdbomber at w6yx.stanford.edu Matt Bartley GPS: 33 49' xx'' 117 48' xx'' (xx due to SA :-) From hughes at ah.com Tue Mar 15 07:06:55 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 15 Mar 94 07:06:55 PST Subject: digital cash In-Reply-To: <9403151330.AA26352@vail.tivoli.com> Message-ID: <9403151456.AA07091@ah.com> >I really can't think of a way of anchoring the at-issue-time "value" >of a digicash note that's not either ridiculous or pointless. Not only ridiculous, but impossible. Even with one currency, it's impossible. Let us assume that all dollars have the same value. (This ends up not being true with certain types of intervention--I digress.) Now, in the case of a Great Depression, say, where there is actually less economic output, the number of dollars has not decreased, and so each dollar buys less. It's real value which is important in this case, not nominal value. There is no guarantor of value. If there were ever claimed one, I would be suspicious that it was backed by coercion. Eric From rarachel at prism.poly.edu Tue Mar 15 07:07:00 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 15 Mar 94 07:07:00 PST Subject: NY UNIX Clipper Article In-Reply-To: <199403150346.TAA10895@mail2.netcom.com> Message-ID: <9403151454.AA09167@prism.poly.edu> > > "When I saw that I said 'Wow. That is not right,' and I raised > > hell about that," Gore said in an interview Thursday. > > > I'm glad the VP jumped on this right away. 8-| Amazing, ain't it? Maybe when Billary falls down come next election time, we'd have the possibility of picking Gore???? Doubtful... So what would happen if that take Billary away for the whitewatter crap? Would Gore automagically become the new prez? (Or will Billary pardon him/herself?) I wonder.... if Hillary is about to be slow-roasted, can Bill issue a prez-pardon to save her butt? Or is it far more likely that he'll go down to the hoosegow with her? My oppinion is that while Bill may or may not be guilty, he'd probably get away with it regardless... who in hell wants to be known as the person responsible for sending a president up the river? Still, we did have to get rid of Bush and Quayle... :-I From habs at warwick.com Tue Mar 15 07:23:43 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Tue, 15 Mar 94 07:23:43 PST Subject: Re(2): Canon Copiers Message-ID: <9403151437.AA00207@uucp.warwick.com> ------ From: Edward J OConnell, Tue, Mar 15, 1994 ------ @ interestingly, they are often loath to demonstrate this features, @ apparently, according tomy service man. I recently purchased one of these. The cost for the entire setup, was over $100,000. The salesman was VERY happy to show me all the features, including this one. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From smb at research.att.com Tue Mar 15 07:24:34 1994 From: smb at research.att.com (smb at research.att.com) Date: Tue, 15 Mar 94 07:24:34 PST Subject: NY UNIX Clipper Article Message-ID: <9403151524.AA16168@toad.com> > > "When I saw that I said 'Wow. That is not right,' and I raised > > hell about that," Gore said in an interview Thursday. > > > I'm glad the VP jumped on this right away. 8-| Amazing, ain't it? Umm -- wasn't that story datelined February 11? My oppinion is that while Bill may or may not be guilty, he'd probably get away with it regardless... who in hell wants to be known as the person responsible for sending a president up the river? Think back 20 years -- it would have happened then, to history's most famous unindicted co-conspirator, had not Ford pardoned him for anything he might or might not (hah!) have done. (Fortunately, Agnew had already resigned.) Still, we did have to get rid of Bush and Quayle... :-I Yup! From rarachel at prism.poly.edu Tue Mar 15 07:57:39 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 15 Mar 94 07:57:39 PST Subject: digital cash In-Reply-To: <9403151456.AA07091@ah.com> Message-ID: <9403151544.AA11163@prism.poly.edu> > Not only ridiculous, but impossible. Even with one currency, it's > impossible. Let us assume that all dollars have the same value. > (This ends up not being true with certain types of intervention--I > digress.) Now, in the case of a Great Depression, say, where there is > actually less economic output, the number of dollars has not > decreased, and so each dollar buys less. > > It's real value which is important in this case, not nominal value. Absolutely. What most folk don't realize is that >ALL< money is inherently useless until all the folks involved in its trade deem it of value and of use. Money sitting in one's pocket is also useless. Sure we put the little suckers in savings and make interest off'em, but only because the bank moves them around for us, lending to those who don't really need it. :-) Money is analogous to electrons. Moving it around, it does a lot of work for us. Keeping it as static electricity is totally useless. Putting it in a capacitor, has some use. Sometimes you need a cartain ammount of electrons to be able to do a certain ammount of work, however if you leave it there forever, the charge will eventually leak out (like inflation...) Depressions and such are the result of money not moving anywhere... there's a really cool story somewhere by Aliester Crowley on the adventures of a particular bit of paper money exchanging hands, getting everyone involved in its adventures to either do work or services, and to provide work and services in return... (That's why I believe those who wish to do away with money are idiots. Without it, there's no common denominator on what a service, object or whatever is worth. No real way to establish the worth of something. Sure there's barter, but its far too limited as a means of circulating services and goods... Money, paper, gold, or digital is only worth what we tell it to be worth... hell, if it were legal (and safe) we'd be using plutonium coins instead of money... :-) Just my digitial $0.02... > There is no guarantor of value. If there were ever claimed one, I > would be suspicious that it was backed by coercion. > > Eric > From pmetzger at lehman.com Tue Mar 15 08:17:53 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 15 Mar 94 08:17:53 PST Subject: spyproofing your house/work building In-Reply-To: <7kB9ic1w165w@decode.UUCP> Message-ID: <9403151617.AA06107@andria.lehman.com> System Operator says: > Don Melvin writes: > > > > Have I forgotten anything? > > > > > Guard physical access so a mic/camera (1/8") can't be placed after > > construction. > > > > Drapes so the lip readers can't see you. > > Make sure the drapes block IR. There are instances of even local > police forces flooding the front of a house with IR light, You mean heat? What did they do, exactly? Erect giant heat lamps in front of the house? No one inside noticed either? From Carl_Ellison at vos.stratus.com Tue Mar 15 08:43:26 1994 From: Carl_Ellison at vos.stratus.com (Carl_Ellison at vos.stratus.com) Date: Tue, 15 Mar 94 08:43:26 PST Subject: my letter to Time's Editor re: Clipper Message-ID: <199403151643.LAA20146@transfer.stratus.com> To: Time Magazine Letters FAX: (212) 522-0601 From: Carl M. Ellison Stratus Computer, Inc. 55 Fairbanks Blvd Marlborough MA 01752 FAX: (508) 624-7488 Re: March 14, 1994; Vol. 143, No. 11; p. 90 "Beware, Uncle Sam Wants to Listen In" Dear Editor: I enjoyed your article and was pleased to see that a poll of American citizens showed 80% opposed to Clipper. That matches my own informal count. However, the introductory paragraph of your article comes close to repeating a very common misconception by claiming that cryptography was secret and was dominated by the National Security Agency. These statements give the impression that cryptography was somehow the property of the government until recently, and that civilian cryptography is a recent development. The only thing which is new in this field is the personal computer -- making cryptography easy to apply without errors. Cryptography itself is as old as writing. David Kahn's history of cryptography, "The Codebreakers" (Macmillan, 1967), shows that cryptography strong enough to frustrate governments of the day has been invented and used by private citizens for the entire 4000 year history of cryptography. Cryptography has not been secret, either. As of 1931 when Herbert Yardley published "The American Black Chamber" (Bobbs-Merrill), there was no legal secrecy applied to even government uses of cryptography. There never has been secrecy applied to civilian cryptography. [A desire to do so was announced back in the late 1970's by the NSA's Bobby Inman about the time public-key cryptography was first published but that desire was soundly denied by Congress in the Computer Security Act of 1987.] The National Security Agency was created in the early 1950s, but strong cryptography in private hands in this country dates back to the country's beginnings. For example, the only provably unbreakable cipher (Vernam's one-time-tape) was put into public hands in about 1920, while a system cooked up between Thomas Jefferson and a civilian friend of his was strong enough that it was reinvented and used by the Navy in WW-II. "The Codebreakers" gives many more examples, through history, of civilian cryptography as strong as or stronger than that used by the military of the time and I recommend that your readers check it out in the local library. Sincerely, Carl Ellison From lefty at apple.com Tue Mar 15 08:44:19 1994 From: lefty at apple.com (Lefty) Date: Tue, 15 Mar 94 08:44:19 PST Subject: anarchy and sobatage! cryptos beware... Message-ID: <9403151643.AA12333@internal.apple.com> "Sobatage"? What's that, the destruction of machinery through the use of Japanese buckwheat noodles? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From ph at netcom.com Tue Mar 15 09:32:03 1994 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 15 Mar 94 09:32:03 PST Subject: digital cash Message-ID: <199403151732.JAA20816@mail.netcom.com> hfinney at shell.portal.com writes: > Perhaps a digital cash system like Magic Money could serve as the > basis for digital promissory notes. You send me money, I'll send > you a certain amount of digital cash. That particular denomination > and issue date (determined by the exponent) will be redeemable in > one year for X+delta dollars. You can hold the note and redeem it > in a year, collecting the interest, or you can pass it on or even > sell it. Issuers of scrip ("a certificate of a right to receive payment later in the form of cash or stock") will get the attention of Treasury if it is not convertible (by the issuer) to a fixed number of dollars. An easy way for the government to make scrip less useful is to refuse to enforce the contract. It would be interesting to know if there are also punishments and if they can be extended to digital scrip. The laws regarding money can get pretty strange. For instance, it is illegal for a U.S. citizen to hold options in a foreign currency market. The only plausible reason for this is to prevent U.S. citizens from buying insurance against government irresponsiblity. Option rights in a domestic options market are easily abrogated. Mark Hittinger writes: > The global monetary system is notbased on immutable metals prices. > You cannot guarantee that gold will track the inflation of the dollar, > which itself can only be measured relative to other currencies. Even > during times of widespread inflation, some things don't track Commodities have, historically, been more stable than currencies. Over decades they become cheaper as improved means of discovery or production are found, but currencies generally devalue more quickly and unpredictably. I don't have the numbers right here, but I believe even gold is more stable than the dollar. Gold has to be found and dug out of the ground. Currencies are devalued at the whim of the government. A basket of commodities would probably be more stable than government currencies. Unfortunately, governments don't seem to like it when you try to use things other than official measures of value. It would be nice to know exactly what kinds of laws govern the establishment of a digital "bank" which doesn't lend money and which doesn't pay interest. If the only service provided is to make payments, does banking law apply? For instance, U.S. banks are required by law to turn over transactions on an account if an intelligence service wants to see them. The employee of the bank approached is not allowed to indicate in any way that this has happened and the penalties for violation are severe. Would this law apply to a digital transactions bank? Peter From pst at cisco.com Tue Mar 15 11:29:46 1994 From: pst at cisco.com (Paul Traina) Date: Tue, 15 Mar 94 11:29:46 PST Subject: Don Listwin, flaming idiot of the month Message-ID: <199403151925.AA15455@cider.cisco.com> I'd like to nominate Don Listwin for the first 'Flaming Idiot of the Month' award, since he has not fucking clue what he is talking about. Suffice it to say, most all of us are in favor of things like anonymous remailers and devices on the net to protect anonymous activities and keep us free from the clutches of big brother. Unfortunately, I happen to work for a company who's vice president of marketing likes to hear his fucking gums flap and who doesn't have enough of a brain to match his oratory complex. Little does he know that cisco's already been infiltrated by avid cypherpunks, cypherpunk friends, and proto-cypherpunks (before John's first meeting). Sigh... anyone got a deal on some lead pipe suitable of embedding in the empty skull of a certain suit? Paul From gtoal at an-teallach.com Tue Mar 15 11:30:21 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 15 Mar 94 11:30:21 PST Subject: CIA@funet.fi ? Message-ID: <199403151846.SAA01702@an-teallach.com> : From: paulj at xs4all.hacktic.nl (Paul Jongsma) : Well don't think the funet.fi one is a CIA setup, but i know for sure that : anon at hacktic.nl isn't..... The trouble with the cypherpunk remailers is there isn't a single one of them I'd trust. The overwhelming credo of the sort of person I've met in this area is that they want extreme absolute privacy for *themselves* but sneak and spy on everything they possibly can about everyone else. (Oops - that sounds bad - I don't specifically mean the people who run cypherpunk remailers; I mean people who're obsessive about secrecy in general and hackers in particular. Secretive hackers being the worst.) And you can take it as read that every remailer will be logged by the Black Hats too. Only double-blinded *encrypted* remailing is going to have any chance of maintaining secrecy, and then only if you go out of your way to explicitly chain round dozens of remailers in the hope of finding *one* that isn't compromised. (And that, only if all the remailers are regularly spoofing traffic between themselves to foil traffic analysis) G From m5 at vail.tivoli.com Tue Mar 15 11:46:47 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 15 Mar 94 11:46:47 PST Subject: Don Listwin, flaming idiot of the month In-Reply-To: <199403151925.AA15455@cider.cisco.com> Message-ID: <9403151946.AA28607@vail.tivoli.com> Paul Traina writes: > I'd like to nominate Don Listwin for the first 'Flaming Idiot of > the Month' award... Did I miss something? -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From tcmay at netcom.com Tue Mar 15 11:57:38 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 15 Mar 94 11:57:38 PST Subject: Problems with the Remailer System In-Reply-To: <199403151846.SAA01702@an-teallach.com> Message-ID: <199403151956.LAA08026@mail.netcom.com> Graham Toal writes: > The trouble with the cypherpunk remailers is there isn't a single > one of them I'd trust. The overwhelming credo of the sort of person > I've met in this area is that they want extreme absolute privacy > for *themselves* but sneak and spy on everything they possibly > can about everyone else. (Oops - that sounds bad - I don't specifically > mean the people who run cypherpunk remailers; I mean people who're > obsessive about secrecy in general and hackers in particular. Secretive > hackers being the worst.) I agree that more robust, more automated (less human intervention), reputation-based remailers are needed. And the inevitable "abuse" of remailers (such as with death threats, mail bombs to newsgroups, etc.) needs to be treated differently, in the long term, than by compromising the security. (A Chaumian mix would have no manual system for overriding security of course.) Having said this, we're just beginning to learn about the practical problems of remailers: the flakiness, the scheduling of multiple, slightly incompatible remailers, and the reactions to abuse. This learning process is what we expected, I think. > And you can take it as read that every remailer will be logged by the > Black Hats too. Only double-blinded *encrypted* remailing is going > to have any chance of maintaining secrecy, and then only if you go > out of your way to explicitly chain round dozens of remailers in the > hope of finding *one* that isn't compromised. (And that, only if all > the remailers are regularly spoofing traffic between themselves to foil > traffic analysis) I agree with Graham that several things are needed: - more consistency and reliability, to make use of chains of remailers acceptably convenient (In my opinion, digital postage, with a _profit motive_ attached to the operation of remailers, will ultimately make for less flakiness, greater reliability, and an incentive to deploy more remailers and then keep them up and running in a consistent way.) - encryption through each remailer, for several reasons - off-shore sites, out of the main jurisdictions (U.S., mainly), so that some of the remailer hops can be located outside the domain of any one nation's law enforcement powers - padding, latency, background traffic, etc., to make traffic analysis much harder I think some of these things are happening, what with new software from Karl Barrus, Sameer Parekh, and others, but there's a long way to go. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From unicorn at access.digex.net Tue Mar 15 12:24:44 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 15 Mar 94 12:24:44 PST Subject: CIA@funet.fi ? Message-ID: <199403152024.AA10219@access1.digex.net> Graham Toal cypherpunk regular said: The trouble with the cypherpunk remailers is there isn't a single one of them I'd trust. The overwhelming credo of the sort of person I've met in this area is that they want extreme absolute privacy for *themselves* but sneak and spy on everything they possibly can about everyone else. (Oops - that sounds bad - I don't specifically mean the people who run cypherpunk remailers; I mean people who're obsessive about secrecy in general and hackers in particular. Secretive hackers being the worst.) <- It's interesting to me how double standardized (is that a phrase in english?) the concept of privacy is in general. One seems to have to do some snooping to make sure one's privacy and security is assured. In doing so one is invading the privacy of others. I have met very few privacy purists. Most tend to feel that privacy is not a general responsibility of the collective to assure. The collective in this sense is either the government, or the people as a whole. Phrased another way, most of the privacy advocates I have met and discussed with seem to feel that what is not protected is fair game. They lay the burden on the individual to secure his/her own privacy and scowl at those who are too lazy to do it. (note that this message isn't signed because I'm too lazy to do it) In addition they seem to snarl at any attempts to collectivze privacy and make it a function of government to enforce privacy on the ground that there exists a conflict of interest. Unfortunately, while there exist SOME tools for the individual today to provide for his or her own privacy, (stong encryption) many of the other tools are provided by smaller collectives. (the remailers for example) Indeed it is a collective of perhaps 2 (the operator of the mailer and the system admin if seperate) but a collective none the less and one which the user must rely on. Are remailers then a departure from the "secure your own privacy" doctrine? It stands to reason that all remailers should provide for double blind double encrypted remailing. (Provided you subscribe to the theory, ) Just as a side note, I tend to think that laying the burden on the individual is the best approach. -uni- (Dark) From cknight at crl.com Tue Mar 15 13:02:16 1994 From: cknight at crl.com (Chris Knight) Date: Tue, 15 Mar 94 13:02:16 PST Subject: spyproofing your house/work building In-Reply-To: <9403151617.AA06107@andria.lehman.com> Message-ID: On Tue, 15 Mar 1994, Perry E. Metzger wrote: > > Make sure the drapes block IR. There are instances of even local > > police forces flooding the front of a house with IR light, > > You mean heat? What did they do, exactly? Erect giant heat lamps in > front of the house? No one inside noticed either? IR does not mean heat. Infra-Red only implies having a wave frequency lower than that of "red" light. There are several bandwidths of IR used for nightscopes that cannot be felt as heat, nor do they increase the surface temperature of the target area to a noticable extent. -ck From talon57 at well.sf.ca.us Tue Mar 15 13:27:58 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 15 Mar 94 13:27:58 PST Subject: Future Remailers Message-ID: <199403152127.NAA19290@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I have a suggestion on building future remailers. Let's not overlook the idea of operating them "Out of band." At intervals ( preferably random) it would be possible to transmit messages via the phone network, or spread spectrum, to other remailers. (encrypted links of course)( encrypted UUCP?) This would make traffic analysis more difficult. It would also be possible to bounce messages through diverters in other states, further hindering TA. This might also work well for random sources for one time pads. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYYmetCcBnAsu2t1AQGrcAP9Frr3RqyemW+SsQ/aCJKMK1qrGbxBNsmN hioP1tZFVkCWBEUi5lKxn3xcy5fh3neN8ow6tDQbBBy8KmBNvfwiaM6cmRu0VAJ5 sUKNUz0drcgnoEdSyiV4BHFLTz1X0XdeYZ8brtLBC2uu991yf3sw6J7XA5z6E93x +fk13mAssMQ= =KeL3 -----END PGP SIGNATURE----- From 0005533039 at mcimail.com Tue Mar 15 13:39:59 1994 From: 0005533039 at mcimail.com (Giuseppe Cimmino) Date: Tue, 15 Mar 94 13:39:59 PST Subject: PC Week article Message-ID: <02940315213520/0005533039ND3EM@mcimail.com> Copyright (c) PC Week - Reproduced without permission Volume 11, Number 10 - March 14, 1994 Jim Seymour's column The Corporate Micro Businesses would be Clipper victims, too This Clipper-chip stuff is getting out of hand. A manifestly bad idea that seemed likely to sink of its own weight has taken on a life of its own as government officials offer ever more specious arguments for its desirability. Many corporate computing managers tell me they haven't thought about Clipper much, because they aren't interested in politics. That's naive. Ignore this one at your own - and at your company's - very substantial risk. In case you've been on Mars for the past few months, the Clinton administration is pushing for adoption of a data-encryption standard using an embedded chip in every piece of communications equipment. Decryption by any entity other than the intended recipient of the data would be impossible - except by the government, under strict limitations: The necessary keys would be held in trust by a government agency, which would deliver them to a law enforcement agency only after issuance of a court order based on probable cause. The government expects that by requiring Clipper chips in every piece of communications equipment it buys, Clipper chips will become ubiquitous. There is also talk about barring data that is not encrypted by the Clipper standard from any national information superhighway, further assuring its universal use. Uncle Sam assures us this is the best ever data-security system and that we have nothing to worry about from government snooping which just wouldn't happen. This whole proposition is so ludicrous that it seemed unlikely to make it to the congressional hearings on a new telecom act. But it did, and now our servants in Washington are considering making this the law of the land. Which has led to the spectacle of FBI Director George Orwell - oops, make that Louis Freech - saying that Americans should be willing to give up some of their freedoms to become more secure. What's next, Lou, viewscreens in every room? Organizations from Computer Professionals for Social Responsibility to Wired magazine are sponsoring petitions and letter-writing campaigns to try to end this craziness. You can't get on the Internet these days without being asked to sign a petition. All that is well and good; the personal-privacy arguments are powerful and appropriate. But in the flag-waiving over potential government snooping, we're missing a compelling business argument against the Clipper standard. If the image of Uncle Sam as a snoop doesn't move you to action, maybe this one will. Say Clipper becomes the standard and your company's electronic communication is Clipperized. How secure from interception and decoding by competitors do you think your data will be? Beyond the press-release smoke about how limited access to Clipper decryption keys will be, the fact is that ordinary people will be responsible for safeguarding them. And people can be bribed, and can take impetuous and spiteful actions. It's not a question of whether a scandal will erupt when critical and highly confidential corporate information is invaded - only how long it will be before that happens. You and I break our backs devising super-secure communications systems. Our livelihoods depend upon our expertise and commitment to that goal. Do you really want to undermine that work and commitment with this kind of insane back-door risk? Jim Seymour can be reached via MCI Mail at 336-5687. From mg5n+ at andrew.cmu.edu Tue Mar 15 13:46:17 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 15 Mar 94 13:46:17 PST Subject: CIA@funet.fi ? In-Reply-To: <199403151846.SAA01702@an-teallach.com> Message-ID: <8hVWlzS00WDJ858Uga@andrew.cmu.edu> Graham Toal wrote: > : From: paulj at xs4all.hacktic.nl (Paul Jongsma) > > : Well don't think the funet.fi one is a CIA setup, but i know for sure > : that anon at hacktic.nl isn't..... Graham Toal seems to have drug this thread to cypherpunks from alt.2600... Anyway, I tried the remailer at hacktic.nl and the mail bounces... The remailer does not seem to be working. > And you can take it as read that every remailer will be logged by the > Black Hats too. Only double-blinded *encrypted* remailing is going > to have any chance of maintaining secrecy, and then only if you go > out of your way to explicitly chain round dozens of remailers in the > hope of finding *one* that isn't compromised. (And that, only if all > the remailers are regularly spoofing traffic between themselves to foil > traffic analysis) I doubt it... most of the time the system administrators aren't even aware of the remailer, much less the TLAs. From mg5n+ at andrew.cmu.edu Tue Mar 15 13:51:49 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 15 Mar 94 13:51:49 PST Subject: Don Listwin, flaming idiot of the month In-Reply-To: <199403151925.AA15455@cider.cisco.com> Message-ID: Paul Traina wrote: > I'd like to nominate Don Listwin for the first 'Flaming Idiot of the Month' > award, since he has not fucking clue what he is talking about. > > Suffice it to say, most all of us are in favor of things like anonymous > remailers and devices on the net to protect anonymous activities and > keep us free from the clutches of big brother. Unfortunately, I happen > to work for a company who's vice president of marketing likes to hear > his fucking gums flap and who doesn't have enough of a brain to match > his oratory complex. > > Little does he know that cisco's already been infiltrated by avid > cypherpunks, cypherpunk friends, and proto-cypherpunks (before > John's first meeting). > > Sigh... anyone got a deal on some lead pipe suitable of embedding > in the empty skull of a certain suit? > > Paul Would you care to provide us some background info about Mr. Listwin so we can decypher this? :) From pst at cisco.com Tue Mar 15 13:57:18 1994 From: pst at cisco.com (Paul Traina) Date: Tue, 15 Mar 94 13:57:18 PST Subject: Don Listwin, flaming idiot of the month In-Reply-To: Message-ID: <199403152157.AA21176@cider.cisco.com> From: Matthew J Ghio Subject: Re: Don Listwin, flaming idiot of the month Paul Traina wrote: > I'd like to nominate Don Listwin for the first 'Flaming Idiot of the Month' > award, since he has not fucking clue what he is talking about. > > Suffice it to say, most all of us are in favor of things like anonymous > remailers and devices on the net to protect anonymous activities and > keep us free from the clutches of big brother. Unfortunately, I happen > to work for a company who's vice president of marketing likes to hear > his fucking gums flap and who doesn't have enough of a brain to match > his oratory complex. > > Little does he know that cisco's already been infiltrated by avid > cypherpunks, cypherpunk friends, and proto-cypherpunks (before > John's first meeting). > > Sigh... anyone got a deal on some lead pipe suitable of embedding > in the empty skull of a certain suit? > > Paul Would you care to provide us some background info about Mr. Listwin so we can decypher this? :) Since a couple of people have asked me why I was ragging on Don Listwin, here's the original message that brought it to this forum: ----- Begin Forwarded Message ----- From: Darren Reed To: cypherpunks at toad.com Subject: anarchy and sobatage! cryptos beware... >From a local newspaper, a quote which some of you might find interesting: 'The virtual anarchists pose another security problem for the Internet because they have formed an organised group aimed at sabotaging US Government moves to enfore digitial signiatures on the Internet to allow authorities to identify the source of all messages on the system. According to Listwin, opponents of the scheme have begun advertising for "top-notch nerds" to join the group. "It's like the spy movies where secret agents do blind drops of information. People are doing blind drops on the Internet so that you don't know where the messages come from," Listwin said.' (from an article on the 'recent' breakin at Cisco, The Age, 15/4/94, Charles Wright. Don Listwin is Cisco's vice-pres. of marketting. As a result of this breakin, he says Cisco will move to hand held response challenge cards). Anyone got any suggestions for replies I could send back to the author, relating to the subject of anonymity, digitial signiatures, etc ? Darren ----- End of Forwarded Message ----- From wak at next11.math.pitt.edu Tue Mar 15 14:31:37 1994 From: wak at next11.math.pitt.edu (walter kehowski) Date: Tue, 15 Mar 94 14:31:37 PST Subject: Loompanics: SECRETS OF A SUPER HACKER Message-ID: <9403152231.AA06297@next11.math.pitt.edu> Cypherpunks: I recently received the recent Loompanics catalog and read the review of SECRETS OF A SUPER HACKER in it. I wondered if the book was just hype ("Approaching Zero" comes to mind) so I'm glad to read in Timothy May's "Books, Loompanics, and other weird stuff" that the book might actually be worth reading. I've appended the review. Thanks, tcmay! Walter A. Kehowski ###################################### SECRETS OF A SUPER HACKER by The Knightmare, introduction by Gareth Branwyn, 205 pp., 8 1/2" x 11", ISBN 1-55950-106-5, March, 1994, Loompanics Unlimited, Box 1197, Port Townsend WA, 98368. Price: $19.95 plus $4.00 for shipping (includes a copy of their must-have 280 page catalog of unusual books). Credit card orders to 206-385-2230 (phone) or 206-385-7785 (fax). This is a very good practical book on breaking into computer systems. It's readable, interesting, informative, balanced, and accurate, with a nice spirit of fun and swashbuckling! Here's the contents: Introduction: Hackers: Heroes or Villains? I: The Basics II: The History of Hacking III: Researching the Hack IV: Passwords and Access Control V: Social Engineering VI: Reverse Social Engineering VII: Public Access Computers and Terminals VIII: On-Site Hacking: The Tresspasser-Hacker IX: Hacking at Hope: Dialing Up Computers With Your Modem X: Electronic Bulletin Board Systems XI: Borderline Hacking XII: What To Do When Inside XIII: This Lawful Land XIV: Hacker Security: How To Keep From Getting Caught XV: Conclusion Further Reading Glossary 8 Appendices The Knightmare covers lots of clever technical tricks for gaining access, but he shows most glee with scores of hilarious "Social Engineering" scams for seducing legitimate users into revealing their passwords. The striking thing about these spoofs is, just reading them, you realize through the laughter how often these simple Social Engineering techniques will produce results and how the credulity of non-security- minded naive users is the weak point of any security system. Sometimes while reading, I wished the book provided more specific info about phone numbers, brand names, specific techniques that work on specific bulletin board systems, etc. But I recognize that such information would go quickly out-of-date, or would be fixed in response to the book's publication, or could implicate the author. The Knightmare is presenting concepts that won't go out-of-date soon, giving the interested non-hacker a comprehensive and comprehensible survey of the field, and tipping off the potential hacker with just enough details to get him/her started and steered in the right direction and minimize the chance of getting caught. On this final point... a few times during the early chapters I thought The Knightmare was being cavalier about personal safety, favorably reporting (for example) Social Engineering advertizing scams that would likely bring the cops to one's doorstep. But The Knightmare was saving his warnings for 2 chapters towards the end, 22 sobering pages that make very clear the risks involved and what definitely NOT to do. A very balanced presentation. As usual with Loompanics books, this one can be read backwards, and pages 167-168 are directed specifically to System Administrators interested in beefing up security. I also appreciated all the hacker philosophy and pragmatic do-no-damage hacker ethics. The Knightmare disdains and derides "crackers" who break into a system in order to wreak havok; for him, "hackers" are peaceable, non- destructive puzzle-solvers and liberators of information. In a world where the govco is ever working to extend and centralize its control over financial data, encryption techniques, cyberspace, and every aspect of people's lives, the hacker may emerge as a modern-day Robin Hood. From mimsy!anagld!decode!system at uunet.UU.NET Tue Mar 15 14:43:55 1994 From: mimsy!anagld!decode!system at uunet.UU.NET (System Operator) Date: Tue, 15 Mar 94 14:43:55 PST Subject: spyproofing your house/work building Message-ID: <3Vy9ic1w165w@decode.UUCP> "Perry E. Metzger" writes: > > Make sure the drapes block IR. There are instances of even local > > police forces flooding the front of a house with IR light, > > You mean heat? What did they do, exactly? Erect giant heat lamps in > front of the house? No one inside noticed either? This is getting rather far afield, but I'll answer: Light sources to generate usable IR aren't any larger than visible systems, and do not generate the amounts of heat you're imagining. These aren't Kentucky Fried Chicken food warmers. Pick any of several security industry magazines and you'll find many advertisements for "undetectable" (in the sense of being visible to the naked eye) IR surveillance systems. Even the FLIR systems mounted on police observation helicopters (Ft. Worth being the most notable user) are easily mounted inside a van or delivery truck. >From the literature I have, the British SAS have long used this observation method immediately prior to initiating hostage rescue. It will be interesting to see if any "peeping tom" cases come out of the large amount of Soviet night vision gear now available, relatively cheaply, to civilians. Due to it's low price, it has also become popular with local police departments. Even the town I went to high school in, population 10,000, has some night vision gear. Dan -- system at decode.UUCP (System Operator) Cryptography, Security, Privacy BBS +1 410 730 6734 Data/FAX From tcmay at netcom.com Tue Mar 15 15:42:16 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 15 Mar 94 15:42:16 PST Subject: Future Remailers In-Reply-To: <199403152127.NAA19290@well.sf.ca.us> Message-ID: <199403152342.PAA11732@mail.netcom.com> > I have a suggestion on building future remailers. Let's not > overlook the idea of operating them "Out of band." At intervals ( > preferably random) it would be possible to transmit messages via > the phone network, or spread spectrum, to other remailers. > (encrypted links of course)( encrypted UUCP?) This would make > traffic analysis more difficult. > > It would also be possible to bounce messages through diverters in > other states, further hindering TA. This might also work well for > random sources for one time pads. > Brian Williams Furthermore, the continuing expansion of "private" networks--LANs and WANs, within companies, within households, within other entities that no government can plausibly claim monitoring authority over--will make Digital Telephony II and traffic analysis much harder to implement. When Alice send her remailer traffic down the hallway over her own Ethernet line to Bob, the confusion grows. Not necessariy any better than would be had with more ideal mixes, but certainly this sort of thing can only work to make traffic analysis more complicated. (Yes, the authorities can monitor all messages. But imagine what happens when a company with hundreds of PCs, workstations, multiple mini-networks, etc., gets into the remailer business.) The rapid growth of proprietary networks (such as the one linking me to my next door neighbor) makes Digital Telephony almost unenforceable. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From warlord at MIT.EDU Tue Mar 15 16:47:55 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 15 Mar 94 16:47:55 PST Subject: PowerMacPGP Message-ID: <9403160047.AA13069@toxicwaste.media.mit.edu> Forwarded with permission. ;-) FYI: I saw a Power PC yesterday, and asked about running standard Mac Apps, and was told it would do it, but not get the Power PC speedups... -derek ------- Forwarded Message Date: Mon, 14 Mar 1994 17:10:42 -0800 Message-Id: <199403150110.RAA26805 at mail.netcom.com> Mime-Version: 1.0 To: Derek Atkins From: plaz at netcom.com (Plaz) Subject: Re: PowerMacPGP Derek Atkins replies to someone. >> Does anyone know if Mr. Zimmerman or anyone else will be writing a >> Power Macint -osh PGP porgram. What about the other popular >> encryption programs. Thanks, > >The source code is available. If you have a C compiler, it shouldn't >be very hard to build. Then again its a Macintosh, so who really >knows? I don't expect to see Phil to do it, since Phil hasn't done >any coding for PGP. Also, I don't think that PowerMacs are prominent >enough for developers to have them, yet. I am 99.9% certain that MacPGP will run on a PowerMac, in emulation mode. Some time soon someone will get around to recompiling for native mode. For the original poster: PowerMac is supposed to run all Macintosh OS based programs, right out of the box. No porting of the programs is required. They run slower than native apps, but they run as fast as they would on most Macs now. _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz at netcom.com 66 Pyramid Plaza plaz at io.com Freegate, Metaverse at io.com 7777 ------- End of Forwarded Message From rjc at gnu.ai.mit.edu Tue Mar 15 17:18:18 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Tue, 15 Mar 94 17:18:18 PST Subject: my improved anonymous remailer Message-ID: <9403160118.AA25354@geech.gnu.ai.mit.edu> Cypherpunks, Seeing as how everyone else is announcing their anonymous remailers, I may as well announce mine which is nearing completion. The remailer is written in Knuth's WEB using Perl so there is nice documentation. The remailer includes among other things, virtual addresses (handles), padding/packetizing messages (splitting them up and sending pieces through multiple remailer chains), chaining, mixing, a key-server, a list of remailers server, a socket-server to bypass the sendmail queue and get immediate error return, a stealth mode (delivery via direct SMTP or socket instead of through the local sendmail), secure remailer network (remailers sign and encrypt chained messages between each other), fake remailer traffic, and other small features. The virtual handles are fairly secure. They can be stored in the database as either plaintext real email addresses, virtual addresses located elsewhere on the remailer network, or SAEE cypherpunk remailer blocks (self-addressed encrypted envelope) The following text is taken from the WEB document and contains some addition information. Send any comments you have to me, rjc at gnu.ai.mit.edu -Ray p.s. I expect that it will be ready for beta release in about two weeks. At that point, I would need some beta testers to set up a remailer network to make sure the socket-based and e-mail based networking works (especially the packetizing) p.p.s. e-mail commands are of the same form as the extropian's mailing list, backwards compatibility with the cypherpunks pasting token is not supported. Why? All headers in the message are ignored (and in socket-mode, there is no header anyway) and the prefered mode of operation is to encrypt the body and the commands so no outside eyes can see the remail request destination nor the message subject. ------------------------------CUT HERE--------------------------------------- \documentstyle{article} \title{Remailer 2.0 \\ An Improved Anonymous Remailer} \author{Ray Cromwell \\ rjc@@gnu.ai.mit.edu} \date{March 1, 1994} %$Id: remailer.w,v 0.2 94/03/01 03:22:27 rcromw1 Exp $ \newcommand{\rem}{{\tt Remailer 2.0\ }} \begin{document} \maketitle \tableofcontents \section{Introduction} The following text describes an improved anonymous remailer based on suggestions Tim May made on the cypherpunks\footnote{Send subscription requests to cypherpunks-request@@toad.com} mailing list a few weeks ago. I was stuck in the middle of school work and the {\em Extropians List Software} when Tim made the anouncement, but I had plenty of ideas on how to implement and improve remailers. So here at last is the result of my hacking. \begin{center} {\Large Remailer Improvement Principles} \begin{itemize} \item Secure Virtual Addresses \item Chaining \item Mix Delays \item Fake Remailer Traffic \item Padding/Packetizing Messages \item Builtin Remailer List Generation \item Builtin Public Key Server \item Socket Operation \item Stealth on Multiuser Systems \item Open Design \item Simple ``.forward'' Mode Operation \end{itemize} \end{center} [...] \subsubsection{Socket Mode} Socket mode provides a more secure form of operation by bypassing the standard sendmail delivery mechanism allowing a message to be piped directly to the remailer. In addition, the socket mode remailer functions as an information server allowing clients to request a publically networked list of public keys and up-to-date list of \rem servers. The port number can be anything but I'm suggesting we all agree to use port 2258. Upon connection to the remailer port, a greeting message will be sent to you of the following form. On the first line is a general greeting message which can be any string. On the next line is status information separated by ``/''. The status information in order is: \verb|remailer_name|, version, administrator e-mail address, and finally a list of flags. The flags are single character upper case letters specifying the following options. {\bf P} to specify that the machine is privately owned and single-user, {\bf M} for mixing enabled, {\bf C} for chaining, {\bf K} if the keyserver is turned on, {\bf E} if this remailer only accepts encrypted messages, and {\bf S} if stealth mode is on. \begin{center} \begin{verbatim} Example: telnet remailer.nsa.gov 2258 Connected to remailer.nsa.gov Escape character is '^]' Greetings, Welcome to Billy Bob Jake's Super Deluxe Remailer! bob_remailer/Version 1.1/bob@@remailer.nsa.gov/PMCKESF \end{verbatim} \end{center} While connected, entering {\bf list} for example, would get you a list of remailers, or {\bf keys} for an index of keys. You can also remail at this point and even get an error status. [...] \subsection{Reading and Writing the Remailer List} The remailer list is a simple text file which consists of a list of lines each containing a \verb|remailer_name|, ':', the e-mail address of the remailer, the flags for that remailer, and a timestamp recording the last time a response was received from this remailer. Each field is separated by a comma. `\#' Comments and null lines are allowed. A visible comment can be attached to a remailer by using the form ``\verb|remailer_name|\%comment string'' Additional comments to the same \verb|remailer_name| are concatenated. [...] \begin{verbatim} Example: ann's remailer: ann_remailer@@host.domain,PKCMS,77676734 ann's remailer% My remailer is special because my machine has ann's remailer% TEMPEST shielding around it. It can also self destruct ann's remailer% in the event of an NSA raid. \end{verbatim} \subsection{Database Functions} \rem uses a dbm database to record information neccessary to implement ``Virtual Addresses'' These are penet\footnote{`penet' refers to the anonymous posting service running at \verb|anon.penet.fi|. Send mail to \verb|help@@anon.penet.fi| for information.} style handles used by the anonymous remailer network to allow easy addressibility to anonymous recipients without the complication of anonymous encrypted return address blocks. Each record in the virtual database is keyed by the handle in the virtual address itself. A record contains 3 fields right now. The first is the storage method, the second is the user address connected with the handle. The third is a timestamp revealing the last time this address was used. Later, a fourth record might be added for electronic postage. [...] \subsubsection{Virtual Addresses, A Side Note} Virtual Addresses consist of a {\bf user handle} and an optional {\bf remailer name} separated by `{\bf \#}' I used `\#' because I wanted to differentiate virtual addresses from internet style addresses. An example of a virtual address is ``darkmodem\#deepanon'' which means that the message should be sent to the user connected with the handle ``darkmodem'' through the remailer named ``deepanon'' You can chain your own remailers by simply adding multiple remailer names to the virtual address. For example, ``user\#remailer1\#remailer2\#remailer3'' which will send the message first through remailer1, then remailer2, then remailer 3, and finally to whoever happens to be connected with ``user''. A special remailer name ``*'' is provided. Each instance of ``*'' in a remailer chain will be replaced by a random remailer. For example, ``darkmodem\#*#*#deepanon'' will first chain the message through two random remailers and then finally to deepanon. The random remailers chosen are not guaranteed to be unique. [...] \section{Change History} \begin{verbatim} $Log: remailer.w,v $ Revision 0.2 94/03/01 03:22:27 rcromw1 prerelease \end{verbatim} \section{Identifier Index} @u \end{document} ----------------------------------------------------------------------------- -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From avalon at coombs.anu.edu.au Tue Mar 15 17:47:00 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Tue, 15 Mar 94 17:47:00 PST Subject: spyproofing your house/work building In-Reply-To: <7kB9ic1w165w@decode.UUCP> Message-ID: <9403160146.AA03285@toad.com> > > Don Melvin writes: > > > > Have I forgotten anything? > > > > > Guard physical access so a mic/camera (1/8") can't be placed after > > construction. > > > > Drapes so the lip readers can't see you. > > Make sure the drapes block IR. There are instances of even local > police forces flooding the front of a house with IR light, and > viewing the activities inside with IR viewers -- all of this > through closed drapes. What sort of materials DO block IR ? Lycra ? Wool ? Cotton ? And how do we test drapes without buying them first ? From peace at BIX.com Tue Mar 15 18:20:00 1994 From: peace at BIX.com (peace at BIX.com) Date: Tue, 15 Mar 94 18:20:00 PST Subject: NTIA on NII Message-ID: <9403152113.memo.99186@BIX.com> The follow should be of some interest - possibly some action Peace .. - - - Subject: NTIA INQUIRY ON PRIVACY ISSUES Date: Tue, 15 Mar 94 17:10:46 EST Marshall Abrams brought to our attention the following notice which appeared on the NTIA Bulletin Board. NOTE EXTENSION: The March 11 issue of NII NEWS states that the March 14 deadline in this notice has been extended to March 30. ++++++++++++++++++++++++++++++++++++++++++++++++++ CONTACT: Larry Williams (202) 482-1551 NTIA RELEASES NOTICE OF INQUIRY ON PRIVACY ISSUES TECHNICAL NEWS ADVISORY The National Telecommunications and Information Administration (NTIA) is undertaking a comprehensive review of privacy issues relating to private sector use of telecommunications-related personal information associated with the National Information Infrastructure (NII). Public comment is requested on issues relevant to such a review. After analyzing the comments, NTIA will issue a report and make recommendations as needed. The inquiry will focus on potential uses of personal information generated by electronic communications, including interactive multimedia, cable television and telephony. NTIA is studying the issues that arise when such telecommunications-related information is used to create detailed dossiers about individuals. NTIA seeks to determine whether any overarching privacy principles can be developed that would apply to all firms in the telecommunications sector. In addition, NTIA is soliciting comment on other countries' actions to ensure the privacy of information transmitted over telecommunications networks, and to ascertain how any U.S. policies in this area will affect the international arena. The Notice of Inquiry and Request for Comments will appear in Part IX of the February 11, 1994, Federal Register and will also be available on the NTIA Bulletin Board at (202) 482-1199. Set communications parameters to no parity, 8 data bits and 1 stop. Comments should be filed on or before March 14, 1994. If you have further questions, please contact Carol E. Mattey or Lisa I. Leidig at the Office of Policy Analysis and Development, NTIA, 202-482-1880. From pkm at maths.uq.oz.au Tue Mar 15 18:44:52 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Tue, 15 Mar 94 18:44:52 PST Subject: IR Blocking. Message-ID: <9403160244.AA02855@axiom.maths.uq.oz.au> One idea that I thought about is to simply use frosted glass. The police/ /FBI/CIA/other using the IR cameras don't just want to recieve IR light; they want it in a coherent pattern. Using frosted glass, the light is dispersed in (mostly) all directions. The spooks should then only be able to percieve some fuzzy shapes. Oh, they'll be able to know if the lights are on, but for all they know, you are just having a quiet game of bridge. (I am not absolutely certain about the va .. veracity of this method, but I gathered that if frosted glass disperses normal light, it should do the same for IR. The range of refractive indices would be different, and that's about it.) Any criticisms of this method would be appreciated. Peter Murphy. From consensus at netcom.com Tue Mar 15 20:06:41 1994 From: consensus at netcom.com (Christopher Allen) Date: Tue, 15 Mar 94 20:06:41 PST Subject: FWD: Exportable RIPEM/SIG Available Message-ID: <199403160407.UAA05325@mail.netcom.com> I thought the readers of cyperpunks might find the following of interest. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. Date: 15 Mar 1994 14:55:01 GMT From: mrr at scss3.cl.msu.edu (Mark Riordan) Subject: Exportable RIPEM/SIG Available Organization: Michigan State University Summary: Free Signature-only version of RIPEM Announcing the availability of RIPEM/SIG, an exportable signature-only version of RIPEM, a public-key encryption program. RIPEM/SIG is a version of RIPEM 1.2 with encryption and decryption taken out. RSA Data Security has obtained a US State Department Commodities Jurisdiction ruling determining that RIPEM/SIG is exportable from the USA. At this writing, RIPEM/SIG is undergoing a classification to determine what countries it may not be exported to. (Worst case is that RIPEM/SIG may not be exported to such countries as Libya, Iraq, and North Korea.) While this ruling certainly does not fully address the strong concerns of myself and many others regarding the USA's overly restrictive export laws, it does ease things a bit for individuals wishing to exchange authenticated messages across international borders. RSA Data Security has granted a free license to users worldwide of RIPEM/SIG to use the software for any purposes other than direct commercial services. (I.e., selling the software itself or selling a service directly based on the program's functions.) It is allowable to make use of the software at a commercial location or on commercial computer systems. Use for personal communication, or even corporate communications, is permitted. These rights will be clarified in a new RSAREF license and new RSA software, to be available in a few weeks. For a license to use RIPEM/SIG to deliver commercial services, contact RSA Data Security for terms. It is believed that RIPEM/SIG is the only US-exportable signature software in the world available for free to US users. (Non-US users are not bound by RSADSI's US patents, but would be bound by copyright laws.) RIPEM/SIG is built from RIPEM 1.2a sources; thus, RIPEM/SIG source code is not exportable. The executables are exportable. I have compiled RIPEM/SIG for several popular architectures and have placed the executables on ripem.msu.edu, available for anonymous FTP from /pub/crypt/ripem/ripemsig/binaries. Other USA and Canada citizens are welcome to obtain the RIPEM 1.2a source distribution and create and export executables for other platforms. I also wish to announce the availability of RIPEM 1.2a. There were no algorithic changes between 1.2 and 1.2a; simply code changes to create RIPEM/SIG and to accomodate some brain-dead C compilers. RIPEM is available via non-anonymous FTP from ripem.msu.edu. See the file GETTING_ACCESS to get an account. RIPEM/SIG is, as mentioned above, available from the same site via anonymous FTP. Mark Riordan From bugs at netsys.com Tue Mar 15 20:13:53 1994 From: bugs at netsys.com (Mark Hittinger) Date: Tue, 15 Mar 94 20:13:53 PST Subject: digital cash Message-ID: <199403160417.AA06399@netsys.com> >Mark Hittinger writes: > The global monetary system is notbased on immutable metals prices. > You cannot guarantee that gold will track the inflation of the dollar, > which itself can only be measured relative to other currencies. Even > during times of widespread inflation, some things don't track Uh - I didn't write that. Just for the record. Some other cp did, I think Perry. I didn't really want to start a gold standard debate I just wanted to get an idea of where the people implementing practical digital cash were going. I still don't have an answer for that, will it essentially be a checking account denominated in dollars or will the digital cash unit be detach from the dollar in some way? Another thought, could digital cash become more valuable than other forms of cash because of its unique characteristics? As more people see the advantages of digital cash then there might be bidding for the available pool. If digital cash supply is restricted in some way, early converters would gain advantage. I'm not advocating gold, or 1972 dollars, or 1974 dollars, or 1979 dollars, or ..... --------- I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat drives with compression, and a large diet coke. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From flesh at wps.com Tue Mar 15 20:24:13 1994 From: flesh at wps.com (Flesh) Date: Tue, 15 Mar 94 20:24:13 PST Subject: digital cash In-Reply-To: <199403160417.AA06399@netsys.com> Message-ID: <9403160424.AA05985@wps.com> > I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved > memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat > drives with compression, and a large diet coke. What's wrong with espresso or Jolt? From mg5n+ at andrew.cmu.edu Tue Mar 15 20:40:13 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 15 Mar 94 20:40:13 PST Subject: Future Remailers In-Reply-To: <199403152342.PAA11732@mail.netcom.com> Message-ID: Tim May wrote: > The rapid growth of proprietary networks (such as the one linking me > to my next door neighbor) makes Digital Telephony almost > unenforceable. hehe... I did something similiar about two years ago with my friend who lived across the street... We took wires, laid them down on the street, and poured roofing tar over it, then let it dry overnight. Over the next few days, heating from the sun and cars driving over it compressed it to a barely perceptable bump. The rest of the connection was buried in plastic pipe under the lawn. We hooked up a serial line connection. It worked well for several months... tho a few minor repair jobs were needed. The connection met its fate when the street crew came thru and tore up and repaved the entire street. We never re-laid the line. (The old street was in pretty bad condition, so our "patch" wasn't very noticable... however it would have been fairly obvious on a newly paved street.) Neat trick tho. I wish it was easier to do things like that... Has anyone made any progress with networking over unliscensed radio spectrum? From mg5n+ at andrew.cmu.edu Tue Mar 15 20:53:03 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 15 Mar 94 20:53:03 PST Subject: IR Blocking. In-Reply-To: <9403160244.AA02855@axiom.maths.uq.oz.au> Message-ID: Peter Murphy wrote: > One idea that I thought about is to simply use frosted glass. The police/ > /FBI/CIA/other using the IR cameras don't just want to recieve IR light; The FBI and CIA are operating in Australia now? wow... :) > they want it in a coherent pattern. Using frosted glass, the light is > dispersed in (mostly) all directions. The spooks should then only be able > to percieve some fuzzy shapes. Oh, they'll be able to know if the lights > are on, but for all they know, you are just having a quiet game of bridge. > (I am not absolutely certain about the va .. veracity of this method, but > I gathered that if frosted glass disperses normal light, it should do the > same for IR. The range of refractive indices would be different, and that's > about it.) Any criticisms of this method would be appreciated. Peter Murphy. Acutally, since longer wavelegnths are scattered at greater angles, frosted glass will scatter infrared better than visible light. It probably doesn't amount to a large difference tho...and if it did, they might move up to ultraviolet. But UV is much easier you to detect, so they probably wouldn't risk it. :) From karn at qualcomm.com Tue Mar 15 21:52:47 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 15 Mar 94 21:52:47 PST Subject: spyproofing your house/work building In-Reply-To: <3Vy9ic1w165w@decode.UUCP> Message-ID: <199403160552.VAA29543@servo.qualcomm.com> Yeah, this is getting pretty far afield, but if you want to see what IR floodlight/camera combinations look like, visit Disneyland. That park probably has one of the most extensive video surveillance systems of any place readily accessible to the public. (I expect Disney World is much the same). IR cameras are everywhere in the inside rides, especially in dark areas where visible floodlights would ruin the dramatic effect. Perhaps the easiest place to see them is in Pirates of the Caribbean. Just turn around and look backwards, and you'll see video cameras mounted overhead next to dim red lights. Other rides where they can be easily seen include People Mover (never crowded), Haunted Mansion and Space Mountain. Phil From tcmay at netcom.com Tue Mar 15 23:19:35 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 15 Mar 94 23:19:35 PST Subject: (fwd) Re: What's so bad about a Surveillance State? Message-ID: <199403160720.XAA14862@mail.netcom.com> Newsgroups: talk.politics.crypto,alt.privacy.clipper,alt.privacy,comp.org.eff.talk From: tcmay at netcom.com (Timothy C. May) Subject: Re: What's so bad about a Surveillance State? Message-ID: Followup-To: talk.politics.crypto,alt.privacy.clipper,alt.privacy,comp.org.eff.talk References: <2lqka4$c5o at bilbo.suite.com> Date: Wed, 16 Mar 1994 07:11:24 GMT From: Department of Internal Surveillance To: List cc: Eric Blair, Director of IntSur Code: 42-750aF-966 Citizen-Unit Jim-Miller at suite.com (ID: 6A8-32-k40B) wrote: : It is obvious to me that many people in the government wish to turn the US : into a surveillance state. What's so bad about that? It seems to me that : a lot of good could come from it. Citizen-Unit Miller is to be commended for his recognition that the common good is served when the state fulfills its surveillance obligations. However, we note that Citizen-Unit Miller is delinquent in completing his Good Citizenship video coursework (entirely too much MTV was watched last week, Citizen-Unit Miller...consider this the third of your four allowable warnings). Citizen-Unit Miller has also wasted too much time (14.982 hours last week) on the so-called Internet, indicating he needs a Learning Reinforcement Regimen. He has been ordered to report to the Austin Processing Center. An orderly society demands that citizen-units be monitored for behavior injurious to the harmony of the larger society. The Position Escrow system was developed to allow precise tracking of movements (although this information is available to the state only when the state needs it, as per the Clipper key escrow precedent). In closing, we wish to remind all citizen-units that surveillance is needed to detect deviant behavior, to ensure full working efficiency, and to remove from the body of society those with archaic visions of individual freedom. Surveillance is Security! --Citizen-Unit Timothy C. May (One informal warning, Citizen-Unit Miller: Your caloric input from cheeseburgers and other Unapproved Dietary Items is dangerously close to the levels which will result in your placement in a dietary reeducation camp, as per Executive Order 97-652A, signed by President-Unit Clinton. We all saw what eating too many cheeseburgers did to her husband-unit!) Peace. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Tue Mar 15 23:44:26 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 15 Mar 94 23:44:26 PST Subject: digital cash In-Reply-To: <199403160417.AA06399@netsys.com> Message-ID: <9403160732.AA01030@ah.com> I thought I answered this as clearly as I knew how. Let me use shorter sentences. >I still don't have an answer for that, will it essentially >be a checking account denominated in dollars Yes. >or will the digital cash >unit be detach from the dollar in some way? No. Is this clear? These are the plans I personally have. Eric From mccoy at ccwf.cc.utexas.edu Wed Mar 16 00:40:45 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 16 Mar 94 00:40:45 PST Subject: digital cash In-Reply-To: <199403160417.AA06399@netsys.com> Message-ID: <199403160840.AA26796@tramp.cc.utexas.edu> Mark Hittinger writes > >Mark Hittinger writes: > > [...stuff about gold and what digital currency will represent in "real > > value"... ] [...] > Another thought, could digital cash become more valuable than other > forms of cash because of its unique characteristics? Yes. There will be nothing more liquid than information in an information society. Nothing. > As more people see > the advantages of digital cash then there might be bidding for the > available pool. If digital cash supply is restricted in some way, > early converters would gain advantage. Limiting the pool is harder than you would think. Use all the numbers you want, we'll make more :) Seriously, the secret is to remember that the net transcends geopolitical boundaries. All you need is _one_ bank that can/will convert cash to digital money and then _everyone in the world who can get an internet connection can use it_. The sun never sets on the string of machines I have accounts on (I think...there is never a globe handy when you need one...), and with the secure communications systems that are possible how could any government hope to stop us? > I'm not advocating gold, or 1972 dollars, or 1974 dollars, or 1979 dollars, > or ..... But it would be possible. That is the real danger digital cash poses to government authority over the monetary system. Once I can get my dollars or dinars, or donuts exchanged into digital cash it is possible for me to do things to it never before dreamed of. I can take my locally exchanged digital-donuts, put them on the net, and send them over to a bank in some small island nation with lax banking laws for instant conversion at the moments rate to some other international currency and transferal through several anonymous accounts, and then zip them over to a network gold server that will create a certified bullion deposit for me in a real bank. I can untracably convert my paycheck into a gold deposit in a foreign nation while sitting in my living room wearing nothing but my socks. I can conduct intricate financial transactions that are completely outside the realm of my governement to regulate, imagine what would happen to the governement if _everyone_ could hide and launder assets as easy as criminal syndicates. If this does not cause some federal banker an ulcer or two then they have no idea what the future will bring them, all the better for us... jim From E.Switalski at bnr.co.uk Wed Mar 16 01:16:34 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Wed, 16 Mar 94 01:16:34 PST Subject: IR Blocking. In-Reply-To: <9403160244.AA02855@axiom.maths.uq.oz.au> Message-ID: <199403160915.26495@bnsgs200.bnr.co.uk> > >One idea that I thought about is to simply use frosted glass. The police/ >/FBI/CIA/other using the IR cameras don't just want to recieve IR light; >they want it in a coherent pattern. Using frosted glass, the light is >dispersed in (mostly) all directions. The spooks should then only be able >to percieve some fuzzy shapes. Oh, they'll be able to know if the lights >are on, but for all they know, you are just having a quiet game of bridge. >(I am not absolutely certain about the va .. veracity of this method, but I >gathered that if frosted glass disperses normal light, it should do the >same for IR. The range of refractive indices would be different, and that's >about it.) Any criticisms of this method would be appreciated. Peter Murphy > . *** Hmm The wavelength of IR is longer than that of visible light, so objects that appear diffuse/ matt optically may appear shiny/clear in IR. As I understand it, high-power military IR targetting lasers being pre-flight tested at airfields have caused nasty eye-accidents because of the unexpectedly high reflectivity of concrete walls etc Regards Ed From E.Switalski at bnr.co.uk Wed Mar 16 01:27:13 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Wed, 16 Mar 94 01:27:13 PST Subject: Future Remailers In-Reply-To: Message-ID: <199403160926.26544@bnsgs200.bnr.co.uk> Hi, >I wish it was easier to do things like that... Has anyone made any >progress with networking over unliscensed radio spectrum? *** use Meteorscatter links: A low power, fairly covert, burst transmission medium. ED . From rjc at gnu.ai.mit.edu Wed Mar 16 03:20:51 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Wed, 16 Mar 94 03:20:51 PST Subject: Additional remailer notes Message-ID: <9403161120.AA01251@geech.gnu.ai.mit.edu> I forgot to mention one of the major features of my anonymous remailer network: robustness. Each time a chaining request is processed, the software creates a random id, the time, the remailer used, and the try#, and stores that in a file. Every 24 hours, the remailer checks to see if it got an 'OK' response in the last 24 hours(signed & encrypted of course) from the other remailer. If not, it tries again, this time picking another remailer to chain to, or if all have been tried, services the request itself. The remailer also retains timestamps on all the remailers which it has received requests from. These are used first before any other remailers (unless overidden by the user by an explicit chain path) It also shows up when you request a list of remailer sites. This insures two things 1) only the "freshest" remailers are used 2) the common remailers used for chaining will be the most popular remailers used, i.e. have the largest traffic One thing the software can not do is return an error/status message to you through e-mail (it can through a socket). I have some ideas on that too like letting users "name" a request, then posting error/stat messages to a newsgroup like alt.remailer.errors, or more probably, a mailing list where users subscribe to find out whether or not their request worked by watching for the request name. This will definately require local email filters on the user's side to pick out messages they are looking for. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From jkreznar at ininx.com Wed Mar 16 03:31:07 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 16 Mar 94 03:31:07 PST Subject: Block Mixing Transforms In-Reply-To: <9403130516.AA27259@cactus.org> Message-ID: <9403161038.AA02512@ininx> -----BEGIN PGP SIGNED MESSAGE----- > A mixing transform is not unlike a "butterfly" section in a fast > Fourier transform (FFT) [3]. But the usual FFT operates on complex > values which are normally represented in floating-point. When > implemented in fixed-point (as needed for mixing data blocks), the > normal FFT butterfly expands the range of the input values, thus > requiring a larger amount of storage (a larger block size) for the > result. Fast Hadamard / Walsh transforms [2] behave similarly. > For cryptography, we need transforms which are "size preserving" > so that we can perform fixed-size block operations (such as DES) > either on the input data or on the transformed results. It was This made me think of Ramesh C. Agarwal's work with Fermat Number Transforms in the 1970s. Are you familiar? I have copies of several of his papers. According to the abstract of ``Fast Convolution Using Fermat Number Transforms with Applications to Digitial Filtering'', IEEE Trans on Accoustics, Speech, and Signal Processing, Vol ASSP-22, No 2, 1974 April, ``...transform is proposed that is defined on a finite ring of integers with arithmetic carried out modulo Fermat numbers... the Fermat number transform implementation of convolution is exact, i.e., there is no roundoff error... Results... are... compared with the fast Fourier transform (FFT) showing a substantial improvement in efficiency and accuracy.'' John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYbha8Dhz44ugybJAQGafgP+Luj3zWlNJKOqaXmO8ZZbOcfGIfTI4yYy NKb2Xwz8nvPTJjZq4zSA60RC1zXOoc9e0hjz1VT2xmqfwAlRqcN0PMzsHeUjxGMH EXOlY9anHiUFWkLEYRMfe2KBP1y3FSt68gLVgx0pLBb5AIt2rOY9yyTQM/2G3CjU h+c15MziZg0= =k9i4 -----END PGP SIGNATURE----- From E.Switalski at bnr.co.uk Wed Mar 16 03:57:05 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Wed, 16 Mar 94 03:57:05 PST Subject: CARD FRAUD AND COMPUTER/CRYPTO EVIDENCE Message-ID: <199403161156.27756@bnsgs200.bnr.co.uk> A recent court case in the UK ------- Forwarded Message To: discussion at cs.ucl.ac.uk Subject: CARD FRAUD AND COMPUTER EVIDENCE Sender: discussion-request at cs.ucl.ac.uk >Xref: bcc.ac.uk alt.politics.british:2235 comp.org.eff.talk:23443 misc.legal:52683 talk.politics.crypto:2600 uk.telecom:8471 uk.politics:15992 >Newsgroups: alt.politics.british,comp.org.eff.talk,misc.legal,talk.politics.crypto,uk.telecom,uk.politics >Path: bcc.ac.uk!uknet!pipex!pavo.csi.cam.ac.uk!rja14 >From: rja14 at cl.cam.ac.uk (Ross Anderson) >Subject: CARD FRAUD AND COMPUTER EVIDENCE >Message-ID: <1994Feb14.132957.22846 at infodev.cam.ac.uk> >Followup-To: uk.telecom >Sender: news at infodev.cam.ac.uk (USENET news) >Nntp-Posting-Host: ely.cl.cam.ac.uk >Organization: U of Cambridge Computer Lab, UK >Date: Mon, 14 Feb 1994 13:29:57 GMT >Lines: 272 A case has just concluded in England which may be significant for computer and cryptographic evidence in general, and for electronic banking in particular. It also give some interesting insights into the quality assurance and fraud investigation practices of one of Britain's largest financial institutions. I will be talking about this case to the BCS Computer Law Special Interest Group on Thursday 17th February at 6pm. The meeting will be held at the offices of Bristows Cooke Carpmael, which can be found at 10 Lincoln's Inn Fields. To get there, take the tube to Holborn, exit southwards and turn second left into Remnant Street. For the sake of those who cannot make it, there follows a report of the case from the notes I made during the hearing. * * * 1. Background. On February 8th, 10th and 11th, I attended the trial at Mildenhall Magistrates' Court, Suffolk, England, of a man who was charged with attempting to obtain money by deception after he complained that he had not made six of the automatic teller machine transactions which appeared on his statement. The essence of the case was that John Munden, a police constable, had complained to the manager of the Halifax Building Society in Newmarket about these transactions, which appeared in September 1992. He had also stated that his card had been in his possession at all times. Since the society was satisifed about the security of its computer systems, it was alleged to follow that Munden must have made these transactions, or suffered them to be made; and thus that his complaint was dishonest. This trial had resumed after being adjourned in late 1993. According to the clerk, evidence was given for the Crown at the initial hearing by Mr Beresford of the Halifax Building Society that the society was satisfied that its systems were secure, and so the transaction must have been made with the card and PIN issued to the customer. Beresford had no expert knowledge of computer systems, and had not done the investigation himself, but had left it to a member of his department. He said that fraudulent transactions were rarely if ever made from lobby ATMs because of the visible cameras. The Newmarket branch manager, Mr Morgan, testified that one of the transactions at issue had indeed been made from a machine inside the branch. He also said that in his opinion the defendant had been convinced that he had not made the transaction; and that he would not be aware of all the possible malfunctions of the ATM. The defence had objected that the evidence about the reliability of the computer systems was inadmissible as Beresford was not an expert. The court allowed the prosecution an adjournment to go and look for some evidence; and at the last minute, on the 20th January, I was instructed by Mr Munden's solicitor to act as an expert witness for the defence. 2. The Prosecution Case. On 8th February, Beresford's evidence resumed. He admitted that the Halifax had some 150-200 `unresolved' transactions over the previous 3-4 years, and that it would be possible for a villain to observe someone's PIN at the ATM and then make up a card to use on the account. He confirmed that the person who investigated the incident had no technical qualifications, had acted under his authority rather than under his direct supervision, and had involved the police without consulting him. Evidence was next given by Mr Dawson, the Halifax's technical support manager. He had originally written the bank's online system in 1971, and was now responsible for its development and maintenance. The ATM system had been written in 1978 for IBM 3600 series machines, and altered in 1981 when the Diebold machines currently in use were purchased. All software was written internally, and in the case of the mainframe element, this had accreted to the nucleus originally written in 1971. Amendments to the online system are made at the rate of 2-3 per week. The PIN encryption scheme used was nonstandard. The PIN was encrypted twice at the ATM and then once more in the branch minicomputer which controls it. At the mainframe, the outer two of these encryptions were stripped off and the now singly encrypted PIN was encrypted once more with another key; the 16 digit result was compared with a value stored on the main file record and on the online enquiry file. When asked whether system programmers could get access to the mainframe encryption software, he categorically denied that this was possible as the software could only be called by an authorised program. When asked whether someone with access to the branch minicomputer could view the encrypted PIN, he denied that this was possible as there were no routines to view this particular record (even although the mini received this field and had PCs attached to it). When asked what operating system the mini used, he said that it was called either TOS or TOSS and that he thought it had been written in Sweden. He could give no more information. He had never heard of ITSEC. He had not investigated any of the other 150-200 `unresolved transactions' because he had not been asked to. The last investigation he had done was of another transaction which had led to a court case, three years previously; he had no idea what proportion of transactions went wrong, was not privy to out-of-balance reports from branches, and was not familiar with branch rules on ATM operations. He never visited the branch at Newmarket, where the disputed transactions took place, but merely looked at the mainframe records to see whether any fault records or error codes. He found none and took this information at face value. The fault recording system does not show repairs. The cryptographic keys in the ATM are not zeroed when the machine is opened for servicing. The maintenance is done by a third party. The branch only loads initial keys into the ATM if keys are lost. The Halifax has no computer security function as such, just the internal auditors and the technical staff; it does not use the term `quality assurance'. When asked by the bench what information was required to construct a card, Dawson initially said the institution identifier, the account number, the expiry date, a service code, an ISO check digit, a proprietary check digit, and a card version number. He concluded from this that a card forger would have to have access to an original card. However it turned out that the ATM system only checks the institution identifier, the account number and the card version number. He maintained doggedly that a forger would still have to guess the version number, or determine it by trial and error, and claimed there was no record of an incorrect version number card being used. However, Munden's card was version 2, and it transpired later that version 1, though created, was not issued to him; and that an enquiry had been made from a branch terminal two weeks before the disputed transactions (the person making this enquiry could not be identified). When asked whether private investigators could get hold of customer account details, as had been widely reported in the press, he just shrugged. He claimed that the system had been given a clean bill of health by the internal and external auditors. The branch manager was recalled and examined on balancing procedures. He described the process, and how as a matter of policy the balancing records were kept for two years. However the balancing records for the two machines in question could not be produced. There was then police evidence to the effect that Munden kept respectable records of his domestic accounts, which included references to the undisputed withdrawals from ATMs, and that although he had once bounced a cheque he was no more in financial difficulty than anybody else. The investigating officer had only had evidence from the branch manager, not from Beresford or Dawson. The investigating officer also reported that Munden had served in the police force for nineteen years and that he had on occasion been commended by the Chief Constable. 3. The Defence. That concluded the prosecution case, and the defence case opened with Munden giving evidence. He denied making the transactions but could not produce an alibi other than his wife for the times at which the alleged withdrawals had taken place. The only unusual matter to emerge from Munden's testimony was that when he went in to the branch to complain, the manager had asked him how his holiday in Ireland went. Munden was dumbfounded and the branch manager said that the transaction code for one of the ATM withdrawals corresponded to their branch in Omagh. This was not apparent from the records eventually produced in court. The next witness was his wife, Mrs Munden. Her evidence produced a serious upset: it turned out that she had had a county court judgment against her, in a dispute about paying for furniture which she claimed had been defective, some two weeks before the disputed withdrawals took place. Her husband had not known about this judgement until it emerged in court. I gave expert evidence to the effect that the Halifax's quality procedures, as described by Dawson, fell far short of what might be expected; that testing of software should be done by an independent team, rather than by the programmers and analysts who created it; and that Dawson could not be considered competent to pronounce on the security of the online system, and he had designed it and was responsible for it. At a more detailed level, I informed the court that both national and international ATM network standards require that PIN encryption be conducted in secure hardware, rather than software; that the reason for this was that it was indeed possible for system programmers to extract encryption keys from software, and that I understood this to have been the modus operandi of a sustained fraud against the customers of a London clearing bank in 1985-6; that I had been involved in other ATM cases, in which some two dozen different types of attack had emerged and which involved over 2000 complaints in the UK; and that the Halifax, uniquely among financial institutions, was a defendant in civil test cases in both England and Scotland. I continued that ATM cameras are used by a number of other UK institutions, including the Alliance and Leicester Building Society, to resolve such cases; that in other countries which I have investigated the practice would be not to prosecute without an ATM photograph, or some other direct evidence such as a numbered banknote being found on the accused; that card forgery techniques were well known in the prison system, thanks to a document written by a man who had been jailed at Winchester some two years previously for card offences; that I had personally carried out the experiment of manufacturing a card from an observed PIN and discarded ticket, albeit with the account holder's consent and on an account with Barclays rather than the Halifax; that the PIN pad at the Halifax's Diebold ATM in Cambridge was so sited as to be easily visible from across the road; and that in any case the investigative procedures followed in the case left very much to be desired. In cross examination, the prosecutor tried to score the usual petty points: he attacked my impartiality on the grounds that I am assisting the Organised Crime Squad at Scotland Yard to investigate criminal wrongdoing in financial institutions (the reply from our lawyer was of course that helping the prosecution as well as the defence was hardly evidence of partiality); he claimed that the PIN pad at the ATM in Newmarket was differently sited to that in Cambridge, to which I had no answer as I had not had the time to go there; and he asserted that the Alliance and Leicester did not use ATM cameras. On this point I was able to shoot him down as I had advised that institution's supplier. He finally tried to draw from me an alternative theory of the disputed transactions - staff fraud, or a villain whom Munden had booked in the past getting his own back by means of a forged card, or a pure technical glitch? I was unable to do this as there had been neither the time nor the opportunity to demand technical disclosure from the Halifax, as had been the case in two previous criminal cases I had helped defend (both of which we incidentally won). Dawson was recalled by the prosecution. He explained that only two of the three tests carried out on new software were done by the analysis and programmers who had written it, and that the third or `mass test' was done by an independent team. He said that software failures could not cause false transactions to appear, since the online system was written in assembler, with the result that errors caused an abend. He claimed that they did indeed possess a hardware security module, which was bought in 1987 when they joined VISA, and which they used for interchange transactions with VISA and Link although not for all transactions with their own customers; and he finally repeated his categorical denial that any system programmer could get at the encryption software. When asked by what mechanism this was enforced, he said that they used a program called ACF2. In his closing speech, the defendant's lawyer pointed out the lack of any apparent motive, and went on to point out the lack of evidence: the balancing records were not produced; the person responsible for attending to those ATM malfunctions which the branch could not cope with was not identified; the Halifax employee who had carried out the investigation was not called; the handwriting on the ATM audit rolls, which was the only way to tie them to a particular machine, could not be identified; the cameras were not working; statements were not taken from branch staff; the disk in the ATM had not been produced; and the internal and external audit reports were not produced. He mentioned my expert opinion, and reiterated my point that when a designer of a system says that he can't find anything wrong, what has he shown? He also recalled that in the High Court action in which the Halifax is the defendant, they had not relied on the alleged infallibility; and pointed out that if ATM systems worked properly, then people wouldn't need to go to keep going to law about them. 4. The Verdict and Its Consequences. I have been aware for years that the legal system's signal-to-noise ratio is less than 10dB; however, in view of the above, you can understand that it was with some considerable surprise that I learned late on Friday that the court had convicted Munden. My own reaction to the case has been to withdraw my money from the Halifax and close my account there. Quite apart from their ramshackle systems, the idea that complaining about a computer error could land me in prison is beyond my tolerance limit. No doubt it will take some time for the broader lessons to sink in. What is the point, for example, of buying hardware encryption devices if people can get away with claiming that system programmers can never get at an authorised library? Why invest in elaborate digital signature schemes if they simply repair the banks' defence that the system cannot be wrong? Is there not a case for giving more consideration to the legal and political consequences of computer security designs? 5. Action. In the meantime, the police investigations branch have to consider whether John Munden will lose his job, and with it his house and his pension. In this regard, it might just possibly be helpful if anyone who feels that Dawson's evidence was untruthful on the point that software can be protected from system programmers on an IBM compatible mainframe, or that it was otherwise unsatisfactory, could write expressing their opinion to the Chief Constable, Cambridgeshire Constabulary, Hinchingbrooke Park, Huntingdon, England PE18 8NP. Ross Anderson ------- End of Forwarded Message From julf at penet.fi Wed Mar 16 06:09:52 1994 From: julf at penet.fi (Johan Helsingius) Date: Wed, 16 Mar 94 06:09:52 PST Subject: Is this list alive? In-Reply-To: <9403141618.AA07456@deathstar.iaks.ira.uka.de> Message-ID: <199403161409.AA15014@lassie.eunet.fi> > Is this mailing list still alive? > I do not get any message for about one week. Well, technically it's working. Just doesn't seem to be much traffic... Julf From elbert2 at darmstadt.gmd.de Wed Mar 16 06:43:55 1994 From: elbert2 at darmstadt.gmd.de (elbert2 at darmstadt.gmd.de) Date: Wed, 16 Mar 94 06:43:55 PST Subject: Is this list alive? Message-ID: <9403161441.AB04402@darmstadt.gmd.de> > >> Is this mailing list still alive? >> I do not get any message for about one week. > >Well, technically it's working. Just doesn't seem to be much traffic... > > Julf > > es scheint, ich bin nicht der einzige der Probleme hat. Es kommen zwar rund fuenfzig mail taeglich :-) hier an, aber manchmal fehlen Mails, zu denen ich replys sehe. Hat wahrscheinlich mit der Umstellung der Mailreflectorsoftware zu tun. mfG Andreas From rarachel at prism.poly.edu Wed Mar 16 06:49:35 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 16 Mar 94 06:49:35 PST Subject: spyproofing your house/work building In-Reply-To: <199403160552.VAA29543@servo.qualcomm.com> Message-ID: <9403161435.AA26700@prism.poly.edu> > Yeah, this is getting pretty far afield, but if you want to see what > IR floodlight/camera combinations look like, visit Disneyland. That > park probably has one of the most extensive video surveillance systems > of any place readily accessible to the public. (I expect Disney World > is much the same). Wow, I never knew that... then again, since Disney is its own government, I should have expected as much.... > IR cameras are everywhere in the inside rides, especially in dark > areas where visible floodlights would ruin the dramatic > effect. Perhaps the easiest place to see them is in Pirates of the > Caribbean. Just turn around and look backwards, and you'll see video > cameras mounted overhead next to dim red lights. > > Other rides where they can be easily seen include People Mover (never > crowded), Haunted Mansion and Space Mountain. Here's another idea... in terms of spyproofing one's house, how about throwing some radio-shack IR-detecting transistors outside the house, rigged to an internal alarm... Ifg a lot of these detectors go off, the folks inside can be fairly sure of some weirdos outside... From rarachel at prism.poly.edu Wed Mar 16 06:52:47 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 16 Mar 94 06:52:47 PST Subject: IR Blocking. In-Reply-To: Message-ID: <9403161440.AA26796@prism.poly.edu> Here's an idea to piss them off.... How about pulling down your shades, and on the inside of the shades, we paste big letter made from aluminum foil that say "Big Brother Go Home" or some such letting'em know that you know they're there... BTW: What's the FBI, Cops, etc. supposed to do when their "suspect" is aware that they're being watched? Do they knock down your door and stop you from attempting to foil their investigation because they have a warrant?? Or do they just go home with their tails between their legs? From elbert2 at darmstadt.gmd.de Wed Mar 16 07:00:34 1994 From: elbert2 at darmstadt.gmd.de (elbert2 at darmstadt.gmd.de) Date: Wed, 16 Mar 94 07:00:34 PST Subject: Is this list alive? Message-ID: <9403161500.AA04605@darmstadt.gmd.de> i'm very sorry, this should not have gone to the list. From rarachel at prism.poly.edu Wed Mar 16 07:04:31 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 16 Mar 94 07:04:31 PST Subject: your mail In-Reply-To: <9403160156.AAwhkh12831@relay2.UU.NET> Message-ID: <9403161449.AA27033@prism.poly.edu> > > Make sure the drapes block IR. There are instances of even local > > police forces flooding the front of a house with IR light, and > > viewing the activities inside with IR viewers -- all of this > > through closed drapes. > > What sort of materials DO block IR ? Lycra ? Wool ? Cotton ? > > And how do we test drapes without buying them first ? > My guess would be that something like aluminum foil would do just fine I remember seeing some ads for some space age drapes that block all IR as to prevent your room forom overheating from sunlight in the summer and from your room leaking heat to the outside in the winter... looked a lot like aluminum foil to me... any idea on whether this stuff can still be found today? From pst at cisco.com Wed Mar 16 07:24:49 1994 From: pst at cisco.com (Paul Traina) Date: Wed, 16 Mar 94 07:24:49 PST Subject: [hughes@ah.com (Eric Hughes): Don Listwin, flaming idiot of the month] Message-ID: <199403161524.AA00627@cider.cisco.com> ------- Forwarded Message Date: Tue, 15 Mar 1994 23:19:36 -0800 From: hughes at ah.com (Eric Hughes) To: pst at cisco.com Subject: Don Listwin, flaming idiot of the month >cypherpunk friends, and proto-cypherpunks (before John's first meeting). The first meeting was at my house, and organized by myself and Tim May. A correction would be welcome. Eric ------- End of Forwarded Message I stand corrected. From pmetzger at lehman.com Wed Mar 16 07:27:45 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 16 Mar 94 07:27:45 PST Subject: digital cash In-Reply-To: <199403160417.AA06399@netsys.com> Message-ID: <9403161527.AA11582@andria.lehman.com> Mark Hittinger says: > > >Mark Hittinger writes: > > The global monetary system is notbased on immutable metals prices. > > You cannot guarantee that gold will track the inflation of the dollar, > > which itself can only be measured relative to other currencies. Even > > during times of widespread inflation, some things don't track > > Uh - I didn't write that. Just for the record. Some other cp did, > I think Perry. Not me. Perry From m5 at vail.tivoli.com Wed Mar 16 07:44:36 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 16 Mar 94 07:44:36 PST Subject: digital cash In-Reply-To: <199403160417.AA06399@netsys.com> Message-ID: <9403161543.AA00613@vail.tivoli.com> > > >Neither Mark Hittinger nor Perry Metzger wrote: > > > The global monetary system... It was me, the well-known international monetary expert. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From prgm at CLASS.ORG Wed Mar 16 08:34:34 1994 From: prgm at CLASS.ORG (Proskauer) Date: Wed, 16 Mar 94 08:34:34 PST Subject: Health Record Privacy Message-ID: Back in November, Rep Condit (D, CA) held hearings on "Implications of Health Care REvision on the Confidentiality of Health Records." IE, the use of the 'smart card' to encode health records, as part of 'portability' of health care. Has anyone kept up on this? I'm looking for articles, studies, monographs, rants, and screeds. Thanks. James O'Meara Proskauer Rose Goetz & Mendelsohn E-mail: prgm at class.org 1585 Broadway Voice: 212-969-5021 New York, NY 10036 Fax: 212-969-2900 From unicorn at access.digex.net Wed Mar 16 08:45:34 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 16 Mar 94 08:45:34 PST Subject: IR Blocking. Message-ID: <199403161645.AA10667@access1.digex.net> -> BTW: What's the FBI, Cops, etc. supposed to do when their "suspect" is aware that they're being watched? Do they knock down your door and stop you from attempting to foil their investigation because they have a warrant?? Or do they just go home with their tails between their legs? <- They get a real attitude and start to break the rules because "Now we're gonna get this smart ass and show him good." "Yeah boss.... right." -uni- (Dark) From dwomack at runner.utsa.edu Wed Mar 16 08:50:59 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Wed, 16 Mar 94 08:50:59 PST Subject: Radio networking Message-ID: <9403161649.AA04219@runner.utsa.edu> >>I wish it was easier to do things like that... Has anyone made any >>progress with networking over unliscensed radio spectrum? Why worry about unliscensed? I believe I've seen a laser (low power Helium/Neon), possibly in the Edmund Scientific catalog, that you can modulate. You'd have a nearly impenetrable, highly directional signal. Failing that, stick to 250mw or less; unless I'm mistaken, that's almost completely unregulated, and certainly doesn't require a license. Lots of hand held CB units, and the Maxon headsets fall in this category. For higher powers, you might consider getting a Ham license, probably at the technician grade. It's true that you aren't permitted to send encrypted messages...but did you know that many hams use SSTV (Slow scan Television) to send still photographs around the *_World_* on long wave (i.e. 10 meter) bands? Of course, only a shamefully irresponsible person would think of violating their duties as a Citizen-Unit (per Mr. May) and use Stegonography to include an encrypted message... You can also legally send unencrypted teletype messages over the Ham waves. Darn modems...sometimes we all have a "bad modem" day when everything comes out garbage. Must be the cables. Regards.. From gtoal at an-teallach.com Wed Mar 16 08:58:32 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 16 Mar 94 08:58:32 PST Subject: CIA@funet.fi ? Message-ID: <199403161656.QAA27345@an-teallach.com> : Graham Toal seems to have drug this thread to cypherpunks from alt.2600... Oh bugger. My newsreader's posting software is broken at the moment, so I read news in rn and file any I want to reply to in my mailbox. Then by the time I read it in mail and hit 'R', and ~h to change the address from the poster to a mail2news gateway, I've lost the newsgroup name. Looks like I forgot which group that article came from. Sorry. G (it's made more confusing because I also get cypherpunks via a newsgroup) From ag588 at cleveland.Freenet.Edu Wed Mar 16 09:13:42 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Wed, 16 Mar 94 09:13:42 PST Subject: IR Blocking. Message-ID: <199403161713.MAA11562@piglet.INS.CWRU.Edu> > >-> >BTW: What's the FBI, Cops, etc. supposed to do when their "suspect" is >aware that they're being watched? Do they knock down your door and >stop you from attempting to foil their investigation because they have >a warrant?? Or do they just go home with their tails between their legs? ><- > >They get a real attitude and start to break the rules because >"Now we're gonna get this smart ass and show him good." >"Yeah boss.... right." > >-uni- (Dark) > > The question as to what they are "supposed" to do can be understood in two ways: (1) what does the law ALLOW them to do, versus (2) what are they likely to do anyway? If the question is understood to be (2) above, then I would agree with Unicorn. But if the question is understood to be (1) above, then inquiry must be made as to (a) whether there is a warrant, and if so then (b) what are the terms of the warrant. If there is no warrant, then of course they should tuck tail and run. If there is a warrant, then upon confrontation the person who is the object of the warrant should be permitted to read it. Maybe the warrant is only to permit tapping of the phone. Maybe the warrant is only to seize certain equipment. At this point, you should shut up (don't say ANYTHING AT ALL) and call your lawyer. If things have gotten this far along, you're no longer in control of the situation and the best thing you can do is hope the feds screw up somehow. Oh, by the way, when you're talking to your lawyer on the phone, don't say anything stupid. Don't admit anything. Just explain the situation and tell him to come over right away. And in the meantime, just stay quiet! -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From jim at bilbo.suite.com Wed Mar 16 09:22:32 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 16 Mar 94 09:22:32 PST Subject: (fwd) Re: What's so bad about a Surveillance State? Message-ID: <9403161716.AA09099@bilbo.suite.com> > Citizen-Unit Miller is to be commended for his > recognition that the common good is served when the state > fulfills its surveillance obligations. > > [more funny stuff deleted] I enjoyed Tim May's post. I'm hoping you all realize my post was simply an electronic stick jabbed into the hornet's nest. I do *not* think a surveillance state is a good thing. I deliberately constructed my post to get people's attention. I want people (other than just Cypherpunks) to think about life in a surveillance state. One goal of mine is to construct a list of all the seemly positive aspects of surveillance technology. I don't think the US will suddenly become a total surveillance state overnight. I do fear the US is evolving into one. Each "positive" use of surveillance technology may become accepted for one reason or another, because, by individually, they may not seem too harmful. However, the cumulative effect of the incorporation of all these "positive" uses of surveillance will transform the US (or any country) into a awful place to live. It may be easier to persuade people not to support government sponsored/controlled surveillance technology if all the "positive" uses are described together, rather than individually. Then again, maybe not. I can at least try. Jim_Miller at suite.com From mmarkley at microsoft.com Wed Mar 16 10:02:47 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Wed, 16 Mar 94 10:02:47 PST Subject: spyproofing your house/work building Message-ID: <9403161641.AA24543@netmail2.microsoft.com> | From: Phil Karn | To: | Cc: | Subject: Re: spyproofing your house/work building | Date: Tuesday, March 15, 1994 9:52PM | | Received: from relay2.UU.NET by netmail.microsoft.com with SMTP (5.65/25-eef) | id AA24541; Tue, 15 Mar 94 21:59:04 -0800 | Received: from toad.com by relay2.UU.NET with SMTP | (5.61/UUNET-internet-primary) id AAwhkx23447; Wed, 16 Mar 94 00:57:56 -0500 | Received: by toad.com id AA02049; Tue, 15 Mar 94 21:52:47 PST | Received: from servo.qualcomm.com by toad.com id AA02042; Tue, 15 Mar 94 21:52:43 PST | Received: from localhost (karn at localhost) by servo.qualcomm.com | (8.6.5/QC-BSD-2.2); id VAA29543 | Tue, 15 Mar 1994 21:52:35 -0800 | Message-Id: <199403160552.VAA29543 at servo.qualcomm.com> | In-Reply-To: <3Vy9ic1w165w at decode.UUCP> (message from System | Operator on Tue, 15 Mar 94 16:00:49 EST) | Sender: netmail!owner-cypherpunks at toad.com | Precedence: bulk | | Yeah, this is getting pretty far afield, but if you want to see what | IR floodlight/camera combinations look like, visit Disneyland. That | park probably has one of the most extensive video surveillance systems | of any place readily accessible to the public. (I expect Disney World | is much the same). | | IR cameras are everywhere in the inside rides, especially in dark | areas where visible floodlights would ruin the dramatic | effect. Perhaps the easiest place to see them is in Pirates of the | Caribbean. Just turn around and look backwards, and you'll see video | cameras mounted overhead next to dim red lights. | | Other rides where they can be easily seen include People Mover (never | crowded), Haunted Mansion and Space Mountain. | | Phil | Disney is a pretty paranoid company. I was there about 13 years ago with some friends and a couple of the people I was with decided to take a 'joint' break in the woods. They looked around and, not seeing anyone, ducked into the bushes. Within about 30 seconds several security guards came running and escorted them out of the park. The guards were not worried about what they were smoking, just that they had gone off the designated path. I've always wondered how the new so fast. Mike. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From tcmay at netcom.com Wed Mar 16 10:29:41 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 16 Mar 94 10:29:41 PST Subject: (fwd) Who's watching you... 01 Message-ID: <199403161830.KAA28656@netcom9.netcom.com> With all the speculation about IR surveillance, I thought I'd forward a fairly meaty article about actual products for video surveillance. If this interests you, Part 2 is in alt.conspiracy. By the way, alt.conspiracy is one of the most consistently entertaining newsgroups out there. Bizarre stuff about UFOs and mind control, to seemingly accurate stuff about U.S. development of biolgoical weapons and plans for increased surveillance. Use a good newsreader and just scan the titles for interesting threads. Glenda Stocks forwards a lot of good articles (though I don't vouch for their accuracy in all cases) about topics of interest to Cypherpunks. Though the source is alt.conspiracy, they're often less paranoid than some of the idle speculations many of us (including me!) sometimes make. At least these are quasi-journalistic pieces. Enjoy them. --Tim May From: Glenda.Stocks at f201.n330.z1.fidonet.org (Glenda Stocks) Newsgroups: alt.conspiracy Subject: Who's watching you... 01 Message-ID: <763792385.AA05350 at rochgte.fidonet.org> Date: Tue, 15 Mar 1994 13:39:00 -0500 Article Cross-posted from 0700 - EMAIL @ CHANNEL1 Posted by GLR at RCI.RIPCO.COM, addressed to SEARCHNET ZEC, on 03/12/94 [Begin Message] THE WORLD OF SURVEILLANCE This Month's Special The clock that can tell time and also tell on you! Deep in the laboratory of Knox Security comes the great creation of the remote controlled covert clock. It looks like a gigantic Hong Kong wrist watch, but hidden below the LCD display is a camera with pan, tilt & zoom. All operations are wireless. The KS300 Remote Controlled Covert Clock (12"x12"x4") has the following features: 1) Very High Frequency video link for high security needs (1300Mhz FM, 10Ghz optional). NTSC format is standard and PAL is available, 2) Accurate remote commands with digital proportional circuits. A 72Mhz FM link is used for the command transmission, 3) Low power consumption (either 110/220VAC or optionally rechargeable led acid or lithium pack), 4) specially treated mirror glass for very low light loss, 5) 6:1 or 10:1 zoom ratio, 6) rugged remote control briefcase (12"x32"x30") with 5" monitor and two joy sticks for commanding: power on/off, transmitter on/off, camera on/off, variable pan/tilt control, variable focus and zoom control. The pan/tilt uses plastic Delron gears and solid state switching components for whisper quiet movements - undetectable to the person(s) being spied on. The pan range is 125 degrees and the tilt range is 50 degrees. The clock face can be removed when it is necessary to hide the unit in a wall cavity for long term (or 3rd party) surveillance applications. Without the clock face the pan and tilt ranges are 355 and 80 degrees respectively. Other ``faces'' can be custom designed. Knox Security Engineering has so far refused to answer Full Disclosure's request for pricing information on the KS300. However, sources indicate that the cost is $27,000.00. Contact: Knox Security Engineering Corporation, 335 Greenwich Av, Greenwich, CT 06830. Phone: (203) 622-7300, Fax: (203) 662-7418. WHAT'S TEXAS UP TO? The Texas Department of Public Safety, Intelligence Unit, Box 4087, Austin, Texas 78773, Phone: (512) 465-2200 is increasing its ability to electronically spy on those in Texas with the purchase of the following equipment in August of 1990: Unitized Intelligence Recording System: Receiver, recorder, and transmitter will be housed in an inconspicuous, high impact commercial grade attache-type case with an antenna installed in the case lid. The cassette recorder will be removable for independent operations. Panel mounted controls and indicator system operate on/off switch, charge indicator lamp, power on indicator, recorder manual/automatic switch, battery test indicator, battery status switch for internal batteries. One crystal supplied with each receiver; additional crystals $75.00 each. Transmitter and receiver shall have FCC type acceptance and certification. Receiver (general description): Voice scrambler standard, VHF high band FM, start-of-the-art GAAS FET RF environment. Dual front end receiver circuitry to provide repeater capability, with separate outputs for earphone, VCR, and line level audio. Receiver specifications: Frequency range: 150 to 174 mhz. Channel capacity: Two (2) 1.7mhz wide frequency bands, may be separated up to 24mhz. Transmitter: A narrow band FM 500mw disguise body transmitter with 9 volt DC power supply utilizing two (2) 9 volt alkaline batteries, switch selectable, clear or scrambled voice transmission standard. The antenna and electret condensor microphone supplied with transmitter. 11 of these systems were ordered Ball Cap Transmitters as per the following: Each transmitter shall be concealable in a ``baseball-type'' cap, with a a specially modified ball cap supplied, utilizing one P-80 6 volt battery in an integral, slide in, battery contract. An internal electret microphone and external plat pack antenna will be supplied. The transmitter shall have an on/off switch. Frequency: 150-174 mhz, Channels: One (1). RF Power out: 120mw. Operating time: 3 hrs using factory fresh battery @68 degrees F. Example: AID TX-731B-CAT #95129-02 or Equal. Continued in the next message... -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Mar 16 10:29:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 16 Mar 94 10:29:58 PST Subject: (fwd) Get your files 01 Message-ID: <199403161830.KAA28729@netcom9.netcom.com> Xref: netcom.com alt.conspiracy:46884 From: Glenda.Stocks at f201.n330.z1.fidonet.org (Glenda Stocks) Path: netcom.com!netcomsv!decwrl!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!convex!news.utdallas.edu!wupost!math.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!eff!news.kei.com!ub!galileo.cc.rochester.edu!ee.rochester.edu!rochgte!UUCP Newsgroups: alt.conspiracy Subject: Get your files 01 Message-ID: <763792385.AA05342 at rochgte.fidonet.org> Date: Tue, 15 Mar 1994 13:39:00 -0500 X-FTN-To: All Lines: 98 Article Cross-posted from 0700 - EMAIL @ CHANNEL1 Posted by GLR at RCI.RIPCO.COM, addressed to SEARCHNET ZEC, on 03/12/94 [Begin Message] Get Your Files By Glen L. Roberts This Bulletin outlines how to get copies of your most important files: Credit Bureau, Medical Bureau, Federal (FBI, IRS, Secret Service, Etc), and State. In most cases it is quite easy, simply write a letter to the correct business or agency and the reply will be forthcoming. This can be made even easier by use of a fill in the blank form. The information required and addresses to write to for your different files follow. Credit Bureaus There are three credit bureaus and they will all require the same information. Provide your full name and address. You might find that by supplying your Social Security Number (SSN), it will smooth the process of getting copies of your credit report. Additionally, if someone else is using your SSN it will be more likely to show up, if they look up your files by SSN rather than name alone. Send your credit bureau request letter to: TRW, P.O. Box 749029, Dallas, Texas 75374 Trans Union, P.O. Box 7000, North Olmstead, Ohio 44070. Equifax, Wildwood Plaza, 7200 Windy Hill Rd, Suite 500, Marietta, Georgia 30067 Medical Bureaus Like credit bureaus collecting and disseminating credit information about us, the Medical Information Bureau does the same for our medical records. Their database is used by insurance companies to prevent someone from withholding information reported to one insurance company from another. The risk of having incorrect information come back to bite is much more serious than a mangled credit history. You should request the nature of substance of your Medical Information Bureau files, and in addition to the information needed to request your Credit Bureau file, you'll need to include your place and date of birth. Medical Information Bureau, P.O. Box 105, Essex Station, Boston, Massachusetts 02112. Phone: (617) 426-3660 Federal Records The Freedom of Information Act and Privacy Act give us the right to copies of our federal files (with certain exceptions, of course). When considering getting copies of these records, the exceptions are not of immediate concern. The federal agency is required to provide copies of all non-exempt material and provide an explanation and description of the exempt records. These all apply to all Executive Branch agencies of the federal government: FBI, IRS, BATF, SECRET SERVICE, etc. They do not apply to the courts or congress. Making a request is simple. You'll need to provide your full name (and any aliases), current and former addresses, place and date of birth, SSN (optional, but it will make them happy!), and you'll have to have your signature notarized, along with a statement that you are requesting a copy of all records that the agency maintains on you. Under law, the federal agencies have ten working days to comply. Depending on the agency, you may have to wait up to three years! Most agencies operate on a centralized basis. Send your request to the office in Washington DC and they will handle it for all offices around the country. Others, such as the IRS and FBI are regional. Send one to Washington DC and each service center or field office that covers the places you have lived or conducted business. Use your local phone book to contact the agencies for their addresses. State Agencies Many States have Freedom of Information Acts based on the federal law. Ask the Research Desk at your public library or State Congressperson. Even if you can't find a State Law, there's no reason not to request files and see what kind of response you get. If you don't ask, you certainly won't receive! Notes Never represent yourself as another to get a copy of their files. Some files are covered by privacy laws, some aren't. Feel free to ask for a copy of someone else's files, but make it clear the files are NOT about you. Either you'll get copies, or be told of a privacy law that prevents the release. Continued in the next message... -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From blancw at microsoft.com Wed Mar 16 10:41:27 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 16 Mar 94 10:41:27 PST Subject: (fwd) Re: What's so bad about a Surveillance State? Message-ID: <9403161842.AA00307@netmail2.microsoft.com> [Tim's reply to Jim] Citizen-Unit Miller is to be commended for his recognition that the common good is served when the state fulfills its surveillance obligations. .... etc. [ uncontrollable giggle from irresponsible unit ] [Jim's reply] I do *not* think a surveillance state is a good thing. I deliberately constructed my post to get people's attention. I want people (other than just Cypherpunks) to think about life in a surveillance state. .............................................. Thinking about life in a surveillance state, I wonder what youall would do if it came to pass? I once asked a bunch of Objectivists what they would do if a certain individual was elected and the US was turned into a socialist/commie paradise. In three hours of discussion, they could not arrive at any viable ideas. Maybe, Jim, you could also compile some replies about how 'free radical units' would deal with the problem. It might sound a bit like a sci-fi story, all total. Blanc From cme at sw.stratus.com Wed Mar 16 11:03:24 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 16 Mar 94 11:03:24 PST Subject: mini-JIR Message-ID: <199403161642.LAA16299@galt.sw.stratus.com> The mini-Journal of Irreproducible Results ("mini-JIR") Editor: Marc Abrahams (jir at mit.edu) Technical Brains: Marilyn Geller (mgeller at mit.edu) has just come out in support of Clipper and an expansion of Clipper to paper mail. It's nice. You might want to write for a copy. (I'd forward the whole thing here but it's 23K). - Carl From koontzd at lrcs.loral.com Wed Mar 16 11:59:54 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 16 Mar 94 11:59:54 PST Subject: (fwd) Re: What's so bad about a Surveillance State? Message-ID: <9403161833.AA04425@io.lrcs.loral.com> Sort of remeniscent of the push by the Bay Area Air Quality Management District, they had the bright idea to tax people for the priveledge of parking at work (not just in SF, but everywhere). Back of the envelope calculations give a number of something like a quarter of a million "block monitorys" to strictly enforce the idea. The single biggest thing stopping facism from becoming rampant in this country is manpower. Be very wary of facism-labor-saving devices. From consensus at netcom.com Wed Mar 16 13:07:45 1994 From: consensus at netcom.com (Christopher Allen) Date: Wed, 16 Mar 94 13:07:45 PST Subject: FWD: Announcing the release of RIPEM version 1.2. Message-ID: <9403162104.AA11636@apple.com> Announcing the release of RIPEM version 1.2. RIPEM 1.2 contains extensive modifications by Jeff Thompson of RSA Data Security to provide a measure of true Internet PEM interoperability, and to implement a "direct-trust" model for public keys. This new certificate-based trust model is more secure than RIPEM 1.1's but less hierarchical than Internet PEM's. RIPEM 1.2 can read all RIPEM 1.1-formatted messages, and can also read genuine MIC-ONLY and MIC-CLEAR Internet PEM messages. RIPEM 1.2 cannot read or produce encrypted Internet PEM messages. RIPEM 1.2's outputed messages can be read by RIPEM 1.1. Before using RIPEM 1.2 to produce messages, you must first generate a "self-signed" certificate. This is done automatically during key generation. For current RIPEM users, you can create a self-signed certificate by simply invoking RIPEM in change-password mode: ripem -c -S output-private-key-file -P output-public-key-file The old field of Originator-Name is only supported for backward compatibility. RIPEM 1.2 really uses the self-signed cert in the Originator-Certificate field. When you receive a message from a sender for the first time, RIPEM will tell you that you don't have a validated certificate for the sender and will display the sender's self-signed certificate digest. You can call the sender and verify that it's correct. Then, you receive the message in -v validation mode which will create and store a certificate from you to the sender. From now on, RIPEM uses it. When you encrypt a message, the message includes something like Recipient-Name: jefft at chirality.rsa.com Recipient-Key-Asymmetric: MFkwCgYEVQgBAQICAgUDSwAwSAJBFc8Mu+7j0iRqZ7eY39hyLUVSKPIRB+oVaGOJ 9ttcJrBDPaucqCcp50leLhh48n9eUbvkQW9L7Yu8RiaLjeaNlU0CAwEAAQ== Key-Info: RSA, Ep8yateOeP3bCBZzh4JYs9ZhlsZJ9B1WSM64nFnV2Y5gCExnKwIT/lhZssZTN0as V/i1ysZIp5QUPsRz/mlF0Ck= Recipient-Name is only included for backwards compatibility. RIPEM 1.2 really uses Recipient-Key-Asymmetric, which is the DER encoding of my public key. When jefft sees this while receiving the message, he knows the associated Key-Info is for him. Using the public key is nice because you don't have to know what your correspondant's issuer and serial number are. It supports this direct trust model nicely. RIPEM 1.2 uses a home directory which currently holds two files: privkey and pubkeys. privkey is the same as the old RIPEM -s private key file. The pubkeys file holds the user's self-signed certificate and the direct-trust certificates they make for other users: User: jefft at chirality.rsa.com UserDistinguishedName: CN = jefft at chirality.rsa.com, OU = Persona Certificate, O = RSA Data Security, Inc., C = US CertificateInfo: MIIB0zCCAX0CEHvlDG8l4VHdqec4RvFBuGIwDQYJKoZIhvcNAQECBQAwbzELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD VQQLExNQZXJzb25hIENlcnRpZmljYXRlMSAwHgYDVQQDFBdqZWZmdEBjaGlyYWxp dHkucnNhLmNvbTAeFw05MzExMzAxOTE1NTFaFw05NTExMzAxOTE1NTFaMG8xCzAJ BgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoG A1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEgMB4GA1UEAxQXamVmZnRAY2hpcmFs aXR5LnJzYS5jb20wWDAKBgRVCAEBAgIB/gNKADBHAkAtAto1Bdion6FnjY2qkliO 7n6RxmL68IJ8r5XMMPX5IERpo4pSEiE/Fbrw2jVlFUTbdQ36Y65tezhS1E4oNsUX AgMBAAEwDQYJKoZIhvcNAQECBQADQQAK/hg100zdjSCapJusmVSzwDaj6YKAa0p3 GJBYYMMIMZbGlE2gx1bnMiI+twftqA2nRj7v7zlaWv3WiP+pihyx Notice that there is no public key by itself, since it is now validated inside the certificate. For RIPEM 1.2, a user's distinguished name is formed with the old RIPEM username as the common name in a Persona distinguished name. Important: During ripem -e -m encrypted -u username, RIPEM looks up the recipient's certificate by scanning pubkeys for a "User:" field as specified by -u and uses the first one it finds. It is possible that there are multiple users with the same common name, so RIPEM always displays the full distinguished names of the recipients it finds when encrypting. If one of these is the wrong DN, the user can abort sending the message. Notice that the Originator-Certificate field is a self-signed cert, a RIPEM signed message conforms closely to RFC 1424. In fact, since the names are already Persona names, you can send it to persona-request at rsa.com and it will return a real Persona certificate. (The RIPEM 1.2 documentation doesn't mention this because there's really nothing a 1.2 user can do with a hierarchical cert right now, but you can see what the future plans are.) Lastly, RIPEM 1.2 doesn't make use of key servers except for backwards compatibility. Quoting from the user manual: Note: RIPEM 1.2 does not use key servers or finger to manage certificates. RIPEM 1.2 only transmits a self-signed certificate, and the only other certificates that are made are direct peer-to-peer. As a RIPEM 1.2 user, you make a certificate from yourself to, say, fred at snark.edu. No one other than you and fred would be interested in this certificate. Hence, RIPEM 1.2 makes no provision for these certificates to be on key servers. A future version of RIPEM is planned which will allow certificate chaining. This will allow you to indirectly trust users directly certified by users of your choice. You will be able to say "I trust all users certified by fred". When this future version of RIPEM is available, it will become meaningful to place certificates on key servers. RIPEM 2.0, with certificate chaining ("web-of-trust") and full Internet PEM interoperability, is expected to be available within a few months. As usual, this distribution can be found on ripem.msu.edu. Only US and Canadian citizens/permanent residents are allowed access; see ripem.msu.edu:/pub/crypt/GETTING_ACCESS. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From consensus at netcom.com Wed Mar 16 13:07:50 1994 From: consensus at netcom.com (Christopher Allen) Date: Wed, 16 Mar 94 13:07:50 PST Subject: RIPEM 1.2 Message-ID: <9403162105.AA11834@apple.com> Now that there is a new version of RIPEM available, what do you think of it? What do you think is the value in using it over PGP? ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From sameer at soda.berkeley.edu Wed Mar 16 13:16:25 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 16 Mar 94 13:16:25 PST Subject: (fwd) Who's watching you... 01 In-Reply-To: <199403161830.KAA28656@netcom9.netcom.com> Message-ID: <199403162115.NAA08717@soda.berkeley.edu> > Knox Security Engineering has so far refused to answer Full Disclosure's > request for pricing information on the KS300. However, sources indicate that > the cost is $27,000.00. Which reminds me.. _Full Disclosure_ is an excellent little magazine put out by Bill Vajk, someone I knew marginally while I was living in Chicago. (I first heard about my file at the Secret Service when Bill & Karl [my sysadmin on the public access system in chicago (mcs.com.. plugplug) were researching an article on Len Rose. ;-) From hfinney at shell.portal.com Wed Mar 16 13:24:19 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 16 Mar 94 13:24:19 PST Subject: digital cash Message-ID: <199403162124.NAA20971@jobe.shell.portal.com> From: Jim McCoy > [...] > There will be nothing more liquid than information in an information > society. Nothing. I'm not sure about this. Liquidity refers to the ease of conversion to cash. Some kinds of information may be easily convertible, others may not. Even with digital cash the relevant definition of liquidity might be acceptability or ease of conversion to other currencies. Digital cash is easy to copy and so there will always be a risk in accepting it unless the bank is accessible or it is highly reputable and is known to cover bad (duplicate) cash. Communications problems, whether technical or political, may make such access difficult. And banks, being unable to collect assets by force to cover their debts, may be vulnerable to some kinds of failures that governments are not. > Seriously, the secret is to remember that the net transcends geopolitical > boundaries. All you need is _one_ bank that can/will convert cash to > digital money and then _everyone in the world who can get an internet > connection can use it_. Well, there are some more requirements. The bank has to be in a setup where it cannot easily be shut down, or more specifically it does not experience any reasonable probability of being shut down in the near future. The net links have to be reliable, as I mentioned above. The bank presumably has to convert digital money back to cash as well as converting in the other direction. The question is, how do you get your cash to/from the bank? Via an anonymous, private, electronic transaction? If you can do that, you don't need digital money; your cash is already electronic and private. But if you have to send your cash the old- fashioned way then you are still vulnerable to the same government pressures you have today. > That is the real danger digital cash poses to > government authority over the monetary system. Once I can get my dollars > or dinars, or donuts exchanged into digital cash it is possible for me to > do things to it never before dreamed of. I can take my locally exchanged > digital-donuts, put them on the net, and send them over to a bank in some > small island nation with lax banking laws for instant conversion at the > moments rate to some other international currency and transferal through > several anonymous accounts, and then zip them over to a network gold server > that will create a certified bullion deposit for me in a real bank. This is the point in these kinds of discussions that I always lose track of things. We are dazzled by the picture of monetary flows flashing all around the world. What I am always unable to pin down is, what exactly prevents this kind of thing from being done today? If you want to invest in gold, you can go down to the coin store and buy some, right? Or you can put your money into a gold-investing mutual fund and use it as a checking account. If you want yen, or marks, you can invest in those. If the point is to do so secretly, why is it easier to mail your paycheck to the digicash bank in the Bahamas than to mail it to an existing bank there? > I can untracably convert my paycheck into a gold deposit in a foreign > nation while sitting in my living room wearing nothing but my socks. I can > conduct intricate financial transactions that are completely outside the > realm of my governement to regulate, imagine what would happen to the > governement if _everyone_ could hide and launder assets as easy as criminal > syndicates. If this does not cause some federal banker an ulcer or two > then they have no idea what the future will bring them, all the better for > us... > > jim Perhaps my problem is that my financial affairs are too limited to really benefit from intricate financial transactions. Investing in a non-dollar- denominated mutual fund would be a major adventure for me :-). If avoiding taxes is the major goal, my problem is that by far the bulk of my taxes are withheld from my paycheck. I know, Sandy or Duncan said, "What? You still have a paycheck?" but let's face it, most people do. It seems to me that the weak point in these bypass-the-government digicash schemes is the conversion between paper cash and digital cash. That looks like the choke point where the government can still keep control. Hal From mccoy at ccwf.cc.utexas.edu Wed Mar 16 13:29:09 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 16 Mar 94 13:29:09 PST Subject: (fwd) Re: What's so bad about a Surveillance State? In-Reply-To: <9403161842.AA00307@netmail2.microsoft.com> Message-ID: <199403162128.AA06712@flubber.cc.utexas.edu> Blanc Weber writes: [...regarding a "surveillance state"...] > > Thinking about life in a surveillance state, I wonder what youall would > do if it came to pass? I once asked a bunch of Objectivists what they > would do if a certain individual was elected and the US was turned into > a socialist/commie paradise. In three hours of discussion, they could > not arrive at any viable ideas. > > Maybe, Jim, you could also compile some replies about how 'free radical > units' would deal with the problem. It might sound a bit like a sci-fi > story, all total. It really all depends on how angry you are about the turn of events. The U.S. has never really faced "terrorism" in the sense that it is a dark fact of life in many parts of the world. Look at how freaked out people were about the WTC bombings. An event such as this might push a lot of people into considering such alternatives... Now imagine a campaign directed by people with the intelligence and savvy such that you would find in the fringe areas of the net (like here for example...) Even I could make a better bomb out of common household chemicals than the one the WTC bombers used... Imagine the effect of random destruction upon some of the completely unprotected infrastructure of the US: -A fire in phone exchanges in Chicago in the 80s and LA recently denies phone service (including E911 services) to major markets, bugs in switching systems cause nation-wide LD service lossage. Now consider the possiblity of a directed and coordinated attack on such systems. It would only work once before security is tightened, but the impact of damaging the switching stations for the top ten markets in the US all at once should not be underestimated. -With the rise of fiber telcos are laying fewer cable routes and just stuffing the routes they do dig up with more fiber than is necessary for replacement of the existing copper, leaving some major areas with only a single path in and out as one bundle of fiber replaces tons of copper that was laid in multiple paths originally becayse it would not fit in one path. Saves the telcos money, but a single backhoe might be able to cause some major damage now... -Americans are woefully unprapared for the loss of any utility services. After watching last summer's flood damage first hand I can assure you that any attacks that damage municipal water supplies will be remembered for quite some time... -A single relay switch burned out in 1972 (i think... :) and caused the entire northeastern US to lose power for hours. Perhaps weak links such as this are still around... Just take a scan through the RISKS digest and ask yourself what kind of damage could be done if someone was really out to cause problems. IMHO, the biggest check we have against a rapid shift to a totalitarian government is that our society is too open to repel an dedicated attack from within... jim From lstanton at lehman.com Wed Mar 16 13:45:26 1994 From: lstanton at lehman.com (Linn Stanton) Date: Wed, 16 Mar 94 13:45:26 PST Subject: RIPEM 1.2 In-Reply-To: <9403162105.AA11834@apple.com> Message-ID: <9403162145.AA22546@sten.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Christopher" == Christopher Allen writes: Christopher> Now that there is a new version of RIPEM available, Christopher> what do you think of it? What do you think is the Christopher> value in using it over PGP? I am glad to see that the 'web of trust' model is spreading. However, I still see no reason to use ripem. 1) ripem is illegal for non-north-american users 2) ripem still uses DES 3) using ripem supports the notion that PKP holds some valid patents Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- iQBVAgUBLYd958GRjm/KQ3JTAQGZHgH/X5f3EuTOelU+yhy6rPbTNK+97JOEsETP MFw9KVf6NLc76nHKxToYla+WNY0em+m5jUKiEPhAj0o6KgP9HZplWA== -----END PGP SIGNATURE----- From jim at bilbo.suite.com Wed Mar 16 13:53:29 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 16 Mar 94 13:53:29 PST Subject: (fwd) Who's watching you... 01 Message-ID: <9403162147.AA14899@bilbo.suite.com> What do people think of the idea of creating a news group dedicated to discussing surveillance technology and its potential impact on society? Jim_Miller at suite.com From smb at research.att.com Wed Mar 16 13:59:32 1994 From: smb at research.att.com (smb at research.att.com) Date: Wed, 16 Mar 94 13:59:32 PST Subject: RIPEM 1.2 Message-ID: <9403162159.AA17964@toad.com> 2) ripem still uses DES RIPEM supports triple DES as well. From mch at sqwest.wimsey.bc.ca Wed Mar 16 14:40:52 1994 From: mch at sqwest.wimsey.bc.ca (Mark C. Henderson) Date: Wed, 16 Mar 94 14:40:52 PST Subject: RIPEM 1.2 Message-ID: <199403162230.AA57989@sqwest.west.sq.com> -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: RIPEM 1.2 > 1) ripem is illegal for non-north-american users Well, export of RIPEM is illegal. Then again, export of PGP is illegal. The difference is that PGP has already been exported and distributed/improved outside of North America. > 2) ripem still uses DES RIPEM has supported triple DES since version 1.1 (I'm the person who added triple DES support to RIPEM). > 3) using ripem supports the notion that PKP holds some valid patents As a practical matter, I am willing to use what the person on the other end of the connection is using. Some people won't/can't use PGP because they don't want to pay (and are worried about the legal issues, IDEA/RSA patents). Some people won't/can't use RIPEM because they are outside of North America, have a religious axe to grind about software patents, or believe that RIPEM is part of an NSA plot to take over the planet. So, I'll sign with PGP. Why? More people on cypherpunks use it. Mark -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLYeIZuULSAGiySfVAQEALAP/UqI9CyYXlhDZnbHDG8QJR30sT7uFGQf4 ji/Hc5T48GI20YdW1IkymsNt8lzB8ECowX185g8I0Nxq4yirCWPohThwIrgqVNSt bEMf4cxSxBqRSJ4rVx5xi8c9soovxmgf+LSCNTW/rweJ1ogRVneKoBEl0WwHY1uA FpQhbd/xUdE= =lR1k -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Wed Mar 16 14:42:45 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Wed, 16 Mar 94 14:42:45 PST Subject: FOIA text Message-ID: <9403162246.AA20684@ nextsrv.cas.muohio.EDU > #include Does anyone know an ftp site where I can find the full text of the Freedom of Information Act? -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From ag588 at cleveland.Freenet.Edu Wed Mar 16 14:48:22 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Wed, 16 Mar 94 14:48:22 PST Subject: (fwd) Who's watching you... 01 Message-ID: <199403162248.RAA27184@eeyore.INS.CWRU.Edu> Reply-To: ag588 at cleveland.Freenet.Edu (John C. Brice, ESQ) From:Surveillance.Center/Population.Control/High.Command To:Field.operatives Re:Citizen.unit.miller/terrorist.free.speech.subversives Cc:[censored] Operatives: Once again citizen.unit.miller is getting out of hand. You have been warned about allowing these subversive postings of his [see below] to reach the Net. Having failed in your primary duty, you are hereby instructed to encourage the creation of the referenced message base. Once this is accomplished, these subversive elements will have unwittingly established (1) a method whereby we can more closely monitor the level of their knowledge; (2) a method whereby we can measure information dispersal rates; and (3) a convenient source for the infusion of disinformation. You know what to do. The Management. > > > >What do people think of the idea of creating a news group dedicated >to discussing surveillance technology and its potential impact on >society? > > >Jim_Miller at suite.com > > > -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From mccoy at ccwf.cc.utexas.edu Wed Mar 16 15:20:47 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 16 Mar 94 15:20:47 PST Subject: digital cash In-Reply-To: <199403162124.NAA20971@jobe.shell.portal.com> Message-ID: <199403162319.AA28510@tramp.cc.utexas.edu> Hal writes: > > From: Jim McCoy > > [...] > > There will be nothing more liquid than information in an information > > society. Nothing. > > I'm not sure about this. Liquidity refers to the ease of conversion to > cash. [...] Even with digital cash the relevant definition of liquidity > might be acceptability or ease of conversion to other currencies. [...] > Communications problems, whether technical or political, may make such > access difficult. [...] This is true. Reliable communications is important here and I was kinda of waving my hand over them and assuming they will be there, but with the current state of growth of the internet it seems to me that communications will become more reliable and more widespread every day. > The bank presumably has to convert digital money back to cash as well as > converting in the other direction. The question is, how do you get your > cash to/from the bank? Via an anonymous, private, electronic transaction? > If you can do that, you don't need digital money; your cash is already > electronic and private. But if you have to send your cash the old- > fashioned way then you are still vulnerable to the same government pressures > you have today. I can send my money to the bank by checking a little box on a form in the beneifts division of my employer instructing them to deposit my paycheck in a specified account in the internet credit union I belong to. Yes, the governemtn can still see it going out and can try to do nasty things to it at the "digital border", but once a path past this boundary is found then whatever lies beyond this point it outside of thier knowledge or control. > This is the point in these kinds of discussions that I always lose track > of things. We are dazzled by the picture of monetary flows flashing all > around the world. What I am always unable to pin down is, what exactly > prevents this kind of thing from being done today? > > If you want to invest in gold, you can go down to the coin store and buy > some, right? Or you can put your money into a gold-investing mutual fund > and use it as a checking account. If you want yen, or marks, you can invest > in those. Yes. Digital cash does give you anythign outright that you were not able to do before, but it lets you do it securely, anonymously, and untracably (depending on the system design) from the comfort of your own phone using equipment and software that a huge number of people have daily access to. I can walk down the street and purchase a chunk of gold, but I can't just get on a plane and head off to switzerland or the bahamas at a moments notice. With telecommunication these options are available to anyone with a phone and a computer and the transaction will be accomplished in seconds instead of hours/days. > It seems to me that the weak point in these bypass-the-government digicash > schemes is the conversion between paper cash and digital cash. That looks > like the choke point where the government can still keep control. Yes and no. They can try, but it is getting harder for them to do so every day. A bank on the internet could also let me transfer some of my deposits into a checking account that I can access from one of the millions of ATMs around the globe that are part of the Cirrus or Pulse, or whatever system. What if your bank card let you deposit money from any ATM location into an account that instantly forwarded it off to a digital cash repository? Or let you withdraw digicash funds into a debit Visa card or other such instrument. There is so little cash being used by most people now that it isn't even funny any more; but the options available for converting funds has prolifereated to the point where it is hard to throw a rock in the US and not bounce it off something that will give you cash from your ATM card or credit/debit card. jim From cme at sw.stratus.com Wed Mar 16 15:48:40 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 16 Mar 94 15:48:40 PST Subject: how to get mini-JIR Message-ID: <199403162348.SAA17061@galt.sw.stratus.com> I don't know what happened to the message I sent right after my mini-JIR announcement. If it's just that TOAD.COM is backed up, sorry about the duplication. The issue you want is 1994-03. --------------------------- 1994-03-10 How to Subscribe / How to Get Back Issues (*) mini-JIR The mini-Journal of Irreproducible Results is an electronic publication, available over the Internet, free of charge. It is distributed as a LISTSERV application. We expect to publish 6-12 issues per year. To subscribe, send a brief E-mail message to either of these addresses: LISTSERV at MITVMA.MIT.EDU or LISTSERV at MITVMA The body of your message should contain ONLY the words "SUBSCRIBE MINI- JIR" followed by your name. Here are two examples: SUBSCRIBE MINI-JIR Irene Curie Joliot SUBSCRIBE MINI-JIR Nicholai Lobachevsky To stop subscribing, send the following message to the same address: SIGNOFF MINI-JIR To obtain a list of back issues, send this message: INDEX MINI-JIR To retrieve a particular back issue, send a message specifying which issue you want. For example, to retrieve issue 93-00002, send this message: GET MINI-JIR 93-00002 If you have questions about how to subscribe, or if you would like to re-distribute mini-JIR, please send e-mail to: mgeller at mit.edu [PLEASE NOTE: if you are regularly posting mini-JIR on your gopher, WWW, news group or mailing list, please drop an e-mail note to mgeller at mit.edu so that we can compile a complete resource list -- thanks!] From sandfort at crl.com Wed Mar 16 16:49:19 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 16 Mar 94 16:49:19 PST Subject: digital cash In-Reply-To: <199403162124.NAA20971@jobe.shell.portal.com> Message-ID: C'punks, On Wed, 16 Mar 1994, Hal wrote: > . . . > If you want to invest in gold, you can go down to the coin store and buy > some, right? Or you can put your money into a gold-investing mutual fund > and use it as a checking account. If you want yen, or marks, you can invest > in those. > > If the point is to do so secretly, why is it easier to mail your paycheck > to the digicash bank in the Bahamas than to mail it to an existing bank > there? > > . . . > > If avoiding taxes is the major goal, my problem is that by far the bulk of > my taxes are withheld from my paycheck. I know, Sandy or Duncan said, "What? > You still have a paycheck?" but let's face it, most people do. > Are you so sure about this? Yes, most people receive some of their income in a paycheck. Be advised, though, the underground economy is vigorous and robust. Are their any mechanics out there who *don't* do auto repair on the side? Accountants? Plumbers? Programmers? I also find it hard to believe most waiters and waitresses are reporting their tips. I'm sure we could extend this list for hours. Digital cash transactions could easily surpass above ground transfers. Not everyone nor every dollar needs to go via digital channels to (a) make a digital bank successful or (b) put a major crimp in the ability to finance government. > It seems to me that the weak point in these bypass-the-government digicash > schemes is the conversion between paper cash and digital cash. That looks > like the choke point where the government can still keep control. Don't be so sure, Hal. There are, and will be, plenty of financial transaction that will never, or rarely, need to convert to or from cash. When they do, well, that's what ATMs are for. S a n d y From sandfort at crl.com Wed Mar 16 16:54:44 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 16 Mar 94 16:54:44 PST Subject: (fwd) Who's watching you... 01 In-Reply-To: <9403162147.AA14899@bilbo.suite.com> Message-ID: C'punks, On Wed, 16 Mar 1994, Jim Miller wrote: > > > What do people think of the idea of creating a news group dedicated > to discussing surveillance technology and its potential impact on > society? > > > Jim_Miller at suite.com Well, I think it might fractionalize our current efforts. I think the theme of crypto is big enough to subsum surveillance threats. S a n d y From wcs at anchor.ho.att.com Wed Mar 16 17:22:54 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 16 Mar 94 17:22:54 PST Subject: digital cash Message-ID: <9403170121.AA23382@anchor.ho.att.com> Mike McNally wrote: > > > >Neither Mark Hittinger nor Perry Metzger wrote: > > > > The global monetary system... > It was me, the well-known international monetary expert. And if it hadn't been him, it could have been me. Watch whenever I'm buying or selling precious metals or stocks, and do the opposite, and you should be able to out-perform the market just fine :-) Unfortunately, as they say, knowing Murphy's Law doesn't help either, so I'm not able to use this strategy effectively....... Bill From mg5n+ at andrew.cmu.edu Wed Mar 16 18:13:15 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 16 Mar 94 18:13:15 PST Subject: Radio Networking In-Reply-To: <199403160926.26544@bnsgs200.bnr.co.uk> Message-ID: Ed Switalski : > *** use Meteorscatter links: A low power, fairly covert, burst > transmission medium. dwomack at runner.jpl.utsa.edu (David L Womack): > Why worry about unliscensed? I believe I've seen a laser (low > power Helium/Neon), possibly in the Edmund Scientific catalog, > that you can modulate. You'd have a nearly impenetrable, highly > directional signal. True... But a simple radio transciever is much cheaper and easier to build than a laser system or sophisticated meteor bounce hardware. It might be possible to use a highly focused beam from a LED instead of a laser. Unfortunantly, there is still the problem with the beam getting blocked... > Failing that, stick to 250mw or less; unless I'm mistaken, that's > almost completely unregulated, and certainly doesn't require a > license. Lots of hand held CB units, and the Maxon headsets fall > in this category. About how far can one transmit with 250mw? > For higher powers, you might consider getting a Ham license, > probably at the technician grade. It's true that you aren't > permitted to send encrypted messages... Now, how many cypherpunks do you know that would send unencrypted data over the aitwaves??? Not many. I know there isn't much respect for the law, but I don't want to make an obvious ass of myself. > but did you know that many hams use SSTV (Slow scan > Television) to send still photographs around the *_World_* > on long wave (i.e. 10 meter) bands? Of course, only a > shamefully irresponsible person would think of violating > their duties as a Citizen-Unit (per Mr. May) and use > Stegonography to include an encrypted message... Seems like more trouble than it's worth... certainly not a convienient e-mail system. From darklord+ at CMU.EDU Wed Mar 16 19:20:37 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 16 Mar 94 19:20:37 PST Subject: brainstorming on cpunks' eve In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 11-Mar-94 brainstorming on cpunks' eve by Matt Thomlinson at u.washin > I was wondering what people were thinking about putting together a > page for WWW? Would it be useful? Would people browsing around look at > it and would it be a medium to disseminate info? Maybe divide it up... > > RSA, DES, IDEA, 3-DES, etc. > Clipper, Capstone, Skipjack, Tessera > PGP, stego programs available, RIPEM, etc. > EFF, CPSR, Cypherpunks---- > |media coverage > |remailers > |stego > |voice pgp > |clipper projects-FOIAs, bigbro inside, etc. > other sources of info: sci.crypt, alt.pgp, alt.whistleblowers, > alt. privacy, alt.security. [CRs removed for brevity] Well, I have a little web site. I'm uploading as much hacker/cyber/clipper stuff as my quota will hold. Feel free to browse. URL = http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/www/matrix/matrix .html Have phun! Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger for Geek | don't have a reason to fight / they never had one before" Code, PGP Key | -Ministry, "Hero" > http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/www/default.html < From darklord+ at CMU.EDU Wed Mar 16 20:08:21 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 16 Mar 94 20:08:21 PST Subject: corrupt gov't In-Reply-To: <9403121342.AA24397@andria.lehman.com> Message-ID: Excerpts from internet.cypherpunks: 12-Mar-94 by "Perry E. Metzger"@lehma > rishab at dxm.ernet.in says: > > > > > > if the clipper chip passed. what's stopping > > > > corrupt government people from selling access > > > > to the encryption to the highest bidders to spy > > > > on competitors communications. > > > Nothing. > > > > What stops a *corrupt* government from shooting you if you dissent? > > The knowledge that in the U.S. there would be riots and quite possibly > a revolt. Hmmmm, the question is, what does it say about a government from beating you enough to permanently disfigure you is you look at their representatives the wrong way? Hmmmm, and what does it say if said government continues to run smoothly after the resulting riots/badly organized revolts? Shades of LA, Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger for Geek | don't have a reason to fight / they never had one before" Code, PGP Key | -Ministry, "Hero" > http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/www/default.html < From darklord+ at CMU.EDU Wed Mar 16 20:17:38 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 16 Mar 94 20:17:38 PST Subject: PowerMacPGP In-Reply-To: <9403122127.AA07013@m1-115-2.MIT.EDU> Message-ID: <8hVxa4i00iUvADc=ZY@andrew.cmu.edu> Excerpts from internet.cypherpunks: 12-Mar-94 Re: PowerMacPGP by Derek Atkins at MIT.EDU > > Does anyone know if Mr. Zimmerman or anyone else will be writing a > > Power Macint -osh PGP porgram. What about the other popular > > encryption programs. Thanks, > > The source code is available. If you have a C compiler, it shouldn't > be very hard to build. Then again its a Macintosh, so who really > knows? I don't expect to see Phil to do it, since Phil hasn't done > any coding for PGP. Also, I don't think that PowerMacs are prominent > enough for developers to have them, yet. Actually, the MacPGP 2.2 source compiles pretty much out of the box. As soon as THINK C for PowerPC comes out, it should be trivial. Note, the power Macs were released yesterday, they're pretty cool. Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger for Geek | don't have a reason to fight / they never had one before" Code, PGP Key | -Ministry, "Hero" > http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/www/default.html < From sameer at soda.berkeley.edu Wed Mar 16 20:25:00 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 16 Mar 94 20:25:00 PST Subject: brainstorming on cpunks' eve In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Jeremiah A Blatz spake: > > Excerpts from internet.cypherpunks: 11-Mar-94 brainstorming on cpunks' > eve by Matt Thomlinson at u.washin > > I was wondering what people were thinking about putting together a > > page for WWW? Would it be useful? Would people browsing around look at > > it and would it be a medium to disseminate info? Maybe divide it up... I've been working on adding html to the soda.berkeley.edu archive. It's still "under construction" and very messy right now, but it's there. ftp://soda.berkeley.edu/pub/cypherpunks/Home.html -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYfayXi7eNFdXppdAQHdOwQAh0NOhCgGNA1d3yUJlKU+w63SaJwpKn8u ADhuqA0kAMCk3JFx1bH5yw1/nr1qQHh/OI+6ZP6GPhnDFvpHTfrN0WALSwcTQJAg 0RiAyQ7omyZubY1KdTk8jKulkvD8myo5nCM1IywRVHspHHi2kuQaDDDW7IKm5zU4 z1H21EmWYdU= =ibH4 -----END PGP SIGNATURE----- From bugs at netsys.com Wed Mar 16 20:59:31 1994 From: bugs at netsys.com (Mark Hittinger) Date: Wed, 16 Mar 94 20:59:31 PST Subject: digital cash hot and cold Message-ID: <199403170502.AA19654@netsys.com> >Yes. There will be nothing more liquid than information in an information >society. Nothing. How about dis-information and lies? >> As more people see >> the advantages of digital cash then there might be bidding for the >> available pool. If digital cash supply is restricted in some way, >> early converters would gain advantage. >Limiting the pool is harder than you would think. Use all the numbers you >want, we'll make more :) If the supply of digital cash is unlimited, then how can it have value? --------- His system was just roadkill along the information superhighway. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From hfinney at shell.portal.com Wed Mar 16 21:35:38 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 16 Mar 94 21:35:38 PST Subject: The Joy of Digicash Message-ID: <199403170535.VAA20092@jobe.shell.portal.com> It occurs to me that digital cash could be a collector's item. Paper money is widely collected, as are coins. I got a book out of the library on old American paper money, and many of the old bills are startlingly beautiful. Interestingly, the old money is still legal tender so there is a floor under the value of the bills that you collect. Until 1861, the U.S. did not issue any paper money, only coins. In those days, paper money was issued by private banks (usually with state charters). The money was backed by dollars, coins, which the bank owned. Unfortunately, capitalism is a dynamic system and in those days bank failures were no more unusual than corporate failures are today. When this happened, the bank's notes became worthless. Counterfeiting was also a big problem with the thousands of different banks issuing notes. It is interesting to speculate that digital cash might lead to an electronic system with some similarities to those old days. Collecting digital cash has some problems. Collectors are generally attracted to items that are beautiful, interesting, and rare. Digital cash is interesting enough, but its beauty is rather abstract. Rarity is also hard to evaluate; each individual note has a unique serial number, and what it has in common with other notes of its denomination is the bank key and the exponent. Uncirculated notes are generally more valuable than others in the paper world; with digital banknotes the only way to tell whether it has been "circulated" would be to have access to the bank's database of spent notes, to verify that the note had never been deposited. Rarity could be determined by the bank's key and exponent. The Magic Money system has a provision for the bank to periodically move to another set of exponents to represent the same denominations (in order to keep the size of the note database from growing too large). If banks would do this at regular intervals, then particularly the early issues would be relatively rare. One might even have an early banknote notarized (digitally timestamped) so that one could prove its value in later years. Beauty is harder to deal with. Strictly speaking, digital cash is invisible, consisting only of an information pattern in RAM chips or on a disk. The numbers which represent the cash can be printed out, though, and this representation could perhaps have some beauty. Unfortunately, in my opinion several lines of random hex digits are not beautiful. I have been working on ideas to display the information in digital cash in some other way that is more esthetic. It would be nice if the display somehow only worked for correctly signed cash notes, with forged cash not displaying anything nice. My general idea is to display a "fingerprint" of each individual banknote, something that is unique to that note and which has a sort of beauty. One idea I have worked on is to seed a 1-D cellular automaton with a bit pattern based on the digital cash. This seed is then processed by the CA algorithm to produce some pattern, with each row being a function of the previous row. My thought was to start the CA at the top and the bottom of the screen with the two different functions applied to the cash which should be equal if the cash validates (taking the number to the proper exponent on one hand, and applying the MD5 hash of the serial number on the other, for the case of magic money). Then we work inwards with the two seeds. Proper cash will produce a symmetrical pattern. By choosing good CA rules, the patterns will be different for each bill, some nicer than others, leading to attractive fractal-looking patterns for many bills. When you wanted to "look at your money" you could run the program on the digital cash. People might even trade for especially attractive bills. A similar idea is to use the cash as the basis for some fractal algorithm. Many fractals have the property that most of the plane is plain, while only a fraction looks really fractal. Digital cash has the property that when exponentiated it leads to a number most of whose bits are fixed but which has a small number of varying bits. If we had a mapping which took the fixed digicash bits onto the interesting parts of the fractal, then fake cash would not produce pretty pictures, while real cash would produce some part of a beautiful fractal. Again, you would have validation and beauty being tied together. I've been doing some experiments with the first idea, hoping to produce something nice. With a little more thought I hope to come up with a viewer for your Magic Money that will bring out its natural beauty and rarity. This will be a must for all serious collectors of digicash. Hal From jimn8 at netcom.com Wed Mar 16 21:38:45 1994 From: jimn8 at netcom.com (Jim Nitchals) Date: Wed, 16 Mar 94 21:38:45 PST Subject: OTP for remailers? Message-ID: <199403170539.VAA08210@netcom10.netcom.com> I hope this isn't redundant; if this idea has been covered, sorry. Wouldn't it make sense for remailers to use OTP's for encryption? Public keys are great, but they can be black-bagged. I'd imagine that a copy of the private key to a popular remailer could be very valuable to anyone who could monitor remailer traffic transparently. A one-time pad on CD-ROM should hold enough pad data to last for several days' worth of data sent between remailers, even at high message volumes. So OTP's could be used practically between friendly remailers. Do existing remailers change their public keys often enough to limit exposure by their users in the event of the key being compromised? If so, perhaps I should be less concerned than I am. Nevertheless, I'd like to be able to talk to a remailer via a one-time pad. The OTP could be sold to remailer users as a means of generating revenue (a OTP CD-ROM could be made for about $20 and sold for a very reasonable price but still be profitable!) Once the OTP is used, it can (and should) be destroyed. On the other hand, data encrypted with a public key is vulnerable to black bag attacks on that key, as I just said. The cost of burning CD-ROMs is going down pretty rapidly. Wholesale cost of a burning mechanism should be well under $1,000 within the next year or two, and RNG hardware is coming online too. Blank media runs $15-$20, although Kodak sells PhotoCD media cheaper, at a loss, to developers who promise to use the discs for PhotoCD images ;) I don't really have anything in principle against the use of public keys for remailers; it would just make me feel a bit easier about their security if the private key couldn't be black-bagged with a using them if my communication to them couldn't be black-bagged with a simple bug that transmits the private key. I'd imagine a bus snooper chip could be made easily enough that could look for instruction and data flow corresponding to keys, and transmit it over low bandwidth channels to a listening station. I find it harder to imagine a device that could tap an entire data stream from a hard drive and transmit the complete contents undetected (assuming the remailer operator checks for bugs.) Now for a discussion on how to get a OTP CD from Finland without having the mail intercepted... nahh, never mind. - Jim Nitchals From nates at netcom.com Thu Mar 17 01:09:40 1994 From: nates at netcom.com (Nate Sammons) Date: Thu, 17 Mar 94 01:09:40 PST Subject: Nate's Anonymous Remailer v 1.0 Message-ID: <199403170910.BAA02520@mail.netcom.com> Send mail to nates at netcom.com with: :: SendInformation for information with :: SendSoftware to get a uuencoded file with the mailer inside. I need a place to put the software, so if anyone has an ftp site with 10K of space... -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From E.Switalski at bnr.co.uk Thu Mar 17 01:16:04 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Thu, 17 Mar 94 01:16:04 PST Subject: Radio Networking In-Reply-To: Message-ID: <199403170915.5154@bnsgs200.bnr.co.uk> >About how far can one transmit with 250mw? *** Quite Far ! With coherent CW you can key morse Japan/US i.e cross the Pacific on a few watts. CCW involves getting the Tx master oscillator and the receivers local oscillator phase-locked (by using the local time/frequency standard transmitter (e.g. WWV MSF etc -one can also get nifty little rubidium standard clocks quite cheaply these days). US readers might care to look in the ARRL handbook for 1982 or thereabouts. CCW implies slow signalling speeds- a few baud, very narrow detection bandwidth few hertz (to match signalling) and coherent TX and RX. The ultimate limit is probably phase shift in the ionosphere. Use a frequency that a bit off Big Brother's scanner channel spacing and your emmission may not be detected -unless the spook is right on top of you. Which is just as well given it might take DAYS to download a .ps document ;-( Note this is a slow and gentle way of doing things, as opposed to a high-bandwidth, time-compressed (fairlyly high-power) "screech" transmission with somthing like meteorscatter. Regards, __o __o Ed \<, \<, _________________________________________()/ ()_____()/ ()_____________ Ed Switalski email: eswitals at bnr.co.uk Dept GM21, BNR Europe Ltd, Oakleigh Rd South, tel: +44 (0)81 945-2924 New Southgate, fax: +44 (0)81 945-3116 London, N11 1HB LON40, internal ESN (730) 2924 _______________________________________________________________________ From nates at netcom.com Thu Mar 17 01:20:43 1994 From: nates at netcom.com (Nate Sammons) Date: Thu, 17 Mar 94 01:20:43 PST Subject: Nate's Remailer... slight problem Message-ID: <199403170921.BAA03261@mail.netcom.com> It appears that Netcom does not have the latest version of perl (4.0 rev 36), so some of the pattern patching code does not return theproper value... for instance, if I can find a string like "hello there" with 4.0r36, in the version that netcom has, I only get "hello" So, basically, the name displayed for my remailer is "Jed's" and it should actually be "Jed's Anonymous Remailer Emporium and Tanning Salon" This should not affect any of the functioning of the remailer, but it does affect the cosmetics. I am talking with netcom to see when they are going to upgrade... -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From miron at extropia.wimsey.com Thu Mar 17 01:38:52 1994 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Thu, 17 Mar 94 01:38:52 PST Subject: Bcc header added to my remailer Message-ID: <1994Mar17.084341.7547@extropia.wimsey.com> I have implemented the "Bcc:" header in my remailer. It can be used instead (or in addition) to the "Request-remailing-to:" header. Addresses on the "Bcc:" line will not be added to the outgoing mail headers. The remailer is remail at extropia.wimsey.com. -- Miron Cuperman | NeXTmail/Mime ok Unix/C++/DSP, consulting/contracting | Public key avail From E.Switalski at bnr.co.uk Thu Mar 17 04:32:29 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Thu, 17 Mar 94 04:32:29 PST Subject: No Subject Message-ID: <199403171231.6193@bnsgs200.bnr.co.uk> ------- Forwarded Message Return-Path: owner-cypherpunks at toad.com Received: from hedera.bnr.co.uk on bnsgs200.bnr.co.uk over SMTP (5.65c/UK-2.1-MX(adur)); Thu, 17 Mar 1994 09:37:18 GMT Received: from eurogate.bnr.co.uk by hedera.bnr.co.uk with SMTP (PP); Thu, 17 Mar 1994 09:37:14 +0000 Received: from relay2.UU.NET by eurogate.bnr.co.uk with Internet SMTP (PP) id <25474-0 at eurogate.bnr.co.uk>; Thu, 17 Mar 1994 09:37:08 +0000 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwhpd03977; Thu, 17 Mar 94 04:28:59 -0500 Received: by toad.com id AA08739; Thu, 17 Mar 94 01:16:04 PST Received: from eurogate.bnr.co.uk by toad.com id AA08728; Thu, 17 Mar 94 01:15:46 PST Received: from bnr.co.uk by eurogate.bnr.co.uk with SMTP (PP) id <25199-0 at eurogate.bnr.co.uk>; Thu, 17 Mar 1994 09:15:20 +0000 Received: from bnsgs200.bnr.co.uk by hedera.bnr.co.uk with SMTP (PP); Thu, 17 Mar 1994 09:15:11 +0000 Message-Id: <199403170915.5154 at bnsgs200.bnr.co.uk> Received: from bnsgs207.bnr.co.uk on bnsgs200.bnr.co.uk over SMTP (5.65c/UK-2.1-MX(adur)); Thu, 17 Mar 1994 09:15:06 GMT To: Matthew J Ghio Cc: cypherpunks at toad.com Subject: Re: Radio Networking In-Reply-To: Your message of "Wed, 16 Mar 1994 21:12:00 EST." Date: Thu, 17 Mar 1994 09:14:32 +0000 From: Ed Switalski Sender: owner-cypherpunks at toad.com Precedence: bulk >About how far can one transmit with 250mw? *** Quite Far ! With coherent CW you can key morse Japan/US i.e cross the Pacific on a few watts. CCW involves getting the Tx master oscillator and the receivers local oscillator phase-locked (by using the local time/frequency standard transmitter (e.g. WWV MSF etc -one can also get nifty little rubidium standard clocks quite cheaply these days). US readers might care to look in the ARRL handbook for 1982 or thereabouts. CCW implies slow signalling speeds- a few baud, very narrow detection bandwidth few hertz (to match signalling) and coherent TX and RX. The ultimate limit is probably phase shift in the ionosphere. Use a frequency that a bit off Big Brother's scanner channel spacing and your emmission may not be detected -unless the spook is right on top of you. Which is just as well given it might take DAYS to download a .ps document ;-( Note this is a slow and gentle way of doing things, as opposed to a high-bandwidth, time-compressed (fairlyly high-power) "screech" transmission with somthing like meteorscatter. Regards, __o __o Ed \<, \<, _________________________________________()/ ()_____()/ ()_____________ Ed Switalski email: eswitals at bnr.co.uk Dept GM21, BNR Europe Ltd, Oakleigh Rd South, tel: +44 (0)81 945-2924 New Southgate, fax: +44 (0)81 945-3116 London, N11 1HB LON40, internal ESN (730) 2924 _______________________________________________________________________ ------- End of Forwarded Message From unicorn at access.digex.net Thu Mar 17 05:00:56 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 17 Mar 94 05:00:56 PST Subject: Clipper hearings Message-ID: <199403171300.AA03218@access1.digex.net> Begin Forwarded Message talk.politics.crypto #3763 (4 more) Subject: Clipper hearings. Not yet scheduled for CSPAN. From: kwebb at unm.edu (Kyle L. Webb) Date: Wed Mar 16 21:07:21 EST 1994 Organization: University of New Mexico, Albuquerque Lines: 28 Forgive me if this has been put out before. I called Senator Leahy's office, and was told that the Clipper hearings were to be held Friday March 18th at 1030 am EST in room 226 Dirksen Senate Office Building. I sent email to cspanviewr at aol.org which is CSPAN's viewer comment address letting them know of this. Today I got back a reply that there was as yet no plan to cover this event, but that the info had been forwarded to the programming staff. My guess is that it is far more likely that these hearings will be shown by CSPAN if there are a large number of requests to either the email address for CSPAN or phone calls to the CSPAN office, inquiring if the hearings will be broadcast. If getting information on Clipper into the public eye is important, then getting the hearings carried by CSPAN would be a good way to start. CSPAN's viewer services phone number is (202) 626-7963 (I got this number from CSPAN's gopher server, so it's been on the net before) Kyle L. Webb Dept. of Physics + Astronomy kwebb at carina.unm.edu University of New Mexico - fin -uni- (Dark) From bart at netcom.com Thu Mar 17 05:18:29 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 17 Mar 94 05:18:29 PST Subject: Senator Leahy's hearing Message-ID: <199403171319.FAA09423@mail.netcom.com> Will you be covering this hearing on the important issue of the Clipper chip and our rights to privacy? It will be on March 18th, this Friday, at 10:30 am EST in Room 226 of the Dirksen Senate Office Building. Hope you can tape it for rebroadcast if you can't cover it live. Please let me know your schedule as soon as possible as I would hate to miss it, and have lots of friends who I would like to advise of the time and date. From m5 at vail.tivoli.com Thu Mar 17 05:28:24 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 17 Mar 94 05:28:24 PST Subject: NSA and PGP rabblerousing In-Reply-To: <9403140240.AA04160@bsu-cs.bsu.edu> Message-ID: <9403171328.AA04188@vail.tivoli.com> Anonymous writes: > The guy was really biased against PGP, calling it "illegal", > but he also hinted that it had been broken. The hint was wrapped within > a "non-denial denial" (for fans of "All The President's Men") and there > was no *concrete* information given to support it. I've watched enough TV in my day to realize that if PGP had been broken, they sure as heck wouldn't tell anybody about it. The only reason to make such an implication is to prevent people from using it. Note that doubling the key size from 1024 to 2048 bits is also probably a ruse, since it dramatically increases computation time (I think). 1024 bits are a lot of bits as it is. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From bart at netcom.com Thu Mar 17 05:28:27 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 17 Mar 94 05:28:27 PST Subject: Address correction Message-ID: <199403171329.FAA09778@mail.netcom.com> The address given by Black Unicorn to mail to cspan was in error, my mail to cspanviewr at aol.org bounced. To rattle their cage, try cspanviewr at aol.COM. From gtoal at an-teallach.com Thu Mar 17 06:33:53 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 17 Mar 94 06:33:53 PST Subject: Guardian, front page, March 17. Message-ID: <199403171429.OAA03989@an-teallach.com> "The security services are said to have warned the Department of Trade and Industry that they will need to act more publicly if the service (talking about the Royal Mail - G) is privatised. They also point out that unlike the privatisation of the telephone network, which left the British Telecom network intact and easy to tap, the privatisation of the Royal Mail will lead to independent competitor services, making the interception of mail much more difficult." G From panzer at dhp.com Thu Mar 17 08:50:09 1994 From: panzer at dhp.com (Panzer Boy) Date: Thu, 17 Mar 94 08:50:09 PST Subject: NSA and PGP rabblerousing In-Reply-To: <9403171328.AA04188@vail.tivoli.com> Message-ID: On Thu, 17 Mar 1994, Mike McNally wrote: > > Anonymous writes: > > The guy was really biased against PGP, calling it "illegal", > > but he also hinted that it had been broken. The hint was wrapped within > > a "non-denial denial" (for fans of "All The President's Men") and there > > was no *concrete* information given to support it. > > I've watched enough TV in my day to realize that if PGP had been > broken, they sure as heck wouldn't tell anybody about it. The only > reason to make such an implication is to prevent people from using it. Or, if you subscribe to massive conspiracy theories... That if they broke it, they'ld tell people about it. And people like you would think would think that they hadn't and it was all a ruse. Then you would go out an encrypt your child-porn with pgp, and the spooks would be able to read it. :) Always remember about reverse physcology... -Matt (panzer at dhp.com) "That which can never be enforced should not be prohibited." From mg5n+ at andrew.cmu.edu Thu Mar 17 08:51:02 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 17 Mar 94 08:51:02 PST Subject: Radio Networking In-Reply-To: <199403170915.5154@bnsgs200.bnr.co.uk> Message-ID: <8hW8cKi00WAu0UsEso@andrew.cmu.edu> Ed Switalski wrote: >*** Quite Far ! > > With coherent CW you can key morse Japan/US i.e cross the Pacific > on a few watts. If so, this might make a very convienient email/chat system... and with encryption, a great way to hide our anonymous remailer connections from 'Big Brother'. I must admit I don't know much about radio hardware... But would it be possible to link up a large metropolitan area via radio links of this type and transmit email and such? I think I could find a lot of sysops interested in that... no more waiting until night to get netmail! If the system worked at 300 bps, you could transmit a 2K message in about one minute. That would allow over 1000 messages per day, much less than most small BBS networks, and certainly enough to keep up with this list. (Not to mention that ASCII text is very compressable, 50% or more compression is not difficult in many cases.) How hard would it be to build a small transmitter/receiver system to handle data at low bps rates? And how much would it cost? From mmarkley at microsoft.com Thu Mar 17 08:51:40 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Thu, 17 Mar 94 08:51:40 PST Subject: OSS Message-ID: <9403171652.AA00518@netmail2.microsoft.com> Last night (4/16/94) both the Discover Channel and A & E Network ran specials on the OSS and the part that they played in helping the Allies win World War II. It was kind of interesting to see what went on back then. I didn't watch the whole thing because I grew tired of watching grainy black and white footage of people walking through mud and water in rain forests on Pacific islands. I'm just curious if there is any connection between these broadcasts, which were quite rah-rah about the need for covert intelligence agencies, and the current Skipjack debate. Mike. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From talon57 at well.sf.ca.us Thu Mar 17 08:55:42 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 17 Mar 94 08:55:42 PST Subject: Whats so bad about a surveillance state Message-ID: <199403171655.IAA27989@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Disclaimer: The opinions expressed are my own and do not represent the views of Ameritech or it's alliance partners. Blanc Weber Postulates: > -With the rise of fiber telcos are laying fewer cable > routes and just stuffing the routes they do dig up with > more fiber than is necessary for replacement of the > existing copper, leaving some major areas with only a > single path in and out as one bundle of fiber replaces > tons of copper that was laid in multiple paths > originally becayse it would not fit in one path. Saves > the telcos money, but a single backhoe might be able to > cause some major damage now... Well, I can't speak for the other Telco's, but here in the Midwest this is flat out untrue. Project looking glass which resulted in a Billion dollars of additional fiber installed in the last year, and an additional billion a year for the next 6 years is completely diversified. Countercurrent rings, diverse pathways, the whole bit. I believe the Internet was a model for these strategies. I might add that this is not new, we've been pursuing these strategies as long as I've been here. (about ten years) There were a couple of incidents involving landscape contractors in the last year, none resulted in significant outage. This is particularly interesting since the utilities run a service called JULIE (for Joint Utility Locating something or other) which you are supposed to call 48 hours before you dig, we'll send someone out to make sure you don't encounter anything. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYiI2NCcBnAsu2t1AQGlPwP/ax2RmIZf0gFe86gwQmFqxNKcte5lRscW 2Y3AaPjLWIkN9O8IfMf5ZUaLQMMCEKJWfWUzq1B53Gwp3O3aTvpNhCpCnrHI8od7 uw8OcwyNKkYy4MyAtd4aCDkf7dMDuo4APZgSrS7IFSVRIK5ciFx6FopYyATuaOCa ZuywqzZWObI= =2g/i -----END PGP SIGNATURE----- From blancw at microsoft.com Thu Mar 17 09:06:03 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 17 Mar 94 09:06:03 PST Subject: The Joy of Digicash Message-ID: <9403171706.AA00950@netmail2.microsoft.com> >From Hal: Proper cash will produce a symmetrical pattern. By choosing good CA rules, the patterns will be different for each bill, some nicer than others, leading to attractive fractal-looking patterns for many bills. When you wanted to "look at your money" you could run the program on the digital cash. People might even trade for especially attractive bills. ..................... This sounds really cool, if it could work that way. I can imagine a large screen wall display of these fractal images continuously running in color in the entertainment room, as a kaleidescopic display of all my cash holdings.......if the patterns begin to repeat themselves too soon, it means I don't have very much in the digibank. :>) So there couldn't be anything else which would produce these same patterns and thus be confused for the original or actual? Blanc From nowhere at bsu-cs.bsu.edu Thu Mar 17 09:15:17 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Thu, 17 Mar 94 09:15:17 PST Subject: EFF gun-shy of legally employing PGP Message-ID: <9403171715.AA03335@bsu-cs.bsu.edu> Newsgroups: alt.2600,comp.org.eff.talk From: grady at netcom.com (Grady Ward) Subject: Re: "Porn Press Release" from EFF is a Hoax Message-ID: Followup-To: alt.2600,comp.org.eff.talk Organization: Moby lexical databases X-Newsreader: TIN [version 1.2 PL1] References: <2m2mou$mp1 at eff.org> <1994Mar15.170955.21185 at nntpd2.cxo.dec.com> <2m5p3f$gt4 at agate.berkeley.edu> Distribution: inet Date: Thu, 17 Mar 1994 16:32:13 GMT Lines: 78 Steve Pope (spp at zabriskie.eecs.berkeley.edu) wrote: : page at solvit.enet.dec.com (My name is...) writes: : > Yes, but the point of the reply, is that PGP signatures SHOULD : > be used by sysops. : Hmmm... why PGP, as opposed to the FIPS Digital Signature Standard? : Is the latter not in place yet? Yes, you can use the DSS (unless it is given away to PK partners, that is). The importance of using PGP or another strong privately developed crypto is that it supports the industry rather than relies upon the government. But since Mr Godwin has answered the question to his satisfaction and is not responding to further questions, I guess we will never know the real reason why the EFF will not use PGP to digitally sign press releases. Apparently Mr Godwin chooses not to be responsive to the EFF membership with respect to this issue. He only has said that sysops don't use PGP so rumors would not be quashed anyway. From a person of his intelligence this is about the lamest reason I've heard. Let me see if I can speculate on the real reaons the EFF may not choose to use PGP to sign press releases: (0) Using PGP would be provocative to the very powers we seek to infiltrate [ViaCrypt PGP is perfectly legal and fully licensed.] (1) There is not a problem with authenticity. [This must be false, otherwise Mr Godwin wouldn't have begun this thread] (2) Signing with PGP is not effective. [false; MD5 and RSA have no known weaknesses] (3) Signing with PGP is too hard or would take too much time [false, perfect for irregular press releases] (4) PGP signatures take too much bandwidth. [false, again perfect for the mmoderate to longer press releases] (5) Sysops don't use PGP, rumors would spread anyway [Sysops might begin with suitable leadership; the signature of course could be ignored and the rumor spread anyway -- but if there *were* a question of authenticity an individual could check the authenticity without needing to log on to EFF's server or needing to personally contact an EFF official] (6) Signatures make the press release harder to read [false, a single line at the beginning and a block of lines at the end are added, none of the body is changed in any way] (7) We are journalists and attorneys, not nose-picking nerds [??????] (8) We are journalists and attorneys, this might expose up to greater liability and less 'deniability'. [???????] (9) We just defend these 'PGP' and 'BBS' people. We don't actually want to ASSOCIATE with them more than we have to. Cooties. [???????] (10) The EFF does not have to explain its actions or inactions to anyone. [???????] While Sternlight is merely annoying, and sometimes entertaining, EFFs lack of dialogue on this leadership opportunity supporting private crypto signatures is very, very disappointing. -- Grady Ward | +1 707 826 7715 | finger grady at netcom.com for free 3449 Martha Ct. | (voice/24hr FAX) | Moby lexicon brochure & samples Arcata, CA 95521-4884 | 15E2ADD3D1C6F3FC | KN6JR monitoring 14.178 & 14.237 USA | 58ACF73D4F011E2F | 1800 UTC - 2000 UTC daily From mech at eff.org Thu Mar 17 09:15:27 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 17 Mar 94 09:15:27 PST Subject: US Patent & Trademark Office Web server online Message-ID: <199403171713.MAA17260@eff.org> A friend from the USPTO mentioned that he'd set up a PTO WWW server at http://www.uspto.gov/ Went and had a look, not a whole lot of stuff yet, but there's some probably- important material here, including transcripts of the Arlington and San Jose hearings on software patents. These can now be found also at ftp://ftp.eff.org/pub/EFF/Policy/Intellectual_Property/ gopher://gopher.eff.org/00/EFF/Policy/Intellectual_Property/ http://www.eff.org/pub/EFF/Policy/Intellectual_Property/ The www.uspto.gov site has the benefit of having html versions up, so that you can find specific testimony, which is quite handy: http://www.uspto.gov/text/pto/hearings/arlington.html http://www.uspto.gov/text/pto/hearings/san_jose.html There are also Unix ASCII, DOS ASCII, compress'd ASCII, gzip'd ASCII, Adobe Acrobat Exchange PDF, and MS-Word for Mac (BinHex'd StuffIt archive) formats available at the PTO site. Also available (at both the USPTO and EFF paths) is a file containing the collected written testimony submitted to both hearings. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 From markh at wimsey.bc.ca Thu Mar 17 09:38:00 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Thu, 17 Mar 94 09:38:00 PST Subject: NSA and PGP rabblerousing Message-ID: > Note that doubling the key size from 1024 to 2048 bits is also > probably a ruse, since it dramatically increases computation time (I > think). 1024 bits are a lot of bits as it is. On the other hand, with 1. the right algorithms for multiple precision arithmetic 2. a little assembler code for time critical sections 3. reasonable hardware (say an intel 486DX/33. Nothing 'state of the art') encryption, decryption, signing &c. with a 2048 bit modulus can be quite practical (or at least tolerable). But yes, it does increase computation time considerably, so one has to be a lot more careful about how one does things if RSA is still going to be practical. Can you afford to wait 15 seconds to sign a message? What is the time limit for us to consider RSA practical? Mark -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- anon ftp -- wimsey.bc.ca:/pub/crypto From tcmay at netcom.com Thu Mar 17 10:03:00 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 17 Mar 94 10:03:00 PST Subject: (fwd) Re: What's so bad about a Surveillance State? In-Reply-To: <9403161716.AA09099@bilbo.suite.com> Message-ID: <199403171803.KAA04606@mail.netcom.com> Citizen-Unit Miller wastes more of the social body's time by writing: > > Citizen-Unit Miller is to be commended for his > > recognition that the common good is served when the state > > fulfills its surveillance obligations. > > > [more funny stuff deleted] > > I enjoyed Tim May's post. I'm hoping you all realize my post was > simply an electronic stick jabbed into the hornet's nest. Thanks, Unit Jim! This citizen-unit did indeed realize your motivations, especially as you went on to explain them (in the section I carefully elided!). "What's wrong with a surveillance state?" is so easily answered with satire, with an "if this goes on" analysis, that I couldn't resist. All of the arguments are well-know to cypherpunks, of course, but Jim posted his call for comments to various newsgroups, where the arguments are either not as well known or are confused by comments from didactic shills like David Sternlight and Steve Pope. > I do *not* think a surveillance state is a good thing. I > deliberately constructed my post to get people's attention. I want > people (other than just Cypherpunks) to think about life in a > surveillance state. > Good luck to Jim, I suppose. Me, I've been so opposed to the Big Brother state since 1966 (when I first read "1984"), that I can't conceive of sitting down to make arguments about the "benefits" of such a surveillance state. I'll stick to humor of color. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Thu Mar 17 10:18:06 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 17 Mar 94 10:18:06 PST Subject: Ray Cromwell's New Remailer Message-ID: <199403171818.KAA06606@mail.netcom.com> I'm surprised there hasn't been more mention of Ray Cromwell's new remailer proposal....it seems to have some featrues to increase robustness and security and to really be a step toward a "second-generation remailer." Having used Ray's software for the Extropians list (though I no longer get that list), I look forward to trying out this new system. The proof is in the pudding, I guess, so we'll all await the beta release of this new software. However, a few comments on what has been described so far might be helpful to Ray. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jpp at markv.com Thu Mar 17 10:28:35 1994 From: jpp at markv.com (jpp at markv.com) Date: Thu, 17 Mar 94 10:28:35 PST Subject: la cypherpunks Message-ID: <9403171027.aa11399@hermix.markv.com> I am in the 'la area' too, which makes us three. Perhaps we should hold a concurrent meeting here next month? I could host, but my house is in Arleta (in the SF valley). Eric, how hard is it to create cp-la at toad.com? Until, or unless, it is set up, I will operate jpp=lacp at markv.com as a mailing list. Mail to jpp=lacp=request@ markv.com to be added to the list. j' -- O I am Jay Prime Positive jpp at markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org From pbraunb at netcom.com Thu Mar 17 10:56:26 1994 From: pbraunb at netcom.com (paul braunbehrens) Date: Thu, 17 Mar 94 10:56:26 PST Subject: (fwd) Who's watching you... 01 In-Reply-To: <9403162147.AA14899@bilbo.suite.com> Message-ID: Escellent Idea, it would cut down on the 80 pieces of email I delete without reading every day. On Wed, 16 Mar 1994, Jim Miller wrote: > > > What do people think of the idea of creating a news group dedicated > to discussing surveillance technology and its potential impact on > society? > > > Jim_Miller at suite.com > > From hughes at ah.com Thu Mar 17 11:17:33 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 17 Mar 94 11:17:33 PST Subject: la cypherpunks In-Reply-To: <9403171027.aa11399@hermix.markv.com> Message-ID: <9403171905.AA01916@ah.com> I can't create new mailing lists at toad.com. Eric From erc at platform.com Thu Mar 17 11:43:55 1994 From: erc at platform.com (Ed Carp) Date: Thu, 17 Mar 94 11:43:55 PST Subject: cypherfolks in Toronto? Message-ID: <199403171942.OAA07202@sheba.platform.com> Hey! Any of you cypherfolks in Toronto? Anyone interested in getting together to swap cryptolies and stuff? :) Let me know... -- Ed From mg5n+ at andrew.cmu.edu Thu Mar 17 11:49:02 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 17 Mar 94 11:49:02 PST Subject: la cypherpunks In-Reply-To: <9403171027.aa11399@hermix.markv.com> Message-ID: Jay Prime Positive wrote: > I am in the 'la area' too, which makes us three. Perhaps we should > hold a concurrent meeting here next month? I could host, but my > house is in Arleta (in the SF valley). Eric, how hard is it to create > cp-la at toad.com? Until, or unless, it is set up, I will operate > jpp=lacp at markv.com as a mailing list. Mail to jpp=lacp=request@ > markv.com to be added to the list. I will be in the LA area in about two months... Maybe we could have a cypherpunks meeting somewhere. From tcmay at netcom.com Thu Mar 17 12:10:13 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 17 Mar 94 12:10:13 PST Subject: la cypherpunks In-Reply-To: Message-ID: <199403172010.MAA24360@mail.netcom.com> Matthew Ghio wrote: > Jay Prime Positive wrote: > > > I am in the 'la area' too, which makes us three. Perhaps we should > > hold a concurrent meeting here next month? I could host, but my > > house is in Arleta (in the SF valley). Eric, how hard is it to create > > cp-la at toad.com? Until, or unless, it is set up, I will operate > > jpp=lacp at markv.com as a mailing list. Mail to jpp=lacp=request@ > > markv.com to be added to the list. > > I will be in the LA area in about two months... Maybe we could have a > cypherpunks meeting somewhere. This is encouraging, that the LA area is talking about having a meeting. I'm looking for a good excuse to visit the LA area (besides visiting my brother, who got nuked out of his last place by the quake and now lives near the beach in Hermosa Beach!). If this event is scheduled enough in advance (2 weeks, say), I'd like to attend it. A couple of LA-area folks (JPP, Matt Bartley, I think) have attended the Bay Area meeting, so some cross-fertilization in the other direction might be nice. So, mid-May? --Tim May, who may attend in May. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cme at sw.stratus.com Thu Mar 17 12:19:28 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Thu, 17 Mar 94 12:19:28 PST Subject: my letter to Newsweek Message-ID: <199403172019.PAA18362@galt.sw.stratus.com> (with practice, I get more succinct. With luck I'll get a lot more practice at this! :-) Have y'all written, too? - Carl >TO: Letters Editor, Newsweek >FAX: (212) 350-4120 > >SUBJECT: Mar 14, 94; p. 38; "Keeping the Cybercops Out of Cyberspace" > >Dear Editor: > >I consider myself a pragmatic critic and yet I propose scrapping any "key >escrow" system, Clipper included. It is too insecure, not just because of >government misconduct (although I am old enough to remember the Nixon >administration) but because it opens discovery of encryption keys up to >plain vanilla criminals. > >By creating a database of master keys (no matter how many pieces they are >in), what has previously required the mathematical genius and computer >budget of the NSA to crack is laid wide open to people whose only skills >are in bribery, breaking and entering, impersonation, coercion, ..., namely >those skills in which organized crime is presumably more expert than even >the CIA. > >Meanwhile, the talk about wiretap court orders is misleading. Encryption >will be needed by civilians in vast quantities not for wire communications >but for wireless (and cellular) communications for which no one needs a >court order to eavesdrop without fear of being detected. > >Thank you for your article and for considering these additional points. > >Sincerely, > >Carl M. Ellison From unicorn at access.digex.net Thu Mar 17 12:28:52 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 17 Mar 94 12:28:52 PST Subject: Address correction Message-ID: <199403172028.AA00831@access1.digex.net> -> The address given by Black Unicorn to mail to cspan was in error, my mail to cspanviewr at aol.org bounced. To rattle their cage, try cspanviewr at aol.COM. <- You will not that I merely forwarded the message. Sorry for any error, I didn't not feel it prudent to seek confirmation before posting.... (not=note) -uni- (Dark) From mech at eff.org Thu Mar 17 12:53:22 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 17 Mar 94 12:53:22 PST Subject: ALERT: Digital Telephony Public Hearings, DC, 2/17/94, 9:30am EST Message-ID: <199403172044.PAA21614@eff.org> For immediate release - distribute widely, but quickly 02/18/94 - Congressional Hearings on FBI Digital Telephony proposal, Wash. DC WHERE & WHEN: On March 18, 1994 (TOMORROW), a joint Senate-House public hearing will be held on the FBI's Digital Telephony proposal. The hearing will be held at 10:30am EST (but staffers suggest you arrive one hour early to be assured of a seat), at room 226 of the Dirksen Senate Office Building, near Constitution & 1st Streets, NW (next door to the Hart Building). The hearing should last approximately 2 hours. Witnesses will include FBI Director Louis Freeh, Electronic Frontier Foundation Executive Director Jerry Berman, US Telephone Assoc. Pres. Roy Neel, and Plymouth Co. Mass. DA William O'Malley (also Pres. Nat'l. District Attorney Assoc.) The hearing was arranged by the Senate Judiciary Committee's Subcommittee on Technology and the Law, and the House Judiciary Committee's Civil and Constitutional Rights Subcommittee. The hearings will be chaired by Sen. Patrick Leahy, who also intends to hold hearings on the Administration's Clipper Chip scheme, and Rep. Don Edwards. WHAT YOU CAN DO Written comments may be submitted, before or after the hearing, to: Subcommittee on Technology and the Law Attn: Beryl Howell Senate Judiciary 815 Hart Senate Office Building Washington DC 20510 USA Note that such comments do not become part of the official record of the hearing, but are probably still important. Let your representatives in government know what YOU have to say. According to Senate Judiciary staff, such comments will be received, reviewed and considered before, during and after the hearings. Comments can also be faxed to the Senate Judiciary office: Beryl Howell, Technology and the Law Subcommittee +1 202 224 9516 (fax) More information is available from the Senate Judiciary office staff: +1 202 224 3406 (voice) BACKGROUND: The Clinton Administration is backing a proposal by law enforcement agencies that could make the entire communications infrastructure susceptible to surveillance. The Digital Telephony Proposal, reintroduced this year after being successfully thwarted last year, would require communications service providers to include "back doors" in their software through which "wiretapping" can be done. In addition, the proposal would give law enforcement officers access to records *about* communications, such as who you call, how long you talk, what online services you frequent, who you send email to and where: if it's something you do online, it is to be laid bare for inspection. Such traffic analysis can reveal vast amounts of information about you, and the potential privacy invasion is far more revealing than past techniques of traffic analysis. EFF is extremely concerned about this proposal and has prepared a detailed summary to explain it and the harm it could do. See: ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce EFF has received a draft of the FBI's new, proposed "Digital Telephony" bill. After initial analysis, we strongly condemn the bill, which would require all common carriers to construct their networks to deliver to law enforcement agencies, in real-time, both the contents of all communications on their networks and the "signalling" or transactional information. In short, the bill lays the groundwork for turning the National Information Infrastructure into a nation-wide surveillance system, to be used by law enforcement with few technical or legal safeguards. This image is not hyperbole, but a real assessment of the power of the technology and inadequacy of current legal and technical privacy protections for users of communications networks. Although the FBI suggests that the bill is primarily designed to maintain status quo wiretap capability in the face of technological changes, in fact, it seeks vast new surveillance and monitoring tools. Among the new powers given to law enforcement are: * Real-time access to transactional information creates the ability to monitor individuals "live". * Access to communication and signalling information for any mobile communication, regardless of location allows tracking of an individual's movements. * Expanded access to electronic communications services, such as the Internet, online information services, and BBSs. * The power to shut down non-compliant networks Several documents, including the full text of the proposed bill and a more detailed section-by-section analysis are available via anonymous ftp on EFF's ftp site, as well as an archived copy of this announcement, and FBI Director Louis Freeh's Digital Telephony speech from late 1993. The documents can be located via ftp, gopher, or WWW, as follows: ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_bill.draft ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel93_freeh.speech gopher: substitute "gopher://gopher.eff.org/00/" for "ftp://ftp.eff.org/pub/" WWW: substitute "http://www.eff.org/" for "ftp://ftp.eff.org/" THE ELECTRONIC FRONTIER FOUNDATION 1001 G Street NW, Suite 950 E Washington DC 20001 USA +1 202 347 5400 (voice) +1 202 393 5509 (fax) +1 202 638 6120 (BBS) Internet queries: ask at eff.org General info: info at eff.org -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From jim at rand.org Thu Mar 17 13:18:42 1994 From: jim at rand.org (Jim Gillogly) Date: Thu, 17 Mar 94 13:18:42 PST Subject: la cypherpunks Message-ID: <9403172118.AA26253@mycroft.rand.org> > tcmay at netcom.com (Timothy C. May) writes: > This is encouraging, that the LA area is talking about having a meeting. > So, mid-May? Sometime before the 16th would be good for me... otherwise how about a Maui meeting in the last half of the month? Jim Gillogly 25 Rethe S.R. 1994, 21:18 From cfrye at ciis.mitre.org Thu Mar 17 13:19:10 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 17 Mar 94 13:19:10 PST Subject: Denning Presentation and Q&A at George Mason University Message-ID: <9403172127.AA03674@ciis.mitre.org> On March 8, Dr. Dorothy Denning was a guest speaker for LRNG 572 - Taming the Electronic Frontier, a course at George Mason University. The professor, Dr. Brad Cox, is a veteran software developer who has turned his attention to developing models for electronic commerce and "student-centered education". The latter is my own term for his concept of students, through a demand-based process, having much more control over and interaction with the university education process. Brad has expressed strong opinions on several issues regarding personal privacy and the Clipper/Digital Telephony proposals; I don't presume to speak for him, but I should note that our homework includes installing PGP 2.2 or 2.3a on our personal machines, generating key pairs, distributing our public keys, and broadcasting an essay encrypted with everyone else's public keys. The lecture was broadcast on the George Mason University channel, 48 on Media General Cable Systems in Fairfax County, VA, and other channels around the DC Metro Area. Tapes are available in the GMU Library and, I believe, may be copied and distributed freely. If any of you would like a copy of the session, I'll look into what has to happen to get it done. I do not have a VCR at home and am not referring to the tape as I write this summary, so there may be some inaccuracies. Further, as I was not taking careful notes, my own comments and questions are most prominent in this summary. In my note to the class, I'll ask them to contribute their own views of the proceedings. I am forwarding this note to Brad, Dr. Denning, and the class to ensure all parties have the opportunity to correct any misrepresentations or omissions. ***The Presentation*** Dr. Denning was clearly nervous -- she indicated that she had never worked with the combination of television, overhead projector and computer-cueing system in the video classroom. Also, I surmise that Brad had warned her that she wouldn't be facing the most sympathetic audience in the world. Each student had written an essay about Clipper and emailed it to Brad, cc'ing the rest of the class. Most of the class didn't think Clipper/Digital Telephony was a hot idea, but there were several supporters. After a brief intro describing Clipper as a "voluntary" standard, she quickly described the key initialization and two-party decryption processes. This part of the lecture was notation-laden and somewhat hard for me to follow, and I've read most of Schneier's _Applied Cryptography_! The folks around me seemed to be lost in the particulars of how the various keys were generated and interacted (especially the session key). However, I believe the basic points got through clearly enough - the class is mostly professionals and is sophisticated enough to pick up anything that's explained well. After Denning indicated that NIST and Treasury were to be the two escrow agents, I asked about VP Gore's 9 February remarks on the potential problems of both agents being in the Executive Branch etc. She glossed over the issue by replying that the process was still being examined and that she didn't see a problem with the two agents residing in the same branch of government. The theme that "the key escrow system prevents abuse" resonated throughout her presentation. A few minutes later, I asked Dr. Denning whether she her earlier published (on Usenet, anyway) statements to the effect that if Clipper were made mandatory she would probably withdraw her support for the standard. She did not dispute the basis of the question but did not answer it per se, either. Her final response (paraphrased) was that she could not foresee all possible outcomes and did not want to commit herself to a position without observable results. After further questions, Denning described the Digital Telephony proposal, stressing that the idea was to maintain the current level of wiretap capabilities despite technological advances. She was very careful to delineate the goals for Clipper and Digital Telephony as follows: o Clipper is designed to provide US citizens strong cryptography that won't threaten US national security; o Clipper is *not* designed to catch crooks; o Digital Telephony is designed to maintain the current level of wiretap capabilities and gives law enforcement officials no new abilities. The first statement is hard to dispute on its face, despite the invocation of that vague concept called "national security". As many others, including Tim May, have said, the government is fighting an imaginary enemy which is, by virtue of it being imaginary, capable of anything. If cellular phones, baby monitors (!) and regular telephones used Clipper-like technology, many citizen-to-citizen privacy worries would be solved since ham radio and scanner operators would be unable to monitor these transmissions. However, the idea that the standard is voluntary, an idea she defended even when pressed that everyone in the government (except the judiciary) answers to the same guy raises a question as to how voluntary the standard is. The second statement goes against much of the rhetoric Clipper supporters have used to link the proposal to the War on Drugs and the general fear of crime. It's interesting to note that, even while she was disavowing Clipper's link to catching crooks, she read anecdotes from the back cover of a book entitled something like _The World's Dumbest Criminals_ and opined that, if someone is dumb enough to call hotel security and report $1000 of cocaine missing from his room, they just might be dumb enough to use Clipper. After all, they talk in the clear now! I think this argument has gotten short shrift on Cypherpunks and does deserve more attention. If the price of ClipperPhones comes down enough so that they're affordable _and_ there's no market competitor of note, why wouldn't drug dealers use the equipment? After all, even assuming the full search warrent process is bypassed, the government needs to know what's happening before they tap the line. The solution, of course, is to market alternative crypto-boxes that can fit between the phone unit and the wall socket. Price competition against high volume manufacturers will be a serious obstacle to successfully circumventing the escrowed technologies. The difference in the rhetorical significance of crime-fighting when Clipper is presented to technical and non-technical audiences is interesting. The final theme, that Digital Telephony adds no new law enforcement capabilities, was not something anyone in the class seemed to have the knowledge to dispute on technical grounds. When I raised the issue of phone calls being directed to central law enforcement sites instead of requiring agents to move to a remote location, Dr. Denning indicated that wiretaps are done by directing calls to a central location now. While J.P. Barlow challenged related issues in the America On Line debate, I have not seen a refutation of this particular point. Can anyone elaborate? ***Personal Notes and Editorials*** o None of us brought up the government ability to request and examine phone usage information without a warrant or pointed out that law enforcement agencies currently do this more than 100,000 times per year. [I wasn't aware of the number until Barlow cited it on AOL.] o I would hope that the ability of government to accumulate behavioral dossiers on private citizens through the information mosaic and link analysis tools is something that would appear in _Time_ right beside the Clipper and Digital Telephony expository articles in the future. If Digital Telephony makes this ability stronger, there is a greater danger of the fishing expeditions and data matching exercises the 1974 Privacy Act is designed to prevent. o In my opinion Dr. Denning sincerely believes these proposals will make a positive difference; however, the sincerity of the advocate does not give credence to the position advocated. -- Best regards, Curtis D. Frye - Job Search Underway!!! cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu "MITRE's in the past, now. Time to move on!" From catalyst-remailer at netcom.com Thu Mar 17 13:32:04 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Thu, 17 Mar 94 13:32:04 PST Subject: 2 bad ideas Message-ID: <199403172132.NAA05826@mail.netcom.com> Business Week, March 21, 1994, p.126 Editorials DON'T LET WASHINGTON PLAY 'I SPY' ON YOU Will the Information Superhighway enable the federal government to become a high-tech snoop on a scale undreamt of in George Orwell's worst nightmares? For those who believe in the Fourth Amendment's promise that citizens shall be "secure in their persons, houses, papers, and effects," the latest rumblings are ominous. The Clinton Administration is pushing two bad ideas left over from President Bush: the Digital Telephony Initiative and the Escrowed Encryption Standard (EES), known by the code name "Clipper" (page 37). Take the telephone initiative. Under current law, the government can obtain phone records without a warrant and can even trace all local calls. The proposed legislation allows law enforcement and intelligence agencies to trace calls as they are made. Clipper is worse. The government is offering business a new system for encrypting computer data files, data transmissions, and voice telephone calls to protect it from hackers and industrial spies. But built into the encryption computer chip is a trapdoor called the Law Enforcement Access Field, which gives the Federal Bureau of Investigation and the National Security Agency a way to decode messages. Corporate reaction to Clipper is overwhelmingly hostile. First, Clipper requires a special chip, meaning that encryption cannot simply be written into new or existing programs. Second, the trapdoor would give the government enormous snooping power over corporate life. Wise citizens--corporate and individual--should heed Thomas Jefferson's advice to remain eternally vigilant against an overreaching government. From Carl_Ellison at vos.stratus.com Thu Mar 17 13:57:23 1994 From: Carl_Ellison at vos.stratus.com (Carl_Ellison at vos.stratus.com) Date: Thu, 17 Mar 94 13:57:23 PST Subject: Denning Presentation and Q&A at George Mason University Message-ID: <199403172157.QAA26043@transfer.stratus.com> >If cellular phones, baby monitors (!) and regular telephones used >Clipper-like technology, many citizen-to-citizen privacy worries would be >solved since ham radio and scanner operators would be unable to monitor >these transmissions. The same is true if all those transmitters used DES without key escrow -- and, if wireless and cellular phones were to decrypt when they came off the air, there would be no loss of FBI wiretap ability. Today I mailed a formal proposal to that effect (scrap Clipper; replace it with regular DES over the air and clear otherwise; reform the export laws) to NIST with cc: to DERD (at her suggestion). - Carl From mnemonic at eff.org Thu Mar 17 14:06:52 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 17 Mar 94 14:06:52 PST Subject: EFF gun-shy of legally employing PGP (fwd) Message-ID: <199403172205.RAA23556@eff.org> Grady, this kind of smear is unnecessary. I didn't respond to further queries because I didn't see any further queries. I expect you to apologize for this forthwith. Some people apparently have too much time on their hands, and they fill it with speculations about others' motives. In the meantime, I'll give you three reasons we didn't use PGP. 1) It wouldn't have solved the problem, since the majority of people who spreead the false press release are not encryption users. 2) PGP is inconvenient to use. 3) EFF is a Mac shop, but our licensed copy of Viacrypt doesn't run on the Mac. Feel free to forward this message. And, please, try not hinder our effectiveness with further unsupported smears and accusations. Thanks in advance. --Mike From: grady at netcom.com (Grady Ward) Subject: Re: "Porn Press Release" from EFF is a Hoax Message-ID: Followup-To: alt.2600,comp.org.eff.talk Organization: Moby lexical databases X-Newsreader: TIN [version 1.2 PL1] References: <2m2mou$mp1 at eff.org> <1994Mar15.170955.21185 at nntpd2.cxo.dec.com> <2m5p3f$gt4 at agate.berkeley.edu> Distribution: inet Date: Thu, 17 Mar 1994 16:32:13 GMT Lines: 78 Steve Pope (spp at zabriskie.eecs.berkeley.edu) wrote: : page at solvit.enet.dec.com (My name is...) writes: : > Yes, but the point of the reply, is that PGP signatures SHOULD : > be used by sysops. : Hmmm... why PGP, as opposed to the FIPS Digital Signature Standard? : Is the latter not in place yet? Yes, you can use the DSS (unless it is given away to PK partners, that is). The importance of using PGP or another strong privately developed crypto is that it supports the industry rather than relies upon the government. But since Mr Godwin has answered the question to his satisfaction and is not responding to further questions, I guess we will never know the real reason why the EFF will not use PGP to digitally sign press releases. Apparently Mr Godwin chooses not to be responsive to the EFF membership with respect to this issue. He only has said that sysops don't use PGP so rumors would not be quashed anyway. From a person of his intelligence this is about the lamest reason I've heard. Let me see if I can speculate on the real reaons the EFF may not choose to use PGP to sign press releases: (0) Using PGP would be provocative to the very powers we seek to infiltrate [ViaCrypt PGP is perfectly legal and fully licensed.] (1) There is not a problem with authenticity. [This must be false, otherwise Mr Godwin wouldn't have begun this thread] (2) Signing with PGP is not effective. [false; MD5 and RSA have no known weaknesses] (3) Signing with PGP is too hard or would take too much time [false, perfect for irregular press releases] (4) PGP signatures take too much bandwidth. [false, again perfect for the mmoderate to longer press releases] (5) Sysops don't use PGP, rumors would spread anyway [Sysops might begin with suitable leadership; the signature of course could be ignored and the rumor spread anyway -- but if there *were* a question of authenticity an individual could check the authenticity without needing to log on to EFF's server or needing to personally contact an EFF official] (6) Signatures make the press release harder to read [false, a single line at the beginning and a block of lines at the end are added, none of the body is changed in any way] (7) We are journalists and attorneys, not nose-picking nerds [??????] (8) We are journalists and attorneys, this might expose up to greater liability and less 'deniability'. [???????] (9) We just defend these 'PGP' and 'BBS' people. We don't actually want to ASSOCIATE with them more than we have to. Cooties. [???????] (10) The EFF does not have to explain its actions or inactions to anyone. [???????] While Sternlight is merely annoying, and sometimes entertaining, EFFs lack of dialogue on this leadership opportunity supporting private crypto signatures is very, very disappointing. -- Grady Ward | +1 707 826 7715 | finger grady at netcom.com for free 3449 Martha Ct. | (voice/24hr FAX) | Moby lexicon brochure & samples Arcata, CA 95521-4884 | 15E2ADD3D1C6F3FC | KN6JR monitoring 14.178 & 14.237 USA | 58ACF73D4F011E2F | 1800 UTC - 2000 UTC daily From blancw at microsoft.com Thu Mar 17 14:35:27 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 17 Mar 94 14:35:27 PST Subject: Whats so bad about a surveillance state Message-ID: <9403172236.AA16594@netmail2.microsoft.com> From: Brian D Williams : Blanc Weber Postulates: > -With the rise of fiber telcos are laying fewer cable > routes and just stuffing the routes they do dig up with > more fiber than is necessary for replacement of the > existing copper, leaving some major areas with only a > single path in and out as one bundle of fiber replaces > tons of copper that was laid in multiple paths > originally becayse it would not fit in one path. Saves > the telcos money, but a single backhoe might be able to > cause some major damage now... Well, I can't speak for the other Telco's, but here in the Midwest this is flat out untrue. .................................... Well, I can't say if that's true in the Midwest or anywhere else on the planet, because I didn't write that paragraph, as I don't know a thing about cables of any type or kind. :>) Blanc From hughes at ah.com Thu Mar 17 14:50:40 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 17 Mar 94 14:50:40 PST Subject: EFF gun-shy of legally employing PGP (fwd) In-Reply-To: <199403172205.RAA23556@eff.org> Message-ID: <9403172238.AA02366@ah.com> On not using PGP: >1) It wouldn't have solved the problem, since the majority of people who >spreead the false press release are not encryption users. Yes, it would solve the problem. Not every individual could have verified the message, but enough people would have, and immediately enough, that no question would have remained for long about the forgery. The epistempology of authorship is of social nature already. With cryptography, one can lift authorship of public keys to authorship of documents, but this is an optimization, not a necessity. By allowing those people who do use cryptography to verify authorship, one can speed the process for the rest. Not everyone currently uses crypto, true, but better a partial benefit than none at all. And the partial benefit of a signed message is most of the benefit. >2) PGP is inconvenient to use. >3) EFF is a Mac shop, but our licensed copy of Viacrypt doesn't run on the >Mac. MacRIPEM is both easy to use and runs on a Mac. There may be other reasons not to use PEM and PEM-derived systems over PGP, but I do not think they outweigh, at this time, the public and forthright use of cryptography by the policy leaders, and I mean not only EFF here. It is not my place to make internal EFF policy, but I will suggest it, namely, that all public communications that go out to Usenet and to public mailing lists be digitally signed by their authors. Eric From mech at eff.org Thu Mar 17 14:54:08 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 17 Mar 94 14:54:08 PST Subject: Errata: Digital Telephony hearing, DC, March 18 1994 Message-ID: <199403172252.RAA24679@eff.org> Please pardon the date errors in the previous post about the Washington DC Congressional hearings on Digital Telephony. The date is March 19, 1994 - tomorrow. For those that missed the original announcement, the Senate Tech & Law Subcommittee and House Civil Liberties Subcommittee are holding a hearing at the Dirksen Building Rm. 266, featuring testimony from EFF's Jerry Berman and FBI's Louis Freeh, et al., regarding the FBI Digital Telephony "Wiretap Bill". Call the Senate Judiciary staff at +1 202 224 3406 for more info. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From mnemonic at eff.org Thu Mar 17 15:30:03 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 17 Mar 94 15:30:03 PST Subject: EFF gun-shy of legally employing PGP (fwd) In-Reply-To: <9403172238.AA02366@ah.com> Message-ID: <199403172329.SAA25354@eff.org> Eric Hughes writes: > On not using PGP: > > >1) It wouldn't have solved the problem, since the majority of people who > >spreead the false press release are not encryption users. > > Yes, it would solve the problem. Not every individual could have > verified the message, but enough people would have, and immediately > enough, that no question would have remained for long about the > forgery. I respectfully disagree.. This may change in the future, of course. What surely would have happened is that few people would have bothered to check the signature, and those who did might try to counter the rumors, but I'd still get calls from people who want to know *directly from me* that it's a hoax (in other words, they wouldn't credit the claims of those who checked the signature). Net result--no difference in time and effort on my part. Now, don't get me wrong--use of crypto is a good thing, and should be encouraged, and we may eventually standardize on its use within EFF. But the claim that this would have prevented the hoax is insupportable. Maybe in the future crypto society, but not now. It is important to uncouple the argument that EFF should use crypto from the argument that if we had used it, the problem we saw here would not occur. > MacRIPEM is both easy to use and runs on a Mac. The specific argument that Grady Ward used to savage me and EFF is based on the claim that we should have used PGP *specifically*. > It is not my place to make internal EFF policy, but I will suggest it, > namely, that all public communications that go out to Usenet and to > public mailing lists be digitally signed by their authors. As a matter of pure aesthetics, I prefer other things in my .signature. There is even less poetry on the Net than there is cryptography. Mike Godwin, (202) 347-5400 |"And walk among long dappled grass, mnemonic at eff.org | And pluck till time and times are done Electronic Frontier | The silver apples of the moon, Foundation | The golden apples of the sun." From mech at eff.org Thu Mar 17 15:47:05 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 17 Mar 94 15:47:05 PST Subject: Errata: Digital Telephony hearing, DC, March 18 1994 In-Reply-To: Message-ID: <199403172346.SAA25613@eff.org> Please pardon the date errors in the previous posts about the Washington DC Congressional hearings on Digital Telephony. The date is March 18, 1994 - tomorrow. That is: March EIGHTEENTH, Friday. Not 17, not 19. Profuse apologies for these goofs. How did this happen? Let's be democratic, you can vote on it: __ low levels of choline today __ it's a conspiracy, and I'm trying hard to confuse you. I really work for the FBI. __ a sudden surge in cosmic rays affected my computer, making it type 9 or 7 instead of 8 __ feces occurs __ I have a natural propensity for idiocy __ synchronicity, karma, and/or the will of a/the god[s] __ I have an irrational desire to receive flame-mail __ visual disortion due to ergot infestation on the wheat my breakfast bagel was made out of Anyway, this part at least is correct: > For those that missed the original announcement, the Senate Tech & Law > Subcommittee and House Civil Liberties Subcommittee are holding a hearing > at the Dirksen Building Rm. 266, featuring testimony from EFF's Jerry > Berman and FBI's Louis Freeh, et al., regarding the FBI Digital Telephony > "Wiretap Bill". > > Call the Senate Judiciary staff at +1 202 224 3406 for more info. Apologies again, and just to reiterate, this important event takes place on Friday, March EIGHTEEN (18), 1994, which for most of you is tomorrow. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From wcs at anchor.ho.att.com Thu Mar 17 16:07:01 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 17 Mar 94 16:07:01 PST Subject: Getting EFF to sign their postings Message-ID: <9403180006.AA12767@anchor.ho.att.com> Mike says (paraphrased) 1> Signing isn't enough, since many people post stuff without checking (true, but it's *more* checkable that way, especially for the people who post verbatim rather than abstracting.) 2> PGP is too hard to use No accounting for taste, I suppose :-) 3) We're a Mac shop ViaCrypt *can* run on top of SoftPC. It's not blazingly fast, and certainly increases the hard-to-use factor, but it's doable. And you generally convert your postings into ASCII to post anyway - is your mail system also a Mac? (Probably a Sun, I suppose, but ViaCrypt is available for some Unix platforms now.) From mg5n+ at andrew.cmu.edu Thu Mar 17 17:08:03 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 17 Mar 94 17:08:03 PST Subject: Errata: Digital Telephony hearing, DC, March 18 1994 In-Reply-To: <199403172346.SAA25613@eff.org> Message-ID: Third time's a charm, I guess. (At least you got the month right on the second try. :) From bart at netcom.com Thu Mar 17 17:09:03 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 17 Mar 94 17:09:03 PST Subject: Well we tried. Message-ID: <199403180109.RAA07265@mail.netcom.com> Forwarded message: From banisar at washofc.cpsr.org Thu Mar 17 17:45:49 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Thu, 17 Mar 94 17:45:49 PST Subject: Did Ames Disclose Clipper to Russians? Message-ID: <9403172050.AA27592@Hacker2.cpsr.digex.net> Interesting yes? In article <2m7tpf$84 at delphinium.cig.mot.com> Walter F. Lundby, lundby at rtsg.mot.com writes: > Hot off the presses: > > 3-14-94 Network World > Page 2, fourth article under "Briefs" > > Clipper compromisde? "Security Insider Report," a monthly > newsletter published in Seminole, Fla., has reported that > government officals are seeking to determine whether former > CIA employee and alleged traitor Aldrich Ames may have sold > informantion to the Russians about the government's secret > key-escrow technology userd in Clipper Chip chipsets and > Capstone Tessera cards. The secret key-escrow technology, > dubbed Skipjack, can be used to encrypt voice and data. From mnemonic at eff.org Thu Mar 17 18:17:36 1994 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 17 Mar 94 18:17:36 PST Subject: Did Ames Disclose Clipper to Russians? In-Reply-To: <9403172050.AA27592@Hacker2.cpsr.digex.net> Message-ID: <199403180217.VAA28288@eff.org> Dave Banisar writes: > Interesting yes? > > > In article <2m7tpf$84 at delphinium.cig.mot.com> Walter F. Lundby, > lundby at rtsg.mot.com writes: > > Hot off the presses: > > > > 3-14-94 Network World > > Page 2, fourth article under "Briefs" > > > > Clipper compromisde? "Security Insider Report," a monthly > > newsletter published in Seminole, Fla., has reported that > > government officals are seeking to determine whether former > > CIA employee and alleged traitor Aldrich Ames may have sold > > informantion to the Russians about the government's secret > > key-escrow technology userd in Clipper Chip chipsets and > > Capstone Tessera cards. The secret key-escrow technology, > > dubbed Skipjack, can be used to encrypt voice and data. Too good to be true! --Mike From peace at BIX.com Thu Mar 17 18:46:27 1994 From: peace at BIX.com (peace at BIX.com) Date: Thu, 17 Mar 94 18:46:27 PST Subject: New block mode of operation Message-ID: <9403172142.memo.9558@BIX.com> Fellow cryptorians: The following is a draft of a paper that describes a mode of operation that I personally feel is useful for bulk data encryption for PEM, RIPEM, EDI, PGP and any other secure email application. In particular, submode CC1 is proposed for these applications. I would welcome any suggestions that would help in evaluating this method in those venues. peace at acm.org - - - - - - - - - - - - - - - - - - - - - - Cipher-Chain-Cipher Mode of Operation for Improving the Security of Block Ciphers by Thomas C. Jones 1 ABSTRACT As a way to extend the usefulness of encryption with the DES and prevent several of the more common attacks on the DES, a new mode of operation is defined that can be used with any block cipher, including DES. This mode of operation performs a cipher operation both before and after a chaining operation and so could be called cipher-chain-cipher (CCC) mode of operation. It is characterized by never performing any operation with the plaintext data except immediately after one cipher operation and immediately prior to another, so that cipher operations separate the plaintext and ciphertext in both directions. Thus the common known-text attack and chosen-text attack are avoided and, for some implementations, only two DES operations are required per plaintext block. 2 BACKGROUND Existing block encryption algorithms, such as the Data Encryption Standard (FIPS 46) have reached the end of their useful life. It was expected when the DES was first issued in 1976 that it would be used for 5 to 10 years. It is a tribute the care with which this algorithm was constructed, that it is only now yielding to practical cryptanalysis. In particular, the 56 bit key used with the DES can be determined by brute force attack using specially designed hardware operating in parallel. In practical applications of the DES, there are a wide range of ways to combine the input plaintext with the DES algorithm to produce an output ciphertext. In order to promote interoperability and good cryptographic practice the NIST issued "Modes of Operation of the DES" as FIPS 81. The most popular of the modes of operation for bulk plaintext data to be encrypted is Cipher Block Chaining (CBC). Several candidate algorithms have been offered as a replacement for the DES, but the large installed base of DES hardware and industry expertise in applying the DES have worked against the adoption of any of these candidates. Experience has shown that untested cryptographic algorithms are likely to have unanticipated security weaknesses. This also works against the adoption of new algorithms. When the bankers were looking for a stronger algorithm than the DES for protection of cryptographic keying material, they chose to leave the underlying DES algorithm in place, but apply the algorithm three separate times to the input plaintext to yield a "super-encrypted" output ciphertext. This has been considered to be a special mode of operation known as EDE (for encrypt-decrypt- encrypt) with 2 independent 56 bit keys. The reason that three were chosen, rather than two, relates to a particular cryptanalytic attack called "meet in the middle" where the cryptanalyst starts exhaustive first stage encryption of plaintext simultaneously with exhaustive second stage decryption of ciphertext and comparing the resulting values. While the computer storage required for this attack is impractical today, the theoretical existence of the attack discourages double DES modes of operation. It is well known that the redundancy of common data streams, such as the English language, results in ciphertext that can be decrypted to only one plaintext that is realistically English. The amount of ciphertext that is needed to have some assurance that only a single plaintext interpretation is known as the "unicity distance". For DES and English the unicity distance is slightly longer that one 8 byte block. This means that if the language was known to be English, only two blocks of ciphertext would be required to have a high degree of confidence that any decryption that yielded English text would be the only decryption that would do so. Even more to the point, if a computer could quickly assess the likelihood that a decryption of a single ciphertext block looked like English, only a single additional decryption would be required to verify that. This would make an attack, that tested every one of the possible keys, likely to succeed. The only thing that has prevented such a "brute force" attack has been the time and effort to perform such an attack. That sort of brute force attack is now within the grasp of well- financed commercial enterprises, not to mention secret governmental agencies. Several cryptanalytic attacks have been mounted on the DES to find some simpler way than brute force to recover the key given the output ciphertext and some other information. Most of these attacks rely on access to a large amount of plaintext and the corresponding ciphertext, this is called a "known plaintext attack". Existing modes of operation do not significantly reduce the threat of a known plaintext attack. Several methods are already known to reduce the threat of this attack, principle among them is restricting the use of each DES key to a single document or interchange. That is the method recommended here. If the cryptanalyst has access to the cryptographic engine with the key loaded, then two other attacks are possible. The "chosen plaintext attack" relies on the analysis of the underlying structure of the block algorithm by feeding it special combinations of bits that test particular functional characteristics of that structure. "Differential cryptanalysis" is an attack that relies on changing single bits in the plaintext and checking the effect on the ciphertext. While it seems unlikely that a user would allow any active DES key to be used in this way, resistance to these attacks is considered appropriate in academic circles. More traditional cryptanalysis relied strictly on redundancy that could be exploited with access to only the ciphertext itself. So far no method of attack on ciphertext has proven to be quicker than the brute force method mentioned above. It is up to the user to employ proven good algorithms in a cryptographically sound way with secure physical protection of the keying material. It is claimed that the cipher-chain-cipher modes of operation offer a sound way to extend the life of DES for encrypting bulk data such as that found in electronic mail systems. 3 SUMMARY The CCC mode of operation provides a way for input plaintext to be combined with DES block encryption and chaining from one stage to another to add an apparently random input component to each stage. The essentials of the method is its separation of the input and the output data at each stage by interposing a cipher operation between them. This requires a cipher operation on the output ciphertext before it is combined with the input plaintext, as well as a cipher operation on the result of the combining operation. Thus the cryptanalyst is not aware of either data stream that is to be combined with the input plaintext, nor of the output of the combining of the plaintext with the apparently random data that is combined with the plaintext. One reason for combining some apparently random value with the input plaintext is to provide a means for whitening the input data; that is, for masking any repeating pattern in the input plaintext so that the output ciphertext would also fail to contain any repeating pattern. It might be possible for some cryptanalyst to obtain some meaning from the existence of the repeating pattlue to the receiver. One good method is to place all the above values into a single packet that is encrypted with the receiver's public key component. The resulting encrypted packet can then be transmi at least as good a security level as is available from this mode of operation with the cryptographic algorithms used for bulk data encryption. The interchange is thus broken into two parts: the first involving the selection and secure transmittal of the keying material which is then used in the second part to encrypt the bulk data according to the modes of operation described in detail below. Once the keying material has been generated, the bulk data is broken into blocks as required by the block cryptographic algorithm and processed as specified. The first step is to optionally cipher the input plaintext using the first key. The second step is to chain together this result with apparently random data feed from the prior step. The final step is to cipher the result of the chaining operation and then to transmit the cipher block created. The word cipher is used here to mean either encryption or decryption, since the exact mode that the block cryptographic algorithm is used at each stage is not material to the modes of operation described. 4 DESCRIPTION Other modes of operation, which may have been established by the Federal Government for other reasons, have not been able to deter certain types of cryptanalytic attack. The weakness found in these other modes is shown, together with the advantages of this new mode of operation. Plain1 Plain2 | | v v IV ----------->X +----------->X +------> | | | | +----+ | +----+ | Key -------->| En |-+--------->| En |-+------> +----+ | +----+ | |----+ |----+ v v Cipher1 Cipher2 Where: X = bit-by-bit exclusive-or operation En = DES 8 byte block encryption De = DES 8 byte block decryption Op = Selection of an input plus encryption Plainx = One of the 8 byte input blocks of plaintext Cipherx = One of the 8 byte output blocks of ciphertext Key = 56 bit DES single length key IV = 64 bit Initial Value for chaining operation This shows the Cipher Block Chaining mode of operation of the DES. It is very effective at hiding any pattern in the input plaintext, but does little to deter a cryptanalyst, since if the input plaintext, and output ciphertext are known, then the input and output to the cipher operation are known as well. The fxample of CCC will show how to defeat this sort of attack by separating the chaining operation from the feedback of the ciphertext. Plain1 Plain2 | | IV --------+ | +----+ | +----+ v | | v | | v +----+ | | +----+ | | Key2 --->| En |--+----+->| En |--+----+-> +----+ | | +----+ | | | v | | v | +---> X | +---> X | | | | | v | v | +----+ | +----+ | Key3 --------->| De |-+------->| De |-+------> +----+ | +----+ | |----+ |----+ v v Cipher1 Cipher2 The CCC-Encrypt operation consists of DES block encryption of the ciphertext output from the last stage, an exclusive-or (bit by bit addition) with the next plaintext input, and a final DES block decryption to form the next ciphertext output block. The initial value (IV) serves as a apparently random input to the first stage, while the output of each stage serves as a apparently random input to each stage after the first. The above diagram show the first two full stages of encryption. Cipher1 Cipher2 | | +-----+----+ +----+---- v | v +----+ | +----+ Key2 -------->| En |-------+->| En |-------> +----+ | +----+ IV --------+ | | | | | | | v | v | +----+ | +----+ | Key1 --->| En |-+------->| En |-+---------> +----+ | +----+ | | v | v +--> X +--> X | | v v Plain1 Plain2 The CCC-Decrypt operation consists of DES block encryption of the ciphertext output from the last stage, a DES block encryption of the cipher text input to the current stage, and an exclusive-or with the output of both DES block encryptions. One attack on this mode is differential cryptanalysis, since, although the exact value of input to the final cipher stage is not known, a cryptanalyst that had access to the cryptographic engine with the key loaded could process plaintext that differed by only a single bit which would result in only a single bit change in the input to the final cipher stage. The cryptanalysis would then be performed on the ciphertext output. The CCC-encrypt operation can be generalized as shown in the following diagrams. Plain1 Plain2 | | v v +----+ +----+ Key1 ->| En |------->| En |-----> +----+ +----+ | | Key2 ----+------+------+------+---> | v | v v +----+ v +----+ IV ----->X -->| Op |-->X -->| Op |-> | +----+ | +----+ v ^ v ^ +----+ | +----+ | Key3 ->| De |---+--->| De |---+---> +----+ | +----+ | |------+ |------+ v v Cipher1 Cipher2 The generalized CCC-encrypt operation consists of an initial DES encrypt operation on the plain text using the first key, followed by a chaining operation and then a DES decrypt operation on the result of the chaining operation using the third key. Several operations are possible with the chaining operation which uses the second key. In all cases the input to the exclusive-or operation is the result of a variable operation shown above as Op and the output from the first cipher operation. The variable operation in the middle can have one of two sources, and may use the second key shown in the diagram. Cipher1 Cipher2 | | +------+ +-------+ v | v | +----+ | +----+ | Key3 ->| En |---+--->| En |----+----> +----+ | +----+ | |--+ | |--+ | | | v | | v v | +----+ | | +----+ IV ----->X +->| Op |->X +->| Op |-> | +----+ | +----+ | ^ | ^ Key2 ----+-------+-----+-------+-----> v v +----+ +----+ Key1 ->| De |------->| De |---------> +----+ +----+ | | v v Plain1 Plain2 The generalized CCC-decrypt operation just reverses these operations, except for the chaining operation, which stays the same in the encrypt and decrypt operations. Several submodes are available from this generalized mode of operation depending on the nature of the operator used between chaining operations. Below are listed four submodes that may have particular interest. Mode CC0 - This mode does not use Key1, so the first cipher operation is the identity. The chaining operation is defined to be the DES on the feedback from the final cipher operation. This is exactly the first example shown above. Its advantage is that it uses only two keys and two DES operations per input block. The disadvantages are discussed above. Mode CC1 - This modeof the exclusive-or operation. This means that the exclusive-or product is just the accumulation of all the first stage ciphers with the initialization vector. This mode also only uses two independent key values and two DES operation per input block. A further advantage is that the interior chaining operation only uses data that is not available to the cryptanalyst in either the known-text or the chosen-text attack. Mode CC2 - This mode is identical to mode CC1 except that the chaining operation is the DES performed on the result of the prior exclusive-or. This mode requires three DES operation per input block, but gains by confusion of the diffusion entry added in between each data cipher operation. Mode CC3 - This mode is identical to mode CC2 except that the source of the data for the DES operation prior to chaining is not the prior chaining operation, but feedback from the output stage of the final cipher operation. This too requires three DES operations per input block. 5 EXAMPLE It will be assumed that the block ciphers of interest all result in the same amount of output ciphertext as input plaintext with the possible addition of a fixed length initial value and a variable length padding to create some optimal length. In the DES this optimal data length is any stream that is an exact multiple of 8 bytes. Variants of this method could be used with other block lengths or with byte oriented modes of operation. While this new mode of operation is expected to find its greatest use with bulk encryption using data blocks equal in length to the block length inherent in the underlying block encryption algorithm, any length block of data could be utilized with any block length encryption algorithm. This section shows how bulk data can be segmented into 64 byte blocks and encrypted using the 64 byte block DES algorithm. For added security, the secret keying material and the DES operations are shown to be contained inside the security perimeter of a cryptographic module which is mounted inside of a personal computer using a common operating system. It would be equally useful to move some, or all, of the cryptographic operations to code operating under the personal computer's operation system. It is critical to the security of the overall system that the secret keying material, consisting of the two DES keys and the initial value (IV), be known only to the originating and receiving party to the interchange. One way to do this, and to prevent the accumulation of information for a cryptanalytic attack on the secret keying material, is to create a new packet of keying material for each interchange using some suitably random generator within the security perimeter and encrypt the entire packet of keying material using this, or some other encryption method such as the RSA public key encryption method. Using DES as the underlying secret key encryption algorithm may necessitate other measures when generating the keying material, such as weak key elimination and key parity generation. In any case there are two or three DES keys with parity are 64 bits in length. The initial value is the size of the block which is also 64 bits. At least one byte will be used to determine the exact mode of operation. Since the first key is optional, the block of secret data can be constructed as 200 to 264 bits in the following form: +------+----+------+------+----------------+ | mode | IV | Key3 | Key2 | Key1(optional) | +------+----+------+------+----------------+ This data is just a valuable as the plaintext of the message to be protected, since an attacker is assumed to have access to the ciphertext, so this data will recover the plaintext. It should be noted that it is not any more valuable than the plaintext since it will be used only once to protect one message or interchange. Therefore, if the plaintext data is contained on a personal computer, the enciphering operation can also be performed on the same personal computer. On the other hand, the private components of the public key will be used to decode essentially all the secured messages that are received over its life, and so its value is the sum of all such message. Thus the private components must be protected to a commensurate level with this value. Additional means for protection should include a security perimeter containing these components together with the operations that are possible with them. The security perimeter must be able to physically show when an attack on the components was made. Several devices now have such a security perimeter including: NIST 140-1 cryptographic modules, smart cards with cryptographic co- processors and PCMCIA cards. Once suitable keying material is obtained, the originator of the message may take appropriate means to reduce the redundancy of the plaintext by compressing it. Compression, if successful, always makes the task of the cryptanalyst more difficult by reducing the redundancy in the plaintext, and making any trial decryption more likely to yield a possibly good text plaintext example. - - - - - - - - - - - - - - - - - - - - - - This paper represents ideas that may be subject to patent applications by the author or by others. To the author's knowledge, the mode of operation described in this paper was invented by the author. To the extent that any of these ideas do belong to the author, he grants anybody the right to use his ideas in code compiled by the user for personal, non-commercial use. No warrenty of any sort is implied by this grant. This paper is copyright (c) 1994 by Thomas C. Jones and may be reproduced only with this notice intact. From baumbach at atmel.com Thu Mar 17 19:30:23 1994 From: baumbach at atmel.com ( ) Date: Thu, 17 Mar 94 19:30:23 PST Subject: encrypt me Message-ID: <9403180118.AA09717@minnow.chp.atmel.com> Forwarded from RISKS DIGEST 15.62: ------------------------------ Date: Wed, 2 Mar 1994 23:17:29 -0500 (EST) From: Paul Robinson Subject: 'We {Will} Find you...' In an article on the cover of the February 10, 1994 {Washington Technology} magazine of the same name, talks about a specialized use of biometrical information (specific details unique to a person like size, etc.) to identify them. The idea behind this is that in an airport, an infrared camera is mounted near the arriving passengers section, taking pictures of every person who is passing through the facility. This captures the 'aura' or underlying facial vascular system (pattern of blood vessels and such). In 1/30 of one second, it captures the data and forwards it via high-speed data lines to an FBI database that has stored auras of the worlds most-wanted criminals and terrorists, then matches generate an order to nab a suspect, supposedly producing "a piece of evidence that is as rock-solid as any presented to a court." Currently, infrared cameras are being attached to desktop computers to create digitized thermograms of people's faces in 1/30 of a second. The company that is working on this technology, Betae Corp, an Alexandria, VA government contractor, claims that the aura is unique for every single person. The photos in the front of the article show two clearly different thermographic images that are claimed to be from identical twins. The facial print does not change over time (and would allegedly require very deep plastic surgery to change it), retains the same basic patterns regardless of the person's health, and can be captured without the person's participation. The technology will have to show it is a better choice than current biometric techniques such as retinagrams (eye photographs, voice prints and the digital fingerprint. A Publicity-Shy Reston, VA company called Mikos holds the patent for certain technology uses of this concept. Dave Evans of Betac who has obtained certain "non exclusive" rights in the technology claims that "thermograms are the only technology he has seen in his more than two decades of security work that meet the five major criteria of an ideal identification system: They are unique for every individual, including identical twins; they identify individuals without their knowing participation; they perform IDs on the fly; they are invulnerable to counterfeiting or disguises; they remain reliable no matter the subject's health or age," the article said. Only retinal photos are equivalent, but potential assassins aren't likely to cooperate in using them. Right now it takes about 2-4K per thermograph, (it says '2-4K of computer memory' but I suspect they mean disk space) and that's not really a problem for a PC-Based system of 2000 or so people going to and from a building; it's another magnitude of hardware to handle millions of aircraft travelers in airports. Also, infrared cameras are not cheap, in the $35,000 to $70,000 range, which, for the moment is likely to keep small law enforcement facilities from thermographing all persons arrested the way all persons arrested are routinely fingerprinted. But we can expect the price to come down in the future. The writer apparently had to agree with Evans not to raise privacy and security issues in the article, it says, since first they have to show the technology works. But even it raised questions: - The technology could be a powerful weapon in a "big brother" arsenal, with cameras in front of many stores and street corners, scanning for criminals or anyone on the government's watch list? - Does the government have the right to randomly photograph people for matching them against a criminal database? - What guarantees do we have that thermographs are actually unique for every person, or that the system is foolproof? - What is the potential for blackmail, with thermographs to prove people were in compromising places and positions? There are also my own points. - While this can be used to protect nuclear power plants against infiltration by terrorists (as one example it gives), what is to stop it, for example, to be used to find (and silence or eliminate) critics and dissidents? I wouldn't give China 30 seconds before it would use something like this to capture critics such as the victims of Tianamen Square. - Long history indicates that better technology is not used to improve capture of criminals who violate the lives and property of other private parties, it is used to go after whatever group the government opposes. That's why people who defend themselves with guns against armed criminals in places where gun controls are in effect, can expect to be treated harsher than the criminal would have been. Existence of criminals supports the need for more police and more police-state laws; defending oneself against criminals shows the ineffectiveness of those laws. Paul Robinson - Paul at TDR.COM ------------------------------ From frissell at panix.com Thu Mar 17 19:39:05 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 17 Mar 94 19:39:05 PST Subject: CFP `94 BOF Session? Message-ID: <199403180339.AA18702@panix.com> I'll be in Chicago next week at CFP '94 and I wondered if anyone was planning an official or unofficial Cypherpunks gathering. I'd do a BOF session request but I'm there as a journalist. Anyone else interested? DCF --- WinQwk 2.0b#1165 From matt at staff.cs.su.oz.au Thu Mar 17 19:41:11 1994 From: matt at staff.cs.su.oz.au (Robert Matthew Barrie) Date: Thu, 17 Mar 94 19:41:11 PST Subject: No Subject Message-ID: <9403180213.23084@munnari.oz.au> Does anyone have a list of anonymous remailers somewhere? matt From cspanviewr at aol.com Thu Mar 17 16:45:00 1994 From: cspanviewr at aol.com (cspanviewr at aol.com) Date: Thu, 17 Mar 94 19:45:00 EST Subject: Senator Leahy's hearing Message-ID: <9403171945.tn107394@aol.com> We've had quite a bit of interest and e-mail regarding the Clipper chip hearings and we passed it all on to our programming department for consideration at today's shoot meeting. Unfortunately, we will not be covering this hearing. Thanks for your interest in C-SPAN and please feel free to write again when an event of interest comes up. From remailer-admin at chaos.bsu.edu Thu Mar 17 20:03:02 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Thu, 17 Mar 94 20:03:02 PST Subject: Anonymous remailers Message-ID: <199403180447.WAA00163@chaos.bsu.edu> > Does anyone have a list of anonymous remailers somewhere? > > matt ---------- Forwarded Message ---------- From: mg5n+remailers at andrew.cmu.edu (Automated reply from mail software) Subject: Info on anonymous remailers This info on internet anonymous remailers is maintained by Matthew Ghio Last Updated: Mar 14 1994 The newest version of this document can be obtained by sending mail to: mg5n+remailers at andrew.cmu.edu Automated software will email you a copy. Notice: There have been many changes lately to various remailers. I try to keep this info as up to date as possible, but I may have missed something. If there are any errors, please let me know. The standard cypherpunks anonymous remailers are: hfinney at shell.portal.com catalyst at netcom.com nowhere at bsu-cs.bsu.edu remailer at chaos.bsu.edu hh at soda.berkeley.edu ebrandt at jarthur.claremont.edu remailer at merde.dis.org remailer at rebma.mn.org rperkins at nyx.cs.du.edu rperkins at nyx10.cs.du.edu hal at alumni.caltech.edu All of these allow you to send anonymous mail by adding the header Request-Remailing-To: and sending to one of the above addresses. Most (but not all) of these remailers also accept Anon-To: in place of Request-Remailing-To. If you can not add the required headers, place two colons (::) on the very first line of your message, then on the next line type Request-Remailing-To: and the address you want to send anonymously to. Skip a line, and then begin your message. Note that by using this method it is possible to send a message consecutively thru more than one remailer. remail at extropia.wimsey.com requires that you public-key encrypt your messages with PGP. This added security prevents a hacker or nosey sysadmin at your site from reading your outgoing mail or finding out where it's going. This remailer is not directly connected to the internet, so messages will be delayed about an hour. Some of the other remailers support PGP as well. For remailers which support both encryption and plaintext messages, identify encrypted messages by adding a header which reads: Encrypted: PGP Encryption keys can be found below. The bsu remailers require that you place the Subject: header in the body of the message, after the two colons and the Request-Remailing-To: line. These remailers also allow you to insert a Reply-To: line right after the Subject, so that you can have responses sent to you via an anonymous forwarding address. The other remailers require that you place two number signs (##) on a line, and then add the special headers, such as Reply-To: To get an anonymous forwarding address, send mail to mg5n+getid at andrew.cmu.edu There is a pseudonym-based anonymous remailer at anon.penet.fi. For information on this remailer, send mail to: help at anon.penet.fi There is another anonymous contact service at chop.ucsd.edu. It's not as full-featured as anon.penet.fi, but is considerably faster since it is not burdened by such a heavy load. For information on this remailer, send mail to: acs-info at chop.ucsd.edu Anonymous postings to usenet can be made by sending anonymous mail to one of the following mail-to-usenet gateways: group-name at cs.utexas.edu group.name.usenet at decwrl.dec.com group.name at news.demon.co.uk group.name at news.cs.indiana.edu The following lists the response times of the remailers listed above. Although measured accurately, these times are only an estimation of what you can expect. Actual response times will vary somewhat, depending on current network usage and other factors. Ping messages sent: Tue, 8 Mar 1994 00:00:00 EST (-0500) Replies received: nobody at shell.portal.com 00:01:57 catalyst-remailer at netcom.com 00:02:16 rperkins-remailer at nyx10.cs.du.edu 00:02:30 nowhere at bsu-cs.bsu.edu 00:02:39 remailer-admin at chaos.bsu.edu 00:02:43 rperkins-remailer at nyx.cs.du.edu 00:02:48 nobody at soda.berkeley.edu 00:02:51 nobody at jarthur.cs.hmc.edu 00:06:32 remailer at dis.org 00:35:34 remailer at rebma.rebma.mn.org 03:12:37 The following are PGP public keys of the remailers which support encryption: 512-bit key, Key ID 64E8A7, created 1993/03/05 Also known as: Anonymous Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBNAiuX3kAAAAECAMd6YkS3ylajgNSzX+wYLrpW03D+99OFvePQLlR5N+R5iZBr y4FbAMeDj+eCeEAqiEyNjUxHN5tGlqx1g6tk6KcABRG0JFJlbWFpbGluZyBTZXJ2 aWNlIDxyZW1haWxlckBkaXMub3JnPokAVQIFECwomeN8p7i9YJH3xQEBDhEB/A7+ RLEw2bGJeBdBy0yXn5mIenda/tHHs9NGXJZR5BvOsU9EwVY+9s86E33R2/tgqAjY UYc5MiWS0r1+H9Zw+FeJAJUCBRArmsesg4Ds6kta1jMBAW4zA/4waabkcIHN93Jy /9OMXhRDqrRf2kickmeUWOGHF0KALLo37kAqfDvMNDtFs1u3WbdaBWdTSiLR8qIM 6TQNq0IEhAeny07AVweLlIpJc7lVN7biHqVIPknxJTAI/xscybuMUin3yALzFpWR 54uFMbd45iuKWBJ2/IGdUYcd39H0FbQsIEFub255bW91cyBSZW1haWxlciA8cmVt YWlsZXJAdXR0ZXIuZGlzLm9yZz6JAJUCBRArmsmdg4Ds6kta1jMBAbdwA/9m2GYJ 978xxchux7nnl4HAo3N+A2Nx+n40kQftWNiyJwivrG8kYwDI24QYaUpr2l6+2HDd xedEOFsX6DiHbDQK5J7dGYOigASmZHPs39lEdJ3AHvrTVYVYjOxBMQ2W6p+Q5rbn qxfmVlqRMzPRosPJ1gpbfcTzIpqznwSTl7tztQ== =v3Hk -----END PGP PUBLIC KEY BLOCK----- 1024-bit key, Key ID B5A32F, created 1992/12/13 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAisrAP0AAAEEAJr3OwIfOIOoh9JndwwqFg+VyWFTAyM8S0B7wyGKI+A9sMAB mbSOIU52EszvLdZk8NH8mrOD9m3EZlt9gXOjln881RMilAunnzdXaJ6ffBKqPL+l yiefCbCo6wScVNfMSV6Di/2HMoFzVqukwRjTx8lqKt6hgy0uedtwcCemtaMvAAUR tCVSZW1haWxlciA8cmVtYWlsQGV4dHJvcGlhLndpbXNleS5jb20+iQCVAgUQK2SV p4OA7OpLWtYzAQG8eQP9F9ye/F/rXhJLNR5W/HV5k+f6E0zWSgtmTTWUYyydfJw+ lKDEDH6v+OFOFE3+fuTIL5l0zsNMSMdF5u7thSSWiwcFgaBFQF9NWmeL/uByOTSY tsB6DQSbw656SBH7c7V7jvUsPit/DubwBXZi9sOlULau3kQqXeeQxPhNE+bpMy6J AJUCBRArKwSLk3G+8Dfo40MBAXYAA/4hCVDFD0zG47pYPMg+y7NPE5LktWt2Hcwt Z4CRuT5A3eWGtG8Sd5QuHzbE4S9mD3CFn79bxZi0UDhryD8dsCG4eHiCpAcZqSvR JSkpgamdRaUQHNmMxv5goxHhRem6wXrKxZQNn5/S0NtQOrS6QKhFlGrzDIh/2ad1 J9qpyzJ/IYkARQIFECsrA9RLrSJixHgP9wEBNcEBewWpzywKk/SBDwocXebJmsT6 zug/ae78U/cu9kTX620Xcj1zqOdx9Y9Ppwem9YShaQ== =I7QE -----END PGP PUBLIC KEY BLOCK----- jarthur remailer 512-bit key, Key ID 7D154B, created 1993/04/04 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBNAiu+hVUAAAECAMVjEfl2IMNgSOJ+/fx1V6EbH50ofa6K4r1PBKMmkcHQextP ghwC4lXIgaAWUlLJ9x61+qf4jB5fpNUZLrF9FUsABRG0NWphcnRodXIgcmVtYWls ZXIgIGMvbyA8ZWJyYW5kdEBqYXJ0aHVyLmNsYXJlbW9udC5lZHU+iQCVAgUQK8M/ BIOA7OpLWtYzAQGJRAP9GIVi0qoQW4bjU9sikIPG4zIEbQ9O3rU1vd2uCrrnGQMM tdE9NoOx4umoVZKYTpCc96TlFQetb2UVd9JhaayXO7+nwNNHYgApkRJboolq9UzU wCRBA8k1EMAkdzCjzYglpZIQJz2yNP50Izu7g2LMbC1pHQX3CHVL7YlQrKGNLz4= =ItNk -----END PGP PUBLIC KEY BLOCK----- Anonymous Remailer 510-bit key, Key ID 5620D5, created 1992/11/15 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBNAisGf+IAAAEB/ieS6th8hI1QBjGpmctVvsIxZBtmpykVXc3psh0XVfH4sECS ugouk2zm/PJtt59A2E5SO3xjpDjeKlkQ745WINUABRG0LFJlbWFpbGluZyBTZXJ2 aWNlIDxoZmlubmV5QHNoZWxsLnBvcnRhbC5jb20+iQCVAgUQK3Azm4OA7OpLWtYz AQHzawQAwZPaJUR9iNwyKMDm4bRSao0uu381pq6rR3nw0RI+DSLKTXPqDaT3xBmL dVv1PVguLcoao/TRLkAheV7CIxodEiI9lAC2o6lqSXCP+vm3jYmulSgUlKafXYbj LAbZpsKRAUjCpyx0wlYmoHhkA+NZDzMcWp6/1/rM/V1i4Jbt2+GJAJUCBRArBpKv qBMDr1ghTDcBASTlBACfTqODpVub15MK5A4i6eiqU8MDQGW0P0wUovPkNjscH22l 0AfRteXEUM+nB+Xwk16RG/GdrG8r9PbWzSCx6nBYb7Fj0nPnRPtS/u69THNTF2gU 2BD0j2vZF81lEHOYy6Ixao2b6Hxmab2mRta2eTg7CV6XP3eRFDPisVqgooAWgw== =arSc -----END PGP PUBLIC KEY BLOCK----- The operation of this system of remailers is a group effort which relies on the contributions of many generous people. Please do not abuse the remailers. If you have problems with a remailer, most of the remailer operators can be contacted by sending mail to the remailer's address without a remailing request header. Otherwise, follow the instructions that come in the messages from the remailer. Do not send complaints to postmaster at the site. Most of the remailers are run by people who are not the site administrators. Sending to postmaster or the site admins will most likely just make them annoyed at you, and won't get your problem resolved. If you can run an anonymous remailer, please volunteer to do so. Software is availiable from anonymous-FTP at soda.berkeley.edu in the directory /pub/cypherpunks/remailer Other remailer program code is availiable at vangogh.vis.colostate.edu in the directory /pub/nate/remailer-GUI/cpremailer.tar.Z The software can usually be run on personal accounts; Root or sysadmin access is not required in most cases. There are two usenet forums for discussion of anonymous remailer systems, alt.privacy.anon-server and alt.anonymous From mg5n+ at andrew.cmu.edu Thu Mar 17 22:05:16 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 17 Mar 94 22:05:16 PST Subject: Fwd: *AVAILABLE: HIGHLY EFFICIENT ELECTRONIC CASH SYSTEMS* In-Reply-To: Message-ID: ---------- Forwarded message begins here ---------- Received: via nntpserv with nntp; Thu, 17 Mar 1994 17:00:49 -0500 (EST) Newsgroups: alt.2600,alt.cyberpunk.tech,talk.politics.crypto Path: andrew.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!cis.ohio-state.edu!magn us.acs.ohio-state.edu!usenet.ins.cwru.edu!howland.reston.ans.net!EU.net!s un4nl!cwi.nl!brands From: brands at cwi.nl (Stefan Brands) Subject: *AVAILABLE: HIGHLY EFFICIENT ELECTRONIC CASH SYSTEMS* Message-ID: Sender: news at cwi.nl (The Daily Dross) Nntp-Posting-Host: aasgier.cwi.nl Organization: CWI, Amsterdam Date: Thu, 17 Mar 1994 20:45:15 GMT Lines: 188 Xref: bb3.andrew.cmu.edu alt.2600:2751 alt.cyberpunk.tech:2971 talk.politics.crypto:3810 Subject: ------- seeking interested parties for implementing, and sharing the rights to, my technologies for privacy-protected electronic transfer of certified information. **** I am a PhD student at the Cryptography Department at the Center for Mathematics and Computer Science (CWI) in Amsterdam. In the past two years, I have developed a compact set of new techniques that enable the construction of highly efficient and secure electronic systems for off-line transfer of certified information, such that privacy is fully guaranteed. The resulting systems offers a great many advantages over any other privacy-protected systems you will find. In particular, using a subset of these techniques I have contructed off-line electronic cash systems in which the privacy of the account holders is fully guaranteed. An independent authority in the field of cryptology has recently confirmed that these systems seem to be the most practical such systems to date. I am posting this letter because I am very interested in pursuing the implementation of my systems *jointly*, in a fair business relationship, with a company capable of and interested in standardizing these systems. My technologies / ystenms are ideally suitable for smart cards, hand held computers, interactive TV, etcetera. All the rights to the technology have been transferred to me by CWI, and so part of such a cooperation would be *joint ownership of all rights*. The reason for posting this letter in a news group is that I see *no* other way to get in touch with interested parties. Before I go deeper into this, I would like to give you some more information about my technologies, and explain their many features. If you are not interested, but think you can help me by suggesting names etc.\, I would appreciate your suggestions. Privacy-protected transfer of electronic information. ----------------------------------------------------- Much work has been done to construct privacy-protected off-line cash systems previously, notably by David Chaum (formerly affiliated with CWI). This early work has resulted in two key concepts that can be used to attain the same level of security against double-spending as can trivially be attained in off-line cash systems with full traceability of payments. However, the many practical *realizations* of these concepts that have been proposed are far from satisfactory with respect to efficiency, provability of security (relative to certain well-known problems that are widely believed to be intractable), and extensibility in functionality. The new techniques I developed for my PhD thesis overcome *all* of these problems. They enable the construction of privacy-protected off-line cash systems that are almost as efficient as off-line cash systems that do *not* offer privacy. Succesful attacks against such a system provably imply that one can break a certain well-known signature scheme that is widely believed to be secure (such as the Schnorr scheme, the Guillou/Quisquater scheme, the schemes presented by Okamoto at CRYPTO 92, the Fiat/Shamir scheme etc.). The techniques in fact allow the construction of a highly efficient off-line cash system whose security (and that of all the extensions in functionality!) is based on the security of any one signature scheme of the so-called Fiat/Shamir type. Among the extensions in functionality are: prior restraint of double-spending, electronic cheques, protection against framing, currency exchange, anonymous accounts, and multi-spendable coins. All these extensions can be realized very easily without any need for additional data stuctures or basic algorithms (that is, *no* ad hoc constructions). In particular, prior restraint of double-spending can be achieved by using a tamper-resistant computing device that is capable of merely performing a signature scheme of the Fiat/Shamir type (of one's own choice), such as the Schnorr signature scheme. A highly preliminary report about a small subset of these techniques, based on the Discrete Logarithm problem, has been published by me about a year ago as a technical report at CWI. (A PostScript version of this report can be retrieved by ftp from ftp.cwi.nl, as pub/brands/CS-R9323.ps.). In August 1993 I presented these preliminary results at the CRYPTO 1993 conference in Santa Barbara. The final version of this abstract can also be retrieved by ftp from ftp.cwi.nl, as pub/brands/crypto93.ps. It's succesful acceptance can be measured by the fact that the results in the report are currently being used as the basis for a cash system by the European CAFE project, a project with 13 European partners from industry and science. I understand that some other implementations based on my report are under way as well. New developments. ----------------- In the mean time, however, I have significantly improved and *greatly* extended the techniques described in the preliminary report. Furthermore, I came up with a fully RSA-based variant that offers various advantages over the Discrete Log based variant. Contrary to the description in the preliminary report, the improved techniques allow the construction of withdrawal protocols for which it can rigorously be proven that the aforementioned attack to the withdrawal protocol is as hard as breaking a well-known signature scheme, and the efficiency of the system increases by a factor of two (a factor not to be neglected, especially not in case such a system is implemented using smart card technology!). As an interesting side note, the improved techniques do *not* use the blind signature technique as developed and patented by David Chaum. The full set of techniques can be used to construct highly efficient privacy-protected off-line mechanisms for transferring certified information, the security of which again can be *proven* assuming only the security of a certain well-known signature scheme of the Fiat/Shamir type of one's own choice. The off-line cash systems are in fact just one very particular instance of the general applicability of the complete set of techniques; it is a system in which credentials that may be shown only once can be transferred between any ``organizations'' while privacy is guaranteed. As an example of the usefulness of the new techniques, highly efficient and secure off-line cash systems can be constructed in which payments are made under pseudonym: in order to pay with a coin, an accountholder need do no more than send 35 bytes to an ``organization'' at which he has a pseudonym. For those who want to know in detail about the *many* features of the new techniques, as well as the performance of several preferred embodiments of systems that can be contructed from them, I have prepared a document that can be retrieve by ftp from ftp.cwi.nl, again in the directory pub/brands. There is a PostScript version called features.ps, as well as a plain text version called features.plain. Why am I posting this letter? ----------------------------- As I already mentioned at the start of this letter, I am very interested in pursuing the implementation of my systems *jointly*, in a fair business relationship, with a company capable of and interested in standardizing these systems. I am in the process of finishing my PhD thesis, which deals exclusively with these technologies. If you have read the detailed description of the features in my ``features'' document, then I have no doubt that you will agree with me that these systems offer a *great* many advantages over any other privacy-protected system for off-line transfer of digital information. In general, if you want to implement electronic systems for secure transfer of certified information, whether it be cash or other types of credentials, such that privacy can be guaranteed, then you will find out that this is *the* way to go. I am *not* involved with any project or company whatsoever. In particular, I want like to point out that I am *not* involved in the CAFE project, and I also do *not* have business relations with the company (DigiCash) of David Chaum, although I greatly respect his innovative work on privacy-protected transfer of electronic information. In fact, *all* rights on my technologies have been transferred to me by my employee, CWI. Due to the fact that my research was done independently of any project or company, it is extremely hard for me to get in touch with the appropriate persons at companies that are really interested in this technology *and* that have the capability of implementing it. Since projects and companies that I am not part of obviously do not provide me with such information, I see no better way to bring my technologies under the attention than by publishing this letter on the news net. If you are interested in my technologies, and want to pursue implementation together with me in the *near* future, I invite you to contact me. We can then discuss things further. Part of such a cooperation would be that *sharing* with me the rights to my technologies. My fax number is (31) 30 - 546 468 This is also my telephone number; however, I would prefer if you send fax or e-mail. My e-mail address at CWI is brands at cwi.nl. In case you are interested in having my work reviewed beforehand by some cryptography authority, to make sure I am not talking nonsense, I am happy to send to you a detailed description of my work. I guarantee you that he or she will *not* be able to break it, and will confirm the many statements I make about the benefits of my technologies. In addition, or alternatively, depending on the circumstances, I am happy to come over and explain my technologies in person with you. Alternatively, if you or your company is not interested in my technologies, but you think you can help me with pointers to persons at companies that might be interested in this technology, I would very much appreciate any such suggestions. From phred at well.sf.ca.us Thu Mar 17 22:10:12 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Thu, 17 Mar 94 22:10:12 PST Subject: EFF gun-shy of legally employing PGP (fwd) In-Reply-To: <199403172329.SAA25354@eff.org> Message-ID: <9403172209.ZM25889@well.sf.ca.us> While Mike may indeed be correct about the incremental effectiveness of using PGP *at this time*, I think Eric's point is the more important -- that as a leading organization promoting electronic privacy and access, EFF ought to set an example, one positive offshoot of which might be an *improvement* in EFF's communication effectiveness since the spoofing issue can be dealt with so much more easily. This is really a wake-up call to all of us, I think. I've had PGP sitting around on the shelf for a while now, and I'm not using it . . . yet. But that's going to change. If *we* don't take advantage of these tools now, in effect defining their use and showing their benefits, then who will? Those who lobby and advocate on behalf of these tools and approaches ought to have direct experience with them. It will make our efforts more authentically based on experience and thus more effective. Fred Heutte Sunlight Data Systems phred at well.sf.ca.us phred at teleport.com "Why make it simple & easy When you can make it complex & wonderful!" From E.Switalski at bnr.co.uk Fri Mar 18 01:09:37 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Fri, 18 Mar 94 01:09:37 PST Subject: Radio Networking In-Reply-To: <8hW8cKi00WAu0UsEso@andrew.cmu.edu> Message-ID: <199403180908.13234@bnsgs200.bnr.co.uk> Hi, >Ed Switalski wrote: > >>*** Quite Far ! >> >> With coherent CW you can key morse Japan/US i.e cross the Pacific >> on a few watts. > >If so, this might make a very convienient email/chat system... and with >encryption, a great way to hide our anonymous remailer connections from >'Big Brother'. *** you said it, only prob is that a slow signalling method is ungood for cryptoprotocols with lots of overheads! e.g RSA wil take 512/1024 bits to encrypt just a single session key. Such efficiency considerations might temp users to change keys on a per-day rarther than per-message basis >I must admit I don't know much about radio hardware... But would it be >possible to link up a large metropolitan area via radio links of this >type and transmit email and such? I think I could find a lot of sysops >interested in that... no more waiting until night to get netmail! *** probably, the slow signalling means very narrow bandwidth per station so you could pack lots into any unused slice of RF spectrum. I would use gaps in your local cellular 'phone system (etc!) as then the spooks would be hard pushed to even find the traffic and could not jam without annoying/alerting every local yuppie. >If the system worked at 300 bps, you could transmit a 2K message in >about one minute. That would allow over 1000 messages per day, much >less than most small BBS networks, and certainly enough to keep up with >this list. (Not to mention that ASCII text is very compressable, 50% or >more compression is not difficult in many cases.) *** Sounds OK. Disguise the receiver and antenna (my Polish partisan mama's washing line with wire plaited all along the length of the string) and leave it on all day. save the days messages to protected RAM and read out at will. >How hard would it be to build a small transmitter/receiver system to >handle data at low bps rates? And how much would it cost? *** Incoherent - QRP (ham-speak for low power) TX/TX transevivers cost 50-80 pounds for a shortwave kit in the UK -VHF/UHF bands maybe more. Low power means no exotic transistors, no big power supplies, no noisy cooling, fancy protection etc -the ouput tranny might need a modest heatsink -thats all. A data modulator woul be 20-30 pounds extra. Coherent addons bit probably 100 pounds (quessing here) As electronics are cheaper in US, so for sterling read dollar. Stay Cool, Hang Loose, Hack Crypto. Ed From E.Switalski at bnr.co.uk Fri Mar 18 03:33:57 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Fri, 18 Mar 94 03:33:57 PST Subject: New block mode of operation In-Reply-To: <9403172142.memo.9558@BIX.com> Message-ID: <199403181131.13916@bnsgs200.bnr.co.uk> RE: >Cipher-Chain-Cipher Mode of Operation >for Improving the Security of Block Ciphers > >by Thomas C. Jones > > Sorry! but Ross Anderson writes : >This doesn't stop differential cryptanalysis. In fact, Biham has developed a >whole theory on modes of operation which will come out at Crypto 94. The nub >of the theory is that fancy chaining modes don't buy you anything; you're >better to use your algorithm n times to replace DES in standard CBC or CFB. I have an Adobe.ps file of Bihams paper from Ross Regards, __o __o Ed \<, \<, _________________________________________()/ ()_____()/ ()_____________ Ed Switalski email: eswitals at bnr.co.uk Dept GM21, BNR Europe Ltd, Oakleigh Rd South, tel: +44 (0)81 945-2924 New Southgate, fax: +44 (0)81 945-3116 London, N11 1HB LON40, internal ESN (730) 2924 _______________________________________________________________________ From aragorn at alpha1.csd.uwm.edu Fri Mar 18 05:29:39 1994 From: aragorn at alpha1.csd.uwm.edu (stevenJ) Date: Fri, 18 Mar 94 05:29:39 PST Subject: Locating Color Copiers Message-ID: <199403181329.HAA15923@alpha1.csd.uwm.edu> John C. Brice muttered something about... :: ::The Secret Service is a division of the Treasury Department. One of their ::main duties is tracking down counterfeiters. If someone has stolen a color ::copy machine, there's a very good chance that it was stolen for the end ::purpose of counterfeiting. So I would imagine that that would be why the ::SS would be looking for this particular stolen property. Make sense? That's ridiculous. I hate to start a flame-war, but if I decided that I desperately needed a color copier but didn't want to spend that money and figured I'd just steal one, why would there be a good chance that I'd be doing this to start a counterfeiting process? Maybe I just want to make color copies. If you truly believe that this would be the main impetus for anyone stealing on of these devices you're thinking in the same ballpark as those who we fight against with cryptography. Additionally, it's only possible to photocopy $1, $5 and $10 because anything larger than that has that funny little strip of plastic in the bill. e x t r a p o l a t e steve j. white _____________________________________________________________________________ Gort, klatu barada nicto. aragorn at alpha1.csd.uwm.edu From aragorn at alpha1.csd.uwm.edu Fri Mar 18 05:30:33 1994 From: aragorn at alpha1.csd.uwm.edu (stevenJ) Date: Fri, 18 Mar 94 05:30:33 PST Subject: The Agency Whose Name May Not Be Spoken Message-ID: <199403181330.HAA15938@alpha1.csd.uwm.edu> Mats Bergstrom muttered something about... :: ::Yeah, I wonder what Jason Bourne is up to these days. If you can track ::him you would probably get close to where the real action is. :: Ok, I'll admit my neophyteness. Who is Jason Bourne? e x t r a p o l a t e steve j. white _____________________________________________________________________________ Gort, klatu barada nicto. aragorn at alpha1.csd.uwm.edu From joshua at cae.retix.com Fri Mar 18 06:05:06 1994 From: joshua at cae.retix.com (joshua geller) Date: Fri, 18 Mar 94 06:05:06 PST Subject: Locating Color Copiers Message-ID: <199403181404.GAA04156@sleepy.retix.com> stevenJ say: > it's only possible to photocopy $1, $5 and $10 because anything > larger than that has that funny little strip of plastic in the bill. $10 bills are real easy to pass (as opposed to $20's or $50's). josh From frissell at panix.com Fri Mar 18 06:52:40 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 18 Mar 94 06:52:40 PST Subject: DTI Hearing on NPR Message-ID: <199403181452.AA16310@panix.com> This morning's 6:00am EST (repeated at 8:00am) hourly teaser listing of news items on National Commie Radio included the following: "In Washington today...a Senate Judiciary subcommittee holds hearings on encoding digital communications so that police agencies can still intercept calls." Newsreader was Alex Chadwick DCF -- "The Piano dies in the end." Spoiler for "The Piano" --- WinQwk 2.0b#1165 From pmetzger at lehman.com Fri Mar 18 07:00:53 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 18 Mar 94 07:00:53 PST Subject: Locating Color Copiers In-Reply-To: <199403181404.GAA04156@sleepy.retix.com> Message-ID: <9403181459.AA21037@andria.lehman.com> joshua geller says: > stevenJ say: > > > it's only possible to photocopy $1, $5 and $10 because anything > > larger than that has that funny little strip of plastic in the bill. > > $10 bills are real easy to pass (as opposed to $20's or $50's). Whats hard to pass about 20s? They are as common as water in New York. The bank machines don't even spit out 10s any more for the most part. Perry From hughes at ah.com Fri Mar 18 07:26:38 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 18 Mar 94 07:26:38 PST Subject: Denning Presentation and Q&A at George Mason University In-Reply-To: <9403172127.AA03674@ciis.mitre.org> Message-ID: <9403181514.AA03523@ah.com> >The >professor, Dr. Brad Cox, is a veteran software developer who has turned his >attention to developing models for electronic commerce and >"student-centered education". For what it's worth, Brad used to be on cypherpunks, but didn't have enough time to follow it full time. Eric From avalon at coombs.anu.edu.au Fri Mar 18 07:36:27 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Fri, 18 Mar 94 07:36:27 PST Subject: Locating Color Copiers In-Reply-To: <9403181459.AA21037@andria.lehman.com> Message-ID: <9403181536.AA03496@toad.com> > > > joshua geller says: > > stevenJ say: > > > > > it's only possible to photocopy $1, $5 and $10 because anything > > > larger than that has that funny little strip of plastic in the bill. > > > > $10 bills are real easy to pass (as opposed to $20's or $50's). > > Whats hard to pass about 20s? They are as common as water in New York. > The bank machines don't even spit out 10s any more for the most part. > > Perry Don't you just hate it how they won't let you have the change you want ? It's a bitch when you've only got twenties and trying to give someone change... From mech at io.com Fri Mar 18 08:27:13 1994 From: mech at io.com (Stanton McCandlish - EFF Online Activist/SysOp) Date: Fri, 18 Mar 94 08:27:13 PST Subject: CLIPPER COMPROMIZED? Message-ID: <199403181620.KAA07272@illuminati.io.com> According to a fax I received: _____ begin fwd ___________ CLIPPER COMPROMISED? "Security Insider Report," a monthly newsletter published in Seminole, Fla., has reported that government officials are seeking to determine whether former CIA employee and alleged traitor Aldrich Ames may have sold information to the Russians about the government's secret key-escrow technology used in Clipper Chip chipsets and Capstone Tessera cards. The secret key-escrow technology, dubbed Skipjack, can be used to encrypt network voice and data. _____ end _________________ This was faxed march 17, and consisted of part of a xeroxed page from a publication; unfortunately I cannot tell what the publication is. Some other headlines on it are "ARDIS aims to simplify radio-based messaging", "Vendors curb wireless hype", "AnyLAN, anytime, anywhere", and "Cheyenne prepares fix for ARCserv users woes". Next to the Cheyenne article is a round logo that says R.A.F. in large letters, and with the following cirling the logo: Network World's Reader A[missing] Force. "[missing]" means text that is cut off. Anyone know what publication this is, and which issue? The page number is 2. My best guess is it's Network World. Any corroborating stories? From mg5n+ at andrew.cmu.edu Fri Mar 18 09:11:07 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 18 Mar 94 09:11:07 PST Subject: Illuminati Online infobot Message-ID: > E-mail auto-response message from info at io.com last updated: 94-02-16 > > ############################################################################## > # # > # ILLUMINATI ONLINE # > # # > ############################################################################## > > Thanks for your interest in Illuminati Online! If you have any specific > questions that are not answered here, send mail to admin at io.com or voice at > (512) 447-7866 for a response from a live human being. I keep getting copies of this when I didn't request it. The mails seem to be coming in response to posts made to cypherpunks. Did someone subscribe info at io.com to the list? Methinks someone here has a very bizarre sense of humor... :) ...wandering off to check to be sure mg5n+remailers isn't subscribed to the list... From rarachel at prism.poly.edu Fri Mar 18 10:15:00 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Fri, 18 Mar 94 10:15:00 PST Subject: CLIPPER COMPROMIZED!!!! :-) In-Reply-To: <199403181620.KAA07272@illuminati.io.com> Message-ID: <9403181801.AA26504@prism.poly.edu> <> Hahaha!!!!! This is really great. In the least this puts a bit of a delay in the clipper-release, and gives us a bit more time to get more people to oppose it. From gtoal at an-teallach.com Fri Mar 18 10:15:19 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 18 Mar 94 10:15:19 PST Subject: Illuminati Online infobot Message-ID: <199403181815.SAA19424@an-teallach.com> I think the info stuff is from cman at caffeine.io.org, who recently resigned from SJG and I suspect has put that on his personal mailbox so that people mailing him about SJG business know where to go. G From rarachel at prism.poly.edu Fri Mar 18 10:36:59 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Fri, 18 Mar 94 10:36:59 PST Subject: Getting EFF to sign their postings In-Reply-To: <9403180006.AA12767@anchor.ho.att.com> Message-ID: <9403181824.AA27014@prism.poly.edu> Can you use PGP after you buy ViaCrypt? After all, you paid for ViaCrypt, and since it's supposedly the same as PGP, can you simply use PGP and mention that you have purchased ViaCrypt? The other thing you could do is get a PC hooked up via appletalk to your Mac network (or via ethernet, etc.) You could send batch files for it to execute somehow, and it should run in full speed. Something like all the Macs on the network have a shared directory with the PC which runs PGP... On the PC end, there's a program that looks in this directory, reads a batch file, executes it, deletes the batch file. You'll also need some sort of file locking method. The simplest of these is to just rename the file... say, write a file called LOCKED XXXX940318132811 which the PC should ignore because it won't look like the file it wants... then when the file is closed, it can be renamed XXXYYYY.PGP which the server on the PC end will simply shell out to and then delete... the XXX in the file name could be the Mac station ID... The output of these batch files could go to a file called XXXYYY.RES for result. The batch file can include the message to sign, look at, etc... How? You can use the echo command to redirect to a file, or you can put input/output files in other directories... Shouldn't take more than a few days worth of work to implement... From jazz at hal.com Fri Mar 18 10:40:55 1994 From: jazz at hal.com (Jason Zions) Date: Fri, 18 Mar 94 10:40:55 PST Subject: spyproofing your house/work building Message-ID: <9403181839.AA14713@jazz.hal.com> > Drapes so the lip readers can't see you. Make sure the drapes block IR. There are instances of even local police forces flooding the front of a house with IR light, and viewing the activities inside with IR viewers -- all of this through closed drapes. Or you could just put a nice incandescent light fixture between you and the drapes; nice IR output from those bulbs. Halogen fixtures ought to work also, but fluorescent bulbs don't produce enough IR. More importantly: attach a contact-speaker to each pane of glass, and feed Top 40 radio to it. There have been reported cases of spy types bouncing laser beams off windows and using the reflected beams to reproduce the vibrations produced in the glass by reflected sound; in other words, the window panes are large membranes which vibrate in sync with the sound that hits them, so you want to override those vibrations with something else. This reeks of paranoia, eh? Jazz From rarachel at prism.poly.edu Fri Mar 18 10:51:50 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Fri, 18 Mar 94 10:51:50 PST Subject: spyproofing your house/work building In-Reply-To: Message-ID: <9403181839.AA27327@prism.poly.edu> <> So is there a way to detect the specific IR that the bad guys use? From cfrye at mason1.gmu.edu Fri Mar 18 10:52:55 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Fri, 18 Mar 94 10:52:55 PST Subject: Denning Presentation and Q&A at George Mason University Message-ID: <9403181852.AA13439@mason1.gmu.edu> Brad attended the DC cypherpunks meeting this past Saturday and showed part of Denning's lecture before we really got rolling. With as many hats as he wears, I'd hate to deal with his daily email volume! Curt From unicorn at access.digex.net Fri Mar 18 10:54:29 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 18 Mar 94 10:54:29 PST Subject: Locating Color Copiers Message-ID: <199403181854.AA19678@access1.digex.net> John C. Brice muttered something about... :: ::The Secret Service is a division of the Treasury Department. One of their ::main duties is tracking down counterfeiters. If someone has stolen a color ::copy machine, there's a very good chance that it was stolen for the end ::purpose of counterfeiting. So I would imagine that that would be why the ::SS would be looking for this particular stolen property. Make sense? That's ridiculous. I hate to start a flame-war, but if I decided that I desperately needed a color copier but didn't want to spend that money and figured I'd just steal one, why would there be a good chance that I'd be doing this to start a counterfeiting process? Maybe I just want to make color copies. If you truly believe that this would be the main impetus for anyone stealing on of these devices you're thinking in the same ballpark as those who we fight against with cryptography. Additionally, it's only possible to photocopy $1, $5 and $10 because anything larger than that has that funny little strip of plastic in the bill. e x t r a p o l a t e steve j. white _____________________________________________________________________________ Gort, klatu barada nicto. aragorn at alpha1.csd.uwm.edu -< I think the general point is that the secret service has authority when there is a counterfeiting case. I don't know the particulars but in this case, if the secret service showed up, you can bet they had authority. Agencies are very possesive about jurisdiction. Surely in this case the secret service was looking for the copier because they had reason to believe it was being used in counter- feiting. That said, it's not too difficult to guess that they had a good deal of information about the suspect and the copier already and thus it's not real strange that they managed to track down the copier quickly. As for photocopying 1, 5's and 10's only, you seem to assume that all the 20's and 50's without the polyester/foil strip in them have been removed from circulation. I got a silver certificate in change the other day if that tells you anything about how likely that is. (the 1988 series bills had no such strip...) -uni- (Dark) From northrop at netcom.com Fri Mar 18 11:09:08 1994 From: northrop at netcom.com (Scott Northrop) Date: Fri, 18 Mar 94 11:09:08 PST Subject: cypherpunks-seattle@netcom.com is up and running. Message-ID: <199403181909.LAA18479@mail.netcom.com> Last weekend the call went out somewhat at the last minute for a Cypherpunks physical meeting in Seattle, and 11 people showed! With a little planning, I'm sure we can have more of the Seattle crowd attending the next meeting. The new mailing list is to facilitate that planning. The intro doc follows. Scott -- Scott Northrop (206)784-2083 Those who use arms well cultivate the Way and keep the rules. Thus they can govern in such a way as to prevail over the corrupt. -- Sun Tzu, The Art of War, Book IV ----------------------------------->% snip %<---------------------------------- Welcome to the cypherpunks-seattle at netcom.com mailing list. Like every moderator of every new list, I hope this will be mostly signal and very little noise. I don't envision this as a general discussion list -- that's what the main list is for. This list is for: Coordinating physical meetings of Cypherpunks in Seattle. Location, time, equipment, arranging rides, etc. Suggesting topics to cover at the meetings. Coordinating other local group activities. Announcements of relevant talks, seminars and other such goodies in the Seattle area and environs. *Concise* pointers to other local groups, mailing lists, and sources of information that might be of interest to local Cypherpunks. Whatever everyone seems to use it for. This list is NOT for: Reposting the "important" messages from the main list or any other mailing list or newsgroup. (If someone wants to run a "distilled" Cypherpunks list, fine. This isn't it!) Preaching to the converted. No ranting! (If you want to rant, do it on the main list. Everyone else seems to...) Rehashing the same topics that are going on the main list. This list is managed by a Majordomo-style mailing list server running on netcom.com. If you want to send a command to the list server, put it in the body of a message to listserv at netcom.com. Some useful commands: subscribe cypherpunks-seattle unsubscribe cypherpunks-seattle help Any suggestions for how to improve this intro are welcome. Any suggestions for a *local* FAQ are also welcome. Always remember, the space-time continuum is allocated on a first-come, first-served basis. So drive carefully! Scott Northrop From mech at eff.org Fri Mar 18 11:24:36 1994 From: mech at eff.org (Stanton McCandlish) Date: Fri, 18 Mar 94 11:24:36 PST Subject: CLIPPER COMPROMIZED? In-Reply-To: <9403181714.AA06850@hawksbill.sprintmrn.com> Message-ID: <199403181924.OAA15439@eff.org> Just got word from the RISKS folks that the upcoming issue has a denouncement of the Network World article, from Denning. She says she checked up on it, and it's BS. This is pretty much obvious, but it still leaves open the question of who originally came up with this rumor to monger, and why? It looks almost like an act of desperation. That's my interest in this. If it was something that could be taken seriously, it would be a good bit of propaganda work, truth or falsehood aside. But the entire short article smacks of conspiracy theorist ranting. I hope this sort of stuff isn't going to become more frequent, or it may make anti-Clipper people look, from the outside, like kooks. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From rarachel at prism.poly.edu Fri Mar 18 11:28:37 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Fri, 18 Mar 94 11:28:37 PST Subject: spyproofing your house/work building In-Reply-To: <9403181839.AA14713@jazz.hal.com> Message-ID: <9403181916.AA28470@prism.poly.edu> > Or you could just put a nice incandescent light fixture between you and the > drapes; nice IR output from those bulbs. Halogen fixtures ought to work > also, but fluorescent bulbs don't produce enough IR. Might not work as the incandescent light source still won't stop the window from vibrating. They can still reflect a laser off it regardless of the output of another source. They may have tweak their amps... but it won't help against it. > More importantly: attach a contact-speaker to each pane of glass, and feed > Top 40 radio to it. There have been reported cases of spy types bouncing > laser beams off windows and using the reflected beams to reproduce the > vibrations produced in the glass by reflected sound; in other words, the > window panes are large membranes which vibrate in sync with the sound that > hits them, so you want to override those vibrations with something else. Won't work. You need a random, independant source of noise. Each window pane should have its own noise source attached to a speaker. If the speaker is tuned into a radio station, they too can tune into the same station, then substract the two signals giving them a fairly clear ear to listen in from. A random noise source that is independant will do well because they can't substract it out. If two windows in two different rooms also use the same random noise, they can differentiate between the two rooms and get the sound. I suppose they could bounce four or five lasers on the same window in hopes of being able to use two beams for the substraction, but if the speaker is placed in a good location, or several of them are placed on the same window, they'll have a bitch of a time getting anything. In that case they'll probably resort to using microwaves to bounce off a metal item in the room which would also vibrate with any sounds in the room. The only real defense against that would be strong shielding and a microwave detector to see if the shielding failed... the shielding has to be sound isolated or else the walls of the shielding could be used to get sound.. :-( Pretty nasty shit, eh? > This reeks of paranoia, eh Nope, it's da truth. :-) I'm not doing this out of paranoia. I'm learning about this incase the police state comes anytime soon. It's far better to learn about it before than after it's too late. From jlawson at mole.uvm.edu Fri Mar 18 11:29:05 1994 From: jlawson at mole.uvm.edu (Jim Lawson) Date: Fri, 18 Mar 94 11:29:05 PST Subject: spyproofing your house/work building In-Reply-To: <9403181839.AA27327@prism.poly.edu> Message-ID: On Fri, 18 Mar 1994, Arsen Ray Arachelian wrote: > < with its headlights on drives up.>> > > So is there a way to detect the specific IR that the bad guys use? Probably. I am just pointing out that the *cheap* IR sensors that Rat Shack sells are activated by anything - not just IR light. There is probably a better model sold by some electronics company. -- Jim Lawson Computing & Information Technology jlawson at mole.uvm.edu University of Vermont Finger for PGP KeyID: FD0339 From tcmay at netcom.com Fri Mar 18 11:48:04 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 18 Mar 94 11:48:04 PST Subject: Shout it to the world: Clipper is Compromised! In-Reply-To: <199403181924.OAA15439@eff.org> Message-ID: <199403181948.LAA20126@netcom9.netcom.com> Stanton McCandlish wrote: > Just got word from the RISKS folks that the upcoming issue has a > denouncement of the Network World article, from Denning. She says she > checked up on it, and it's BS. This is pretty much obvious, but it still > leaves open the question of who originally came up with this rumor to > monger, and why? It looks almost like an act of desperation. That's my > interest in this. If it was something that could be taken seriously, it > would be a good bit of propaganda work, truth or falsehood aside. But the > entire short article smacks of conspiracy theorist ranting. I hope this > sort of stuff isn't going to become more frequent, or it may make > anti-Clipper people look, from the outside, like kooks. > Since I've seen it cited by Dave Banisar, yourself, and others, including direct excerpting from the source, to me it is "fair game" for spreading far and wide! I'll be interviewed on a radio show in the near future, and I fully intend to let the listeners know about the intrinsic vulnerability of centralized systems like the Clipper key escrow system to theft or compromising of the keys. Whether details have already leaked or not is beside the point: a centralized system takes away our own responsibility for our privacy and places a master or skeleton key to our lives in the hands of the state....a state which has shown itself to be corrupt at various levels and in various unpredictable ways. Frankly, I don't consider Dorothy Denning to be an unbiased source in this matter, so I will look with some skepticism at any "denunciation" of this report. By her. And I hope here reasoning is more than "I have been told." (Not to pick on Denning, but she has demonstrated a credulous approach to accepting the word of law enforcement in the past, and has repeatedly referred to law enforcement's greater need for access to private matters and how things "they know" would scare the rest of us if only we could be told about them.) As for this stuff making anti-Clipper folks sound like "conspiracy theorists," just what is Clipper and Digital Telephony but a conspiracy to crush privacy as we know it today and usher in the surveillance state? Some conspiracies are more than theories. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mccoy at ccwf.cc.utexas.edu Fri Mar 18 11:52:40 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 18 Mar 94 11:52:40 PST Subject: Illuminati Online infobot In-Reply-To: Message-ID: <199403181952.AA03440@tramp.cc.utexas.edu> Matt writes: > > E-mail auto-response message from info at io.com [...] > > I keep getting copies of this when I didn't request it. The mails seem > to be coming in response to posts made to cypherpunks. Did someone > subscribe info at io.com to the list? Methinks someone here has a very > bizarre sense of humor... :) I think that sometime last night around 3am or so the mailer on io.com began to send copies of some of Doug Barnes's mail (cman at io.com) to the info at io.com address which then sent an auto-reply to the original sender. I thought I fixed it before I finally went to sleep but apparently missed something... Sorry. jim From lefty at apple.com Fri Mar 18 12:05:33 1994 From: lefty at apple.com (Lefty) Date: Fri, 18 Mar 94 12:05:33 PST Subject: spyproofing your house/work building Message-ID: <9403182004.AA26008@internal.apple.com> >I suppose they could bounce four or five lasers on the same window in >hopes of being able to use two beams for the substraction, but if the >speaker is placed in a good location, or several of them are placed >on the same window, they'll have a bitch of a time getting anything. If you're seriously worried about los Federales expending this degree of effort on you, you must lead a radically more exciting life than _I_ do. In the relatively isolated area where I live, anyone parked close enough to my house to do this sort of thing (and given the ambient foliage, that'd be _mighty_ close) would stick out like a sore thumb. This is not a scenario over which I plan to lose much sleep. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From tcmay at netcom.com Fri Mar 18 12:08:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 18 Mar 94 12:08:17 PST Subject: spyproofing your house/work building In-Reply-To: <9403181916.AA28470@prism.poly.edu> Message-ID: <199403182008.MAA22719@netcom9.netcom.com> I don't want to stop the fun Jason Zions and Arsen Ray A. are having, but their ideas won't work. Not that I think IR surveillance is the highest priority to worry about, either. But I used to be a physicist, and some of the reasoning here is perpetuating fallacies: > > Or you could just put a nice incandescent light fixture between you and the > > drapes; nice IR output from those bulbs. Halogen fixtures ought to work > > also, but fluorescent bulbs don't produce enough IR. Nope. Incandescent bulbs will have a broad spectrum of IR, from the near IR to the far IR. An attacker with a IR illumination system (such as in night-vison or FLIR systems, etc.) can illuminate in a chosen spectral range with a power level much higher in his chosen band than any reasonable bulb will put out. Moreover, he could of course modulate (e.g.. chop) the illumination and lock-on only to the modulated signal. In other words, the attacker has the choice of wavelength and signal modulation to increase his S/N. Still not likely, except for determined attackers and targets of high economic or strategic value. I suspect the Waco compound was under IR and microwave surveillance, for example. I suspect I am not, and in any case, I don't worry about it. (The real danger is not individual targetted surveillance, but widespread and easy surveillance of communications and tracking of locations, purchases, habits, etc.) > > More importantly: attach a contact-speaker to each pane of glass, and feed > > Top 40 radio to it. There have been reported cases of spy types bouncing > > laser beams off windows and using the reflected beams to reproduce the > > vibrations produced in the glass by reflected sound; in other words, the > > window panes are large membranes which vibrate in sync with the sound that > > hits them, so you want to override those vibrations with something else. > > Won't work. You need a random, independant source of noise. Each > window pane should have its own noise source attached to a speaker. > If the speaker is tuned into a radio station, they too can tune into > the same station, then substract the two signals giving them a fairly > clear ear to listen in from. A random noise source that is independant > will do well because they can't substract it out. If two windows in > two different rooms also use the same random noise, they can differentiate > between the two rooms and get the sound. Still won't work well against determined attackers. The entropy of English speech and the _localization_ of the speaker means several things: - multiple windows (or other vibrating conductors, if microwaves are used) will have a correlated signal corresponding to the speaker, whereas the added noise will be uncorrelated (generally...one can imagine clever hacks to try to spoof the listeners by injecting some correlation into the noise, but this is also detectable....you see the point, I hope) - speech models allow phonemes, words, etc., to be plucked out of even noisy environments (we do it all the time....so do folks listening for the characteristic signatures of submarines, etc.) ... > In that case they'll probably resort to using microwaves to bounce off > a metal item in the room which would also vibrate with any sounds in the > room. The only real defense against that would be strong shielding > and a microwave detector to see if the shielding failed... the shielding > has to be sound isolated or else the walls of the shielding could be > used to get sound.. :-( Pretty nasty shit, eh? Which is why we'll eventually all plan our conspiracies with non-speech, non-in-person methods, such as with secure telecom.... Wait! Do you think that's what Clipper and Digital Telephony are all about? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From adam at bwh.harvard.edu Fri Mar 18 12:08:24 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Mar 94 12:08:24 PST Subject: spyproofing your house/work building In-Reply-To: <9403181916.AA28470@prism.poly.edu> Message-ID: <199403182007.PAA01085@spl.bwh.harvard.edu> | Nope, it's da truth. :-) I'm not doing this out of paranoia. I'm | learning about this incase the police state comes anytime soon. It's | far better to learn about it before than after it's too late. When the police state arrives, doing any of the thigns mentioned here will be cause for arrest. If you didn't have anything to hide, you'd be cooperating with the police, and writing all your mail on post cards. If you want to hide, build deep underground, preferably in hard, mineral bearing rock, like the bottom of a mine shaft. Most of the means of survelience in use rely on thin walls, windows, or easy access for black bagging. Of course, make sure you have plenty of food and water, and multiple lines of communication out. Also, old mine shafts have been known to collapse when the BATF is around. Fighting a police state is much easier before it arrives. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From unicorn at access.digex.net Fri Mar 18 12:38:16 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 18 Mar 94 12:38:16 PST Subject: Joint Committee DT94 Hearings Summary Message-ID: <199403182037.AA24759@access3.digex.net> -----BEGIN PGP SIGNED MESSAGE----- Quick Summary of the Digital Telephony Hearings 18-3-94 I have a full recording of the first three sets of witnesses, but I wont type the whole transcript in because it should be available publicly as part of legislative history files in a few weeks. The below is a quick summary of the FBI case for the Wiretap Bill, I have omitted most of the testimony of the other witnesses. If there is enough interest I will work up a more full analysis. The Hearing: I was surprised by a few things. 1> The attendance. Most of the large telco corps. were represented and some thought the hearing important enough to hire messenger people to wait in line for them. In addition, there was a large law enforcement presence. The FBI was in full force, not surprisingly, as were the Prince George's County Police and members of the Attorney General's Office. All this was expected, what really surprised me was recognizing several members of non-domestic intelligence agencies. Typically the legislative process is observed by the intelligence communities at arms length. Such was not the case here. 2> The lack of any concerted support for the bill from the Chair. Despite efforts by Rep. Canady and Sen. Cohen (sp?) there was no real organized support for the draft bill except from the FBI. (Director Freeh) I was pleased to find the privacy issue raised several times, and usually there was deference to civil liberties rather than law enforcement. One of my favorite comments from Sen. Don Edwards (Former Prosecutor and FBI agent): "[Before 1968 when I was an agent] wiretapping was illegal. I seem to remember doing it anyway however." The FBI position was exposed as flexible with Freeh admitting that he did not want access to the kind of transactional data that EFF and civil libertarians have been complaining about. Of course he offered no real solution either, and it came out in later testimony that ferreting out this data was a distinct technical problem in and of itself. Freeh's position was basically this: New technology is preventing wiretapping. Wiretapping is only used when it can be shown nothing else will work. The FBI is not seeking an expansion of powers, but only trying to maintain the balance they "currently have." Wiretapping is typically used in the most important "life and death" cases. Without wiretapping crimes will take victims that otherwise would have been protected. Communications technology is essentially repealing the wiretap authority de facto. His statistics were interesting too. 993 Wiretaps in 1992, over 9000 pen register connections. 252 by the FBI, 340 Federal, 2/3 State and local authorities. 22,000 "dangerous felons" arrested in the last ten years. There was much concern from the chair as to why the current law was not enough. Freeh replied that the telco companies themselves had been the ones to forecast a gap in access for the FBI, and that the telco lawyers were advising the telcos that they did not have to comply with old legislation if access under the new systems was not possible. Freeh went on to say that the new law cannot compel that which is technologically impossible, and if the telco's don't install the equipment, then it is simply impossible. Freeh claims there were 91 cases he knew of in 1993 where the new equipment had interfered with the government's ability to wiretap. The chair was concerned that the legislation was basically halting development until the government could catch up. Freeh replied that without the legislation the telco's would not comply with law enforcement needs. "2000 companies will not sit down at a table at the same time and agree unilaterally to do exactly the same thing...." The chair asked if the FBI was asking for an industry standard, and will the legislature be stepping in and "impeding technological advances that would be there without our stepping in." Some hesitation from Freeh, then: "Yes." Will call forwarding and such calling features that might interfere with the enforcement of this bill be kept off the market because of this legislation? Freeh: "No, absolutely not. That is not the intent of the legislation, and I don't believe that is the effect." And encryption? "That's another problem... This legislation doesn't ask them to decrypt, it just tells them to give us the bits as they have it. If they're encrypted that's my problem." Chair: "That will be another hearing." [Laughter] Sen. Leahey: "I feel very fortunate to have all these things land in my subcommittee, otherwise I probably would have had nothing to do on weekends and evenings." [Laughter] [...] Freeh: "That's why we are here, the technology is running at such a pace that we could be out of the wiretap business in a short period of time." Are the companies going to pay for the 24 hour personal for each and every telephone company. Freeh: Yes, but your only talking about 900 wiretaps a year. The chair expresses concern that a small and budding telco with five employees might be unduly burdened by the payroll of 3 more employees round the clock. [...] On the $10,000 a day fine, "I think that's flexible." Freeh insisted this was only a benchmark and that the authority to impose at least those sanctions existed already. "But we don't use it because the phone companies have been so cooperative." On the cost of the Digital Telephony equipment. Freeh: "We estimate 300-500 million dollars. That could be off by 200 million, it could be off by 500 million." [Laughter] [...] "What I do know is that the World Trade Center [bombing] cost upwards of 5 billion dollars." The chair cites the Time survey with the 66% prefer privacy to wiretapping statistic. Sen. Leahey expressed concern over the fact that sanctions do not take into account good faith. Instead the FBI dictates terms, and if the carrier is unable to comply, despite whatever efforts, the sanctions are leveled. The chair questions that if common carriers did not include small cable companies getting into the local telephone business, wasn't there an economic regulation at work? Freeh responded by noting the last bill was rejected because it was too broad, and this one is intended to be more narrow. Leahey dismissed the witness and commented that the technological advances in the United States were one of the major reasons the Unites States had remained a world leader. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLYoQdRibHbaiMfO5AQEC6wP/aAEgE3ewQwi2cVknAcSLeDwJl+96Hnbf zEEIfufbcv0T7E367dYUHe+PdavO5Jms9xcx6Hw7dge7LDCz7yxUzPCqwvEznILy BogcbY+bs17Z8UDkTLuR63IqXlP3moZEVrbad7cybXLqpjNzmWBlrDcHkvvEAi7f Dw20ZtlZGcY= =1C9z -----END PGP SIGNATURE----- From unicorn at access.digex.net Fri Mar 18 12:59:06 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 18 Mar 94 12:59:06 PST Subject: error correction Message-ID: <199403182058.AA25811@access3.digex.net> That's Sen. Leahy, not Leahey... (Sigh) From mg5n+ at andrew.cmu.edu Fri Mar 18 12:59:34 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 18 Mar 94 12:59:34 PST Subject: spyproofing your house/work building In-Reply-To: <9403181839.AA27327@prism.poly.edu> Message-ID: <8hWVM1m00WB5IQ=nFz@andrew.cmu.edu> Excerpts from internet.cypherpunks: 18-Mar-94 Re: spyproofing your house/.. by Arsen Ray Arachelian at pri > < with its headlights on drives up.>> > > So is there a way to detect the specific IR that the bad guys use? Measure the ratio of IR to visible light. From pcw at access.digex.net Fri Mar 18 13:02:20 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 18 Mar 94 13:02:20 PST Subject: CLIPPER COMPROMIZED? Message-ID: <199403182059.AA29674@access1.digex.net> Is the story that Ames sent the secret of the Clipper Chips to Moscow unlikely? Well, yes. There are no escrow agents because there aren't any keys yet. Plus, it is unlikely that the specific design got to him. But Dorothy characterizes the entire rumor as absurd and I don't think that this is the case. It seems entirely plausible to me that someone in Ames position could severely compromise the Clipper system. Why? Someone in Ames position would presumably need access to Clipper encrypted calls to conduct counter-intelligence operations. Remember some of the first customers will be the DOJ, a good place to put a mole. So if someone in Ames wanted a Clipper key, he could probably ask the escrow agents for it and get it, no questions asked. Dorothy uses arguments like Ames wouldn't have a "Need to Know." This really isn't a strong point. Ames is accused of being a spy. Spies, by definition, circumvent "need to know" requirements. I believe that they found some documents in Ames possession that he was not authorized to hold. The specific rumor is probably false, but I think that the Ames case is a perfect proof of what will almost certainly go wrong with the Clipper system. Someone will rat. History has shown time and time again that three can keep a secret if two are dead. Me and the two Clipper Agencies make three. From amcgee at netcom.com Fri Mar 18 13:22:04 1994 From: amcgee at netcom.com (Arthur R. McGee) Date: Fri, 18 Mar 94 13:22:04 PST Subject: CLIPPER COMPROMIZED? In-Reply-To: <199403181620.KAA07272@illuminati.io.com> Message-ID: Check the latest issue of RISKS Digest. This was mentioned by a couple of people, and I believe that they did say it was in Network World. ----------------------------- Art McGee [amcgee at netcom.com] ----------------------------- From wcs at anchor.ho.att.com Fri Mar 18 14:36:39 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 18 Mar 94 14:36:39 PST Subject: CLIPPER COMPROMIZED!!!! :-) Message-ID: <9403182235.AA00243@anchor.ho.att.com> There's been a report going around linking Aldrich Ames to Clipper. Back when I read alt.folklore.urban a lot, I'd see stories like that. My guess about the origin of this report is that it evolved like this: - Somebody on talk.politics.crypto posts a comment like "Oh, come on - if the CIA can't prevent trusted spies like Aldrich Ames from leaking the names of other spies, how will the NSA keep its people from giving away the CLipper secrets, either for bribes or for "patriotic" reasons like loyalty to the "Office of the President". - Somebody else reads that and says "What if a *spy* like Aldrich Ames gave away Clipper?" - Somebody else reads that and says "Does anybody know if Aldrich Ames had anything to do with Clipper?" which somebody in the press hears somebody say to somebody else, and it turns into a report like: > < published in Seminole, Fla., has reported that government officials are > seeking to determine whether former CIA employee and alleged traitor > Aldrich Ames may have sold information to the Russians about the > government's secret key-escrow technology used in Clipper Chip chipsets > and Capstone Tessera cards. The secret key-escrow technology, dubbed > Skipjack, can be used to encrypt network voice and data. which must *obviously* be true because it came off the *wire services*... Probably Aldrich Ames didn't have any contact with the people in the NSA doing Clipper or the FBI people doing Digital Telephony Prevention. Bill From jim at bilbo.suite.com Fri Mar 18 15:43:34 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 18 Mar 94 15:43:34 PST Subject: What's so bad about a Surveillance State? Message-ID: <9403182331.AA10941@bilbo.suite.com> > So did you receive/collect a goodly number of responses > to this question? ~ Blanc > Not as many as I'd hoped. And most of them said pretty much the same thing: pro: crime would be reduced con: freedom would be eliminated My primary goal was to generate thought and discussion. In that light, my original post did succeed somewhat. However, I haven't received enough variety in the responses to construct a good list of pros. I think I should rephrase the question and post again. I should not ask for the pros and cons of a "surveillance state", rather, I should ask for the pros and cons of "government sponsored surveillance technology/programs". I want to get people to think about possible benifits of government sponsored surveillance. Not because I like government sponsored surveillance, but because I feel that thinking about the technology from a "pro" perspective will give the "anti" (or better, the "indifferent") people insight into how the pro-surveillance people might attempt to justify the programs they advocate. "It is easier to defeat you enemy if you can view the battlefield from their chair." -- somebody famous probably said something like this 2000 years ago Jim_Miller at suite.com From darklord+ at CMU.EDU Fri Mar 18 15:52:22 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Fri, 18 Mar 94 15:52:22 PST Subject: Locating Color Copiers In-Reply-To: <199403181329.HAA15923@alpha1.csd.uwm.edu> Message-ID: <8hWXtJ600WBM8_Hwgl@andrew.cmu.edu> Excerpts from internet.cypherpunks: 18-Mar-94 Re: Locating Color Copiers by stevenJ at alpha1.csd.uwm.e > Additionally, it's only possible to photocopy $1, $5 and $10 because anything > larger than that has that funny little strip of plastic in the bill. Actually, they have strips on the tens, too. Re: passing bills Okay, so the 10's and 20's have little mylar strips on them. You can't copy old bills, because they get wrinkles, and, anyway, if someone handed me a crisp, new 1983 $20 I'd get a bit suspicious. There are ways to age bills, but they look a lot less convincing. However.... What night manager at Denny's knows about the strips. How many times have you seen someone at your local convience store check for the strip when you hand them a $20. If you travel a lot, and never use counterfiet bills for transactions where your name is recorded, you can do lots with counterfiet money. True, though, if you wanted to sell suitcases of it for $3 per twenty dollar bill (I just guessed at the price), you may have a problem. Not a crook, Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger for Geek | don't have a reason to fight / they never had one before" Code, PGP Key | -Ministry, "Hero" > http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/www/default.html < From koontzd at lrcs.loral.com Fri Mar 18 15:56:39 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 18 Mar 94 15:56:39 PST Subject: CLIPPER COMPROMIZED!!!! :-) Message-ID: <9403182355.AA07420@io.lrcs.loral.com> >From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) >>> <> published in Seminole, Fla., has reported that government officials are >> seeking to determine whether former CIA employee and alleged traitor >> Aldrich Ames may have sold information to the Russians about the >> government's secret key-escrow technology used in Clipper Chip chipsets >> and Capstone Tessera cards. The secret key-escrow technology, dubbed >> Skipjack, can be used to encrypt network voice and data. > >which must *obviously* be true because it came off the *wire services*... >Probably Aldrich Ames didn't have any contact with the people in the >NSA doing Clipper or the FBI people doing Digital Telephony Prevention. Ames may have had access to the rationale Dot and an un-named white house source were quoted to effect ' ..if you knew what I know, you would understand the need' (in effect tying Clipper to national security). Were he to compromise how good the interception is IN THIS COUNTRY to a foreign powers intelligence service, for instance, it might severly change their way of doing communications in the U.S. (the target country). Thus, nullifying some of the effect of say, a hypothetical successor to SHAMROCK, (Allen Steeles Big Ear). From ses at osf.org Fri Mar 18 16:24:16 1994 From: ses at osf.org (Sam Shipman) Date: Fri, 18 Mar 94 16:24:16 PST Subject: What's so bad about a Surveillance State? In-Reply-To: <9403182331.AA10941@bilbo.suite.com> Message-ID: <9403190023.AA08187@postman.osf.org> Read _Oath_Of_Fealty_ by Niven and Pournelle for some arguments in favor. Read _1984_ by George Orwell (already mentioned here, I think) for some arguments against. --Sam From consensus at netcom.com Fri Mar 18 16:39:48 1994 From: consensus at netcom.com (Christopher Allen) Date: Fri, 18 Mar 94 16:39:48 PST Subject: FWD: RIPEM/SIG - Worldwide Digital Signature Software Message-ID: <9403190036.AA07963@apple.com> I thought some of you might be interested in this. -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,MIC-CLEAR Content-Domain: RFC822 Originator-Name: jim at chirality.rsa.com Originator-Certificate: MIIB0TCCAXoCECnMhIY+nEfjCOoQ6zRCtbAwDQYJKoZIhvcNAQECBQAwbTELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD VQQLExNQZXJzb25hIENlcnRpZmljYXRlMR4wHAYDVQQDFBVqaW1AY2hpcmFsaXR5 LnJzYS5jb20wHhcNOTQwMjAzMjI1NTIxWhcNOTYwMjAzMjI1NTIxWjBtMQswCQYD VQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xHDAaBgNV BAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUxHjAcBgNVBAMUFWppbUBjaGlyYWxpdHku cnNhLmNvbTBZMAoGBFUIAQECAgIFA0sAMEgCQRXPDLvu49Ikame3mN/Yci1FUijy EQfqFWhjifbbXCawQz2rnKgnKedJXi4YePJ/XlG75EFvS+2LvEYmi43mjZVNAgMB AAEwDQYJKoZIhvcNAQECBQADQgAB3sOZFwyhZrc6MYHfPsAFqY5UwXj40xShPJdU tD8moSL01EL1lzMOBU4VWjUQLQrpu/pXBAMn9XVDDOUqPmQm8g== MIC-Info: RSA-MD5,RSA, CewPjwtOrehhCf0+jTJygRCLL1qQuK5ezzwZCGkkrRfoHIJA5INVIKoeDSztImvm qrKofD6ofR0jqxOkjFG0isI= More info: Kurt Stammberger, RSA Data Security, Inc. 415/595-8782 To download RSAREF and RIPEM, send any message to rsaref at rsa.com or ftp from msu.edu RSA DATA SECURITY ANNOUNCES DIGITAL SIGNATURE SOFTWARE THAT IS FREE AND LEGAL WORLDWIDE Information superhighway gets free tool to authenticate information; an answer to Vice-president Gore's concerns over Internet break-ins - --------------------------------------------------------- Redwood City, Calif. (March 21, 1994) - RSA Data Security, Inc. announced today a first: digital signature software that is both free and legal worldwide. RSA applied for and received a "commodities jurisdiction," or CJ for a software package called RIPEM/SIG, which was built with RSA Data Security's RSAREF toolkit, a freeware package. A CJ, which is a ruling that the software falls under the Commerce Department's jurisdiction as opposed to the State Department, allows RIPEM to be freely and legally exported. Further, RSA has relaxed the use restrictions in its free crypto toolkit. RSAREF, and any application built with it, may now be used in commercial settings as long as it is not sold or used to provide a direct for-profit service. Digital signatures are produced using the RSA cryptosystem, which is a public-key cryptosystem. Each user has two keys - one public and one private. The public key can be disclosed without compromising the private key. The RSA cryptosystem was invented and patented in the late 1970's by Drs. Rivest, Shamir, and Adleman at the Massachusetts Institute of Technology, and was based on work by Whitfield Diffie and Martin Hellman at Stanford University. Electronic documents can be "signed" with an unforgeable "signature" by using a document/private-key combination to produce a signature unique to the author/document. Anyone, by using only RIPEM and the public key of the author, can verify the authenticity of the document. Applications of digital signatures are endless. One reason that the paperless office has never materialized is that paper must still be printed so that handwritten signatures can be applied. RSAREF and RIPEM solve that problem. Expense reports, any electronic forms, administrative documents, even tax returns can be electronically signed to speed electronic document flow and eliminate fraud. Information on the Internet can be signed and verified to prevent spoofing. Recently, unauthenticated messages at Dartmouth College caused an important test to be cancelled; messages impersonating faculty were sent out. "Data mailed, posted, or put on servers on the Internet is inherently untrustable today," said Jim Bidzos, president of RSA. "Tampering with electronic documents takes no special skills, and leaves no trace. With the availability of a free, legal, and exportable tool such as RIPEM, there's no need for such a situation to continue. It can be used by individuals, corporations, and government agencies at no cost." In a February 4th announcement, Vice-president Gore stated that the recent Internet break-ins could have been prevented with digital signatures. "Here they are," said Bidzos. Recently, cryptography has caused clashes between government and industry, over privacy issues, law enforcement concerns, and export issues. "The US government has approved this software for export," said Bidzos. "Clearly, it's no threat to them. And it's free." Digital signatures can also be used to detect any virus before a program is executed, since any change whatsoever is detected. The RIPEM application was developed using the RSAREF toolkit by Mark Riordan of Michigan State University. A Macintosh version, developed by Ray Lau of MIT, the author of the popular "Stufit" program, is also available. Versions for DOS, Unix, and all popular platforms are supported. "PEM" stands for Privacy Enhanced Mail, a published Internet standard for secure electronic mail. Other innovative applications can also be built with RSAREF and distributed at no cost. The full encryption-capable RIPEM is available only in the US. RSA digital signatures are a standard feature of Lotus Notes, the Apple System 7 Pro Operating System, Novell NetWare, Microsoft Windows at Work, Windows NT, IBM System Security Products, DelRina PerformPro, WordPerfect InForms, SHANA InFormed, BLOC F3 Forms, Fischer International Workflow, and numerous other products. Over 3 million commercial products in the market today already use RSA signatures under license from RSA Data Security. Other RSA licensees include General Magic, Hewlett-Packard, Oracle, Unisys, Digital Equipment Corp, Motorola, and numerous others. RSA Data Security, Inc. designs, develops, markets, and supports cryptographic solutions toolkits and products. The company was founded by the inventors of the RSA cryptosystem in 1982 and is headquartered in Redwood City, California. -----END PRIVACY-ENHANCED MESSAGE----- ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From tcmay at netcom.com Fri Mar 18 16:43:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 18 Mar 94 16:43:36 PST Subject: CLIPPER COMPROMIZED!!!! :-) In-Reply-To: <9403182355.AA07420@io.lrcs.loral.com> Message-ID: <199403190044.QAA04487@mail.netcom.com> I think David Koontz has hit the nail on the head: (quoting Bill Stewart) > >which must *obviously* be true because it came off the *wire services*... > >Probably Aldrich Ames didn't have any contact with the people in the > >NSA doing Clipper or the FBI people doing Digital Telephony Prevention. > > Ames may have had access to the rationale Dot and an un-named white > house source were quoted to effect ' ..if you knew what I know, you > would understand the need' (in effect tying Clipper to national security). > > Were he to compromise how good the interception is IN THIS COUNTRY to > a foreign powers intelligence service, for instance, it might severly > change their way of doing communications in the U.S. (the target country). As a senior person involved in counterintelligence for the CIA, Ames almost certainly had access to the "sources and methods" used to try to locate moles within the intelligence agencies, etc. Telephone surveillance, for example. It would not surprise me one bit to eventually hear that Ames was in contact with the working group putting together the Digital Telephony program of a few years back, and the current proposal. That Clipper was developed by the NSA does not mean that the CIA, DIA, FBI, FinCEN, and other agencies were not involved in it. If Dorothy Denning received briefings on Clipper (recall my "A Trial Balloon to Ban Encryption?" thread started in October, 1992--6 months before Clipper was announced), and if John Markoff and others knew of it in advance, why would it be surprising that senior officials in the CIA were also aware of the "needs" and the "plans" and were passing them on to their handlers in Moscow? Part of the sensitive information Ames likely had was the number of wiretaps of suspected spies! (Remember his job.) Though this is not cited as part of the "official wiretaps" (the Denning/Freeh statistics), this is certainly valuable infromation for the Russians or for any other entity conducting espionage. My hunch is that Aldrich Ames had access to those numbers and now the worry is that they were amongst the many things he passed on to the Russians. Maybe he wasn't actually in on the planning of Digital Telephony and Clipper, but he probably knew more about these programs and their justifications (in the eyes of the intelligence community) than the public knows. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From baum at newton.apple.com Fri Mar 18 16:59:31 1994 From: baum at newton.apple.com (Allen J. Baum) Date: Fri, 18 Mar 94 16:59:31 PST Subject: BusinessWeek 3/21 -@ antiClipper articles Message-ID: <9403182247.AA03896@newton.apple.com> Don't you hate it when you see something posted after it's already old news, and its been posted 3 times already. I hope I haven't done that. The March 21 business week has a full page article on Clipper, the FBI Telephony bill, and relatved matters. It has a back page editorial that comes down REAL hard on Clipper, using a warning from Thomas Jefferson. I think the they're getting the idea. ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, 20525 Mariani Ave, MS 305-3B * * Cupertino, CA 95014 baum at apple.com * ************************************************** From wcs at anchor.ho.att.com Fri Mar 18 19:02:01 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 18 Mar 94 19:02:01 PST Subject: Getting EFF to sign their postings Message-ID: <9403190300.AA22290@anchor.ho.att.com> > Can you use PGP after you buy ViaCrypt? After all, you paid for > ViaCrypt, and since it's supposedly the same as PGP, can you simply > use PGP and mention that you have purchased ViaCrypt? No. ViaCrypt uses a licensed version of RSA code. Regular PGP doesn't. When the ViaCrypt port to Macs comes out, you'll be able to use that, though. Now, if you mean "Can you use it without getting caught, as long as you remember to change the Version number in your PGP and recompile?" - probably. But that's not EFF's objective :-) > The other thing you could do is get a PC hooked up via appletalk to > your Mac network (or via ethernet, etc.) You could send batch files > for it to execute somehow, and it should run in full speed. [approach deleted...] > Shouldn't take more than a few days worth of work to implement... Sounds doable. I'd hate to have to count how many hacks like that I've built over the years :-) Bill From sommerfeld at orchard.medford.ma.us Fri Mar 18 19:05:41 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 18 Mar 94 19:05:41 PST Subject: CLIPPER COMPROMIZED? In-Reply-To: <199403181924.OAA15439@eff.org> Message-ID: <199403190253.VAA00379@orchard.medford.ma.us> Ok, so we have a wire service report citing unnamed sources that the gov't is trying to find out if Ames could have had access to Clipper, and Denning citing unnamed sources that Ames probably didn't have access to Clipper... IMHO, that's roughly a tie in the credibility race, especially given Denning's known biases on the matter. At this stage in the clipper deployment, it would not be hard for them to "recall" all the outstanding clipper/capstone/etc. chips for an, umm, "bug fix", which installed a new set of S-boxes & a new family key. In any event, anyone who had compromised clipper would be a fool to show his hand now.. it would make a lot more sense to wait until deployment was seriously under way, and clipperphones had gotten into the hands (& electron microscopes :-) ) of at least some anti-clipper activists... that way, it would be impossible for the gov't to dismiss such a compromise as a hoax. - Bill From flesh at wps.com Fri Mar 18 19:25:41 1994 From: flesh at wps.com (Flesh) Date: Fri, 18 Mar 94 19:25:41 PST Subject: Def Con Message-ID: <9403190325.AA05562@wps.com> A while ago someone posted the latest Def Con announcement for Vegas. Seeing that I'm planning my wedding around it, could someone please re-post it? 'Tanks. From tcmay at netcom.com Fri Mar 18 19:50:52 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 18 Mar 94 19:50:52 PST Subject: Def Con In-Reply-To: <9403190325.AA05562@wps.com> Message-ID: <199403190351.TAA02502@mail.netcom.com> Flesh outlines his martial^H^H^H^Hital plans: > A while ago someone posted the latest Def Con announcement for Vegas. > Seeing that I'm planning my wedding around it, could someone please > re-post it? > > 'Tanks. I know "Def Con" has a martial flavor to it (but not as much so as "Def Jam" does), but why would you want to send in "tanks"? Tanks? Oh, you're talking about the _wedding_. Now I get it. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From darklord+ at CMU.EDU Fri Mar 18 20:07:14 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Fri, 18 Mar 94 20:07:14 PST Subject: Counterfieting $$$$ Message-ID: Excerpts from internet.cypherpunks: 18-Mar-94 Re: Locating Color Copiers by stevenJ at alpha1.csd.uwm.e > Additionally, it's only possible to photocopy $1, $5 and $10 because anything > larger than that has that funny little strip of plastic in the bill. Actually, they have strips on the tens, too. Re: passing bills Okay, so the 10's and 20's have little mylar strips on them. You can't copy old bills, because they get wrinkles, and, anyway, if someone handed me a crisp, new 1983 $20 I'd get a bit suspicious. There are ways to age bills, but they look a lot less convincing. However.... What night manager at Denny's knows about the strips. How many times have you seen someone at your local convience store check for the strip when you hand them a $20. If you travel a lot, and never use counterfiet bills for transactions where your name is recorded, you can do lots with counterfiet money. True, though, if you wanted to sell suitcases of it for $3 per twenty dollar bill (I just guessed at the price), you may have a problem. Not a crook, Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From FLEMINGJ at WABASH.EDU Fri Mar 18 20:19:54 1994 From: FLEMINGJ at WABASH.EDU (John B. Fleming) Date: Fri, 18 Mar 94 20:19:54 PST Subject: PGP/ViaCrypt Message-ID: <01HA4VBF8CWY0008BA@WABASH.EDU> I just obtained a copy of PGP 2.3a about 2-3 months ago and have been using it off and on. I just subscribed to this list a couple of days ago and have seen mentions of ViaCrypt PGP. I did a little research, and I now know what ViaCrypt PGP is. My question is, what are the details surrounding the licensed RSA technology in the two. I have gathered that Freeware PGP does NOT have a license, and ViaCrypt PGP does. ... Does this mean in any way that it is technically illegal to use Freeware PGP? Or does it even matter? Thanks John -- FLEMINGJ at WABASH.EDU -- (Please request PGP public key via e-mail) From wcs at anchor.ho.att.com Fri Mar 18 20:34:14 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 18 Mar 94 20:34:14 PST Subject: EFF gun-shy of legally employing PGP Message-ID: <9403190433.AA12017@anchor.ho.att.com> Anonymous is alleged to have said: > : > Yes, but the point of the reply, is that PGP signatures SHOULD > : > be used by sysops. > : Hmmm... why PGP, as opposed to the FIPS Digital Signature Standard? > Yes, you can use the DSS (unless it is given away to PK partners, that is). No, you can't use the DSS. The reason NIST was getting into confusion about whether they have to give it to PKP is that PKP says that it infringes on Schnorr's patent, which they recently bought up; assuming that's true technically (I haven't looked in a while), this means you need a license from PKP to use DSS. Unlike RSA, which the government has some rights to use because it partially funded their work, even the government doesn't have rights over Schnorr's work, since they didn't fund it, so the NIST is in deeper yogurt with DSS than with RSa signatures. You can still use DSS for research and the usual things you can use patents for without a license, but you can do the same with PGP. RIPEM can be used free non-commercially in the US+Canada under the RSAREF license terms, and RIPEM-SIG can even be exported. (Now all we need to do is find a way to get RIPEM-SIG to do key exchange and message encryption as well as signatures and patch it into PGP :-) (presumed not possible...) Bill From bbrown at coos.dartmouth.edu Fri Mar 18 21:23:25 1994 From: bbrown at coos.dartmouth.edu (Brice A. Brown) Date: Fri, 18 Mar 94 21:23:25 PST Subject: No Subject Message-ID: <9403190523.AA03328@coos.dartmouth.edu> Ok, I saw a blurb on the new about the the senate debating Clipper. The basics were stated. 1) The FBI wanted phone companies to be forced to comply. 2) Privacy advocates said it would be an invasion. Then they showed clips of terrorists and kidnappers who had been caught thanks to wiretapping. On the subject of home privacy. I am attempting to build a laser bug. The type that one bounces of a window. Does anyone know of the technology involved in such a project? I already have acess to a laser, but it is the photocell that I need more infomation on. Anyone? Artimage. From qjones at infi.net Fri Mar 18 22:25:33 1994 From: qjones at infi.net (Wayne Q Jones) Date: Fri, 18 Mar 94 22:25:33 PST Subject: spyproofing your house/work building In-Reply-To: <199403182008.MAA22719@netcom9.netcom.com> Message-ID: With FLIR you have SLIR OTH UV LOW LIGHT from the military (Billy boy is itching to deploy here in the good ole USA). Remote Sensing RADAR SONAR Stealth RADAr, Remote Imaging SYStems all kinds of goodies coming home. TO do what..fight crime..Yeah right. I remember law and order Nixon. Cryptography is the least of your problems. A high tech military is coming home and Billy wants to put them to use on our streets..>!!! He just loves gadgets. Dissent may become passse' in America. Wayne **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From tcmay at netcom.com Fri Mar 18 23:31:53 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 18 Mar 94 23:31:53 PST Subject: Administrivia: Questions about the List Message-ID: <199403190732.XAA27112@mail.netcom.com> Cypherdenizens, Sorry to bother the List, but two things have come up that I need some feedback on. Two items: 1. Is the list sending out messages in a defective (slow) way, or is my service (Netcom) bouncing a lot of mail, thus causing these delays as toad attempts resends? 2. I'm getting a lot of error messages from Julf's site, saying my messages cannot be delivered to "an2757938" and the like. This used to be a problem, but was fixed by Eric Hughes a year or so ago. It appears to be back again. Are others seeing this, too? First, I seem to be having delays in Cypherpunks mail of about 1-2 days on about 5-10% of all messages. This shows up as me not seeing messages others are already responding to (because 90-95% of all messages are getting to me in the usual prompt way). I especially notice this, of course, with my own messages. (I can't test whether other mail is being delayed, because I'm no longer on Extropians and so Cypherpunks accounts for 95% of all my mail.) For example, the item on video surveillance cameras, forwarded from alt.conspiracy, did not not reach me until a day after others had already posted public responses. And just today I got a 5-day old message (Steve Bellovin's "Re: Clipper Cracks Appear"). The message I posted today about "Shout it to the world: Clipper is Compromised!" has still not appeared at my site, although some others have already responded to me about it (ironically, Steve Bellovin did). My question is this: Is this just _me_ (and possibly Netcom), or are others seeing these delays? My suspicion has been that Netcom is bouncing mail, because of recent overloading and NFS problems, reports from other about their mail being delayed (usually this implies a bounce and resend), and from the lack of other messages here complaining about delayed messages. Could Hugh Daniel, if he is reading this, or Eric Hughes, or anyone else who has access to the list at toad.com give me some hint as to whether I should beat on Netcom some more? Could other Netcommers here, of which there may be as many as 50, tell me what experiences they've had? The second item is also an administrivia issue: I'm getting dozens of error messages from daemon at penet.finland.etc. or somesuch (I can't look right now at the precise address) telling me my mail cannot be delivered, will not be delivered, is being returned, etc. It looks like the old blocks Eric had installed to prevent Julf's system from doing this are no longer working. (There may be more accurate explanations....) Anyone else seeing this? Anything we can do? Does the new automated subscription software (majordomo?) have anything to do with this? If people send me comments, I'll summarize--unless someone really knows the Big Picture and wants to just summarize it all here. Thanks, --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mdbomber at w6yx.stanford.edu Sat Mar 19 00:18:13 1994 From: mdbomber at w6yx.stanford.edu (mdbomber at w6yx.stanford.edu) Date: Sat, 19 Mar 94 00:18:13 PST Subject: FWD: RIPEM/SIG - Worldwide Digital Signature Software Message-ID: <199403190817.AA20820@nebula.acs.uci.edu> >-----BEGIN PRIVACY-ENHANCED MESSAGE----- >Proc-Type: 2001,MIC-CLEAR >Content-Domain: RFC822 >Originator-Name: jim at chirality.rsa.com >Originator-Certificate: > MIIB0TCCAXoCECnMhIY+nEfjCOoQ6zRCtbAwDQYJKoZIhvcNAQECBQAwbTELMAkG > A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD > [...] signed PEM message I tried turning RIPEM Mac loose on this message and it complains about a garbled Originator Certificate, then complains that it does not appear to be a PEM/RIPEM message. Did anyone else get this to work? Internet: mdbomber at w6yx.stanford.edu Matt Bartley GPS: 33 49' xx'' 117 48' xx'' (xx due to SA :-) From sameer at soda.berkeley.edu Sat Mar 19 02:00:16 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 19 Mar 94 02:00:16 PST Subject: Administrivia: Questions about the List In-Reply-To: <199403190732.XAA27112@mail.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Timothy C. May spake: > > > Cypherdenizens, > Looks like netcom is getting overloaded. Looks like a few alternatives are needed. (Hoho. Sameer looks to the future. ;-) - -Sameer -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYrMR3i7eNFdXppdAQG1ggP/WZElz1DRU0zkjP4FF6Ue3VKN1a0/cXkM NQGvOAuIhk79yxiMNGC4FpDoDFcGzZ0GJ2P1skzNNBHvcAZzJ7Y4Rc02gF9ZZgv+ FioVGEaoXLFMHQAPtIm7DLvnSzN553Jr+qBhB2UjUVnA/ZQ2EtYgZV3vg3F+KLvT /9tY5cbVg5Q= =1Zfb -----END PGP SIGNATURE----- From jpp at markv.com Sat Mar 19 02:23:31 1994 From: jpp at markv.com (jpp at markv.com) Date: Sat, 19 Mar 94 02:23:31 PST Subject: ANNOUNCE: EXI Idea Forum this Sunday Message-ID: <9403190222.ab26815@hermix.markv.com> The EXI Idea Forum is a series of informal get togethers where Extropians, and people interested in Extropianism, discuss interesting issues. This Idea Forum will concern Cryptography, Cypherpunks, and the Clipper chip. You are invited to attend. Here are the directions: The EXI Idea Form will be held at my new lodgings in Pacoima this Sunday 1994 March 20. The meeting will officialy start at 1600. Feel free to bring your favorite (non-alcoholic, yet legal) drinks, foods, nutrients, etc. I hope the directions below help you get to our location. If you need extra help for any reason, call (818) 768 9255 first, or (818) 767 5576 if you get no answer. (Sorry, if you are comming from the north, you will have to improvise a little) ------------------------------------------------------------ >From the west side of LA: North 405 == San Diego Fwy over the hill, into the valley, way past the 101, but just before the 118, take the Nordhoff exit, at the bottom of the ramp go East == Right Nordhoff until it T's into Osborne, go N-E == Left Osborne past two lights, Canterbury, and Beachy, S-E == Right Arleta past two traffic lights, Branford, and then Wentworth which has a killer dip, then at the first street on the left, N-E == Left Tonopah past the alley on the left, at the first street to the left, N-W == Left Lev to the end, the house is on the left side at about 10 o'clock were the street entering the court at 6 o'clock S-W == Left 8941 Lev ------------------------------------------------------------ >From the center of the city: North 101 == Hollywood Fwy over the hill, into the valley, North 170 == Hollywood Fwy just befor the end, where 170 merges with 5, right at the end of the ramp, S-W == Right Sheldon under the 170 Fwy, and then immediately N-W == Right Arleta past the first right which is the 170 South onramp, and at the first street on the right, N-E == Right Tonopah past the alley on the left, at the first street to the left, N-W == Left Lev to the end, the house is on the left side at about 10 o'clock were the street entering the court at 6 o'clock S-W == Left 8941 Lev ------------------------------------------------------------ >From the east side of LA: North 5 == Golden State Fwy over the hill, into the valley, just after the 170 merges into the 5, take the Sheldon exit, turn right and you will be on Laurel Canyon Blvd, S-E == Right Laurel Canyon Blvd (Sheldon Exit) follow the sign and turn right onto Sheldon S-W == Right Sheldon for about a mile, under the 170 Fwy, and then immediately, N-W == Right Arleta past the 170 South entrance to the right, at the first street on the right, N-E == Right Tonopah past the alley on the left, at the first street to the left, N-W == Left Lev to the end, the house is on the left side at about 10 o'clock were the street entering the court at 6 o'clock S-W == Left 8941 Lev j' -- O I am Jay Prime Positive jpp at markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org From bart at netcom.com Sat Mar 19 04:27:22 1994 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 19 Mar 94 04:27:22 PST Subject: Internet Security Hearing Message-ID: <199403191228.EAA15664@mail.netcom.com> Forwarded by Gleason Sackman - InterNIC net-happenings moderator ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()() ---------- Text of forwarded message ---------- Date: Thu, 17 Mar 1994 17:42:43 -0700 From: richard bryant To: Multiple recipients of list COMMUNET Subject: SS&T Special Notice Re: Internet Security (fwd) According to SSTPRESS: >From SSTPRESS at HR.HOUSE.GOV Thu Mar 17 16:21:07 1994 Date: 17 Mar 1994 18:15:18 EST From: "SSTPRESS" Subject: SS&T Special Notice SS&T|NEWS COMMITTEE ON SCIENCE, SPACE AND TECHNOLOGY U.S. HOUSE OF REPRESENTATIVES 2320 RAYBURN HOUSE OFFICE BUILDING WASHINGTON, D.C. 20515 March 17, 1994 Special Notice Because of considerable advance interest in next Tuesday's hearing on Internet security, we are taking the liberty of including a witness list for the hearing with this week's calendar mailing. The hearing will take place beginning at 9:30 a.m. in 2318 Rayburn on Tuesday, March 22, and will be chaired by Rep. Rick Boucher (D-VA). The Subcommittee's interest in the issue arises in part because the Internet is a prime method of communication between researchers in academia and industry. It is also a major means of communication for federal researchers at agencies under the Subcommittee's jurisdiction. Recent break-ins on the Internet prompted the federal Computer Emergency Response Team to issue a special alert to Internet users on February 3, and suggest that the system may be more vulnerable than generally acknowledged to deliberate destruction or alteration of computer files. The hearing will evaluate the status of security on the Internet today and will examine measures currently available to enhance security, assess the effectiveness and degree of implementation of such measures, and identify obstacles to enhancing Internet security. A background memo prepared for Members by the Subcommittee is available from the Committee press office by fax (202/225-8280) or email (sstpress at hr.house.gov). Broadcast reporters who plan to attend the hearing should register with the House Radio and Television Gallery, and can call the Committee press secretary (202-225-3359) for logistical information and early access to the hearing room. # # # For further information: Rick Borchelt, 202/225-3359 (fax 202/225-8280) (email "sstpress at hr.house.gov") ______________________________ George E. Brown, Jr. Chairman Robert S. Walker Ranking Republican Member SUBCOMMITTEE ON SCIENCE Hearing on Internet Security March 22, 1994 9:30 a.m. - 2318 Rayburn House Office Building Tentative Witness List Mr. L. Dain Gary, Manager Computer Emergency Response Team Operations (CERT) Carnegie Mellon University Pittsburgh, Pennsylvania (CERT is one of the coalition of response teams that form the Forum of Incident Response and Security Teams, or FIRST) Mr. Thomas T. Kubic Chief, Financial Crimes Section Federal Bureau of Investigation Washington, DC Dr. Vinton G. Cerf, President Internet Society Reston, Virginia (Senior VP of Data Architecture, MCI) Mr. Lynn McNulty Associate Director for Computer Security Computer Systems Laboratory National Institute of Standards and Technology Gaithersburg, Maryland (NIST is the secretariat for FIRST) Dr. Stephen D. Crocker, Vice President Trusted Information Systems Glenwood, Maryland (Chair, Privacy and Security Research Group, Internet Research Task Force) From pfarrell at netcom.com Sat Mar 19 04:49:41 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 19 Mar 94 04:49:41 PST Subject: Fw: Public Interest Summit Organizing Kit Message-ID: <28049.pfarrell@netcom.com> Sounds to me that these guys don't want to hear from inside the Beltway folks like me. How about some of the left coast folk? ------------------------------ From: Richard Civille Fri, 18 Mar 1994 21:07:24 -0500 (EST) Cc: ace-mg at esusda.gov, alt-politics-datahighway at eff.org, bluemt at cni.org, com-priv at psi.com, communet at uvmvm.uvm.edu, ednet at mr.net, libnet at mr.net, net-people at nic.state.mn.us, nii-regional at rain.org, nii-summit at cni.org, nii_agenda at civicnet.org, publib at nysernet.org, pubpol-l at vm1.spcs.umn.edu, roundtable at cni.org, ruralnet at gibbs.oit.unc.edu, telecomreg at relay.adp.wisc.edu, board at cap.gwu.edu Subject: Public Interest Summit Organizing Kit Shaping the National Information Infrastructure Public Interest Summit -- ORGANIZING KIT -- NOTE: Use this electronic mail address for contact: Your participation is essential to making the Summit responsive and effective. We are sending you the enclosed "kit" of questions, organizing suggestions, and formats for sending your discussion materials back to us. This is a call for you and your organization or group to discuss the information highway issues -- as YOU see them. Send back your replies for lead ins to the panel discussions, and as questions and concerns for panelists and Administration officials to consider -- as soon as you can. Please use the questions listed below to help organize your discussion group. It is important to hear as many voices across the Nets as possible, as soon as possible. However, it is even more important for us to use the Net to go beyond the Net. We hope the following ideas will be helpful in organizing discussion groups in classrooms, in church, at work, at home; in service organizations, and activist groups; for radio call-in talk shows, local cablecast panel discussions and anywhere where people meet to talk about what is important to them. We must move very quickly to make this work and we need you. Remember, we are talking about beginning a wave of change this week, that will grow in power and momentum beyond the Summit and into the Spring and beyond. -- Registration -- Register with us to become an organizer/moderator of a discussion group (either on-line or off-line). Send e-mail to with "register" as the subject line and a brief description of your project and group. If you cannot email, see the alternative contact points below. We will work for broad discussions among the online communities but we believe that it is ultimately the "real world" that will make the difference here, not simply Cyberspace. We encourage you to organize off-line discussion groups and send us the summaries using the questions and formats given below. -- Video Opportunities -- This is a media event. We are also searching for good, brief, video shots. Do you have good local public media contacts? Do you know of good video opportunities -- important new voices that should be heard, projects in your community using information technologies for good public benefit that should be recognized? Tell us about them as soon as you can. Send your ideas to us at . We are prepared to work very quickly with local public television and cable access groups, who can tape and Fedex the tape to us for inclusion in the program. Video shots must be a maximum one minute in length. We must have all tape submissions received no later than Friday, March 25th and earlier if possible. -- Questions for Discussion Groups -- 1. What is important to your group? 2.What does your group want in terms of connectivity to the NII? 3. What does your group want not to happen with the NII? 4. What special requirements do you have that might be missed in the national planning for the NII which is taking place now in Washington, DC? 5. What would you be able to do with the NII, that you would not otherwise, if you did not have to worry about the cost of access? 6. What one key question would you want the Administration to give you an explicit answer to about the NII? 7. How can you describe the positions your state and federal representatives are presently taking on your concerns about the NII? -- More Ideas -- You might consider several scenarios such as these for your discussion group. Make up your own! * Print this notice and take it to your group (church, class, work place lunch, family) for discussion, summarize the results, and send them to us. * Use the questions for a discussion item in your local community or civic network and report back with summaries of key points. Direct, attributed quotes are very helpful. Pose questions directed to specific panelists or to specific issues. Organize a local press conference. * Help increase the spread of the dialog by taking these questions to people and groups well beyond your own networks of friends and acquaintances, whether online or offline. Fax this Notice all over town. Photocopy fliers and distribute. Get these materials into the hands of those who are not members of online systems. -- Contacts, Format and Deadlines -- Please e-mail results of discussions back to the Public Interest Summit to . Include: - Your name - Name of online community, community/civic network or organization - Describe the process you used for your discussion (was it a working lunch, a bridge club, a call-in talk show, who moderated, how was it organized, etc.) - e-mail address of contact person, or phone if email is not available Please provide a summary, and several vivid highlights, and direct quotes that can be attributed to real people. No more than two pages or 4k. Please e-mail group discussion summaries by Sunday, March 27 at the latest. Videos must be received by the 25th and not be longer than one minute in length. The earlier the better, there is a great deal of pre-production work to be done. Things earlier will be summarized and posted to gopher servers under the menu heading: "Public Interest Telecommunication Summit" including new questions as they arise. If you cannot email you can contact the Summit production team through: The Benton Foundation 202-638-5770 (voice) 202-638-5771 (fax) Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From rishab at dxm.ernet.in Sat Mar 19 05:46:40 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 19 Mar 94 05:46:40 PST Subject: FOIA text Message-ID: jdblair at nextsrv.cas.muohio.EDU: > Does anyone know an ftp site where I can find the full text of the > Freedom of Information Act? ftp: ftp.eff.org/pub/EFF/Policy/Access_govt_info/FOIA/us_foia_act.txt other articles, acts, cases in the same directory. ftp.eff.org is full of information, articles etc of interest to cypherpunks, particularly in the Policy directory. Most of the material I'm putting into a hypertext WWW guide to cpunks is from there. -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From pmetzger at lehman.com Sat Mar 19 07:28:03 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 19 Mar 94 07:28:03 PST Subject: Locating Color Copiers In-Reply-To: <8hWXtJ600WBM8_Hwgl@andrew.cmu.edu> Message-ID: <9403191527.AA27426@andria.lehman.com> Jeremiah A Blatz says: > Re: passing bills > Okay, so the 10's and 20's have little mylar strips on them. > You can't copy old bills, because they get wrinkles, and, anyway, if > someone handed me a crisp, new 1983 $20 I'd get a bit suspicious. And why is that, Mr. Blatz? Every bill in my wallet is crisp and new. Crisp new bills are favored by banks for their bank machines, and virtually every bill other than $1 and $5s in circulation here in New York was spit out by a bank machine. People on this list are remarkably insular -- everyone here seems to think "the way it is in my town is the way it is everywhere". In some places in this country, $20s are extremely common and all of them are clean and well pressed. In some places this is not the case. Don't assume your local conditions hold everywhere. Now can we get back to cryptography? .pm From pmetzger at lehman.com Sat Mar 19 07:47:14 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 19 Mar 94 07:47:14 PST Subject: spyproofing your house/work building In-Reply-To: Message-ID: <9403191547.AA27471@andria.lehman.com> Wayne Q Jones says: > With FLIR you have SLIR OTH UV LOW LIGHT from the military (Billy boy > is itching to deploy here in the good ole USA). Remote Sensing RADAR SONAR > Stealth RADAr, Remote Imaging SYStems all kinds of goodies coming home. > TO do what..fight crime..Yeah right. I remember law and order Nixon. > Cryptography is the least of your problems. A high tech military is > coming home and Billy wants to put them to use on our streets..>!!! > He just loves gadgets. Dissent may become passse' in America. > Wayne Now Wayne, you remember what the doctor said about you neededing to take your medication EVERY DAY, don't you? Go back to the medicine cabinet and take your medicine or they might send you back to the hospital again and give you more shock therapy. Perry From shipley at merde.dis.org Sat Mar 19 09:41:40 1994 From: shipley at merde.dis.org (Evil Pete) Date: Sat, 19 Mar 94 09:41:40 PST Subject: Def Con In-Reply-To: <9403190325.AA05562@wps.com> Message-ID: <9403190346.AA11038@merde.dis.org> >A while ago someone posted the latest Def Con announcement for Vegas. >Seeing that I'm planning my wedding around it, could someone please >re-post it? > >'Tanks. Updated Last : 3.11.1994 (I appologise for spelling errors.. the WP died) Late Night Hack Announcement #3 XXXXXXXXXXXXXXXXXXXXXXXX XX DEF CON II Convention Update Announcement XXXXXXXxxxxXXXXXXXXXXXXXXX XX DEF CON II Convention Update Announcement XXXXXXxxxxxxXXXXXX X X DEF CON II Convention Update Announcement XXXXXxxxxxxxxXXXXXXX X DEF CON II Convention Update Announcement XXXXxxxxxxxxxxXXXX XXXXXXXXX DEF CON II Convention Update Announcement XXXxxxxxxxxxxxxXXXXXXXXXX X DEF CON II Convention Update Announcement XXxxxxxxxxxxxxxxXXXXXX XX X DEF CON II Convention Update Announcement XXXxxxxxxxxxxxxXXXXXXXX DEF CON II Convention Update Announcement XXXXxxxxxxxxxxXXXXXXXX X XX DEF CON II Convention Update Announcement XXXXXxxxxxxxxXXXXXXXXXX XX X DEF CON II Convention Update Announcement XXXXXXxxxxxxXXXXXXXXX X DEF CON II Convention Update Announcement XXXXXXXxxxxXXXXXXXXXXXXXXX DEF CON II Convention Update Announcement XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX DEF CON II Convention Update Announcement READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE ============================================================================= What's this? This is an updated announcement and invitation to DEF CON II, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii Coders, Programmers, Crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, Artists, Etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 22, 23, 24 - 1994 (Speaking on the 23rd and 24th) WHERE: Las Vegas, Nevada @ The Sahara Hotel So you heard about DEF CON I, and want to hit part II? You heard about the parties, the info discussed, the bizarre atmosphere of Las Vegas and want to check it out in person? Load up your laptop muffy, we're heading to Vegas! Here is what Three out of Three people said about last years convention: "DEF CON I, last week in Las Vegas, was both the strangest and the best computer event I have attended in years." -- Robert X. Cringely, Info World "Toto, I don't think we're at COMDEX anymore." -- CodeRipper, Gray Areas "Soon we were at the hotel going through the spoils: fax sheets, catalogs, bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds. The documents disappeared in seconds." -- Gillian Newson, New Media Magazine DESCRIPTION: Last year we held DEF CON I, which went over great, and this year we are planning on being bigger and better. We have expanded the number of speakers to included midnight tech talks and additional speaking on Sunday. We attempt to bring the underground into contact with "legitimate" speakers. Sure it's great to meet and party with fellow hackers, but besides that we try to provide information and speakers in a forum that can't be found at other conferences. While there is an initial concern that this is just another excuse for the evil hackers to party and wreak havok, it's just not the case. People come to DEF CON for information and for making contacts. We strive to distinguish this convention from others in that respect. WHAT'S NEW THIS YEAR: This year will be much larger and more organized (hopefully) than last year. We have a much larger meeting area, and have better name recognition. Because of this we will have more speakers on broader topics. Expect speaking to run Saturday and Sunday, ending around 5 p.m. Some of the new things expected include: > An Internet connection with sixteen ports will be there, _BUT_ will only provide serial connections because terminals are too hard to ship. So bring a laptop with communications software if you want to connect to the network. Thanks to cyberlink communications for the connection. > There will be door prizes, and someone has already donated a Cell Phone and a few "Forbidden Subjects" cd ROMs to give away, thanks to Dead Addict. > Dr. Ludwig will present his virus creation awards on Sunday. > A bigger and better "Spot The Fed" contest, which means more shirts to give away. > More room, we should have tables set up for information distribution. If you have anything you want distributed, feel free to leave it on the designated tables. Yes, this year there will be a true 24 hour convention space. > A 24 hour movie / video suite where we will be playing all type of stuff. VHS Format. Mail me with suggested titles to show, or bring your own. We'll use a wall projector when not in use by speakers. > Midnight Tech Talks on Friday and Saturday night to cover the more technical topics and leave the days free for more general discussions. WHO IS SPEAKING:============================================================= This list represents almost all of the speakers verified to date. Some people do not want to be announced until the event for various reasons, or are waiting for approval from employers. A speaking schedule will go out in the next announcement. Phillip Zimmerman, Notorious Cryptographer & author of PGP. Dr. Ludwig, Author of "The Little Black Book of Computer Viruses," and "Computer Viruses, Artificial Life and Evolution" Loyd Blankenship (The Mentor), Net Running in the 90's and RPG. Padgett Peterson, Computer Enthusiest, Anti-Virus Programmer. The Jackal, A Radio Communications Overview, Digital Radio and the Hack Angle. Judi Clark, Computer Professionals for Social Responsibility. Gail Thackery, (Of Operation Sun Devil Fame), Topic to be Announced. To be Announced, The Software Protection Agency, Topic to be Announced. Toni Aimes, Ex U.S. West Cellular Fraud, Cellular Fraud Topics. Mark Lotter, Cellular Enthusiest, Hacking Cell Phones. Lorax, The Lighter Side of VMBs. Peter Shipley, Unix Stud, Q&A on Unix Security. George Smith, Crypt Newsletter, Virus Topic to be Announced. Cathy Compton, Attorney, Q&A Surrounding Seisure Issues, Etc. John Littman, Reporter and Author, Kevin Poulson, Mitnick, and Agent Steal. Red Five & Hellbender, Madmen With a Camcorder, Who Knows? Chris Goggans (Erik Bloodaxe), Wierd Wireless Psycho Shit.. Stay Tuned.. There should be a few round table discussions on Virus, Cellular, Unix and something else surrounding the industry. I'll name the rest of the the speakers as they confirm. I'm still working on a few (Two?) people and groups, so hopefully things will work out and I can pass the good news on in the next announcement, or over our List Server. ============================================================================ WHERE THIS THING IS: It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel is as follows: The Sahara Hotel: 1.800.634.6078 Room Rates: Single/Double $55, Tripple $65, Suite $120 (Usually $200) + 8% tax Transportation: Shuttles from the airport for cheap. NOTE: Please make it clear you are registering for the DEF CON II convention to get the room rates. Our convention space price is based on how many people register. Register under a false name if it makes you feel better, 'cuz the more that register the better for my pocket book. No one under 21 can rent a room by themselves, so get your buddy who is 21 to rent for you and crash out. Try to contact people on the Interactive Mailing List (More on that below) and hook up with people. Don't let the hotel people get their hands on your baggage, or there is a mandatory $3 group baggage fee. Vegas has killer unions. OTHER STUFF: I'll whip up a list of stuff that's cool to check out in town there so if for some reason you leave the awesome conference you can take in some unreal sites in the city of true capitalism. If anyone lives in Las Vegas, I would appreciate it if you could send a list of some cool places to check out or where to go to see the best shows and I'll post it in the next announcement or in the program -> I am asking for people to submit to me any artwork, pictures, drawings, logos, etc. that they want me to try and include in this years program. I am tring to not violate any copywrite laws, but wat cool shit. Send me your art or whatever and I'll try and use it in the program, giving you credit for the work, of course. Please send it in .TIF format if it has more than eight bit color. The program will be eight bit black and white, -> in case you want to make adjustments on your side. *** NEW MAILING LIST SERVER *** We've finally gotten Major Dommo List Serv software working (Kinda) and it is now ready for testing. MTV spent alot of time hacking this thing to work with BSDi, and I would like to thank him. The purpose of the list is to allow people interested in DEF CON II to chat with one another. It would be very sueful for people over 21 who want to rent hotel space, but split costs with others. Just mention you have room for 'x' number of people, and I'm sure you'll get a response from somone wanting to split costs. Someone also suggested that people could organize a massive car caravan from Southern Ca. to the Con. My attitude is that the list is what you make of it. Here are the specifics: Umm.. I TAKE THAT BACK!! The mailing list is _NOT_ ready yet. Due to technical problems, etc. I'll do another mass mailing to everyone letting them know that the list is up and how to access it. Sorry for the delay! MEDIA: Some of the places you can look for information from last year include: New Media Magazine, September 1993 InfoWorld, 7-12-1993 and also 7-19-1993 by Robert X. Cringely Gray Areas Magazine, Vol 2, #3 (Fall 1993) Unix World, ???, Phrack #44 COST: Cost is whatever you pay for a hotel room split however many ways, plus $15 if you preregister, or $30 at the door. This gets you a nifty 24 bit color name tag (We're gonna make it niftier this year) and your foot in the door. There are fast food places all over, and there is alcohol all over the place but the trick is to get it during a happy hour for maximum cheapness. ============================================================================ I wanted to thank whoever sent in the anonymous fax to Wired that was printed in issue 1.5 Cool deal! ============================================================================= FOR MORE INFORMATION: For InterNet users, there is a DEF CON anonymous ftp site at cyberspace.com in /pub/defcon. There are digitized pictures, digitized speeches and text files with the latest up to date info available. For email users, you can email dtangent at defcon.org for more information. For non-net people call: ---- A L L I A N C E ---- SysOp Metalhead One Thousand One Hundred Megabytes Online 612.251.8596 USRobotics 16.8 Dual Standard Synchronet Multinode BBS Software International Informational Retrieval Guild (IIRG) Distro Site Electronic Frontier Foundation (EFF) MEMBER American Bulletin Board Association (ABBA) MEMBER ----------------------------------------------------------------------- o 200+ Message bases. No post call ratio. Nope, not ever. FidoNet [1:282/8004], CCi [69:4612/2], IIRG-NET, EFF-NET, ABBA-NET o Multi User DOOR Games and Multi Channel Chat. o Computer Underground Magazines, History, Updates & Text o Barren Realms Elite Inter-Planetary Multi-Player/Multi-BBS Game Call the Alliance for details on how YOUR BBS can join our league!! ------------------------------------------------------------------------ o DEF CON Mirror Archive ------------------------------------------------------------------------ For Snail Mail send to: DEF CON, 2709 E. Madison Street Suite #102, Seattle, WA, 98112 For Voice Mail and maybe a human (me), 0-700-TANGENT on an AT&T phone. A DEF CON Mailing list is maintained, and the latest announcements are mailed automatically to you. If you wish to be added to the list just send email to dtangent at defcon.org. We also maintain a chat mailing list where people can talk to one another and plan rides, talk, whatever. If you request to be on this list your email address will be shown to everyone, just so you are aware. ============================================================================= (Note, I have put a copy of Dr. Ludwig's new KOH Data security encryption Virus online at the DEF CON ftp site in /pub/defcon/KOH along with full documentation. Get CrAzY.) VIRUS CREATION AWARDS: Announcing The Second International Virus Writing Contest Sponsored by American Eagle Publications, Inc. P.O. Box 41401 Tucson, AZ 85717 USA and The Crypt Infosystems BBS +1 (818) 683-0854 *** The Goal *** The purpose of this contest is to write a fully functional computer virus that entertains people with political satire. Viruses will be judged on the basis of originality, creativity, functionality, and political incorrectness. *** Eligibility *** Anyone who can write a computer virus is eligible. *** Contest Dates *** The contest is underway from January 1, 1994 until June 30, 1994. Your submissions must be received by June 30 to qualify. The winner of the contest will be announced at the DEFCON conference in Las Vegas, July 22-24, 1994. If you can be present, an official award will be bestowed on you at that time. ************************************************************* Details ************************************************************* The philosopher Friedrik Nietzsche once said that if you want to kill something, you must laugh at it--and laugh at it deeply. So there should be little wonder that political satire is as old as politics itself. Is there something going on in the political arena that you abhor, that makes you sick, that is just plain wrong? Well, here's your chance to make a mockery of it. I've always had this idea that if someone wrote a sufficiently witty virus that really addressed the issues the way the people (not the press, not the politicians) saw them, it might just get passed around by people voluntarily. Let's find out. Write a virus that is itself a political satire. I don't mean a virus that simply displays a message. I mean a living entity whose every move--whose every action--is politically motivated. If you need more than one virus to make your point--perhaps two viruses working together, or something like that, that is fine. ----------------------------------------------------------- Let me give you a simple example: The Political Correctness Virus This virus is a spoof on the "political correctness" movement--which is just a form of self-imposed censorship--that is sweeping american intellectual circles, particularly colleges and universities. This virus is a memory resident boot sector virus which maintains a list of politically incorrect words on your computer system. It also hooks the keyboard interrupt and monitors every keystroke you make. If you type a politically incorrect word into the computer, the PCV springs into action. Politically incorrect words are ranked at three different offense levels. When the PCV encounters such a word, it determines what offense level that word is, and acts accordingly. The least offensive words merely register a beep. More offensive words cause a beep to sound for 10 seconds. The most offensive words cause a siren to sound for two minutes, locking the system for that duration. If you turn the computer off before the two minutes are up, the virus will stop the boot process for five minutes, with sirens, when you turn it back on. If you allow the siren to complete, then you can proceed. The virus has two different word lists, both stored in an encrypted and compressed format. The list is selected at random when the system is infected, after which it cannot be changed. The first list is the "proper" list of political correctness no-no's. For example, a word like "sodomite" is among the worst possible offenses. The second list is an inverted list of no-no's. This list trys to force you to use "sodomite" by flagging words like "gay" and "homosexual" as no-no's. If you allow the PCV to live in your system for three months without getting a single flag, you are given the supreme honor of viewing the word list assigned to you and adding a word to it. If you get more than 3000 flags in a lifetime, the virus will force you to enter a politically correct word before allowing you to start the computer, since you are obviously unwilling to submit to its censorship. The virus also uses powerful means to prevent disinfection, so that, once you get it, you can't get rid of it without a major effort. ------------------------------------------------------------ Now, I know you can get a lot more creative than this--so do it! Design your virus carefully, so that everything it does has meaning. Then send it in. Here are the criteria we'll use: 1. Originality: Your virus must be an original work. Do not send us anything that is not 100% yours. Your message should be original too. Do not just ape what everybody else is saying, especially the media. Also, a refined wit is much to be preferred over vulgarity. Vulgarity is a substitute for original wit. Foul language, porn, etc., are out. Destructive features should be incorporated only if they are VERY appropriate (perhaps if you are commenting on real live genocide in your country, or something like that). In general, though, destructive features will hurt you, not help you. The one exception is modifying anti-virus programs. That is considered to be CONstructive activity. 2. Creativity: Make us laugh, make us cry. Amaze us with how bits and bytes can say something about politics and issues. Think of it like this: displaying a message on the screen is like reading a text file. What we want is the equivalent of a multi-media extrvaganza. Use all the system's resources to tell your message. Don't be afraid to write a virus that has some wierd mode of infecting programs that tells a story, or to write one that sends faxes to the White House, or sends an automatic request for reams of free information to some government agency. 3. Functionality: The virus has to work. If it only works on some machines, or under some versions of DOS, or what-not, then that will count against you. The better it is at infecting systems and moving around, the better off you will be. So, for example, if you write a file-infector, make sure it can jump directories, and--if you're up to it--migrate across a network. 4. Political incorrectness: Since computer viruses are politically incorrect, their message should be too. If you send us a pro-establishment virus, then you will not win this contest. A word to the wise: think twice about what's correct and what's not. Many positions are only superficially incorrect, though they are really quite fasionable among the establishment. Look at it this way: if you could get a well-written letter expressing your view published in a big city newspaper, then it's not sufficiently incorrect. There are a LOT of ideas that are unofficially censored by society-- especially the media and academia. They tend to make themselves out to be the rebels, but they are really the establishment. If you can't think of anything creatively incorrect and sufficiently obnoxious then you shouldn't be writing viruses in the first place. ************************************************************* How to Submit an Entry You may mail your entry to American Eagle Publications at the above address, or you may e-mail it to ameagle at mcimail.com. Alternatively, you can submit it by dialing the Crypt Infosystems BBS and uploading it there. To get on to the system quickly, efficiently and anonymously, log on as VIRUS, using the password CONTEST. An entry consists of: 1. A complete copy of your virus, both source and executable files. 2. If the political satire isn't perfectly obvious, send a verbal description of how the virus works and why it does what it does. This is especially important if you are not an American and you are commenting on something that has not received worldwide attention. I don't care if you're Bulgarian and you're commenting on something we've never heard of--just make sure you explain it, or we won't understand and you'll lose. 3. If you want to be recognized for your work, include your name (real or handle), and a way we can get in contact with you. By submitting an entry, you grant American Eagle Publications, Inc. the right to publish your virus in any form. You agree not to make your virus public prior to July 25, 1994. If you do, you are automatically disqualified from the contest. For the sake of privacy, you may encrypt your entry and send it in with the following PGP key (which we highly recommend if you have PGP): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAi09jVgAAAEEAN3M9LFQXeBprkZuKo5NtuMC+82qNd3/8saHLO6iuGe/eUai 8Vx7yqqpyLjZDGbAS7bvobrcY3IyFeu8PXG4T8sd+g81P0AY0PHUqxxPG3COvBfP oRd+79wB66YCTjKSwd3KVaC7WG/CyXDIX5W6KwCaGL/SFXqRChWdf2BGDUCRAAUR tApDT05URVNUXzk0 =Z20c -----END PGP PUBLIC KEY BLOCK----- Good luck! **************************************************************** P R I Z E S In addition to instant worldwide fame and recognition, you'll get: 1. A cash prize of $100 US. 2. A year's subscription to Computer Virus Developments Quarterly. 3. Your virus will be published in Computer Virus Developments Quarterly, and other fine journals. 4. A handsome engraved plaque recognizing your contribution to the betterment of mankind. 5. A free secret surprise that we cannot tell you about right now, valued at $100. Two runner-ups will receive the secret surprise. !! GO FOR IT !! ============================================================================= STUFF TO SPEND YOUR MONEY ON: > Tapes of last years speakers (four 90 minute tapes) are available for $20 > DEF CON I tee-shirts (white, large only) with large color logo on the front, and on the back the Fourth Amendment, past and present. This is shirt v 1.1 with no type-o's. These are $20, and sweatshirts are $25. > DEF CON II tee-shirts will be made in various color this year, including a few long sleeve shirts. Sizes will be in large only again, with a few white mediums made. Shirts will be $15, Long Sleve $17, Sweat shirts will be $20. > We will have a few (ten maybe?) embroidered hats with this years logo. Not shure how much they will be.. like $10 maybe. > Full sized 4 color DEF CON II wall posters will be for sale for about $5. > Pre-Register for next year in advance for $15 and save half. > Make all checks/money orders/etc. out to DEF CON, and mail to the address above. Way above. Above the virus awards announcement. If you have any confidential info to send, use this PGP key to encrypt: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50 IDxkdGFuZ2VudEBkZWZjb24ub3JnPg== =ko7s -----END PGP PUBLIC KEY BLOCK----- - The Dark Tangent From mg5n+ at andrew.cmu.edu Sat Mar 19 10:23:50 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 19 Mar 94 10:23:50 PST Subject: Administrivia: Questions about the List In-Reply-To: <199403190732.XAA27112@mail.netcom.com> Message-ID: T.C. May wrote: > Cypherdenizens, > > Sorry to bother the List, but two things have come up that I need > some feedback on. Two items: > > 1. Is the list sending out messages in a defective (slow) way, or > is my service (Netcom) bouncing a lot of mail, thus causing > these delays as toad attempts resends? ... > First, I seem to be having delays in Cypherpunks mail of about > 1-2 days on about 5-10% of all messages. This shows up as me > not seeing messages others are already responding to (because > 90-95% of all messages are getting to me in the usual prompt > way). I especially notice this, of course, with my own messages. > (I can't test whether other mail is being delayed, because I'm > no longer on Extropians and so Cypherpunks accounts for 95% > of all my mail.) It's not just you. I'm having the exact same problem. Most messages get thru rather quickly, but some have gotten delayed, sometimes by several days... The problem is appearantly at toad.com. > The second item is also an administrivia issue: I'm getting > dozens of error messages from daemon at penet.finland.etc. or > somesuch (I can't look right now at the precise address) telling > me my mail cannot be delivered, will not be delivered, is being > returned, etc. It looks like the old blocks Eric had installed to > prevent Julf's system from doing this are no longer working. > (There may be more accurate explanations....) > > Anyone else seeing this? Anything we can do? Does the new > automated subscription software (majordomo?) have anything > to do with this? Same thing. I've gotten over 50 reject messages from penet so far. :( I think Julf did a sweep to eliminate "inactive" accounts, and unfortunantly set the parameters a bit too broad. My penet account got killed too. The offending addresses seem to be: na56715 na55954 na49546 na69591 From nowhere at bsu-cs.bsu.edu Sat Mar 19 22:25:18 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 19 Mar 94 22:25:18 PST Subject: No Subject Message-ID: <9403200625.AA10085@bsu-cs.bsu.edu> From: A Certain Monk at a certain village in Hanoi I thought I'd share this with you: -----------CUT HERE------------- program Hanoi(input,output); type Pegnumber = 1..3; var N: integer; Procedure WriteMoves (N: integer; Peg1, Peg2, Peg3: PegNumber); begin {Moves} if N=1 then writeln('Move a ring from ', Peg1:1, ' to ', Peg2:1) else begin {else} WriteMoves(N-1, Peg1, Peg3, Peg2); writeln('Move a ring from ', Peg 1:1, ' to ', Peg2:1); WriteMoves(N-1, Peg3, Peg2, Peg1) end {else} end; {Moves} begin {Program} writeln{'Enter the number of rings and'); writeln('I''ll explain how to play Towers of Hanoi.'); readln(N); writeln (' To move ', M,' rings'); writeln (' from peg 1 to peg 2 proceed as follows:'); WriteMoves(N, 1, 2, 3); writeln (' That does it.') end. {Program} ------------AND HERE----------- I've used it on 64 rings, and it works fine. Of course this runs slowly and does tend to use a lot of storage. The stack really grows too large. I'm hoping that it may be possible to use this type of call with some bandwidth growth to help defeat analysis. "Would you tell me, please, which way I ought to go from here?" "That depends a good deal on where you want to get to." said the Cat. --Lewis Carroll From lake at evansville.edu Sat Mar 19 23:44:15 1994 From: lake at evansville.edu (Adam Lake) Date: Sat, 19 Mar 94 23:44:15 PST Subject: Pondering Clipper Message-ID: Heard enough about Clipper? I have been receiving cypherpunk material for about a week now. I am new to cryptography, and new to security(feel free to laugh). I hope this posting is appropriate.. Well enough excuses for what I am about to say but I might like Clipper. 1.) From what I am hearing (largely propaganda from both sides) Clipper will be OPTIONAL. If I am businessman X and I don�t know squat about security (but realize it is a good thing) wouldn�t I want something I could feel secure with? For me, wouldn�t Clipper be a good thig? 2) If, for some reason, I wanted to keep something even more secure so the government couldn�t see what I was doing, couldn�t I just encrypt a message before or after it goes through the Clipper Chip? I would think this would prevent the government as well as anyone else from reading my message �en route� 3) Right now I can pick up cellular phone conversations and intercept data through any network lines with a datascope. For anyone who doesn�t wan this to occur wouldn�t it be nice if they couldat least be reasonably certain that no one could understand what they are hearing or seeing? 4) Also, would it be unreasonable to have an on/off switch on the Clipper chip? Please don�t assume me to be a pro-clipper individual. I am merely trying to form a logical, educated opinion on the issue. I will always feel skeptical when the FBI say �we just need this to maintain our current state of survellience capability (or is that survellience state ;-) And I am also aware that if anybody thinks these keys will be kept confidential �unless the government has a warrant blah blah blah� well I better stop there.......... lake at uenics.evansville.edu ---------------------------------------------------------------------------- Space for rent ---------------------------------------------------------------------------- From sonny at netcom.com Sun Mar 20 08:10:49 1994 From: sonny at netcom.com (James Hicks) Date: Sun, 20 Mar 94 08:10:49 PST Subject: Pondering Clipper Message-ID: <199403201614.IAA05930@mail.netcom.com> Adam Lake says: -> I have been receiving cypherpunk material for about a week now. I am new -> to cryptography, and new to security(feel free to laugh). I hope this -> posting is appropriate.. Well enough excuses for what I am about to say -> but I might like Clipper. [Don't worry, each individual should be able to make up her/his own mind regarding issues such as this (ie., individual privacy).] -> 1.) From what I am hearing (largely propaganda from both sides) Clipper -> will be OPTIONAL. If I am businessman X and I dont know squat about [If the claim that Clipper will be "OPTIONAL" is propaganda, you might want to take it with a grain of salt. "OPTIONAL" today might not mean "OPTIONAL" tomorrow.] -> security (but realize it is a good thing) wouldnt I want something I -> could feel secure with? For me, wouldnt Clipper be a good thig? [If you are arguing that ignorance about security is a prerequisite for considering Clipper to be a good thing, you may be correct.] -> 2) If, for some reason, I wanted to keep something even more secure so -> the government couldnt see what I was doing, couldnt I just encrypt a -> message before or after it goes through the Clipper Chip? I would think -> this would prevent the government as well as anyone else from reading my -> message en route [If you have the technology at hand to encrypt a message before or after it goes through the Clipper chip using a method that the government can't crack, you don't need to spend money (as a prudent businessman) on Clipper hardware.] -> 3) Right now I can pick up cellular phone conversations and intercept data -> through any network lines with a datascope. For anyone who doesnt wan [Not bad for someone who is "new to security(feel free to laugh)."] -> this to occur wouldnt it be nice if they couldat least be reasonably -> certain that no one could understand what they are hearing or seeing? [Yes. This is why many people don't want Clipper. They want to be "reasonably certain that no one could understand what they are hearing or seeing"] -> 4) Also, would it be unreasonable to have an on/off switch on the Clipper -> chip? [I don't know.] -> Please dont assume me to be a pro-clipper individual. I am -> merely trying to form a logical, educated opinion on the issue. I will -> always feel skeptical when the FBI say we just need this to maintain our -> current state of survellience capability (or is that survellience state -> ;-) And I am also aware that if anybody thinks these keys will be kept -> confidential unless the government has a warrant blah blah blah well -> I -> better stop there.......... -> -> lake at uenics.evansville.edu >James< From paul at hawksbill.sprintmrn.com Sun Mar 20 08:35:28 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 20 Mar 94 08:35:28 PST Subject: (fwd) FBI Wiretaps. Old news.... Message-ID: <9403201640.AA21622@hawksbill.sprintmrn.com> For thos who haven't read some of the recent (compelling) newsbytes on Digital Telphony II - Forwarded message: > Newsgroups: comp.org.eff.talk > From: catalyst-remailer at netcom.com > Message-ID: <199403190626.WAA25701 at mail2.netcom.com> > Subject: FBI Wiretaps. Old news.... > Date: Fri, 18 Mar 1994 22:26:45 -0800 > X-Received: by usenet.pa.dec.com; id AA17267; Fri, 18 Mar 94 22:30:46 -0800 > X-Received: from mail2.netcom.com by inet-gw-1.pa.dec.com (5.65/13Jan94) > id AA08698; Fri, 18 Mar 94 22:25:42 -0800 > X-Received: from localhost by mail2.netcom.com (8.6.4/SMI-4.1/Netcom) > id WAA25701; Fri, 18 Mar 1994 22:26:45 -0800 > X-To: comp.org.eff.talk.usenet > X-Remailed-By: Remailer > > Today's news. > > WASHINGTON (Reuter) - The FBI warned Friday that wiretaps > might soon become impossible unless Congress updates a law > requiring telephone companies to cooperate with law enforcement > agencies on electronic surveillance. > ``Unless Congress creates a new law, law enforcement's > ability to protect the public against crime will be gravely > eroded and the national security will be placed at risk,'' FBI > Director Louis Freeh told a Senate Judiciary Committee hearing. > Freeh said new technology such as cellular telephones, call > forwarding and digital switching was making it more difficult > for the FBI and other agencies to operate wiretaps, which he > called one of law enforcement's best tools against crime and > terrorism. > ``We could be out of the wiretap business in a very short > time,'' Freeh said. He said 91 court-approved wiretaps were > abandoned last year because telephone companies could not solve > technical problems. > ``They (telephone companies) have told us they will not be > able to provide the access we need. We have certain requirements > which they tell us are not going into the software,'' he said. > Freeh said he wanted the 1968 law rewritten to require all > telephone companies to meet technical requirements for wiretaps > of new equipment. He said it would cost less than $1 billion and > would be paid in part by the federal government. > He said wiretaps had helped prevent several terrorist > attacks in the United States in recent years, including a 1986 > plot to shoot down an airliner, and helped convict over 22,000 > felons in the past decade. > Freeh said a new law would not jeopardize privacy, but > Senator Patrick Leahy, a Vermont Democrat, said he was still > concerned: ``My hope is that we can serve legitimate law > enforcement needs without jeopardizing privacy rights or > frustrating innovation and development of new technologies or > undercutting the competitiveness of America's high tech > industries.'' > The U.S. Telephone Association, which represents more than > 1,100 local telephone companies including the regional Bell > companies, said it believed the current law was adequate. It > said its members were cooperating with law enforcement. > Freeh said he had been meeting with representatives of the > telephone industry but had been unable to get a voluntary > agreement that would cover all companies. > - paul From unicorn at access.digex.net Sun Mar 20 09:02:24 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 20 Mar 94 09:02:24 PST Subject: (fwd) FBI Wiretaps. Old news.... Message-ID: <199403201706.AA03413@access3.digex.net> > ``We could be out of the wiretap business in a very short > time,'' Freeh said. He said 91 court-approved wiretaps were > abandoned last year because telephone companies could not solve > technical problems. I forgot to add, EFF's recent FOIA act asking for equipment interference with court ordered wiretaps showed NO problems. Where the 91 figure comes from is a mystery. From tkllc at universe.digex.net Sun Mar 20 09:30:16 1994 From: tkllc at universe.digex.net (tontine key llc) Date: Sun, 20 Mar 94 09:30:16 PST Subject: VIACRYPT/PGP Listservers Message-ID: Are there any LISTS that are devoted to developing expertise in the use of the various forms of PGP being peddled by VIACRYPT et al. It would be a boon to us "NEWBIES" and the cause of "Crypto Publicos" if such a forum was available which provided some handholding on the minutia of using the software. Any ideas? From sameer at soda.berkeley.edu Sun Mar 20 10:07:30 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 20 Mar 94 10:07:30 PST Subject: The CP WWW Home page Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I've been setting up a cypherpunks WWW home page on soda. So far I've been linking things into the home page stuff that's already on soda, and there's a good deal more work to be done. If you have some of your work available on the soda ftp site, if you want to make it available, I'd like a little bio info about yourself, (or your psuedonymous identity). So if you would like to send me either HTML pages with information or the proper URL so I can put in a link to your information, that would be great. Other suggestions for links are appreciated as well. (The cypherpunks URL is ftp://soda.berkeley.edu/pub/cypherpunks/Home.html) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYyRZXi7eNFdXppdAQEY5gQApHsTeZ8iyrt5EvS4y9AVP2ayEYCW89sk I2ZT+HFGd6vhZd+AyDoSosjDKyLaslOyiTCIwWWstCRE9P7yM4ZkZEEIaDWPEsyP 9lsSo8AToC9wHnPvOsYyzLJJKGnkS6M3km23gH05HDUUGXKcvEgsyJTKD2spqBMN Ieacy6ely9E= =wpCz -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Sun Mar 20 11:00:29 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 20 Mar 94 11:00:29 PST Subject: Pondering Clipper In-Reply-To: Message-ID: <199403201906.OAA01899@duke.bwh.harvard.edu> Not repeating what James Hicks had to say: | 1.) From what I am hearing (largely propaganda from both sides) Clipper | will be OPTIONAL. While Clipper might start out 'optional' the government intends to use its massive purchasing power to make it the de facto standard. If the government buys 50 or 100K Clipper phones, all of the sudden, Clipper phones are the standard. And like DOS, people will buy it because it is standard and cheap, not because it is better. Also, the development of clipper was done with tax dollars. The government has no need to recoup its investment in developing the chip. Therefore, they can sell the chips at the cost of manufacturing, and forget the R&D. That ability to ignore the bottom line is a pretty powerful mechanism. If a clipper phone costs $100 less than the alternative, because we the taxpayers already paid for it, Clipper becomes more and more the only choice. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From warlord at ATHENA.MIT.EDU Sun Mar 20 11:18:58 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Sun, 20 Mar 94 11:18:58 PST Subject: VIACRYPT/PGP Listservers In-Reply-To: Message-ID: <199403201925.OAA01360@charon.MIT.EDU> Try the alt.security.pgp newsgroup. It is probably the best place to ask questions about PGP. Also, you should probably get the FAQ from alt.security.pgp as well. -derek > Are there any LISTS that are devoted to developing expertise > in the use of the various forms of PGP being peddled by VIACRYPT et al. > It would be a boon to us "NEWBIES" and the cause of "Crypto > Publicos" if such a forum was available which provided some handholding > on the minutia of using the software. > Any ideas? From marc at tanda.isis.org Sun Mar 20 13:01:47 1994 From: marc at tanda.isis.org (Marc Thibault) Date: Sun, 20 Mar 94 13:01:47 PST Subject: Royal Bank privacy waiver Message-ID: Gentlefolk, The following is in light-grey small print on the back of the current Royal Bank Visa Gold card application. It appears to be an attempt to end-run privacy legislation. The net is that using your Gold Card gives the Royal Bank, and anyone else it chooses to share information with, permission to do what it wants with any information about you that it has, has ever had, or ever will have; even if you are no longer a client. It is worth the read. ... I will comply with the Cardholder Agreement you will send to me when you issue, renew or replace my card. If I sign, use or accept my card, it will mean that I have received and read the agreement. It will also mean that I have understood and agreed with you to everything written there. You may collect credit and other financially-related information about me (Information) from me, from credit bureaux and from other parties. You may use information as follows: - You may give it to credit bureaux and other parties who have or may have financial or other business dealings with me: - You may use it to determine my financial situation; - You may use it for any purpose related to the provision to me of services I request from you. You may also give it to anyone who works with or for you, but only as needed for the provision of those services; - You may use it to promote your services to me. You may also add it to client lists you prepare and use for this purpose; and - You may share it with your affiliates (where the law allows this), in the form of client lists or otherwise, so that they may promote their services to me. If I have ever given you my social insurance number, you may treat it as information and use it as an aid to identify me with credit bureaux and other parties. Even if I am no longer your client, you may keep Information in your records and use it for the purposes noted above. If a co-applicant signs this Application, they also agree and consent to everything written here and in the Cardholder Agreement. .... At the bottom of the page, in bold black letters, for comic relief, are the words "RESPECTING YOUR PRIVACY IS IMPORTANT TO US". Cheers, Marc --- Marc Thibault | Any warming, global Automation Architect | or otherwise, is Oxford Mills, Ontario, Canada | welcome. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQA9AiyT2YcAAAEBgKVboQejsR2t2U70HoWOXTIqlWUCRGkTht8Yn/4kuzWby/e3 Z9tT8RHJbAx9us7QZwAFEbQdVGFuZGEgTWFpbCA8bWFyY0B0YW5kYS5vbi5jYT4= =aFhG -----END PGP PUBLIC KEY BLOCK----- From mg5n+ at andrew.cmu.edu Sun Mar 20 13:17:30 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 20 Mar 94 13:17:30 PST Subject: Random Number Generator (was Re: brainstorming on cpunks' eve) In-Reply-To: Message-ID: <8hX=xVu00VomEQdm1T@andrew.cmu.edu> Matt Thomlinson wrote: > Other possible net services: random number services, which don't keep > logs of the numbers it produces -- have it spit a statistically-correct > random stream each time a port is opened? Would this be that useful? Well, I don't know if it's useful or not, but for sake of curiousity/experimentation, I set up a random number server. Send mail to mg5n+random at andrew.cmu.edu and it'll spit out 256 bytes of random data. :) The RNG is the same one I use for my remailer. The random numbers are generated from (among other things) taking a hash of a listing of the users who are currently logged-on, so it's impossible to predict what will come up from one minute to the next. (Try fingering @unix.andrew.cmu.edu) wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) wrote: > For crypto use that's not very helpful - if the numbers go across > the net, other people can see them. But they may be somewhat > helpful as seed material for your own random number generator, > along with hashes of your memory, random Ethernet traffic, etc. Right. Always crypto-launder random number files before and after each use. :-) Bill Stewart wrote (re timestamps/digital notary): > There's certainly a need for such services. You have to be > careful to avoid stepping on Bellcore's work, since I think it's > patented, but related services may be practical and profitable. > You have to decide how much you're willing to trust the > timestamp that the service generated, as you would for a > human notary. With a digital notary, there's a risk someone > could hose the clock on the notary's machine, get something > notarized, and reset the clock, so even if the notary's being > perfectly honest it's not risk-free. This shouldn't be too hard to do. Considering many of the remailers already support PGP, it shouldn't be too much work to modify the current remailers to take a message, add a date/time, sign it with PGP, and send it back. From shipley at merde.dis.org Sun Mar 20 14:40:56 1994 From: shipley at merde.dis.org (Evil Pete) Date: Sun, 20 Mar 94 14:40:56 PST Subject: The CP WWW Home page In-Reply-To: Message-ID: <9403202241.AA28069@merde.dis.org> > > I've been setting up a cypherpunks WWW home page on soda. > So far I've been linking things into the home page stuff >that's already on soda, and there's a good deal more work to be >done. If you have some of your work available on the soda ftp site, if >you want to make it available, I'd like a little bio info about >yourself, (or your psuedonymous identity). > So if you would like to send me either HTML pages with >information or the proper URL so I can put in a link to your >information, that would be great. > > Other suggestions for links are appreciated as well. > >(The cypherpunks URL is ftp://soda.berkeley.edu/pub/cypherpunks/Home.html) gopher://chaos.bsu.edu/ http://martigny.ai.mit.edu/~bal/pks-toplev.html From eichin at paycheck.cygnus.com Sun Mar 20 14:59:30 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Sun, 20 Mar 94 14:59:30 PST Subject: A Certain Monk at a certain village in Hanoi In-Reply-To: <9403200625.AA10085@bsu-cs.bsu.edu> Message-ID: <9403202149.AA06868@paycheck.cygnus.com> >> Of course this runs slowly and does tend to use a lot of storage. >> The stack really grows too large. I'm hoping that it may be possible That's just because it was an intuitive, but excruciatingly inefficient, implementation. You can do towers of hanoi with *no* stack, as long as you can loop (and even if you can't explicitly loop, you can do it tail recursively, which this version isn't, and still avoid using stack.) It's much harder to recognize that the code relates to the problem... but if you treat the problem as "generate this stream of numbers" it's not too hard to see how to do it. The story behind the original "towers of hanoi" problem (three ivory rods, 64 gold and silver disks) is amusing, though, in that it's an example of using an "intractable" problem (moving the 64 rings by the proper rules -- only stack on the immediate smaller size, only move one at a time, and get the whole pile moved) to protect a "secret" (as I've heard it, the world would be destroyed (or saved?) when the operation was finished... perhaps the "secret" would be that it wasn't going to work :-) [how's that a desperate stretch for a cryptographic tie in?] _Mark_ ... just me at home ... From markh at wimsey.bc.ca Sun Mar 20 15:23:26 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Sun, 20 Mar 94 15:23:26 PST Subject: NSA and PGP rabblerousing Message-ID: > Note that doubling the key size from 1024 to 2048 bits is also > probably a ruse, since it dramatically increases computation time (I > think). 1024 bits are a lot of bits as it is. On a 486DX/33 an RSA sign operation takes a little under 2 seconds with a 1024 bit key. With an 1800 bit key (not quite 2048), a little under 9 seconds. (gcc 2.5.8, gmp 1.3.2, Linux) Personally, I think 1024 bit keys are probably enough. I'm currently working on some Montgomery multiplication code for RSAREF (sans gmp), which should make things faster. (It already works, I just need to clean some things up before releasing it). Mark -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- anon ftp -- wimsey.bc.ca:/pub/crypto From an53400 at anon.penet.fi Sun Mar 20 20:05:28 1994 From: an53400 at anon.penet.fi (an53400 at anon.penet.fi) Date: Sun, 20 Mar 94 20:05:28 PST Subject: anti-security measures Message-ID: <9403210406.AA24228@anon.penet.fi> I need to convince someone of their need for security. If anyone out there could send me a good trojan program or direct me to somewhere where I can find code or how to code one I would appreciate it. Other security buster measures would also be nice. :) Thanks. Stranger ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From wcs at anchor.ho.att.com Sun Mar 20 20:52:11 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 20 Mar 94 20:52:11 PST Subject: A Certain Monk at a certain village in Hanoi Message-ID: <9403210502.AA18999@anchor.ho.att.com> BTW, does anybody have a good Tibetan font for X? I've got an application that involves counting up to about 9 billion, and needs some appropriate display technology.... From hayden at krypton.mankato.msus.edu Sun Mar 20 21:44:14 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 20 Mar 94 21:44:14 PST Subject: Administrivia: Questions about the List In-Reply-To: Message-ID: Also, mail from this list has the following header: Precedence: bulk That might slow things down on A LOT of systems. I know on my lists that I run, things tend to get bottlenecked untile mid-evening when "legitimate" stuff has been processed. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hkhenson at shell.portal.com Sun Mar 20 21:46:58 1994 From: hkhenson at shell.portal.com (H Keith Henson) Date: Sun, 20 Mar 94 21:46:58 PST Subject: Recent AA BBS stuff Message-ID: <199403210600.WAA03573@jobe.shell.portal.com> 3/20/94 I got a phone call today from an early player in this affair--the guy who originally turned in Amateur Action BBS to the Postal Inspectors. Turns out he had *not* hacked into AA BBS, but just read the signon screens--and was not familiar with the hype used to describe certain files. AA BBS *does* offer photos of nude "young children." What they are is nudist material, legal (as far as anyone knows) anywhere. The guy started out the call very upset that I would be involved defending someone offering child pornography. I explained to him that AA BBS had no child porn, and that the only child pron involved in these events was that the postal inspector sent to frame the AA BBS sysop. I went on to tell him that the postal folks were mainly going after the sysop *and his wife* for bestiality pictures and the like on his board. The guy was simply horrified at what he had started since he has no problem with any of that kind of stuff, or people who want to look at it. Had he paid the signup fee and been an AA BBS member for even a day, he would have realized there was nothing there to warrant bringing in the postal inspectors. If he had even called the sysop . . . . Well, it is too late now, the legal bill on this case has likely gone over $100k. One thing for sure, this case has totally shaken my belief that the legal system is fair and honest. I find that the court clerks take orders from the US Attorneys. Clerks keep the judges in the dark about letters to them and even motions on their calendars. I have found out that Magistrates provide no protection whatsoever from unreasonable searches and seizures. (Why? Because they *don't even *read* the search warrant affidavits!) I also have found out that the Western District of TN runs a profitable racket against adult BBS and other sources of erotic material. I have also found that there seems to be *NO* possible legal recourse available if a US Attorney breaks the law. The FBI is the only organization which could investigate, and they have to ask for permission---FROM THE US ATTORNEY THEY WOULD BE INVESTIGATING! Thus laws designed to protect your privacy or communications have no teath in them. I am uploading this and several other recent related files to Wildcat BBS in TN. Folks, please check things out before involving the cops. Cops have no sense of humor at all. Keith Henson 3/16/94 More very odd goings on to report in the AABBS case. As you can see from the body of this posting, there is a serious problem with the court clerks controlling what the judges see. It seems to have happened again. I hand delivered the below letter (marked Personal and Confidential) to Judge Patel's clerk [Ms Muriyama] in open court in the presence of three lawyers. Unfortunately, Judge Patel stepped out of the court just at the instance I handed the letter to her clerk. Did Judge Patel get the letter? I suspect not. I know Judge Patel is under no obligation to respond, or even have one of her staff respond, but it would seem like this kind of report would generate a reply *if* Judge Patel received it. Does anyone have an idea of how to reach a judge if her clerks do not want her to see it? Someone has suggested paying the local law paper to *publish* it as an advertizement. Your suggestions would be most welcome since I am absolutely out of ideas. Keith H. Keith Henson 799 Coffey Ct. San Jose, CA 95123 408-972-1132 Judge Marilyn Patel Northern District of California 450 Golden Gate Ave., 19th Floor San Francisco, CA 94102 March 3, 1994 Dear Judge Patel: You may want to look into certain acts last week by some of the Court clerks. It appears they are taking orders from the US Attorney to modify your calendar. Last Thursday, Richard Williams (a lawyer from San Jose) made telephone contact with Ms Muriyama in the clerk's office. He had a motion to file for return of property and suppression of evidence in a case which itself involves a report of fraud on Magistrate-Judge Brazil's court to obtain a search warrant. (A matter about which I informed Magistrate Brazil in a letter dated January 19.) Since you were the Duty Judge in January when these events happened, it was appropriate to bring the motion to you. Ms Muriyama told Mr. Williams that the motion could be heard on the calendar of your Court on Monday, February 28, 1994 at 2:30 pm if he could get the motion filed early Friday morning. Mr. Williams had the motion filed by courier with the clerks office by about 9 am last Friday. He fully expected to be before your Court Monday at 2:30. I learned of the hearing Friday and made plans to be there myself since my affidavit is part of this motion. Two of Mr. William's staffers talked to Ms Muriyama Thursday, and are prepared to testify as to her agreeing to putting the motion on your calendar, though the option was left open that you might shift it to some other department at the same time. Monday at 11:50 am, Vicki from Magistrate Brennan's office called Mr. William's office to tell him that there was nothing on calendar for his motion before either yourself or Judge Brennan because she said the US Attorney had ordered the clerks to take his motion off your calendar! Vicki was told that according to Ms Muriyama (as of last Thursday afternoon), the motion *was* on calendar. Vicki then alleged that Ms Muriyama had not contacted Mr. Willaim's office the previous week. She also said they had no copy of the motion for you to see (two were filed, and one given to the US Attorney after filing). A few minutes later, Ms Muriyama called saying that they had no copies of the motion for you to review, though she did not deny that she had put this matter on your calendar. Since Judge Brazil had excused himself last week, she tried to get Mr. Williams to agree to place the motion before Magistrate-Judge Brennan, and when told that a Magistrate was unacceptable, she placed the motion hearing on Judge Caulfield's calendar late on March 7, one day before the matter is to be moved to Tennessee, a move which will inflict great costs and business damage upon the plaintiffs. Though I do not know that Judge Brazil ever saw the letter I wrote to him, one of his staff called me last week and left a long message (which I preserved) on my answering machine. In it, the staff member stated that it was not a Judge's role to investigate the fraud perpetrated on his Court to which I had directed his attention, and that I should contact the US Attorney if I wished the matter to be investigated. Given that the US Attorney has manipulated your calendar to prevent these very matters from being brought to the attention of your Court, I believe this approach would be akin to getting a fox to guard the henhouse. I would greatly appreciate your looking into these matters which involve the integrity of the Court. I would also appreciate a very short phone call from you to either myself or Mr. Williams indicating only that this letter actually got into your hands. I have never considered myself a naive person. In spite of this, I have always felt that the judiciary in this country was honest. I still feel this way, but how effective can an honest Judge be when their information channels are completely controlled by one party in an action? Sincerely, H. Keith Henson PS I was quite surprised to find the Court clerks are employed by the US Attorney's office. Considering how much control clerks/staff have over what Judges hear and do, this arrangement harbors a high potential for abuse--even if only inadvertent abuse. I simply could not imagine Congressional staff members being employees of the Executive branch! If there is a movement to put clerks under the Judges, I would be happy to lend my support. enc. Copy of referenced letter to Magistrate-Judge Brazil Copy of letter to Chief Judge Thelton E. Henderson ----- [Incidentally, Judge Caulfield was supposed to have ruled on the motion to return property and suppress evidence last Friday. Mr. Williams was called (by a clerk again) and told she would rude on his motion without a hearing, and let him know how it came out by letter. So far, nothing has showed up in the mail, and it will be a week tomorrow. My long standing faith in a fair judicial process in this country has been badly shaken.] RICHARD D. WILLIAMS, APC State Bar #92376 79 Divine St., Suite 101 San Jose, CA 95110 (408) 295-6336 Chief Judge Clifford Wallace U. S. Ninth Circuit Court of Appeals Two Rincon Center P.O. Box 193846 San Francisco, CA 94119-3846 March 11, 1994 In Re: Complaint for Judicial Misconduct Dear Chief Judge Clifford: I am filing a complaint largely as a concerned citizen but also on behalf of my clients, Robert and Carleen Thomas. It is my understanding that section 372 (c) of title 28 is intended to preserve the integrity of the judiciary. I would like to see an investigation of what I consider to be an affront to the Ninth Circuit, its district courts, the American people, and my clients. Mr. and Mrs. Thomas run an adult bulletin board service. Their activities of preparing graphical and written material for public dissemination clearly makes them "publishers" within the meaning of Title 42, Section 2000(aa) (Privacy Protection Act). In addition, their system has 3,500 electronic mail users who were entitled to protection under the Electronics Communications Privacy Act. On January 10, 1994 the Thomas' entire computer system was seized pursuant to a search warrant which was purportedly signed by Hon. Wayne Brazil, U.S. Magistrate in the U. S. District Court for the Northern District of California. This warrant was applied for by a U.S. postal inspector (David Dirmeyer) from the Western District of Tennessee. They were aware of the requirements of both 42 U.S.C. 2000 (aa) and 18 U.S.C. 2703 that a subpoena be used against both electronic mail services and "publishers" unless a specific showing of need is made by a judicial officer. On the day following the execution of the search warrant I drove to San Francisco (after the Clerk of the U.S. District Court for the Northern District of California could find no such case number) and was told that the U.S. Attorney had the case file for a week, and that I should check back in a couple of days. As the clerk spoke, I could not help but look up and see a sign indicating that removal of any file from the clerk's office was punishable as a felony. I was also told that nothing in the file was sealed (although there was no docket sheet available for me to verify this). I went back three days later and got the same reception at the Clerk's office. Again there was no docket sheet and no file. I was given Magistrate Brazil's office phone number, and I spoke with a woman who claimed to be Magistrate Brazil's secretary. She told me that there was no record she could find that there had ever been an affidavit put before Judge Brazil, nor a search warrant issued. Someone came up and spoke to her at which time she excused herself and put me on hold for five minutes. When she returned she seemed nervous, and told me that there was a file, but that the affidavit in support of the search warrant was "sealed." This affidavit was not unsealed until January 27, 1994, the day after an indictment against my clients was filed in Western District of Tennessee. My clients were deprived of due process in that the rules were manipulated such that the Thomas' were denied their rights to seek return of the seized property under rule 41(e), instead forcing them to litigate this matter (to the limited extent possible) in Tennessee. Since the file had no usable case number in either California or Tennessee I had no way to defend my client, and hence they were denied their Sixth-Amendment rights as well. I apologize for my lengthy presentation, but I could not do this matter justice with a brief statement and no background information. This matter strongly suggests that Magistrate Brazil was conspiring with U.S. attorneys, Postal Inspector David Dirmeyer, and unknown judges in the Western District of Tennessee to deprive the Ninth Circuit of its rightful jurisdiction over matters occurring within its district, and to deprive my clients of their civil rights. If the Court of Appeals were to find such a conspiracy it would have serious implications, and represent racketeering within the meaning of RICO statutes in that their co-conspirator, Agent David Dirmeyer, has also engaged in intimidation of witnesses, extortion, attempted blackmail, and perjury. Further, Agent Dirmeyer referred to his mailing of unsolicited child pornography to unsuspecting persons as "standard investigative procedure." This case has national significance if, in fact, the federal magistrates in this country are routinely violating the civil rights of litigants in this fashion, conspiring with postal inspectors to forum shop for the most conservative jury pools in the country, and allowing the affiants to commit blatant perjury in the course of their affidavits. I believe the clear intent of all of these proceedings was to turn my client's bulletin board into a government asset so that they could use the bulletin board to entice the members with child pornography. In support of the above serious accusation, I cite the fact that David Dirmeyer threatened Robert Thomas that he would suffer serious retaliation should he blow Agent Dirmeyer's ("Lance White's") cover on the bulletin board. This indictment and arrest followed open discussion on the board about Lance White when Thomas did not give in to this extortion. In my opinion, Agent Dirmeyer did not intend a criminal prosecution and, therefore, tried to create only enough of a paper trail to intimidate Mr. Thomas and make his business a "government asset" in their search for alleged pedophiles. This is the only reasonable conclusion for the following reasons: 1. A citizen who stumbled on something they deemed offensive on an adult bulletin board is not likely to call a postal inspector. But Agent Dirmeyer describes someone reporting their involvement in a serious felony (theft of computer services) to the postal inspectors in his affidavit. 2. Agent Dirmeyer already had copies of tapes sought under the search warrant (and had allegedly ordered from Mr. Thomas' board), and could have copied everything necessary for prosecution from his remote location in Tennessee. The only things he could not copy remotely were the electronic mail and member names and passwords. The reasons for the search warrant were to intimidate the Thomases, "frame" them with child pornography for further leverage, and to take the bulletin board off-line for five days so Agent Dirmeyer could extract member names, account passwords, and e-mail. It should be noted that Agent Dirmeyer still has the e-mail. 3. Agent Dirmeyer purports in his affidavit to have informed Magistrate Brazil of my clients' publisher status under 42 U.S.C. Section 2000 (aa) and the email content of the computer under 18 USC 2703 et seq. If so, in effect he told Magistrate Brazil that he would be committing two felonies--by title and section number--and he still got his search warrant. 4. There are several adult bulletin boards in Tennessee with similar (if not identical material) and Agent Dirmeyer chose to act in the Northern District of California. 5. The Thomases were subject to a similar search and seizure in 1992 by San Jose police acting alone, who examined the system and returned it in exchange for a promise not to sue them or Santa Clara County civilly. No items were found to be obscene by the police or Santa Clara County district attorneys. This fact was known by Agent Dirmeyer and even Magistrate Brazil. 6. Agent Dirmeyer made threats to Robert Thomas in his attempt to preserve his "Lance White" cover as a member of the BBS. 7. Magistrate Brazil's office acted as if the affidavit itself was sealed when, in fact, the application for sealing, and his own words in doing so, only sealed the exhibits (deemed obscene by Agent Dirmeyer). I am also concerned about his not releasing the affidavit (Sua Sponte) until January 27th, 1994 (the day after the indictment and 17 days after the search). 8. There is also the fact that not so much as a docket sheet was available in the interim, as well as the sudden change of attitude by the Magistrate's secretary when I called to inquire as to the whereabouts of the file (after she discussed the matter with whoever interrupted our phone conversation). 9. Last, but not least, the initial case number, (allegedly stamped on the search warrant by the Clerk of the Court), was 3005-WDB. Once the file had become unsealed, the case number became 30005-WDB. These factors leave room for and at least suggest that an ex-post- facto paper trail was created after a bluff had gone bad. I believe the court must investigate these irregularities to protect its own integrity. At a bare minimum we have extortion and forum shopping by Agent Dirmeyer with the participation of federal magistrates in Northern California and the Western District of Tennessee. I am appalled as an American at the thought of this. I am equally appalled if an agent's sending child pornography to someone "without his knowledge" (Dirmeyer's own words describing the pornography) has become standard practice for postal inspectors. Sincerely, Richard D. Williams Attorney at Law [a posting I made to the net on 3/14/94] By the time this gets distributed to the net, Robert Thomas (the sysop of Amateur Action BBS), his wife, and their lawyer will be on the way to Memphis for their first hearing on obscenity charges. The charges stem from a postal inspector getting an account on Robert's BBS, downloading files (and ordering tapes) the inspector believes to be obscene in that part of the country. I expect Robert to eventually be bled dry by legal and travel expenses. I have *real* problems with the laws being applied this way. With current technology it not possible for a sysop to control or even identify the location from which BBS members call. It is almost as difficult for *anyone* to determine what is considered obscene in a given location. Such a research project would take years of lawyer time, and would still be only a guess. It would hinge on East Nowhere allowing B&D, South Backwater allowing this plus golden showers, and West Prudence allowing neither, but not being concerned with animal pix. North Nowhere might allow anything, including kiddy porn morphed from pictures of adults, and computer generated pictures of sex with space aliens. If a given local wants to impose restrictions, I don't have as much of a problem with that, since people can always move somewhere more liberal. But imposing local restrictions on a BBS 2000 miles away is not logical--because it imposes an *impossible burden* on a sysop. "You are responsible for knowing what you download (or order) is legal" was argued by the government against the people who downloaded child pornography from Denmark in "operation longarm" a year or two ago. [That BBS was taken over by the U.S. Government and the 140 or so people who called there were traced. Many of them--the ones who did not encrypt or erase what they downloaded--were busted, and now the taxpayers are paying to keep them in jail, while the violent offenders are let out for lack of space.] Given this history of imposing responsibility on the person downloading, it seems inconsistent (to say the least) for the Federal folks to impose the standards of the least liberal places in the country on a *San Francisco area* BBS. (San Francisco is, after all, "Babylon on the Bay.) In the AA BBS case, two years ago the local police had his computer for five weeks. They looked at every .gif and give it back-- which strongly implies that they considered the material on it within community standards. (They found no child pornography, which seems to be the only thing considered illegal here. Cops do not, after all, return contraband!). The postal inspector and the U.S. Attorneys do not seem all that sure of themselves this time either, since (after keeping the BBS for five days) they gave it back with the intent that the BBS continue operating. They have not asked the sysop to refuse memberships from Tennessee, or to remove any of the .gif files they considered obscene. (I think the gifs are just silly.) I am torn between thinking of these events as being part of a Memphis political attention play and an attempt to turn AA BBS into a "government asset" like the one in Denmark from which the postal inspectors could troll for pedophiles. They *did* get the email, member names, and passwords. [Do any of you want to guess how often Memphis gets mentioned in the national press? It turns out to be fewer than a dozen times a year if you discount articles about Elvis/Graceland. One of the biggest events of all time there was the Linda Lovelace/Deep Throat trials--which cost about 10 million dollars and accomplished nothing except some publicity for the U.S. Attorneys involved.] In spite of being extremely busy as the new president of Xanadu Operating Company (Hypertext) and doing a lot of analysis and programming, I have been assisting with the defense on this case. I am *very* annoyed by these proceedings because they are cutting into my productivity. I am more than open to ideas and help from people on the net to generate political pressure on the feds to get them to back off from this stupid test prosecution. One possible approach might be for someone to inform the new U.S. Attorney in Memphis (Veronica Coleman) about the case-- which I bet is being run by subordinate Dan Newsom without her even knowing about it. The investigation was started under her predecessor, Republican Ed Briant, who rose to prominence in the Deep Throat prosecutions. I strongly doubt that Veronica Coleman (Democrat and graduate of Howard University) would put a (very costly) effort to suppress a *California* adult BBS high on a list of priorities for her office. Being associate with the case makes me talking to her of questionable propriety, but there must be someone out in netland who could. The local NAACP office (901) 521-1343 might provide her phone number if someone with a reasonable level of academic or other prestige were to ask. On the other hand, she might be fully behind the prosecution. Thanks in advance for help/ideas any of you can contribute. Keith Henson (408) 972-1132 From cknight at crl.com Sun Mar 20 22:41:29 1994 From: cknight at crl.com (Chris Knight) Date: Sun, 20 Mar 94 22:41:29 PST Subject: anti-security measures In-Reply-To: <9403210406.AA24228@anon.penet.fi> Message-ID: The below message in itself is proof that people need some security... -ck On Mon, 21 Mar 1994 an53400 at anon.penet.fi wrote: > > > I need to convince someone of their need for security. If anyone out there > could send me a good trojan program or direct me to somewhere where I can find > code or how to code one I would appreciate it. Other security buster measures > would also be nice. :) Thanks. > > Stranger > ------------------------------------------------------------------------- > To find out more about the anon service, send mail to help at anon.penet.fi. > Due to the double-blind, any mail replies to this message will be anonymized, > and an anonymous id will be allocated automatically. You have been warned. > Please report any problems, inappropriate use etc. to admin at anon.penet.fi. > From cknight at crl.com Sun Mar 20 22:42:13 1994 From: cknight at crl.com (Chris Knight) Date: Sun, 20 Mar 94 22:42:13 PST Subject: A Certain Monk at a certain village in Hanoi In-Reply-To: <9403210502.AA18999@anchor.ho.att.com> Message-ID: Working on building a list of names? -ck On Mon, 21 Mar 1994 wcs at anchor.ho.att.com wrote: > BTW, does anybody have a good Tibetan font for X? > I've got an application that involves counting up to about 9 billion, > and needs some appropriate display technology.... > From pmetzger at lehman.com Mon Mar 21 03:41:32 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 21 Mar 94 03:41:32 PST Subject: anti-security measures In-Reply-To: <9403210406.AA24228@anon.penet.fi> Message-ID: <9403211141.AA06905@andria.lehman.com> an53400 at anon.penet.fi says: > I need to convince someone of their need for security. If anyone out > there could send me a good trojan program or direct me to somewhere > where I can find code or how to code one I would appreciate > it. Other security buster measures would also be nice. :) Thanks. I need to convince someone that mugging is a big problem in the inner city. If someone out there could send me a good pistol so I can go out and mug them I would appreciate it. Perry From bdolan at well.sf.ca.us Mon Mar 21 04:26:32 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Mon, 21 Mar 94 04:26:32 PST Subject: How to control Internet? Buy it! Message-ID: <199403211226.EAA21659@well.sf.ca.us> News reports have it that Bill Gates and McCaw Cellular are going to build a global satellite communications network. I'm having a nightmare about a Microsoft-like domination of global communications, complete with SPA police, etc. Ugh! bdolan at well.sf.ca.us From GRABOW_GEOFFREY at tandem.com Mon Mar 21 05:43:38 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Mon, 21 Mar 94 05:43:38 PST Subject: Another prong in the attack atainst Clipper. Message-ID: <199403210541.AA15673@comm.Tandem.COM> ------------ TEXT ATTACHMENT -------- SENT 03-20-94 FROM GRABOW_GEOFFREY @LONGIS Greetings c'punks. Regarding the discussions at the physical meeting, I'm in the progress of compiling a list of BBSs in my area. I plan to walpaper 'em with a letter about Clipper. The reason for this is that most average "hacks" have little or no information about Clipper. When I chatted with some folks on the BBSs, many of them didn't know what I was talking about. The attack I'm forming uses public awareness. We need to educate Joe 6-Pack. If I tell 100 people, I would hope that 3 of them would become concerned. To this end, I'm asking for suggestions for a letter (no more than 1000 words 'cause people too lazy to read a lot) that explains in J.6. terms what Clipper is and why it is a thing to be avoided. When I get something together, I'll post it for corrections and/or enhancements. Then, if everybody on this list posts it on 5 other places, we might actually get somewhere. I look forward to hearing from y'all, G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/qhsAAAEEAN4QxTfSBoeP/FCiaX0/KmCkl6BcKRa1PeoP6ZlPWydg1nOx yZAk8pIdgiGxxgiMBMsqD+SrU+Sl1Fx1AdJ14HJsBp1V6G4rBTZqvFpbNPCfrQfz K/Apg+7bBpi5Qv+sQ0TWIy38zp/laArgcdUOpE4oE2UOUBVEtYvm47K2P+i5AAUR tC9HZW9mZnJleSBDLiBHcmFib3cgPGdyYWJvd19nZW9mZnJleUB0YW5kZW0uY29t Pg== =2NWi -----END PGP PUBLIC KEY BLOCK----- From jazz at hal.com Mon Mar 21 07:41:57 1994 From: jazz at hal.com (Jason Zions) Date: Mon, 21 Mar 94 07:41:57 PST Subject: Two more anon.penet.fi bounces Message-ID: <9403211542.AA29970@jazz.hal.com> ------- Forwarded Messages Return-Path: daemon at anon.penet.fi Return-Path: Received: from hal.com (hal-backbone) by latte.hal.com (4.1/SMI-4.1.2) id AA14635; Fri, 18 Mar 94 21:18:38 CST Received: from anon.penet.fi by hal.com (4.1/SMI-4.1.1) id AA26106; Fri, 18 Mar 94 19:16:47 PST Received: by anon.penet.fi (5.67/1.35) id AA00125; Sat, 19 Mar 94 04:14:49 +0200 Date: Sat, 19 Mar 94 04:14:49 +0200 From: daemon at anon.penet.fi Message-Id: <9403190214.AA00125 at anon.penet.fi> To: jazz at hal.com Subject: Anonymous service rejected your mail. You, jazz at hal.com, have requested mail forwarding to na69591. This was rejected, as the user is unknown. Either the id has never been allocated, or the id has been removed at the request of the user. ------- End of Forwarded Messages From huntting at glarp.com Mon Mar 21 07:45:58 1994 From: huntting at glarp.com (Brad Huntting) Date: Mon, 21 Mar 94 07:45:58 PST Subject: Recent AA BBS stuff In-Reply-To: <199403210600.WAA03573@jobe.shell.portal.com> Message-ID: <199403211545.IAA05134@misc.glarp.com> > I have also found that there seems to be *NO* possible legal recourse > available if a US Attorney breaks the law.... Is title 42 applicable? With all the corruption you site, it would seem that your clients rights have been violated by persons "acting under color of law", no? brad From habs at warwick.com Mon Mar 21 08:39:53 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Mon, 21 Mar 94 08:39:53 PST Subject: EFF gun-shy of legally employing PGP (fwd) Message-ID: <9403211532.AA01916@uucp.warwick.com> ------ From: Eric Hughes, Mon, Mar 21, 1994 ------ > > 3) EFF is a Mac shop, but our licensed copy of Viacrypt doesn't run on the > > Mac. > MacRIPEM is both easy to use and runs on a Mac. There may be other Eric Apple System 7 Pro comes with Digital Sig. capability. It may not be as secure as PGP, but it would be a good first step. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From lefty at apple.com Mon Mar 21 08:46:23 1994 From: lefty at apple.com (Lefty) Date: Mon, 21 Mar 94 08:46:23 PST Subject: anti-security measures Message-ID: <9403211645.AA17070@internal.apple.com> >I need to convince someone of their need for security. If anyone out there >could send me a good trojan program or direct me to somewhere where I can find >code or how to code one I would appreciate it. Other security buster measures >would also be nice. :) Thanks. Heh. I need to convince someone of their need for physical security. If anyone out there could supply me with several pounds of C4, a high-powered rifle, and a large caliber handgun, I'd appreciate it. Other lethal weapons would also be nice. Thanks. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From lefty at apple.com Mon Mar 21 08:46:31 1994 From: lefty at apple.com (Lefty) Date: Mon, 21 Mar 94 08:46:31 PST Subject: spyproofing your house/work building Message-ID: <9403211645.AA17067@internal.apple.com> Wayne Q Jones excretes: > >With FLIR you have SLIR OTH UV LOW LIGHT from the military (Billy boy >is itching to deploy here in the good ole USA). Remote Sensing RADAR SONAR >Stealth RADAr, Remote Imaging SYStems all kinds of goodies coming home. >TO do what..fight crime..Yeah right. I remember law and order Nixon. > Cryptography is the least of your problems. A high tech military is >coming home and Billy wants to put them to use on our streets..>!!! >He just loves gadgets. Dissent may become passse' in America. Stupidity, on the other hand, is _always_ in style, eh, Wayne? Whyncha see whether you can locate a second neuron up in that vast, echoing space? You might get better results rubbing two of 'em together. And, hey, if you're going to go out, don't forget your tinfoil hat! The alien radio control beams are pretty thick out there today. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From wex at media.mit.edu Mon Mar 21 09:05:20 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Mon, 21 Mar 94 09:05:20 PST Subject: Note from EDUPAGE Message-ID: <9403211705.AA29714@media.mit.edu> CALL FORWARD FOR CRIME Criminals have discovered that by forwarding their calls, they can evade wiretaps placed on their home lines. "Criminals can go to any phone, call the `intelligent network' and route calls anywhere," says an FBI special agent. The FBI estimates that 25% of all wiretaps "are adversely affected" by this telephone hide-and-seek. (Wall Street Journal 3/18/94 A5A) [Wex notes: this seems relevant to the ongoing fight over the FBI wiretap proposal; I wonder if they're laying the public groundwork for supporing their proposal to get call-setup information. I also wonder if it would do them a damn bit of good. If I call a number which I know has previously been forwarded to a different number, is the eventual target # part of the call-setup info?] From unicorn at access.digex.net Mon Mar 21 09:44:37 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 21 Mar 94 09:44:37 PST Subject: Note from EDUPAGE Message-ID: <199403211744.AA00706@access3.digex.net> -> CALL FORWARD FOR CRIME Criminals have discovered that by forwarding their calls, they can evade wiretaps placed on their home lines. "Criminals can go to any phone, call the `intelligent network' and route calls anywhere," says an FBI special agent. The FBI estimates that 25% of all wiretaps "are adversely affected" by this telephone hide-and-seek. (Wall Street Journal 3/18/94 A5A) <- What the hell is with the FBI and figures? First they cant come up with any effects, then it's 91 instances, which was not released in EFF's FOIA request, now it's 25% of all wiretaps.... which to my math sounds like 75 or so. Oh boy.... -uni- (Dark) From blancw at microsoft.com Mon Mar 21 09:59:21 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 21 Mar 94 09:59:21 PST Subject: How to control Internet? Buy it! Message-ID: <9403211800.AA04164@netmail2.microsoft.com> I'm having a nightmare about a Microsoft-like domination of global communications, complete with SPA police, etc. ................................. Unlike the government, Microsoft and McCaw Cellular both depend upon a customer-driven market for their acceptance. They must convince their customers that they are better than the competition in providing a similar service; they must adjust this service to the customer's requests & preferences or lose the account. Blanc From mech at eff.org Mon Mar 21 10:29:14 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 21 Mar 94 10:29:14 PST Subject: PGP BBS site Message-ID: <199403211829.NAA25197@eff.org> Need to refer someone (US citizen, currently in the US) to a BBS that is carrying the current PGP. Any pointers? He's in Edgewater FL, but is willing to call LD to get it. No net access. Thanks. From cowen at glia.biostr.washington.edu Mon Mar 21 10:45:01 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Mon, 21 Mar 94 10:45:01 PST Subject: No Subject Message-ID: <9403211854.AA18182@glia.biostr.washington.edu> in response to the post about the joe-six-pack worry level if they get clipper int he phone next they will have it in the fax's the TV is next, seeing that most of it in 10 years will go over smart lines to give you more choices, there was a 10,000 home test in broklyn just last year, the NSA and other agencies won't give up the opptunity to easily, in fact they might just go around " those dumb congressmen" if the chip and the means to make it are banded by law. my financee who hearing me talk about this list, and hte clipper has gone out and told others in a laymens term,, " hey did you know the gov't is trying to put a chip in all new fones that could make it possible for hte police to just listen in on your talks to others. just by pressing a few keys" though it is not to acurate, it gets the point across to joe and jill making them wonder at what they are saying and who might be listening.. wonder what it all will bring in 20 years?? charles the monster maker From tcmay at netcom.com Mon Mar 21 10:45:15 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 21 Mar 94 10:45:15 PST Subject: anti-security measures In-Reply-To: <9403211141.AA06905@andria.lehman.com> Message-ID: <199403211845.KAA19886@mail.netcom.com> > an53400 at anon.penet.fi says: > > I need to convince someone of their need for security. If anyone out > > there could send me a good trojan program or direct me to somewhere > > where I can find code or how to code one I would appreciate > > it. Other security buster measures would also be nice. :) Thanks. > > I need to convince someone that mugging is a big problem in the inner > city. If someone out there could send me a good pistol so I can go out > and mug them I would appreciate it. > > Perry I would help you, Perry, but I'm trying to convince the world that nukes are a bad idea and I'm preparing to blow up Atlanta to prove my point. Oh, and there's no need for that Tibetan font to calculate the nine billion names of God. My Perl program is just now outputting the last name. Apparently it is "Zzzzzywsha ---LOGIN CONNECTION RESET BY DEITY--- From talon57 at well.sf.ca.us Mon Mar 21 11:26:15 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 21 Mar 94 11:26:15 PST Subject: CLIPPER COMPROMISED? Message-ID: <199403211907.LAA08429@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- For anyone interested: >_____ begin fwd ___________ > >CLIPPER COMPROMISED? "Security Insider Report," a monthly >newsletter published in Seminole, Fla., has reported that >government officials are seeking to determine whether former CIA >employee and alleged traitor Aldrich Ames may have sold >information to the Russians about the government's secret >key-escrow technology used in Clipper Chip chipsets and Capstone >Tessera cards. The secret key-escrow technology, dubbed >Skipjack, can be used to encrypt network voice and data. _____ end _________________ Security Insider Report is published by Interpact press 11511 Pine St. N. Seminole, Fl 34642 Phone 813.393.6600 Fax 813.393.6361 The managing editor is none other than computer security professional, privacy advocate, and author of TERMINAL COMPROMISE, Winn Schwartau. Winn is a highly sought after lecturer on computer security matters, and is notorious for "Inside" contacts. It is said the NSA scoured it's ranks after TERMINAL COMPROMISE came out. T.C. was released as the first Internet novel (its in softcover as well) and should be widely available. He is supposed to be a releasing a new book soon (it may already be out) titled INFORMATION WARFARE. Having had the pleasure of meeting and talking at length with Winn, I am of the opinion that he may be on to something here. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLY3ul9CcBnAsu2t1AQG0DAQAiDhW/QAh75/YDgpPsGV2+k5oISLltaoh 2NfhX+kBK5j/SYCM7jWuWSDmdFV5p0V/D+TnG153PH04RrVulHx3my3mJies9Lrs uYNlmn5Qw19ig5hbbG9d72DRbKoM5pOuTBCe54h1KWu28Q6OJykIGKVIVH7YRcpl C4+gonUnzPA= =3Iqw -----END PGP SIGNATURE----- From cowen at glia.biostr.washington.edu Mon Mar 21 11:26:55 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Mon, 21 Mar 94 11:26:55 PST Subject: No Subject Message-ID: <9403211937.AA18349@glia.biostr.washington.edu> in response to rishab at dxm.ernet.in about jeo-six-pack and the general public those folks, are the ones that could make an outcry that would bring to light the NSA trying to hoodwink us all. though they might not have much power as individuals, take any group in mass, and you get power might not be a controlable power, but that is what you got. i would rather inform as many people about the things i read on this list as just set at home and say, "don 't bother they'll never understand it"" apathy of any kind can kill you and will stunt your creative growth. charles the monster maker From carl at radio.com Mon Mar 21 11:28:37 1994 From: carl at radio.com (Carl Malamud) Date: Mon, 21 Mar 94 11:28:37 PST Subject: US Patent & Trademark Office Web server online Message-ID: <199403211928.OAA26405@trystero.radio.com> For the patents, try: http://town.hall.org/ wais://town.hall.org:210/patent We have all the 1994 Full Text/APS Feed up and running. Carl Malamud From mimir at illuminati.io.com Mon Mar 21 11:34:26 1994 From: mimir at illuminati.io.com (Al Billings) Date: Mon, 21 Mar 94 11:34:26 PST Subject: PGP BBS site In-Reply-To: <199403211829.NAA25197@eff.org> Message-ID: On Mon, 21 Mar 1994, Stanton McCandlish wrote: > Need to refer someone (US citizen, currently in the US) to a BBS that is > carrying the current PGP. Any pointers? He's in Edgewater FL, but is > willing to call LD to get it. No net access. Thanks. My BBS. The Sacred Grove, carries PGP and quite a few related programs. I'm only V.32 but I'm available. The number is (206)322-5450. -- (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | | mimir at io.com | Just for yourself." | | Sysop of The Sacred Grove (206)322-5450 | | | Admin for Troth, The Asatru E-Mail List | -Noble Drew Ali- | (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) From still at kailua.colorado.edu Mon Mar 21 12:12:08 1994 From: still at kailua.colorado.edu (James Still) Date: Mon, 21 Mar 94 12:12:08 PST Subject: PGP BBS site Message-ID: <2D8E0DF9@kailua.colorado.edu> >Need to refer someone (US citizen, currently in the US) to a BBS that is >carrying the current PGP. Any pointers? He's in Edgewater FL, but is >willing to call LD to get it. No net access. Thanks. For all of his encryption needs on the first call I'd recommend the Hieroglyphic Voodoo Machine BBS at +1 303 443 2457 (V.32bis N81) Files in the free files area include: PGP23A.ZIP 221K Pretty Good Privacy (PGP) ver 2.3a encryption software PGP23SRC.ZIP 505K 'C' source code for PGP ver 2.3a OLX21.ZIP 223K Offline Xpress mail door reader/responser for Tomcat ALLFILES.ZIP 13K Listing of all files available on the HVM - updated daily PGPCONF.ZIP 0K Read this before uploading your PGP key to the repository MACPGP23.HQX 422K macpgp2.3.cpt.hqx was the original filename. Decode w/BinHex PGPFAQ.ZIP 56K Latest PGP FAQ, posted to the Net 15 Jan '94. PGPSHE30.ZIP 71K PGPShell ver 3.0 menu/mouse shell for PGP (Jan 94) PGP23OS2.ZIP 329K PGP 2.3a for OS/2. SECDR13A.ZIP 87K Secure Drive 1.3a - IDEA encrypted floppies or HD partition. Give 'em a call 24-7... +------------------------------------------------------------------------+ still@ | The novelist Philip Roth says that there are only 60,000 kailua | serious readers in the United States. And every twenty colorado | years that number is halved. I'm luv [sic] over this place. edu | PGP Public Key = 4E4937 = AD 29 BE 28 5D 2B 77 BE F6 85 08 45 B6 2D 0B 36 From 71431.2564 at CompuServe.COM Mon Mar 21 12:26:27 1994 From: 71431.2564 at CompuServe.COM (Bradley W. Dolan) Date: Mon, 21 Mar 94 12:26:27 PST Subject: How to control the Internet. Message-ID: <940321202250_71431.2564_FHA81-1@CompuServe.COM> >From: Blanc Weber >To: bdolan at well.sf.ca.us >Date: Mon, 21 Mar 94 09:49:56 PST >Subject: RE: How to control Internet? Buy it! >Cc: cypherpunks at toad.com >Status: R >>I'm having a nightmare about a Microsoft-like domination of global >>communications, complete with SPA police, etc. >>................................. >Unlike the government, Microsoft and McCaw Cellular both depend upon a >customer-driven market for their acceptance. They must convince their >customers that they are better than the competition in providing a >similar service; they must adjust this service to the customer's >requests & preferences or lose the account. >Blanc That's the way it's supposed to be. What happens in practice - not specifically with Microsoft or McCaw [I don't want to hear from the platoons of lawyers. ;-)] - is that the big guys run down to Washington, pull a few strings, make a few contributions, and ask the government to use its resources and force to ensure that the corporate-desired outcome results. I remember when patents and copyrights were _privileges_ granted to encourage creativity and there was no such thing as "intellectual _property_". I remember a time when the idea of a royalty-tax on blank tapes to pay for presumed copyright infringement was regarded as crazy. bdolan at well.sf.ca.us From nobody at shell.portal.com Mon Mar 21 12:29:32 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 21 Mar 94 12:29:32 PST Subject: No Subject Message-ID: <199403212030.MAA06194@jobe.shell.portal.com> I've heard a rumour that the British government has banned use of encryption on telephone lines as part of its campaign against 'Computer Pornography'. Does anyone know if this is true, and if so, do they have any more details ? From remailer-admin at chaos.bsu.edu Mon Mar 21 12:34:16 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Mon, 21 Mar 94 12:34:16 PST Subject: PGP BBS site In-Reply-To: <199403211829.NAA25197@eff.org> Message-ID: <199403212119.PAA16198@chaos.bsu.edu> > Need to refer someone (US citizen, currently in the US) to a BBS > that is carrying the current PGP. Any pointers? He's in Edgewater > FL, but is willing to call LD to get it. No net access. Thanks. Which one? For PC? Mac? Amiga? Other computer??? From frissell at panix.com Mon Mar 21 13:44:04 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 21 Mar 94 13:44:04 PST Subject: Coming Police State Message-ID: <199403212143.AA25938@panix.com> A late response to: THE COMING POLICE STATE -- by Tim May >the National Information Infrastructure, the NII, has the >potential for further concentrating and regulating the presently >anarchic networks. Driver's licenses for the information highway? >Learner's permits? Revoked licenses for "hurtful speech" and other >thoughtcrimes? I don't think this centralization is likely. Since all of the future network plans call for the continued existence of private networks (now exempt from the DTI proposal) and what we can call "telephone" service (POTS), and since bandwidth will be so cheap, and since the operators will continue to want revenue, anyone who likes will be able to maintain a "private" network of any size. Any future digital version of POTS can be used to set up temporary networks to link anyone to anyone (just a conference call). One can imagine that cheap bandwidth will make it possible (if necessary) to set up networks that work (over fiber) like frequency hopping and spread spectrum radio work today. Since all fiber networks are virtual anyway, how hard will it be to generate a group of data streams that are meaningless unless they are combined in exactly the right way and unreadable without key material even if an opponent manages to combine them. Stego possibilities here. >-- Digital Telephony II for easy access to _all_ communications >channels. If this becomes law, expect all equipment makers to add >wiretapping capabilities. All operating system makers may have to add tap >points to allow government access (so much for "secure operating >systems," such as Norm Hardy and others are working on). Except for operating systems developed in other countries and data streams that pass through other countries. Even if the OECD cuts a deal there are hundreds of countries and the DTI is not supposed to apply to private networks in any case. Also note that the "new" "improved" DTI calls for the Federales to *pay* for the DTI hardware (and software?). This was a sop to industry. If they aren't careful, they could end up paying for a lot of junk. What is the upper bound of all the hardware/software in the known universe that is arguably included under DTI? >-- Clipper and its Big Brethren for easy access to the contents of >files. The State will use its power to enforce standards, control >exports, and punish corporations so as to ensure competitors do not >arise. "IBM will use its power to enforce standards..." Not as easy as it used to be. Say, wasn't the (then) Bureau of Standards supposed to release its updated replacement standard for DES in September, 1990 or something. Whatever happened to that deadline. Standards change so fast now and will change faster in the future that it is hard enough for entrepreneurial firms to keep up. >-- The likely criminalization (via civil forfeiture, a la the Drug War) >of unapproved crypto alternatives. That will be a rough one politically. They drew back a bloody stump the last time they floated DTI. H.R. 6 on national teacher certification standards disappeared under a wave of net-generated attacks by home schoolers. Has legal problems as well. It took many years to get anti drug legislation in place. They don't have too many years available. How much enforcement activity can we expect. Federal prosecutions cost 50K+ each. With absolutely no showing of damage (from casual crypto "users") normal prosecutorial cost/benefit calculations would suggest not much activity. Particularly since they have gotten burned when taking us on (Steve Jackson Games). >Steven Levy will be at the Saturday meeting, preparing both an article on >these issues, and a book for future publication (being an optimist, even >I don't believe he'll be barred from publishing such a book). This hasn't been tried since The Progressive and The Secret of the Hydrogen Bomb. No risk. Likewise, no risk from speech codes. The federal courts have overturned all that are unconnected with employment. >- Private networks, like Little Garden, offer greater robustness against >intrusions by regulatory authorities. The more of these ad hoc, anarchic >nets, the less chance the State will have of (somehow) nationalizing or >otherwise taking control of them. Especially if nodes are outside the >U.S. Anyone have info on private network activity? >- Several of us have expressed some serious interest in leaving the U.S., >for various reasons. I am one of these folks. Many issues here, but >creating more offshore locales for Cypherpunks activity, with good >connections to other Nets, lots of encryption, etc., will be helpful. >(Compiling a kind of "Cyberspace Retirement Places Rated" database is one >project I am thinking of taking on after I finish the Cypherpunks FAQ. >Lists of various places, their local laws and policies, tax situation, >extradition treaties with the main police states, Net connections, etc. >Maybe even some R&D trips down to the Caymans, Turks and Caicos Islands, >Belize, etc. Contact me if interested.) Did you see the Forbes article "Flight Capital" in the Feb 28th issue? It covers expatriation as the ultimate tax planning device. Note that if your life revolves around the Net, you can expatriate yourself without even leaving "home." Most of the offshore locations currently have lousy network connections (except Switzerland of course). The Channel Islands and the Isle of Man have ISDN. The Caribbean is spotty. Hong Kong is pretty good (telecommunications wise). Once you expatriate yourself, of course, you can live in various European countries with good telcoms as long as you don't spend too much time per year in each one. >Some on this list (sometimes me, too) say "We've already won." Duncan >Frissell and Sandy Sandfort often point out just how unenforceable the >existing laws are, how few people comply with the tax laws, and how the >internationalization of commerce has made national borders into permeable >membranes. As I like to say, in my .sig, "National borders are just speed >bumps on the information highway." Guilty as charged. Think about it this way: 1) Suppose no one uses encryption or remailers but just uses whatever networks are in existence NII or whatever. (Recall that lack of funds will prevent the Federales from *paying* for the NII - "He who doesn't pay the piper has a much harder time calling the tune.") 2) Americans and foreigners and everyone all equidistant from each other. Cheap one-to-one, one-to-many, and the new category many-to-many communications. Transaction costs (for info exchange) dropping towards the limit of $0. (The Economist estimates the cost of supplying one transatlantic telephone call at 2 cents/minute with current technology. AT&T charges me 59 cents/minute on the weekends to London. Room for deep cuts.) 3) Coase in the "Theory of the Firm" says that the only reason we *have* firms is transaction costs. With zero transaction costs it would make more sense for us to buy each other's services on the spot market. As transaction costs fall towards the limit of $0, average firm size will fall dramatically. 4) As the number of firms explodes (aided by the cheap creation of entities/agents on the nets, the regulatory problem becomes impossible. Note -- I can create a trust with a one page document. The situs of that trust can be anywhere in any Common Law jurisdiction. It need not be registered. Yet that trust has almost all the rights of a human being. It can buy, sell, own, enter into contracts, sue and be sued, etc. So can most of the other sorts of "legal persons" created over the years. It is possible that in the very near future there will be more "legal persons" than there are actual persons on earth. 5) Because of cheap communications and information technology, markets have become very fast moving. Not just the market for financial derivatives but even the markets for women's underwear or for toothpaste. Government attempts to control these new markets are like attempting to capture the wind in a bag. 6) Future markets linked by "free" comms and consisting of billions (yes billions!) of individual (uni=cellular) firms/entities/actors will sweep over regulatory barriers (that in any case apply only in some nations) as if they are not there. Think of Steve McQueen and "The Blob" from the late '50s. "The Blob" is the market. Try and hold it back. It's not in one place either where you can freeze it with fire extinguishers, it is all over the earth. As to the Security State controls. They can't even control drive-bys in Brownsville, how can they control billions of individual people and their trillions (quadrillions) of transactions. Even if they get loads of information about us (and foreigners, and artificial entities) they can only use a little bit of this data. They can only carry out a very few investigations and a very few prosecutions. Nothing compared to the size of Market Earth. An expensive, rigid, inefficient hierarchy just won't be able to compete. Markets are fed by willing customers/workers who go out of their way to give them money and labor. The government has to collect tribute from people who will go out of their way to minimize the amount of money/labor given up. This constrains the growth curve of coercive entities. We ain't peasants bound to the soil any more. ************* I hope to see many of you at CFP '94. I'll be in Chicago from Wednesday night until Saturday night. Leave me a note at the message center. Duncan Frissell -- "Schindler's List" shows what happens when the government has assault rifles and the people don't. --- WinQwk 2.0b#1165 From talon57 at well.sf.ca.us Mon Mar 21 14:01:59 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 21 Mar 94 14:01:59 PST Subject: Coming Police State Message-ID: <199403212201.OAA15754@well.sf.ca.us> Duncan, I live in Chicago, let me know if you'd like to get together for a Pizza, cocktail, or whatever. I could also give you a place to check your mail (via telnet etc) Brian Williams Ameritech Data Center 425 w randolph Chicago Il 312.669.2373 From terry.smith at canrem.com Mon Mar 21 14:45:13 1994 From: terry.smith at canrem.com (Terry Smith) Date: Mon, 21 Mar 94 14:45:13 PST Subject: Administrivia: Questi Message-ID: <60.5156.6525.0C199261@canrem.com> Robert A. hayden wrote  |-------------------------------| >(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ > n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) |-------------------------------| Ok - I'm going to have to come out and admit that I have no idea what the geek code is and I'm dying to know.... Terry Smith - XANTH sysop - 1:259/510 CI$ 70733,3013 PGP 2.3A KEY FREQABLE AS 'KEY'. My opinions are not that of my company. But one day they WILL be! And then - the -+*WORLD*+- Bwaw ha ha !!. Read the Tick and others by NEC. Geraldo - "So, Mr. Smith, you admit you like to eat babies!" Me - "Nono - I admit I like to eat BABES!" --- * TLX v1.55 * Yeah, he seems to be the "black sheep" of the administrat From cme at sw.stratus.com Mon Mar 21 15:28:20 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Mon, 21 Mar 94 15:28:20 PST Subject: let's help law enforcement Message-ID: <199403212328.SAA21945@galt.sw.stratus.com> How come people in law enforcement are calling for us crypto junkies to help them by giving up crypto (especially when that's useless, since criminals don't need us for their crypto) ? I've heard DERD and Co. ask us (me) to come up with a compromise stand. Well -- here's mine: NSA can do cryptology in secret and we won't try to pry it out of them. We'll do cryptology in public and publish it, give away code, etc. We'll be good citizens and join the local Neighborhood Watch, etc., calling the police to report lawbreaking which we witness. What more could possibly be expected of us? What better way is there to support law enforcement? - Carl From gnu Mon Mar 21 15:30:11 1994 From: gnu (gnu) Date: Mon, 21 Mar 94 15:30:11 PST Subject: Dallas lawyer needs consultant for privacy of international linguists Message-ID: <9403212330.AA04459@toad.com> From: "Brock N. Meeks" Subject: This guy needs help John, please forward: Since I'm not an active member of Cypherpunks, I thought maybe you could post this message. It's legit and I think a worthy cause. There's an attorney in Dallas that needs help: Your help. Crypto help. His name is Albert Rochelle (214-520-0881). He contacted me after reading my article on privacy and clipper in the April issue of _Wired_ magazine. Albert's client is an international organization of linguists. They specialize in taking unwritten languages and translating them to written words. They are a clean, non-political group and they want to stay that way. Trouble is, Albert told me, there are governments, both U.S. and foreign, that want to tap this organization's files to access the "raw intelligence" that their field personnel often send in. This intelligence is nothing more than the certain problems they might be having with the in-country governments. But they don't want prying eyes to be poking into their files, using whatever they send in against other groups. Similarly, they don't want their translation notes, files, used by intelligence agencies against the people they are working with for translation. So, they want to encrypt and they need some expert help, Albert is in charge of helping them do all this, BUT HE'S A NEOPHTYE and readily admits this. He's all for privacy encryption schemes and thinks the govt. proposed Clipper standard stinks. He's willing PAY MONEY for your help and he's looking forward to hearing from anyone out there willing to help him get his organization, crypto-safe. Please give him a call, like I said, he's willing to pay for your services. Tell him I sent you. Brock Meeks reporter Communiations Daily ------- End of Forwarded Message From strata at fenchurch.MIT.EDU Mon Mar 21 16:05:33 1994 From: strata at fenchurch.MIT.EDU (M. Strata Rose) Date: Mon, 21 Mar 94 16:05:33 PST Subject: Mar 12 mtg notes [long, 35K] Message-ID: <9403212352.AA01241@ah.com> Here are my notes on the March 12th meeting; I haven't really edited them, so they are kind of rough, but if I waited until I had time to edit them they'd never get posted. All I've done is run thrm through a spelling checker and do minimal clarification where I was typing only pieces of something. They were in Acta format, not plain text, so there are lots of tiny paragraphs that used to be outlines, the indentations still carry some of the form though. I apologize for the formatting, the mac editors are lame about saving text with layout, putting in an extra LF with the CR's and doing other lossage. And we won't even talk about getting rid of "smart quotes" (aargh); at least two major editors force you to do find/replace to get rid of them... I would be happy to save a postscript version of the document and put it up for FTP on soda. Comments, clarifications, and identifications of folks who are annotated as "??" should be sent to strata at fenchurch.mit.edu, not to the whole list (where I wouldn't see them anyway, since I am only on cypherpunks-announce). Apologies to the folks who didn't want 35K of notes in their mailbox, the tyranny of the vocal majority requested they be posted... :-) _Strata [Notes on Cypherpunks meeting at Cygnus, Mar 12 1994. Copyright M. Strata Rose, 1994, all rights reserved. This document may be forwarded in its entirety for personal communication but may not be quoted at length without the author's permission. Journalists wishing to use this document as source material must first contact the author.] Show-n-tell: cypherpunks digital phone project Eric Blossom shows board to connect between phone and wall, engineering prototype on Codex chip, etc 28,800 baud capable, 120db down relay; pcmcia for keys, etc 2105 xtrlr, inline devices, $12 q 1; can use as answering machine, etc; final target price under $1K Tim May says some folks in Seattle years ago got a patent on something called Phaser Phone, crypto phone, USGov used the patent to slap a classified on the technology. AT&T phone competitive price... Phil Karns made request for Applied Cryptography, ruled to be in public domain and thus exportable; the day he got that on paper he filed a second request on "is the floppy exportable?" Someone should file a CJ request for PGP download, put on floppy, write letter attesting that you got it that way, Mbone audio link Mark Horowitz & co at MIT Nathan Loofborough at ohio state market.dun-dun-noodles.?? SF cypherpunks EFF offices in DC, Dan Brown sysadm doing direct audio link to Horowitz at MIT, mixed into mbone from there control center up in BayMOO so that there's a token (a floor tile) for message-stick, one delegate per site to talk, control room has a hush feature to shut up non-delegate speakers; later on there will probably be some echos-- people will type live meeting into MOO areas Pavel runs similar setup at PARC Head count MIT 8-10 folks EFF 11 MtView 45-50 Ohio State 1 San Diego 1 Agenda Politics! almost first anniversary of clipper meeting Eric H notes that Clipper was deliberate executive branch sideswipe of separation of powers; Dorothy Denning mentions economic ploy-- using discretionary fund to purchase clippered phones w/o legislative review, creating demand & standard in one swoop We will have to involve the legislature to stop Clipper, you can"t just ask executive branch to restrain itself; we will have to restrain legislature w/judicial restraint; we probably need an amendment to enhance privacy to preclude lossage. Four main points are: comm tech crypto tech anonymity pseudonymity Mark Horowitz mentions needing to get a populist feel for pseudonymity before trying to get stuff for amendment Tim May: brought stack of books to show; how to avoid the privacy invaders: low profile getting started in the underground economy how to create a new identity the outlaws bible by ex boozy the us intelligence community by jeffrey richelson, in tradition of banfrey/banfey pub by ??B in cambridge subsidiary of harper & rowe bruce benson, the enterprise of law, (distributed legal systems workings) (how cryto anarchy might work) how to launder money how to open a swiss bank account the secret money market Juicy books! (sez Tim); the theme was Rants this time, so he wrote a rant on the coming police state; may drift into a police state not by malice but by gradual surveillance for "our own good". Example: stuff built into cars for tolls, bridges, etc; how about using Chawmean(sp?) credentials for anonymity based on payments beforehand. Linkages of other info on drivers licenses, for example health system stuff, could lead to things like diabetics being denied access to bars as incidental info comes up on age-check scan Tim mentions Cpunks is kind of stuck in 1970's secret decoder ring technology, not concentrating enough on fighting routine surveillance by "benign" agencies; Tim is not seeing any mainstream discussion of Chawm technology in American press. Worst can happen very quickly if backlash against immigrants goes into effect, or if national health plan card goes worst case. Double whammy this month: clipper goes through as if we never tried, then digital telephony II resubmitted for massive tapping and lossage. Increasingly groups will have scattered meetings, under DTII the meeting today would have to be tappable. Gilmore says Senators Leyhi and Edwards are having hearings, John, EFF, & randoms (phone, computer, civil libs folks) will be testifying. Wants to take small exception to what Tim is sayng; EFF has taken strong stance that transactional data shouldn"t be available without a real live warrant; DTII says that gov folks could get phone numbers, etc w/o even going through a court. Mentions cell phones keep your cell location even when you"re not on the phone, auto net trackers, etc, this is transactional data, this is why they are tryiing to get this into law now before people are thinking about this much. One thing came out in hearings is how much law enforcement folks are already demanding direct from phone companies (to get your bills if they"re in investigations), they get more than 100K people's phone bills and do web analysis on drug dealers, etc; source for 100K number is House report on the ECPA. One of most important parts is to protect transactional data with bureaucratic process reviewed by juidicial staff. Tim wrapping up, has one more thing to say; EFF and lot of other groups fighting for this, he in person has no faith in the govt being trustworthy, do security via obscurity and just plain don"t let the govt figure it out, have it encrypted. Query from MarkH; agrees with Tim, preaching to converted though; problems due to ignorance and apathy on part of people, people not aware of full ramifications of personal privacy. Europeans seem to be more aware. Phil Karn comes in via San Diego Fen mentions we need both to educate and to opt in to things, that you shouldn"t be selling your info (such as ATM supermarket purchases) w/o consent and knowledge. Mark H. asks what we can do in specific; Eric Hughes says we need to set agenda and work on positioning. Constitutional Amendments AntiClipper Legislation Strata: do newspaper article on parallels between stuff here and now and stuff in Eastern europe Bill Stewart: NIST survey on privacy and tech, look for it on the net Don Hopkins: frame this as "you need your privacy to protect yourself from your neighbors" ?? : Maria Cantwell's HR 3627 export restrictioin lifting ??: Make people realize privacy tech exists ?? : NII privacy issues request for comments (Bill Stewart) Neil Rest: develop pieces of agitprop, etc get press kits and pamphlets so that when we can give them info when we GET their attention! ??: WWW page, has anyone made one, let's do a single site for lots of anti clipper, lots of tail ends in other stuff ??: takes care of small network, his responsibility is to give privacy, wants to give govt solution and make ourselves the watchmen Strata: encrypted alt group w/news service, put in time to make it juicy and fun, give folks motivation to use the tools. Tim May: agenda item on active sabotage of big brother/clipper, create anticlipper sentiment in new grads, semiotic anticlipper thingy, ?? AT&T guy: let's do executive educatioin seminars for corporate weenies on clipper, those dudes have access to the PACS Arthur Abrahms: publicy of privacy enhancing solutions to stuff like toll booth problem, popularizin them nelson baghla (sp?): come up with solution to the govt's problem that protects our privacy Gilmore: official study of crypto coming up, Herb Lin of Nat"l Research Council, needs good people to be on review board/panel Strata: NPR radio show on clipper ??: will anyone go on mcneil lehrer? Bill Stewart: stockholder resolutions for corporations good way to do propaganda and to generate publicity & opinion John Morton: journalism outreach, list of Cypherpunks reps who are willing to be contacted (is part of press kit), *do* a press kit ??: are there clipper clipping services Russ Whittker: set up speakers bureau, people willing to speak at functions about this Gilmore: deploy cryptography, put kerberos in your OS, do the usenet feed, etc Jim Warren talk: Jim Warren: AB1624 passed, round of applause learned how to use the net to pursue political advocacy and action, and to amplify political power in the hands of people woke up after reading piles of email on gov weenieness with a solution on how to do this: we all know to write letter to congresscritter; turns out letters to state (much less feds) count in certain ways individual letter, some attention form letter, less attention phone calls, logged only (counted) form letters & cards almost useless w/one exception [support/anti support for bills, treated later 3/19 _S] communications become much less interesting to legislators once they come from someone who isn"t a voter in their own district; in some district offices the staff has instructions to throw away unread stuff from people outside the district how do we persuade them with the people they DO pay attention to? (registered voters in their district) "communication from a citizen who is not identifiable as a member of a partisan group, political affiliation, or other organization, ie not a drone from somewhere like NRA, church, etc, ie something that seems to be from a private citizen rather than from a push group" (highest value) of course, let's be realistic here: PACS have mucho power Best case is Mr. Organization with a large check, but next after that is private citizen apparently writing from an individual concern. What we really want is a whole bunch of people from their own districts appearing to spontaneously write in and say "hey, don't do this" or "hey, do that". If you want to influence congress, don"t contact all of them, contact committee members, target them; "major perversion, err amendment" (his quote!) goes on in committee. [Request for] bill status documents bill's path through committees, subcommittees. Identify few members of key committees that are real decision makers who can kill the bill before it hits the floor, where they don"t dick with it much. If we can persuade their voters in their district to contact them apparently spontaneously, we have clout that exceeds lobbyists. In all jurisdictions, voter registration lists are public record and available in machine readable form; Contact folks in your own district and ask for real citizens in your own district to send real letters to a citizen in the key members" district, just tell us how many letters you are wiling to write and we"ll give you mailing labels for them and some sample letters to modify electronically to write to the folks! Modify the hell out of it, this is not a topdown authoritarian form letter it is supposed to be grass roots; please use typewriter fonts only, give folks scripts to do mailmerge stuff on their personalized form letters, idealized letters. Example: draft sample letters, inflammatory, less inflammatory, polite, post via FTP and call for effort, say I"ll provide you with names & addrs; typical district congressional is 500,000 - 600,000 with probably 250K reg voters; provide folks with scattering of names so that everyone doesn"t send their own letter to neighbors, businesses in same area (to prevent people from thinking its a scam or form letter) when I provide name & address sets I will provide name & addr of cooperating people in district of test recipients (and will tell you), so that I can find out what you"re sending and when you"re sending it, ie tell them that there are salts in the list but not who the salts are... let's also provide form letters appropriate for sending to newspapers; typical ways you can draft a letter that will almost certainly make it into editorial pages, provide forms and instructions on how to do that When I did AB1621 I wrote it [the info on the bill, and in sample letter] in such a way as any reader could find out issues, topics, who to write to, etc but so that direct cutting and pasting was *hard* but getting info out was easy, so people wrote in and gave same info but no two letters really resembled each other so the effect was very powerful in typical urban, suburban, etc, newspaper, letters to the editor page will exceed comics and sports! Typically 1/2 to 2/3 of those 250K voters vote, so that knocks down the list of those to influence to write; the ringer is that politicians have a different kind of arithmetic they have memorized; it's not the population, not the reg voters, not the voters who actually go out and vote because in a contested election most of those are won by a 5 to 10% margin; so anyone a legislator believes can swing 10% of the vote in their next election is someone to be "cozied up to and feared". Numbers turn out to be (upcoming boardwatch article by Warren) 3500 to 7-8K affected in a typical district, if you can affect those voters you can swing the election. Ways to figure out which ones those are, BTW. Reg list will not only have names and addresses, but will typically track who has voted in the last X elections, ie whether or not you showed up. You can get that info! Every candidate running wants to know who ACTIVE, likely registered voters are. Don Hopkins asks if politicians are smart enough to check letters from folks against names of active frequent voters; it is actually a criminal violation in many districts! System in SoCal called Monarch that tracks voters and can pull names and addresses, they can pull your info when they get a letter to see if you"ve voted recently, what listed party affiliation is, etc. Jim W has been told that part of that info has been blocked off from legislator's staff via their own computers, they have to go to the Partisan office. Other things need to be made available--- master copies of leaflets and door stuffers. Available to residents in or near a congressional legislator's district. Works for any legislation, not just anticrypto and not just congresscritters. Activist near target geographic area must print on laser printer, do good quality leaflet, though there may be marketing justification for making it look somewhat homemade. Door stuffers & leaflet are standard political tools, used by activists, you don"t have to be charming, etc, can do from your own home 7x24, "this is Nerd Power folks! This is Active Participation, this is access to information so provocative and persuasive that they are persuaded to act, this is Patrick Henry writing inflammatory text that Ben Franklin prints on the printing press in the spare room in his home that Paul Revere rides down the electronic highway shouting and handing out literature..." One of the cool things about this technology is that it is absolutely useless to covert interests, doesn"t work on issues that can"t be open action, that the public wouldn"t support! You don"t have to be covert, you don"t have to sneak up. You can say here's exactly what we"re doing, if you know what's going on you will get really annoyed and help the cause. His guess is that this will be fairly mature and ripe technology by 1996 presidential elections and that this will be a massive tool in the 2000"s. Most effective political action is from nonpartisan citizen to his/her elected official; "this is a chance to use these ThinkerToys to ... " Wex from MIT: thanks, he's a little jaded since he's been using it in environmental movment, is more effective with a central organization, like EFF, someone needs to do this (radio shows, get volunteers, etc) Jim agrees, says it takes folks of wide talents ranging from wordsmith to scutwork secretarial to political insiders/realworld familiarity to put it all together. But it doesn"t take a lot of people to do it and it can be done by a much much larger range of people than the ones who can do traditional style PACtion. Does not require significant loot! Caveat here: the computer, laser printer, etc better be owned by private individual or by registered political org, otherwise you"re asking for trouble unless you register it as an In-Kind Contribution, can lose your 501(c)3, rival politicians will look for this and any other thing to cause trouble and shut you down! Major flak in Sactoh has some senior politicians doing jail time for using such resources for poli stuff. Push from the ["misguided": Eric H] privacy enthusiasts, to severely restrict machine readable and even paper copies Milton Markson in Senate (SF) Jackie Spear in House (south SF); only big money parties and incumbents would have access if that passes. Indicentally it ain"t hard to get this, he has DAT tape that he always carries with him, has all reg voters for SantaClara and SanMateo (750K- 850K, 400K respectively) on hard disk as well as property records (assessors records). Straight off magtape was 400-500Meg per county. Company in SoCal in SanDiego that has pressed CDROM voter reg records for under $100, privacy advocates "going orbital" over this, statutory restrictions that these are supposed to be being used for campaign, etc. but a helluva lot more people are buying them than can be accounted for that way and you know they are being abused by market-o-droids. comments from ?? (perry?): real problem is that in many cases a senator will have many people who agree wholeheartedly with their (to us, lame) cause, example of senator in Arkansas, trying to do gun control campaign-- ha ha, good luck! Jim replies he is doing electronic equiv of precinct walkers and drones; arthur abrahms says "its a brilliant way to subvert localization of political process" "Perot-inoids" are sponsoring balliot initiabive to stop anyone from contribing to state or local campaign who was not able to vote in that campaign. Jim thought it was neat until someone in Common Cause pointed out fallacy (contribs are political speech, so 1st amend). Main fallacy is that congress votes on laws that affect all of us, so members on key committee might not be elected by any of us in a district yet we are going to be affected by their votes, so it's right and correct for us to seek to affect them. ??: suggest cross correlating email addrs w/voter reg letters to send pre-emailings to people likely to have email addrs, etc... BTW, legislators almost never read actual letters, almost never have time to meet people, etc etc; their time is sucked up by all kinds of folks....the flapper system is alive and well, flappers read and summarize all... Neil Rest: is list of congress committees and subcommittees somewhere easily downloadable, also list of districts by zipcode so we can filter our own addressbooks to find folks in good districts; Jim thinks much committee stuff is ftpable from cpsr.org. Zip code exists, every political operative probably has it, can be created from precinct records, but legally shaky, maybe 70% of zip is in one district and 30% in another, so not as great. Finger a zipcode and find out who your legislator and member of assembly is: finger 94087 at sen.ca.gov, has a nice little finger daemon to do the lookup.... When Jim got started on 1624 they told him it was dead, he said "why, its a great bill?", "well we can"t find any support for it", "well what do you need as evidence of support?" The aide said "10 or 15 letters or faxes would be a strong showing of support", I said "out of *31 million californians?!*" and she said *yes*. That is a good idea of how much a letter from your own district counts. Only exception to "own district" rule is a bill's author wants to see a whole lot of letters from anywhere at all; they HATE to see letters opposing the bill. Mentions 1991 example of "the offending sentence" in a bill , outlawing crypto, "they got torched to hell and gone", took only 2 weeks to get rid of the offending sentence. ALWAYS worthwhile to do concise 1 page letter to bill's author supporting or opposing! Schlackman and Fozzio in NYC, American Campaign data in Palo Alto, acquire all this info from county, will sell it to you in mag tape, labels, printing, walking order maps, etc. On the cheapo, go to voter reg place (county clerk etc) for a given jurisdiction and purchase info on diskette (often, but sometimes in 9track ebcdic). He's planning on pursuing this technique and process for crypto issue, against software patent monopoly, for state push to get political disclosures available electronically for free online jwarren at well.sf.ca.us Gilmore's FOIA's ftp. cygnus.com: /pub/foia.clipper.key Phone interview w/Phil Z, Gilmore, in InfoSecurity News [note: firewalls list recently posted address for it, look in ftp.greatcircle.com for list archives of past month 3/19 _S] Ch 7 news came down and did interview here at Cygnus, related to CERT advisory passwd cracking stuff, we put a press release out re: public release of Kerberos, they called up Cygnus noticing from the press wire; Gumby gave a demo gotten from cracker's passwd sniffer which was installed by cracker; other story in that news segment was about 3 guys put up billboard looking for wives and a voicemail number, someone hacked in and put a new outgoing message saying "thanks for calling but we"re really only interested in men". Clipper FOIA, no response yet Exports, commerce, etc he asked "how is crypto being applied, etc etc" in commerce & export first folks to reply were Dept of Justice Office of Legal Counsel analysis folks who were saying that licensing scheme violates 1st amendment; have been writing memos to that effect for years! memos have been forwarded to EFF, scanning them in Jim Warren: suggests forwarding these to 2020, Day 1, etc, this is one arm of the govt stonewalling another arm Gilmore got turned on to the Office of Legal counsel because of 1980 hearings on Govt Classification of Private Ideas (crypto, patents, private research on atomic energy were main topics); turned onto those hearings by Brahms Gang posting on sci.crypt, found copy of hearing in Fed depository, later found transcripts of entire hearings not just minutes/proceedings; very first memo from office of legal counsel is repro"d in minutes, saying "we"re trying to tell you it's unconstitutional". two sentence synopsys: if you file to try to get a patent on something they can order you not to tell anyone about it and they can put your patent application on hold indefinitely and you can go to jail for a decade for talking about it; George Devita (early crypto inventor) got notified on a speakerphone surrounded by students and was thus in violation immediately, publicized his case to NYTimes & congresscritter, part of impetus for hearings, NSA backed down. Generated List of Agenda Items Eric notes that the balance between external education and internal generation [of items] is pretty good.... Legislation available to us: we need to figure out what needs to go into a bill to kill Clipper RIGHT NOW... Arthur suggests making mandatory for intra-gov comm, Eric says no, that will create a market, maybe a secondary strategy is if clipper passes then try that no Fed standards w/classified data MIT says that NSA is breaking the law right now, there's a regulation against it, they asked Mike Godwin and he said don"t mention it you"d be screwing up! ??: would suing be a good tactic, asking for a writ or somesuch to enforce the statute against the NSA doing this kind of stuff (standards setting, classification) Bill Stewart: if NSA is not allowed to be involved in civilian crypto then the FIP defines the way you vet clipper as being "ask the nsa"; other way to define legislation is that escrowed keys be available to corresponding citizen and citizen notified of attempted and denied access ?? again: access to keys could be time delimited, notify citizen of end of time; Bill says in clipper you don"t know your own key so you should be able to know it; Neil Rest-- broadening FIPS (fed info proc stds) to FS (fed standards) ??: need to attack private citizens not using crypto legislation key "escrow" is illegal (pass a law) FIPS is illegal Eric H's whole attitude was turned around by one sentence from Mark Rotenberg, EFF counsel: "it's much more interesting to change the law than to adjudicate it." Bill Stewart: read Renos rules on access: said can be accessed by method A, B, C but not *disallowed* kinds of access can"t mandate clipper use between private parties and government (chip) Strata: can we mandate use of clipper or similar so that industry will say it's too expensive to implement ; Eric, no, backward strategies are too dangerous. Jim other (not Warren): can we do stuff on state level that will override the gov"t, can we persuade individual states not to use clipper and thus break the back of clipper that way (ie propose legislation that prevents CA from buying clipper phones) Arthur: alter rules of order for cryto legislation, require 2/3 majority Tim May: I think any law that says certain types of crypto should be required or disallowed plays into the hands of people who want to control crypto; how about coattailing on English is not national language movement, no one shall be required to speak in particular language. James Madison's argument against bill of rights recapitulated by Eric H in response to Tim, Tim says we shouldn"t be encouraging legislation, it encourages the feeling that they CAN legislate crypto policies. Lawrence Tribe from Harvard had suggestion for amendment basically "right of free speech and assembly should not be abrogated by technological progress." Chip: if skipjack hits PD, we should be able to use it Perry & Martin: how about a bill to put skipjack in PD Perry: require procedure & public reports, comments in fed register, rquire for all standards, procedure before adoption ?? : Xfer crypto policy into hands of dept commerce bureau of export (non military only); that agency has an entire culture of making regs easier & promoting export, etc; commerce always goes in and fights for decontrol, will create counterbalance force in govt pointing the right way! ?? blond guy: coda to having a central authority, put auto-approval on export/distribution, ie after N weeks it goes out if they don"t do anything... also that would be a good amendment to 3627 Eric says we need to replace "escrow", possibly w/key custody or key retention ["detention" says crowd]. Witt Diffy talks about terminology that John LeCarre put in espionage from his writing, if you think up terms that are better they *will* use them. net suggestions: loosely guarded key warehouse, key generation service key license vault, master key, custody, retention, key hostage, key confiscation, forfeiture, skeleton key, key minting Hugh-- Dept of Justic skeleton key closet? key licensing system, key assignment, Tim May says great exercise, but no parallel in our system, possible parallel in surrendering your documents when you travel. Key dissemination service, key surrender, sequester, key chaperone, duplicate key demonstration, keyjackers Trojan chips-- escrowed for your protection! bumper stickers-- my other key is not in the gov"ts closet! Just say NO to key escrow. Hell no, I won"t escrow. Ridicule terms-- house key escrow good analogy incumbents surveillance system key conscription key seizure privacy forfeiture system key crib communication permit, privacy permit, security permit key sharing [the Barney system! eric] permissible privacy key disclosure system denial of privacy ministry of privacy (minipriv & minisec, one holds each half) Winston Denning Internal Privacy Service also privateers, J Edgar Hoover Data Vacuum key generation bureau KGB privacy tattoo ministry of information privacy reposession agency (repo man!) doublekey (like doublespeak); big brother's key ring dept of data vehicles Tim May says Joe Sixpack doesn"t know key escrow but has heard of Clipper, so we should hack on clipper. Acronyms Martin Perry: the visible citizen Tim May says Mike Godwin is referring to "information snooper highway" (info sniffer highway, Tim quips) SUCK save us from clipper keys Beavis & Butthead episode, have them build a DES cracking machine or talk the class nerd into it call it the "buttcracking machine" Tim May talks about forging postings of semi-official memos realistically as a form of satire; Strata: no, it's too dangerous, we can"t afford to have people link us to not clearly labelled satirical documents; Gilmore: yes, remember how the cypherpunks community felt about being on the receiving end of the misinformation barrage via Detweiler; Tim: why not misinformation, just make it too bogus, etc; Gilmore: read great satire about Internet collapsing due to flat rate pricing, no investment by service providers, and in fact Nader commission just snuck a flat rate proposal in a couple days ago to "encourage competition"; Bill Stewart: yep april 1st is coming up, April 1st RFCs are traditional.; Tim clarifies he wants to make them look ridiculous, ludicrous, start a campaign of laughter against them; Arthur suggests that people don"t know the issues well enough; John Morton suggests preparing a white paper/FAQ style and gradually leading them into the issues and making it clear how silly it is. Martin Perry agrees, like propose a legislation that bans draperies, the drapery escrow stuff; Martin Minow says people should contact any Hollywood contacts as they have experience getting stuff out. Tim May: SNL did satire commercials of little Newton Message Pads of LCD notes, waiting for it to boot, etc. You could probably get SNL to do a fake commercial on key registration or key escrow, etc. Stuff was good-- after Newton pseudomercial 300 people apparently called Apple wanting to buy one! Bill Stewart: get Rush Limbaugh to do a fake commercial too and get the *other* half of the country. Hugh-- this is your key; this is your key on escrow Bill Stewart-- Clipper Key Escrow Service: we"re from the government, we"re here to help you Clipper the database from the people who brought you {waco, welfare} Strata: "Expose yourself to surveillance." Maybe we can get that mayor who did the expose yourself to art posters! Anything you say or hear can/will be used against you outside a court of law. Telephone w/Miranda rights on it. Martin Perry: stickers had " do not discuss or try to talk around classified info" at an old job of his, on phones. Katy: tidybowl man w/surveillance in a phone Phone w/"do not remove this tap under penalty of law" Bill Stewart: not only could "big brother inside" be turned into a screen saver but cypherpunks could issue a whole screensaver set and license it to Berkeley Systems; Martin Perry: spy vs spy too; every now and again it will randomly look like a fax is being made and say a copy of this screen is being sent to a govt agency; every time it is invoked it shows you what was on your screen the last time it was invoked; Tim May-- virus that says your hard disk is being duplicated. Void says a mod of the THX slogan: The govt is listening. The clipper chip, bringing you 1984 in 1994. Hopkins: Clipper backup plan-- send any vital data overseas encrypted w/magic cookie, send FOIA request to retrieve it! Use a phone, go to jail (arthur); May-- Clipper questions? call someone and ask them. Warning-- NSA has determined that strong crypto is dangerous to..... Tim: aside from satire we should be thinking of different slogans that appeal to other groups ranging from Schafly and rightwing, etc. Only God should know (digital confessional, strata brings up clipper would violate this>) Arthur: Guns & codes, the american way. Clipper, for your most public conversations. Clipper the last amendment Ever had a gov"t agency tap you from thousands of miles away? You will! Narrow your listeners down to two. Reach out and tap someone. Tip & Tap, the Clipper Brothers Clipper, can we talk? Strata: let's hack popular music too: Whitney houston hack: "I will always hear you" and "from a distance" Tom: all conversations are created private but some are more private than others Clipper: the privacy problem's final solution you deserve a tap today; have it their way. with clipper you"re never alone instead of we are everywhere, clipper: we will be everywhere. your direct line to the government third ear stickers for digital phones you"ll never talk alone Clipper: when you absolutely positively have nothing to hide Phil Karns says he wishes the people w/the good jokes would stand closer to the mike! Eric Hughes: a man's phone is his castle ...that huge sucking sound is your privacy flowing south into clipper.... pay no attention to the govt behind the phone line... Witt Diffy mentions German constitutional amendment debate to expand police capacity for legal wiretap; protest movement is using term (sp?) "a transparent citizenry" Strata draws parallel between McCarthyism & this, govt can say you have something to hide if you are fighting clipper. Anti-Clipper Semiotics Marketing & Positioning Press Coverage Now vs Eastern Europe Cantwell Bill HR 3627 Sameer at soda.berkeley.edu, student at UCB, cypherpunk remailer works to send return mail back with encrypted block; he has some docs on the remailer/blink anon server. A remailer that doesn"t need to know the correspondences between anon-ids and real-ids. Can"t run it for real yet, he has restrictions on his account, but contact him via email if you want to help test it. Also started writing an install script for cypherpunks remailers, if you get this install script you can just type install remailer and you"ll get a standard remailer that can tell "normal" mail from mail that should get remailed, etc. Available for ftp on soda. Strick; working on system called Kudzu, based on Tcl; hopes to port to PC and Mac, keeping modular portable components in key. Is crypto toolkit, has DES, RSA, diffy-helleman, gnu database, Ian Smith did C client wrapper for reading, interpreting mailers, lightweight threads out of SunOS, also setjmp/lngjmp. Wants to have support for threaded Dynin (DCNET) cryptography net, have random IP services in that. Plans to have FTP stuff (for US Citizens only) out before April trip to Budapest & Berlin; quip that he can"t go since he knows this stuff. Tim May mentions that if he said he was going w/the intention of implementing stuff outside the country he could be in trouble. M. Strata Rose Unix & Network Consultant, SysAdmin & Internet Information Virtual City Network (tm) strata at virtual.net | strata at hybrid.com | strata at fenchurch.mit.edu From mech at eff.org Mon Mar 21 16:13:25 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 21 Mar 94 16:13:25 PST Subject: Digital Signature Standard industry push Message-ID: <199403220013.TAA02834@eff.org> |||||||||| |||||||||| Information Express || || a voorhees report || || || ||||||| 718-369-0906 voice || || 636-8931 MCI Mail || || |||||||||| |||||||||| 411 First St., Brooklyn, NY 11215 ==============================================================+ (c) 1994 Mark Voorhees --Feel free to re-post this article freely-- GORE URGED TO PUSH DIGITAL SIGNATURE STANDARD FORWARD Electronic security firms call for resolution of cryptographic patents March 21, 1994--Eight leading data security firms have written Vice President Albert Gore requesting that he prod the adoption of the proposed Digital Signature Standard. A patent dispute between the government and Public Key Partners is holding up the standard, which would provide a way of verifying documents used in electronic commerce. The companies--AT&T, among them--are frustrated that they are missing business opportunity through government inaction. The original standard was proposed in August 1991. PKP owns most of the critical U.S. cryptographic patents. It negotiated an agreement with the National Institute of Standards and Technology that would give PKP the right to earn royalties on products using the government's digital signature standard. That agreement, which was published in the Federal Register last June, raised a ruckus in industry among vendors who did not want to pay PKP. Gore bent to that opposition on February 4, when his office announced that the standard would be royalty free. While that pronouncement greatly pleased industry, it has created a thicket of sticky, interwoven problems that defy quick resolution. The federal government must either assume the royalty payments, which would likely total millions of dollars; try to invalidate PKP's patents in court; or come up with a new standard. The first option is politically explosive and the second and third are time consuming. "Many of us have invested tremendous time, effort and money in developing systems and products" built to the proposed standard, the letter said. A new standard would also encounter royalty demands from PKP and delay commercial development by four to five years. "Further delay would only delay product development, frustrate the user base, fragment the market and delay the benefits to be realized through electronic commerce," the letter said. Gore's office did not respond for comment by press time. The companies signing the letter were: Information Security Corp.; Litronic Industries; AT&T Secure Communications Systems; Digital Signature; Mykotronx, Inc.; Datakey, Inc,; SecureWare, Inc.; and Cordant, Inc. The letter was dated March 14. (For more information, please refer to the March 25 issue of Information Law Alert, which will be in the mail shortly.) | Mark Voorhees | voorhees reports | | 411 first street | 636-8931 MCI Mail | brooklyn, ny 11215-2507 | | 1-718-369-0906 (voice) | markvoor at phantom.com | 1-718-369-3250 (fax) -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From mech at eff.org Mon Mar 21 16:25:15 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 21 Mar 94 16:25:15 PST Subject: House hearings on Internet security TUESDAY 22 March, Wash. DC Message-ID: <199403220024.TAA03102@eff.org> [cribbed from a pair of press releases] House Subcommittee on Science Hearing on Internet Security Chaired by Rep. Rick Boucher (D-VA) March 22, 1994 9:30 a.m. - 2318 Rayburn House Office Building The Subcommittee's interest in the issue arises in part because the Internet is a prime method of communication between researchers in academia and industry. It is also a major means of communication for federal researchers at agencies under the Subcommittee's jurisdiction. Recent break-ins on the Internet prompted the federal Computer Emergency Response Team to issue a special alert to Internet users on February 3, and suggest that the system may be more vulnerable than generally acknowledged to deliberate destruction or alteration of computer files. The hearing will evaluate the status of security on the Internet today and will examine measures currently available to enhance security, assess the effectiveness and degree of implementation of such measures, and identify obstacles to enhancing Internet security. Mail sstpress at hr.house.gov or fax 202-225-8280 for more info. For press access, call Rick Borchelt at 202-225-3359 Tentative Witness List Mr. L. Dain Gary, Manager Computer Emergency Response Team Operations (CERT) Carnegie Mellon University Pittsburgh, Pennsylvania (CERT is one of the coalition of response teams that form the Forum of Incident Response and Security Teams, or FIRST) Mr. Thomas T. Kubic Chief, Financial Crimes Section Federal Bureau of Investigation Washington, DC Dr. Vinton G. Cerf, President Internet Society Reston, Virginia (Senior VP of Data Architecture, MCI) Mr. Lynn McNulty Associate Director for Computer Security Computer Systems Laboratory National Institute of Standards and Technology Gaithersburg, Maryland (NIST is the secretariat for FIRST) Dr. Stephen D. Crocker, Vice President Trusted Information Systems Glenwood, Maryland (Chair, Privacy and Security Research Group, Internet Research Task Force) -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From hughes at ah.com Mon Mar 21 18:17:01 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 21 Mar 94 18:17:01 PST Subject: Administrivia: Questions about the List In-Reply-To: <199403190732.XAA27112@mail.netcom.com> Message-ID: <9403220203.AA00189@ah.com> >1. Is the list sending out messages in a defective (slow) way, or is >my service (Netcom) bouncing a lot of mail, thus causing these delays >as toad attempts resends? The problem, from what I can tell, is that one of the mail routing machines at uunet in Virginia was down. For various political reasons having to do with AUP's, toad.com routes NSFNet mail through uunet. So one of the relay machines went down, and some messages were delayed. Mail queuing makes no effort at all to preserve ordering, so if some message doesn't go straight to the machine it's supposed to the first time, ordering can get pretty randomly scrambled. >2. I'm getting a lot of error messages from Julf's site, saying my >messages cannot be delivered to "an2757938" and the like. This used to >be a problem, but was fixed by Eric Hughes a year or so ago. It >appears to be back again. Are others seeing this, too? I took five penet addresses off the list. Those people who were on it from that site can add themselves back on with majordomo. Eric From lake at evansville.edu Mon Mar 21 20:47:30 1994 From: lake at evansville.edu (Adam Lake) Date: Mon, 21 Mar 94 20:47:30 PST Subject: Exciting News! Message-ID: Fellow cypherpunks: Your Clipper worries are over. Cracker Jacks will soon offer a Clipper decoder ring in a few select boxes of Craker Jacks;-) lake at uenics.evansville.edu ---------------------------------------------------------------------------- Space for rent ---------------------------------------------------------------------------- From henryl2416 at aol.com Mon Mar 21 20:50:35 1994 From: henryl2416 at aol.com (henryl2416 at aol.com) Date: Mon, 21 Mar 94 20:50:35 PST Subject: How to control the Internet. Message-ID: <9403212348.tn07126@aol.com> Well, you don't have to worry about MicroSoft being buddy buddy with the US Govt'.. They are currently under investigation (read: Witch Hunt) by the Feds for having a monopoly... Seems to many people like to use MS-DOS... From consensus at netcom.com Mon Mar 21 21:24:19 1994 From: consensus at netcom.com (Christopher Allen) Date: Mon, 21 Mar 94 21:24:19 PST Subject: FWD: RIPEM/SIG - Worldwide Digital Signature Software Message-ID: <199403220524.VAA16309@mail.netcom.com> At 12:21 AM 3/19/94 -0700, mdbomber at w6yx.stanford.edu wrote: >I tried turning RIPEM Mac loose on this message and it complains about a >garbled Originator Certificate, then complains that it does not appear >to be a PEM/RIPEM message. > >Did anyone else get this to work? I've tested this further - like you I can't seem to verify the press release using RIPEM Mac. However, I did find someone with the RIPEM 1.2 software installed and it does verify with that software. I've sent a copy to Ray Lau, the author of RIPEM Mac, as I know that he is working on incorporating the features of RIPEM 1.2 in the next version of RIPEM Mac. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From sameer at soda.berkeley.edu Mon Mar 21 22:17:24 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Mon, 21 Mar 94 22:17:24 PST Subject: Coming Police State In-Reply-To: <199403212201.OAA15754@well.sf.ca.us> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Brian D Williams spake: > > Duncan, > > I live in Chicago, let me know if you'd like to get together for a Pizza, > cocktail, or whatever. I could also give you a place to check your mail (via > telnet etc) > Which reminds me. I'll be in Chicago the week *after* CFP. I'm probably going to be getting in this Friday, after CFP is over. (damn) If anyone around would like to get in touch, that would be great. - -Sameer -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLY6Mt3i7eNFdXppdAQH2QAQAi+S6d2HM8JsljJ9VUXEmRQuCvRfZIdBh QXp55xWM2BoThO3iWe71nG9/Iy0tPAPiT1E1LMh8hYTalkEzVHWx2e7bc7oNGF7U Md3sTdXPS+PpqyoAt5Jhu1o5PW3ebIPwLmiVcfkdDKIsXC2qEFSLfAgF7j7wC2Rx vZnPblNTUSA= =MYpE -----END PGP SIGNATURE----- From moulton at netcom.com Mon Mar 21 22:43:21 1994 From: moulton at netcom.com (Fred C. Moulton) Date: Mon, 21 Mar 94 22:43:21 PST Subject: Parker on Clipper Message-ID: <199403220644.WAA08892@mail.netcom.com> In the 21-Mar-94 issue of Computerworld p.4 the following statment is attributed to Donn Parker of SRI, "We have to make strong, nonescrow encryption a crime". I do not remember Parker making a statement like this previously, is this a new position for Parker or is my memory going bad? Fred From consensus at netcom.com Tue Mar 22 00:14:53 1994 From: consensus at netcom.com (Christopher Allen) Date: Tue, 22 Mar 94 00:14:53 PST Subject: Where to find RIPEM/SIG (an exportable version of RIPEM) Message-ID: <199403220815.AAA05665@mail.netcom.com> Though I've not seen much traffic here in cypherpunks on the new exportable version of RIPEM/SIG, I do think that its latest release is significant. RIPEM/SIG plus the new version of RSAREF is going to allow my firm to do some development on products that were not realizable with PGP (because of export controls, as well as licensing and patent issues.) For those of you who are also interested in the exportable RIPEM/SIG version 1.2a, the files are now available via anonymous ftp or by using Mosaic/World-Wide-Web. Unlike the binaries for RIPEM 1.2a, these files are available via anonymous ftp -- you don't need an account on the server to download the files (in order to get an account you have send an email message saying that you are an US or Canadian user.) The press release on RIPEM/SIG from Mark Riordan is at: ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/posting Binary files are at: ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-68030-macintosh-commandline-1.2a.sit.hqx ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-80x86-dos-vanilla-1.2a.exe ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-hppa-hpux9.01-1.2a ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-ibm-rs6000-aix3.2-1.2a ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-sparc-sunos4.1.1-1.2a There does not seem to be separate documentation for RIPEM/SIG yet, so I guess you have to use the documentation for RIPEM 1.2a: ftp://ripem.msu.edu/pub/crypt/ripem/ripem.man ftp://ripem.msu.edu/pub/crypt/ripem/ripemusr.doc ftp://ripem.msu.edu/pub/crypt/ripem/ripemusr.txt A current list of RIPEM public keys is at: ftp://ripem.msu.edu/pub/crypt/ripem/pubkeys.txt The new RSAREF source code that RIPEM/SIG is based on was made available today the rsa.com server. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From jkreznar at ininx.com Tue Mar 22 03:24:03 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Tue, 22 Mar 94 03:24:03 PST Subject: EFF gun-shy of legally employing PGP (fwd) In-Reply-To: <9403172209.ZM25889@well.sf.ca.us> Message-ID: <9403220809.AA00855@ininx> -----BEGIN PGP SIGNED MESSAGE----- >If *we* don't take advantage of these tools now, in effect defining their >use and showing their benefits, then who will? Hear, Here! John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLY6nTMDhz44ugybJAQF9oQP/YG92TNu/h96ZM7b6HQRHrfbSSrJCmZyw Gg8hIXKAzcPWpLF9iPe0Z8/aV3sjv5YySVVwVgzorNcrSBGI5tCkXe9I0Hh5ys/7 yVbfXxOLhAFERahkeuwFOrVN9724Q/iUNAsAka4FyiGSlPuP/gAyJtadS9H3O/9I O8dgbhlO3ug= =Nt/l -----END PGP SIGNATURE----- From consensus at netcom.com Tue Mar 22 05:03:47 1994 From: consensus at netcom.com (Christopher Allen) Date: Tue, 22 Mar 94 05:03:47 PST Subject: Where to find RSAREF (source library used by RIPEM) Message-ID: <199403221304.FAA02622@mail.netcom.com> Some people asked after my last message how to get the latest version of RSAREF 1.2 -- it can be found on RSA's anonymous ftp server. What is significant about the new RSAREF is that it is used as the basis for RIPEM and RIPEM/SIG, and that you can incorporate its toolbox in your own applications very inexpensively. According to their license agreement, freeware (i.e. non-moneymaking) software can use the RSAREF toolkit provided that you make the source code to your utility available. Though this is not official yet, I've been told by RSA that they will also grant a royalty-free license to shareware authors up to $10,000 worth of gross annual sales if the shareware source code is available and the author(s) do not charge more than $50 a copy. If you are a commercial developer, I know from personal experience that they can be quite reasonable about licensing -- they want this base level of technology adopted as widely as possible -- just make RSA a reasonable offer and I think they'll take it. Remember, even though you can use RSAREF to create exportable non-encryption based digital signature software, the source code to RSAREF is not exportable itself as it can do encryption thus it is only available to US and Canadian citizens. Information on what RSAREF is all about and what are the license terms are located at: ftp://rsa.com/rsaref/info.reply ftp://rsa.com/rsaref/license.txt To get access to a time dependent directory (it changes every few minutes) you will need to read the document: ftp://rsa.com/rsaref/README If you agree to it's terms, take the directory mentioned there and substitute it for the the checksum in the directory "U.S.-only 7c04e6". The uuencoded tar archive of RSAREF is at (remember to change the time dependent directory!): ftp://rsa.com/rsaref/dist/U.S.-only-7c04e6/rsaref.tar.Z The ZIP archive of RSAREF is at (remember to change the time dependent directory!): ftp://rsa.com/rsaref/dist/U.S.-only-7c04e6/rsaref.zip You can also get the RSAREF via email by reading the RSAREF license agreement and sending the following message to . If your electronic mail address is located in Canada, please send RSA your full name and mailing address; they'll need it to complete a Department of State export declaration. I acknowledge that I have read the RSAREF Program License Agreement and understand and agree to be bound by its terms and conditions, including without limitation its restrictions on foreign reshipment of the Program and information related to the Program. The electronic mail address to which I am requesting that the program be transmitted is located in the United States of America or Canada and I am a United States citizen, a Canadian citizen, or a permanent resident of the United States. The RSAREF Program License Agreement is the complete and exclusive agreement between RSA Laboratories and me relating to the Program, and supersedes any proposal or prior agreement, oral or written, and any other communications between RSA Laboratories and me relating to the Program. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From hughes at ah.com Tue Mar 22 08:10:20 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 22 Mar 94 08:10:20 PST Subject: ADMIN: CFP will create an administrative outage Message-ID: <9403221557.AA01400@ah.com> I leave for CFP this morning. The majordomo filter should take care of most of the complainers. The others should be told that active administration will resume next week after I get back. Eric From banisar at washofc.cpsr.org Tue Mar 22 09:05:45 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Tue, 22 Mar 94 09:05:45 PST Subject: (fwd) FBI Wiretaps. Old news.... Message-ID: <9403220823.AA09340@Hacker2.cpsr.digex.net> > Date: Sun, 20 Mar 1994 12:06:05 -0500 > From: Black Unicorn > Message-Id: <199403201706.AA03413 at access3.digex.net> > To: cypherpunks at toad.com, paul at hawksbill.sprintmrn.com > Subject: Re: (fwd) FBI Wiretaps. Old news.... > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > > ``We could be out of the wiretap business in a very short > > time,'' Freeh said. He said 91 court-approved wiretaps were > > abandoned last year because telephone companies could not solve > > technical problems. > > > I forgot to add, EFF's recent FOIA act asking for equipment > interference with court ordered wiretaps showed NO problems. > > Where the 91 figure comes from is a mystery. > > Actually that was a series of CPSR FOIA requests dating back to 1992. EFF (except for some done by Bd. Member John Gilmore) does not do FOIA. There are fudging seriously on the 91 figure. They admit that none of them have to do with digital telephony. At least 10 were from NY in the mid-80s when everyone wanted a cell phone and there wernt enough ports for the FBI to wiretaps them all at the same time. That situation has been remedied. Another 30 of them were when they could not slap a pen register on a cell phone (actually nothing to do with taps at all really). and so on. After Freeh mentioned the 9 figure, Leahy really took him apart on the figures. -d From hfinney at shell.portal.com Tue Mar 22 09:41:36 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 22 Mar 94 09:41:36 PST Subject: Promise her anything... Message-ID: <199403221558.HAA09454@jobe.shell.portal.com> A few days ago I said I'd look up the legal requirements on promissory notes. This was to see whether digital cash or similar instruments could implement digital promissory notes. I found a book of legal forms for a variety of situations, and one set of forms dealt with promissory notes. Here are some of the comments about the sample notes below. "Negotiability. "All of our notes are negotiable - that is, they can be sold. To understand what this means, think of what happens when you write a check. Your check means that you owe the face amount of the check to the person you have made it out to (the payee) and that your bank will pay this debt when the check is presented to it. The original payee of your check can either collect the amount directly or, as is common, endorse the check to someone else. This new owner can then collect the amount from your bank or endorse the check to someone else. In other words, the check can pass freely from person to person (that is, be negotiated) until it is presented to your bank for payment. "Promissory notes can similarly be negotiated, assuming they contain the following provisions and magic words: "names of the lender and borrower, and borrower's address "a statement that the debt is payable 'to the order of' the lender (promisee) "a specified principal sum to be paid and the specific rate of interest, if any "the address where the payments are to be made "the city where and date when the note is signed and "the signature of the debtor (promisee) "All the notes set out in this book contain this basic information. Although we told you in Chapter 1 that you could alter our contracts to your satisfaction, taking out any of these clauses will probably render the note non-negotiable (though still valid). "In fact, it is unlikely that negotiability will be important to very many readers, as most will never transfer their note. However, should one of the parties die, become mentally ill, or otherwise not be able to pay or collect the debt, the fact that the note is negotiable increases the chance that it will be paid. Why? Because institutions in the business of purchasing uncollected notes and collecting onthem may be willing to buy it. If you alter a note but want to have it remain negotiable, make sure it still contains the elements listed above." The promissory note in the book also has a clause regarding attorney fees. I will eliminate it here which implies that each party simply pays his own attorney fees. It simplifies the note. Here is the note. The form is not important, but the information present is: For value received, I individually promise to pay to the order of ____________ $___________ on _____________ at _______________________. Date: _________________________ Location (City or County): _________________________ Name of Borrower: _________________________ Address of Borrower: _________________________ _________________________ Signature of Borrower: _________________________ In considering how this could be presented in electronic form, the basic information could be provided in a digitally signed message. The thrust of the legal discussion about the note is to make sure it can be enforced in court if the borrower doesn't pay. Digital signatures have not, as far as I know, been tested yet in court, so lenders would not currently have the protections with a digital promissory note that they would have with a written one. These notes also do not seem to lend themselves to anonymous transactions very well. The original note must contain the name of both borrower and lender. And I believe that if the note is sold, it must be endorsed over to the buyer like a check. So not only does the note record the names of its owners, it also shows a trail of previous owners. In general, this does not seem to be an approach which would protect privacy. I imagine it is possible for a person to create a "bearer" promissory note, where he will pay back some loan to whomever presents the note. In normal circumstances, though, no lender would want to lend in exchange for such a note, since the regular promissory note gives him more protection. It's not clear, too, how enforceable such a note would be, especially if presented by someone not the original lender, say if the original lender contested the note (claiming it was stolen or such). The one loose end I did pick up from this reading was the general topic of negotiable instruments. These are financial papers which can be sold. Per- haps among the great variety of such instruments there would be some more suitable to digital implementation using the anonymous-transfer technology. Hal From mpjohnso at nyx10.cs.du.edu Tue Mar 22 09:47:45 1994 From: mpjohnso at nyx10.cs.du.edu (Michael Johnson) Date: Tue, 22 Mar 94 09:47:45 PST Subject: PGP BBS site Message-ID: <9403221641.AA16777@nyx10.cs.du.edu> >Need to refer someone (US citizen, currently in the US) to a BBS that is >carrying the current PGP. Any pointers? He's in Edgewater FL, but is >willing to call LD to get it. No net access. Thanks. Colorado Catacombs BBS (303-938-9654) ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| From frissell at panix.com Tue Mar 22 10:24:04 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 22 Mar 94 10:24:04 PST Subject: NSA Clipper Interview in WSJ Message-ID: Catch the great interview with Clinton Brooks, "the NSA scientist who led the so-called Clipper Chip project" which started in 1989. Page B1 of today's WSJ. DCF From consensus at netcom.com Tue Mar 22 10:28:16 1994 From: consensus at netcom.com (Christopher Allen) Date: Tue, 22 Mar 94 10:28:16 PST Subject: CORRECTION: RSAREF Version Number is 2.0 Message-ID: <199403221330.FAA05381@mail.netcom.com> At 5:03 AM 3/22/94 -0800, Christopher Allen wrote: >Some people asked after my last message how to get the latest version of >RSAREF 1.2 -- it can be found on RSA's anonymous ftp server. Sorry about that, just doing some typing too late at night. The brand new version of RSAREF is 2.0. Otherwise all the other information in my previous message should be correct. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From tcmay at netcom.com Tue Mar 22 11:08:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 22 Mar 94 11:08:12 PST Subject: Crypto for Lawyers and Linguists Message-ID: <199403221908.LAA28916@mail.netcom.com> This letter that John Gilmore has forwarded to us provides a vignette into why not just seditious plotters and other tentacles need crypto: > From: "Brock N. Meeks" > Subject: This guy needs help ... > There's an attorney in Dallas that needs help: Your help. > Crypto help. ... > Albert's client is an international organization of linguists. > They specialize in taking unwritten languages and translating > them to written words. They are a clean, non-political group and > they want to stay that way. Trouble is, Albert told me, there > are governments, both U.S. and foreign, that want to tap this > organization's files to access the "raw intelligence" that their > field personnel often send in. > > This intelligence is nothing more than the certain problems they > might be having with the in-country governments. But they don't > want prying eyes to be poking into their files, using whatever > they send in against other groups. > > Similarly, they don't want their translation notes, files, used > by intelligence agencies against the people they are working with > for translation. Wanna bet that such a group forced to use "Clipper," "Capstone," "Tessera," and other approved crypto tools would have their communciations opened and read by various "interested" agencies? * attorney-client privilege in an era of networked offices will be broken unless strong crypto is available (ditto for psychiatrist-patient contacts, sensitive medical records, etc.) * groups that have contacts outside the U.S. (as in the case Brock Meeks reports on) have always evoked the interest of the CIA and other agencies...without strong crypto, their communcations will be even more easily accessible if Digital Telephony II passes. Most of you understand these points, but it bears repeating that individuals and groups from many political points of view will be affected by the "transparent society" of Clipper, Capstone, Tessera, and Digital Telephony. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dsantos at die.upm.es Tue Mar 22 11:28:21 1994 From: dsantos at die.upm.es (Diego Santos Romero) Date: Tue, 22 Mar 94 11:28:21 PST Subject: HW-key SW protection Message-ID: <9403221932.AA03856@sparc4.die.upm.es> Hola a todos! Perhaps you have seen them. Hw-keys are used to protect sw from unauthorized copying. Usually, they come as a piece of HW that goes connected to one of the PC's parallel ports. When you are using sw that is protected, it sends a message to the hw key, and this responds with a signal or data block authorizing (or enabling) the computation to proceed. If you have a copy and do not have the key, you cannot go on. If you have the key then you can make as many copies of the sw as you need (as back up, for example) and be able to use all of them (albeit not at the same time, you have just one key!). Well, the question is: Does anyone of you know what kind of algorithm do this hw keys use? Saludos, Diego From sandfort at crl.com Tue Mar 22 11:43:51 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 22 Mar 94 11:43:51 PST Subject: CLIPPER CHIP ON LIMBAUGH Message-ID: C'punks, For those of you who don't listen to Rush Limbaugh, he just did a couple of minutes on the Clipper chip. He was not favorable. He specifically mentioned that it would be voluntary "for now," to which he added that this is always how such things start from the government. His layman's explanation was that Clipper chip would be put in every phone and computer to easily allow the government to tap its communications. He mentioned the Skipjack algorithm in passing, and seemed to have a pretty good grasp of Clipper and its implications. Time for us to target Rush's show with anti-Clipper calls? His contact information is: phone 800 282 2882 fax 212 563 9166 e-mail 70277.2502 at compuserve.com Radio show hours are noon to 3:00pm EST S a n d y From consensus at netcom.com Tue Mar 22 11:48:10 1994 From: consensus at netcom.com (Christopher Allen) Date: Tue, 22 Mar 94 11:48:10 PST Subject: Where to find RIPEM/SIG (an exportable version of RIPEM) Message-ID: <199403221948.LAA27805@mail.netcom.com> At 11:06 AM 3/22/94 -0800, Michael P. Reilly wrote: >Hi, > >How does one obtain permission to ftp the ripem-1.2a-0.tar.Z file? > >Thanks, > >mike The file GETTING_ACCESS on ripem.msu.edu describes how to get permission to ftp RIPEM. It is at: ftp://guest.mu5k2d55:@ripem.msu.edu//pub/crypt/GETTING_ACCESS I've enclosed their file here: >Dear FTP user, > >To access the RIPEM cryptographic software archive at ripem.msu.edu, >you must have an "account" on my custom FTP server. Traditional >anonymous FTP login is allowed, but anonymous users are prevented >from doing GETs on files containing cryptographic software. >Anonymous access is allowed so that you can get README-type files >like this one, and files containing descriptions of software >licensing terms. > >This FTP server is not an official service at all. Although >accounts have no specific expiration dates, your account (or >more likely, the service as a whole) could be discontinued at >any time without any advance notice (even to me). > >To apply for FTP access to rpub.cl.msu.edu, send an email message >to ripem at ripem.msu.edu. State the following: > >1. Your citizenship (must be USA or Canadian) >2. Your willingness to comply with relevant export laws. >3. Your willingness to comply with relevant software license terms. > (You should get and read the file "rsaref-license.txt" on this host, > so you know what you are agreeing to if you get RIPEM.) >4. The "canonical" Internet domain name of your host. > (If you are not sure of the primary name of your host, FTP to > ripem.msu.edu under user anonymous. The FTP server will inform > you of your hostname.) Also state the country in which your host > resides. > >***** >***** NOTE: It is very important that you get the hostname correct. >***** As odd as it may seem, many requestors have >***** not correctly specified their host address. This >***** causes extra effort for both of us. Please check >***** (via anonymous FTP) unless you are certain of your >***** hostname as known by domain name servers. Your >***** hostname does *** NOT *** have an "@" in it, and >***** in general cannot be derived from your email address. >***** > >Here's a sample email message you might send to ripem at ripem.msu.edu: > >To: ripem at ripem.msu.edu >Subject: Access to ripem.msu.edu > > Dear Mark, > > Please give me access to ripem.msu.edu. I am an American > citizen, and I agree to comply with crypto export laws and > RSAREF license terms. My hostname is hobbit.egr.bigu.edu; > this host is located in the United States. > > Thank you. > >When I receive your message, with luck I'll promptly issue you >a special FTP username and password by return email. This username >will work only from the hostname you specify in your message. > >In the case of RIPEM, you may redistribute the code, but only >to others in the USA and Canada, and only under the terms of >the RSAREF license agreement mentioned above. > >Thank you. > >This method of distribution is due to local site requirements >and is not required by RSAREF license terms, FYI. > >Mark Riordan mrr at scss3.cl.msu.edu > >P.S. I realize that going through this account application process >is not your idea of a good time. It doesn't take much imagination >to figure that it isn't my idea of a good time, either. Please >help this process go smoothly by giving me all the informative >requested above, so I can issue your account on the first try. >I receive hundreds of these requests and many are lacking information. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From hayden at krypton.mankato.msus.edu Tue Mar 22 11:59:51 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 22 Mar 94 11:59:51 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: Message-ID: While I have a lot of personal loathing of Limbaugh and his brand of hate-radio, I am happy to see that he has come out as an anti-clipper personality. John Q. Public listens to Limbaugh and now the message will get out. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hayden at krypton.mankato.msus.edu Tue Mar 22 12:00:27 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 22 Mar 94 12:00:27 PST Subject: Administrivia: Questi In-Reply-To: <60.5156.6525.0C199261@canrem.com> Message-ID: On Mon, 21 Mar 1994, Terry Smith wrote: > Ok - I'm going to have to come out and admit that I have no idea what > the geek code is and I'm dying to know.... Finger me for information :-) As my .signature says. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From ph at netcom.com Tue Mar 22 12:18:03 1994 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 22 Mar 94 12:18:03 PST Subject: Promise her anything... In-Reply-To: <199403221558.HAA09454@jobe.shell.portal.com> Message-ID: <199403222018.MAA23555@mail.netcom.com> One footnote to Hal's cool message: > I imagine it is possible for a person to create a "bearer" > promissory note, where he will pay back some loan to whomever > presents the note. In normal circumstances, though, no lender would > want to lend in exchange for such a note, since the regular > promissory note gives him more protection. It's not clear, too, how > enforceable such a note would be, especially if presented by someone > not the original lender, say if the original lender contested the > note (claiming it was stolen or such). The IRS made bearer bonds illegal about ten years ago. It seems people were using them to evade income tax. I believe they are forbidden within the United States and U.S. citizens are forbidden to own them at all anywhere. Bearer bonds are still widely used in Europe. They are liked because they simplify payment and bookkeeping - nobody has to go through a transfer agent to exchange them. Problems with theft and fraud appear to be manageable. There was an interesting case a few years ago when somebody tried to sell stock in the United States which was convertible to bearer bonds. Is it legal for a U.S. citizen to hold the stock if she or he does not convert it into a bearer bond? I don't know what the court decided, but the fact that the case was brought makes me think the authorities are pretty touchy on this issue. But, there might be some legal variant of the idea. Peter From pmetzger at lehman.com Tue Mar 22 12:32:35 1994 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 22 Mar 94 12:32:35 PST Subject: Promise her anything... In-Reply-To: <199403222018.MAA23555@mail.netcom.com> Message-ID: <9403222031.AA15785@andria.lehman.com> Peter Hendrickson says: > The IRS made bearer bonds illegal about ten years ago. It seems > people were using them to evade income tax. I believe they are > forbidden within the United States and U.S. citizens are forbidden to > own them at all anywhere. Not really true -- much of US debt is still in the form of bearer bonds, although new bearer bonds are not being produced. I don't think they were made illegal per se -- I forget what was used to prevent them from being issued. In any case, bearer instruments in the generic sense are perfectly legal. Write a check to "CASH" and what you have is a bearer instrument. People wanting to learn about this should get a book on commercial paper, which is the subset of the law we are discussing. Perry From gtoal at an-teallach.com Tue Mar 22 12:46:41 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 22 Mar 94 12:46:41 PST Subject: CLIPPER CHIP ON LIMBAUGH Message-ID: <199403222046.UAA10641@an-teallach.com> : From: Sandy Sandfort : Time for us to target Rush's show with anti-Clipper calls? His contact : information is: >From what I understand of the loud-mouthed ass's psychology, you'll get more out of him if you target him with *pro* clipper calls :-) G From sonny at netcom.com Tue Mar 22 12:55:12 1994 From: sonny at netcom.com (James Hicks) Date: Tue, 22 Mar 94 12:55:12 PST Subject: NSA Clipper Interview in WSJ In-Reply-To: Message-ID: <199403222055.MAA08950@mail.netcom.com> > > Catch the great interview with Clinton Brooks, "the NSA scientist who led > the so-called Clipper Chip project" which started in 1989. > > Page B1 of today's WSJ. > > DCF What does WSJ stand for? >James< From frissell at panix.com Tue Mar 22 13:08:17 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 22 Mar 94 13:08:17 PST Subject: Promise her anything... In-Reply-To: <199403222018.MAA23555@mail.netcom.com> Message-ID: On Tue, 22 Mar 1994, Peter Hendrickson wrote: > The IRS made bearer bonds illegal about ten years ago. It seems > people were using them to evade income tax. I believe they are > forbidden within the United States and U.S. citizens are forbidden to > own them at all anywhere. Bearer bonds are not illegal in the US. The interest paid on bearer bonds issued after a certain date is not deductible from taxes but the bonds are legal. Additionally, depending on specifics, financial institutions may have to report sales and purchases including tax ID # on some transactions involving bonds. A bond is just a debt obligation. If you want proof that bearer instruments are legal, endorse a check made payable to you - you have just converted it into a bearer instrument (as long as you add no restrictions to your endorsment). You will not be busted if the government finds out you signed the back of a check. DCF "She sleeps with the boss." Roz Russell on how Norma Shearer (wife of Irving Thalberg) got all the juicy movie roles. -- Not Rush discussing how HRC got WJBC to appoint her Health Care Czar. From frissell at panix.com Tue Mar 22 13:09:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 22 Mar 94 13:09:10 PST Subject: NSA Clipper Interview in WSJ In-Reply-To: <199403222055.MAA08950@mail.netcom.com> Message-ID: On Tue, 22 Mar 1994, James Hicks wrote: > What does WSJ stand for? > > >James< Wall Street Journal. I thought cypherpunks were crypto experts. DCF From ravage at bga.com Tue Mar 22 13:17:54 1994 From: ravage at bga.com (Jim choate) Date: Tue, 22 Mar 94 13:17:54 PST Subject: anti-security measures In-Reply-To: <9403211645.AA17070@internal.apple.com> Message-ID: <199403222117.AA11748@zoom.bga.com> > > >I need to convince someone of their need for security. If anyone out there > >could send me a good trojan program or direct me to somewhere where I can find > >code or how to code one I would appreciate it. Other security buster measures > >would also be nice. :) Thanks. > > Heh. > > I need to convince someone of their need for physical security. If anyone > out there could supply me with several pounds of C4, a high-powered rifle, > and a large caliber handgun, I'd appreciate it. Other lethal weapons would > also be nice. > > Thanks. > > -- > Lefty (lefty at apple.com) > C:.M:.C:., D:.O:.D:. > > > How much money do you have? C4 is easy to make and the guns are easy to buy... I already have megs of virus and such software. From ravage at bga.com Tue Mar 22 13:18:46 1994 From: ravage at bga.com (Jim choate) Date: Tue, 22 Mar 94 13:18:46 PST Subject: Administrivia: Questi In-Reply-To: <60.5156.6525.0C199261@canrem.com> Message-ID: <199403222118.AA11797@zoom.bga.com> > > Robert A. hayden wrote  > |-------------------------------| > >(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ > > n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) > |-------------------------------| > > Ok - I'm going to have to come out and admit that I have no idea what > the geek code is and I'm dying to know.... > > > Terry Smith - XANTH sysop - 1:259/510 > CI$ 70733,3013 PGP 2.3A KEY FREQABLE AS 'KEY'. > My opinions are not that of my company. But one day they WILL be! And then - > the -+*WORLD*+- Bwaw ha ha !!. > Read the Tick and others by NEC. > Geraldo - "So, Mr. Smith, you admit you like to eat babies!" > Me - "Nono - I admit I like to eat BABES!" > > --- > * TLX v1.55 * Yeah, he seems to be the "black sheep" of the administrat > related to the cat characteristic codes I would imagine...check out pets.cats From unicorn at access.digex.net Tue Mar 22 13:20:47 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 22 Mar 94 13:20:47 PST Subject: (fwd) FBI Wiretaps. Old news.... Message-ID: <199403222120.AA25449@access1.digex.net> ->> I forgot to add, EFF's recent FOIA act asking for equipment > interference with court ordered wiretaps showed NO problems. > > Where the 91 figure comes from is a mystery. > > Actually that was a series of CPSR FOIA requests dating back to 1992. EFF (except for some done by Bd. Member John Gilmore) does not do FOIA. <- I stand corrected. Now that you bring it up, I do remember CPSR being attributed at the hearing. Thanks for the correction. -uni- (Dark) From nobody at soda.berkeley.edu Tue Mar 22 14:31:00 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 22 Mar 94 14:31:00 PST Subject: Stay focused on the big picture Message-ID: <199403222230.OAA15207@soda.berkeley.edu> There has been hostility expressed on this list towards Limbaugh, 700 Club, UWSA, NRA, etc., and the 10's of millions of politically active supporters who could be allies in the anti-Clipper fight. In the interest of focusing attention on the big picture, I offer the following eloquent letter: > Mr. [Recipient]: > > I'm writing to express my agreement with you > concerning the dangerous, and in fact, tyrannous nature of > the Clipper chip. However, I find your reasoning > anachronistic - more typical of Cold War rhetoric than the > new "paradigm" we find ourselves in now. In particular, > I find it fascinating that many people, like yourself, are > now beginning to see Liberalism for what it really is - an > effort to cram government down our throats in order to > protect us from ourselves. Thus the arrogant "if you knew > what I know" attitude you mention in your article. > > And simultaneously, those of you who were most hostile to > conservatism are belatedly understanding what it is about - > the virtue of LIMITED GOVERNMENT and INDIVIDUAL SOVEREIGNTY. > > It seems, since the end of the Cold War, that new > "battle-lines" have been drawn, and that you have discovered > that those who you considered enemies are now in your camp, > and that several old friends are now opponents. > > Even now, you refuse to recognize the logical conclusion of > Liberalism - government dominance of all facets of life, > eclipsing individual rights. Instead, you remarkably tell > yourself that BILL & AL are being hoodwinked by "spooks" in > the NSA, but that they are really on your side. I have > news for you, they are not. > > After all, who is most likely to agree with you? Reagan, > who says that "government is the problem" or Bill & AL who > believe that government is the answer to all our problems - > from the health care "crisis" to the dangers of vitamins. > Clearly you can see now who is the champion of individual > rights and who is the champion of bureaucracies that > claim to know what we don't. > > I invite you to the real new paradigm, in which old concepts > of liberal and conservative are increasingly meaningless. > It is a new world in which I - a conservative - find common > cause with you - a liberal - in our fight for individual > freedom. It is really debilitating and self-deceptive to > cling to the old definitions. > > I offer this in the spirit of cooperation, since I believe > that if we hope to win the war, we should at least know who > we are fighting! > > Sincerely, > > Robert J. Bork > > From unicorn at access.digex.net Tue Mar 22 15:02:24 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 22 Mar 94 15:02:24 PST Subject: DT'94 and Clipper: effect on manufactures (FWD) Message-ID: <199403222302.AA02476@access1.digex.net> I thought I would forward this as it seemed to relate. Also 'cause I'm the author. :) -> Newsgroups: comp.org.eff.talk,alt.privacy.clipper,talk.politics.crypto Subject: Re: Janet Reno on Clipper Summary: Expires: References: <2mi265$4a6 at access3.digex.net> <6woWZxj024n at sktb.demon.co.uk> Sender: Followup-To: Distribution: inet Organization: Express Access Online Communications, Greenbelt, MD USA Keywords: Cc: In article <6woWZxj024n at sktb.demon.co.uk>, Paul L. Allen wrote: >In article > strnlght at netcom.com (David Sternlight) writes: > >> Then Brad's fear is unfounded since those equipment manufacturers who aren't >> common carriers can sell crypto without a back door. > >If this is the case then such equipment will no doubt end up with a sticker >saying that it is illegal to use it on a line supplied by a common carrier >and that doing so may result in a fine or imprisonment. No. The bill in its draft from provides that common carriers who do not provide the encryption device are exempt. The meaning on its face is that common carriers are gaining some immunity to sanctions if they did not provide the customer with the encryption he or she is using and instead provide a means for the government to compell the common carrier to produce in the clear that which they caused to be encrypted. This is a simplification, look at the bill for the full details. The practical effect the bills has is to impose on common carriers that manufacture encryption devices, a duty to provide to the government those conversations which are made with said devices over their lines. For example: If AT&T manufactures some encryption device, and I use it over AT&T lines, one reading of the bill would suggest that AT&T is now RESPONSIBLE for decrypting this if the government should request it. The definition is not limited to common carriers either. PCS manufactures are also covered. This definition argueably includes: Motorola Apple (If they provide cellular support for Newton) Cannon and perhaps anyone who manufactures cellular phones. If this is the case, all these companies are bound by the terms of DT'94 and subject to its fines and sancations as well. The net result is to discourage and make very DANGEROUS the manufacutre of encryption devices if you fall into this category. HEREIN LIES THE IMPORTANT POINT: THE CONNECTION TO THE CLIPPER PROPOSAL AND THE ASSERTION WHICH MR. STERNLIGHT WILL JUMP UPON WITH VIGOR. The real target of this legislation is the large telecomunications MANUFACTURES like AT&T. It is now very dangerous to manufacture encryption devices and still remain a common carrier. Most of the large companies that would like to jump into the market for encryption devices are also probably going to fall into the common carrier definition or the PCS manufacture definition. If you subscribe to Mr. Sternlight's views, you would argue that this is really voluntary and that no one is forcing the companies not to manufacture these products, indeed they are free to manufacture them and pay the crippling $10,000/day non-compliance sanction and endure service injunctions. After you remove the large companies from contention, all that is left is the small companies that don't fall into common carrier definitions and are not PCS manufactures. So the government introduces an exception. If you manufacture an encryption device with Clipper, the government (Mytronics) has manufactured the chips, and provided the keys. Since they provided the keys, the 3rd party manufacturer is exempt from the DT'94 regulations for decryption duty. The only companies left manufacturing non-clipper devices are the small fries that cannot hope to compete in a government subsidized and flooded market. If this does not fit the definition of regulation, I simply refuse to argue the point with my opponents any longer as they are clearly resorting to arguement by symantics. Even now the subtle cleverness with which the parts come together and form a powerful whole scares me. The fact that this legislation does not appear to be regulation on its face deserves a great deal of credit. Too nicely integrated to be accidental in my view. Very cunning Janet et al, very cunning. > >At least that's how this sort of thing is handled in the UK - connecting >a modem which doesn't carry BABT approval to a BT line is a *criminal* >offence. That's just a modem - imagine what they would do with an unapproved >crypto device. I'm waiting for encryption devices to be included in the definition of personal communications system and covered outright by DT'94 >Your stance on Clipper has long since lost all semblance of credibility. Why >not admit it and stop cluttering up the group? > >--Paul > Mr. Sternlight serves an important function on the net. I rarely agree with him, or his style of arguement, but he has never resorted to personal attack in his discussions with me and for this he deserves at least some respect. I cannot speak for others he might have offended. -uni- (Dark) From tcmay at netcom.com Tue Mar 22 15:11:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 22 Mar 94 15:11:23 PST Subject: Stay focused on the big picture In-Reply-To: <199403222230.OAA15207@soda.berkeley.edu> Message-ID: <199403222312.PAA00599@mail.netcom.com> Someone who wishes to remain anonymous wrote: > There has been hostility expressed on this list towards > Limbaugh, 700 Club, UWSA, NRA, etc., and the 10's of millions of > politically active supporters who could be allies in the > anti-Clipper fight. > > In the interest of focusing attention on the big picture, I > offer the following eloquent letter: > > > Mr. [Recipient]: > > > > I'm writing to express my agreement with you > > concerning the dangerous, and in fact, tyrannous nature of > > the Clipper chip. However, I find your reasoning ..... > > I offer this in the spirit of cooperation, since I believe > > that if we hope to win the war, we should at least know who > > we are fighting! > > > > Sincerely, > > > > Robert J. Bork Is this a real letter? If so, where did it appear? (I don't doubt the possibility of Almost-Supremee Judge Bork having written this, but the absence of "when and where" undermines its credibility a bit, for me at least.) I agree with the sentiments, and, in fact, Cypherpunks at the Mountain View meetings cover a range of political views and yet we mostly are in full agreement that crypto should be unregulated. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mech at eff.org Tue Mar 22 15:15:27 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 22 Mar 94 15:15:27 PST Subject: stupid MacPGP question Message-ID: <199403222315.SAA01884@eff.org> I seem to be unable to get Mac PGP to strip old IDs off my key. I never get the option to do so, just add new ones. What's the trick? -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From warlord at ATHENA.MIT.EDU Tue Mar 22 15:25:56 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Tue, 22 Mar 94 15:25:56 PST Subject: Stay focused on the big picture In-Reply-To: <199403222312.PAA00599@mail.netcom.com> Message-ID: <199403222325.SAA06967@charon.MIT.EDU> FYI: This letter was written by rbork at frb.gov, someone at the Federal Reserve Board, who is not the Judge Bork you might think. This was an example used on pem-dev for why Distringuished Names would be a good thing. Personally, I think it doesn't make a difference. John Smith is John Smith, and just because you know that this John Smith works at Foosite International and that one works at Barsite, Inc., doesn't mean you necessarily know who they are, although it does help you differentiate them. (Then again, jsmith at foosite.org and jsmith at barsite.com differentiate them as well). Sigh. -derek From fhalper at pilot.njin.net Tue Mar 22 15:53:38 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 22 Mar 94 15:53:38 PST Subject: Breaking RSA Message-ID: <9403222353.AA21586@pilot.njin.net> I read an article in the New York Times business section today, and it talked a out how RSa may be close to being broken, thanks to the help of the Internet. I have two questions: A) If it is broken will PGP no longer be safe. B) Does the gov't have any involvement, since they have an awfully large stake? Thanks, Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From warlord at ATHENA.MIT.EDU Tue Mar 22 16:18:51 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Tue, 22 Mar 94 16:18:51 PST Subject: Breaking RSA In-Reply-To: <9403222353.AA21586@pilot.njin.net> Message-ID: <199403230018.TAA07792@charon.MIT.EDU> As one of the people quoted in the article..... You read it wrong. Go read the article again. "RSA129" is close to being broken. This is only a *SINGLE* RSA modulus. There are an infinite number of them. We are about to crack only one. It's taken us 8 months of work, so far, and this is only about 420 bits. Factoring is an exponential problem, so adding a small number of bits will greatly increase the amount of time needed to factor it. So, to answer your questions: a) It will prove that the 384-bit (causal-grade) PGP key is not safe, and that a 512-bit key is still somewhat safe, and that a 1024-bit key is still very safe! b) Yes, there are some govermental agencies helping with the factoring. For example, I've seen mail come in from lbl.gov, and a bunch of nasa sites, and probably a number of others. But they are only helping factor *THIS ONE NUMBER*. Data for this can only be used to help factor multiples of RSA129, but it will not help factor any other RSA modulus. I hope this answers your questions, and hopefully clears up a lot of misconceptions you clearly had when asking your questions. (I hope that many others didn't come to the same conclusions when reading that article -- I know that I didn't, but then again, I know whats going on ;-) -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) PGP key available from pgp-public-keys at pgp.mit.edu warlord at MIT.EDU PP-ASEL N1NWH From bruce at phantom.com Tue Mar 22 16:34:28 1994 From: bruce at phantom.com (Bruce Fancher) Date: Tue, 22 Mar 94 16:34:28 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: <199403222046.UAA10641@an-teallach.com> Message-ID: <9403230031.AA25415@mindvox.phantom.com> > > : From: Sandy Sandfort > > : Time for us to target Rush's show with anti-Clipper calls? His contact > : information is: > > >From what I understand of the loud-mouthed ass's psychology, you'll get > more out of him if you target him with *pro* clipper calls :-) > > G > You obviously don't understand much of the "loud-mouthed ass's psychology." Limbaugh is very anti-statist and if he had a position on the issue there's a good change it would be anti-clipper. Last time I checked, the clipper's biggest supporters were Clinton and Gore, who aren't exactly Rush's favorite people. From mech at eff.org Tue Mar 22 16:38:58 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 22 Mar 94 16:38:58 PST Subject: PGP for OS/2 Message-ID: <199403230038.TAA03839@eff.org> Just got word there's a 32-bit OS/2 version of PGP in Compu$erve's OS/2 forum library. I'll leave it to the PGP archiving folks to go snag it. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From fnerd at smds.com Tue Mar 22 16:44:53 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 22 Mar 94 16:44:53 PST Subject: Parker on Clipper PAGE 20? Message-ID: <9403222241.AA23586@smds.com> > In the 21-Mar-94 issue of Computerworld p.4 the following statment is > attributed to Donn Parker of SRI, "We have to make strong, nonescrow > encryption a crime"... In my copy it's on page 20, in the article, "Users blast government encryption plan," by Gary H. Anthes. Maybe I've got an east coast edition or something, it doesn't say so as far as I can tell. -fnerd - - - - - - - - - - - - - - - blue pill, Pharm. a pill of blue mass, used as an alterative... alterative, adj. tending to alter... -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From jkreznar at ininx.com Tue Mar 22 17:10:53 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Tue, 22 Mar 94 17:10:53 PST Subject: Parker on Clipper In-Reply-To: <199403220644.WAA08892@mail.netcom.com> Message-ID: <9403230106.AA01292@ininx> -----BEGIN PGP SIGNED MESSAGE----- > In the 21-Mar-94 issue of Computerworld p.4 the following statment is > attributed to Donn Parker of SRI, "We have to make strong, nonescrow > encryption a crime". I do not remember Parker making a statement like > this previously, is this a new position for Parker or is my memory > going bad? He is quoted in the March issue of Scientific American as saying ``You can't have absolute privacy. A democracy just can't operate that way.'' (page 101) The article goes on to say The question is not whether cyberspace will be subjected to legislation but rather ``how and when law and order will be imposed,'' Parker says. He predicts that the current state of affairs will get much worse before the government steps in ``to assure privacy and to protect the rights people do have.'' I was so incensed that I began writing him a letter questioning this. I might have carried through, but I couldn't find an email address for him right away. (Anyone have it handy?) His attitude reminds me of claims by DERD & Co. (love that new designator! what does the R stand for?) that ``if you knew what I know, you too would favor government surveillance''. You write almost as if you are surprised that he in particular would express these positions. I was unaware of his existence before reading this Scientific American piece, so I had no preconceived notions. Why were you surprised? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLY+VbMDhz44ugybJAQHXXgP8CtmWmGKRtkH0NQP82BvEn2HKA4yETXGw /1ztpQncJ/joInhIacuuGYLuPqf3q4ahBRWBa4l2+KHvn2f5Epsb71i2DUsTt/DT QQdxsUEX5DfeX4JFd0yVceYCkeC0Pd4yCXYlFy6xwl/HYgyQjtnx7F+97+XiWjNi VHvXjZo26n8= =ilkn -----END PGP SIGNATURE----- From sonny at netcom.com Tue Mar 22 17:47:45 1994 From: sonny at netcom.com (James Hicks) Date: Tue, 22 Mar 94 17:47:45 PST Subject: NSA Clipper Interview in WSJ In-Reply-To: Message-ID: <199403230148.RAA20700@mail.netcom.com> > On Tue, 22 Mar 1994, James Hicks wrote: > > > What does WSJ stand for? > > > > >James< > > Wall Street Journal. I thought cypherpunks were crypto experts. > > DCF > Thanks to everyone who helped me resolve this issue. I knew I could count on the C'punks in a pinch. :-) Now, point me toward Wall Street so I can find a copy. >James< From gtoal at an-teallach.com Tue Mar 22 17:56:48 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 22 Mar 94 17:56:48 PST Subject: CLIPPER CHIP ON LIMBAUGH Message-ID: <199403230155.BAA17278@an-teallach.com> : You obviously don't understand much of the "loud-mouthed ass's psychology." : Limbaugh is very anti-statist and if he had a position on the issue : there's a good change it would be anti-clipper. Last time I checked, : the clipper's biggest supporters were Clinton and Gore, who aren't exactly : Rush's favorite people. Oh, I just meant that by all reports he seems to be driven to disagree with anyone who tries to get him to espouse their favourite pet cause, and that perhaps some kindergarten reverse psychology might be more effective... G From qjones at infi.net Tue Mar 22 20:13:44 1994 From: qjones at infi.net (Wayne Q Jones) Date: Tue, 22 Mar 94 20:13:44 PST Subject: spyproofing your house/work building In-Reply-To: <9403211645.AA17067@internal.apple.com> Message-ID: Ok genuises. The above subject mentioned FLIR talking about apying in the IR spectrum. SLIR is Side Looking Infrared Radar, OTH is Over the Horizon, UV is UltraViolet (existing light) Low Light speaks for itself. Remote Sensing and Remote Imaging is what I am involved in. Stealth is basically passive radar. Take it from there.... Wayne On Mon, 21 Mar 1994, Lefty wrote: > Wayne Q Jones excretes: > > > >With FLIR you have SLIR OTH UV LOW LIGHT from the military (Billy boy > >is itching to deploy here in the good ole USA). Remote Sensing RADAR SONAR > >Stealth RADAr, Remote Imaging SYStems all kinds of goodies coming home. > >TO do what..fight crime..Yeah right. I remember law and order Nixon. > > Cryptography is the least of your problems. A high tech military is > >coming home and Billy wants to put them to use on our streets..>!!! > >He just loves gadgets. Dissent may become passse' in America. > > Stupidity, on the other hand, is _always_ in style, eh, Wayne? > > Whyncha see whether you can locate a second neuron up in that vast, echoing > space? You might get better results rubbing two of 'em together. > > And, hey, if you're going to go out, don't forget your tinfoil hat! The > alien radio control beams are pretty thick out there today. > > -- > Lefty (lefty at apple.com) > C:.M:.C:., D:.O:.D:. > > **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From VACCINIA at UNCVX1.OIT.UNC.EDU Tue Mar 22 20:38:21 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 22 Mar 94 20:38:21 PST Subject: Profiles and DTII Message-ID: <01HAAH5ZWWO2000NL6@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- I would like to offer up a scenario which I have heard allusions to, but has not been concretely spelled out. It is admittedly farfetched, but not out of the realm of possibility. Imagine a room full of Cray XMP's running an AI program developed ala FinCen, NSA etc. This program can obtain "setup" information (because DTII has passed) without need for even a warrant. The program detects certain patterns of information transfer (phone, Net, whatever) that it deems suspicious. Suspects are then "explored" further. What kind of computing power would it take to implement complete survailence on say, Washington, D.C.? This system is very similar to how law enforcement agents now patrol the nations highways. People fitting a certain profile are detained by the police, and searched. Has it been determined if such search and seizures are legal? I recently wrote to NBC to inform them of what the detection of their calling patterns (in real time) could mean to the confidentiality of their sources. How many people would commit sensitive information to the media knowing that they could be easily monitered? It should be constantly pointed out to the media that they have a great deal to lose by passage of DTII, Clipper et al. The information exchange business could easily be coerced by Gov't in the near future. Just a few ramblings I wanted to get off my chest. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLY+olT2paOMjHHAhAQFDrAP/Qnok1TUHx06MG3oc72So39OkJyVCFph6 yMzeHWw65MfarOy12KcB2ASx0XCX5/q1xMocVKIsNMrqnwA018gzUuOzUUrcVp1I DKqHaBkfcfFkoJ+S3DJQnpXIKw2qjH27dKqsyPLEmH5cripaSSK5xswakwY6mJIu /cKMMXCMCvU= =Yaym -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Tue Mar 22 20:53:05 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 22 Mar 94 20:53:05 PST Subject: PGP for OS/2 In-Reply-To: <199403230038.TAA03839@eff.org> Message-ID: <9403230450.AA17555@flammulated.owlnet.rice.edu> Stanton McCandlish wrote: >I'll leave it to the PGP archiving folks to go snag it. It's available via ftp from a few european sites also: (from the pgp22.txt file at ftp-os2.cdrom.com). OS/2 executables for PGP 2.2 are available from ftp.uni-erlangen.de, pub/pc/os2/fauern/crypt/pgp22os2.zip I checked a few domestic os2 ftp sites; they all seem to have a file telling you where else to go... I guess the os2 ftp sites are unwilling to carry pgp? I got my copy of pgp32.exe (32 bit pgp2.3a) from the archive in Finland (nic.funet.fi in pub/os2/2.x/diskutil I beleive; I can't check right now because of a "your ftp client misuses NLST primitive" error which seems to hang eveything...) -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From rocker at hermes.acm.rpi.edu Tue Mar 22 21:47:00 1994 From: rocker at hermes.acm.rpi.edu (rocker - accept no substitutes) Date: Tue, 22 Mar 94 21:47:00 PST Subject: CLIPPER CHIP ON LIMBAUGH Message-ID: <199403230547.AAA23675@hermes.acm.rpi.edu> On Mar 22, 7:31pm, Bruce Fancher wrote: } You obviously don't understand much of the "loud-mouthed ass's psychology." } Limbaugh is very anti-statist and if he had a position on the issue } there's a good change it would be anti-clipper. Last time I checked, } the clipper's biggest supporters were Clinton and Gore, who aren't exactly } Rush's favorite people. This is what would concern me. Limbaugh seems to be big on knee-jerk reactions. Has he got some intelligent insights on the Clipper issue, or is it simply another case of "Bill's fer it so I'm agin it!" A well-constructed argument might convince people on both sides, crying "Hey, it's a LIBERAL idea, it MUST be bad!" is likely to lose more support than it gains. -rocker From catalyst-remailer at netcom.com Tue Mar 22 21:56:44 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Tue, 22 Mar 94 21:56:44 PST Subject: Netcom mail queue Message-ID: <199403230557.VAA09337@mail.netcom.com> Look what I found. VAA08268* 757 Tue Mar 22 21:49 "|exec `/usr/local/bin/homedir`/bin/procmail "| /usr/local/bin/filter -o /u30/jrest" "| /usr/local/bin/filter -vo /u48/vznquest/.e quenelle at eng.sun.com "|IFS=' ';exec /usr/local/bin/procmail #speac "|IFS=' ';exec /usr/local/bin/procmail #bgome "| /usr/local/bin/filter" "|IFS=' ';exec /u1/pomona/bin/procmail #pomon "| /usr/local/bin/new/filter" |/u1/nates/remailer/remailer.pl "|/usr/local/bin/filter -vo /u1/dgordon/.elm/ "|IFS=' ';exec /usr/local/bin/procmail" "| /u29/catalyst/remail/slocal.pl" "|IFS=' ';exec /u1/rustman/bin/procmail #rust "| /u1/szabo/filter.sh" "|exec /usr/local/bin/new/procmail #jkyser" |"exec /usr/local/bin/new/procmail #mlshew" "|IFS=' ';exec /usr/local/bin/procmail #chip" From consensus at netcom.com Tue Mar 22 22:17:54 1994 From: consensus at netcom.com (Christopher Allen) Date: Tue, 22 Mar 94 22:17:54 PST Subject: FWD: RIPEM/SIG - Worldwide Digital Signature Software Message-ID: <9403230617.AA15370@apple.com> At 9:23 PM 3/21/94 -0800, Christopher Allen wrote: >At 12:21 AM 3/19/94 -0700, mdbomber at w6yx.stanford.edu wrote: > >I tried turning RIPEM Mac loose on this message and it complains about a > >garbled Originator Certificate, then complains that it does not appear > >to be a PEM/RIPEM message. > > > >Did anyone else get this to work? > >I've tested this further - like you I can't seem to verify the press >release using RIPEM Mac. However, I did find someone with the RIPEM 1.2 >software installed and it does verify with that software. > >I've sent a copy to Ray Lau, the author of RIPEM Mac, as I know that he is >working on incorporating the features of RIPEM 1.2 in the next version of >RIPEM Mac. I did send a report to Ray Lau, the author of RIPEM Mac. This is his response: At 11:13 PM 3/22/94 -0500, raylau at MIT.EDU wrote: >I've figured out the problem. > >Jim did indeed change his keypair for RIPEM 1.2 so the forged msg. is >because the keypair in the pubkeys file on rpub.cl.msu.edu is outdated. > >Also, since RIPEM 1.2 now supports certificates, but because it is not >fully PEM compliant, it uses a certificate in a RIPEM 2001 (not PEM 4) >msg. proc-type. I have not had the chance to update RIPEM Mac to >recognize certificates within the 2001 proc type yet. > >So, that is the gist of it. > > -Ray ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From wcs at anchor.ho.att.com Tue Mar 22 23:46:39 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 22 Mar 94 23:46:39 PST Subject: Where to find RIPEM/SIG (an exportable version of RIPEM) Message-ID: <9403230745.AA27381@anchor.ho.att.com> A slightly older version of ripem can also be found on rsa.com, with much less complicated access (you read a readme file which tells you the rules, and tells you to cd to a random-named directory); you don't need to get an account there or sign anything. It's also got RSAREF, of course, and does have the latest version of that. I assume they'll get current RIPEM there soon, and maybe RIPEM-SIG. From wcs at anchor.ho.att.com Wed Mar 23 00:03:15 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 23 Mar 94 00:03:15 PST Subject: CLIPPER CHIP ON LIMBAUGH Message-ID: <9403230802.AA27519@anchor.ho.att.com> Limbaugh does occasionally think rather than just knee-jerking, though he does claim to broadcast with half his brain tied behind his back :-) He's not so much anti-statist overall as he is anti-Liberal; on positions where the rightwing is statist and the left is non-statist, he seems to run about 50-50. He's distinctly pro-military, and generally pro-police, so having him come out against Clipper is not a given (and would be less likely to have happened if Bush had still been President when it was announced...) But it's good that he's against it; having a bunch of dittoheads sending mail to the whitehouse telling them to drop this nonsense can't hurt. Bill From GRABOW_GEOFFREY at tandem.com Wed Mar 23 00:13:33 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Wed, 23 Mar 94 00:13:33 PST Subject: PGP key fingerprints. Message-ID: <199403230014.AA19769@comm.Tandem.COM> C'punks, Is there any way to get PGP to display the fingerprint of a public ke before you add it to your keyring? I know that the -kvc command displays 'em for keys in your ring, but can you display one for a key in an ASCII armoured file? Thanks, G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/qhsAAAEEAN4QxTfSBoeP/FCiaX0/KmCkl6BcKRa1PeoP6ZlPWydg1nOx yZAk8pIdgiGxxgiMBMsqD+SrU+Sl1Fx1AdJ14HJsBp1V6G4rBTZqvFpbNPCfrQfz K/Apg+7bBpi5Qv+sQ0TWIy38zp/laArgcdUOpE4oE2UOUBVEtYvm47K2P+i5AAUR tC9HZW9mZnJleSBDLiBHcmFib3cgPGdyYWJvd19nZW9mZnJleUB0YW5kZW0uY29t Pg== =2NWi -----END PGP PUBLIC KEY BLOCK----- From warlord at MIT.EDU Wed Mar 23 00:20:54 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 23 Mar 94 00:20:54 PST Subject: PGP key fingerprints. In-Reply-To: <199403230014.AA19769@comm.Tandem.COM> Message-ID: <9403230820.AA15194@toxicwaste.media.mit.edu> No. The only way to do this would be to tell PGP to use this file as a keyring, but you can't do that if its in ASCII armor. Besides, the fingerprint was designed to be used to verify the key when you sign it, not as anything that should be used to know whether you want to add the key to the keyring, therefore it is only possible to -kvc something on your keyring. FYI: If you say that yes, you want to sign it, while you are adding it to your keyring, it will then display the fingerprint for you. Hope this answers your question. -derek From tcmay at netcom.com Wed Mar 23 00:20:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 23 Mar 94 00:20:55 PST Subject: I'm Glad Clinton Won in '92 In-Reply-To: <9403230802.AA27519@anchor.ho.att.com> Message-ID: <199403230821.AAA01297@mail.netcom.com> Bill Stewart writes: > Limbaugh does occasionally think rather than just knee-jerking, > though he does claim to broadcast with half his brain tied behind his back :-) > He's not so much anti-statist overall as he is anti-Liberal; > on positions where the rightwing is statist and the left is non-statist, > he seems to run about 50-50. He's distinctly pro-military, > and generally pro-police, so having him come out against Clipper is > not a given (and would be less likely to have happened if Bush > had still been President when it was announced...) > But it's good that he's against it; having a bunch of dittoheads > sending mail to the whitehouse telling them to drop this nonsense > can't hurt. Indeed, I'm getting a little bit hopeful about things. To wit: - the Republicans who embraced statism and Big Government when their party held the top dog position are gradually returning to their anti-government rhetoric. (Caveats: Some of it is political opportunism. And not all of them feel this way. And if the Repubs win in '96, as seems increasingly likely, all bets could be off.) I'm hopeful that the Dems can also regain their traditional concern for civil liberties, for concerns that a fascist state will use its surveillance powers to oppress the citizenry, and that things like Digital Big Brother need to be opposed. I'm glad Clinton won in '92....it shows the nation that Democrats can run police state policies worthy of George Bush, it shook Republicans out of the their comfortable governing stance, and it proves ultimately that neither side is any less contemptuous of individual liberties than the other. -- Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From beker at netcom.com Wed Mar 23 00:46:20 1994 From: beker at netcom.com (Brian Beker) Date: Wed, 23 Mar 94 00:46:20 PST Subject: Netcom mail queue In-Reply-To: <199403230557.VAA09337@mail.netcom.com> Message-ID: I tried to reply only to catalyst, but it bounced, which is why this appears here... On Tue, 22 Mar 1994 catalyst-remailer at netcom.com wrote: > Look what I found. > > VAA08268* 757 Tue Mar 22 21:49 > ^^^^^^^^^^^^^^^^ This is me. I odn't understand what this is about and would be appreciative of any clarification. Yours, Brian Beker From northrop at netcom.com Wed Mar 23 01:07:16 1994 From: northrop at netcom.com (Scott Northrop) Date: Wed, 23 Mar 94 01:07:16 PST Subject: Netcom's mail queue Message-ID: <199403230908.BAA03834@mail.netcom.com> Wow, some people love to do things the hard way. You missed a few, by the way. "Torin/Darren/Who Ever..." Alan Mason Allen Robinson Brian Beker Bruce R Koball Mark Shepard Ranjan Bagchi \tcmay at netcom.com analyst at netcom.com (Benjamin McLemore) argos at netcom.com (Peter Johnson) bart at netcom.com bgomes at netcom.com bwp at netcom.com (Bandwidth Pig) catalyst at netcom.com (Scott Collins) ccat at netcom.com chip at netcom.com claudel at netcom.com (Claude V. Lucas) consensus at netcom.com (Christopher Allen) crunch at netcom.com dgordon at netcom.com (David Gordon) doug at netcom.com (Doug Merritt) eman at netcom.com (Emanuel Barros) erin1 at netcom.com (COUNT ZERO) eyeball at netcom.com (David M. Berman) freeman at netcom.com jamie at netcom.com (Jamie Dinkelacker) jesse at netcom.com (Jesse Montrose) jhw at netcom.com jimn8 at netcom.com (Jim Nitchals) jjohnson at netcom.com (John T. Johnson) jkyser at netcom.com (Jeff Kyser) jpdavid at netcom.com (john kordic) jrest at netcom.com (John Restrick) jtl at netcom.com (Todd Larason) mlinksva at netcom.com (Michael R Linksvayer) mlshew at netcom.Com moulton at netcom.com mpd at netcom.com (Mike Duvos) nates at netcom.com norm at netcom.com paul braunbehrens pfarrell at netcom.com ph at netcom.com (Peter Hendrickson) plaz at netcom.com (Geoff Dale) pomona at netcom.com (Alexander J. Harrington) quenelle at netcom.com (Chris Quenelle) rcain at netcom.com (Robert Cain) richardr at netcom.com (Richard L. Robertson) rogerp at netcom.com (Roger Plichta) rpandya at netcom.com (Ravi Pandya) russw at netcom.com (Russell Earl Whitaker) rustman at netcom.com (Rusty Hodge) sjl at netcom.com snarl at netcom.com sonny at netcom.com (James Hicks) speacock at netcom.com (Sean P Peacock) szabo at netcom.com (Nick Szabo) zzyzx at netcom.com (Phil Free) Majordomo has a "who" command. No muss, no fuss. As has been mentioned before, this is not a secure forum. Scott -- Scott Northrop (206)784-2083 Those who use arms well cultivate the Way and keep the rules. Thus they can govern in such a way as to prevail over the corrupt. -- Sun Tzu, The Art of War, Book IV From joshua at cae.retix.com Wed Mar 23 04:19:46 1994 From: joshua at cae.retix.com (joshua geller) Date: Wed, 23 Mar 94 04:19:46 PST Subject: CLIPPER CHIP ON LIMBAUGH Message-ID: <199403231218.EAA00932@sleepy.retix.com> > Limbaugh does occasionally think rather than just knee-jerking, > though he does claim to broadcast with half his brain tied behind his back :-) > He's not so much anti-statist overall as he is anti-Liberal; > on positions where the rightwing is statist and the left is non-statist, > he seems to run about 50-50. he seems to toe the republican party line pretty closely, usually. there aren't too many actual conservatives out there, if you think about it. bill buckley. barry goldwater (but he's old). josh From terry.smith at canrem.com Wed Mar 23 08:10:08 1994 From: terry.smith at canrem.com (Terry Smith) Date: Wed, 23 Mar 94 08:10:08 PST Subject: Administrivia: Questi Message-ID: <60.5246.6525.0C199677@canrem.com> Jim Choate wrote  |-------------------------------| >> Ok - I'm going to have to come out and admit that I have no idea what >> the geek code is and I'm dying to know.... >> Terry Smith - XANTH sysop - 1:259/510 >> >related to the cat characteristic codes I would imagine...check out pets.c |-------------------------------| Ok thanks! Terry Smith - XANTH sysop - 1:259/510 CI$ 70733,3013 PGP 2.3A KEY FREQABLE AS 'KEY'. My opinions are not that of my company. But one day they WILL be! And then - the -+*WORLD*+- Bwaw ha ha !!. Read the Tick and others by NEC. Geraldo - "So, Mr. Smith, you admit you like to eat babies!" Me - "Nono - I admit I like to eat BABES!" --- * TLX v1.55 * Is Q related to Q*Bert, Qleopatra or HerQles? From sandfort at crl.com Wed Mar 23 08:31:03 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 23 Mar 94 08:31:03 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: <199403230547.AAA23675@hermes.acm.rpi.edu> Message-ID: C'punks, On Wed, 23 Mar 1994, rocker wrote: > On Mar 22, 7:31pm, Bruce Fancher wrote: > } . . . Last time I checked, > } the clipper's biggest supporters were Clinton and Gore, who aren't exactly > } Rush's favorite people. > > This is what would concern me. Limbaugh seems to be big on knee-jerk > reactions. Has he got some intelligent insights on the Clipper issue, > or is it simply another case of "Bill's fer it so I'm agin it!" A > well-constructed argument might convince people on both sides, crying > "Hey, it's a LIBERAL idea, it MUST be bad!" is likely to lose more > support than it gains. . . The reason I posted the Rush/Clipper post was because I do listen to him. Three things need to be noted about subsequent posts: 1) It is clear that the knee jerks reactions are coming from folks who have never listened to Limbaugh for long enough to know what the hell they are talking about. I think they are reacting to the untrue flames uttered by his detractors. 2) He doesn't just disagree with Bill and Hillary. He strongly supported the Prez on NAFTA, for example. He is very clever and does some excellent original thinking on important issues--like Clipper. 3) All of this back biting is truly irrelevant to this list. Who cares if Rush practices "hate radio" or not? The germain facts are these: a) Rush is against Clipper b) A huge number of people listen to him c) His listeners tend to give his opinions great weight Do we really need to "qualify" Mr. Limbaugh as enemy of our enemy? S a n d y From jim at rand.org Wed Mar 23 08:37:04 1994 From: jim at rand.org (Jim Gillogly) Date: Wed, 23 Mar 94 08:37:04 PST Subject: PGP key fingerprints. In-Reply-To: <199403230014.AA19769@comm.Tandem.COM> Message-ID: <9403231636.AA13510@mycroft.rand.org> > GRABOW_GEOFFREY at tandem.com writes: > Is there any way to get PGP to display the fingerprint of a public ke > before you add it to your keyring? I know that the -kvc command displays I sometimes add them to a temporary keyring (pgp -ka file.asc testring) and then do pgp -kvc "*" testring so I can see what I'm about to stick in there. I didn't bother before somebody or other (was that you, Hal?) demonstrated that he could change the name on Phil's PGP key, and I didn't want it polluting my keyring. Jim Gillogly Sterday, 1 Astron S.R. 1994, 16:36 From lefty at apple.com Wed Mar 23 08:40:22 1994 From: lefty at apple.com (Lefty) Date: Wed, 23 Mar 94 08:40:22 PST Subject: spyproofing your house/work building Message-ID: <9403231639.AA28264@internal.apple.com> > Ok genuises. The above subject mentioned FLIR talking about apying in >the IR spectrum. SLIR is Side Looking Infrared Radar, OTH is Over the >Horizon, UV is UltraViolet (existing light) Low Light speaks for itself. > Remote Sensing and Remote Imaging is what I am involved in. Stealth is >basically passive radar. Take it from there.... Ah, but do you know what TLA is? Feel free to impress us some more with your wit. Either half of it. Have you brought down the NSA with your Side Looking Low Light Ultraviolet Macrobiotic Cyberphage yet? Let me know when it happens: I want to make a lowball offer on some of their old equipment. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jdwilson at gold.chem.hawaii.edu Wed Mar 23 08:56:13 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Wed, 23 Mar 94 08:56:13 PST Subject: How to control the Internet. In-Reply-To: <940321202250_71431.2564_FHA81-1@CompuServe.COM> Message-ID: <9403231655.AA28554@gold.chem.hawaii.edu> > >>I'm having a nightmare about a Microsoft-like domination of global > >>communications, complete with SPA police, etc. > >>................................. > > >Unlike the government, Microsoft and McCaw Cellular both depend upon a > >customer-driven market for their acceptance. They must convince their > >customers that they are better than the competition in providing a > >similar service; they must adjust this service to the customer's > >requests & preferences or lose the account. > > >Blanc > And the island of Lanai and it's beaches are supposed to be part of the State of Hawaii and therefore available to the public yet Bill was able to block all access to the island for his wedding... (Stink still going on about that too) -Jim ......................... . == = = Jim Wilson...... . " " " P. O. Box 15432.......... . " " /\ " Honolulu, HI 96830-5432...... . \" "/ \" jdwilson at gold.chem.hawaii.edu. ............................................ -----BEGIN PGP MESSAGE----- Version: 2.4 iQCVAgUALWUakmhHpCDLdoUBAQGiqwP/cKCm2jZDbZ/FqU3I7BYFqRaSLKycjoko Jj7qYP1LMk+0SP/NbsBVu+WxBSwrkjj63oCuUJ3NVuqVBhm1rS16AWWHwDYtC3Q/ WYTrJtAHLEQhdkM52OwL+mkm9oQr+52pnxzPRZjis7I2crPDBBEvHz6MHnfhZDpz bUca10vx6ms= =HHGs -----END PGP MESSAGE----- From blancw at microsoft.com Wed Mar 23 10:25:23 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 23 Mar 94 10:25:23 PST Subject: How to control the Internet. Message-ID: <9403231826.AA21102@netmail2.microsoft.com> And the island of Lanai and it's beaches are supposed to be part of the State of Hawaii and therefore available to the public yet Bill was able to block all access to the island for his wedding... (Stink still going on about that too) -Jim Wilson ................................. I can't say that everything that billg does or makes arrangements for with his clout will be defensible; I can point out that any arrangements which he makes with others depends upon those individual's consent, their agreeableness, and not to coercion or the elimination of choice altogether. (I don't know all of the details of how the closing off of those portions of the island was arranged, but I don't think that the owners of the island agreed to close off access simply out of the goodness of their hearts.) It is amazing what many people will agree to, when they can receive the benefit of cash, and this goes regardless of whether it comes from private one-to-one relations or whether it comes from governmental fund "distributions"; if there is someone to blame in that event, it would have to include the owners and all of those who were amenable to making it possible. The threat of a monopolization of power which Bradley Dolan mentioned as being presented by Microsoft's dominance in the market is not of the same type as is presented by the government's. From what I know about "intellectual property", this concept is supposed to establish the source of what has been produced (software) as belonging to its creator, and therefore as something akin to an object or service which can be traded and from which one can receive payment. It's a way to make a living, in other words, based on the recognition of a value. The only way that I can think of to counter the dominance of one company in the free exchange of goods is to desist from the purchase of that company's offerings, or better yet to produce better ones and make a better case for them with the buying public. Blanc From adam at bwh.harvard.edu Wed Mar 23 10:34:54 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 23 Mar 94 10:34:54 PST Subject: Parker on Clipper In-Reply-To: <9403230106.AA01292@ininx> Message-ID: <199403231831.NAA13874@spl.bwh.harvard.edu> You could try dparker at sri.com. I don't know if thats the right dparker or not, but its worth a try. 250 CRVAX.SRI.COM I knew you could! Hello SPL.BWH.HARVARD.EDU expn dparker 250- <10966 at CRVAX.SRI.COM> 250 CRVAX.SRI.COM OK. vrfy fake-user 551-Error=0400801A 551-Unable to find user fake-user 551-Unable to find user FAKE-USER | > In the 21-Mar-94 issue of Computerworld p.4 the following statment is | > attributed to Donn Parker of SRI, "We have to make strong, nonescrow | I was so incensed that I began writing him a letter questioning this. I | might have carried through, but I couldn't find an email address for him | right away. (Anyone have it handy?) His attitude reminds me of claims Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From frissell at panix.com Wed Mar 23 11:01:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 23 Mar 94 11:01:10 PST Subject: Promise her anything... Message-ID: <199403231900.AA14983@panix.com> H>A few days ago I said I'd look up the legal requirements on promissory H>notes. There are two separate issues in your post -- a promissory note and a negotiable instrument. A promissory note is simply a promise to pay someone else something of value. In order to be valid, the note has to contain enough information so that a court (or arbitrator) can determine that the maker of the note intended to create a debt, that we can determine the amount, and that we can determine to whom it is owed and when it is due. A negotiable instrument is a debt instrument that can be sold (negotiated) and if sold to a "holder in due course" (someone who buys the note for value and without knowledge of any disputes) can be collected on its face terms and without reference to any counter claims between the original maker and the original creditor. This aspect of negotiable instrument law has caused some libertarians to oppose the concept of negotiability. The Black Letter phrase from my Commercial Paper class in law school: ---------- Negotiable Instrument: A promise to pay to order or bearer a sum certain in money on or after a date certain. ---------- Note that bearer notes were always specifically included in the definition. H>This was to see whether digital cash or similar instruments could H>implement digital promissory notes. Yes, they could. DCF --- WinQwk 2.0b#1165 From wex at media.mit.edu Wed Mar 23 11:09:41 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Wed, 23 Mar 94 11:09:41 PST Subject: Clipper chip opposition Message-ID: <9403231909.AA05601@media.mit.edu> [From EDUPAGE again --AW] InfoWorld publisher Bob Metcalfe states in a Wall Street Journal op-ed piece that he is against Clipper Chip technology, but for different reasons than those cited by the ACLU and the Electronic Frontier Foundation. Rather than getting steamed up about the right to privacy issue, which he notes was always a conditional right anyway, Metcalfe says, "I am against Clipper simply because it will not work, and it will cost an unnecessary amount of tax money to outfit government computers with the chips." Even if Clipper were built into every computer and phone system, "smart criminals can easily get around Clipper by using additional encryption. Stupid criminals will continue to do stupid things and get caught." (Wall Street Journal 3/22/94 A14) From a-ophirr at microsoft.com Wed Mar 23 12:04:46 1994 From: a-ophirr at microsoft.com (Ophir Ronen (Rho)) Date: Wed, 23 Mar 94 12:04:46 PST Subject: A possibility... Message-ID: <9403232005.AA26190@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- Hello All, I have an idea that may or may not be feasible so I am offering it for scrutiny. What I am thinking is to have one person encrypt using a RNG (noise). He encrypts his message using the noise on one channel and then copies the noise utilized on another channel. He then mixes the two channels to create....noise. On the other side the person must be expecting the noise and must know how to seperate the signal. It seems that this leaves things open by having the encryption key along with the message, but the message itself is just noise. (i.e. the interloper must know of the signal, and know how to split it into it's two components.) Comments? -Ophir ******************************************************************* Ophir Ronen key id:E67065 print = 66 57 94 27 D9 70 C5 B4 95 31 F6 41 FD 5C EB 1A ******************************************************************* -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZCfXNhDgNPk5nBlAQHYwAP+LtV07arvUwpdkTtmSQcm8WAk9E+7LX4F I4ILQfuOt9fnIoFOgMr2QX1gbRmYR1+PgKeuzMV8QEmdxXb/tJdF4Gven4OCmRUR XRIln4Eau0uuxbjmPkI+gVcdgbML1LKb6I4ExCsIQOZhVoYcO1PJWugxxiIaRkDd QiBwuZ0yQTk= =4r3N -----END PGP SIGNATURE----- From karn at qualcomm.com Wed Mar 23 12:50:40 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 23 Mar 94 12:50:40 PST Subject: Parker on Clipper In-Reply-To: <9403230106.AA01292@ininx> Message-ID: <199403232047.MAA15374@servo.qualcomm.com> >You write almost as if you are surprised that he in particular would >express these positions. I was unaware of his existence before reading >this Scientific American piece, so I had no preconceived notions. Why >were you surprised? Exactly. Parker has been in the computer security field for a long time, and he is well known for expressing views that can be best described as ultra-conservative and extremely authoritarian. These comments of his are about as surprising as those of George Bush calling for the reversal of Roe v Wade. But so what? The man is entitled to his opinions. Rather than jump on him for expressing them, perhaps you should disseminate them as widely as possible. I can't think of a much better way to rally the opposition to Clipper. Remember that the power to counter things like Clipper is already in your hands. Don't let people like Parker just get you mad. Get even - write code! Phil From nobody at soda.berkeley.edu Wed Mar 23 13:27:11 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Wed, 23 Mar 94 13:27:11 PST Subject: Controlling the Internet Message-ID: <199403232126.NAA00899@soda.berkeley.edu> [It shouldn't be too hard to figure out who "nobody" is:] Blanc writes... >I can't say that everything that billg does or makes arrangements for >with his clout will be defensible; I can point out that any >arrangements which he makes with others depends upon those individual's >consent, their agreeableness, and not to coercion or the elimination of >choice altogether. (I don't know all of the details of how the closing ... >The threat of a monopolization of power which (someone) mentioned >as being presented by Microsoft's dominance in the market is not of the >same type as is presented by the government's. From what I know about >"intellectual property", this concept is supposed to establish the >source of what has been produced (software) as belonging to its >creator, and therefore as something akin to an object or service which >can be traded and from which one can receive payment. It's a way to >make a living, in other words, based on the recognition of a value. I think we agree philosophically. Where we diverge is in our understanding of things-as-they-are. I contend that large companies, MS being one example, often enlist the government and its coercive powers in their service. One issue where I think I've seen MS's hand is "intellectual property". My concern about "intellectual property" is that MS and some others have changed the terms of the debate ["property" is protected more than "privilege"] and the law to further their own interests, to the detriment of the rest of us. >The only way that I can think of to counter the dominance of one >company in the free exchange of goods is to desist from the purchase of >that company's offerings, or better yet to produce better ones and make >a better case for them with the buying public. We need to reduce the power of government so that it cannot be enlisted in any company's service. That said, I am following your advice: With the exception of the ubiquitous DOS/Windows operating systems, I've gotten rid of every MS product on my machines. If OS/2 ever grows up [can handle a 14.4k faxmodem for example], I'll be MS free. -------------------------------------------------------------------- One example of why I'm ticked at SPA folks ... >Date: [Recently] >To: [Us] >From: [Them] >Comprehensive Computer Inspection >Beginning [Soon], [We] will conduct a comprehensive inspection ... >...[T]the sofware inventory and licensing compliance issue will be >emphasized. Each user should make certain that the report from the >latest sofware inventory list is up-to-date and is readily >available for the inspector. (...) >When confronted by potential inspectors... No "smart" remarks ... I'm tired of this shit. Now, imagine if SPA owned the internet.... From nobody at shell.portal.com Wed Mar 23 13:33:40 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 23 Mar 94 13:33:40 PST Subject: Controlling the Internet Message-ID: <199403232134.NAA01956@jobe.shell.portal.com> [It shouldn't be too hard to figure out who "nobody" is:] Blanc writes... >I can't say that everything that billg does or makes arrangements for >with his clout will be defensible; I can point out that any >arrangements which he makes with others depends upon those individual's >consent, their agreeableness, and not to coercion or the elimination of >choice altogether. (I don't know all of the details of how the closing ... >The threat of a monopolization of power which (someone) mentioned >as being presented by Microsoft's dominance in the market is not of the >same type as is presented by the government's. From what I know about >"intellectual property", this concept is supposed to establish the >source of what has been produced (software) as belonging to its >creator, and therefore as something akin to an object or service which >can be traded and from which one can receive payment. It's a way to >make a living, in other words, based on the recognition of a value. I think we agree philosophically. Where we diverge is in our understanding of things-as-they-are. I contend that large companies, MS being one example, often enlist the government and its coercive powers in their service. One issue where I think I've seen MS's hand is "intellectual property". My concern about "intellectual property" is that MS and some others have changed the terms of the debate ["property" is protected more than "privilege"] and the law to further their own interests, to the detriment of the rest of us. >The only way that I can think of to counter the dominance of one >company in the free exchange of goods is to desist from the purchase of >that company's offerings, or better yet to produce better ones and make >a better case for them with the buying public. We need to reduce the power of government so that it cannot be enlisted in any company's service. That said, I am following your advice: With the exception of the ubiquitous DOS/Windows operating systems, I've gotten rid of every MS product on my machines. If OS/2 ever grows up [can handle a 14.4k faxmodem for example], I'll be MS free. -------------------------------------------------------------------- One example of why I'm ticked at SPA folks ... >Date: [Recently] >To: [Us] >From: [Them] >Comprehensive Computer Inspection >Beginning [Soon], [We] will conduct a comprehensive inspection ... >...[T]the sofware inventory and licensing compliance issue will be >emphasized. Each user should make certain that the report from the >latest sofware inventory list is up-to-date and is readily >available for the inspector. (...) >When confronted by potential inspectors... No "smart" remarks ... I'm tired of this shit. Now, imagine if SPA owned the internet.... From rarachel at prism.poly.edu Wed Mar 23 13:50:21 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 23 Mar 94 13:50:21 PST Subject: A possibility... In-Reply-To: <9403232005.AA26190@netmail2.microsoft.com> Message-ID: <9403232137.AA17936@prism.poly.edu> > I have an idea that may or may not be feasible so I am offering it for > scrutiny. Congrats, you've tripped on an idea of mine, which I've already implemented. :-) Actually, I've done a lot more than just encrypt the data with noise and mixed the two, as that would be insecure once you know the algorithm... If you guys are interested, I'll post up a "alpha-development" version of the paper I wrote describing this thing. This btw is my project for the crypt- analysis class I'm taking... On the surface it seems pretty secure... There was a hole I plugged up, but that's another issue... I did have a working version of the software, however a rather uncool program decided to eat my hard drive for breakfast, and unfortunatly I lost it. THe last two backups are of a previous (unplugged) version and of a half-way inbetween non-working version... Now I've been busy working on a SecureDrive type program for the Mac so I haven't payed much attention to this, however it has some very interesting possibilities including the ability to be used in stego in a verry cool way... > What I am thinking is to have one person encrypt using a RNG (noise). He > encrypts his message using the noise on one channel and then copies the noise > utilized on another channel. He then mixes the two channels to > create....noise. Ditto, only I used several channels, not just two... > On the other side the person must be expecting the noise and must know how to > seperate the signal. It seems that this leaves things open by having the > encryption key along with the message, but the message itself is just noise. > (i.e. the interloper must know of the signal, and know how to split it into > it's two components.) That's how mine works... it works by taking in the noise and a passkey. The passkey determines which bits are noise and which are data, and more importantly how to decrypt the data... If you take the random noise data you feed in, and replace it with the low bits of a picture, you've got a pretty good stego program... From fnerd at smds.com Wed Mar 23 13:57:57 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 23 Mar 94 13:57:57 PST Subject: Government by Sysadmin Message-ID: <9403232149.AA00606@smds.com> Maybe people like Dot and Don think of government as a systems-administration sort of job. So here they are, security experts advising the sys admins on things like... setting permissions allocating quotas registering users and giving them passwords (we used to put the encrypted passwords in /etc/passwd, but now we put them in /etc/shadow, with no read permission, so they're safe) deciding what utilities are and aren't available deciding what software the users need, and installing it (grudgingly, based on who's yelling the loudest) setting up connections to other machines deciding who's allowed to log in from "foreign hosts" getting mail set up and running buying new hardware from vendors specifying the hardware to the vendors ... These are the things computer security experts advise on. Maybe hammer experts see things as nails. Only a country is not a host system owned and administered by the government, and citizens are not guests or users. Maybe we Unix mavens are partly at fault for propogating systems that are such good models for dictatorships. -fnerd quote me - - - - - - - - - - - - - - - blue pill, Pharm. a pill of blue mass, used as an alterative... alterative, adj. tending to alter... -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From consensus at netcom.com Wed Mar 23 14:54:09 1994 From: consensus at netcom.com (Christopher Allen) Date: Wed, 23 Mar 94 14:54:09 PST Subject: ARTICLE - Two Updates Make for Digital Signatures in Email Message-ID: <9403232252.AA11095@apple.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIICETCCAaYCBQJBAADUMA0GCSqGSIb3DQEBAgUAMGMxCzAJBgNVBAYTAlVTMSAw HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEyMDAGA1UECxMpVW5hZmZp bGlhdGVkIFVzZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTMxMDI2MDAw MDAwWhcNOTUxMDI2MjM1OTU5WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBBETCjk0 MTE0LTM2MTUxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMUUw QwYDVQQJFDxjL28gQ29uc2Vuc3VzIERldmVsb3BtZW50IENvcnBvcmF0aW9uLCA0 MTA0LTI0dGggU3RyZWV0IKY0MTkxGjAYBgNVBAMTEUNocmlzdG9waGVyIEFsbGVu MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDg2GDo+1J5OQ+Sx6Ub3WkKzJkBV1f+ uognXb5tTNOdskyKKmMpNivX3yNW9yLNxdaMSU7/s8Nq5Oh3Y7KMunUCAwEAATAN BgkqhkiG9w0BAQIFAANWAAEnzrJ1IFNscUI4zJl7HjZIw4rR2Zmh7nJ0qVH55X72 DU8VP/TBdiEWbhfM1qMthQqmnTNYZ9aq7J1d54nRMbk0ccqSapmqknaKiWqdCXBj Qcxg88p= Issuer-Certificate: MIIB/jCCAWsCBQIFAAABMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05MzA1MDEwMDAwMDBaFw05 ODA0MzAyMzU5NTlaMGMxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT ZWN1cml0eSwgSW5jLjEyMDAGA1UECxMpVW5hZmZpbGlhdGVkIFVzZXIgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwcDANBgkqhkiG9w0BAQEFAANfADBcAlUxe5CmA5dy igi8ZWJpGJdctHi5wvnIVcG9aupi7+ym5hDyFtVLEeJy5U31xIHz/RSoRJvy0RiY LtSUOZWWlHol6aEzss1lEknAZNX1aluc+ia7NuvxAgMBAAEwDQYJKoZIhvcNAQEC BQADfgBe/pia8Oo46rbZlEZE5S0JDsrqWRS5v2ia0D55lJHQqr5vLY0pJy4sSbcp 0r7ZihMMEEO4o8Mu5ZjM8F1ZfEXPy0mWaHPoVxvb13sXgo17Q9m2U58hvjI72U0m nyB7fXhsjlnFSm8PN0zaTx6RRv8dxvyC42V2mPz6xciQcw== MIC-Info: RSA-MD5,RSA, BVNiXNeTZzv5ChVt/OzLHOvgQ0XbSIW5GsUV/Da58fSVFcxc+OF2R6MMH3NxcWPu tlpZNMVi51vRzw0pLH2psg== Date: Wed, 23 Mar 1994 14:41:00 -0800 Subject: ARTICLE - Two Updates Make for Digital Signatures in Email From: Christopher Allen Reply-To: Christopher Allen Originator: Christopher Allen Organization: Consensus Development Corporation, San Francisco, CA USA Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: consens at netcom.com X-Last-Updated: 1994/03/23 X-Text-Source: ftp://netcom7.netcom.com/pub/consensus/text/Two_Updates_Dig_Sig.txt X-HTML-Source: ftp://netcom7.netcom.com/pub/consensus/www/Two_Updates_Dig_Sig.html Summary: This article is about two recent software updates, RIPEM 1.2 and RSAREF 2.0, which are significanct to the progress of using digital signatures in electronic mail. Keywords: article, christopher allen, consensus development, ripem, ripem/sig, rsaref, digital, signature, electronic, mail, email, security, privacy, privacy enhanced mail, pem, export, decryption encryption, cryptography, authentication, rsa data security, pgp, pretty good privacy, software, license, patent TWO UPDATES MAKE FOR DIGITAL SIGNATURES IN EMAIL ================================================ by Christopher Allen Copyright (c)1994 by Consensus Development Corporation--All Rights Reserved. See the end of this article for the full copyright notice. DIGITAL SIGNATURES - ------------------ One of the real up-and-coming uses of encryption technology is for applying digital ``signatures'' to various electronic documents. Such signatures are not forgeable and guarantee that a document originates with its author. If Dartmouth College had such a system in place recently, a message impersonating a faculty member announcing the cancellation of an exam might have been avoided. Digital signatures can also be used to detect viruses before infected files execute. Up to now, however, digitally signing documents has not been an easy task. The first hurdle has been an inability to export the technology overseas, making it virtually impossible to standardize on a signature method. Secondly, it has been difficult to license the technology patents involved. The use of a freeware software utility called Pretty Good Privacy (PGP) has caused some difficulties as well. Since PGP has already found its way overseas and has gained some popularity, in particular because US digital signature software has not been easily exportable. In the United States, many organizations are reluctant to use PGP because of its questionable patent status. In addition, its author, Phil Zimmermann, is under investigation for possible export violations. These problems have kept organizations from adopting PGP as a standard. Two recent announcements have significantly changed things. The first announcement is the release of two new versions of RIPEM, one called RIPEM, the other called RIPEM/SIG. RIPEM is a free version of the Internet Privacy Enhanced Mail (PEM) standard implemented by Mark Riordan of Michigan State University. RIPEM/SIG is a subset of RIPEM that allows users to digitally sign their e-mail documents but does not allow encryption or decryption. What is significant about this announcement is that Riordan--in cooperation with RSA Data Security, Inc--has received a ``commodities jurisdiction'' ruling which allows free and legal export of non-encrypting RIPEM/SIG outside of the US. This means both US and overseas users can now standardize on a single set of software, instead of only working with RIPEM inside the US and PGP outside. This release also addresses some of the complaints of PGP users: both RIPEM and RIPEM/SIG support a non-hierarchical trust model similar to PGP, and for US users the non-exportable version of RIPEM provides full triple-DES privacy. Even though the triple-DES RIPEM may not be exportable, Riordan is working with authors of independently developed PEM applications in other countries with the goal of 100% interoperability in a version 2.0 of RIPEM. Until that time, since RIPEM/SIG is free and exportable, users could send a non-US or Canadian user both RIPEM/SIG and the message to be authenticated. The second announcement is from RSA Data Security, Inc. for the 2.0 version of RSAREF. RSAREF is a source code cryptographic toolkit designed specifically for writing PEM applications as well other fundamental cryptographic and digital signature tools. In fact, RIPEM is based on the RSAREF source code. What is most significant about this new RSAREF is that RSA Data Security has changed its license to make RSAREF much more accessible to both corporations and commercial and non-commercial developers. Freeware products (i.e., software where no fee other than media or bandwidth cost is requested) can use the RSAREF toolkit provided that the public has access to the product's source code. Though a new license agreement has not been finalized, I've been told by RSA that they will grant a royalty-free license for shareware products for up to $10,000 worth of gross annual sales if the shareware source code is available and the developers do not charge more than $50 a copy. Even if you are a commercial developer, I know from personal experience that RSA can be quite reasonable about licensing. They want this base level of technology adopted as widely as possible--just make RSA a reasonable offer and I think they'll take it. RIPEM and RIPEM/SIG are also beneficiaries of this new RSAREF license, which means that US companies can have privacy and authentication free of hassles from patent holders and export cops. MORE ON RIPEM/SIG - ----------------- The press release on RIPEM/SIG from Mark Riordan is at: ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/posting If you are a US or Canadian citizen, you can request an account for access to the full non-exportable RIPEM. Information on how to get access is at: ftp://guest.mu5k2d55:@ripem.msu.edu//pub/crypt/GETTING_ACCESS The binary files for the exportable RIPEM/SIG can be found in the directory: ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ RSAREF/SIG Files available today are: ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-68030-macintosh-commandline-1.2a.sit.hqx ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-80x86-dos-vanilla-1.2a.exe ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-hppa-hpux9.01-1.2a ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-ibm-rs6000-aix3.2-1.2a ftp://ripem.msu.edu/pub/crypt/ripem/ripemsig/binaries/ ripemsig-sparc-sunos4.1.1-1.2a There does not seem to be separate documentation for RIPEM/SIG yet, so I guess you have to use the documentation for RIPEM 1.2a: ftp://ripem.msu.edu/pub/crypt/ripem/ripem.man ftp://ripem.msu.edu/pub/crypt/ripem/ripemusr.doc ftp://ripem.msu.edu/pub/crypt/ripem/ripemusr.txt A current list of RIPEM public keys is at: ftp://ripem.msu.edu/pub/crypt/ripem/pubkeys.txt There is an electronic-mail users group list PEM-DEV for discussions related to the development and deployment of Privacy Enhanced Mail (PEM) systems. Contributions to the list should be sent to ``pem-dev at tis.com''. Administrivia, e.g., additions to or deletions from the list should be sent to ``pem-dev-request at tis.com''. The Internet Multicasting Service is now beginning to stamp all of their text files with RSA/RIPEM digital signatures. You can find their public key through a finger request to town.hall.org. For examples of stamped files, look at: ftp://town.hall.org/edgar/docs/ MORE ON RSAREF 2.0 - ------------------ Remember, even though you can use RSAREF to create exportable, non-encryption based digital signature software, the source code to RSAREF is not exportable itself, as it can do encryption. It is only available to US and Canadian citizens. The press release on RSAREF from Jim Bidzos is at: ftp://rsa.com//pub/RIPEM_SIG_announce.txt Information on what RSAREF is all about and what are the license terms are located at: ftp://rsa.com/rsaref/info.reply ftp://rsa.com/rsaref/license.txt To get access to a time dependent directory (it changes every few minutes) you will need to read the document: ftp://rsa.com/rsaref/README If you agree to it's terms, take the directory mentioned there and substitute it for the checksum in the directory ``U.S.-only 7c04e6''. The compressed tar archive of RSAREF is at (remember to change the time dependent directory!): ftp://rsa.com/rsaref/dist/U.S.-only-7c04e6/rsaref.tar.Z The ZIP archive of RSAREF is at (remember to change the time dependent directory!): ftp://rsa.com/rsaref/dist/U.S.-only-7c04e6/rsaref.zip You can also get the RSAREF via email by reading the RSAREF license agreement and sending the following message to (If your electronic mail address is located in Canada, please also send RSA your full name and mailing address; they'll need it to complete a Department of State export declaration): I acknowledge that I have read the RSAREF Program License Agreement and understand and agree to be bound by its terms and conditions, including without limitation its restrictions on foreign reshipment of the Program and information related to the Program. The electronic mail address to which I am requesting that the program be transmitted is located in the United States of America or Canada and I am an United States citizen, a Canadian citizen, or a permanent resident of the United States. The RSAREF Program License Agreement is the complete and exclusive agreement between RSA Laboratories and me relating to the Program, and supersedes any proposal or prior agreement, oral or written, and any other communications between RSA Laboratories and me relating to the Program. RSA Laboratories maintains an electronic-mail users group for discussions on RSAREF applications, bug fixes, etc. To join the users group, send electronic mail to . AUTHOR'S BIOGRAPHY - ------------------ Christopher Allen is president of Consensus Development Corporation, a microcomputer software development & consulting firm specializing in groupware (defined as software to support collaboration and intentional group processes), including such related areas as hypertext, online documentation, document architecture, electronic publishing, group knowledge-base support tools, and creation and management of shared collaborative spaces. Christopher has been active in a number of other computer industry areas. He runs the Mac Developers Forum and Newton Development SIG on America Online, and a Mosaic/World-Wide-Web area on groupware and collaboration. Christopher has written for a number of industry books and publications, including MacWorld and the Macintosh Bible. He has been moderator and speaker at MacWorld Expo's and Mactivity's groupware sessions, and speaks as a panelist on the subject of Macintosh groupware at other industry conferences. He was chairman of MacHack '93, a conference for Macintosh programming gurus, is on the MacHack Planning Board, and is a senior associate at the Foresight Institute. COPYRIGHT NOTICE - ---------------- This article was written by Christopher Allen and is Copyright (c)1994 by Consensus Development Corporation--All Rights Reserved. This article, in whole or in part, may be used and shared in accordance the fair-use provisions of international copyright law: You may print or reproduce this article for non-commercial, personal, or educational purposes only, provided that the article is not modified, and that the copyright notice and this notice appear in all copies; You may quote, mention, cite, refer to, point, or describe this article in books, products, online services, or other media-- but you may not reproduce in whole or in part without permission. In addition, Consensus Development Corporation grants you permission to redistribute this article in electronic form, provided that you first notify Consensus Development and that you receive no fees, in excess of of normal online charges, for access to this article. Archiving, redistribution, republication, or derivation of this article on other terms, in any medium, including but not limited to electronic, CD-ROM, database, or publication in print, requires the explicit written or digitally signed consent from Consensus Development Corporation. These requirements are not meant to be restrictive--we are quite willing to make our articles available even for commercial use, provided that permission is requested. If you have any questions about these terms, or would like information about licensing rights from Consensus Development Corporation, please contact us via telephone 415/647-6383, or email Christopher Allen . - ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. -----END PRIVACY-ENHANCED MESSAGE----- Created with RIPEM Mac 0.8.5 b2 From jkreznar at ininx.com Wed Mar 23 15:35:51 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 23 Mar 94 15:35:51 PST Subject: Parker on Clipper In-Reply-To: <199403232047.MAA15374@servo.qualcomm.com> Message-ID: <9403232331.AA01980@ininx> -----BEGIN PGP SIGNED MESSAGE----- > But so what? The man is entitled to his opinions. Rather than jump on > him for expressing them, perhaps you should disseminate them as widely > as possible. I can't think of a much better way to rally the > opposition to Clipper. I agree. When I wrote that I was ``incensed'', I meant in the sense of ``excited'', not ``angry''. I genuinely want to question him (not ``jump on him'') in an effort to better understand how he justifies to himself opinions that you and I find so offensive. This may provide even more incriminating revelations for dissemination. > Remember that the power to counter things like Clipper is already in > your hands. Don't let people like Parker just get you mad. Get even - > write code! Yep! John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZDQp8Dhz44ugybJAQHgPQP/WWLzTwkzY4WWon8ByvBDODbJZsTockad TeQVQPlaW633vkoVKcO4LzmbT/ri5509mWA8oD6JIAlwcjsCou7jWGy/IifTPAT3 695onoCoMIKqiAFUe6+NfddBqZw2cstYzIHcf7ulvLakvZMc8vsfKkuEjq8GH4y6 1auKv0iUNSw= =k5y2 -----END PGP SIGNATURE----- From unicorn at access.digex.net Wed Mar 23 16:23:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 23 Mar 94 16:23:05 PST Subject: tacky Message-ID: <199403240022.AA00634@access3.digex.net> Anyone want to mail me some tacky tokens? -uni- (Dark) From pbraunb at netcom.com Thu Mar 24 02:33:13 1994 From: pbraunb at netcom.com (paul braunbehrens) Date: Thu, 24 Mar 94 02:33:13 PST Subject: Netcom mail queue In-Reply-To: <199403230557.VAA09337@mail.netcom.com> Message-ID: Forgive me if this is a stupid question, but can someone tell me what this is, or means, or 'speechless'. tthanx, paul On Tue, 22 Mar 1994 catalyst-remailer at netcom.com wrote: > Look what I found. > > VAA08268* 757 Tue Mar 22 21:49 > > "|exec `/usr/local/bin/homedir`/bin/procmail > etc. From basic at altern.com Thu Mar 24 02:38:03 1994 From: basic at altern.com (basic) Date: Thu, 24 Mar 94 02:38:03 PST Subject: information question. Message-ID: Hello, i have read your message. Perhaps it could interested me. I'm working in computer security and for my job i try to broke systems. Are those informations interesting for you . Sent me a mail at this adress. bye. From mpd at netcom.com Thu Mar 24 02:49:12 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 24 Mar 94 02:49:12 PST Subject: Quiz du Jour Message-ID: <199403240208.SAA11478@mail.netcom.com> Which of the following will soon be illegal in the Netherlands? A. Euthanasia B. Pedophilia C. Encryption According to a new telecommunications bill which my Dutch friends tell me has an excellent chance of being passed, the correct answer is "C". Someone send these poor people a good Stego program. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From kelly at netcom.com Thu Mar 24 03:06:40 1994 From: kelly at netcom.com (Kelly Goen) Date: Thu, 24 Mar 94 03:06:40 PST Subject: List Dead lately??? Message-ID: <199403240645.WAA20760@mail.netcom.com> Subject says it all no mail for days... From gtoal at an-teallach.com Thu Mar 24 04:23:41 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 24 Mar 94 04:23:41 PST Subject: A possibility... Message-ID: <199403241222.MAA26862@an-teallach.com> :What I am thinking is to have one person encrypt using a RNG (noise). He :encrypts his message using the noise on one channel and then copies the noise :utilized on another channel. He then mixes the two channels to :create....noise. What you mean is generating a random one-time-pad, encrypting with that pad, and sending the pad to the recipient via secure means. I think it has been done before :-) If your idea of sending the 'random noise' is something electronic rather than a black bag, then all you've done is re-invent security through obscurity and your program is little more than hiding plaintext with a stego program. :On the other side the person must be expecting the noise and must know how to :seperate the signal. It seems that this leaves things open by having the :encryption key along with the message, but the message itself is just noise. :(i.e. the interloper must know of the signal, and know how to split it into :it's two components.) Oops. Sure sounds like you meant the security through obscurity option... :::::Comments? You design anything important for Microsoft then??? G From habs at warwick.com Thu Mar 24 06:23:22 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Thu, 24 Mar 94 06:23:22 PST Subject: PowerMac & PGP Message-ID: <9403241226.AA00407@uucp.warwick.com> X-Reposting Policy: Don't redistribute without permission. Rev.1.0.1 I just got my 7100 PowerPC based PowerMac. So far I am using only 680x00 code and it is runnin just fine. Since there was some questions about where MacPGP would work on this platform, I just generated a key pair. It seems to work fine. I am including the pair and the pass phrase below. Don't use this for privacy :) Here is the pair: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBPAi2RHwoAAAECANiGZ0Qir9+KnQmGi2wIDQyh2E0jG1kclcBwonmct1II6bq1 I50thXufH/7HL/ISYT8iC//miy89RRKoKLcBkzkAEQEAAbQaUG93ZXJQR1A8aGFi c0B3YXJ3aWNrLmNvbT6JAJUCBRAtkR8kT2czE8MZ2cUBAVfRA/wN3Ozs89tjJgZ4 5dFB65eAQ2iVjGrDDQ3AUEQD4CBDQ1jMerXHKNnK5BsGmf2NIw9OGk4wbybDzKh0 Sk1JT+3TU0zqOE3PNf1lxdJrQvnenDw9fWxw/KDbxHFoxsFjpvKNNA1MIbWt2hR4 gOxjNHW3KSmFTtWlSOSXRTQg9/3axA== =tgZ6 -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP MESSAGE----- Version: 2.3 lQECAi2RHwoAAAECANiGZ0Qir9+KnQmGi2wIDQyh2E0jG1kclcBwonmct1II6bq1 I50thXufH/7HL/ISYT8iC//miy89RRKoKLcBkzkAEQEAAQFWWTx9RmAzxAH/YDTp P9s8+lIhguVPMgrI/L9AIqpYjZ9XDiZ94NfDX68k0/A+hTp7f4/J/jIUp21x+HV5 t1kNE+IfE/HifOH/HQEA9JmghV5dHv8eGH/VkgoRn+OrlN3sv0Ds+fHzUbqNWV4B AMlbeRZVsGNUfP/1qUaP4Yl+h2NGIuXPoa0r2wfY9IevAP7U8bCkPgi1Q5mDlG0e M1SKs6XfMObaSdwOB/6CJQljQ0/9tBpQb3dlclBHUDxoYWJzQHdhcndpY2suY29t Pg== =dokV -----END PGP MESSAGE----- The pass phrase is: powerPGP Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From habs at warwick.com Thu Mar 24 06:58:00 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Thu, 24 Mar 94 06:58:00 PST Subject: Canon Color Copiers Message-ID: <9403241451.AA00559@uucp.warwick.com> X-Reposting Policy: Don't redistribute without permission. Rev.1.0.1 Hi, With a friend, I conducted an experiment. We took two one dollar bills. We tried to copy each one on a Canon CLC 550 (aka Canon Color copier). The side with George Washington on it copied fine. The other side didn't. We adjusted the bills so we exposed only half of each bills; that is the top and bottom half and the right and left half. The bottom have copied while the top half didn't. The Left half copied (side with The Great Seal) while the right half didn't. We assumed then it was finding something located in the upper right half of the back of the dollar bill. When we attempted to isolate that part of the bill, it DID copy. Strange. Perhaps someone could look at a 1, 5, 10, 20 and 100 dollar bill and see if there is anything in common in the upper right half of the back of those bills. Interestingly, when we did isolate the upper right half even though it copied, it didn't copy cleanly. You might ask, "How good are the copies." My friend thought they were not great, while I thought they were pretty good. As we were leaving the copier and cleaning up after ourselves, the truth was revealed. My friend tried to pick up one of the "copied" dollars. My friend then remarked, "I guess it is not such a bad copy." /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From E.Switalski at bnr.co.uk Thu Mar 24 07:39:10 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Thu, 24 Mar 94 07:39:10 PST Subject: Color Copiers In-Reply-To: <9403241451.AA00559@uucp.warwick.com> Message-ID: <199403241534.2542@bnsgs200.bnr.co.uk> - Free Money ? >X-Reposting Policy: Don't redistribute without permission. Rev.1.0.1 > >We assumed then it was finding something located in the >upper right half of the back of the dollar bill. When we >attempted to isolate that part of the bill, it DID copy. > >Strange. Perhaps someone could look at a 1, 5, 10, 20 >and 100 dollar bill and see if there is anything in common >in the upper right half of the back of those bills. > >Interestingly, when we did isolate the upper right half even >though it copied, it didn't copy cleanly. *** Dont most photocopiers have an automatic exposure control, which like cheap photo devoping printing services, uses the integrated light from the WHOLE object to set the exposure. If there is an near-UV flourescent region in US bills, this would interfere with photocopying by making the overall result too dark. Why not look for watermarks etc with a UV money-checking lamp Then cut out (a very light red ?) UV filter to cover the offending region when copying. Then paint on some UV-flouresent stuff on the result. Et Voila free money! BTW: Mines a Manhattan Ice Tea ! From an62213 at anon.penet.fi Thu Mar 24 07:55:05 1994 From: an62213 at anon.penet.fi (I wish I knew!) Date: Thu, 24 Mar 94 07:55:05 PST Subject: A public alternative to clipper? Message-ID: <9403241502.AA01318@anon.penet.fi> > Also, the development of clipper was done with tax dollars. > The government has no need to recoup its investment in developing the > chip. Therefore, they can sell the chips at the cost of > manufacturing, and forget the R&D. That ability to ignore the bottom > line is a pretty powerful mechanism. If a clipper phone costs $100 > less than the alternative, because we the taxpayers already paid for > it, Clipper becomes more and more the only choice. Well, then. Maybe it's time to develop our own PGP chip. Would the PGP routines fit in a large PGA? What's the smallest, cheapest alternative we can come up with? If we give away the PGA code freely, that would help reduce the cost of inclusion in a commercial product. An FPGA would give the user the ability to change keys with little trouble. Upgrading is as easy as swapping a prom. (Better yet have an onboard programmer.) Even then, I would guess that a lot of people would have to pay a bit more for secure communications. I think it's worth it. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ejo at world.std.com Thu Mar 24 08:34:33 1994 From: ejo at world.std.com (Edward J OConnell) Date: Thu, 24 Mar 94 08:34:33 PST Subject: Color Copiers In-Reply-To: <199403241534.2542@bnsgs200.bnr.co.uk> Message-ID: THis dovetails with what the service guy told me about using some sort of piece of plastic to make stuff copy...but that was when we were working with the color theory--he said he could interpose this piece of clear material to make stuff that was the 'wrong color' copy. HE didn't say what it was. Jay From sonny at netcom.com Thu Mar 24 08:48:28 1994 From: sonny at netcom.com (James Hicks) Date: Thu, 24 Mar 94 08:48:28 PST Subject: information question. In-Reply-To: Message-ID: <199403241649.IAA12196@mail.netcom.com> basic says: > > Hello, i have read your message. Perhaps it could interested me. > I'm working in computer security and for my job i try > to broke systems. Are those informations interesting for > you . Sent me a mail at this adress. > bye. > Those informations are very interesting. What company do you work for? >James< From hfinney at shell.portal.com Thu Mar 24 08:58:07 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 24 Mar 94 08:58:07 PST Subject: Promise her anything... Message-ID: <199403241659.IAA00195@jobe.shell.portal.com> From: Duncan Frissell > The Black Letter phrase from my Commercial Paper class in law school: > > ---------- > Negotiable Instrument: A promise to pay to order or bearer a sum certain > in money on or after a date certain. > ---------- The other night at the library I had a chance to browse through the Uniform Commercial Code as enacted by the state of California. It had a large section on promissory notes and commercial paper in general. The basic definition of a promissory note did include a variation on what Duncan quoted. It would appear that the legal requirements and restrictions on the issuing and sale of such notes are pretty flexible. However, in the digital realm, it is not clear whether a promissory note would truly be enforceable, in the event that the debtor refused to pay. The main question is the digital signature. One thing I wonder about is this. Suppose I simply create a file saying that I promise to pay the bearer $100 on demand. I then sign this using my PGP public key, and give it to someone in exchange for $100. This would be the electronic analogue of the issuing of a paper promissory note. The problem is, "forgery" of such notes, in the sense of duplication, is both trivial and undetectable. With paper, someone could Xerox a note and end up with two, both claiming to be worth $100. But in practice we could distinguish the original from the copy. Better forgeries might be harder to detect but in principle experts should be able to tell the difference. But with the PGP-signed document, any copies made would be completely in- distinguishable from the original. How could the debtor know to honor such a note without being able to tell whether it was the original or not? How could the holder of the note sell it to someone without them kmnowing whether it is valid? Because of this uncertainty, it seems to me that in this simplest sense digitally-signed promissory notes do not work. Such a note, even though signed, cannot be considered to carry value in and of itself because it is too easy to forge. The digital signature is of no value in preventing forgeries since copies of valid notes are just as useful as plain forgeries. Now, the more elaborate technology of digital cash can actually go a long way towards solving this problem, at least in theory. With this approach, each note has a unique serial number, and part of the agreement is that only the first presentation of a note with any given serial number will be honored. Then if the holder of a note wants to sell it to someone else, they go through a protocol with the borrower in which he verifies that the note has not been spent, and a new note is issued with a new serial number that nobody has seen before. This way the buyer of the note is protected against being sold an already-sold note. Plus, the digital cash technology allows this to be done without the debtor finding out who is selling his old notes to whom. There is no reason for him to have this information; the holder of the note ought to be able to sell it privately, and this is a good way of preserving that aspect of the transaction. So, the digital cash technology works pretty well for this application. The problem is that there have to be many additional restrictions and rules in the handling of the notes - notes have to be transferred using the special protocol, and only previously-unseen notes will be honored. It is not clear to me how these additional contractual restrictions can be incorporated into the note without violating the simplicity that Duncan quoted above. Also, in the technical sense, the blinded signatures used in digital cash do not allow the signing of a textual document. Instead, what is signed is a simple number in a specified form, and the *exponent* used in the signature is what determines the "sum certain". So the formal structure of a piece of digital cash does not match the requirement for a promissory note. There would have to be some additional documents which, for example, map the signing exponents to the note values. But again, there is no place in the note itself to put pointers to such additional documents. It is possible that the note could consist in effect of two documents, one part which is a PGP-signed text document laying out the terms and conditions which are relevant, and which states that it only has value when accompanied by a digital-cash data item, signed with the proper exponent, not previously seen by the debtor, etc. Again, then, you have to worry about fraud by the debtor, in which he claims to have seen a note before when one is presented for redemption. In order for note holders to protect themselves against this fraud there would have to be some way for debtors to prove that various notes had been spent. This might be difficult, especially if the people presenting notes for redemption are anonymous to the debtor. It's going to be hard to distinguish between the twin frauds of a holder presenting the same note for redemption twice, possibly at almost the same time from two different addresses, and the debtor who receives a note for redemption, then quickly sends it to himself as though from another holder, back-dating it a few seconds so he claims that one arrived first. Perhaps some form of registered mail for note redemptions, plus a requirement that when a conflict like this arises both presenters must identify themselves, could address some of these problems. (These problems arise for digital cash just as much, by the way.) Hal From habs at warwick.com Thu Mar 24 09:00:34 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Thu, 24 Mar 94 09:00:34 PST Subject: Canon Color Copiers Message-ID: <9403241658.AA00660@uucp.warwick.com> X-Reposting Policy: Don't redistribute without permission. Rev.1.0.1 ------ From: Edward J OConnell, Thu, Mar 24, 1994 ------ @ THis dovetails with what the service guy told me about using some sort of @ piece of plastic to make stuff copy...but that was when we were working @ with the color theory--he said he could interpose this piece of clear @ material to make stuff that was the 'wrong color' copy. HE didn't say @ what it was. I am willing to think that it first looks for a color or a range of colors. (I have said that before). However, it must be looking for something special based on the test I just ran. (It could be something in the non-visable spectrum.) Does anyone know what range of the specturm the CCD devices in the CLC 550 can capture? FYI, The 550 has 5 CCD's. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From nobody at shell.portal.com Thu Mar 24 09:04:35 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 24 Mar 94 09:04:35 PST Subject: PGP: change ".z" to ".gz" for gzip? Message-ID: <199403241705.JAA00560@jobe.shell.portal.com> While browsing pgp.c, I noticed it checks for several kinds of compression: static char *compressSig[] = { "PK\03\04", "ZOO ", "GIF8", "\352\140", "HPAK", "\037\213", "\037\235", "\032\013", "\032HP%" /* lharc is special, must be last */ }; static char *compressName[] = { "PKZIP", "Zoo", "GIF", "Arj", "Hpack", "gzip", "compressed", "PAK", "Hyper", "LHarc" }; static char *compressExt[] = { ".zip", ".zoo", ".gif", ".arj", ".hpk", ".z", ".Z", ".pak", ".hyp", ".lzh" }; Since gzip now uses ".gz" consistently, perhaps the ".z" should change for PGP 2.5 (or whatever the next public version will be called). I think the code would have to change more to do the right thing with both, since it uses the compressSig to decide which compressExt to try -- is this right? I guess it'd be cleaner to accept both, but probably not worth extra code that would eventually become obsolete. Diogenes (Fingerprint 6FC5C2A5D1A0ED006B576AF7107D51FB) From mpd at netcom.com Thu Mar 24 10:07:38 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 24 Mar 94 10:07:38 PST Subject: Promise her anything... Message-ID: <199403241808.KAA26424@mail.netcom.com> Hal writes: > Now, the more elaborate technology of digital cash can actually go a long > way towards solving this problem, at least in theory. With this approach, > each note has a unique serial number, and part of the agreement is that only > the first presentation of a note with any given serial number will be > honored. Then if the holder of a note wants to sell it to someone else, > they go through a protocol with the borrower in which he verifies that the > note has not been spent, and a new note is issued with a new serial number > that nobody has seen before. This way the buyer of the note is protected > against being sold an already-sold note. Plus, the digital cash technology > allows this to be done without the debtor finding out who is selling his > old notes to whom. There is no reason for him to have this information; the > holder of the note ought to be able to sell it privately, and this is > a good way of preserving that aspect of the transaction. Rather than have the holder and the person to whom the note is being sold go through a transaction with the issuer, one can have the issuer give his customers a cryptographically tamperproof software module which will prevent anonymous double-spending. This allows the digital cash system to work "offline" without having to connect to the bank every time two people wish to conduct a transaction. > Perhaps some form of registered mail for note redemptions, plus a requirement > that when a conflict like this arises both presenters must identify themselves, > could address some of these problems. (These problems arise for digital cash > just as much, by the way.) If you design the system so that cheating breaks the anonymity and identifies the perpetrator, then you can simply deter it in the same way we do with conventional instruments. Give the person a horrible credit rating and threaten to toss him in jail. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From pbraunb at netcom.com Thu Mar 24 11:30:20 1994 From: pbraunb at netcom.com (paul braunbehrens) Date: Thu, 24 Mar 94 11:30:20 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: <199403230547.AAA23675@hermes.acm.rpi.edu> Message-ID: What worries me is the people who should be on our side who might say;"hey If Rush is against it it must be good!" Here's to hoping they have more sense than that, but Ihave to admit that if I hear Rush come out on one side of an issue I know nothing about, I look at the other side first. BTW, is there a way to make this whole list anonymous, like having the reflector strip the headers or something? Just curious. On Wed, 23 Mar 1994, rocker - accept no substitutes wrote: > > This is what would concern me. Limbaugh seems to be big on knee-jerk > reactions. Has he got some intelligent insights on the Clipper issue, > or is it simply another case of "Bill's fer it so I'm agin it!" A > well-constructed argument might convince people on both sides, crying > "Hey, it's a LIBERAL idea, it MUST be bad!" is likely to lose more > support than it gains. > > -rocker > From cme at sw.stratus.com Thu Mar 24 11:49:11 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Thu, 24 Mar 94 11:49:11 PST Subject: MOSAIC? Message-ID: <199403241948.OAA24988@galt.sw.stratus.com> Anyone know details of the MOSAIC interface spec to the Tessera card? - Carl From orion at crl.com Thu Mar 24 11:51:31 1994 From: orion at crl.com (Colin Orion Chandler) Date: Thu, 24 Mar 94 11:51:31 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: Message-ID: Just to make sure you all know, good 'ol rush can be contacted at: 70277.2502 at compuserve.com I've written him a couple letters capping on clipper, and although I don't know weather he really learned from what I said, but he did mention the next day that he 'recently learned' that the majority of the net-users themselves oppose clipper... just a note. 70277.2502 at compuserve.com (rush limbaugh) On Thu, 24 Mar 1994, paul braunbehrens wrote: > > > > What worries me is the people who should be on our side who might say;"hey > If Rush is against it it must be good!" Here's to hoping they have more > sense than that, but Ihave to admit that if I hear Rush come out on one > side of an issue I know nothing about, I look at the other side first. > > BTW, is there a way to make this whole list anonymous, like having the > reflector strip the headers or something? Just curious. > > > > On Wed, 23 Mar 1994, rocker - accept no substitutes wrote: > > > > This is what would concern me. Limbaugh seems to be big on knee-jerk > > reactions. Has he got some intelligent insights on the Clipper issue, > > or is it simply another case of "Bill's fer it so I'm agin it!" A > > well-constructed argument might convince people on both sides, crying > > "Hey, it's a LIBERAL idea, it MUST be bad!" is likely to lose more > > support than it gains. > > > > -rocker > > > > From pbraunb at netcom.com Thu Mar 24 12:11:39 1994 From: pbraunb at netcom.com (paul braunbehrens) Date: Thu, 24 Mar 94 12:11:39 PST Subject: clipper debate at stanford u. (fwd) Message-ID: Found this. Hope it's not an umteenth repost (I haven't seen it yet but I use the 'd' key very liberally). ENCRYPTION AND DIGITAL COMMUNICATIONS: LAW ENFORCEMENT OR PRIVACY? An Oxford-Style Debate J. Kent Walker, Jr. (Stanford Law '87) Assistant U.S. Attorney and Coordinator, High-Tech Task Force Marc Rotenberg (Stanford Law '87) Washington Director, Computer Professionals for Social Responsibility Wednesday, March 30, 1994, 5:30 PM Stanford Law School, Room 290 Light Refreshments Served This debate brings together two nationally prominent experts in this area. You won't want to miss the verbal fireworks and the opportunity to learn more about this important question. Background ========== The Clinton Administration is promoting use of the Clipper Chip technology that provides encryption, but in a form that law enforcement can unscramble. It also backs legislation requiring design of digital communications networks so ongoing surveillance will be feasible. Law enforcement officials argue that these proposals are necessary to protect society from criminals and preserve important investigative tools. Privacy advocates contend that these proposals grant broad new powers to law enforcement agencies and diminish protection for future users of the National Information Infrastructure. Sponsored by the Stanford Law and Technology Policy Center and the Stanford Law and Technology Association. Additional Information ====================== Contact the Stanford Law and Technology Policy Center by email (Law.Tech.Policy at forsythe) or telephone (415-725-7788). To: SFRAVES at TECHNO.STANFORD.EDU cc: GR.CLG From hfinney at shell.portal.com Thu Mar 24 12:47:22 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 24 Mar 94 12:47:22 PST Subject: Promise her anything... Message-ID: <199403242047.MAA15783@jobe.shell.portal.com> From: mpd at netcom.com (Mike Duvos) > Rather than have the holder and the person to whom the note is being sold > go through a transaction with the issuer, one can have the issuer give his > customers a cryptographically tamperproof software module which will > prevent anonymous double-spending. This allows the digital cash system to > work "offline" without having to connect to the bank every time two people > wish to conduct a transaction. The notion of a "cryptographically tamperproof software module" is interesting, but I'm not sure such a thing exists or could exist. The secure offline cash systems I have seen rely on tamper-resistant HARDWARE modules which at least exist although this requirement would be very inconvenient. > If you design the system so that cheating breaks the anonymity and identifies > the perpetrator, then you can simply deter it in the same way we do with > conventional instruments. Give the person a horrible credit rating and > threaten to toss him in jail. Again, I don't know how you handle the case of two almost-simultaneous attempts to redeem the same note (or piece of cash). Both notes are identical, so having the two notes gives you no more information than having just one, hence if one note is anonymous so will two be. You know someone is cheating in this situation, but who? One of the redeemers may have stolen a copy of the cash from the other; the two redeemers may be working together; or the note maker may be working with one of the redeemers having slipped them a copy of the note as soon as it was presented for redemption. How can a court decide who is right? Maybe the answer is simply to handle this as a my-word-against-yours kind of case, where reputations and histories of such conflicts would help decide who is likely to be telling the truth. Hal From tbegley at bluejay.creighton.edu Thu Mar 24 13:05:35 1994 From: tbegley at bluejay.creighton.edu (Terrence M. Begley) Date: Thu, 24 Mar 94 13:05:35 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: Message-ID: On Thu, 24 Mar 1994, Colin Orion Chandler wrote: > Just to make sure you all know, good 'ol rush can be contacted at: > 70277.2502 at compuserve.com But Rush does not read mail from Internet users - at least he has stated that on his show before. Did it bounce? Or maybe it just went into his C$serve kill file. ----- Professor Terry Begley '...just another face in a red jumpsuit...' Creighton University College of Business Administration 2500 California Plaza Omaha, NE 68178 USA, Earth Office: BA 225 (402) 280-2619 Office Fax: 280-2172 Home Fax: 556-5215 From sandfort at crl.com Thu Mar 24 14:02:07 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 24 Mar 94 14:02:07 PST Subject: CLIPPER CHIP ON LIMBAUGH In-Reply-To: Message-ID: C'punks, On Thu, 24 Mar 1994, Terrence M. Begley wrote: > On Thu, 24 Mar 1994, Colin Orion Chandler wrote: > > > Just to make sure you all know, good 'ol rush can be contacted at: > > 70277.2502 at compuserve.com > > But Rush does not read mail from Internet users - at least he has > stated that on his show before. . . I think you have this wrong. What I believe he has said is that he has blocked some specific newsgroup or mail list. It was something like: alt.rush.somethingorother He blocked it because it wasn't personal e-mail, just the postings of some anti-Limbaugh listeners who bitched about each show after it aired. S a n d y From mpd at netcom.com Thu Mar 24 14:39:06 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 24 Mar 94 14:39:06 PST Subject: Digital Cash Message-ID: <199403242239.OAA00431@mail.netcom.com> Hal writes: > The notion of a "cryptographically tamperproof software > module" is interesting, but I'm not sure such a thing exists > or could exist. The secure offline cash systems I have seen > rely on tamper-resistant HARDWARE modules which at least > exist although this requirement would be very inconvenient. Quite a bit of work has already been done on this concept. Basically one generates a very large sequence of machine instructions which computes the image of the output of an algorithm under a strong cipher from the image of the input under the cipher. A controlled amount of redundant information is added to both the input and output. This yields a piece of code so obtuse and complex that nothing may be gleaned about what algorithm it is executing by observing it run. Figuring out what it actually is doing is a cryptanalytically hard problem. Also, determining a way of modifying the code which does not break it is a similarly hard problem. Once encased in such a module, an algorithm may be distributed with no fear that it will be stolen. This raises interesting poblems with software patents, since one can not tell from such a module whether it is performing a function in a way which infringes. Of course, there is a severe performance penalty to be paid for such protection. But in the case of digital cash, it could provide a mechanism for implementing a secure offline system without special hardware. > Again, I don't know how you handle the case of two > almost-simultaneous attempts to redeem the same note (or > piece of cash). Both notes are identical, so having the two > notes gives you no more information than having just one, > hence if one note is anonymous so will two be. You know > someone is cheating in this situation, but who? One of the > redeemers may have stolen a copy of the cash from the other; > the two redeemers may be working together; or the note maker > may be working with one of the redeemers having slipped them > a copy of the note as soon as it was presented for > redemption. How can a court decide who is right? Assuming the transactions are done via a tamperproof module distributed by the issuer, and the math is arranged such that using a note in multiple transactions reveals the perpetrator, the system prevents anonymous double-spending while still providing all the benefits of digital cash. Of course, you could claim that someone was in possession of your tamperproof module and associated passwords, but it is your responsibility to guard these and report them stolen promptly, just as with credit cards and PINs. P.S. Is anyone worried that the Netherlands seems on the verge of banning PGP? Wasn't this country once a hacker's paradise? -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From jsday at THUNDER.LakeheadU.CA Thu Mar 24 15:19:55 1994 From: jsday at THUNDER.LakeheadU.CA (Jer!) Date: Thu, 24 Mar 94 15:19:55 PST Subject: Digital Cash Message-ID: <9403242319.AA15128@thunder.LakeheadU.Ca> Mike Duvos wrote: > Assuming the transactions are done via a tamperproof module > distributed by the issuer, and the math is arranged such that > using a note in multiple transactions reveals the perpetrator, > the system prevents anonymous double-spending while still > providing all the benefits of digital cash. How does the 'tamperproof' nature of the software help at all? It's still possible to double-spend in any off-line cash system by making multiple copies of the tamper-proof modules.. the only security provided is in obscuring the algorithm. Speaking of digital cash, many thanks to the author of the 'magic money' software. I am in the process of integrating it with a local bulletin board, which should hopefully be available on the net sometime this summer. :::*::: Jeremy S. Day. From wak at next11.math.pitt.edu Thu Mar 24 15:54:50 1994 From: wak at next11.math.pitt.edu (walter kehowski) Date: Thu, 24 Mar 94 15:54:50 PST Subject: Electronic cash System Message-ID: <9403242354.AA15344@next11.math.pitt.edu> I remind the list of Matthew J. Ghio's March 18th FWD of an announcement of a highly efficient electronic cash system created by Stefan Brands . The documentation can be obtained from ftp.cwi.nl in pub/brands. I've downloaded it and printed it all out - it's about 100 pages - and very interesting. Walter A. Kehowski From mpd at netcom.com Thu Mar 24 15:59:05 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 24 Mar 94 15:59:05 PST Subject: Digital Cash In-Reply-To: <9403242319.AA15128@thunder.LakeheadU.Ca> Message-ID: <199403242359.PAA17401@mail.netcom.com> > How does the 'tamperproof' nature of the software help at all? > It's still possible to double-spend in any off-line cash system > by making multiple copies of the tamper-proof modules.. the only > security provided is in obscuring the algorithm. If multiple transactions involving the same instrument reveal the double-spender, then appropriate action may be taken. One could of course do the exact same transaction twice with the exact same person using identical copies of the tamperproof module, but that would yield no more data than having done the transaction only one time, and certainly wouldn't create any additional value. > Speaking of digital cash, many thanks to the author of the > 'magic money' software. I am in the process of integrating it > with a local bulletin board, which should hopefully be available > on the net sometime this summer. One nice application of Magic Money would be to purchase subscriptions and other services from a BBS. It is often highly inconvenient to have to mail in a payment, and if you are paying for something in another country, sending something that can be cashed overseas. Digital Cash would solve all these problems. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at netcom.com Thu Mar 24 16:24:25 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 24 Mar 94 16:24:25 PST Subject: Netherlands and Other European Countries In-Reply-To: <199403242239.OAA00431@mail.netcom.com> Message-ID: <199403250025.QAA16496@mail.netcom.com> Mike Duvos wrote: > P.S. Is anyone worried that the Netherlands seems on the verge of > banning PGP? Wasn't this country once a hacker's paradise? > This has been apparent for a while now, with numerous reports that several European countries are far along in adopting Clipper-type systems. Possibly under cooperative arrangements with the USA. As for the Netherlands being a hacker's paradise....recall that telephone and other services are under the control of the "PTT" (Postal, Telegraph, and Telephone monopoly) that's so common in European countries. If they say "no modems may be attached," that's the law. (I don't know the current status, but at one time there were severe restrictions, heavy fees, etc.) Ask the guys at Hactic, De Zwarte Star, and BILWET (Amsterdam Association for the Dissemination of Illegal Science) about the surveillance done on them by the BVD, the Binnenlandse Veilegheids Dienst, the Dutch Internal Security Service. France essentially bans all crypto--enforcement may be another matter (ask SDECE). One of our Norwegian members recently reported on proposed legislation in his country. Britain is taking steps. And what is going on in Germany, with the Bundesnachrichtendienst (BND), their version of the CIA, asking for and receiving broad new surveillance powes. (And Germany's version of the FBI, the Bundeskriminalamt (BKA), is getting into the wiretap business in a big way.) "Orderly societies" like those in Europe prize order and control over the "cowboy" aspects of America. Just because the American debate over Clipper and Digital Telephony is so loud and angry here in the U.S. is no reason to believe that the same measures are not already being put into place in Europe and parts of Asia. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dwomack at runner.utsa.edu Thu Mar 24 18:27:05 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Thu, 24 Mar 94 18:27:05 PST Subject: Clipper (again) Message-ID: <9403250230.AA24542@runner.utsa.edu> This is probably erroneous logic but... 1. Mr Davis of The New Republic sends parts of his article via modem. The article (unencrypted) is intercepted by persons unknown. Mr. Davis receives a cryptic (pun intended) call in his room about the transmissions. 2. The Clinton Administration wants Clipper to facilitate monitoring of communications. 3. The Government would escrow clipper keys. 4. What keeps someone in a high government office from misusing these keys? Especially since item 1 is illegal due to antiwiretap laws anyway? I e-mailed a copy of this to Rush...since a lot more people are excited about Whitewater than about Clipper, it seems like it might make a decent tie-in... Comments? Regards, Dave From 71431.2564 at CompuServe.COM Thu Mar 24 20:09:43 1994 From: 71431.2564 at CompuServe.COM (Bradley W. Dolan) Date: Thu, 24 Mar 94 20:09:43 PST Subject: Dutch PGP ban Message-ID: <940325041511_71431.2564_FHA82-1@CompuServe.COM> There are things about the impending PGP ban in the Netherlands which I can't understand. I lived in Wolfheze, The Netherlands, much of last year. The Dutch like to think of themselves as an open, tolerant society. In many ways, they are. Where they are not, they are usually subtle. This time, they are hardly being subtle. I don't know what that means. bdolan at well.sf.ca.us From jkreznar at ininx.com Thu Mar 24 20:58:22 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Thu, 24 Mar 94 20:58:22 PST Subject: Digital Cash In-Reply-To: <199403242239.OAA00431@mail.netcom.com> Message-ID: <9403250506.AA02358@ininx> -----BEGIN PGP SIGNED MESSAGE----- > Quite a bit of work has already been done on this concept. > Basically one generates a very large sequence of machine > instructions which computes the image of the output of an > algorithm under a strong cipher from the image of the input under > the cipher. A controlled amount of redundant information is > added to both the input and output. This yields a piece of code > so obtuse and complex that nothing may be gleaned about what > algorithm it is executing by observing it run. Figuring out what > it actually is doing is a cryptanalytically hard problem. Also, > determining a way of modifying the code which does not break it > is a similarly hard problem. > Once encased in such a module, an algorithm may be distributed > with no fear that it will be stolen. This raises interesting > poblems with software patents, since one can not tell from such a > module whether it is performing a function in a way which > infringes. Fascinating!! Almost unbelievable! Can you provide references? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZJwqMDhz44ugybJAQHYDQP/Qz7MyegFvt8DlwOlE81DjDTlogZeui8Q SvOzliEsPJmuepPFNzltTp8W9AsWSKI3oq4608TmCO5A0oLlMiEhGKbsjxIuWZ5d GjNUmOMVqtU3kPmp3ZfluXKW87z5Wx6KUXcibhVilTG0POC8KOboOPYjXaPWjr9j MnFs7yG/dU4= =E5iE -----END PGP SIGNATURE----- From GRABOW_GEOFFREY at tandem.com Thu Mar 24 21:26:45 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Thu, 24 Mar 94 21:26:45 PST Subject: Clipper (again) Message-ID: <199403242137.AA9017@comm.Tandem.COM> dwomack at runner.jpl.utsa.edu writes: >4. What keeps someone in a high government office > from misusing these keys? Especially since > item 1 is illegal due to antiwiretap laws > anyway? Nothing!!! That's the whole point! I don't remember who said it first, although I think it was someone on this list, but key escrow is just like giving the gov't a copy of your house keys, just in case they get a court order to search your home. (This assumes you have a break-in proof house I don't know about the rest of you, but a gov't with my house key makes scares the $*&!!@ out of me! G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/qhsAAAEEAN4QxTfSBoeP/FCiaX0/KmCkl6BcKRa1PeoP6ZlPWydg1nOx yZAk8pIdgiGxxgiMBMsqD+SrU+Sl1Fx1AdJ14HJsBp1V6G4rBTZqvFpbNPCfrQfz K/Apg+7bBpi5Qv+sQ0TWIy38zp/laArgcdUOpE4oE2UOUBVEtYvm47K2P+i5AAUR tC9HZW9mZnJleSBDLiBHcmFib3cgPGdyYWJvd19nZW9mZnJleUB0YW5kZW0uY29t Pg== =2NWi -----END PGP PUBLIC KEY BLOCK----- From GRABOW_GEOFFREY at tandem.com Thu Mar 24 21:38:02 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Thu, 24 Mar 94 21:38:02 PST Subject: WinPGP 1.0 is available! Message-ID: <199403242149.AA14649@comm.Tandem.COM> My partner and I have just completed work on a Windows interface to D PGP 2.3a called WinPGP. This program gives you the easiest way to use PG from your Windows environment. It is available (or will be VERY soon) via anonymous FTP on ftp.eff.o Mech at eff.org will make an announcement with the details of its location. Cypherpunks write code! Enjoy, G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/qhsAAAEEAN4QxTfSBoeP/FCiaX0/KmCkl6BcKRa1PeoP6ZlPWydg1nOx yZAk8pIdgiGxxgiMBMsqD+SrU+Sl1Fx1AdJ14HJsBp1V6G4rBTZqvFpbNPCfrQfz K/Apg+7bBpi5Qv+sQ0TWIy38zp/laArgcdUOpE4oE2UOUBVEtYvm47K2P+i5AAUR tC9HZW9mZnJleSBDLiBHcmFib3cgPGdyYWJvd19nZW9mZnJleUB0YW5kZW0uY29t Pg== =2NWi -----END PGP PUBLIC KEY BLOCK----- From johnkc at well.sf.ca.us Thu Mar 24 21:53:27 1994 From: johnkc at well.sf.ca.us (John K Clark) Date: Thu, 24 Mar 94 21:53:27 PST Subject: Smile For Big Brother Message-ID: <199403250604.WAA09337@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I'm an engineer at a TV station, one of our microwave receivers at the 800 foot level of our broadcast tower has been getting an odd signal for almost 3 weeks, it's black and white video of a house and it's on 24 hours a day 7 days a week. Out of curiosity I decided to find the house, it wasn't too hard I knew the bearing and I knew exactly what the house looked like. It turns out the house is in a middle class neighborhood in Miramar Florida (about 30 miles north of Miami). The tiny camera and antenna are crudely mounted with duct tape on a telephone pole across the street , it looks like it taps into the power lines for electricity. Nobody would ever notice it unless you knew precisely where to look and what to look for. We are receiving the signal at 2458 megacycles but I think that's a second harmonic, the primary signal must be at 1229 meg, a government frequency, known to be used by the DEA. John K Clark johnkc at well.sf.ca.us -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZJ3qnwRpTAWSvwVAQFsgwP8D+JmENH434G8QArys35R75dab5PA2ZHY PGLhH9u/hQh2kof3ZKjPtL1wfXlBvPRMwqBCJJWmkb9dDOvhxp4izc7eLMm/m8NK cYrii6gqz+E6c7V+A5ONhlqRxnw7mP0pOJ8wGI06lDneYb55SvnBIbssshYhFcTV kOb0tKG0MxY= =bvp/ -----END PGP SIGNATURE----- From hfinney at shell.portal.com Thu Mar 24 22:17:30 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 24 Mar 94 22:17:30 PST Subject: Digital Cash Message-ID: <199403250630.WAA26336@jobe.shell.portal.com> I too would like to hear more about tamper-proof software modules. They would be a natural for software implementations of Clipper (although perhaps too slow for many applications). Imagine running the Clipper algorithm on your own computer and it comes out with your key exposed to listeners armed with the proper black box, yet you cannot disable this exposure. Interesting thought. I doubt that these would work as digital cash observers, though, even if possible. It seems to me that the digicash observer has to retain some internal state. In effect, it has to remember which coins you have spent and which you have not. You can cheat, then, by checkpointing your computer just before spending a coin. After you spend, you restore the computer to exactly the same state it was in before you spent it. You then go somewhere else and spend the coin again. The observer has no way of knowing that these games have been played with its state, yet you have obtained twice the value of the coin. Most of the observer-based protocols are also after-the-fact double- spending-detection protocols as well, so that if the observer is defeated you can still catch the miscreant eventually. But the two problems with this are, first, that it prevents the client from being anonymous to the bank, and second, that the cheater can still multiple-spend quickly and then escape the country before being caught. It was pointed out on sci.crypt some months ago the irony that Chaum's privacy-preserving cash relies on similar tamper-resistant technology to the privacy-destroying Clipper chip. Hal From mg5n+ at andrew.cmu.edu Thu Mar 24 22:40:37 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 24 Mar 94 22:40:37 PST Subject: Insecurity of DES? Message-ID: There's been a lot of talk about how "easy" it is to break DES. As a mental exercise I decided to see just how difficult it would be for me if I really wanted to break a DES key. There are 116 publicly availiable unix workstations here on campus (DEC 3100s). Between 12 am and 8 am, there are rarely more than 50 users on the systems, including remote users. I could probably run processes on 50 of the unused machines for a few hours every night without being too much of a nuisance. Assuming I could try a million DES decryption operations a second on each (gross overestimation), how long would it take to brute force a DES key? Let's suppose for sake of argument that I could get the machines all day: 2^56 keys / 50 cpus / 1,000,000 per second / 60 seconds / 60 minutes / 24 hours = 16680 days = 45.7 years Of course, specially-designed hardware would be much faster. From mg5n+ at andrew.cmu.edu Thu Mar 24 22:41:33 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 24 Mar 94 22:41:33 PST Subject: Digital Cash In-Reply-To: <9403250506.AA02358@ininx> Message-ID: >> Quite a bit of work has already been done on this concept. >> Basically one generates a very large sequence of machine >> instructions which computes the image of the output of an >> algorithm under a strong cipher from the image of the input under >> the cipher. A controlled amount of redundant information is >> added to both the input and output. This yields a piece of code >> so obtuse and complex that nothing may be gleaned about what >> algorithm it is executing by observing it run. Figuring out what >> it actually is doing is a cryptanalytically hard problem. Also, >> determining a way of modifying the code which does not break it >> is a similarly hard problem. > >> Once encased in such a module, an algorithm may be distributed >> with no fear that it will be stolen. This raises interesting >> poblems with software patents, since one can not tell from such a >> module whether it is performing a function in a way which >> infringes. > >Fascinating!! Almost unbelievable! > >Can you provide references? This is not new. It's been used for years by software companies in copy-protection schemes. Ask anyone who's ever "cracked" software. Copy-protection systems rely on the fact that someone can not easily find and remove the algorythm which impedes duplication. There are three common ways of preventing this. First, the code is encrypted in layers and modules. Each module decrypts the next layer and rescrambles or erases the last. This prevents the attacker from getting an overall view of the program, as it is never all accessable at once, but it can be viewed in peices as it executes. Secondly, several layers of interpreted code can be used. Each layer interprets the next. In this way, no assembly language code ever exists in plaintext (except the first level interpreter). Finally, the program checksums itself to prevent tampering. These methods can never provide foolproof protection, but they can slow down attacks considerably. Even the most determined attacks can be delayed for weeks or months. But if they want it bad enough, they can probably reverse-engineer it - as has been said before, crypto is all economics. I've considered such possibilities for digital cash, but even if the algorithm could not be derived from the cryptographically protected software, it really doesn't solve the double-spending problem. You can just copy the entire module, along with all the money, and spend it twice (on seperate victims, of course). And all those layers of encryption can make it unbearably slow. From rpmartin at acs.ucalgary.ca Thu Mar 24 23:12:49 1994 From: rpmartin at acs.ucalgary.ca (Rob P. Martin) Date: Thu, 24 Mar 94 23:12:49 PST Subject: Run flat tires.. Message-ID: <9403250727.AA74825@acs1.acs.ucalgary.ca> I was thinking about the way the FBI says it needs the telephony bill because with all the new technology they are loosing the ability to wiretap those people that are using these new comunication methods. Then I thought, hey wait a minute. What about all those poor police officers that are out chasing bad guys on the street. Right now, they have the ability, in a high speed chase, to stop the fleeing vehicle by placing a spike belt on the road. But now a new technology is arriving. Run flat tires! (You know those new fangled high tech tires, with a solid piece of rubber that allow you to run with no air pressure) Oh NO! What are these poor police officers to do? I think the government should help them out. I think that we need the Car Stopper bill. All new cars should be built with an electronic device that allows the police to shut off the engine remotely. This will help keep the status quo. And all those people they now use the spike belts against, will still be able to be caught. Let's just hope that the fequency that they choose doesn't get into the hands of car jackers, and other criminals.. Food for thought, they just might think of it next. *Shiver* Rob -- Rob P. Martin | "Too many people with too little to rpmartin at acs.ucalgary.ca | do, too much to say, and too --------------------------| and too little brains to handle This space for rent. | both at the same time." Apply within. | R.G. Wells From tcmay at netcom.com Thu Mar 24 23:25:29 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 24 Mar 94 23:25:29 PST Subject: Digital Cash In-Reply-To: <199403242359.PAA17401@mail.netcom.com> Message-ID: <199403250739.XAA05683@mail.netcom.com> I'm having a hard time understanding the approach to digital money that Mike Duvos described here. Mike writes: > If multiple transactions involving the same instrument reveal the > double-spender, then appropriate action may be taken. One could > of course do the exact same transaction twice with the exact same person > using identical copies of the tamperproof module, but that would > yield no more data than having done the transaction only one time, and > certainly wouldn't create any additional value. The whole issue with digital cash has been centered around exactly this issue: detecting double-spending or, more properly, finding ways to give the receiver of such digital cash high confidence that the digital cash he receives will be honored/redeemed/converted to other forms of money. As David Chaum puts it, "there is no digital coin." That is, there is no representation of "digital money" that behaves like an unforgeable coin. So far as we know, of course. If Frank the Forger, to pick a standard sort of crypto example, takes a set of bits (possibly made with the elaborate system Mike Duvos described in an earlier posting) and copies that set of bits n times and then "spends" them n times, how can any of his recipients know that parallel transactions are happening, that the "same" money is being spent n times and that it is very likely that n - 1 of the recipients will be screwed? One approach is online clearing. Essentially, Roger the Recipient insists on "clearing" the digital money at the point of transaction, ensuring that some form of money he trusts (may be real money, the word of his banker, coupons, whatever) has been transferred into his account. At that point, the transaction is completed and Roger could care less about what happens later. (This is still a useful protocol, especially has communications bandwidths increase, as physical anonymity--the main feature of cash--is still possible. And the transfers are electronic, so stealable amounts of physical cash need not be carried, locked up, etc.) This approach resembles wire transfers of money, checks with immediate clearing, and lots of other financial instruments of one flavor or another. The other main approach is to build in to the blinding protocols which protect anonymity ways to detect the identity of those who spend a unit of digital money more than the specified number of times. "Double spenders" is the common term. This can avoid online clearing, but at the expense of additional protocol complexity and some peculiar wrinkles which can develop. Hal Finney has several times posted summaries of this approach and the issues involved. I must be missing something in Mike Duvos's explanation of how the system he describes can be used as a "digital coin" (my terminology, after Chaum). I can see the use for protecting algorithms--indeed, executable code that cannot be disassembled practically is the main way many programs are currently "protected" (that's what we mean when we say "source" is or is not provided). I just can't see how some set of bits representing a piece of money, however complex the bits may be, are protected from being copied and "spent" multiple times. Think of this form of digital money as the combination to a train locker containing money, or as a treasure map: whoever uses the number _first_ to get to the money, gets it. The others are out of luck. They may try to go after the guy who double-crossed them, but remember that he has anonymity (else, why bother?). Reputations do matter, of course, even digital reputations (_especially_ digital reputations, actually), and there are some fascinating approaches to digital money that involve third-party anonymous escrow services, reputation capital, etc. Lots of work to be done, and the crypto folks are generally now working on these issues of markets, reputations, and webs of trust. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From vkisosza at acs.ucalgary.ca Thu Mar 24 23:32:19 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 24 Mar 94 23:32:19 PST Subject: :220 HELO T1A Message-ID: <9403250747.AA62425@acs5.acs.ucalgary.ca> Hypothetical of hypothetical situations: - User has ISDN - User has PowerMac 8100-80 Needs a *secure* connection. Does any one know how I can chain it up? Is there a T1A connection to an Apple Nubus 90? Can I get a little bit of interference for a little privacy? Sorry to be the bother and thanks in advance. -- From Rolf.Michelsen at delab.sintef.no Thu Mar 24 23:48:24 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Thu, 24 Mar 94 23:48:24 PST Subject: Netherlands and Other European Countries In-Reply-To: <199403250025.QAA16496@mail.netcom.com> Message-ID: On Thu, 24 Mar 1994, Timothy C. May wrote: > As for the Netherlands being a hacker's paradise....recall that > telephone and other services are under the control of the "PTT" > (Postal, Telegraph, and Telephone monopoly) that's > so common in European countries. If they say "no modems may be > attached," that's the law. (I don't know the current status, but at > one time there were severe restrictions, heavy fees, etc.) European telecommunication is (slowly) being deregulated and demonopolized. For instance we now have two competing companies offering mobile telephony services in Norway -- not bad for a country of just 4 million people :-) > "Orderly societies" like those in Europe prize order and control over > the "cowboy" aspects of America. Just because the American debate > over Clipper and Digital Telephony is so loud and angry here in the > U.S. is no reason to believe that the same measures are not already > being put into place in Europe and parts of Asia. Perhaps the problem is that we don't have a "critical mass" of concerned people. The EU is not as integrated as the US (and Norway is not even a member!) so these matters are usually left to individual (and small) countries. -- Rolf ---------------------------------------------------------------------- Rolf Michelsen Phone: +47 73 59 87 33 SINTEF DELAB Email: rolf.michelsen at delab.sintef.no 7034 Trondheim Office: C339 Norway ---------------------------------------------------------------------- From darklord+ at CMU.EDU Fri Mar 25 01:42:35 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Fri, 25 Mar 94 01:42:35 PST Subject: :220 HELO T1A In-Reply-To: <9403250747.AA62425@acs5.acs.ucalgary.ca> Message-ID: Excerpts from internet.cypherpunks: 25-Mar-94 :220 HELO T1A by Istvan O. v. Keszi at acs.u > Hypothetical of hypothetical situations: > > - User has ISDN > - User has PowerMac 8100-80 > > Needs a *secure* connection. Does any one know how I can chain > it up? Is there a T1A connection to an Apple Nubus 90? Can I > get a little bit of interference for a little privacy? Ummm, if you just want to hook up a digital phone line to it so you could, say, speak into the microphone, sample that and PGP encrypt it then send it over the line where a person with similar software would decrypt and listen... (or maybe you just want a fast data link, anyway) The power MAcs, I belive, are equipped with fast serial lines (GeoPort) and you can purchase an ISDN compatable modem to interface to the Mac. I don't belive you need to mess around with NuBus cards at all. Now, just a little hacking around with the Sound Manager and MacPGP... Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From rishab at dxm.ernet.in Fri Mar 25 06:09:23 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 25 Mar 94 06:09:23 PST Subject: Hypertext 'Hacker Crackdown' Message-ID: Read Bruce Sterling's Hacker Crackdown through WWW! Hypertext indexed through a contents page... http://martigny.ai.mit.edu/~bal/sterling/contents.html ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From mpd at netcom.com Fri Mar 25 07:33:08 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 25 Mar 94 07:33:08 PST Subject: Digital Cash Message-ID: <199403251544.HAA10502@mail.netcom.com> Tim writes: > If Frank the Forger, to pick a standard sort of crypto > example, takes a set of bits (possibly made with the > elaborate system Mike Duvos described in an earlier posting) > and copies that set of bits n times and then "spends" them n > times, how can any of his recipients know that parallel > transactions are happening, that the "same" money is being > spent n times and that it is very likely that n - 1 of the > recipients will be screwed? I didn't mean to oversell the degree to which the scheme deters multiple spending. It doesn't prevent multiple spending. It merely breaks the anonymity of the perpetrator if two or more people he has transacted the same note with break their own anonymity and voluntarily cooperate with the bank. There is nothing to prevent you from making N copies of your floppy, spending each one, and hopping the next plane to Argentina. Sad but true. In the real world, there would have to be some sort of limit on the number of times such a spoofed transaction could propagate before being cleared with the central bank, much like restrictions on multiple-party checks today. Merchant cooperation would also be necessary. Probably easy to get with the corner store than with the local cocaine dealer. > The other main approach is to build in to the blinding > protocols which protect anonymity ways to detect the > identity of those who spend a unit of digital money more > than the specified number of times. "Double spenders" is the > common term. This can avoid online clearing, but at the > expense of additional protocol complexity and some peculiar > wrinkles which can develop. This is really all I had in mind. Again, double spending is discouraged but not prevented. If you are leaving town and never returning, you can go on a shopping spree. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Fri Mar 25 07:44:27 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 25 Mar 94 07:44:27 PST Subject: Digital Cash Message-ID: <199403251556.HAA22964@jobe.shell.portal.com> I sent mail to Stefan Brands yesterday asking about what kind of information is retained by the (hardware-based) observer in his digital cash system. Brands has worked with Chaum in the past and is now seeking funding (via Usenet, apparently) for development of his own digital cash and anonymous transaction technology, which he claims is greatly improved over existing systems in terms of memory and computation requirements. Brands explained that the way his system works, the user *never* has all the information needed to represent the "digital coin". Instead, the user has part of the information, and the tamper-resistant observer chip has the other part. To spend the coin, the user and the chip have to cooperate in the protocol. Then the chip can mark its own information about that coin as having been spent, or even erase it altogether. It is this change in the internal state of the observer chip which lets it prevent double-spending (and which arguably could be defeated in any software rep- resentation of an observer). I have always been skeptical of this observer-chip approach, because it wasn't clear that it was feasible to make a tamper-resistant chip economically, and because the specialized hardware that would be required would prevent the system from being used on widely-available PCs. However, now we see that our military rulers apparently trust tamper-resistant technology well enough to put it into thousands of public hands, without fear that even one chip will be opened and read. Breaking an observer only lets you double-spend the coins it holds, while breaking Clipper allows you to permanently defeat the escrow provisions of the whole system. So this suggests that the technology is adequate for observers. As for the specialized hardware, probably a more realistic picture of the digital cash user of the future is someone holding a PDA in his hand, with possibly an infrared or cellular modem link, rather than the hacker sitting at home in front of his PC. In that context it may be realistic to imagine custom PDA's which support secure offline cash as a practical product. Hal From sameer at soda.berkeley.edu Fri Mar 25 08:22:01 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 25 Mar 94 08:22:01 PST Subject: [comp.home.misc] Internet access/digicash Message-ID: -----BEGIN PGP SIGNED MESSAGE----- There has been a post to comp.home.misc about how we need net providers to keep accounts of where people access on the net so that they can be charged for the net services they use. I replied saying that we need it in a digital cash scheme. Those more knowledgeable about the specifics of digicash might want to check out that group and field any questions, if they may arise. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZMRqni7eNFdXppdAQHTrQQAkdRmUoq9OBO2dOW0sZO6w1TNPRi7FTF+ rLxvUdIjMBfFE8VI7ndBLZNbnBX/uuVvTrDyBjNLv1DGaoW/Bk+Ew9J5PDb383bE j3e4QslvTRDXhRatrC3diiqNLLi6Bm65JfTUic0izAqvLKpnNci3rzFdh0kw0x0n +Si5atV8ABA= =UifB -----END PGP SIGNATURE----- From unicorn at access.digex.net Fri Mar 25 09:20:21 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 25 Mar 94 09:20:21 PST Subject: Run flat tires.. Message-ID: <199403251733.AA09333@access3.digex.net> -> I think the government should help them out. I think that we need the Car Stopper bill. All new cars should be built with an electronic device that allows the police to shut off the engine remotely. This will help keep the status quo. And all those people they now use the spike belts against, will still be able to be caught. <- LoJack was marketing such a device, I believe it's still available. The upshoot was: 1> Report your car stolen. 2> Police locate signal from LoJack 3> Signal sent to car telling it to kill ignition which it does. No chase, no mess. What stops police from killing the ignition of your car when they are interested in you, is an exercise for the reader. From mpd at netcom.com Fri Mar 25 09:45:56 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 25 Mar 94 09:45:56 PST Subject: Real Digital Money Message-ID: <199403251801.KAA03340@mail.netcom.com> While we are discussing digital cash systems, I just happened to notice that a local BBS I use is now accepting a form of digital cash for subscriptions and services. They have solved the conversion problem between physical money and digital money in a rather interesting way which I thought I would pass along. Through a commercial firm by the name of True Media, Inc, located in Florida, one can obtain a 7 digit token in return for a $10 charge to ones phone bill by calling a 900 number. An automated voice system reads you the 7 digit number without the need for human intervention. Said tokens may then be enclosed in Email to the Sysop when requesting subscription upgrades and will be accepted as if they were real money. Although this is primitive compared to the protocols we have been discussing, it is kind of neat. Using an automated response system on a 900 number in order to convert dollars into digital tokens is an innovative approach. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From VACCINIA at UNCVX1.OIT.UNC.EDU Fri Mar 25 11:00:47 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Fri, 25 Mar 94 11:00:47 PST Subject: Insecurity of DES? Message-ID: <01HAE4LQ7YJM000RCF@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Matthew Ghio wrote about a gedanken experiment in breaking DES: >45.7 years >Of course, specially-designed hardware would be much faster. See "Efficient DES Key Search" by Micheal J. Weiner, Bell-Northern Research, P.O. Box 3511 Station C, Ottawa, Ontario, K1Y4H7, Canada. Abstract. Despite recent improvements in analytic techniques for attacking the Data Encryption Standard (DES), exhaustive key search remains the most practical and efficient attack. Key search is becoming alarmingly practical. We show how to build an exhaustive DES key search machine for $1 million that can find a key in 3.5 hours on average. The design for such a machine is described in detail for the purpose of assessing the resistance of DES to an exhaustive attack. This design is based on mature technology to avoid making guesses about future capabilities. This manuscript is available by FTP but I don't remember where, does anyone else? At least for a known-plaintext attack, specially designed hardware of the type described in the paper is, indeed, much faster. The author mentions the prudence of using DES in triple-encryption mode. I like BIG keys. Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZM1jj2paOMjHHAhAQGeZQP+NVjSVNT2vb5s414pMo3p+drsJYkDObri 7PLy2RNmwww1ZIUArBLwmivKGNoU6mZUBgk425rP7XzMMrYYrYxmrWM97XcC+fmv gwffcpKOSZ/OcjZ9n1EoD3jqSJR885ywqyY7Bqljx0Mj1YJ9NbJZ05FHrX/Int21 kc8XPiq8iPU= =90+w -----END PGP SIGNATURE----- From huntting at glarp.com Fri Mar 25 13:48:25 1994 From: huntting at glarp.com (Brad Huntting) Date: Fri, 25 Mar 94 13:48:25 PST Subject: Run flat tires.. In-Reply-To: <199403251733.AA09333@access3.digex.net> Message-ID: <199403252138.OAA09031@misc.glarp.com> > 1> Report your car stolen. > 2> Police locate signal from LoJack > 3> Signal sent to car telling it to kill ignition which it does. > No chase, no mess. If this is the same device I heard of, it has an alarm system which will call the police on your mobile phone and report that it is being stolen. brad From mpd at netcom.com Fri Mar 25 13:52:04 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 25 Mar 94 13:52:04 PST Subject: Real Digital Money In-Reply-To: <9403251944.AA24214@ig1.att.att.com> Message-ID: <199403252023.MAA25282@mail.netcom.com> Kevin Q. Brown writes: > I'm intrigued about the use of a 900 number because I thought > that they were prohibitively expensive for a small-scale > business to run. I believe they cost a small fortune if you get the service from the phone company, with high startup and monthly minimum. There are, however, firms that act as resellers of the phone company service, and most of the smaller fly-by-night 900 operations do business with these. They can set you up as a 900 business inexpensively enough to allow even small enterprises to use 900 service. A lot of the weirder information hotlines come through such companies, and all you have to give them is a tape of your message and a small fee for the service -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From gtoal at an-teallach.com Fri Mar 25 15:41:45 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 25 Mar 94 15:41:45 PST Subject: Netherlands and Other European Countries Message-ID: <199403251937.TAA01790@an-teallach.com> > P.S. Is anyone worried that the Netherlands seems on the verge of > banning PGP? Wasn't this country once a hacker's paradise? As for the Netherlands being a hacker's paradise....recall that telephone and other services are under the control of the "PTT" (Postal, Telegraph, and Telephone monopoly) that's so common in European countries. If they say "no modems may be attached," that's the law. (I don't know the current status, but at one time there were severe restrictions, heavy fees, etc.) .nl has that reputation because before last year phone phreaking specifically wasn't a criminal offense - if you could get free service off the telco by blowing whistles down their phones, that was the telco's loss. Last year they introduced new laws which made this illegal. The laws also appear to affect computer hacking, but the situation (last time I looked) was much less clear. Maybe someone has been charged by now so we'll know one way or another if the phone laws were successfully applied to computer hacking. Ask the guys at Hactic, De Zwarte Star, and BILWET (Amsterdam Association for the Dissemination of Illegal Science) about the surveillance done on them by the BVD, the Binnenlandse Veilegheids Dienst, the Dutch Internal Security Service. I'll save you the bother - this is from Hacktic from last year: Path: ibmpcug!ibmpcug!pipex!uunet!elroy.jpl.nasa.gov!lll-winken!telecom-request From: rop at hacktic.nl (Rop Gonggrijp) Newsgroups: comp.dcom.telecom Subject: Tapped Phone Message-ID: Date: 19 Jun 92 07:09:19 GMT Sender: Telecom at eecs.nwu.edu Organization: Hack-Tic Magazine Lines: 187 Approved: Telecom at eecs.nwu.edu X-Submissions-To: telecom at eecs.nwu.edu X-Administrivia-To: telecom-request at eecs.nwu.edu X-Telecom-Digest: Volume 12, Issue 497, Message 1 of 7 I had a STRANGE experience with one of the Hack-Tic phones this week. It all started on Friday, June 12th when the modem hooked up to the Waffle station that is posting this message (and all the other traffic from and to the hacktic.nl domain) did not work anymore. I started up LanAssist to control the Waffle station and initiated a poll to our Internet host 'sun4nl'. The Waffle station is in our 'server closet'. It's an unattended and diskless 286 with no keyboard or monitor hooked up. The modem picked up the line and a high-pitched tone came from the modem speaker. So the modem is broken I thought. I started up Telix and 'talked' to the modem directly. Same high-pitched tone. I reset the modem. Same tone. This modem is fairly new, and although it had functioned properly most of the time, we were not really happy with it because the V42bis mode wasn't totally 'hang-proof'. So we concluded: the modem is broken. The next day Felipe and Paul came over and tried to fix the problem. Felipe and Paul are the Hack-Tic network trouble-shooting team. They brought two other high-speed modems to confirm that the modem was broken. They hooked up number one and tested it. Same high-pitched tone. After a few very puzzled looks we had to make a wild assumption: It wasn't our flaky equipment that was at fault; it could be the well-oiled machinery of The Phone Company that was messed up. Bill, our chief telephone engineer, well known to all of you for his 'sometimes-a-little-too-knowledgeble' posts quickly hooked up a telephone (that had not been attached to that line before) and picked it up. Same high-pitched tone. The dial-tone was audible in the background, but overpowered by the tone. The dialtone had been there all the time but the quality of the average modem speaker leaves something to be desired. When he hooked up our New York Telephone test-set he noticed that the high-pitched tone was even there when the phone was on the hook. Bill used the Demon-Dialer (our homebrew high-precision tone-generator) and found out that the tone was EXACTLY 3000 Hz, so it had to be crystal generated. This ruled out any spurious oscillations. As a last check we went to the point where all the wires come into our flat. We unscrewed the wires leading in and clipped the test-set onto the wires leading out. Same high-pitched tone. That Saturday night the error was reported to the PTT and that was it. So we thought. On Sunday the problem was still there (the PTT only fixes things in the weekend if you are a major customer that is planning on buying one of their PBXs). Bill checked to see that the tone was still there by picking up the test set that was still plugged in. Then I picked up our voice-line to make an outgoing call to Felipe. Bill's face went through several emotions within a few seconds. Finally he said 'Hmmm ... ehrr .... pfah ...'. When I looked at him rather puzzled he added: 'hgggggnaaaah ...'. I told Felipe to hold on. Bill started explaining that he heard my voice on the other line, but that it sounded scrambled. I asked Nils (who was also here, it's usually rather busy here) to talk to Felipe for a while and took the test-set from Bill. Yep, it was there all right. Scrambled voices. ------------------------------------------------------------- Short Intermezzo About Voice Scrambling One of the easiest ways to scramble someone's voice is to invert the speech. It works as follows: you take a tone and subtract the audio from it. In more technical terms: You single-sideband modulate the audio onto the tone. Dutch police uses this technique extensively for their medium security traffic. Every real scanner-freak has a retrofit in his scanner to undo this. It does keep the absolute lamers from listening in I guess. Speech inversion may be a quite simple process that does not involve many parts, but it is by no means something that happens at random. (Or at least not in a voice-frequency environment) ------------------------------------------------------------- Now there is a lot of thing that can go wrong in a phone system that cause a tone. Causing a frequency inversion of the audio on one line to another line is quite something else. Especially if you know that both lines are hooked up to different COs. The data line is hooked up to a fully digital Ericcson AXE switch, the voice line goes to a PRX (Processor Reed Exchange), which compares to a 1A/ESS in US terms. We spent the rest of that sunday looking for alternatives for what seemed to be the only possible conclusion: someone had hooked up something to our line that did not belong there. Even more so: they had messed up badly. I decided that the time had come for some social engineering. I had barely used my engineering skills since I had more or less given up on my active hack/phreak career and started publishing a hacker-magazine. This Monday (June 15th) I called the main access number of the PTT Amsterdam office and asked for the number of the Diemen 'hoofdverdeler', where my lines come in. The 'hoofdverdeler' is where all the lines for an entire area come in. They are split up to the offices serving that area from there. The phone at extension 2018 (+31 20 674 2018 to be precise) was answered by Fred. I explained that I was a service mechanic (I only used my first name, like they all do) at a customer's house and that there seemed to be a strange tone on the line. I was not the first to tell him of the problem. In fact, he had allready received a call from another service mechanic trying to fix the problem. He said that the line was rewired using colorcode-2, a code, he explained, that they don't normally use in that office. The in- and outgoing point for my data-line did connect according to his beep-device, but they were different wires. I asked him to follow the wires, and he did. He came back to the phone to tell me that my line had been hooked up to a small rack that he had never seen before. He looked further and concluded that it was the rack for internal lines to that building. When I asked him to clip my line loose from that rack he said that he could not do that. Because if it was not his color code, his instructions were not to mess with it. He said that this was the first time he saw so many of 'us from outside works' working on something. Knowing I could not convince him, and having all the information I wanted, I said goodbye and hung up. I thought about this for a while and decided to call Fred back and play it open with him. I told him that I was the subscriber, and not a technician. I told him what I thought the device was. He did not dispute my theory, but did not confirm it either. We chatted for quite a while. He wanted to know where my telephone knowledge came from, and I explained about Hack-Tic, phreaking, international signalling systems and so forth. When I asked him if he had seen lines with code-2 before he hasitated for about five seconds and said: 'Well, your line is being fixed. I'd say just wait and see'. I knew I was asking a question that he was not allowed to answer. We hung up. By this time our mailbox had been emptied, and it revealed a card from a service mechanic that had apparently tried to visit us early that moring (all morning is early to hackers). So I called the office and made an appointment for the morning of the next day, knowing that the problem would probably be gone by then. For the next few hours I heard people testing on the modem line (little ticks). But as evening came, the beep was still there. So early this morning, a man from the PTT arrived. He looked at the problem and was quite puzzled by it. He then said that they could not locate the problem, but that he believed that it was located between the office and me. In a sense this was true, because the 'hoofdverdeler' is indeed between the office and me. He decided to work around the problem. He whipped out a cell-phone and called his buddies at the other end. Together they put my line on a completely different wire leading from the CO to here. No more high-pitched tone. As I write this on Thursday afternoon, it all still needs a little time to sink in. It seems that the only conclusion is that somebody wanted to tap my lines, and hooked up the two lines that they wanted tapped to the in- and output of the tapping device instead of using two inputs. So the audio that was supposed to be fed to them (scrambled so that anybody just testing the wire could not hear what was going on) came back on my second line. The 3000 Hz tone was used to indicate that the line was not currently in use. As soon as I picked up, the tone would be replaced by a scrambled signal using the 3000 Hz as it's offset. So if this was a real attempt to tap us, they would have the two lines used to transport our audio hooked up to the in- and output of the second circuit. They would have tapped themselves. If you publish a hacker magazine, the notion that at least some of your phones are tapped some of time is not that far-fetched. Why do it so obvious? This could be an illegal tap. It could be one done by and for the PTT itself (they are the main subject of our publication after all). It could be ... Why guess. I'm not paranoid, and I don't want to be. If they tap my lines that is fine. Everything we say over the phone is considered public anyway. If they pay me, I'll transcribe all the important calls myself. Our network, used to spread information to and from the computer underground was down for two days. Now THAT PISSES ME OFF! Rop Gonggrijp (rop at hacktic.nl) from Amsterdam From GRABOW_GEOFFREY at tandem.com Fri Mar 25 16:42:39 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Fri, 25 Mar 94 16:42:39 PST Subject: Digital cash & multiple spending. Message-ID: <199403251710.AA825@comm.Tandem.COM> I work with many institutions that use or create POS systems. Some of them have gone to using tamper resistant smart cards that debit themselves and "can't be modified by a user.". The card has some keys and some crypto stuff in 'em that only allows authorized locations (those with the keys) to credit the balance on the card. It's my understanding that the cards cost around $7 and with care have a MTBF of 18-24 months. Additionally, these systems, which are offline, execute batch jobs at night to compare the spent monies with the balance in the bank's database. If anyone has gone over their limit, the card is flagged and a "HOT" card file is downloaded to the POS locations. The POS device will not allow "HOT" cards to be used. This limits multiple spending to a 24 hour period. G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/qhsAAAEEAN4QxTfSBoeP/FCiaX0/KmCkl6BcKRa1PeoP6ZlPWydg1nOx yZAk8pIdgiGxxgiMBMsqD+SrU+Sl1Fx1AdJ14HJsBp1V6G4rBTZqvFpbNPCfrQfz K/Apg+7bBpi5Qv+sQ0TWIy38zp/laArgcdUOpE4oE2UOUBVEtYvm47K2P+i5AAUR tC9HZW9mZnJleSBDLiBHcmFib3cgPGdyYWJvd19nZW9mZnJleUB0YW5kZW0uY29t Pg== =2NWi -----END PGP PUBLIC KEY BLOCK----- From hlin at nas.edu Fri Mar 25 19:23:40 1994 From: hlin at nas.edu (Herb Lin) Date: Fri, 25 Mar 94 19:23:40 PST Subject: a citation sought.. Message-ID: <9402257646.AA764665027@nas.edu> I'm looking for the paper of last year that suggested how insecure 56 bit DES is against NSA-scale computers. Citation? Or if it's on line, so much the better. thanks.. herb From sommerfeld at orchard.medford.ma.us Fri Mar 25 19:45:03 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 25 Mar 94 19:45:03 PST Subject: Digital Cash In-Reply-To: <199403251556.HAA22964@jobe.shell.portal.com> Message-ID: <199403260412.XAA00321@orchard.medford.ma.us> I have always been skeptical of this observer-chip approach, because it wasn't clear that it was feasible to make a tamper-resistant chip economically, and because the specialized hardware that would be required would prevent the system from being used on widely-available PCs. Think "PCMCIA" here.. not just laptops, but now desktop systems and palmtop systems are starting to get PCMCIA slots these days. - Bill From mcable at cs.tufts.edu Fri Mar 25 20:02:34 1994 From: mcable at cs.tufts.edu (Matt Cable) Date: Fri, 25 Mar 94 20:02:34 PST Subject: WinPGP 1.0 is available! In-Reply-To: <199403242149.AA14649@comm.Tandem.COM> Message-ID: On 24 Mar 1994 GRABOW_GEOFFREY at tandem.com wrote: > My partner and I have just completed work on a Windows interface to D > PGP 2.3a called WinPGP. This program gives you the easiest way to use PG > from your Windows environment. > > It is available (or will be VERY soon) via anonymous FTP on ftp.eff.o > Mech at eff.org will make an announcement with the details of its location. > > Cypherpunks write code! Doh! Beat me by a few days! Well...there'll soon be another. Thought I was the only one who'd noticed the lack of a Windows client. Ahhh well.. I'll keep you all posted. *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* \|/ mcable at cs.tufts.edu Matt Cable <0-0> wozz at wozz.ext.tufts.edu MTUC Jackson Labs -----o00-O-00o----- wozzeck at mindvox.phantom.com Tufts University GCS/MU -d+ -p+ c++++ l++ u++ e+ m++(*) s++ !n h+ f* g+ w++ t+ r- y+ *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* From tcmay at netcom.com Fri Mar 25 20:30:27 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 25 Mar 94 20:30:27 PST Subject: Digital Cash In-Reply-To: <199403260412.XAA00321@orchard.medford.ma.us> Message-ID: <199403260507.VAA02291@mail.netcom.com> > I have always been skeptical of this observer-chip approach, because it > wasn't clear that it was feasible to make a tamper-resistant chip > economically, and because the specialized hardware that would be > required would prevent the system from being used on widely-available > PCs. > > Think "PCMCIA" here.. not just laptops, but now desktop systems and > palmtop systems are starting to get PCMCIA slots these days. > > - Bill I have two devices that support PCMCIA-type slots: an Apple Newton and an H-P 48sx (technically not a PCMCIA, but very close). In both cases the slot is "spoken for" with memory cards. I suspect this is the case with many of the laptops now beginning to sport PCMCIA capability: the customers will not look kindly to having to fill the slot of their whizbang laptop with a VISA or Digital Express observer-chip card. Some may, and some will willingly swap cards when the need arises (the newer PCMCIA cards allow hot-socketing, i.e., removal while powered). Many won't. The upshot: an observer-chip system predicated on having access to an available PCMCIA slot will be a market failure, at least in the next several years. (May be a moot point, as I see no move towards observer-chip protocols happening anytime soon.) Personally, I expect personal crypto dongles and/or similar gadgets to be self-contained, in a wearable form. Maybe pendants, maybe rings (real decoder rings!), maybe wristwatches. Communication will be by inductive coupling or similarly robust links. (Inductive, noncontacting transfer would allow implantation of the unit. IR transfer through the skin is also possible.) Little storage is needed for crypto keys, so the full capacity of a PCMCIA card (tens of megabytes of flash memory, for example) is overkill. An observer-chip system may need more storage, but not the full capacity of a PCMCIA card of today. Hence, smaller size is possible. Hence, wearable. Hence, always with the owner. Just my view. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri Mar 25 21:10:34 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 25 Mar 94 21:10:34 PST Subject: (fwd) THE INTERNET CODE RING - PGP info Message-ID: <199403260548.VAA06765@mail.netcom.com> Cypherpunks, I found this in alt.wired tonight. I don't recall seeing this particular interview published before, but I could be losing track of what's out there---Zimmermann has been interviewed a lot. We (Cypherpunks) are mentioned in the interview. --Tim May From: jsquires at nic.cerf.net (James A. Squires) Newsgroups: alt.wired Subject: THE INTERNET CODE RING - PGP info Date: 23 Mar 1994 06:58:47 GMT Organization: CERFnet Lines: 370 Keywords: PGP This was sent to me. I found it a great explanation for how PGP works (non-tech), and the concept of a public key. It is an interview with the author. Hope y'all find in useful ^_^ -JAS -------------------------------------------------------------- THE INTERNET CODE RING! An Interview with Phil Zimmerman, creator of PGP We were sitting in a circle on the floor at the Computers, Freedom, and Privacy conference, March '93 in San Francisco, St. Jude and I with Tom Jennings, Fen La Balme, et al, discussing encryption and other neophiliac rants when a dapper fellow wandered by with a beard on his face and a tie hanging from his neck. He picked up Jude's copy of bOING-bOING number 10 and glanced through it, clearly interested. I later learned that this was Phil Zimmerman, creator of PGP ("Pretty Good Privacy"), so I tracked him down and we talked for the record. Jon: I'm fairly nontechnical, and I'm also new to encryption. I spent some time recently on the cypherpunks' list, and I have a pretty good sense of what's going on, but maybe you can tell me in your own words how you came to write PGP, and what your philosophy is, especially with distribution. Phil: Well, okay. PGP, which means "Pretty Good Privacy" is a public key encryption program, it uses a public key encryption algorithm, which means that you can encrypt messages and you can send them to people that you've never met, that you've never had a chance to exchange keys with over a secure channel. With regular encryption, the kind that everybody has heard about, you encrypt a message, it scrambles it up, renders it unintelligible, and then you send it to someone else, and they can descramble it, decrypting it. They have to use the same key to decrypt it as you used to encrypt it. Well, this is a problem, this is inconvenient, because how are you going to tell them what that key is, what're you going to do, tell them over the telephone? If someone can intercept the message, they can intercept the key. So this has been the central problem in cryptography for the past couple of millenia. There's been a lots of different ways of encrypting information, but they all have this problem. If you had a secure channel for exchanging keys, why do you need any cryptography at all? So, in the late 1970s, somebody came up with an idea for encrypting information with two keys. The two keys are mathematically related. You use one of the keys to encrypt the message, and use the other key to decrpyt the message. As a matter of fact, the keys have a kind of yin-yang relationship, so that either one of them can decrypt what the other one can encrypt. So everybody randomly generates a pair of these keys, the keys are mathematically related, and they can be split apart like cracking a coin in half, and the jagged edges stick together just right. They can publish one of the keys, and keep the other one secret. Now, unlike cracking the coin in half, you can't look at the jagged edge, and figure out what the other jagged edge is going to look like. In fact, you can't look at the published key and figure out what the secret key is without spending centuries of supercomputer time to do it. This means that any time anybody wants to send you a message, they can encrypt that message with your public key, and then you can decrypt the message with your secret key. If you want to send them a message, then you can encrypt the message with their public key, and then they can decrypt it with their secret key. Everybody who wants to participate in this system can generate a pair of these keys, publish one of them, and keep the other one secret. Everybody's published key can end up in a big public key directory, like a phone book, or an electronic bulletin board, or something like that. You can look up somebody's public key, encrypt a message to them, and send it to them. They're the only ones that can read it, because they're the only ones that have the corresponding secret key. J: Are there any such directories now? P: Well, actually, there are starting to be directories like that. For PGP, there are some public key directories on Internet. You can just send an electronic inquiry saying "Give me the key for [somebody]," and it'll send you their key back, their public key. J: The convention I've seen has been the inclusion of the public key in an email message posted to a mailing list. P: You can do that, you can include your own public key when you send a message to someone, so that when they send you a reply, they'll know what public key to use to send the reply. But the problem...there is an achilles heel with public key cryptography, and I'll get to that in a minute. But first, let me explain authentication. If I want to send you a message, and prove that it came from me, I can do that by encrypting it with my own secret key, and then I can send you the message, and you can decrypt it with my public key. Remember I said that the keys are in this yin-yang relationship, so that either one can decrypt what the other one encrypts. If I don't care about secrecy, if I only cared about authentication, if I only wanted to prove to you that the message came from me, I could encrypt the message with my own secret key and send it to you, and you could decrypt it with your public key. Well, anyone else could decrypt it to, because everyone has my public key. If I want to combine the features of secrecy and authentication, I can do both steps: I can encrypt the message first with my own secret key, thereby creating a signature, and then encrypt it again with your public key. I then send you the message. You reverse those steps: first you decrypt it with your own secret key, and then you decrypt that with my public key. That's a message that only you can read and only I could have sent. We have secrecy and authentication. So you get authentication by using your own secret key to decrypt a message, thereby signing the message. You can also convince third parties like a judge that the message came from me. That means that I could send you a financial instrument, a legal contract or some kind of binding agreement. The judge will believe that the message did come from me, because I am the only person with the secret key, that could have created that message. Now, public key cryptography has an achilles heel, and that achilles heel is that, suppose you want to send a message to someone, and you look up their public key, on a bulletin board, for example. You take their public key and you encrypt the message and then send it to them, and presumably only they can read it. Well, what if Ollie North broke into that BBS system? And he subsituted his own public key for the public key of your friend. And left your friend's name on it, so that it would look like it belonged to your friend. But it really wasn't your friend's public key, it was Ollie's public key that he had created just for this purpose. You send a message, you get the bulletin board to tell you your friend's public key, but it isn't your friend's public key, it's Ollie's public key. You encrypt a message with that. You send it, possibly through the same bulletin board, to your friend. Ollie intercepts it, and he can read it because he knows the secret key that goes with it. If you were particularly clever, which Ollie North isn't because we all know that he forgot to get those White House backup tapes deleted...but suppose he were clever, he would then re-encrypt the decrypted message, using the stolen key of your friend, and send it to your friend so that he wouldn't suspect that anything was amiss. This is the achilles' heel of public key cryptography, and all public key encryption packages that are worth anything invest a tremendous amount of effort in solving this one problem. Probably half the lines of code in the program are dedicated to solving this one problem. PGP solves this problem by allowing third parties, mutually trusted friends, to sign keys. That proves that they came from who they said they came from. Suppose you wanted to send me a message, and you didn't know my public key, but you know George's public key over here, because George have you his public key on a floppy disk. I publish my public key on a bulletin board, but before I do, I have George sign it, just like he signs any other message. I have him sign my public key, and I put that on a bulletin board. If you download my key, and it has George's signature on it, that constitutes a promise by George that that key really belongs to me. He says that my name and my key got together. He signs the whole shootin' match. If you get that, you can check his signature, because you have his public key to check. If you trust him not to lie, you can believe that really is my public key, and if Ollie North breaks into the bulletin board, he can't make it look like his key is my key, because he doesn't know how to forge a signature from George. This is how public key encryption solves the problem, and in particular, PGP solves it by allowing you to designate anyone as a trusted introducer. In this case, this third party is a trusted introducer, you trust him to introduce my key to you. There are public key encryption packages currently being promoted by the U.S. Government based on a standard called Privacy Enhanced Mail, or PEM. PEM's architecture has a central certification authority that signs everybody's public key. If everyone trusts the central authority to sign everyone's key, and not to lie, then everyone can trust that they key they have is a good key. The key actually belongs to the name that's attached to it. But a lot of people, especially people who are libertarian-minded, would not feel comfortable with an approach that requires them to trust a central authority. PGP allows grassroots distributed trust, where you get to choose who you trust. It more closely follows the social structures that people are used to. You tend to believe your friends. J: Did you make a conscious decision up front, before you started programming PGP, that you were going to create something that would be distributed in this grassroots way, free through the Internet. P: Well, there were some software parts of PGP that I developed some years ago, as far back as 1986, that I developed with the intention of developing commercial products with it someday. Over the years that followed, I developed a few more pieces that I hoped someday to turn into a commercial product. But, when it finally came down to it, I realized that it would be more politically effective to distribute PGP this way. Besides that, there is a patent on the RSA public key encryption algorithm that PGP is based on. I wrote all of the software from scratch. I didn't steal any software from the RSA patent holders. But patent law is different from copyright law. While I didn't steal any software from them, I did use the algorithm, the mathematical formulas that were published in academic journals, describing how to do public key cryptography. I turned those mathematical formulas into lines of computer code, and developed it independently. J: Did you originally intend to license that? P: When I first wrote the parts of it back in 1986, I did. But I began in earnest on PGP in December of 1990. At that time, I had decided that I was going to go ahead and publish it for free. I thought that it was politically a useful thing to do, considering the war on drugs and the government's attitude toward privacy. Shortly after I stared on the development, I learned of Senate Bill 266, which was the Omnibus Anticrime Bill. It had a provision tucked away in it, a sense of Congress provision, that would, if it had become real hard law, have required manufacturers of secure communications gear, and presumably cryptographic software, to put back doors in their products to allow the government to obtain the plain text contents of the traffic. I felt that it would be a good idea to try to get PGP out before this became law. As it turned out, it never did pass. It was defeated after a lot of protest from civil liberties groups and industry groups. J: But if they could get away with passing it, they would still take the initiative and try. P: Well, yeah, actually...it started out as a sense of Congress bill, which means that it wasn't binding law. But those things are usually set to deploy the political groundwork to make it possible later to make it into hard law. Within a week or so after publishing PGP, Senate Bill 266 went down in defeat, at least that provision was taken out, and that was entirely due to the efforts of others, I had nothing to do with that. PGP didn't have any impact, it turned out, at all. So that's why I published PGP. J: Several of my friends are involved in cypherpunks, and I've been on their mailing list...are you affiliated in any way with cypherpunks? Are you getting their mailing list? P: I was on their mailing list for a couple of days, but I found that the density of traffic was high enough that I couldn't get any work done, so I had them take me off the list. J: The reason I bring cypherpunks up is that they seem to have almost a religious fervor about encryption . I was wondering if you share that. P: I don't think of my own interest in cryptography as a religious fervor. I did miss some mortgage payments while I was working on PGP. In fact, I missed five mortgage payments during the development of PGP, so I came pretty close to losing my house. So I must have enough fervor to stay with the project long enough to miss five mortgage payments . But I don't think it's a religious fervor. J: I'm impressed with the way encryption in general and PGP in particular have caught on with the press, how it's become within the last year. P: Well, PGP 1.0 was released in June of '91. It only ran on MS DOS, and it didn't have a lot of the features necessary to do really good key certification, which is that achilles' heel that I told you about. Theoretically, you could use it in a manual mode to do that, but it wasn't automatic like it is in PGP 2.0 and above. The current release of PGP is 2.2. It's a lot smoother and more polished that 2.0 was. 2.0 was tremendously different than 1.0, and the reason the popularity has taken off so much since September, when it was released, is because it ran on a lot of UNIX platforms, beginning with 2.0. Since the main vehicle for Internet nodes is UNIX platforms, that made it more popular in the UNIX/Internet world. Since Internet seems to be the fertile soil of discourse on cryptography, the fact that PGP 2.0 began running on UNIX platforms has a lot to do with it's popularity since that version was released...Tthat was in September of '92. J: The easiest way to get PGP is through FTP from various sites? P: Yeah. Most of them European sites. PGP 2.0 and above was released in Europe. The people that were working on it were out of reach of U.S. patent law...and not only are they out of reach of patent law, but it also defuses the export control issues, because we're importing it into the U.S., instead of exporting it. Also PGP 1.0 was exported, presumably by somebody, any one of thousands of people could have done it...but it was published in the public domain. It's hard to see how something like that could be published, and thousands of people could have it, and it could not leak overseas. It's like saying that the New York Times shouldn't be exported, how can you prevent that when a million people have a copy? It's blowing in the wind, you can't embargo the wind. J: And by beginning in Europe, you sort of fanned the flame that much better. P: Yeah. J: It seems to have spread globally, and I'm sure that you're hearing a lot about it, getting a lot of response. P: Particularly at this conference (CFP93), yes. J: Do you plan to do more development of PGP, or are you satisfied with where it is.... P: PGP will be developed further. My personal involvement is more in providing design direction and making sure that the architecture stays sound. The actual coding is taking place overseas, or at least most of it is. We do get patches sent in by people in the U.S. who find bugs, and who say, "I found this bug, here's a patch to fix it." But the bulk of the work is taking place outside the U.S. borders. J: Is there a Mac version as well as a DOS version now? P: Yeah, there is a Mac version...there was a Mac version released shortly after PGP 2.0 came out. Somebody did that independently, and I only found out about it after it was released. People have written me about it, and it did seem to have some problems. The same guy who did that version is doing a much improved version, Mac PGP version 2.2, which I believe should be out in a few days...that was the last I heard before I came to the conference. The second Mac development group, that's working on a very "Mac"-ish GUI, is being managed by a guy named Blair Weiss. That takes longer, it's difficult to write a good Mac application, so it's probably going to be a couple of months before that hits the streets. J: Were you involved in the UNIX version, too? P: I did the first MS-DOS version entirely by myself, but it's not that big a distance between MS-DOS and UNIX, so most of it was the same. The UNIX board took place soon after PGP 1.0 was released. After that, many other enhancements were added, and major architectural changes took place to the code, and that's what finally made its way out as version 2.0. J: You're doing consulting now? P: That's how I make my living, by consulting. I don't make anything from PGP. J: Do you think you'll just let PGP take a life of its own, let other people work on it from here out? P: Other people are contributing their code, and other people are adding enhancements, with my design direction. Perhaps someday I'll find a way to make money from PGP, but if I do, it will be done in such a way that there will always be a free version of PGP available. J: I was thinking of the UNIX thing, where everybody's modified their versions of the UNIX Operating System so that some [customized versions] weren't even interoperable. I was wondering if there was a chance that PGP would mutate, whether you're going to keep some sort of control over it, or whether people will start doing their onw versions of it.... P: Well, I don't know, that could happen. There are so many people interested in the product now, it's hard to keep track of everybody's changes. When they send in suggested changes, we have to look at it carefully to see that the changes are good changes. J: But you don't have some sort of structure in place where you do some kind of approval if somebody wants to make some kind of mutant version of PGP.... P: There is a kind of de facto influence that I have over the product, because it's still my product, in a kind of psychological sense. In the user population, they associate my name with the product in such a way that, if I say that this product is good, that I have looked at this and that I believe the changes made sense the last version are good changes, that people will believe that. So I can determine the direction, not by some iron law, not by having people work for me that I can hire and fire, but more by my opinion guiding the product. It would not be easy for a person to make a different version of PGP that went in a different direction than how I wanted it to go, because everybody still uses the version that I approved, so to be compatible...this has a kind of intertia to it, a de facto standard. PGP currently, I believe, is the world's most popular public key encryption program, so that has potential to become a de facto standard. I don't know what that means in comparison to the PEM standard. PEM is for a different environment than PGP, perhaps, although the PGP method of certifying keys can be collapsed into a special case that mimics in many respects the PEM model for certifying keys. --- [ End Of Line ] --- From december at end.end.COM Fri Mar 25 23:25:10 1994 From: december at end.end.COM (James G. Speth) Date: Fri, 25 Mar 94 23:25:10 PST Subject: Status of crypto cash bank in Texas? Message-ID: Could someone fill me in on the current status of the crypto-credit union that is being started in Austin? I hear sporadic mention of it, but I haven't seen an update lately. How can I contact those who are working on it? Eagerly awaiting the decline of paper, Jim ________________________________________________________________________________ james speth email for pgp compatible public-key december at end.com ________________________________________________________________________________ Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you... AT&T From wcs at anchor.ho.att.com Sat Mar 26 00:27:33 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sat, 26 Mar 94 00:27:33 PST Subject: DIGICASH:Re: observer chips Message-ID: <9403260903.AA18256@anchor.ho.att.com> > I have always been skeptical of this observer-chip approach, because it > wasn't clear that it was feasible to make a tamper-resistant chip > economically, and because the specialized hardware that would be > required would prevent the system from being used on widely-available PCs. Well, the government pretends they can do a tamper-proof chip, complete with wiretap keys installed by the wizards behind the curtain, for $36. That's $26 for the chip in qty 10,000, plus a subsidized $10 for tapping service and key installation. I thought Mykotronx's press releases had sounded more like they wanted $36 themselves, and I don't know the price for VLSI Inc's tamper-proof technology, but it may not be far off. As far as interfaces go, PCMCIA are nice, but there's not much data to transfer in most digicash exchanges, so a dumb cheap serial interface may be more realistic, since everything supports it. Bill Stewart From John.Schofield at f903.n102.z1.fidonet.org Sat Mar 26 03:45:48 1994 From: John.Schofield at f903.n102.z1.fidonet.org (John Schofield) Date: Sat, 26 Mar 94 03:45:48 PST Subject: Digital Cash Message-ID: <2854.2D9424AD@mcws.fidonet.org> -----BEGIN PGP SIGNED MESSAGE----- Uu> Speaking of digital cash, many thanks to the author of the Uu> 'magic money' software. I am in the process of integrating it Uu> with a local bulletin board, which should hopefully be available Uu> on the net sometime this summer. Does anyone have any more information about this? Sounds interesting, if I knew what it was. John Schofield ... "But other than that, Mrs. Lincoln, how did you like the play?" -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZMOzGj9fvT+ukJdAQFmUQP7B83Qi94KDAvQIJu4roshEW6jCpHbof27 jogypWUA8/qMjA2B5AgzS6gtRXmka3fW3SC4MKcMLULX88wqu0/LJFiCZCVxp9md jVxIx4VuJyGD4fy6d8kF9YlXv/aJ/RjMktiYji+7NnR9Q0JcbbjDR7FJZXixJGT7 5KL7d4m4YO0= =K1IG -----END PGP SIGNATURE----- --- Blue Wave/RA v2.12 -- : John Schofield - via mcws.fidonet.org - Public Access (213)256-8371 : ARPA/INTERNET: John.Schofield at f903.n102.z1.fidonet.org : UUCP: ...!cheshire!mcws!903!John.Schofield : Compu$erve: >internet:John.Schofield at f903.n102.z1.fidonet.org From smb at research.att.com Sat Mar 26 04:21:05 1994 From: smb at research.att.com (smb at research.att.com) Date: Sat, 26 Mar 94 04:21:05 PST Subject: a citation sought.. Message-ID: <9403261220.AA28765@toad.com> I'm looking for the paper of last year that suggested how insecure 56 bit DES is against NSA-scale computers. Citation? Or if it's on line, so much the better. More precisely, it's special-purpose hardware, not NSA-scale computers. See ftp.eff.org:/pub/EFF/Policy/Crypto/Misc/Technical/des_break.ps.gz. There are other papers in that directory that you may find of interest. From dichro at tartarus.uwa.edu.au Sat Mar 26 05:03:15 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sat, 26 Mar 94 05:03:15 PST Subject: Digital Cash In-Reply-To: Message-ID: <199403261339.VAA22222@lethe.uwa.edu.au> > This is not new. It's been used for years by software companies in > copy-protection schemes. Ask anyone who's ever "cracked" software. > Copy-protection systems rely on the fact that someone can not easily > find and remove the algorythm which impedes duplication. There are > three common ways of preventing this. First, the code is encrypted in > layers and modules. Each module decrypts the next layer and rescrambles > or erases the last. This prevents the attacker from getting an overall > view of the program, as it is never all accessable at once, but it can > be viewed in peices as it executes. Secondly, several layers of > interpreted code can be used. Each layer interprets the next. In this > way, no assembly language code ever exists in plaintext (except the > first level interpreter). Finally, the program checksums itself to > prevent tampering. These methods can never provide foolproof > protection, but they can slow down attacks considerably. Even the most > determined attacks can be delayed for weeks or months. But if they want > it bad enough, they can probably reverse-engineer it - as has been said > before, crypto is all economics. > > I've considered such possibilities for digital cash, but even if the > algorithm could not be derived from the cryptographically protected > software, it really doesn't solve the double-spending problem. You can > just copy the entire module, along with all the money, and spend it > twice (on seperate victims, of course). > And all those layers of encryption can make it unbearably slow. > > Ever been on a "private" bbs, or talked to peole who (talk to people, who talk to people, etc.)have been on one? You get software released on 4 Jun (for example), on 6 June it's cracked, and by 7 June, it is available on every single continent (barring Antarctica - although i'm not certain about that - supposedly there are equally private internet nodes around somewhere...). While the might of bands like Paranoimia, Skid Row, and Razor 1911 are usually concentrated on games, their expertise applies equally well to "serious" software - it's just that games are more marketable/popular and thus get the crackers' names to more people. PS - the example above is an overestimate - it often happens that software is cracked and distributed within HOURS of release. MJH * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From dichro at tartarus.uwa.edu.au Sat Mar 26 05:10:55 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sat, 26 Mar 94 05:10:55 PST Subject: Digital Cash In-Reply-To: <199403251544.HAA10502@mail.netcom.com> Message-ID: <199403261347.VAA23017@lethe.uwa.edu.au> Just a thought on ways to deter all of this multiple spending gunk - when you start off, have a centralized bank server. While traffic is low, you can have each individual certificate cleared with the bank server upon creation and execution. After that, things start getting tricky. Maybe a network of bank servers linked by high priority internet links (i don't suppose there really is such a thing, but this is dreamland, after all). This would mean that to cash a certificate more than once would require very fast and accurate timing, and if you combine this with a fairly low upper limit for certificate value, it becomes a waste of time try. Oh well. Just my A$0.02. MJH * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From smb at research.att.com Sat Mar 26 05:40:27 1994 From: smb at research.att.com (smb at research.att.com) Date: Sat, 26 Mar 94 05:40:27 PST Subject: Digital Cash Message-ID: <9403261340.AA00242@toad.com> Just a thought on ways to deter all of this multiple spending gunk - when you start off, have a centralized bank server. While traffic is low, you can have each individual certificate cleared with the bank server upon creation and execution. As someone else noted, ``crypto is all economics''. In the New York City subway system, the new fare card readers are all linked to a central computer, specifically to prevent double spending. They could have used smart cards and fancy crypto -- but this is cheaper, especially because they have an excellent handle on the maximum load -- the number of subway riders at rush hour. Fancy technology could get them into an ``arms race'' with rip-off artists, who reverse-engineer cards, crack algorithms, etc. Digital cash -- which provide anonymity, as contrasted against cryptographically-signed debit card transactions -- will become a reality if and only if someone finds it more profitable than the alternative, after deducting the costs for observer chips, licenses for Chaum's patents, etc. Some people are willing to pay for privacy -- but are there enough of them to make it pay? --Steve Bellovin From gtoal at an-teallach.com Sat Mar 26 05:53:36 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 26 Mar 94 05:53:36 PST Subject: Digital Cash Message-ID: <199403261430.OAA22643@an-teallach.com> :internet nodes around somewhere...). While the might of bands like :Paranoimia, Skid Row, and Razor 1911 are usually concentrated on games, :their expertise applies equally well to "serious" software - it's just :that games are more marketable/popular and thus get the crackers' names :to more people. ::PS - the example above is an overestimate - it often happens that :software is cracked and distributed within HOURS of release. There is a *considerable* difference between kiddy hackers breaking game protection, and breaking a cryptographically secure protocol. What the kiddy hackers do is try to unravel layers of security through obscurity. With the kind of problem we're talking about, all the code is actually released into the public domain, available for inspection. The security resides in things like the difficulty of inverting complex 1:1 hash functions which were modified by a secret key, or of factoring the products of large primes, which has been shown to be beyond our best mathematicians, and these spotty little kids *ain't* our best mathematicians, by a long chalk. G From dichro at tartarus.uwa.edu.au Sat Mar 26 06:35:02 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sat, 26 Mar 94 06:35:02 PST Subject: Digital Cash In-Reply-To: <199403261430.OAA22643@an-teallach.com> Message-ID: <199403261512.XAA25558@lethe.uwa.edu.au> > There is a *considerable* difference between kiddy hackers breaking > game protection, and breaking a cryptographically secure protocol. > > What the kiddy hackers do is try to unravel layers of security through > obscurity. With the kind of problem we're talking about, all the code > is actually released into the public domain, available for inspection. > The security resides in things like the difficulty of inverting complex > 1:1 hash functions which were modified by a secret key, or of factoring > the products of large primes, which has been shown to be beyond our > best mathematicians, and these spotty little kids *ain't* our best > mathematicians, by a long chalk. > > G > Let me make a point here: I run an Amiga, and Amiga games do go to town on copy protection. They generally rip the OS out of memory, and install a custom one, do custom formats of the disk (as in the structure is normally unreadable) and have further hard protection such as laser holes, etc. This is not kids' stuff - this is serious, and these people are carcking it within hours. Let them loose on any program with their own hardware, and they are capable of doing some quite serious things to the rights of the author. MJH * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From bart at netcom.com Sat Mar 26 07:31:57 1994 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 26 Mar 94 07:31:57 PST Subject: Nova on Counterfeiting Message-ID: <199403261612.IAA09120@mail.netcom.com> Tuesday at 8pm here in the Bay Area on Channel 9. Should be of interest to color copier fans. From gtoal at an-teallach.com Sat Mar 26 08:15:33 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 26 Mar 94 08:15:33 PST Subject: Digital Cash Message-ID: <199403261653.QAA25502@an-teallach.com> : : Let me make a point here: I run an Amiga, and Amiga games do go : to town on copy protection. They generally rip the OS out of memory, and : install a custom one, do custom formats of the disk (as in the structure : is normally unreadable) and have further hard protection such as laser : holes, etc. Listen, trust me, I know about this stuff, OK. You're talking to the guy who designed a locked-motor dual disk drive for doing direct analog magnetic copies straight from head to head. (When I was working in the protection area for Acorn I mean - I was never a cracker, honest guv ;-) ) We used to hack our own protection at Acorn to see how good it was. I've spent many contemplative hours pushing pins into floppies to force bad sectors in exactly the right places... I tell you though, that sort of stuff is trivial compared to factoring the product of two even medium-sized primes... : : This is not kids' stuff - this is serious, and these people are Of course it's for kids. I know these guys. I never met one who was over 21. It's just one of those hormone things that you give up when you discover women. (Or men as appropriate) The only cracker I can think of who kept up his skills after the age of 21 was Jeremy 'Jez' San, and he just did it because he was working for Acorn on copy-protection schemes as a paid job, which isn't the same thing at all. Mostly they're around 18, plus or minus. A lot of the kids I knew who used to do this (back when I had to keep up with the technology) were in high-school. One of the best I knew was a 14-year old. : carcking it within hours. Let them loose on any program with their own : hardware, and they are capable of doing some quite serious things to the : rights of the author. Sure, but what's that got to do with cracking crypto? If you can't see the difference between STO protection schemes and mathematically hard algorithms, ... Don't let your hero-worship blind you to reality. No amount of skill in disassembling or knowing the CRC tricks of a 1771FDC, or the six different versions of an 8251, is going to help in breaking a secure crypto scheme or something derived from one, like a secure e-cash scheme. It's a *completely* different set of problems. (Oh - on disassembling - one of the tricks we used to get round the stuff that was used to stop debuggers being able to place breakpoints was to run in a completely simulated machine. The program *could not tell* that it wasn't running live on real hardware. We'd do this stuff right down to the level of scheduling the data arriving off the disks - some schemes would do sneaky stuff like have the cpu execute a long stream of INC instructions, and get hit by an int when the data arrived, and use the value of the incremented register to check that the data had arrived at *exactly* the right time conforming to the sneaky way it had been written to disk.) Acorn's R&D division knew what they were doing in the protection area despite some laughable protection on the games side by Jez and the boys from Acornsoft - we actually did a design review and costed out the expense of doing our own DES chips for a dongle. Fortunately we never went down that route... (I'm not a fan of dongles as a substitute for proper licensing arrangements) We also came pretty close to putting serial numbers in our CPUs, on-chip. We decided against it in the end for the same reasons we decided against dongles... it just caused *way* too much customer ill-feeling. (For instance, if your CPU died and had to be replaced, suddenly your mission-critical CAD package would stop working...) G PS It's because we looked into doing our own DES chips in quite some detail that I've always taken it for granted that Wiener's cracking engine was not only possible but probably existed. By our own back of the envelope calculations in the early 80's, these machines were feasible then. From mike at EGFABT.ORG Sat Mar 26 08:30:41 1994 From: mike at EGFABT.ORG (Mike Sherwood) Date: Sat, 26 Mar 94 08:30:41 PST Subject: Digital Cash In-Reply-To: <199403261512.XAA25558@lethe.uwa.edu.au> Message-ID: Mikolaj Habryn writes: > Let me make a point here: I run an Amiga, and Amiga games do go > to town on copy protection. They generally rip the OS out of memory, and > install a custom one, do custom formats of the disk (as in the structure > is normally unreadable) and have further hard protection such as laser > holes, etc. > This is not kids' stuff - this is serious, and these people are > carcking it within hours. Let them loose on any program with their own > hardware, and they are capable of doing some quite serious things to the > rights of the author. Graham's point is still valid here. cryptography is a matter of fairly complex mathematics - this is not a trivial thing to attack. I know from experience many ways of getting around the various forms of copy protection used on software, and most of it is just a matter of comparing a legitimate run with an illegitimate run. to oversimplify, there is often a point in a program that branches on a test condition and in many cases, all that needs to be done is to find these and change a a branch if equal instruction to branch if not equal, so that the program depends on *not* satisfying the parameters of the copy protection. likewise, on serialized software, it's often fairly easy to figure out the pattern and change the serial number without figuring out the way it's encrypted by the program. anyway, I digress, the purpose of this list is data encryption, not to teach people how to beak copy protection. the only potential harm that could be done by these people is to weaken the programs we use for encryption, but there is not much of a point to doing so. -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From kafka at desert.hacktic.nl Sat Mar 26 08:44:35 1994 From: kafka at desert.hacktic.nl (Patrick Oonk) Date: Sat, 26 Mar 94 08:44:35 PST Subject: Digital Cash Message-ID: <199403261725.AA17120@xs4all.hacktic.nl> -----BEGIN PGP SIGNED MESSAGE----- In article <199403242239.OAA00431 at mail.netcom.com>, you write the following: MP> Hal writes: [ ramble ] MP> P.S. Is anyone worried that the Netherlands seems on the verge of MP> banning PGP? Wasn't this country once a hacker's paradise? They seem to be planning a law, possibly making use of the case that nobody is really interested because lack of knowledge. The government can suck my dick, if they want to throw me in jail for using PGP, well, let's go ahead. Patrick -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLZQSRJRymF15lPcFAQGtJgH/VPNOHhsf6r9qQimrttpLkddI286L78ns OXqinkVcWIHoA4t9YR2R2hPvvrVg5n63e7VQRjMbNh2Ni3sdYFRNLA== =b2gn -----END PGP SIGNATURE----- --- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 == To get PGP, FTP /pub/unix/security/crypt/pgp23A.zip from ftp.funet.fi == From gtoal at an-teallach.com Sat Mar 26 09:41:21 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 26 Mar 94 09:41:21 PST Subject: EFF Pioneer award: I nominate Phil Zimmerman... Message-ID: <199403261824.SAA29636@an-teallach.com> Folks, with the political climate the way it is in the US at the moment, I think the EFF pioneer award has to make a political point as well as a technical one: I'll be nominating Phil Zimmerman. I hope others will too. Without Phil's pgp program, all our efforts against the Clipper chip would look very hollow indeed - he's given us a flag to rally round in the name of freedom. G From hfinney at shell.portal.com Sat Mar 26 09:53:47 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 26 Mar 94 09:53:47 PST Subject: Digital Cash Message-ID: <199403261837.KAA28005@jobe.shell.portal.com> I think there are two issues here. One is the intractability of defeating encryption protocols such as RSA, digital signatures, blinded signatures, etc. These form the basis for digital cash and they appear to be quite secure. The other issue, which I know less about, is the possibility of cryptograph- ically strong obfuscated code. Mike Duvos first mentioned this. You could have an algorithm running on your own computer and have it be impossible to determine what it is doing, or (presumably) to effectively alter the internals of the algorithm. This seems a lot more difficult to achieve, since all the information needed to tell what the program is doing is in principle in your hands. Yet the ability to actually determine this is computationally out of reach. It's not just a matter of the kinds of complexity and obscurity we have been discussing here (self-decrypting code and such tricks), but rather some mathematically strong transformation has been done on the structure of the code to hide it in a cryptographically strong way. I vaguely recall hearing about such technologies, but I can't remember where now. Can anyone provide some references, or (better) a summary of how this works and what can actually be accomplished along these lines? Thanks - Hal From jet5 at pyrite.SOM.CWRU.Edu Sat Mar 26 09:55:17 1994 From: jet5 at pyrite.SOM.CWRU.Edu (Jerod Tufte) Date: Sat, 26 Mar 94 09:55:17 PST Subject: cfp '94 transcript Message-ID: <199403261837.AA06592@rasputin.SOM.CWRU.Edu> some interesting stuff form CFP 94 talk Who Holds the Keys? check out what Stuart Baker ( NSA general counsel) says on clipper. we thought you would like it. Jerod Tufte, Eric Hughes, Fen Labalme, and others Transcript of DATA ENCRYPTION: WHO HOLDS THE KEYS? (Panel) at the Fourth Conference on Computers, Freedom and Privacy Chicago, Illinois, March 24, 1994 This is a verbatim transcript of the session on "Data Encryption; Who Holds the Keys?" held at the Fourth Conference on Computers, Freedom and Privacy in Chicago on March 24, 1994. The transcription was done by an independent local transcription agency. Light editing was done by CFP volunteers to resolve items the agency could not be expected to have knowledge of (for example, "technical" terms like "PGP"). "Did X *really* say U?" questions can always be resolved by listening to the audiotape available as tape JM414 from Teach'Em, 160 East Illinois St, Chicago, IL 60611, 1-800-225-3775, for $10 + $1 ($2 outside US) shipping and handling + 8.75% sales tax. ================================================================= Welcome to this program from the John Marshall Law School's fourth conference on computers, freedom and privacy entitled, "Cyberspace Superhighways: Access, Ethics & Control", held March 23rd through the 26th, 1994 at the Chicago Palmer House Hilton. On this cassette you will hear Data Encrytion -- who holds the keys? Now to our program. BOB SMITH Willis Ware originally had been slated to being moderator for this panel and Willis had a problem and could not be with us and Robert Ellis Smith has agreed to fill in and use his technology background to fill in for Willis. It will take just a minute while we disengage from the T.V. hookup and get back to the modern overhead projector. My name is Bob Smith. I publish privacy journal and actually I am moderating because Dave Banisar did not want to be moderator. We will hear from the three panelists with about three ten-minute presentations and then we will open it up to questions. The three ground rules for this session: First, there will be no expansions of the metaphor of highways. We will not talk about highway metaphors for the next hour. Secondly, we will not accept as a defense that this issue is too sensitive or too complicated for us to understand and that we have to trust the government. And thirdly, a rule that I hope you will make work. If you hear a point of jargon or a point of technology that you don't understand, explanation -- not policy disputes but if there is something you don't understand feel free to raise your hand as a point of order. And if you can say it in ten words or less like, I don't understand, we'll get you an answer. I think Senator Leahy provided a good primer for cryptography and so I won't bother with that and we'll get right into the nuts and bolts of this issue. Our speakers are George Davida, who is with the University of Wisconsin in Milwaukee and has been involved in cryptography research for many years and was one of the first academicians to feel the heavy hand of government in the 1980's in its effort to try to curtail research into cryptography. That appears to be happening again in the 1990's so perhaps Professor Davida can tell us something about his experiences earlier on that same front. Our second speaker will be Stuart Baker, who is General Counsel of the National Security Agency. He was a lawyer in private practice in Washington before joining NSA and one of the things he promised to do is to tell us exactly what NSA does and is because a lot of people don't know. It is different from the National Security Council by the way. Thirdly, our third speaker will be David Banisar who is the Computer Professionals for Social Responsibility office in Washington. He is trained as a lawyer and has a background in computer science and has some strong feelings about the cryptography debate. We will now move to Professor Davida. PROFESSOR DAVIDA I would like to talk about two issues that concern me and I believe a number of people here. By the way, I brought some copies of my paper in case you need one today. And if I don't have enough you can always write to me at that address. And I am also willing to put that on FTP for those of you who are on Internet and you can pick up a poster file and print it if you so wish. As Robert said, in 1978 I had an interesting experience with NFA. I was doing research at the time in cryptograhy and one day I received a secrecy order by mail. It was more or less like a postcard telling me that under the penalty of three years in jail and $10,000 fine I am to talk to no one about what I had done in that paper without reference to any classified material. At first my graduate student and I laughed until we found out that it was deadly serious. We talked to the Chancelor about it and he said, no way because in Wisconsin there is a strong position of academic freedom and we are not allowed actually to conduct research that's secret. So we decided to resist the order and after a number of conversations between the Chancelor and someone you might have heard about recently again, Admiral Bobby Inman, and the then Commerce Secretary Juanita Kreps, the order was lifted. But not before Admiral Inman tried to convince the Chancelor that he should acquiesce to the order and allow us to stay, but I am happy to say that the Chancelor said that we could not put up with the order. Shortly thereafter a group was formed by the American Council on Education called Public Cryptography Study Group, not to be confused with Public Key Cryptosystems. And it is interesting that this group considered model legislation for censorship at first. I objected to it rather vigorously and when the press began to get involved in covering the meetings, they then approved what they called voluntary prior restraint. I again dissented from that report and the rest, as they say, is history. Many people have asked, "why do you oppose restaints?" Very simply, that privacy is just too important to leave it just to agencies like NSA. I also felt that the ACE recommendations were dangerous because they were later going to be looked at as some kind of admission by allegedly knowledgeable people that cryptography is an evil tool that will only be used by terrorists and drug dealers. And it is interesting that Senator Leahy himself refers to the struggle of the law enforcement with crimes -- and I assume he is talking about drug dealers and what have you. But someone should point out to him that they are not using cryptography today so I don't know what the struggle is all about. They may be struggling against criminals -- not because of cryptography but simply because a crime is just a major problem. I would also like to tell them that I don't think that the intelligence agencies struggle when it comes to tapping ordinary law abiding citizens. They do very well, thank you. I also think that the realities are very different because cryptography is extremely important for two very critical applications. Now so far you mostly hear about one of them which is privacy. But the other application that also needs privacy work on is authenticity, or identification. These are two extremely critical applications of cryptography. And what is interesting is that the current proposals -- again, you only hear about one of them -- actually constitute a double whammy -- because there are two proposals that are being put forth today. You only hear about Clipper but what you do not hear about as much is the other twin monster that which is the digital signature standard. Basically what they are trying to do with this -- with Clipper you lack privacy and with DSS you essentially lack the signature, the identification schemes -- the two most important operations/applications of cryptography. So what will essentially happen is that not only can you invade privacy with digital signatures which will be essentially the new way of identifying yourselves to an awful lot of systems and executables. They will actually be able to deny your very existence if those systems are allowed to be only government issued because it will be impossible in the systems of the future not to use something like digital identification/ digital authentication schemes because there are no other effective means. You all know about the silly paper systems we use for identifications, and even high school students know how to fake ID's to drink. So we will be moving toward digital signatures and if there is only one digital signature it's essentially a proposal to have just one government Bic pen. That is what they would like us to have. One pen to sign our names with and sign our checks with and authenticate ourselves with. Now again, as I said, privacy is one application and I have raised a number of objections to it because it has been again portrayed as a tool of crime and criminals and drug dealers. But they are not the only ones who will be using cryptography and more importantly, if we continue this policy they will be the only ones who will have good security because we will not have any security as to privacy. And as that saying goes "if you outlaw privacy, only outlaws will have privacy". It is very strange. I find myself wanting to go and join organizations like the NRA all of a sudden. I really do. There is also an interesting sort of deception here going on with this so called escrow system. The problem is that, how in the hell can you escrow privacy. Go look at the definition of escrow -- it says that something of value held in trust is given back. Can you give back privacy? That is impossible. So I think that the very title of that is deceptive. Then I was amused, as some of you might have been, with all the stories about bugging to look up a recent case of my friend Bobby Inman again, standing in front of television cameras saying that William Safire and Senator Dole were conspiring to get him with the President. And the question is, where is he getting this kind of data? Presumably he must because he spent his whole life, by the way, being very careful about what to say. You know, I can't imagine he is saying that without having something to back up with what he was claiming. So when we talk about bugging, just what do they do with all that data? Well, I think you have seen an example of what possibly may have been dealt with -- data that is intercepted. Again, authenticity is another area that I think people should pay attention to. The second most important application of the use of identification, digital signatures for proving who you are and yet again they are proposing just one single big pen. I think that these two proposals jointly amount to what I consider a digital dragnet. Thank you. STUART BAKER: I have a friend who gives speeches a lot and he likes to begin all his speeches by referring to country and western songs that sum up the theme of his talk. When he talks about U.S./Japan trade relations, he always starts out by referring to that classic "you got the gold mine, I got the shaft." And I thought about what David would have given as the country and western song that I should probably sing here and I think in relation to the Clipper Chip it would probably be "How can I miss you if you won't go away?" There is a reason why the Clipper Chip won't go away and what I thought I would try to do very quickly because I only have ten minutes before the lynching begins is talk about why Key Escrow hasn't gone away by talking about some of the myths that are pretty prevalent about Key Escrow. I am not going to call it Clipper because there are a lot of products called Clipper. This is the internal name, not something that was used for the public. I don't object to people calling it Clipper but there probably are people who have Clipper products who would prefer that it not be called that. Let me see if I can put the first one up. [OH slide: Myth #1: Key escrow encryption will create a brave new world of government, intrusion into the privacy of Americans.] I think this is pretty -- probably the classic opening statement about Clipper. That this is the beginning of some kind of brave new world in which everybody's privacy is at risk in a substantial new way. There is a lot of emotion behind that argument but not a lot of fact, because if you ask yourself if everybody in the United States used key escrow encryption and only key escrow encryption, which is not what the Administration has proposed by any means, what would the world look like? Well, the world would look like the world we live in today. It would be possible for the government to intercept communications subject to a variety of legal rules that make it very dangerous to go outside those rules. And, in fact, it would be a more private world because other people without authority would not be able to intercept and decrypt those communications. That is important because, in fact, there is somebody proposing a brave new world here and it is the people who want people to go away and to have unreadable encryption installed on all of the communications networks in the United States. That's a new world and that is a world we don't understand. We don't live in it today. We don't know what it is going to be like if criminals or terrorists or other people who are hostile to society can use that sanctuary to communicate. We don't know what it is like but it probably won't be as pleasant in terms of freedom from crime and terror as the world we live today, which is not exactly a comforting thought. It won't be a world in which the government can do more than they do today. So if you ask yourself well, how bad is it today, that's as bad as it can get under Clipper. [OH Slide: Myth #2L Unbreakable encryption is the key to our future liberty] Now the response to that, that you hear from people, well, yeah but what if the Republicans get elected? What if the Administration changes? This is a guarantee. I don't want to have to rely on laws and procedures and escrow agents. I don't trust the escrow agents, I don't trust the courts, I don't trust the government, I don't trust anybody. I want to trust my machine. Now that is not an uncommon way of thinking in the parts of this community. I said to somebody once, this is the revenge of people who couldn't go to Woodstock because they had too much trig homework. It's a kind of romanticism about privacy and the kind of, you know, "you won't get my crypto key until you pry it from my dead cold fingers" kind of stuff. I have to say, you know, I kind of find it endearing. The problem with it is that the beneficiaries of that sort of romanticism are going to be predators. PGP, you know, it is out there to protect freedom fighters in Latvia or something. But the fact is, the only use that has come to the attention of law enforcement agencies is a guy who was using PGP so the police could not tell what little boys he had seduced over the net. Now that's what people will use this for -- not the only thing people will use it for but they will use it for that and by insisting on having a claim to privacy that is beyond social regulation we are creating a world in which people like that will flourish and be able to do more than they can do today. [OH Slide: Myth #3: Encryption is the key to preserving privacy in a digital world] I'll move quickly. There is another argument that I think is less romantic and that is the notion that technically, because we are all going to be networked, we are all going to be using wireless stuff -- we need encryption for privacy. I am not going to say that does not fit but it is a little oversold. Actually, I agreed with Professor Davida. Much of the privacy problems that we see in an electronic world are not because people are intercepting our communications, they're because we are giving it away. But what we don't like is that there are people now in a position that collate it all from public stuff that we willingly gave up. Well, you know, we gave this information to get a loan from one bank and before we know it, you know, our ex- spouse's lawyer has got it. That's a problem, but encryption won't solve it because you are going to have to give that information up if you want the benefit that the bank has. Similarly the most important use for the protection for privacy, protection for data, is authentication -- digital signatures as opposed to privacy. I won't say that encrypting data for privacy purposes is irrelevant but it is probably not the most important way of guaranteeing privacy in an electronic age. [OH Slide: Myth #4: Key Escrow won't work. Crooks won't use it if it's voluntary. There must be a secret plan to make key escrow encryption mandatory] This will be familiar. You shouldn't over estimate the I.Q. of crooks. When I was first starting out as a lawyer I was in Portland, Maine and a guy walked into a downtown bank and he said, he handed a note to the teller, it said, "Give me all your money; I don't have a gun but I know where I can get one." I'm sure if you sent him out to buy encryption he for sure would buy the Clipper Chip. I think this misstates the problem. The notion that what the government is trying to do is to put in everybody's hands this kind of encryption in the hopes that crooks will be fooled into using it I think is to misstate the nature of the concern. The concern is not so much what happens today when people go in and buy voice scramblers; it is the prospect that in five years or eight years or ten years every phone you buy that costs $75 or more will have an encrypt button on it that will interoperate with every other phone in the country and suddently we will discover that our entire communications network, sophisticated as it is, is being used in ways that are profoundly anti-social. That's the real concern, I think, that Clipper addresses. If we are going to have a standardized form of encryption that is going to change the world we should think seriously about what we are going to do when it is misused. [OH Slide: Myth #5: Industry must be left alone for competitiveness reasons] Are we interfering with the free market? Are we affecting the competitiveness of U.S. industry here? First, Clipper is an option. It is out there. People can use it. They can make it. They can not use it. And they can not make it. It's simply an additional option on the market. There may well be people who want this. I am a lawyer. I think in terms of who is liable if something goes wrong. And I think that if it's your business, and you are thinking about buying encryption and the possibility that your employees will misuse it to rip-off your customers, you ask yourself, well who is going to be liable if that happens? You might think, "Geez, maybe I don't want to be in a position where I can't actually make sure the police can come in and check to see if people are misusing this encryption where I have reason to believe that they are." Second, and this is a point that gets lost a lot: this is a standard for what the government is going to buy because nobody in this room has to buy this thing. Now the complaint is kind of remarkable from all the stand-on-your-own-two- feet, free-market, nobody-tells-me-what-to-do, organizations that we hear from. The fact is, that this is just what the government is going to buy, and the people who are complaining that they don't want to make it, or don't want to buy it, don't have to. What they are really saying is, we would like the government to go on testing equipment, telling us what the best stuff is so we can then go out and sell it without doing our own research, doing our own debugging, our own checks on this technology. I think if you think of it from the government's point of view you see why we don't want to do that. We probably -- there are very few institutions other than government that are willing to devote both the kind of energy and resources that it takes to eliminate the last few bugs in encryption software or machinery. To go through and find every possible attack and think about how to prevent it -- somebody once said, the airport guy talking about encryption he said, well, I'll take it if it is invisible, doesn't have any effect on the pilot, and adds lift to my airplane. There is an attitude about encryption that I think most of you have probably encountered in the commercial world is, "Yeah, I want it if it is free." But there is very little demonstrated inclination on the part of industry to spend a lot of its own money to develop independent encryption. And the fact is that a lot of the encryption that is out there today was designed with government money, or endorsed by government standards or otherwise supported by government fortresses. But if the government is going to create encryption and create markets and run the cost down, then we ought to be designing and buying encryption that we are willing to see migrate into the private sector without destroying the ability of law enforcement to deal with it. And, I guess, the last point, people who don't want to sell to the government can make anything they want. People are willing to put their own money into designing encryption can do it. This is just what the governments fund. AUDIENCE COMMENT: But you can't take it overseas. What the government buys is (inaudible) technical for overseas. BAKER: This is also something that we hear a lot about and I'll deal with it quickly. [OH Slide: Myth #6: NSA is a spy agency. It has no business worrying about domestic encryption policy] Yeah, the NSA does indeed gather signal intelligence in foreign countries. But we have a second issue. Not only do we try to break people's codes but we make codes for the federal government. That means we have as a significant mission trying to design secure communications here that the government is going to use. And we face the very real concern that I described earlier, that if we design something and it's good and it's terrific stuff and the price goes down because the government has bought a lot of it, then other people are going to use it. It may end up becoming the most common encryption in the country. If that happens and people like this pedophile out in California start using it, we have some responsibility for that and therefore we have some responsibility to design and use encryption, that (if it does migrate to the private sector) does not put law enforcement out of business. [OH Slide: Myth #7: The entire initiative was done in secret. There was no opportunity for industry or the public to be heard.] This is my last one. Again, this was true, I think or at least it was a reasonable thing to say in April of '93 when the Clipper Chip first showed up in people's newspapers. But since then the Administration has done an enormous amount of public outreach listening to a variety of groups -- EFF, CPSR, industry groups, holding hearings, organizing task forces to listen to people. It is not that they weren't heard -- what I expect people to say is, yes but you still didn't listen. We said we don't like it. How come you still did it? I think that the answer to that is you have to ask yourself, what is the alternative that people will propose. It is not enough in my view to simply say "Get rid of it. What we want is unreadable encryption so that we have a guarantee of privacy against some government that hasn't come to our country in 15 years or a hundred years or two hundred years, and in the same guarantee that criminals and other people who don't have society's interest at heart will have a kind of electronic sanctuary." That is not a very satisfying answer for people who have to uphold the law as well as try to get the national information infrastructure off the ground. Thanks. DAVE BANISAR: Well, first I'd like to say I'm not sure what song you were referring to in your country and western description, but I think if I had to choose a country and western song it would probably be "Take This Job and Shove It." Moving onto the high road from now, I think what we have here is a really fundamental change in the way the communication system is being looked at in the future. Currently we have a situation where if somebody decides they need a wiretap, which is an issue I'll get to in a minute, whether it is useful or not, they go and they do an affirmative action. And the communication system is essentially set up to communicate. I use it to call. These two proposals, digital telephony which we haven't talked about here too much and Clipper, change that around. They change it into a fundamental purpose for the communication sytem now is going to be, let's make it available for surveillance. Essentially, we are designing pretapped telephones and then we have to work on the assumption that at only authorized periods will they not turn those on. This is a fundamental change. It treats now every person as a criminal. We are looking at them going -- well, I think that every person in this room is a criminal so I will build the tap into their phone. Perhaps next they will be building microphones into everybody's desk chairs and only turning them on when they need them. Frankly, in reality I don't know if the law enforcement has really made the case for wire tapping. Just last week they busted the entire Philadelphia mob. They got it by putting a microphone in the lawyer's office. This book here, GangLand, it is all about how they got Gotti. They put microphones on the street to get Gotti. The FBI comes and they give us the four cases. They have the El- Rukh people here in Chicago which I believe was more like a scam to get some money out of the Libyan government. They have one pedophile, they have a couple of drug dealers and so on and they keep doing this. I don't think they really made the case. There's only in reality 800 or so wire taps a year. They are only a part of the deal. A lot of busts, especially from Mafia, are done with inside people with microphones, with a lot of other technologies out there. The FBI has spent billions of dollars in the last ten years modernizing. They have an amazing computer system now, amazing DNA systems, amazing everything. They are not behind the scenes anymore, or behind the ball anymore. To give you a new example: There were approximately a couple thousand arrests in 1992 that they say were attributable to electronic surveillance and that includes bugs. So it is hard to say how many of those were actually wire taps. In 1992 there were 14 million arrests in the United States. That's an awful lot of arrests and an awful small number of those had to do with electronic surveillance. Are we willing to revise our entire communication system just for that very small number? It is a question that needs to be asked. Now we have a problem. I wish we could wave my magic wand here and solve the problem. [Takes out wand] You know, this is the magic wand that I can say crypto be gone, or crypto be strong. I don't know. It's not working. Oh well. So I have a couple solutions or a couple suggestions as they may be. First is to withdraw the Clipper proposal. It's a bad idea. Nobody wants it. Of the CNN/Time Magazine poll 80% of the American public didn't want it. Industry doesn't want it. Fifty-thousand people signed our CPSR Clipper petition asking for its withdrawal. I haven't seen anybody in the world who wants this thing -- well, save two, but I won't mention them. What should be done is to restart the process. Back in 1989 NIST was basically ordered to start a new process to return to make a new version of DES, or to replace DES with something else. And they had a good idea. They wanted it to be an open process. They wanted to look around, talk to people like they did back with DES and they eventually got that from IBM. They wanted a public algorithm that did both security and authenticity. They wanted it available in hardware and software. They wanted it to be a good strong standard for everybody. This hasn't happened. You know, withdraw the Clipper proposal and start the process over. There's lots of people in this room even who could come up with something very good but the fact is that we have not been allowed to do it. We had, I guess, nine or ten months after Clipper came out which had been designed in secret for the last five years. In that time nobody has come out and supported the thing and lots of people have had better ideas. But they came back a couple weeks ago and came out with the exact same proposal with one or two typos replaced. But that's about it. The second thing we need to do is revise the law. We need to do this since NIST is the agency that is supposed to be in charge of this. We should make NIST subject to the same kind of rules that every other government agency has to go by. Why should NIST have lower standards to develop these crypto things which will affect all of our privacy than the FCC does when they hand out a radio license; when the Environmental Protection Agency does when they determine how much toxic waste we can survive in? The basis for this, for any of you that are lawyers in the room, is known as the Administrative Procedures Act. It is very well established, it has been around 40 years. Every other government agency, every other public government agency uses it already and it works well. The things that go under this rulemaking is that it is open. It is done in the open. There's no communications behind the scenes. It's all done in the public eye. The decision -- when they finally make a decision -- is based on the public record. It is not based on something on a classified study. And it is appealable. If we think that we've been screwed we can appeal. Finally, as we heard three or four times today, we need an independent privacy commission. Simply speaking, there is nobody in this government -- in the U.S. government -- who is responsible for privacy. To look around and say, wait a second, this isn't working. I mean, what kind of government do we have that comes up with something on surveillance and calls it the "Communication Privacy Improvement Act"? What we need is a government agency that can look around and give an independent assessment on what's going on. And it can't be shunted aside or ignored or anything like that. We have to realize, and I apologize for breaking Bob's ground rules, that we're building the national information infrastructure without any guard rails. And we need to think about it and get back. Thank you. BOB SMITH: Questions, short and sweet. We have limited time. CHARLES MARSON Charles Marson, lawyer of San Francisco. I would like to ask a question of the General Counsel. I have to say, this may be my one lifetime opportunity. A lot of the Administration's case for the Clipper depends on a reliance and a level of comfort with present law. We are always told present law covers these things we are not extending anything. Present law requires your agency, sir, to apply to the foreign intelligence court for a warrant. CBS News issued a report last month that said that -- I think it was 4,500 applications had been made to that court -- all appointed by Chief Justice Renquist, and 4,500 have been granted. That is to say not one has been denied. Now in terms of our comfort level with present law will you tell us why it is that we should not conclude that this court is nothing but a Fourth Amendment fig leaf and that your agency is in fact free to tap anybody it wants. STU BAKER There's an interesting element -- I think you have to understand bureaucratic behavior in part here. CHARLES MARSON My fear is that I do, sir. [Laughter] A real tap whomever you please. STU BAKER Let's bear in mind, these are all Article III judges. I actually don't know that the figures you gave are right. But these are Article III judges from all over the country. They are used to seeing law enforcement wire taps and to reviewing them carefully. Their whole life is sticking to the law. CHARLES MARSON If they said yes all the time, who cares? STU BAKER Well, I -- let me offer an alternative explanation for the record of the courts and the agency in terms of FISA applications. And that is this. No one wants to be the first general counsel whose application is turned down. Nobody wants to get creative about what you can do and what you can't do. And so the effect of putting into judicial review is not so much that it is going to lead to judges rejecting a lot of stuff as much as it will make the agency make sure that before it takes something to the court, it is absolutely confident it has a case that it can make, that the judge will accept as fitting within the standards set by the statute. It's for the same reason that prosecutors don't like to bring cases that they don't think they can win. People do not like to try and fail and they consequently are very careful about what they put forward. I think that in fact is a more creditable explanation of the figures that you gave if they are right than the explanation you gave which is that judges don't care what the law is. I don't think that's true. SPEAKER Could we move on to the next question, thank you. PHIL ZIMMERMANN That explanation reminds me of the Doonsberry cartoon about grade inflation where some students sued for not getting an "A" in this course and in the courtroom they said that this university gave an "A" to all students. How is it possible that the entire graduating class had an "A" average of 4.0 and they said, well, you know, it's just a great class. So I guess all those guys that applied for the wiretap orders through that judge, all those judges, absolutely all of them did everything right. It's sort of a grade inflation for wire tap requests. One thing that bothers me about this process of Clipper .... MODERATOR Your name please. PHIL ZIMMERMANN I'm sorry. I'm Phil Zimmerman. I am the author of PGP [applause]. I'm sorry, I didn't hear the part about what is your name. It seems to me that this Clipper process has some kind of secret game plan that the government is following through that we only find out about each step of it as it unfolds. I saw on the net some news about some representative of the U.S. government going -- it might have been from NSA -- talking to people in Europe, other countries in Europe, about them getting their own Clipper systems. Well, that seems like a public policy thing that we should have been discussing openly here before sending somebody over there to quietly do horizontal escalation and get this Clipper thing glued in worldwide, planetwide before .... thus making it harder to reverse later. MODERATOR Could you phrase the question? The line behind is getting restless. ZIMMERMANN Okay, okay. I think that this kind of secretive agenda is not being treated like other public policy issues like health care and things like that that are openly debated. It's like we are being treated like an enemy foreign population to be manipulated cynically. And so I would like somebody to respond to that, whoever wants to respond to that -- why can't we be treated like ... MODERATOR Let's hear the response. ZIMMERMANN Okay. STU BAKER There isn't a secret plan. AUDIENCE (Negative response from the audience.) STU BAKER But, all right, there will be -- we're not the only place that's worried about law enforcement and criminal misuse of the communications system. Every country in the world is going to be concerned about that -- it is no surprise. Today France says we will tell you what you can use, what you can export, what you import. Singapore, we've had lots of companies say we're concerned about that. ZIMMERMANN Singapore -- it's illegal to not flush the toilet in Singapore. I didn't make that up, that's true. It's possible to construct a society -- a crime-free society -- but who wants to live in a society like that? We might be heading toward Singapore. I'm glad you said Singapore -- I couldn't have paid you money to say that -- I'm glad you said Singapore. STU BAKER But look, Italy has just banned forms of encryption on the phone system. The significance I think of the Singapore example is that we shouldn't expect that as Asians get richer they are going to say, oh well, let's adopt American views about privacy. What's important about that, I think, is the view that we get from a lot of people whose life has been open systems and will have seen that standards are the key to new technological advances, believe that if they could standarize encryption and sell it everywhere in the world, it would sweep the world and whoever had the best product would win. I think that reckons without the law enforcement concerns that you will see in every country. And you are already beginning to see other countries say we are not going to tolerate unreadable encryption of all sorts proliforating throughout our communications network. You are going to see more of that. Not less. It won't happen here but it will happen in other countries. AUDIENCE Yes, worldwide. MODERATOR Can we move onto the next question? And we probably have time for only two more. BLAKE SOBILOFF My name is Blake Sobiloff and I'm with ACM SIGCAS and I'm trying to figure out some sort of philosophical presupposition that you have -- the kind that frames your approach to your objections to anti-Clipper individuals. BAKER Most of the anti-Clipper individuals I really like actually. BLAKE SOBILOFF Okay, well, their position. Would it be fair to characterize your position as one that assumes that a desire for an unimpeachable privancy can be fairly well equated with the desire to engage in lawless acts? BAKER No, I think that's completely wrong. The problem is that guaranteeing privacy to everybody is going to guarantee it to some people who will misuse that kind of technological sanctuary. AUDIENCE (Negative response.) BAKER All right, okay. Well, to continue the poor song metaphor, if anyone is familiar with the Spin Doctors rock group. Let me say that you are a fantastic Spin Doctor and I do admire you for that but I'll keep my pocket full of kryptonite. Thanks. QUESTION Can I make a comment on that. BAKER Yes. QUESTION I think it is important to say something about who asked NSA to be the guarantor of privacy. Asking NSA to guarantee privacy is sort of like asking Playboy to guard chastity belts. BAKER I tried to address that briefly. Our job is in fact to guarantee the privacy of U.S. government communications when they're talking about whether to go to war, for example. That's one of the things we do and it is one of our two principle missions. We do guarantee privacy. Now I understand the reaction but we do have a job to create encryption and to make it as good as we possibly can. AUDIENCE Not for my privacy. BAKER My concern is that what we design is very likely to be -- to find itself migrating into private sector and if we design it in a way that is going to put law enforcement out of business we haven't acted responsibly. MODERATOR Next question. HERB LIN My name is Herb Lin. I'm with the National Academy of Sciences regarding the need for an independent look at it. The U.S. Congress has asked the Academy to undertake an independent assessment of national cryptography policy. Descriptions of that study are out on the giveaway desk. I'll be glad to talk to anybody about it. MODERATOR Thank you. We've got one more. (Unknown) My name is Barbolin (?) from GRC (?). I have a question concerning the algorithm that is used in the Clipper Chip, Skipjack. That algorithm is not being made public and yet one of the very basis of scientific research is that the work should be published and then reviewed by the community and approved as the state-of-the-art develops. Yet it seems that the NSA reluctant to do that. There is a certain amount of conjecture that in fact the algorithm contains a deliberately encoded weakness that will allow the NSA, without access to the escrow keys, to be able to intercept communication in their mission to monitor on- shore and off-shore communications. There's a number of us in the scientific community that are greatly concerned that that algorithm is not being made public. I would like the counsel from NSA to address that with a simple yes or no answer. Is that a problem? And then I would like our university professor to comment on his opinion in this matter. BAKER I'll answer it yes or no if you'll tell me exactly the question. UNKNOWN Does it or does it not contain a weakness that allows you to intercept the communications without access to the escrow keys. BAKER No. MODERATOR I'm sorry, that has to be the last question. We will conclude. I'm sorry, we have to stick to the schedule. [Negative audience response.] We'll conclude with another country song which is .... GEORGE TRUBOW, CONF. CHAIR Let me explain to you what our problem is. During the reception this room is going to be cleared and turned into the dining room for our meal this evening and so the hotel has a schedule; and if you want to give up the evening reception and meal we could do that but that's why we've got to close out. You want to go for a little longer. Okay, how about this for a promise, we'll quit at six (pm) which will give us another seven minutes. All right. PROFESSOR DAVIDA I will comment just very briefly about this issue of standards and algorithms. I've worked for almost 20 years in organizations like IEEE(?) Computer Society and we have addressed issues like standards. It is important to understand what a standard is. Standards' purposes are primarily to promote trust in commerce and the products that you are actually engaging in, buying or using. DES and other encryption standards deviate from that substantially. These are not standards that set a boxing or weight standard, or a packaging standard, which is what most electronic standards and computer standards tend to be like. For example, there is no standard that says you must use the Intel 8085 or whatever. There is no standard that says you must use a particular chip. The standards pertain to buses, number of bytes and what have you. DES and other standards like that force us to adopt something which is basically monopolistic. It is specific algorithm. So there are some fundamental faults with it. But as for trusting algorithm that somebody else designed, I stand by my previous comment. MODERATOR Thank you. MIKE GODWIN I'm Mike Godwin with the Electronic Frontier Foundation and I have a question, as you can image for the General Counsel of the NSA. You said in myth number four that we can anticipate -- and in fact NSA did anticipate that these technologies would become available in five to ten years. People would go buy telephones, have an encryption button and be able to use this technology -- I think I am quoting you accurately -- in profoundly anti-social ways. Isn't it true that many otherwise acceptable technologies can be used by individuals in profoundly anti-social ways including, say the printing press. Isn't it in fact true that in a democratic society we make a decision to empower individuals knowing upfront and openly that we do so taking risk about society. Isn't that in fact the case in this country? BAKER Yes. And first I should say, Mike, I haven't met you but I've read your stuff and actually, is David Sternlight here too? Sure you take risks and you have to look at each technology as it comes. Let's take a look at cars. Cars have advantages and risks and how do we deal with that. We put license plates on every car and everybody has to have a license plate on their car even if they think it violates their First Amendment Rights to do it. MIKE GODWIN In fact, automobiles are a little bit different because we do have explicit Constitutional guarantees with regard to communications. We have implicit and explicit guarantees as regard to privacy and it is a little bit different from driving your Ford. BAKER Well, actually there is a Constitutional right to travel. MIKE GODWIN There is a Constitutional right to travel, that's correct. But we are talking -- it's still a false analogy. This is a central right. You know, Hugo Black said that there is a reason for the First Amendment to be a First Amendment. BAKER This is why I never get on the net with you, Mike. MIKE GODWIN So I take it you've answered my question. The reason -- the thing that really troubled me about your comments is that you did talk about France and Italy and Singapore and it seems to me worth pointing out that the theory of government that we have in this country is a little bit different from the theory of government in France, Italy and Singapore. (Applause) BAKER Absolutely. I don't think that we will ever have the same view of government that any of those places have. MIKE GODWIN I'm confident. BAKER And I think the short answer is, yes, as each technology comes along we have to evaluate the risks and the rewards that come with it and try to figure out the way to get as much good from it and as little bad from it. And the response is going to be very variable depending on the technology. But you can't set up a principle that says we will always do whatever seems like the best technology today without regard for the social consequences. We don't do that with guns, we don't do that with cars, we don't do that with any kind of technology. MODERATOR Can we go on to another question? JOHN BRIMACOMBE Hi, my name is John Brimacombe I'm a European scientist and user of cryptography. I'd like to go through something very quickly here. First, you know, people know about cryptography in Europe. We know about all the algorithms. Secondly, you know, scientists in Europe don't have brains so defective that we can't implement them. And there is going to be a big market for this sort of stuff out there in the world. Now, we can do that work, we are doing that work, we like doing that work. You are cutting yourselves off. My question is, why are you screwing yourselves this way? My worry looking at your nice salesmen of your shiny Clipper Chip coming to sell it to all my CEC people. I'm worrying that you see this problem. You see yourselves being put out of the market by these nice Europeans. They say, okay, let's go and screw their market up to a Clipper. MODERATOR No response? BAKER No, I liked the speech. MATT BLAZE Matt Blaze from Bell Labs. I have a question that was originally for Senator Leahy but it could be equally well directed to the NSA Counsel. Do you see any risks in terms of risk assessment of the Clipper proposal to the fact that the escrow procedures exist entirely within the purview of the Executive Branch, the Attorney General in particular, and can be changed essentially at will entirely within a single branch of government? BAKER I think that's a reasonable concern. One of the interesting things is that we designed it so you decide who you trust and that's where the keys go as a society. And we didn't have much input into who holds the keys. This is almost a litmus test though. It is kind of interesting when you ask, well who do you trust, exactly? And often the answer is "Well, just not those guys." And it is much harder when you ask the question, "Well who would you trust?" I think Jerry Berman was quoted as saying I don't care if it is Mother Theresa and the Pope who holds the keys. There certainly are people who feel that way. There is a lot of talk about whether, you know, should you have private sector entities hold the keys and I have to say that one doesn't ... MODERATOR I have to say through the escrow agency. The procedures are written and under the authority of the -- entirely within the Attorney General. BAKER The procedures don't change the fact that we are all governed by laws that are already on the books that make it a felony to do stuff without authority. And so the procedures for withdrawing key are written down as Executive Branch rules but the legal framework for that is set by Congress or by the Fourth Amendment as a matter of fact. EFREM LIPKIN I'm Efrem Lipkin that works in community and I guess I'm a fossil from the '60's. My parents had to deal with HUAC. I had the utterly surreal experience -- I was in the Civil Rights Movement -- I had this surreal experience of apparently a government agent tried to plant a copy of the Daily Worker on me. And so my question is really for CPSR. Why, I understand why the NSA says we don't have to worry about this government. We haven't had any trouble with it recently. But why doesn't CPSR point out all of the trouble we have had and how the protection -- the privacy protection we want and that we historically needed -- is from the government. BANISAR Well, obviously, you haven't been reading a whole lot of my press releases. We've been pointing out a lot of the abuses and problems that have been going on. We have also some deep concerns to pour off here a little bit about the escrow procedures. At the end of each escrow procedure it mentions that they are not enforceable so if they are violated it wouldn't matter because this evidence can't be suppressed. Frankly -- I guess somebody asked me today -- Mike Nelson from OSTP apparently now is talking about putting the escrow key holders outside the government. I frankly think that it wouldn't make a whole world of difference whether Mother Theresa and the Pope held the keys then if they are not enforceable. MODERATOR Thank you, thanks to all the panelists for coming. We'll conclude with another country song, "I've Enjoyed About as Much of This as I Can Stand." Just a moment please, there is a related announcement on an equally high note I want to read this to you and to my colleague here. To a dedicated advocate, gifted journalist, generous friend and true champion of freedom, Robert Ellis Smith. publisher, Privancy Journal, in recognition of 20 years in service to the cause of privacy protection. With warm regards from friends and colleagues in celebrating the 20th year of the publication of this fine journal. ROBERT ELLIS SMITH I have a few words I would like to say. END OF TAPE =================================================================== There endeth the transcript - CFP'94 Volunteers. -- From nobody at shell.portal.com Sat Mar 26 10:00:46 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 26 Mar 94 10:00:46 PST Subject: No Subject Message-ID: <199403261845.KAA28534@jobe.shell.portal.com> I will be establishing an offshore corporation in the very near future. I am currently leaning towards doing so in Hong Kong both because it raises fewer flags than a Cayman Island corporation and because I've seen ads in _The Economist_ detailing existing corporations for sale. Can anyone recommend a lawyer experienced in setting up such organizations who can be trusted to be discrete? Location (of the lawyer) is unimportant. In particular, I need to determine if a foreign corporation needs to establish a U.S. corp to do business in the U.S. (consulting work, of course), and I need someone who can set such things up. My apologies if this post is too far off topic for this list. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From tcmay at netcom.com Sat Mar 26 10:50:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 26 Mar 94 10:50:58 PST Subject: Learning about Digital Cash In-Reply-To: <199403261347.VAA23017@lethe.uwa.edu.au> Message-ID: <199403261936.LAA24100@mail.netcom.com> We've recently had a flurry of postings about digital money, and the apparently new realization by some that "double spending" is a serious issue. Folks, this is not a new issue---this is the core issue of all serious efforts on digital money (and, indeed, is the core issue of money, period). I urge everone interested in digital money to dig up and read the various articles that have appeared, including one of David Chaum's in the July or August of 1992 "Scientific American." The usual places apply, as always" - the usual books: Schneier, Brassard, Denning, etc. - Proceedings of the Crypto Conferences, aka "Advances in Cryptology," part of the Springer-Verlag series "Lecture Notes in Computer Science." (A series of silver-grey paperbacks, available in many technical bookstores, and in many university bookstores and libraries). - ditto for Eurocrypt and other crypto conferences. I urge this because there is little to be gained by slowly reinventing the wheel. The recent realization here by some that "double spending" is a Big Issue is indicative of this. Double spending, and related issues, is obviously just the _start_ of the really interesting problems with any digital money scheme. This is the _starting point_ of most discussions, not a belated realization. As I often say, I don't want to sound snippy or holier-than-thou here. It's just that there's a basic corpus of papers on the highly-technical areas of crypto that everyone working in these areas has to be assumed to be familiar with. Rocket scientists have to know that rockets don't work by pushing on air, and cryptologists have to know what's already been written about. With more than 700 people on the Cypherpunks list---though a far smaller group appears to be actively posting--it is natural that a range of backgrounds, interest levels, and dedication to the issues will exist. I'm not saying that only "experts" in digital money should speak on these issues, only that the basic papers ought to at least be skimmed. Best wishes for all, --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sat Mar 26 11:13:35 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 26 Mar 94 11:13:35 PST Subject: Digital Cash In-Reply-To: <199403261837.KAA28005@jobe.shell.portal.com> Message-ID: <199403261959.LAA25885@mail.netcom.com> Hal Finney writes: > The other issue, which I know less about, is the possibility of cryptograph- > ically strong obfuscated code. Mike Duvos first mentioned this. You could > have an algorithm running on your own computer and have it be impossible to > determine what it is doing, or (presumably) to effectively alter the internals > of the algorithm. .....stuff elided... > discussing here (self-decrypting code and such tricks), but rather some > mathematically strong transformation has been done on the structure of the > code to hide it in a cryptographically strong way. > > I vaguely recall hearing about such technologies, but I can't remember > where now. Can anyone provide some references, or (better) a summary of > how this works and what can actually be accomplished along these lines? > "Computing with Encrypted Instances," by Joan Feigenbaum, then of Stanford, now of AT&T (I believe). Work done in the mid-80s on using cryptography to allow this kind of protection. Canonical example: Acme Sales Company want to optimize the route its salesmen take between sales sites. It wants Otto's Optimizing to do this, but it doesn't want to provide Otto with its list of sales sites. So it first does a transformation of the list of sales sites into a form that does not reveal the actual sales sites (the similarity with knapsack encryption is apparent), submits this to Otto, who optimizes the routing, and then returns the results to Acme. Acme then reverses the transformation and has an optimized sales list. The similarities with zero knowledge work are apparent (in zero knowledge interactive proof systems, one proves one knows something without actually shwoing what one knows). This may not be exactly what Hal was thinking of, but it's a starting point. Brad Cox, of Objective-C notoriety, and now at George Mason University, has also been interested in this area of "complexifying" code so that reverse engineering is difficult or impossible. There was also some widely-reported work on new methods of proof which involved probabalistic methods. This was reported in Science, Science News, and other such places about 2 years ago. (The scheme involves transforming/rewriting mathematical proofs into much larger versions which can then be "spot-checked" in a Monte Carlo way....if the spot-checks are OK, one gains confidence that the overall proof is valid.) Again, this may only be tangentially related ot the issues Mike and Hal have been discussing, but I sense that ther'e a connection. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From gtoal at an-teallach.com Sat Mar 26 11:16:39 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 26 Mar 94 11:16:39 PST Subject: Not just Netherlands - Italy too. Message-ID: <199403262001.UAA03107@an-teallach.com> I missed this one - the NSA stooge dropped it in passing at the CFP conference: : STU BAKER But look, Italy has just banned forms : of encryption on the phone system. The significance I think of the Three down, nine to go? (France has long since banned encryption) G From december at end.end.COM Sat Mar 26 11:17:47 1994 From: december at end.end.COM (James G. Speth) Date: Sat, 26 Mar 94 11:17:47 PST Subject: Whoa, now... (was Re: Digital Cash) Message-ID: Graham Toal writes: >There is a *considerable* difference between kiddy hackers breaking >game protection, and breaking a cryptographically secure protocol. It seems to me that Mikolaj Habryn's original posting was taken out of context. He made a valid point that so called un-interpretable and un-alterable algorithms are routinely cracked by elite warez d00dz. He never implied that the software crackers were going to render your PGP key insecure. In fact, he began this thread by citing someone who was talking about using an obscured algorithm to prevent digital cash double spending. (ie. If you can't get to the algorithm, you can't cheat the system.) His comments were on the dangers of relying on this. Graham Toal writes: >Sure, but what's that got to do with cracking crypto? If you can't see >the difference between STO protection schemes and mathematically hard >algorithms, ... That's the point. Mikolaj was _never_ referring to cryptographic security. He was pointing out how security through obscuring algorithms can never be considered reliable. Extinguishing a match with a fire-hose, Jim ________________________________________________________________________________ james speth email for pgp compatible public-key december at end.com ________________________________________________________________________________ Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you... AT&T From cme at sw.stratus.com Sat Mar 26 11:39:08 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Sat, 26 Mar 94 11:39:08 PST Subject: "If you're against unreadable encryption, don't use it!" Message-ID: <199403262024.PAA27533@galt.sw.stratus.com> It's probably time for us to remind the security services (over and over) that they're within their rights to pass rules like "if you have access to classified information, then you're required to include the info's owning agency as a recipient in every encrypted message you send (since PGP and RIPEM both allow multiple recipients and there's nothing to stop the Dept of Energy, the CIA, the NSA, etc., from generating PGP and RIPEM keys to be used for this purpose.) This might have a chilling effect on whistleblowers, but it should keep those agencies from claiming that PGP and RIPEM are a security threat via spies. - Carl Ellison cme at sw.stratus.com RIPEM MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A PGP 2.4 Key fingerprint = E0 41 4C 79 B5 AF 36 75 02 17 BC 1A 57 38 64 78 From gtoal at an-teallach.com Sat Mar 26 11:57:07 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 26 Mar 94 11:57:07 PST Subject: Whoa, now... (was Re: Digital Cash) Message-ID: <199403262043.UAA03969@an-teallach.com> :From: "James G. Speth" :In fact, he began this thread by citing someone who was talking about using :an obscured algorithm to prevent digital cash double spending. (ie. If you :can't get to the algorithm, you can't cheat the system.) His comments were :on the dangers of relying on this. :That's the point. Mikolaj was _never_ referring to cryptographic security. :He was pointing out how security through obscuring algorithms can never be :considered reliable. Oh, well if that's what he meant, we agree completely. I thought he was saying his el33t hackerdoodz buddies could break the crypto part of ecash. By the way, the reason I've never discussed the ecash threads on this group is because it was obvious right from the start that double-spending makes the schemes unworkable, and that only a central reference authority could patch the system to make it work, which (in my seldom humble opinion) entirely negates the point of these schemes. My suspicion is that anonymous ecash can only be made to work if giving the tokens to someone else is a destructive operation - the way core memory (I'm probably one of the few people on this group who've had to worry about stuff like this :-) ) used to be erased when read. Except that these days, the destructive read would have to be something secured by the laws of physics, like say a quantum state being trashed by virtue of being observed. (The way secure quantum comms works - if we had something akin to a quantum delay line in a card, maybe that would work.) However, the technology to do that sort of stuff is probably centuries off. G From tcmay at netcom.com Sat Mar 26 12:10:52 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 26 Mar 94 12:10:52 PST Subject: Whoa, now... (was Re: Digital Cash) In-Reply-To: <199403262043.UAA03969@an-teallach.com> Message-ID: <199403262058.MAA01152@mail.netcom.com> Graham Toal writes: > By the way, the reason I've never discussed the ecash threads on this > group is because it was obvious right from the start that double-spending > makes the schemes unworkable, and that only a central reference authority > could patch the system to make it work, which (in my seldom humble opinion) > entirely negates the point of these schemes. Nope, not "entirely." Anonymity is still preserved, through the "blinding" operation, even when a clearinghouse approach is used. That is, the bank can assure itself that it issued the original note, even though the note presented to it cannot be correlated to the issued note. This is the breakthrough Chaum and others achieved. Anonymity (or untraceablility by Big Brother and Big Mother) is achieved, which is the major point of digital money. The possible need for online clearing is not a fatal flaw. A good place to read about this is the November 1985 "Communnications of the ACM" journal, in Chaum's cover article "Transaction Systems to Make Big Brother Obsolete." (Chaum has updated the article since, and newer versions can be found in various places.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dmandl at panix.com Sat Mar 26 12:26:40 1994 From: dmandl at panix.com (David Mandl) Date: Sat, 26 Mar 94 12:26:40 PST Subject: Yet another crypto/Clipper article Message-ID: <199403262113.AA07758@panix.com> This time it's the magazine "New Media." The cypherpunks are mentioned prominently, and there are a few quotes (or more) from tcmay. Seemed like a pretty sympathetic piece, based on my quick skim of it. It's also fairly long. --Dave. -- Dave Mandl dmandl at panix.com From hayden at krypton.mankato.msus.edu Sat Mar 26 12:42:18 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 26 Mar 94 12:42:18 PST Subject: EFF Pioneer award: I nominate Phil Zimmerman... In-Reply-To: <199403261824.SAA29636@an-teallach.com> Message-ID: A hearty second! ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From pfarrell at netcom.com Sat Mar 26 13:14:52 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 26 Mar 94 13:14:52 PST Subject: EFF Pioneer award: I nominate Phil Zimmerman... Message-ID: <61284.pfarrell@netcom.com> "Robert A. Hayden" writes: > A hearty second! I officially nominated PRZ for last year's award, and got a reply from the EFF vote/nomination counter that I was one of many. But it didn't make the cut then. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From jdwilson at gold.chem.hawaii.edu Sat Mar 26 16:26:54 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Sat, 26 Mar 94 16:26:54 PST Subject: Another Censorship, Freedom of Speech, Rights of Vendor Issue Message-ID: <9403270118.AA13801@gold.chem.hawaii.edu> To supporters of freedom of speech - please read, act and share this as your conscience dictates: Unofficially excerpted from Infoworld 3/7/94 Brian Livingston's Window Manager column. "Can CompuServe succeed in silencing Windows dissenters? Having your electronic mail account cut off is the modern equivalent of solitary confinement. Many services I use, such as Microsoft Windows forums, exist exclusively on systems such as the CompuServe Information Service. There is no other place for information. "That's why I took notice when CompuServe threatened to cut off a subscriber's account if he even mentioned on-line a lawsuit that the company filed against him. "Compuserve filed suit January 31 in Federal District Court in Ohio against Richard S. Patterson, the developer of a shareware program called Windows Navigator (WinNAV), which he has distributed on Compuserve for several years. This suit came about after Patterson complained on a Compuserve forum last December that the company's plans to release a product called Windows Navigator infringed upon his trademarks. "Prior to initiating the suit, Compuserve modified the name of its product to CompuServe Navigator, Windows Version. It asks the court to find that Patterson has "no trademark rights" that it has infringed, and for an unspecified monetary penalty. "I don't know who will prevail in this suit. But what really bothers me is this threat in a letter to Patterson dated January 31, from Kevin J. Osterkamp, Compuserve's attorney in the firm of Roetzel and Andress, of Columbus, Ohio; "I am as legal counsel for Compuserve compelled to advise you that it is Compuserves position that you will be terminated if you mention, discuss, or comment upon the lawsuit or the issues related thereto as a part of the CompuServe Information Service. Termination will also result from any other disparagment of Compuserve, its management, employees, or business practices. "I've never met Mr. Patterson, but I know him tangentially from his other software, Zip Tools, which appears in Windows Gizmos. "My columns have promoted CompuServe many times, so I asked for it's position. The gist of the reply I received from Mr. Oster- kamp was this: "Regarding the case of Compuserve vs. Patterson, my ethical obligations (and Mr. Patterson's) prohibit me from commenting directly on the case. I can, however, assure you that our request that Mr. Patterson stop using Compuserve's online services to disparage the company is simply good, old-fashioned common sense. After all, why should CompuServe - or any online service - allow a disgruntled party the opportunity to bad- mouth the company in its own forum? "Why, indeed? It's called "a free exchange of ideas." It is much sought after by people around the world. "If AT&T could cut off my phone because I criticized them while using long distance, we would be in very serious danger of losing our freedom. "It is unclear whether electronic services are "common carriers" (like AT&T) that must carry all communications, or "publishers" (like magazines) that are legally responsible for the words they choose to print. "But Compuserve knows which it prefers to be. In separate cases, it has been sued by the National Music Publishers Association and Cubby Inc. for distributing material uploaded by subscribers. Compuserve argues that it should be free from any liability because "it is a distributor and not a publisher." "Our future "information highway" will inevitably center on just five or six giant corporations. That's why it's so important that access not be denied to someone whom these entities don't like. "Because children read forums, I agree that obscene language should be banned. But I've read the forum messages, and Patterson is not guilty of that. "Do me a favor. Sit down right now and tap out a message to Mauryve Cox, the CEO of Compuserve. His I.D. number is 70003,1550. Tell him how important it is to you that no one be denied access to Compuserve forums. Send me a copy, if my account still works after this column appears. (Brian Livingston is the author of "Windows 3.1 Secrets" and "More Windows Secrets", and co-author of "Windows Gizmos." Send tips to Compuserve: 70053,2035; or fax: (206) 282-1248.) From mpd at netcom.com Sat Mar 26 16:32:42 1994 From: mpd at netcom.com (Mike Duvos) Date: Sat, 26 Mar 94 16:32:42 PST Subject: Whoa, now... (was Re: Digital Cash) In-Reply-To: <199403262043.UAA03969@an-teallach.com> Message-ID: <199403270126.RAA16574@mail.netcom.com> > :From: "James G. Speth" > :In fact, he began this thread by citing someone who was talking about using > :an obscured algorithm to prevent digital cash double spending. (ie. If you > :can't get to the algorithm, you can't cheat the system.) His comments were > :on the dangers of relying on this. If I may make a small correction here, I suggested a tamperproof software module could be used in an offline system to process transactions in a way which prevented "ANONYMOUS double spending". This is not the same as preventing double spending, although in a system where reputations matter, it has a certain deterrent effect. > :That's the point. Mikolaj was _never_ referring to cryptographic security. > :He was pointing out how security through obscuring algorithms can never be > :considered reliable. Obscuring the operation of an algorithm inside a tamperproof module isn't security through obscurity any more than obscuring plaintext by encipherment is security through obscurity. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From crunch at netcom.com Sat Mar 26 17:10:40 1994 From: crunch at netcom.com (John Draper) Date: Sat, 26 Mar 94 17:10:40 PST Subject: On TV Tonight Message-ID: <199403270205.SAA00175@mail.netcom.com> I'm going to be on FOX-TV tonight on a show called "On the money", talking about hacking and such. Here in Bay area, it's channel 2, so set your VCR's. From huntting at glarp.com Sat Mar 26 17:30:31 1994 From: huntting at glarp.com (Brad Huntting) Date: Sat, 26 Mar 94 17:30:31 PST Subject: Another Censorship, Freedom of Speech, Rights of Vendor Issue In-Reply-To: <9403270118.AA13801@gold.chem.hawaii.edu> Message-ID: <199403270224.TAA11960@misc.glarp.com> > "Because children read forums, I agree that obscene language > should be banned.... There's excellent essay on obscenity in Kurt Vonegut's _Psalm Sunday_ which I recommend to anyone who doesn't find this statement horrendously offensive. brad From wizard at kaiwan.com Sat Mar 26 17:35:12 1994 From: wizard at kaiwan.com (Jeremy R. Smith) Date: Sat, 26 Mar 94 17:35:12 PST Subject: On TV Tonight In-Reply-To: <199403270205.SAA00175@mail.netcom.com> Message-ID: With regards to the Draper show, anybody know what time it is scheduled to air on the west coast? Many thanks! From GRABOW_GEOFFREY at tandem.com Sat Mar 26 20:33:30 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Sat, 26 Mar 94 20:33:30 PST Subject: WinPGP 1.0 now on oak.oakland.edu. Message-ID: <199403262132.AA825@comm.Tandem.COM> WinPGP 1.0 is available for immediate downloading via anonymous ftp on oak.oakland.edu as pub/msdos/windows3/winpgp10.zip. It also available on any of the SimTel mirrors. Enjoy, G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From pbraunb at netcom.com Sun Mar 27 00:11:20 1994 From: pbraunb at netcom.com (paul braunbehrens) Date: Sun, 27 Mar 94 00:11:20 PST Subject: Another Censorship, Freedom of Speech, Rights of Vendor Issue In-Reply-To: <199403270224.TAA11960@misc.glarp.com> Message-ID: actually, I find it fucking obscene! On Sat, 26 Mar 1994, Brad Huntting wrote: > > > "Because children read forums, I agree that obscene language > > should be banned.... > > There's excellent essay on obscenity in Kurt Vonegut's _Psalm > Sunday_ which I recommend to anyone who doesn't find this statement > horrendously offensive. > > > brad > From tcmay at netcom.com Sun Mar 27 00:59:38 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 27 Mar 94 00:59:38 PST Subject: Censorship--I Demand a Retraction! In-Reply-To: Message-ID: <199403271001.CAA13468@mail.netcom.com> Paul Braunbehrens writes: > actually, I find it fucking obscene! > > On Sat, 26 Mar 1994, Brad Huntting wrote: > > > > "Because children read forums, I agree that obscene language > > > should be banned.... > > > > There's excellent essay on obscenity in Kurt Vonegut's _Psalm > > Sunday_ which I recommend to anyone who doesn't find this statement > > horrendously offensive. > > Brad Huntting is absolutely right: children are known to be reading this forum, so your use of the term "fucking obscene" is therefore illegal, not permitted, unethical, tasteless, and fucking disgusting! So, shithead, I demand a retraction this fucking minute! Or else! Under the rules under which the Information Snooperhighway is run, the Tipper Chip will automatically censor your messages for instances of the 73 Forbidden Words (George Carlin, weep!) and the 192 Banned Thoughtforms. Impure and seditious traffic will not be tolerated. --Infosturmbahnfuhrer T.C. May P.S. I can't _believe_ a Cypherpunk is actually advocating censorship. If "obscenity" is banned, the logical corollary is that some folks will be put in prison for continuing to say "fuck" and "freedom" and other words deemed to be obscene by some Legion of CyberDecency. Can this be what Brad Huntting really wants? (Tell us it was just a joke of color, or something.) As for kids reading this list or the Net in general, and seeing "obscenity" on it, how is this any different or any worse than kids sneaking a look at their Dad's "Busty Babes" (times have changed since I was a kid) or tuning in to a shot of naked butts on "NYPD Blue"? What about young and impressionable children being exposed to atheism on the Net? Or to cultural values that offend their families? Or to any of a hundred other horrors? The only solution to this "problem" in a free society is for _parents_ to control their own children, not to apply censorship and obscenity laws. And practically speaking, it's impossible anyway. The Internet is worldwide, with no centralized point of censorship. Tipper Gore can no more hope to censor the publication of "dirty" music lyrics on the Net than the Ayotollah can hope to stop publication of recipes for pork. It's a whole new world out there. Kurt Vonnegut: welcome to the monkey house. If Kurt really called for censorship, I'll have to reevaluate my respect for him. Too bad Frank Zappa isn't available to have a chat with him about the nature of censorship. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rishab at dxm.ernet.in Sun Mar 27 01:04:00 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 27 Mar 94 01:04:00 PST Subject: Must manufacturers provide backdoors? Message-ID: uni says: > The bill in its draft from provides that common carriers who do not > provide the encryption device are exempt. The meaning on its face is > that common carriers are gaining some immunity to sanctions if they did > not provide the customer with the encryption he or she is using and > instead provide a means for the government to compell the common carrier > to produce in the clear that which they caused to be encrypted. > The practical effect the bills has is to impose on common carriers that manufacture encryption devices, a duty to provide to the government those > conversations which are made with said devices over their lines. > If AT&T manufactures some encryption device, and I use it over AT&T > lines, one reading of the bill would suggest that AT&T is now RESPONSIBLE > for decrypting this if the government should request it. The Act does exempt carriers from providing backdoors in the encrytion it *doesn't* provide; it makes no mention of any exemption or obligation for *manufacturers.* Here's an excerpt: > (5) 'intercept' shall have the same meaning as set forth in > subsection 2510(4) of title 18, United States Code, except that with > regard to a common carrier's transmission of a communication encrypted by > a subscriber, the common carrier shall not be responsible for ensuring the > government agency's ability to acquire the plaintext of the communications > content, unless the encryption was provided by the common carrier and the > common carrier possesses the information necessary to decrypt the > communication; Manufacturers are obliged to make available equipment to the common carriers "compliant with ... this Act." Even if manufacturers are not (like AT&T) also common carriers. The Act does not elaborate on the manufacturers role in producing "compliant" equipment, nor on their responsiblities towards the "provisions of this Act." An interpretation could be that ALL EQUIPMENT must facilitate the decryption of plaintext under court order. After all, the Act does require common carriers to provide backdoors in any ecnryption they provide. > "(d) Cooperation of support service providers and equipment > manufacturers. Common carriers shall consult, as necessary, in a timely > fashion with appropriate providers of common carrier support services and > telecommunications equipment manufacturers for the purpose of identifying > any services or equipment, including hardware and software, that may > require modification so as to permit compliance with the provisions of > this Act. A provider of common carrier support services or a > telecommunications equipment manufacturer shall make available to a common > carrier on a timely and priority basis, and at a reasonable cost, any > support service or equipment, including hardware or software, which may be > required so as to permit compliance with the provisions of this Act. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From phantom at u.washington.edu Sun Mar 27 02:04:16 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sun, 27 Mar 94 02:04:16 PST Subject: NewMedia article, April 1994 Message-ID: Just got this in the mail, and flipping through it I saw a decent article (with quotes from our own prolific Tim May!). Any mistakes are probably OCR errors -- it's 3am and time to go to bed. _You_ proof it! Privacy in the Digital Age by Curtis Lang NewMedia, April 1994 Welcome to the digital frontier, where network by network, metaphor by metaphor, a splendid, global, multimedia palace is being built through trial and error. You won't need to take a long and winding road to this frontier, though, it's coming soon to your home. You'll know it has arrived when you can read messages on your telephone, have a dialogue with your television and watch beautiful movies on your PC. AT&T has already established a giant encampment on this digital frontier, and it is now concentrating on building a virtual community. In advertisements, the company paints seductive pictures of fully wired--and wireless--consumers interacting in the cyberspace equivalent of Hemingway's dean, well-lighted place. A happy couple in a jumbo kitchen uses a computerized telephone to take and receive electronic messages and make reservations for the ball game. A nomadic businessman in an airport shuttle bus tells his PDA how much he's willing to spend on a used car for his son, what makes he prefers and the maximum acceptable mileage. He sends his PDA on a shopping trip around the region with a single touch. It all sounds thrilling--empowering for consumers and businesses alike. But in the 21st-century world of interactive television, broadband Internet access and ubiquitous multipurpose communications gizmos, every message you send and each dollar you spend could be an unbidden messenger as well. Electronic traces of your passage will remain in data banks of cable, telephone and on-line service providers. And the government wants to install a trap door in software and hardware used to encrypt messages and data from medical smart cards, IRS records, digital cash transfers and plain old e-mail. These databases will be digital gold in the world of direct marketing, where vendors and advertisers will tailor special offers to individuals based upon this information and deliver coupons that will issue from your smart cable TV set-top box What's to prevent unscrupulous third parties--or underpaid government workers with access to the software trap door--from obtaining information that could be used to harm consumers? Not much, judging from stories like that of black-data buccaneer Al Schweitzer, who bought and sold confidential government files for a living (see "Penetrating Uncle Sam's Data," page 68). Unless government agencies, infrastructure suppliers, software wizards and producers of programming can guarantee privacy in the rapidly expanding web of cyberspace, it may be impossible for the trust upon which a virtual community depends to develop sufficiently to make the grand digital experiment a success. Without this assurance there will be no secure business communications, and the kind of transactional data that is currently gathered by insurance firms, credit companies and banks might fall into the hands of anyone with the skills to track it across the global network Security of transactions over cable networks is already a concern to American consumers, according to surveys by Viacom Cable and others. And the lack of secure transaction methods may already be hampering buying and selling via modem. Consumer's unwillingness to put it on their Visa when traveling in cyberspace has slowed public acceptance of such services as American Airlines' Easy Sabre ticket service, available on Prodigy, America Online and other on-line services. Consumers, like businesses, are eager to take advantage of the digital highway, but they are leery of financial data and other sensitive information falling into the wrong hands. ENCRYPTION MAY BE THE KEY When you make a phone call or send a letter, you can be fairly certain that the contents of your communications will remain private. Such trust makes our postal and phone systems possible. AT&T hopes to give customers that same sense of security about wireless communications. It is the first company to implement General Magic's new Telescript communications software in its PersonaLink Services, which will be the foundation for AT&T's multimedia web of services that include smart messaging, electronic shopping and custom news delivery. "Telescript. .is a technology which creates something called agent-based communication," explained Marc Porat, chairman and CEO of General Magic, at a winter conference on electronic consumer appliances in New York Such software agents will be able to travel throughout wired and wireless networks searching for information, like-minded individuals or bargain prices on PCs. Agents will act as your virtual doorman, your e-mail bozo filter, tossing mail on subjects you nix into the trash. "General Magic is a really good idea," contends Jerry Michalski of the industry newsletter, Release l.a "You can create a little agent that .[will] go out there and look for things for you. Let's say you're a stamp collector--it can look for a particular kind of stamp, or a bubble-gum card or whatever, and maybe even buy the thing for you automatically. Now, gosh, you're putting that up on AT&T's network. They could find out within very small fractions of activity what you're doing, what your preferences are, what kind of agents you've decided to broadcast into the world. So you're only going to do that if you have some kind of confidence that they're not going to misuse that information." To that end, AT&T and General Magic intend to set up "trusted spaces," secure virtual meeting rooms where your agent can meet with another agent, representing a vendor or an individual, and communicate, shop, cut deals or consummate business transactions free from prying software. But what about the security of these networks? And how will you know the identity of the entity lurking behind the vir- tual agent that your virtual agent is schmoozing up in supposedly secure cyberspace? "Most wireless communications systems are security nightmares," says Jim Bidzos, president of RSA Data Security Inc., a giant in the global cryptography business. "They have no real encryption, no authentication.... General Magic realized that for a lot of people, wireless services of any kind simply can't be trusted. So they built RSA encryption and authentication services right into the foundation of Telescript and Magic Cap [the interface for General Magic's PDA]." A DIFFERENT VIEW Advocates of civil liberties such as the cypherpunks, the grassroots encryption experts who have developed widely distributed personal encryption shareware for e-mail, worry that even in such a security-conscious system, the government will find a way to snoop. They see alternatives to AT&T's vision of tomorrow. "The issue of digital money is going to be key," argues Tim May, "so that people can buy access codes." May, formerly a physicist with Intel and one of the most visible cypherpunks, envisions a future in which digital cash is used for most transactions. In such a system encryption schemes would be floating through the computer community that could make most financial transactions virtually untraceable. "Imagine a satellite dish on your roof," he continues. "You decide to buy an X-rated movie, and you don't want records kept of that on your monthly bill. [There will be] mechanisms by which you can buy 'coupons' that are usable on a one-time basis to decrypt a packet, and the vendor of the service--say, the seller of the X-rated movie--has no idea that you, in particular, are decrypting his packet. I think that'll be essential." DO YOU TRUST UNCLE SAM? After months of review, during which a torrent of digital complaints flooded the White House from multinational corporations, the Software Publishers Association, cypherpunks and civil libertarians, President Clinton announced that he wants the National Security Agency (NSA) to implement secret standards for encryption to be used in computerized communications systems to facilitate e-mail surveillance. The Computer Security Act of 1987 mandated that the National Institute of Standards and Technology (NIST), a civilian agency, develop appropriate standards for digital communications networks. At the time it was clear that there would be a need for digital envelopes (cryptography), digital signatures and other technologies to provide security and enable legally enforceable digital transactions on the Internet, and eventually across fiber-optic cables and wireless systems connected to telephones, computers, TVs and PDAs. However, during the Bush administration, a series of executive orders placed authority for developing those standards in the hands of the NSA, America's largest and most secretive spy organization, which has a checkered history that includes large-scale illegal surveillance of Americans. Thus it was no surprise that the agency's proposal to provide digital encryption systems focused on easy wiretap surveillance rather than privacy, security and other civilian needs. The NSA produced a 64-bit encryption algorithm, classified "Secret" and called Skipjack The NSA declined to make the algorithm public, prompting concern that, given the NSA's track record, there might be a "trap door" in Skipjack that would allow secret surveillance of all Skpjack-encoded messages. In April 1993, the White House outlined plans for a microcircuit called the Clipper chip, which would scramble telephone conversations. Each chip, encoded with Skipjack, would generate an encryption session key, a chip unique key and a chip family key, all of which are sent to the receiver. The White House asks users to register their chip unique key with the government, which will then split each key into two parts and "escrow" the parts with two different agencies, so that law enforcement agencies can unscramble suspects' messages. SURVEILLANCE ON THE UPSWING The White House claims that the system would be used by government officials with legal authorization to conduct wiretaps and thus represents no intensification of government surveillance. But in NIST's letter inviting five hand-picked cryptography experts to do a quick survey of Skipjack, the agency says that key components will be made available "only to authorized government officials under proper legal authorizations, usually a court order." They said usually, not always. The distinction was not accidental. For the last several years, the FBI has been increasing its surveillance of all Americans at a dizzying pace as part of a mind-boggling expansion of its powers and activities. This includes increased access to computerized data on Americans, which now often no longer requires a court order to be accessed. The Bush average of 332 wiretap applications per year was double that of the Reagan administration, and state agencies' wiretaps also increased during the Bush years. Despite the rapid increase of such requests, wiretaps are far from widespread, and according to the June 1993 issue of the Privacy Journal, the FBI has publicized no instances in which its investigations were hampered because a suspect had used encrypted e-mail or other digital security devices. The Clinton administration asked for an amendment to the Fair Credit Reporting Act that would allow the FBI to obtain credit information, without a court order, by issuing a "national security letter." The rationale is that although the FBI has access to your bank records, it will not know which banks' records to obtain without ready access to your credit reports, as David MacMichael reports in the National Security Alumni Association Magazine, Unclassified (October/November 1993). OPERATION ROOT CANAL Meanwhile, the FBI continues to move forward with "Operation Root Canal," also known as the 1992 Digital Telephony Proposal, which encourages service and equipment providers to design their computerized systems in such a way that the government can easily "obtain the plain text contents of voice, data and other communications," according to FBI memoranda obtained by the nonprofit Computer Professionals for Social Responsibility (CPSR) from the Commerce Department in November of last year. The threat of the Digital Telephony Proposal to telecommunications companies is very real. CPSR reported that Rep. Jack Brooks, a Texas Democrat, said that Root Canal "could obstruct or distort telecommunications technology development by limiting fiber optic transmission, ISDN, digital cellular services and other technologies until they are modified...and could impair the security of business communications. .could facilitate not only lawful government interception, but unlawful interception by others [and] could impose on industries' ability to offer new services and technologies." And the NSA, which oversees export-control regulations of weapons of war--including encryption products--has signaled its intent to prevent grassroots cryptography from enlisting enough users to constitute a de facto standard. Recently Phil Zimmerman, the creator of Pretty Good Privacy, a popular and widely available piece of encryption shareware, was busted for export-control violations (see "Penetrating Uncle Sam's Data," below). After all, if everyone has access to encryption techniques, when law enforcement agencies decrypt the Skipper algorithm on someone's intercepted message, they'll find a secondary layer of encryption that could be more difficult to crack That would render Skipjack pointless; some Clinton critics worry that the logical outcome of Skipjack implementation will be the criminalization of other forms of encryption. Never mind the implications for secure business communications. With a government-imposed Skpjack standard, the feds would be able to do something they have never been able to do before--easily conduct mass surveillance. THE RIGHT TO PRIVACY "No right of private conversation was enumerated in the Constitution," said Sun Microsystems' Whitfield Diffie, one of the pioneers of modern civilian encryption, in June 1993 testimony before the House Subcommittee on Telecommunications and Finance. "I don't suppose it occurred to anyone at the time that it could be prevented. Now, however, we are on the verge of a world in which electronic communication is both so good and so inexpensive that intimate business and personal relationships will flourish between parties who can, at most, occasionally afford the luxury of traveling to visit each other. If we do not accept the right of these people to protect the privacy of their communication, we take a long step in the direction of a world in which privacy will belong only to the rich."Canada and most European countries regulate public and private data collection. By contrast, direct marketers and credit and insurance companies in the United States are able to obtain large amounts of data about the buying habits and lifestyles of most citizens. U.S. Law provides no redress for the individual who complains of privacy violations, other than the right to sue the violator. That great amounts of information are being gathered about each of us is hardly news. And the evidence that privacy has become a commodity has been accumulating for years. Want an unlisted number? You pay for it. Want to restrict direct marketers' ability to target you over cable TV? You may pay again. "If you don't want to be intruded on at home, don't have a home phone," advises Esther Dyson, a policy consultant on all things digital for the Clinton administration. "Which is what I do. If you really are worried about this, take action. That's very difficult on a lot of things, but people sort of act like they're helpless, and they're not." Or, in the immortal words of Count Niccolo Machiavelli, counselor of princes: "Only those means of security are good, are certain, are lasting, that depend on yourself and your own vigor." We have seen the future, where everyone plays James Bond in the palatial network that composes tomorrow's worldwide digital web. In such a world, the Count could become a best- selling author again. Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From wcs at anchor.ho.att.com Sun Mar 27 02:06:26 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 27 Mar 94 02:06:26 PST Subject: Where is PGP 2.4? Message-ID: <9403271106.AA02604@anchor.ho.att.com> > What's PGP 2.4 ? There are several PGP 2.4's around. The ViaCrypt commercial version calls itself 2.4, and if I'm not mixing it up with something else, the SGI internal-use version (which uses a licensed RSA) also calls itself 2.4. From dichro at tartarus.uwa.edu.au Sun Mar 27 05:59:27 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sun, 27 Mar 94 05:59:27 PST Subject: Whoa, now... (was Re: Digital Cash) In-Reply-To: <199403270126.RAA16574@mail.netcom.com> Message-ID: <199403271500.XAA09142@lethe.uwa.edu.au> > If I may make a small correction here, I suggested a tamperproof software > module could be used in an offline system to process transactions in a > way which prevented "ANONYMOUS double spending". This is not the same as > preventing double spending, although in a system where reputations > matter, it has a certain deterrent effect. > > > :That's the point. Mikolaj was _never_ referring to cryptographic security. > > :He was pointing out how security through obscuring algorithms can never be > > :considered reliable. > > Obscuring the operation of an algorithm inside a tamperproof module isn't > security through obscurity any more than obscuring plaintext by > encipherment is security through obscurity. OK, just to go and match the pattern of mis-understandings in this thread, i'd appreciate it if you posted a detailed version of your plan (sorry if you've done it before, but the 'd' key and I are old friends...oops), as i probably just read the bit that leapt out at me and ingnored the rest. Then i'll try to punch a few holes in it... :) MJH * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From 68954 at brahms.udel.edu Sun Mar 27 07:05:49 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Sun, 27 Mar 94 07:05:49 PST Subject: Censorship--I Demand a Retraction! In-Reply-To: <199403271001.CAA13468@mail.netcom.com> Message-ID: Ah, Tim, err, Brad was on our side here pal 8) Vonnegut had a neat little thing making the previous "Because children read furom, I agree that abscene language should be banned.." quote look stoooooopid. I also think it was "Palm Sunday" not Psalm. 8) > > Under the rules under which the Information Snooperhighway is run, the > Tipper Chip will automatically censor your messages for instances of > the 73 Forbidden Words (George Carlin, weep!) and the 192 Banned > Thoughtforms. Impure and seditious traffic will not be tolerated. > That was a damn good skit that Carlin did, almost as good as the thing he does about politically correct terms 8) > --Infosturmbahnfuhrer T.C. May > > P.S. I can't _believe_ a Cypherpunk is actually advocating censorship. > If "obscenity" is banned, the logical corollary is that some folks > will be put in prison for continuing to say "fuck" and "freedom" and > other words deemed to be obscene by some Legion of CyberDecency. Can > this be what Brad Huntting really wants? (Tell us it was just a joke > of color, or something.) No, it was simply a misinerpretation, and misattribution. Noe Brad said whoever didnt find that quote "Because Children....." obscene should rad the Vonnegut thing, snce they would actually find the quote calling for censoring obscene itself. > > Kurt Vonnegut: welcome to the monkey house. If Kurt really called for > censorship, I'll have to reevaluate my respect for him. Too bad Frank > Zappa isn't available to have a chat with him about the nature of > censorship. > OH NONONONO, Kurt doesnt support censorship at all, and his commentary on it is quite enlightening. Do you think the guy who wrote about seeing the bodies of young school girls boiled in the water tower at Dresden would support censorship, or the guy who wrote _Breakfast Of Champions_ with various ridiculously funny hand drawn pictures of anatomy etc..., or the guy who discovered that the main reason we have wars is for women's underwear 8) Dont worry Tim, we realize it was only a misattribution most likely do to the often confusing format that some people do their quotes in 8) > -- > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at netcom.com | anonymous networks, digital pseudonyms, zero > 408-688-5409 | knowledge, reputations, information markets, > W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. > Higher Power: 2^859433 | Public Key: PGP and MailSafe available. > "National borders are just speed bumps on the information superhighway." > You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From frissell at panix.com Sun Mar 27 07:31:34 1994 From: frissell at panix.com (Duncan Frissell) Date: Sun, 27 Mar 94 07:31:34 PST Subject: Cousin Brucie At CFP `94 Message-ID: <199403271632.AA13410@panix.com> To get this in first... Bruce Sterling Saturday night in Chicago: "Being afraid of large institutions when they have computers is like being afraid of 600 pound gorillas particularly when they are on fire." DCF --- WinQwk 2.0b#1165 From huntting at glarp.com Sun Mar 27 09:10:53 1994 From: huntting at glarp.com (Brad Huntting) Date: Sun, 27 Mar 94 09:10:53 PST Subject: Censorship--I Demand a Retraction! In-Reply-To: <199403271001.CAA13468@mail.netcom.com> Message-ID: <199403271811.LAA13736@misc.glarp.com> >>> "Because children read forums, I agree that obscene language >>> should be banned.... >> There's excellent essay on obscenity in Kurt Vonegut's _Psalm >> Sunday_ which I recommend to anyone who doesn't find this statement >> horrendously offensive. ... > P.S. I can't _believe_ a Cypherpunk is actually advocating censorship. ... Gee Tim... I think we might have to send you back to the indoctrination center for some vocab' rehabilitation. After all, there are probably children reading this list. If I recall (and it's been a couple years since I read this), Vonnegut makes the argument that the whole concept of obscenity and it's censorship is a Victorian thought control device. Whether it's TV executives putting per hour quota's on forbidden words, or yokeles getting _Lysistrada_ pulled from highschool classics courses, it's censorship and it's obscene. > As for kids reading this list or the Net in general, and seeing > "obscenity" on it, how is this any different or any worse than kids > sneaking a look at their Dad's "Busty Babes" (times have changed since > I was a kid) or tuning in to a shot of naked butts on "NYPD Blue"? Heaven forbid! > What about young and impressionable children being exposed to atheism > on the Net? Or to cultural values that offend their families? Or to > any of a hundred other horrors? > The only solution to this "problem" in a free society is for _parents_ > to control their own children, not to apply censorship and obscenity > laws. Indeed, chain them to the bed and put bricks on their heads. > And practically speaking, it's impossible anyway. The Internet is > worldwide, with no centralized point of censorship. Tipper Gore can no > more hope to censor the publication of "dirty" music lyrics on the Net > than the Ayotollah can hope to stop publication of recipes for pork. > It's a whole new world out there. > Kurt Vonnegut: welcome to the monkey house. If Kurt really called for > censorship, I'll have to reevaluate my respect for him. Too bad Frank > Zappa isn't available to have a chat with him about the nature of > censorship. Think about it Tim... When I saw Vonnegut speak at C.U. in the 80's, he spent the majority of his speech damning the christian right for it's neo-victorian book banning activities. brad P.S. Thanx for the correction, it's Vonnegut (two n's) and _Palm Sunday_, not "Psalm". All other spelling errors are deliberate can be placed with extreme prejudice in the offended readers genitalia. From bart at netcom.com Sun Mar 27 09:23:24 1994 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 27 Mar 94 09:23:24 PST Subject: "Computer Insecurity" on CNN Message-ID: <199403271825.KAA03907@mail.netcom.com> Next week's Science & Technology Week, airs first Saturday @ 8 am, then Sunday at 9:30. (And perhaps other times as well). From tcmay at netcom.com Sun Mar 27 09:36:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 27 Mar 94 09:36:48 PST Subject: Censorship--I Demand a Retraction! In-Reply-To: <199403271811.LAA13736@misc.glarp.com> Message-ID: <199403271837.KAA05430@mail.netcom.com> > > > P.S. I can't _believe_ a Cypherpunk is actually advocating censorship. > > ... > > Gee Tim... I think we might have to send you back to the indoctrination > center for some vocab' rehabilitation. After all, there are probably > children reading this list. > > If I recall (and it's been a couple years since I read this), > Vonnegut makes the argument that the whole concept of obscenity > and it's censorship is a Victorian thought control device. Whether > it's TV executives putting per hour quota's on forbidden words, or > yokeles getting _Lysistrada_ pulled from highschool classics courses, > it's censorship and it's obscene. Whew! Thanks, Brad, for setting me straight on this. I _did_ think you were endorsing censorship, not having seen the Vonnegut piece and not knowing he was making an ironic point. In my defense, to the extent there _is_ one, I've seen public figures go dotty (and I _do_ mean like Dorothy) in their old age, supporting all kinds of strange and fascist positions in defense of the Old Order. But I guess that in Vonnegut's case, that would be too unbelievable. (In Heinlein's case, though.....) I'm fucking relieved. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdwilson at gold.chem.hawaii.edu Sun Mar 27 16:31:56 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Sun, 27 Mar 94 16:31:56 PST Subject: Please refer back to the original purpose of the message Message-ID: <9403280132.AA19452@gold.chem.hawaii.edu> Mr. May et al: The couple of lines re pornographic language seems to have diverted the apprecation of the problem reported in the message. This message is about whether or not Compu$erve should get away scott free for bullying one of their subscribers while they attempt to steal use of his trade- marked software which he had been offering on Compu$erve for some time. Please reread the msg. > Forwarded from a message on InterNet: > Forwarded message: > > X-Mailer: ELM [version 2.3 PL8] > > To supporters of freedom of speech - please read, act and > > share this as your conscience dictates: > > Unofficially excerpted from Infoworld 3/7/94 Brian Livingston's > > Window Manager column. > > > > "Can CompuServe succeed in silencing Windows dissenters? Having > > your electronic mail account cut off is the modern equivalent > > of solitary confinement. Many services I use, such as Microsoft > > Windows forums, exist exclusively on systems such as the CompuServe > > Information Service. There is no other place for information. > > "That's why I took notice when CompuServe threatened to cut off > > a subscriber's account if he even mentioned on-line a lawsuit that > > the company filed against him. > > > > "Compuserve filed suit January 31 in Federal District Court in Ohio > > against Richard S. Patterson, the developer of a shareware program > > called Windows Navigator (WinNAV), which he has distributed on > > Compuserve for several years. > > > > This suit came about after Patterson complained on a Compuserve > > forum last December that the company's plans to release a product > > called Windows Navigator infringed upon his trademarks. > > "Prior to initiating the suit, Compuserve modified the name of its > > product to CompuServe Navigator, Windows Version. It asks the court > > to find that Patterson has "no trademark rights" that it has > > infringed, and for an unspecified monetary penalty. > > > > "I don't know who will prevail in this suit. But what really > > bothers me is this threat in a letter to Patterson dated January 31, > > from Kevin J. Osterkamp, Compuserve's attorney in the firm of > > Roetzel and Andress, of Columbus, Ohio; > > > > "I am as legal counsel for Compuserve compelled to advise you that > > it is Compuserves position that you will be terminated if you > > mention, discuss, or comment upon the lawsuit or the issues > > related thereto as a part of the CompuServe Information Service. > > Termination will also result from any other disparagment of > > Compuserve, its management, employees, or business practices. > > > > "I've never met Mr. Patterson, but I know him tangentially from > > his other software, Zip Tools, which appears in Windows Gizmos. > > > > "My columns have promoted CompuServe many times, so I asked for > > it's position. The gist of the reply I received from Mr. Oster- > > kamp was this: > > > > "Regarding the case of Compuserve vs. Patterson, my ethical > > obligations (and Mr. Patterson's) prohibit me from commenting > > directly on the case. I can, however, assure you that our > > request that Mr. Patterson stop using Compuserve's online > > services to disparage the company is simply good, old-fashioned > > common sense. After all, why should CompuServe - or any online > > service - allow a disgruntled party the opportunity to bad- > > mouth the company in its own forum? > > > > "Why, indeed? It's called "a free exchange of ideas." It is > > much sought after by people around the world. > > > > "If AT&T could cut off my phone because I criticized them while > > using long distance, we would be in very serious danger of losing > > our freedom. > > > > "It is unclear whether electronic services are "common carriers" > > (like AT&T) that must carry all communications, or "publishers" > > (like magazines) that are legally responsible for the words they > > choose to print. > > > > "But Compuserve knows which it prefers to be. In separate cases, > > it has been sued by the National Music Publishers Association and > > Cubby Inc. for distributing material uploaded by subscribers. > > > > Compuserve argues that it should be free from any liability > > because "it is a distributor and not a publisher." > > > > "Our future "information highway" will inevitably center on just > > five or six giant corporations. That's why it's so important > > that access not be denied to someone whom these entities don't > > like. > > > > "Do me a favor. Sit down right now and tap out a message to > > Mauryve Cox, the CEO of Compuserve. His I.D. number is > > 70003,1550. Tell him how important it is to you that no one > > be denied access to Compuserve forums. Send me a copy, > > if my account still works after this column appears. > > > > (Brian Livingston is the author of "Windows 3.1 Secrets" and > > "More Windows Secrets", and co-author of "Windows Gizmos." > > Send tips to Compuserve: 70053,2035; or fax: (206) 282-1248.) From tcmay at netcom.com Sun Mar 27 16:48:27 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 27 Mar 94 16:48:27 PST Subject: Please refer back to the original purpose of the message In-Reply-To: <9403280132.AA19452@gold.chem.hawaii.edu> Message-ID: <199403280150.RAA21045@mail.netcom.com> Jim Wilson writes: > Mr. May et al: > > The couple of lines re pornographic language seems to have diverted > the apprecation of the problem reported in the message. This message > is about whether or not Compu$erve should get away scott free for bullying > one of their subscribers while they attempt to steal use of his trade- > marked software which he had been offering on Compu$erve for some time. > > Please reread the msg. (very long message about Compuserve deleted to save space) Being the only Mr. May on this list, so far as I know, I'll comment. This even though I have no idea what Jim Wilson is talking about. I haven't commented on the Compuserve thread; my only "pornographic language" that I recall had to do with some comments on Kurt Vonnegut and Brad Huntting on censorship. Where this thread may've started is immmaterial to my comments. Frankly, I deleted the Compuserve-related message, as I have no interest in the internal politics of Compuserve and its customers. Corporations like Compuserve are free to pick and choose their customers, just as customers are free to pick and choose those they buy their services from. The issue of whether "Windows Navigator"--if I remember the name correctly--is the name owned by J. Random User or Compuslave or the Republic of Ruritania is hardly something we are in a position to evaluate from the one-sided posts presented here. I have no desire to "reread the message," nor do I enjoy being accused of "diverting" the meaning of your message, Jim. People read what they want to read and write what they want to write. --Tim May From jdwilson at gold.chem.hawaii.edu Sun Mar 27 17:18:59 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Sun, 27 Mar 94 17:18:59 PST Subject: Please refer back to the original purpose of the message In-Reply-To: <199403280150.RAA21045@mail.netcom.com> Message-ID: <9403280220.AA19695@gold.chem.hawaii.edu> Tim: I misunderstood the message chain and appologize for the same. Jim From phred at well.sf.ca.us Sun Mar 27 19:30:56 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Sun, 27 Mar 94 19:30:56 PST Subject: Censorship--I Demand a Retraction! In-Reply-To: <199403271001.CAA13468@mail.netcom.com> Message-ID: <9403272032.ZM18169@well.sf.ca.us> Tired: Clipper Chip. Wired: Tipper Chip. From phantom at u.washington.edu Sun Mar 27 21:14:19 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sun, 27 Mar 94 21:14:19 PST Subject: Projects for parallel machine? Message-ID: I've got access to a zippy, 9-processor, mostly unused box. What ever should I _do_ with it? Factoring routines? What? I'm looking for a decent project to work on this next quarter, and I'd like to include this big boys' muscle. Any computations that can be done in parallel are game; I just can't think of anything. Any comments appreciated. Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From hfinney at shell.portal.com Sun Mar 27 23:37:12 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 27 Mar 94 23:37:12 PST Subject: Solution to Remailer Abuse Message-ID: <199403280737.XAA10102@jobe.shell.portal.com> I was riding the train tonight, re-reading some old crypto papers, including Chaum's Auscrypt paper on digital pseudonyms, credentials, and such. He described a method for letting libraries catch people who don't return library books, while still preserving confidentiality of all transactions. It occured to me that a modified form of his idea could help curb abuse of remailers. (It might also work for the anonymous video rental problem we have discussed here from time to time.) Chaum's idea was pretty complicated, but I think a simpler approach could work using the existing Magic Money software. One idea we have talked about to help curb abuse would be to simply charge digital postage for every message. However, it was pointed out that in practice postage costs would probably be so low that this would only help in extreme cases of volume abuse. My idea is to have the coins not represent money, but to have them be "non-abuse tokens". With every message would be included a non-abuse token in the form that Magic Money uses when you exchange incoming money at the bank. This is composed of the coin itself, plus what is called a "proto-coin" which is a blinded version of what will become the new coin. The remailer would check the incoming non-abuse token to make sure it hadn't been seen before, just like the bank does with Magic Money. However, it would not immediately sign and return the blinded proto-coin. Instead, it would hold onto it for a day or two to see if any complaints came back about the message. This would require remembering the outgoing message-ID along with the proto-coin, but nothing else would have to be remembered about the message, and of course with remailer chains the true source of the message would be completely unknown. If no complaints come in (which is the case with the vast majority of messages, in my experience) the remailer would sign and publish the blinded proto-coin. This would be put in some public place which was generally available to all who might use the remailer. The user who sent the message would be watching for this proto-coin and pick it up, un-blinding it with his Magic Money software, to produce a new non-abuse token which he can use to send another message. If serious complaints do come in about the message, the remailer would not sign the proto-coin, and the sender would have lost a non-abuse token. The nice thing about this system is that it protects the privacy of the user of the remailer system. With the Magic Money technology each non-abuse token is blinded so there is no linkage possible between issuing of such tokens and their use. The big problem with the remailers now is that abusive messages can't be addressed without trying to track down who sent them, which is usually impossible. This system addresses the problem without hurting anyone's privacy. A couple of issues that I have glossed over would include how the non-abuse tokens are issued in the first place. There is the obvious danger that an abuser manages to keep getting new tokens by pretending to be a new net user who would like to use the remailer. Two solutions to this would be first, to charge a significant sum for a handful of non-abuse tokens; this would be a one-time fee for non-abusers but could get expensive for those who abuse; or second, to only give non-abuse tokens to users who could be identified by their True Names. (This isn't a situation which needs military- grade security; semi-secure methods of identifying true names should be adequate.) One other thing I suggested above which might seem a little controversial was that the signed but still-blinded proto-coins could be made available in the clear. Since these are in the form r*f(x)^(1/d) where r, a random number, is only known to the user who created the proto-coin, I think they are effectively one-time-pad encrypted. So I don't see any need for these messages to be hidden with a public key. In fact, I don't think Magic Money would really need to have a public key for the user since it is only used to protect these messages, and I don't think they need protection. Comments are welcome on this point. One last point involves the definition of abuse. As far as I am concerned that is up to the remailer operator. Last week I got a very polite and worried letter from a girl wondering why she had received mail from my remailer inviting her to such some guy's finger, except it wasn't his finger. (Despite our recent discussion of this list's implicit "X" rating I am reluctant to be more explicit.) I don't get too many of these but I feel bad about them all the same. My current approach is to add each person to the list of blocked outgoing addresses, but I think the technology would allow for a more effective solution. Hal From jkreznar at ininx.com Mon Mar 28 00:15:57 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Mon, 28 Mar 94 00:15:57 PST Subject: Answers to Summit questions Message-ID: <9403280555.AA03402@ininx> -----BEGIN PGP SIGNED MESSAGE----- > -- Questions for Discussion Groups -- > 1. What is important to your group? Truth and honesty. > 3. What does your group want not to happen with the NII? For it to de facto preempt honest alternatives. I'm afraid that the NII will be funded in part by taxation. An honest person cannot in good conscience willfully accept services funded by taxation when he has a reasonable alternative. The NII threatens the viability of honest alternatives. The reason is that even an honest person will find it hard to justify paying more for access to a user-funded network when a cheaper alternative such as NII is available because it is sustained by expropriating the fruit of the toil of unconsenting others. Some of us would prefer that relations among people be by mutual consent or not at all. Government programs, by contrast, imply imposition by the politically victorious upon all others. > 5. What would you be able to do with the NII, that you would not > otherwise, if you did not have to worry about the cost of access? One can _not_ of course not worry about the cost. The people who install and maintain the system have to eat, too. The pertinent question is whether that money is given freely in exchange for service rendered, or is expropriated from another without his consent through taxation. An honest user of the system suffers ongoing distress to know that he benefits only because of another's oppression. The NII should not come to be. The ``N'' in NII stands for ``National''. Nations are abominations, functioning as they do to supplant personal choice with collective dictate. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZZwxcDhz44ugybJAQEbTwQAgCHVdhmdC3zyQWRKOhNLTFzM8AFH29re jOdOmnIKkGiJWzjPGLb/x4cagv+tS56OgfpSMmBet9xsm9f7Yf3gGpGgPVgiYr2n pseH5x7ON0a6u0YVYZX8SIPyOjUUEiDBwhAfOOALJ2fWWMI0hYhREiAQuNS1Ag8T /oYQtUFf274= =QDwY -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Mon Mar 28 00:21:44 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Mon, 28 Mar 94 00:21:44 PST Subject: personal manifesto (comments appreciated) Message-ID: <9403280824.AA29993@ nextsrv.cas.muohio.EDU > -----BEGIN PGP SIGNED MESSAGE----- The following is my manifesto of net.beliefs. I recognize their lack of precision, their foundation in principles of faith, and their lack of a clear vehicle for realization. I do not profess them to be a statement of cypherpunk beliefs. I do submit them for discussion, criticism, suggestion, rant, or flame. If you disagree this is your chance to educate a misguided individual with hopelessly antiquated beliefs. If you agree, this is your chance to point out badly constructed arguments, awkward sentences, repetition, and poor word choice. I cannot work for something unless I know what it is IUm working for. 1) My vision of the Net is utopian, or I would not spell it as I do, with a capitol N. While the most likely possibility is that the Net will simply mirror current society, a Net of this structure would fail to realize its potential as an agent of social change. 2) The Net has the potential to become the greatest de-centralizing force in the history of humanity. The potential ability of the individual to cheaply reach, and organize, vast numbers of like-minded individuals is unprecedented. 3) Current arguments for regulation of cryptography by government agencies depend on the argument they are maintaining their current abilities in the brave new world of cyberspace. I argue that even if this were the case, we have a responsibility to do more than simply maintain the status quo. This argument can be mapped to possible future objections by authorities. 4) It is the responsibility of the information haves to spread their knowledge to the information have-nots. A Net which allows the economic exploitation of information have-nots by those with the information is, while perhaps profitable, immoral. Information wants to be free. Knowledge which is not of a personal nature should be freely accessible. 5) Along with these positive potentials, it is possible for the Net to be constructed in such a way as to allow the formation of the most powerful authoritarian societies the world has ever seen. The potential for the death of the Individual, just as for the empowerment of the Individual, is very real. We must work to prevent totalitarianism. 6) The Net is no better than its users. Current crises of economic inequality, of homelessness and hunger, will not be affected by the Net unless we work to change them in pre-Net society. People cannot participate in a democratic society if they are not educated to a minimal level required for functioning in that society. This is the crux of our societal problems, as well as the crux of possible problems with the Net. 7) It is better to help oneUs fellow human than to hurt. It is better to give than to receive. Equally, one human has an enormous capacity to injure and exploit another human. We must decide which ability we wish to empower, and judge which we actually do. 8) There are fundamental problems with the structure of society. Realizing the democratic vision of the Net is a way to re-structure society. My hope is that this restructuring will create a better society than the one I know. I recognize it can be worse-- much worse. With vigilance, it will not be. 9) My beliefs are hopelessly utopian. I have faith in democratic principles to shape society into a more just social hierarchy. This faith must not be confused with certainty. It is impossible to predict the shape of the society which will be created. A few risks are of the tyranny of the majority, and the willful formation of totalitarian dictatorships (hyperlink Weimar Germany). The will of the people is impossible to define, much less judge, gauge, measure or regulate. We must be satisfied with approximations. 10) All actions have moral implications. Ignoring these implications is irresponsible and, yes... immoral. - -john. - -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLZZOOBD3efpluabZAQH/swH9FmFB45S9jcMs2oqMn12wTEfqcbGFDdSN LAc5NEt1us7aipazZIouu+abSsPRlqq2lhIxOzJ65KGlYNdWjJ0tPw== =NiD7 -----END PGP SIGNATURE----- From tcmay at netcom.com Mon Mar 28 00:47:04 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 28 Mar 94 00:47:04 PST Subject: personal manifesto (comments appreciated) In-Reply-To: <9403280824.AA29993@ nextsrv.cas.muohio.EDU > Message-ID: <199403280847.AAA03880@mail.netcom.com> John Blair says he welcomes comments and criticism, so here goes: > 1) My vision of the Net is utopian, or I would not spell it as I do, > with a capitol N. While the most likely possibility is that the Net > will simply mirror current society, a Net of this structure would fail > to realize its potential as an agent of social change. I often use the term "the Net" as well, but perhaps this usage is skewing our thinking in the very direction we mostly despise: the creation of a monolithic entity, as epitomized in "the" National Information Infrastructure. Perhaps we should be thinking in terms of "many nets," "many communcations channels." Come to think of it, "cyberspace," though sometimes hackneyed (hackerneyed?), captures it best, at least for me. > 3) Current arguments for regulation of cryptography by government > agencies depend on the argument they are maintaining their current > abilities in the brave new world of cyberspace. I argue that even if > this were the case, we have a responsibility to do more than simply > maintain the status quo. This argument can be mapped to possible future > objections by authorities. Not the best one-paragraph argument for crypto I've ever seen. But I don't disagree. > 4) It is the responsibility of the information haves to spread their > knowledge to the information have-nots. A Net which allows the economic > exploitation of information have-nots by those with the information is, > while perhaps profitable, immoral. Information wants to be free. > Knowledge which is not of a personal nature should be freely accessible. I disagree with nearly everything here! If I know how to design circuits, and some "have-not" does not, what is wrong with that? Is knowledge to be made illegal? Are consultants, writers, designers, etc. to be told they cannot use "the Net"? Arghh! Words fail me. Perhaps our ideologies are just too far apart. > 5) Along with these positive potentials, it is possible for the Net > to be constructed in such a way as to allow the formation of the most > powerful authoritarian societies the world has ever seen. The potential > for the death of the Individual, just as for the empowerment of the > Individual, is very real. We must work to prevent totalitarianism. And part of preventing totalitarianism means not interfering with economic transactions made by folks. See how this applies to your point above. > 6) The Net is no better than its users. Current crises of economic > inequality, of homelessness and hunger, will not be affected by the Net > unless we work to change them in pre-Net society. People cannot > participate in a democratic society if they are not educated to a minimal > level required for functioning in that society. This is the crux of our > societal problems, as well as the crux of possible problems with the Net. A platitude. Ditto for "End Hunger Now" and "Save the Dolphins." > 7) It is better to help oneUs fellow human than to hurt. It is > better to give than to receive. Equally, one human has an enormous > capacity to injure and exploit another human. We must decide which > ability we wish to empower, and judge which we actually do. It's OK that you believe this, of course, but I fail to see any real links with what it is we're doing, what crypto and digital privacy is all about, etc. My fear is that these nice thoughts will be used by others, especially politicians, to their own ends. > 8) There are fundamental problems with the structure of society. > Realizing the democratic vision of the Net is a way to re-structure > society. My hope is that this restructuring will create a better > society than the one I know. I recognize it can be worse-- much worse. > With vigilance, it will not be. Be sure you read up on the problems with "democracies." (For the most part, I'm opposed to democracies. Too many issues to go into right now, but I can if there's interest.) > 9) My beliefs are hopelessly utopian. I have faith in democratic > principles to shape society into a more just social hierarchy. This Instead of so much talk of democracy, think of _free choice_. Is "deomcratic input" needed in determining what books get published, what magazines are created and sold, what CDs get produced? No, the "market" decides. Not perfectly, not to everyone's liking, and "injustices" do occur. But far better that the success of a book or a CD depend on customer willingness to buy than that some committee or democratic vote has decreed that 2 Live Crew is not needed. The extension of this notion to cyberspace is both obvious and natural. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rciville at civicnet.org Mon Mar 28 00:10:17 1994 From: rciville at civicnet.org (Richard Civille) Date: Mon, 28 Mar 1994 03:10:17 -0500 (EST) Subject: Summit Coordinates are Coming Message-ID: Good Morning! Please repost on other lists/online communities/community networks you participate in if they are not receiving these announcements. Here's the wave building around the Summit. More coming soon. Stay tuned: * The Summit will take place Tuesday, March 29th from 8:30AM to 5:00 at the Hyatt Regency on Capitol Hill. * Attendance in DC is now over 600 people. We can take no further registrations. * Hundreds email messages and net postings have been generated around the issues the Summit will address, and that's only the materials we've seen on the few lists we can monitor with extremely limited resources. We've heard from teachers in Columbia, network managers in Singapore, Free-Nets in Canada, rural librarians, and citizen advisory groups to state telecommunications initiatives to mention only a few. * About 40 people around the country offered to help organize offline discussion groups. To date, we've received reports from about a dozen so far. At least one group now plans to conduct further NII organizing activities in their state. * Portions of the Summit will be broadcast live in 20 radio markets around the country including major metropolitan areas. We will list the participating radio stations sometime on Monday when the full list is compiled. * Nine foundations and the Administration's Information Infrastructure Taskforce have directly contributed to the event. * There is space on C-Span's Tuesday broadcast schedule for a "public policy conference" but no commitment yet. This is not unusual for C-Span. Please note that there is not a specific commitment from C-Span to carry this event live. This is their normal way of handling events. * The Summit gopher will be announced tomorrow. We are VERY interested in having your organization's gopher server establish a pointer to the Summit gopher. Please let us know if you would like to do this. We will announce the Summit gopher coordinates sometime on Monday. * The Summit Mosaic server will also be announced. * The Summit panels and proceedings will be quickly summarized and posted throughout the day to the Nets, to the Summit gopher and Mosaic servers. We urge you to respond to these summaries with SPECIFIC questions addressed to SPECIFIC panelists. We will do our best to forward several questions per panel into the live discussions. Send you questions and ongoing comments to the Summit at: * Followup activities and organizing efforts have already begun. Please let us know how you would like to get involved. Remember: The public doesn't get the chance to design new infrastructure very often. ----------------------------------------------------------------------- Center for Civic Networking Richard Civille P.O. Box 65272 Washington Director Washington, DC 20035 rciville at civicnet.org (202) 362-3831 ------------------------------------------------------------------------ -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From John.Schofield at f903.n102.z1.fidonet.org Mon Mar 28 04:43:48 1994 From: John.Schofield at f903.n102.z1.fidonet.org (John Schofield) Date: Mon, 28 Mar 94 04:43:48 PST Subject: Digital Cash Message-ID: <2903.2D96C022@mcws.fidonet.org> --====-- Uu> I have always been skeptical of this observer-chip approach, because Uu> it wasn't clear that it was feasible to make a tamper-resistant chip Uu> economically, and because the specialized hardware that would be Uu> required would prevent the system from being used on widely-available Uu> PCs. However, now we see that our military rulers apparently trust Uu> tamper-resistant technology well enough to put it into thousands of Uu> public hands, without fear that even one chip will be opened and read. Uu> Breaking an observer only lets you double-spend the coins it holds, Uu> while breaking Clipper allows you to permanently defeat the escrow Uu> provisions of the whole system. So this suggests that the technology Uu> is adequate for observers. I once asked my grandfather if he was sure he could take apart the tractor he was working on. His response? "A man put it together." Anything one man can do, another can undo--the only variable is the degree of effort required. I'm sure we can make a tamper-resistant chip, but can we make a tamper-proof one? No. Considering the determination and intelligence of some of the people involved, I'm sure that a tamper-resistant chip would be compromised pretty quickly. --John Schofield ... I tried an internal modem, but it hurt when I walked. --- Blue Wave/RA v2.12 -- : John Schofield - via mcws.fidonet.org - Public Access (213)256-8371 : ARPA/INTERNET: John.Schofield at f903.n102.z1.fidonet.org : UUCP: ...!cheshire!mcws!903!John.Schofield : Compu$erve: >internet:John.Schofield at f903.n102.z1.fidonet.org From nobody at soda.berkeley.edu Mon Mar 28 06:02:24 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Mon, 28 Mar 94 06:02:24 PST Subject: Communications Law 302 Message-ID: <199403281402.GAA18286@soda.berkeley.edu> Does anyone know what happened to the banks lovely sytem a while back when New York account holders found out that withdrawls were made twice on their accounts? What happened, did someone actually get creditted with the corresponding debits, or was this another case of an operator putting up a tape twice? -- As an aside, I remember an old wire from some years ago when $58Million was held up by the US with co-operation of European authorities. In case anyone is interested the following was the reult of the legal wranglin'. and is dated 11/93. Forget Clipper, and check out how else they're stickin it to ya. In short they 'seized' data packets, at an intermediary remailer. They have made information seizable **EGADS** -- AN PTS2096146 HL U.S. WINS MAJOR VICTORY ON WIRE SEIZURES DL ESTIMATED INFORMATION UNITS: 4.7 WORDS: 569 DD 11/01/93 SO * Money Laundering Alert (MLAL) Alert International, Inc Vol. 5, No. 2 LP When operatives of the Santacruz-Londono Cali drug cartel were arrested in June 1990 in Luxembourg, a flurry of wire transfers flew from hundreds of cartel bank accounts in Europe. Anticipating the transfers, Luxembourg authorities asked other countries to freeze the money linked to those accounts TX Of the $58 million seized worldwide, $12 million was frozen in New York City banks which had served as "intermediary banks" in the wire transfers. The role of those banks was to credit the accounts of certain correspondent Colombian banks who would then notify the beneficiaries that the funds were available. The banks were instructed by DEA agents to attach all funds on deposit in the names of Cali cartel associates, including "all related entities and individuals," and to say which transfers were destined for beneficiaries in Colombia. Two groups of Colombian clothing exporters filed claims to about $6.5 million of the seized funds saying the money was legitimately earned. They also sued the New York banks for loss of use of their funds and for violation of the Right to Financial Privacy Act and the Electronic Communications Privacy Act (ECPA). Their suits against the banks were dismissed. After a two-month trial last year, the jury found that 18 of the 22 accounts seized were forfeitable. Now, in a case of great importance to the emerging wire transfer battles between the government and the movers of dirty money, the key federal appellate court which rules on issues arising from the New York financial center has given a resounding victory to the government. The Second Circuit Court of Appeals ruled that wire transfers that pass through intermediary banks can be seized even without "alleging facts sufficient to show that specific property is tainted." All the government must show are "facts sufficient to support a reasonable belief that (it) can demonstrate probable cause for finding the property tainted," the court said. By naming the intermediary banks and the beneficiaries, the U.S. described the property with "reasonable particularity." Moreover, the U.S. did not need a warrant for the seizures because the law permits the Justice Department to seize property when it has "probable cause to believe" it is subject to civil forfeiture, said the court. "Because the (transfers were) fungible and capable of rapid motion due to modern technology,...exigent circumstances were present here," said the court, dismissing the claimants' assertions that their constitutional rights had been violated. Likewise, there was no violation of the Right to Financial Privacy Act, said the court, because the claimants did not maintain "accounts" at the banks. The ECPA also provided no relief to the claimants because that law deals with the use of "devices" to "intercept" communications. Here, no devices were used and there was no interception, said the court. The court also ruled than an EFT at an intermediary bank is "clearly a seizable res (thing) under the forfeiture statutes" and that only a "nexus" and not a "substantial connection" between seized property and illegal drug activity must be shown by the government to show probable cause. The case has far-reaching implications since a majority of international wire transfers pass through intermediary banks, many of them in New York. (U.S. vs. Daccarett, Docket Nos. 92-6229 and 6259, 2nd Cir. Ct of App., September 10, 1993). ---Richard M. Lucas, CPA, is a consultant for the Philip Manuel Resource Group and a former IRS Special Agent. COPYRIGHT 1993 by Alert International, Inc. I0607 * END OF DOCUMENT. From talon57 at well.sf.ca.us Mon Mar 28 06:18:54 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 28 Mar 94 06:18:54 PST Subject: Ames/clipper compromised? Message-ID: <199403281418.GAA11694@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Okay here's the scoop on the Ames/clipper bit, from the guy who wrote it. Permission to distribute is granted as long as it is reproduced in it's entirety. Termcomp.zip, the electronic version of TERMINAL COMPROMISE is available for ftp at ftp.netsys.com under /pub/novel for those who asked. - From p00506 at psilink.com Fri Mar 25 08:04:37 1994 Date: Fri, 25 Mar 94 11:01:56 -0500 To: talon57 at well.sf.ca.us From: "Winn Schwartau" Organization: Inter.Pact Subject: Ames/Clipper Connection More About Clipper and Ames by Winn Schwartau March 25, 1994. The Ames/Clipper item I wrote in the Feb. 1994 issue of Security Insider Report has apparently caused quite a hub-bub. The Senate Foreign Relations Committee is looking for more, the general media has picked it up, and the net is buzzing. As a result, I have been asked to put a few words out regarding this story. First of all, it is a story, one that was told to me by a person whom I know well, respect, and was at the actual meeting where the subject of Ames/Clipper was discussed. In RISKS 15.67, Dorothy Denning said that she didn't think that the Clipper Ames story/rumor made sense. While I am sure that the people to whom she spoke told her what she wrote, I was given the story by my source who WAS AT THE MEETING. Does that make it all true? No, it doesn't. And the item in Security Insider Report contained strong caveats at both the beginning and the end of the article. It was NOT printed as 100% accurate: it was printed as I was told it, and it was read and approved prior to publication by the source. I, too, have sought for confirmation, and been unable to find it. So, when Dorothy said she couldn't, that's no surprise. I have enclosed the piece that originally appeared in SIR. I fail to understand Dorothy's inability to accept possibilities and capabilities. That's one of the basic tenets of intelligence and a strong defensive posture. I find it very easy to accept that the intelligence community is considering everything that Ames might have spilled, including Clipper. What is so strange about that? That's their job! In the same issue of SIR, I examined how the FBI used technology to monitor Ames'computer. In the next issue of SIR, I will be looking at Ames' hacking abilities and skills which possibly lend credence to the possi bility that Clipper was compromised. The tale is still unfold ing. "Ames and the Clipper Connection" (From The February, 1994 Issue of Security Insider Report) Let me preface this item with a caveat. I received a call from a very well placed and highly reliable person in Washington who passed on the information. I asked if there was any way I could confirm what he told me, and I was told no. It's too sensitive. Nonetheless, it is so intriguing that SIR readers expect and would want to know what people are thinking about, even if it turns out not to be true. We in our industry deal with possibil ities and capabilities and since this discussion did take place, I'm passing it on as it happened. If this item has any shred of truth to it, well . . . decide for yourself. My contact, we'll call him something original, like 'Joe', was asked to attend a meeting where representatives from the FBI (he wasn't clear if it was the Counter Intelligence 3 [CI-3 from Half Street who keep track of Soviets and Russians] or from FBI HQ), the CIA and the National Security Agency. All told more than a dozen and less than twenty people assembled in an off-site "neutral" location to figure out what to do. It seems, according to a number of people at this meeting, that alleged CIA traitor Aldrich Ames, had access to the Clipper keys. Whoah! I nearly fell off my keyboard when I heard that. "You mean he knew the crypto-secrets behind the whole thing?" I asked. "Why would a Humint [Human Intelligence] guy know the secrets of Clipper?" "He had access to them; it would have been a normal part of his job to be in that loop." So what this group of initialed reps are allegedly attempting to do is: 1. Determine how much access Ames had to Clipper. 2. Determine if he did have access, did he in fact take advantage of it. 3. If he did get some Clipper secrets, is there a record of that access? 4. Then, what did he do with them? The fear, understandably, is that Ames might have compromised the entire Clipper/Capstone/Tessera program. The words I also heard were, "If there's only even a 1% chance that Clipper has been compromised, the whole thing's over. We have to start from scratch." So, according to my sources, the spooks-that-be are looking for a fast alternative to Clipper and Skipjack, under the theory that Ames may have blown the whole wad. Civil libertarians might shout with glee if this turns out to be true, but I think it's a hell of way to win a ball game. Bitter sweet irony. Sure, I'm not in favor it, and I am indeed nervous about 'the other shoe' but this is not the way I wanted Clipper to go away. I repeat: as of today, this is only a story, there is no confir mation. If SIR readers have anything to add, please let us know in any way you can. (C) 1994, Winn Schwartau and Inter.Pact NOTE: As of March 24, 1994, my sources reconfirmed that the story as I told it is 100% accurate. (Security Insider Report is published monthly by Inter.Pact Press, 11511 Pine St., Seminole, FL 34642. Voice: 813-393-6600, Fax 813-393-6361, email wschwartau at delphi.com. Hardcopy sub scriptions are $99/Yr. and electronic site licenses are available for selected organizations.) Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZNPndCcBnAsu2t1AQEsJwQAhLOSV4jLiGgTGNELeZipoXqNTMjUROfo /iCGCKzJJEhk3d25/9jyZsqj7Y0O83j1+oGdqvGB/HyUeHAh/jzNSWwOFaYhBpqJ kWIIjt9YNSRBc+e7ua1bKOD6ZajYw1aOyot8yCjwO0GSZwXdWQHWgd2TkTFobHvH 8CN9hjQ84gs= =x6t+ -----END PGP SIGNATURE----- From smb at research.att.com Mon Mar 28 06:48:18 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 28 Mar 94 06:48:18 PST Subject: Ames/clipper compromised? Message-ID: <9403281448.AA14338@toad.com> Thanks much for posting. I have a lot of trouble with much of the article, though, on purely technical grounds. Consider the following passage: The words I also heard were, "If there's only even a 1% chance that Clipper has been compromised, the whole thing's over. We have to start from scratch." What does it mean to ``compromise'' Clipper? The algorithm is known? No big deal, in my opinion -- Skipjack was almost certainly designed to be strong even if the algorithm was known. (As I've said before, I tend to believe NSA on that point. I suspect they're telling us the truth about Clipper -- just not the whole truth -- and what they've said is damning enough even if 100% accurate.) It's also quite unlikely that Ames would ever have seen the algorithm; it's just not something he'd have any reason to know. Might he have stolen the family key? More plausible, though again it's not something that would be left lying around, as opposed to being embedded in equipment. Could he have turned over a magic decoder box, which would have to know that key? Not at all unreasonable -- and the decoder boxes are at a sufficiently early stage of design that they may not yet be armored against tampering. But from everything that's been published, very few Clipper chips have been deployed so far. It would not be a major project to recall and rekey the devices. Copies of the key escrow databases? Same argument applies -- though if that's what was stolen, we have to ask how he had access to ``both'' of them. I don't believe there have ever been any categorical statements about how FISA access to Clipper conversations would be obtained. See above under ``whole truth''... It may be, of course, that the episode has made the powers that be wonder about the wisdom of keeping any such keys around. There's been a very strong trend in recent years to avoid *any* sort of cryptography where session keys live anywhere but inside sealed boxes, precisely to avoid key theft. (See Diffie's retrospective on public key technology for more detailed discussion and some examples.) And it's also why the government doesn't want to use Clipper -- as opposed to Skipjack -- for classified information. So -- if the story is true, just what did Ames steal that would require them to ``start over from scratch''? Is there another back door? That's the only thing I can think of that would require such an action -- which means that if they do hold off, there's a new topic to explore via FOIA requests and the like. --Steve Bellovin From frissell at panix.com Mon Mar 28 07:48:24 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 28 Mar 94 07:48:24 PST Subject: NSA in the WSJ Message-ID: <199403281548.AA15995@panix.com> From: The Wall Street Journal, Tuesday March 22, 1994, p. B1 TECHNOLOGY Clipper Chip Is Your Fried, NSA Contends NSA Seeks to Dispel Misgivings of Public About Clipper Chip By Bob Davis Staff Reporter of The Wall Street Journal. FORT MEADE, Md. --- The National Security Agency wants everyone to know that its new computer-security system will protect individual privacy. But as the spy agency knows, hardly anyone believes that. Critics fear the government will use the NSA technology, designed in secret, to spy on Americans. The project "is a focal point for the distrust of government," acknowledges Clinton Brooks, the NSA scientist who led the so-called Clipper Chip project, in the agency's first interview on the subject. The Clinton administration last month adopted the NSA plan for a series of computer chips that would protect telephones and computers. Use of the technology would be voluntary. Federal agencies would adopt it first, and public use is expected to spread gradually. Under the plan, cryptographic "keys" that could unscramble the communications would be split in two and held separately at the Treasury Department and the National Institute of Standards and Technology. That way, law-enforcement agents could tap the communications by getting court authorization to obtain the two halves. The idea is to boost security but to keep the technology out of the hands of criminals and spies. The NSA is the world's biggest eaves-dropper. Equipped with the latest in super-computers and satellite receivers, it targets communications by foreign governments. The agency shuns publicity but agreed to the interview to explain its role in the Clipper controversy and try to dispel fears. Mr. Brooks, a 26-year veteran of the NSA, says the project began in 1989 and cost more than $2.5 million. He says the NSA is consumed with what it calls the "equities problem" --- how to balance privacy rights against the needs of law enforcement, national security and private industry. In 1989, he and Raymond Kammer, deputy director of NIST, began discussions about how to improve computer security without making it impenetrable to police. NIST is a Commerce Department agency with formal responsibility for unclassified computer security. Before the interview, Mr. Brooks takes a look around a small cryptographic museum just outside the NSA's gates. He stands before an exhibit of Enigma machines, used by the Germans during World War II to encrypt messages --- and later broken by Allied intelligence. Enigma started as a commercial product; recognizing its military value, the Nazis pulled it off the market. "That was the concern we're wrestling with today," Mr. Brooks says --- commercial encryption technology becoming so good that U.S. spy agencies can't crack it. In 1989, NIST and the NSA put together an eight-person team, split evenly between the agencies, to quietly work out security concepts. The team decided against using a weak encryption code --- "Roman Numeral One is that it had to be good security," says Mr. Brooks. And it also rejected a so-called trapdoor approach, in which the computer code would be designed so it would have a weak spot --- a trapdoor --- that federal agencies could enter via computer to tap the communications. Someone else could discover the trapdoor, they decided. The team settled on a system with a powerful encryption formula, called an algorithm, and encryption keys that would be held by outsiders. Law- enforcement agencies could get copes of the keys when they needed to bug the conversations. The toughest decision, both Mr. Brooks and Mr. Kammer say, was to keep the algorithm, dubbed the Skipjack, secret. That meant the public wouldn't know for sure whether the NSA had inserted a trapdoor or some other eavesdropping device. "It would defeat the purpose [of the project] if we gave the knowledge of how the algorithm worked" to the public, says the 56-year-old Mr. Brooks. "It was going to have to be kept classified." Otherwise, he explains, engineers could use the algorithm to design computer-security systems that the government's encryption keys couldn't unlock. By 1990, he says, as many as 30 NSA "cryptomathematicians" and other employees were working to perfect the algorithm and other features. A year later, the NSA launched what it called the Capstone Project to build the algorithm into a computer chip. The NSA contracted with Mykotronx Inc., a small company in Torrance, Calif., to do much of the development. By September 1992, the NSA was confident the system would work. None too early for the NSA. Earlier that year, Mr. Brooks says, American Telephone & Telegraph Co. informed the NSA that it wanted to sell a phone using a popular encryption technology to scramble conversations. The NSA balked. "We said it probably wouldn't get an export license from this country," Mr. Brooks says. Instead, AT&T was told of the Capstone work and agreed to use the technology if it became a federal standard and was exportable, he says. The NSA then took some of the functions of the Capstone chip and tailored it to phone equipment, calling the resulting product the Clipper Chip. For computers, Capstone was encased on a computer card that became known as Tessera. The the Bush administration, enmeshed in a re-election bid, never pushed Capstone. So shortly after the election, National-security heavyweights importuned the Clinton transition team to move quickly on Capstone. Just weeks after the inauguration, the new administration's national-security team was debating the NSA proposal and in April announced to the public that it would adopt the scheme. Last month, the administration gave the final go-ahead --- despite withering criticism from industry. Vice President Gore called encryption a "law and order issue." NIST's Mr. Kammer says the new administration was also trying to line up backing among national-security officials to liberalize export controls on computer equipment and other high-tech gear. The high-tech industry was stunned at the decision. David Peyton, vice president of the Information Technology Association of America, a trade group of computer companies, says the scheme will dangerously centralize power in the federal government and will limit exports. James Bidzos, president of a computer-security firm, RSA Data Security Inc., goes further. He posted a letter on the Internet computer network arguing that Clipper may be the "visible portion of a large-scale covert operation on U.S. soil by NSA." Nonsense, responds Mr. Brooks, who says he is distressed by the "emotionalism" of the arguments. "The only reason we're involved is that we have the best cryptomathematicians in the country." --- WinQwk 2.0b#1165 From frissell at panix.com Mon Mar 28 07:55:51 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 28 Mar 94 07:55:51 PST Subject: Communications Law 302 In-Reply-To: <199403281402.GAA18286@soda.berkeley.edu> Message-ID: On Mon, 28 Mar 1994 nobody at soda.berkeley.edu wrote: > Does anyone know what happened to the banks lovely sytem a while > back when New York account holders found out that withdrawls were > made twice on their accounts? > > What happened, did someone actually get creditted with the > corresponding debits, or was this another case of an operator > putting up a tape twice? There was a software error in a switchover to a new ATM operating system that caused double withdrawals. They fixed it and refunded the money within two days. The bank got the float. DCF From sommerfeld at orchard.medford.ma.us Mon Mar 28 08:20:41 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 28 Mar 94 08:20:41 PST Subject: Ames/clipper compromised? In-Reply-To: <9403281448.AA14338@toad.com> Message-ID: <199403281617.LAA00278@orchard.medford.ma.us> The words I also heard were, "If there's only even a 1% chance that Clipper has been compromised, the whole thing's over. We have to start from scratch." What does it mean to ``compromise'' Clipper? The algorithm is known? Yeah.. this doesn't completely add up unless (a) the source is lying or (b) there's a "blatant" back door. If the algorithm becomes known at this stage in the game, they can probably "easily" generate a modified SKIPJACK algorithm (changing the S-boxes or equivalent), a new family key, and a subtle variation on key generation. They might not even need to re-spin the chip design if, as they claimed, the critical parts of the algorithm are programmed into the chip after fabrication. BTW, my guess at the most likely back door is that the unit keys will be generated as a cryptographic function of the serial number and a *small* random number generated for each chip and unknown to the agency. They would have to search a mere 2**16..2**32 keys once they get the serial number out of the LEEF. The existance of such a backdoor would be difficult to prove, since there would be no visible evidence for it in the individual chips. It is also difficult to disprove such a theory because the clipper key generation algorithms are classified. - Bill From habs at warwick.com Mon Mar 28 10:02:09 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Mon, 28 Mar 94 10:02:09 PST Subject: FOIA, Clipper & NSC (National Security Council) Message-ID: <9403281601.AA00749@warwick.com> Hi, THere was a wire service report over the weekend that the Clinton Administration, is moving to prevent any doc- ments, etc. created by the NSC (National Security Council) from being subject to FOIA. I wonder, vis-a-vis, Glimore's FOIA for Escrow keysd, if they will move to make NSC a Key holder. Anyway, i thought it was worth mentioning. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From phantom at u.washington.edu Mon Mar 28 10:16:54 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Mon, 28 Mar 94 10:16:54 PST Subject: Ames/clipper compromised? Message-ID: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) : >BTW, my guess at the most likely back door is that the unit keys will >be generated as a cryptographic function of the serial number and a >*small* random number generated for each chip and unknown to the >agency. They would have to search a mere 2**16..2**32 keys once they >get the serial number out of the LEEF. The existance of such a >backdoor would be difficult to prove, since there would be no visible >evidence for it in the individual chips. It is also difficult to >disprove such a theory because the clipper key generation algorithms >are classified. I just read a paper that might apply to this type of backdoor; it was by someone at RSA, with the title "..RSA's trapdoor can be broken". I'll look the article up when I get home. Basically, it argued that the smaller keyspace generation approach used above would be detectable. I think it might be generally applicable. I'll look it up again. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From rishab at dxm.ernet.in Mon Mar 28 10:27:18 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 28 Mar 94 10:27:18 PST Subject: No Subject Message-ID: <9403281825.AA18524@toad.com> Does anyone know of a utility to crack Lotus 123 files? Someone's lost their password. I believe 123's encryption is very primitive... Ideally the utility should be ftp-able. Thanks ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From cowen at glia.biostr.washington.edu Mon Mar 28 10:27:21 1994 From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu) Date: Mon, 28 Mar 94 10:27:21 PST Subject: No Subject Message-ID: <9403281838.AA27928@glia.biostr.washington.edu> hello folks i have been trying to ge the non-net folk to fight against clipper and all other such methods of the gov't to surpress the freedom to talk to anyone at anytime without other listening in on things so my finacee wi going ot give a short series of speachs to her speech class. anyone can do this, talk out loud to the public tell your non net friends, tell everyone. also ..... help anyone who has a list of article or topics that can be looked up in serial lititure to use for this purpose, please e.mail me the info or post it so others can gain the infomation to use to fight those who would take our rights from us. charles the monster maker From wcs at anchor.ho.att.com Mon Mar 28 11:37:57 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 28 Mar 94 11:37:57 PST Subject: Ames/clipper compromised? Message-ID: <9403281936.AA22601@anchor.ho.att.com> > sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) : > > >BTW, my guess at the most likely back door is that the unit keys will > >be generated as a cryptographic function of the serial number and a > >*small* random number generated for each chip and unknown to the > >agency. They would have to search a mere 2**16..2**32 keys once they > >get the serial number out of the LEEF. The existance of such a > >backdoor would be difficult to prove, since there would be no visible > >evidence for it in the individual chips. It is also difficult to > >disprove such a theory because the clipper key generation algorithms > >are classified. Key generation is one of the obvious backdoors; the wrinkle of making the random number space from the keymasters small enough to search is interesting, especially because they only need one key per batch to validate whether they've got the right guess. My original reaction to the version described by Dorothy Denning was that it wouldn't be very hard to *steal* the key-generating keys the keymasters bring to the key-generation charade in the vault, either physically or by leaking them out in generated keys or something. Now that they've announced they're changing the script for the charade, who knows how easy it will be? They've certainly announced no plans for validation of the key-generation software design or implementation. Matt Thomlinson writes: > I just read a paper that might apply to this type of backdoor; it was by > someone at RSA, with the title "..RSA's trapdoor can be broken". I'll No, that's a different argument; it's (name forgotten) vs Kaliski, where the proposed method turns out to take as much work as factoring and therefore doesn't rate as a backdoor. Bill Stewart From gtoal at an-teallach.com Mon Mar 28 11:51:30 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 28 Mar 94 11:51:30 PST Subject: Ames/clipper compromised? Message-ID: <199403281950.UAA26424@an-teallach.com> -----BEGIN PGP MESSAGE----- Version: 2.3a hDwCGdGCGGWZy6cBAYCPiXcz5ctEz94mdPtX61gZq+2SQ88KwxnZezWUSiKmoWJl 84rtXriiBCWdDLbzvoOmAAADPf3WFXVerqP8JuEJ3qj+6UCY1yEZVvhQ1BPvQUBV n6SyT6HQCOGs9eV1HZyVyORnhRWWYdu2QWM8I6WYOOzRrQi1oZnaZ+9MW9+hOL9I Y+uWAomkdkwV36rmj0eYoai7nQ7g2MPhIRc3VNokQeLBTOjMAsOrYjrOFKh+fQ8j FSQRZPy2B9EnzqFMn4xmgAt8XD+OeSOuXJXZIYp6WGllnzn4VasaUc9AIs/2mDBi tz4nIk7qc6HVzfOPeQvY/sng6jjwkFMCKCHv6IcSTFXs1wxxLpgLmJKjmA/uSD+D 5GPjguC+kH/7LkogRqIFRyd7SjhMXt9p9TFImBIXChqYtDXLp9PN8FkxeClUpsHx /JUOPYm7nU7HAc3yiBnxeP0wipGi0hpU+gxkBe/WL8zJKVMTZtpIhpMBdC45uGuH q41Mo/y/qCsgRZ4Hr/HEHJvCi7j40gJr/NlgPlE5cgsIMWGrk46kwoLcOC9AcPCv zyaAuzfDs9yV2sgzhS3Z072lEfolBsHZz6g255w1eokLglet+qgsIBYihnzWi+w1 IK3HjssvoA/YSSFDrvWgEOb50p0z+l7AE8EYdAeFNfXdTd2wcdKmlrMuIXm5U8uC aAVIrofnlgHvnmm5XWC2miN/uoeY7cefZwCSaGVRpEllYhut7N0yvCk+VHgXIITS wz98h0zMnh8rBV/dQaP2AB90/im14Bw0V8KVQKSlKV6FAxO2lmNzN1gwSZ0AQfgC avNXXCD6nFdVtShY7S+rHk1d4SX2TJ4e2MWMHqO3v0EwQyGoluiiKA+/CAjaAfc3 jiQi2Xm0mtGaWJLHs5aKqvZGPZ36reZmbo9M3aPbB4/1tPDoz42LKPB4AGbxawmH VVQCaD0lBG3Aav16uaCj9V/c/qY8tba1vdOF1f9ndVhlsPeOFjFEvpRr7IsqsoEv uLe3W76O0Hi2xDyDsgzWQFjnF+gdNYHxllJUE5N2paK/BOi11jSv2WTmn+tfOqSc BpZAmt3T5Np7YdzBu69ghdb88r4BN6NvwN7+AOKVuaYcZx+ADUKJMFcMXOoriFN2 qUr8TAV2ziFvHcCH7P2RD4ezr6sz0gFIzdLIgcYdnOs= =6Jfg -----END PGP MESSAGE----- From gtoal at an-teallach.com Mon Mar 28 11:58:59 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 28 Mar 94 11:58:59 PST Subject: Very funny, Polyanna :-( [namespace pollution] Message-ID: <199403281958.UAA26598@an-teallach.com> Grrr. I use a mailer here (that I'm developing) that automatically encrypts outgoing mail for user X if "" can be found in my pgp keyring. Unfortunately some comedian has published the key below... Type bits/keyID Date User ID pub 384/99CBA7 1992/11/15 Polyanna, c/o 1 key(s) examined. so if I use this mailer when posting to cypherpunks, it gets encrypted for this idiot. I guess this is something we mailer writers will just have to allow for. Looks like I'm about to add a stop-list... (removing it from the keyring won't be good enough, because next feature planned for my mailer is to look up the fingerable key-server if it isn't found locally...) G From pcw at access.digex.net Mon Mar 28 11:59:33 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 28 Mar 94 11:59:33 PST Subject: Ames/clipper compromised? Message-ID: <199403281959.AA15098@access3.digex.net> I spoke with D. Denning last week and she told me that she was not going to CFP because they had a Clipper Review Panel meeting. She said she wanted to get a chance to go out to Mykotronix and check out the vault. -Peter Wayner From adam at bwh.harvard.edu Mon Mar 28 12:03:19 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 28 Mar 94 12:03:19 PST Subject: personal manifesto (comments appreciated) In-Reply-To: <199403280847.AAA03880@mail.netcom.com> Message-ID: <199403282002.PAA17903@bwface.bwh.harvard.edu> I don't think the net will ever be a huge monolithic entity. I suspect it will continue to be very much like the phone system. There are PBX's and large switches, some in and some out of the US. Some are owned by governments, some by schools, some by large companies. There is no monolithic "phone system," but many. Almost no one thinks about them. Adam Tim wrote: | John Blair says he welcomes comments and criticism, so here goes: | | > 1) My vision of the Net is utopian, or I would not spell it as I do, | > with a capitol N. While the most likely possibility is that the Net | > will simply mirror current society, a Net of this structure would fail | > to realize its potential as an agent of social change. | | I often use the term "the Net" as well, but perhaps this usage is | skewing our thinking in the very direction we mostly despise: the | creation of a monolithic entity, as epitomized in "the" National | Information Infrastructure. Perhaps we should be thinking in terms of | "many nets," "many communcations channels." Come to think of it, | "cyberspace," though sometimes hackneyed (hackerneyed?), captures it | best, at least for me. -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From talon57 at well.sf.ca.us Mon Mar 28 12:50:52 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 28 Mar 94 12:50:52 PST Subject: Ames/clipper compromised? Message-ID: <199403282050.MAA03159@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I remember awhile back someone posted some clipper documents that were released under FOIA as I recall. The thing that struck me was that the NSA was refering internally to clipper as "The Trapdoor chip." Why refer to it as such if there is no back door? If anyone has the documents I'm refering to handy, please repost, (or I'll have to dig them out!) Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T"--James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZdBc9CcBnAsu2t1AQHJZwP/f49BBtg/Gts4C4X0MdhzJ0UUUoSVDY4B wO0Ib44dTx/i00M3P/v1Q1xTcfyEXIRQaJmvp7xXPmjHAd6GPZaeW0Ag8hmvDAel DMmVLAAnaGP7Jmj2gSE7N2do/p80aY6IMzBwD3rI4glbns2kq0/kLjrLosXLK/c4 S3zjwR2wYVA= =mfh0 -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Mon Mar 28 13:01:56 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Mon, 28 Mar 94 13:01:56 PST Subject: Bruce Sterling's Speech Message-ID: <9403282105.AA02307@ nextsrv.cas.muohio.EDU > I greatly enjoyed Bruce Sterling's speec/rant/assessment of the entire CFP conference on Saturday afternoon. Does anybody know if he will be posting the text of that speech on-line (as he has of other presentations he has made) or if somebody w/ access to one of the tapes of the speech will post a transcription? If someone can get me a bootleg, I would be willing to do the typing. -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From hfinney at shell.portal.com Mon Mar 28 13:17:01 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 28 Mar 94 13:17:01 PST Subject: Magic Money simplification Message-ID: <199403282117.NAA23951@jobe.shell.portal.com> In my posting about remailer abuse, I mentioned a point in passing re Magic Money that perhaps deserves a more explicit mention. Presently, Magic Money has each user create a special public key just for use by that program. When MM sends a message to the bank, it includes a copy of the user's public key. Then, when the bank sends the return message, it encrypts it with that key. (Messages to the bank are also encrypted with the bank's public key.) Last night it occured to me that this encryption may not be necessary. Messages to the bank are of the form f(x)*r^e, where f is a one-way function, x is the coin's serial number, r is a random blinding factor, and e is the bank's public exponent for this denomination. The bank signs this by taking it to the d power, were d is the RSA-inverse of e, and sends back f(x)^d * r. It looks to me like these two messages are secure even without being encrypted with the user's or bank's public key. r, and r^e, both act as one-time-pads, blinding the underlying f(x) or f(x)^d value perfectly. This blinding, of course, is what prevents the bank from linking up withdrawn cash from spent cash. But it should serve just as well to prevent an eavesdropper from stealing the cash. If someone manages to get f(x)^d * r, this is of no value to them if they don't know r. Since only the original sender knows r, this message can be sent in the clear. Similar logic applies to the message from the user to the bank. If this argument holds up, the usage of Magic Money can be simplified considerably. The user should no longer have to create a special public key. Nor should he need to know the bank's public key. All he needs to get started is the email address of the bank, to which he can send the standard initialization query message which causes the bank to send back information about the exponents and denominations used, as well as the name of the money. Of course, when users send actual un-blinded coins amongst themselves as payment, those transmissions need to be encrypted or done via some secure channel. But MM never concerned itself with those. It was only involved with messages to and from the bank, and for these it seems to me that encryption is not necessary. Hal From sandfort at crl.com Mon Mar 28 13:24:27 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 28 Mar 94 13:24:27 PST Subject: INTERNET CONNECTIONS IN JAPAN Message-ID: C'punks, A quick question to help an international friend: Does anyone on the list know anything about getting a (cheap, if possible) Interenet connection in Japan? Please let me know by private e-mail if you have any information. Thanks, S a n d y From sameer at soda.berkeley.edu Mon Mar 28 13:42:38 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Mon, 28 Mar 94 13:42:38 PST Subject: Very funny, Polyanna :-( [namespace pollution] In-Reply-To: <199403281958.UAA26598@an-teallach.com> Message-ID: <199403282141.NAA23334@soda.berkeley.edu> > > Grrr. I use a mailer here (that I'm developing) that automatically > encrypts outgoing mail for user X if "" can be found in my > pgp keyring. Unfortunately some comedian has published the > key below... > > Type bits/keyID Date User ID > pub 384/99CBA7 1992/11/15 Polyanna, c/o > 1 key(s) examined. > > so if I use this mailer when posting to cypherpunks, it gets > encrypted for this idiot. I guess this is something we mailer > writers will just have to allow for. Looks like I'm about > to add a stop-list... (removing it from the keyring won't > be good enough, because next feature planned for my mailer > is to look up the fingerable key-server if it isn't found locally...) > Keep up the good work in writing that mailer. I think a stoplist is good for more than just jokers such as above. There are those who have published pgp keys but they don't have an easy-mchanism for reading pgp messages, so most mail to them shoulnot be encrypted. From mech at eff.org Mon Mar 28 13:49:37 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 28 Mar 94 13:49:37 PST Subject: URGENT: NII Summit announcement - don't miss out! Message-ID: <199403282149.QAA17628@eff.org> Tomorrow, March 29, the NII Summit begins in DC. This is an announcement that should be of relevance to anyone interested but unable to attend, as you can still participate "virtually". Get your word in NOW. EFF will probably be providing links to the Summit gopher and web server via gopher.eff.org 1/Alerts, and via http://www.eff.org/ Forwarded message: From sameer at soda.berkeley.edu Mon Mar 28 13:52:48 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Mon, 28 Mar 94 13:52:48 PST Subject: Chaumian digicash papers Message-ID: <199403282152.NAA24576@soda.berkeley.edu> Pardon the faq, but where can I find by ftp Chaum's papers/articles/etc on digicash? Pointers to wother works on the subject would be appreciated as well. Thanks. From jim at rand.org Mon Mar 28 13:59:39 1994 From: jim at rand.org (Jim Gillogly) Date: Mon, 28 Mar 94 13:59:39 PST Subject: Ames/clipper compromised? In-Reply-To: <199403282050.MAA03159@well.sf.ca.us> Message-ID: <9403282159.AA10013@mycroft.rand.org> > Brian D Williams writes: > I remember awhile back someone posted some clipper documents that > were released under FOIA as I recall. The thing that struck me was > that the NSA was refering internally to clipper as "The Trapdoor > chip." Why refer to it as such if there is no back door? Those letters made it clear the "trapdoor" was the escrow, and the internal debate was over whether the existence of the escrow would be made public. So far it's been NSA's consistent public position that the escrow is the only way in... and from the FOIA, that's evidently what they're telling the President also. Most days I'm pretty sure I believe that there aren't any known gotchas in the Skipjack algorithm. If they can really get the escrow, it's ever so much cheaper than doing real cryptanalysis. As Carl Ellison and others point out, that's really one of the big dangers -- if LE doesn't have to break Skipjack to read the traffic, neither do the attackers... and breaking the escrow is probably much cheaper than breaking the algorithm. My position is that Clipper is iniquitous whether or not there's a[nother] trap door. Jim Gillogly Mersday, 6 Astron S.R. 1994, 21:58 From jim at bilbo.suite.com Mon Mar 28 15:07:01 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 28 Mar 94 15:07:01 PST Subject: cfp '94 transcript Message-ID: <9403282300.AA25661@bilbo.suite.com> ----------- [...] (Unknown) My name is Barbolin (?) from GRC (?). I have a question concerning the algorithm that is used in the Clipper Chip, Skipjack..[]..There is a certain amount of conjecture that in fact the algorithm contains a deliberately encoded weakness that will allow the NSA, without access to the escrow keys, to be able to intercept communication in their mission to monitor on- shore and off-shore communications..[].. BAKER I'll answer it yes or no if you'll tell me exactly the question. UNKNOWN Does it or does it not contain a weakness that allows you to intercept the communications without access to the escrow keys. BAKER No. ----------- ObNit: As has been said before by others, there's more to Clipper/EES than just the Skipjack algorithm. I think simply asking if "the [Skipjack] algorithm contains a deliberately encoded weakness" leaves too much room for a "truthful" No answer. People have posted descriptions of mechanisms that could be used to leak key information which do not rely on a deliberately weakened encryption algorithm. (depends on how broadly you define "algorithm"). A better question to ask would be... Are there any software or hardware mechanisms, or combinations of software and hardware mechanisms, present in the Clipper/EES system that supports or enables decryption of intercepted Clipper/EES communications without access to escrowed unit keys? Does that cover it well enough? Jim_Miller at suite.com From ejohnson at pmip.dist.maricopa.edu Mon Mar 28 15:17:38 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Mon, 28 Mar 94 15:17:38 PST Subject: Shirt project Message-ID: <199403282317.QAA10939@pmip.dist.maricopa.edu> Crypto Political Action Sportware... Is anyone interested in a T-shirt with the swoosh Big Brother Inside front, and maybe a !Key Escrow (RSA button style; red circle and slash over the words Key Escrow)? Would be a real conversation piece with non-crypto friends, I would think. I recently heard another great idea for a shirt: 1 9 8 4 "We're behind schedule." National Security Agency I think I'll do at least a few for myself and friends, if no one else is interested. Also, reply directly to me (and *please* don't cc: the list), so I can get an idea of how many to order, if I do this. If it's already been done, I would like to know about that also. "Shirt orders" sent to the list will be ignored... --Eric --- Eric Johnson ejohnson at names.maricopa.edu Maricopa Community Colleges, Tempe AZ 602-731-8919 From sinclai at ecf.toronto.edu Mon Mar 28 15:29:21 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Mon, 28 Mar 94 15:29:21 PST Subject: cfp '94 transcript In-Reply-To: <9403282300.AA25661@bilbo.suite.com> Message-ID: <94Mar28.182902edt.15026@cannon.ecf.toronto.edu> > UNKNOWN Does it or does it not contain a > weakness that allows you to intercept the communications without > access to the escrow keys. > > BAKER No. > ----------- > ObNit: As has been said before by others, there's more to > Clipper/EES than just the Skipjack algorithm. I think simply asking > if "the [Skipjack] algorithm contains a deliberately encoded > weakness" leaves too much room for a "truthful" No answer. I'm not sure what the NSA policy is on this. However, at that same conference Jim Settle from the FBI told us plainly that he is allowed to lie, and that the courts have confirmed this right. I doubt Baker would have confessed to a back door even if one existed and the question was complete. From jim at bilbo.suite.com Mon Mar 28 15:36:46 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 28 Mar 94 15:36:46 PST Subject: cfp '94 transcript Message-ID: <9403282329.AA26046@bilbo.suite.com> SINCLAIR DOUGLAS writes: > I'm not sure what the NSA policy is on this. However, at > that same conference Jim Settle from the FBI told us > plainly that he is allowed to lie, and that the courts have > confirmed this right. I doubt Baker would have confessed > to a back door even if one existed and the question was > complete. > Ah, of course. What was I thinking? After all, this is a national security issue we're dealing with. I guess my idealism is showing again. Jim_Miller at suite.com From smb at research.att.com Mon Mar 28 15:37:52 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 28 Mar 94 15:37:52 PST Subject: Ames/clipper compromised? Message-ID: <9403282337.AA21652@toad.com> If the algorithm becomes known at this stage in the game, they can probably "easily" generate a modified SKIPJACK algorithm (changing the S-boxes or equivalent), a new family key, and a subtle variation on key generation. They might not even need to re-spin the chip design if, as they claimed, the critical parts of the algorithm are programmed into the chip after fabrication. Of course, we now know that changing the DES S-boxes isn't necessarily easy. Without knowing the details of Skipjack, we can't even start to evaluate it. BTW, my guess at the most likely back door is that the unit keys will be generated as a cryptographic function of the serial number and a *small* random number generated for each chip and unknown to the agency. They would have to search a mere 2**16..2**32 keys once they get the serial number out of the LEEF. The existance of such a backdoor would be difficult to prove, since there would be no visible evidence for it in the individual chips. It is also difficult to disprove such a theory because the clipper key generation algorithms are classified. The review committee will be looking at the key generation mechanism, according to Steve Kent. Not as good as publishing it, of course, and -- if they're honest -- there would seem to be a lot less reason to keep it secret than there is for Skipjack. (I don't like Skipjack being secret, but at least the ostensible reason is quite sensible, given their motivations.) A useful exercise for this group might be to compile a list of questions that they *should* answer if they're playing it straight. These could be forwarded to the review committee, too. If we come up with a good list, I'm willing to submit it to them. For that matter, I'll submit it to one of the gentleman from NSA who gave the Clipper presentation at Bell Labs. (But I won't bother sending in ``when did you stop beating your spousal equivalent unit'' questions; there's no point to doing that in this venue.) Question 1: What is the unit key generation algorithm? If it is classified, justify the decision with reasoning at least as persuasive as the reason Skipjack is classified. Question 2: Ditto for the device serial number. Any more? From Marianne.Mueller at Eng.Sun.COM Mon Mar 28 15:41:24 1994 From: Marianne.Mueller at Eng.Sun.COM (Marianne Mueller) Date: Mon, 28 Mar 94 15:41:24 PST Subject: words, words, words: debate at Stanford on March 30 Message-ID: <9403282340.AA21424@puffin.Eng.Sun.COM> I guess Oxford style debates are all the rage. with apologies if this already showed up on the list, mrm ----- Begin Included Message ----- From: ceh at leland.Stanford.EDU (Carey Heckman) Newsgroups: su.school.gsb.events Subject: Encryption, Digital Communications Debate, 3/30 5:30 pm Date: 23 Mar 1994 11:20:05 GMT Organization: Stanford University, CA 94305, USA Sender: ceh at leland.stanford.edu NNTP-Posting-Host: cardinal.stanford.edu ENCRYPTION AND DIGITAL COMMUNICATIONS: LAW ENFORCEMENT OR PRIVACY? An Oxford-Style Debate J. Kent Walker, Jr. (Stanford Law '87) Assistant U.S. Attorney and Coordinator, High-Tech Task Force Marc Rotenberg (Stanford Law '87) Washington Director, Computer Professionals for Social Responsibility Wednesday, March 30, 1994, 5:30 PM Stanford Law School, Room 290 Light Refreshments Served This debate brings together two nationally prominent experts in this area. You won't want to miss the verbal fireworks and the opportunity to learn more about this important question. Background ========== The Clinton Administration is promoting use of the Clipper Chip technology that provides encryption, but in a form that law enforcement can unscramble. It also backs legislation requiring design of digital communications networks so ongoing surveillance will be feasible. Law enforcement officials argue that these proposals are necessary to protect society from criminals and preserve important investigative tools. Privacy advocates contend that these proposals grant broad new powers to law enforcement agencies and diminish protection for future users of the National Information Infrastructure. Sponsored by the Stanford Law and Technology Policy Center and the Stanford Law and Technology Association. Additional Information ====================== Contact the Stanford Law and Technology Policy Center by email (Law.Tech.Policy at forsythe) or telephone (5-7788). From mnemonic at eff.org Mon Mar 28 15:48:12 1994 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 28 Mar 94 15:48:12 PST Subject: cfp '94 transcript In-Reply-To: <94Mar28.182902edt.15026@cannon.ecf.toronto.edu> Message-ID: <199403282347.SAA21170@eff.org> > I'm not sure what the NSA policy is on this. However, at that > same conference Jim Settle from the FBI told us plainly that > he is allowed to lie, and that the courts have confirmed this > right. I doubt Baker would have confessed to a back door even > if one existed and the question was complete. Exactly right. The FBI may lie to you, but you may not lie to them (see 18 USC 1001). --Mike From sandfort at crl.com Mon Mar 28 16:43:31 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 28 Mar 94 16:43:31 PST Subject: cfp '94 transcript In-Reply-To: <9403282300.AA25661@bilbo.suite.com> Message-ID: C'punks, On Mon, 28 Mar 1994, Jim Miller wrote: > . . . > > A better question to ask would be... > > Are there any software or hardware mechanisms, or combinations of > software and hardware mechanisms, present in the Clipper/EES system > that supports or enables decryption of intercepted Clipper/EES > communications without access to escrowed unit keys? > > Does that cover it well enough? I don't think so. There might be some aspect of the "escrowed" keys that would allow them to be accessed from duplicates or some other end run. The question should include inquiries that address the accessibility of the keys outside of the "warrant issued upon a showing of probable cause" view that many people have fallen for. S a n d y From swalters at freenet2.scri.fsu.edu Mon Mar 28 16:47:19 1994 From: swalters at freenet2.scri.fsu.edu (Sam Walters) Date: Mon, 28 Mar 94 16:47:19 PST Subject: please ignore this test message Message-ID: <9403290037.AA07907@freenet3.scri.fsu.edu> this is a test message. asdf;ljkasdfkl;asdfj asjdkl;flasdl;jkasdl; as;dlfsa;lasdfl; -- From jdblair at nextsrv.cas.muohio.EDU Mon Mar 28 17:12:19 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Mon, 28 Mar 94 17:12:19 PST Subject: Shirt project In-Reply-To: <199403282317.QAA10939@pmip.dist.maricopa.edu> Message-ID: <9403290115.AA03595@ nextsrv.cas.muohio.EDU > > > Crypto Political Action Sportware... > > Is anyone interested in a T-shirt with the swoosh Big Brother Inside > front, and maybe a !Key Escrow (RSA button style; red circle and > slash over the words Key Escrow)? Would be a real conversation > piece with non-crypto friends, I would think. I recently heard > another great idea for a shirt: > > > 1 9 8 4 > > "We're behind schedule." > National Security Agency > > The "1984" T-shirt was suggested by one of the NSA reps at the CFP conference. I started puting one togethor. Several of my friends at CFP were interested in the design. I thought that on the back I might make a list of government policies which are eroding civil rights. I'll make a GIF available if anyone is interested. -john. From phantom at u.washington.edu Mon Mar 28 17:13:30 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Mon, 28 Mar 94 17:13:30 PST Subject: Anderson's RSA Trapdoor Can Be Broken Message-ID: The name of the article I cited earlier is in the subject line. Written by Burton S. Kaliski Jr, of RSA Labs, on **March 19, 1994**. An abstract: ------------- A recent letter by Ross Anderson proposes a ``trapdoor'' in the RSA public-key cryptosystem whereby ahardware device generates RSA primes p and p' in such a way that the hardware manufacturer can easily factor the RSA modulus n = pp'. Factoring the modulus hopefully remains difficult for all other parties. The proposed trapdoor is based on a secret value A known only to the manufacturer. For 256-bit RSA primes, the secret value A is 200 bits long. The device generates primes p of the form p = rA + q = r(q,A)A + q. (1) where q is at most about 100 bits long, and is 56 bits long and a function of A and q. To factor the RSA modulus n = pp', the manufacturer reduces the modulus modulo A to recover the product qq', following the relationship n = pp' = rr'A^2 + (rq' + r'q)A + qq'. (2) The 200-bit product qq' is easily factored and the manufacturer recovers the primes p and p' accordingly. While the trapdoor is indeed practical, it can be broken: Factoring such ``trapped'' moduli is easy. [...goes into easy-to-tex, hard-to-ascii derivation...] ...Such inequalities are called ``simultaneous Diophantine approximations,'' ... [and these will be solvable for these parameter lengths when (number of keys) >= 13] [...] One way to overcome this attack is to assign a different secret value to each device [...] The user does not need 14 moduli to find A, however. Two prime factors p and p' suffice, since the fraction r'/r is such a good approximation to the fraction p'/p that it is guaranteed to be a convergent in the continued fraction expansion of p'/p. The user can therefore detect a trapdoor even if the device generates each modulus with a different secret value. The manufacturer's only recourse, at least as far as the proposed trapdoor is concerned, is for the device to generate each modulus with a different secret value and to keep the prime factors secret. In such a sitiation, the manufacturer may as well preload the device with the primes and escrow copies--a practical ``trapdoor'' to which all cryptosystems, not just RSA, are vulnerable. burt at rsa.com -------------------------- check out rsa.com for the real copy: I left out about 3 equations relating to the diophantine approximations, but the text is pretty much copied in its entirety. Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From gjk at well.sf.ca.us Mon Mar 28 17:30:12 1994 From: gjk at well.sf.ca.us (Jack King) Date: Mon, 28 Mar 94 17:30:12 PST Subject: cfp '94 transcript Message-ID: <199403290127.RAA28080@well.sf.ca.us> Also note that the Fifth Circuit recently discarded the "exculpatory no" defense to Sec. 1001. See _United States v. Rodriguez-Rios_, No. 92- 8257 (5th Cir. 2/11/94) (Smith, J.). Reported at 54 CrimLRptr 1528. Now, in the Fifth Circuit, you can't even say "No, I never did/say/thought that" without committing a crime! From rishab at dxm.ernet.in Mon Mar 28 17:35:02 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 28 Mar 94 17:35:02 PST Subject: Citizen-Unit May fulfils Duty Message-ID: > Personally, I expect personal crypto dongles and/or similar gadgets to > be self-contained, in a wearable form. Maybe pendants, maybe rings > (real decoder rings!), maybe wristwatches. Communication will be by > inductive coupling or similarly robust links. (Inductive, > noncontacting transfer would allow implantation of the unit. IR > transfer through the skin is also possible.) We grant Citizen-Unit May Approved Thought Pattern credits for suggesting new ideas for our Unit Identifying Project. We note with some sadness that he was unable to carry his Approved Thoughts to their completion, whereby the Citizen-Identifying Trade Units broadcast all trade transactions of their attached Citizen-Unit to all Clipper-Units in the vicinity, for the benefit of surveillance and efficiency of society. --Approver-Unit Rishab Aiyer Ghosh -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From jim at rand.org Mon Mar 28 17:44:49 1994 From: jim at rand.org (Jim Gillogly) Date: Mon, 28 Mar 94 17:44:49 PST Subject: Shirt project In-Reply-To: <9403290115.AA03595@ nextsrv.cas.muohio.EDU > Message-ID: <9403290144.AA10700@mycroft.rand.org> > jdblair at nextsrv.cas.muohio.EDU writes: > > 1 9 8 4 > > > > "We're behind schedule." > > National Security Agency > > were interested in the design. I thought that on the back I might make a > list of government policies which are eroding civil rights. Sounds a bit busy -- what about the WiReD Clipper logo: the fist clutching the airwaves? I assume they'd give permission if asked nicely... Jim Gillogly Highday, 7 Astron S.R. 1994, 01:43 From tdzor at indirect.com Mon Mar 28 17:54:07 1994 From: tdzor at indirect.com (Timothy Drake) Date: Mon, 28 Mar 94 17:54:07 PST Subject: Shirt project In-Reply-To: <199403282317.QAA10939@pmip.dist.maricopa.edu> Message-ID: On Mon, 28 Mar 1994, Eric Johnson wrote: > Crypto Political Action Sportware... > > Is anyone interested in a T-shirt with the swoosh Big Brother Inside > front, and maybe a !Key Escrow (RSA button style; red circle and > slash over the words Key Escrow)? Would be a real conversation > piece with non-crypto friends, I would think. I recently heard > another great idea for a shirt: > > > 1 9 8 4 > > "We're behind schedule." > National Security Agency > > > I think I'll do at least a few for myself and friends, if no one > else is interested. > > Also, reply directly to me (and *please* don't cc: the list), so > I can get an idea of how many to order, if I do this. If it's > already been done, I would like to know about that also. > "Shirt orders" sent to the list will be ignored... > > --Eric > --- > Eric Johnson ejohnson at names.maricopa.edu > Maricopa Community Colleges, Tempe AZ 602-731-8919 > What kind of prices are you talking about.. And I would be interested in the NSA shirt..... TdZor From samman at CS.YALE.EDU Mon Mar 28 18:23:11 1994 From: samman at CS.YALE.EDU (Senator Bedfellow) Date: Mon, 28 Mar 94 18:23:11 PST Subject: cfp '94 transcript In-Reply-To: <199403290127.RAA28080@well.sf.ca.us> Message-ID: > Also note that the Fifth Circuit recently discarded the "exculpatory no" > defense to Sec. 1001. See _United States v. Rodriguez-Rios_, No. 92- > 8257 (5th Cir. 2/11/94) (Smith, J.). Reported at 54 CrimLRptr 1528. > > Now, in the Fifth Circuit, you can't even say "No, I never did/say/thought > that" without committing a crime! Maybe I'm not as well versed in legal matters as y'all but what is the 'exculpatory no'? Thanks Ben. From kinney at bogart.Colorado.EDU Mon Mar 28 19:07:27 1994 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Mon, 28 Mar 94 19:07:27 PST Subject: personal manifesto (comments appreciated) Message-ID: <9403290307.AA10573@bogart.Colorado.EDU> T.C. May writes: >And part of preventing totalitarianism means not interfering with >economic transactions made by folks. Say, Public Key Partners, for instance? ;-) -- Will From hughes at ah.com Mon Mar 28 19:26:17 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 28 Mar 94 19:26:17 PST Subject: Shirt project In-Reply-To: <9403290115.AA03595@ nextsrv.cas.muohio.EDU > Message-ID: <9403290315.AA08865@ah.com> >The "1984" T-shirt was suggested by one of the NSA reps at the CFP >conference. The fellow involved was indeed from the the NSA, but he was by no means representing it. I understand from him that he did a bit of bureaucratic hacking just to attend. He also kindly offered to post from dockmaster that he had seen me and some other tentacles in the same place and at the same time at a privacy conference, but alas, there were no tentacles to be found. Eric From ph at netcom.com Mon Mar 28 20:02:38 1994 From: ph at netcom.com (Peter Hendrickson) Date: Mon, 28 Mar 94 20:02:38 PST Subject: Shirt project In-Reply-To: <9403290144.AA10700@mycroft.rand.org> Message-ID: <199403290403.UAA06815@netcom9.netcom.com> Jim Gillogly writes: >> jdblair at nextsrv.cas.muohio.EDU writes: >> > 1 9 8 4 >> > >> > "We're behind schedule." >> > National Security Agency >> >> were interested in the design. I thought that on the back I might make a >> list of government policies which are eroding civil rights. > Sounds a bit busy -- what about the WiReD Clipper logo: the fist clutching > the airwaves? I assume they'd give permission if asked nicely... On the back you could use the Sword Through The Earth Symbol used in an original Star Trek episode by the Evil Federation Empire from an alternate universe. Disturbingly, in this universe the symbol is used by Interpol. Peter From pcw at access.digex.net Mon Mar 28 20:14:21 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 28 Mar 94 20:14:21 PST Subject: cfp '94 transcript Message-ID: <199403290413.AA19633@access3.digex.net> >> ObNit: As has been said before by others, there's more to >> Clipper/EES than just the Skipjack algorithm. I think simply asking >> if "the [Skipjack] algorithm contains a deliberately encoded >> weakness" leaves too much room for a "truthful" No answer. >I'm not sure what the NSA policy is on this. However, at that >same conference Jim Settle from the FBI told us plainly that >he is allowed to lie, and that the courts have confirmed this >right. I doubt Baker would have confessed to a back door even >if one existed and the question was complete. And, then they get bummed out when the public doesn't _believe_ them. From pcw at access.digex.net Mon Mar 28 20:16:31 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 28 Mar 94 20:16:31 PST Subject: Ames/clipper compromised? Message-ID: <199403290416.AA19775@access3.digex.net> >A useful exercise for this group might be to compile a list of questions >that they *should* answer if they're playing it straight. These could >be forwarded to the review committee, too. If we come up with a good >list, I'm willing to submit it to them. For that matter, I'll submit >it to one of the gentleman from NSA who gave the Clipper presentation >at Bell Labs. (But I won't bother sending in ``when did you stop beating >your spousal equivalent unit'' questions; there's no point to doing that >in this venue.) I've sent this exact question to Dorothy Denning back when they were working on the first report. I think it got lost in the noise. You might want to send it to her directly. They're open to suggestions. The first report contained cycling tests suggested, by I believe, Martin Hellman. -Peter Wayner From qjones at infi.net Mon Mar 28 20:46:33 1994 From: qjones at infi.net (Wayne Q Jones) Date: Mon, 28 Mar 94 20:46:33 PST Subject: FOIA, Clipper & NSC (National Security Council) In-Reply-To: <9403281601.AA00749@warwick.com> Message-ID: A court ruling on whether NSC is a govt agency or just the presidents clerk should be in the making. Clint also said he wanted to make NSC docs as open as possible like any other agency. On 28 Mar 1994, Harry Shapiro Hawk wrote: > Hi, > > THere was a wire service report over the weekend that > the Clinton Administration, is moving to prevent any doc- > ments, etc. created by the NSC (National Security Council) > from being subject to FOIA. I wonder, vis-a-vis, Glimore's > FOIA for Escrow keysd, if they will move to make NSC > a Key holder. > > Anyway, i thought it was worth mentioning. > > /hawk > > > Harry Shapiro Hawk > Manager of Computer Services > Warwick Baker & Fiore habs at uucp.warwick.com **************************************************************************** * Qjones at infi.net So I'm a dog...what else is new? * * Qjones at larry.wyvern.com Quote from life and times of a man * **************************************************************************** From nobody at soda.berkeley.edu Mon Mar 28 21:32:14 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Mon, 28 Mar 94 21:32:14 PST Subject: Very funny, Polyanna Message-ID: <199403290531.VAA20380@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- Why, Grahamy, thanks so much for that mail! I submitted my key to the key servers over a year ago and this is the first piece I received. And a juicy little message it was, too... you naughty boy! But I'm flattered, really. Oh, and sorry about putting that key up and ruining all your plans. But I'm sure it will all work out for the best. These things always do, you know! Polyanna -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBFAgUBLZeHOxnRghhlmcunAQHtngGAtk3HsEY7MFMW6d8/IIJzupIXPwP4DMj7 cRofJq1FXd/2FgmU3OgKqko8jYNlvum+ =H/xe -----END PGP SIGNATURE----- From blancw at microsoft.com Mon Mar 28 22:02:15 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 28 Mar 94 22:02:15 PST Subject: personal manifesto (comments appreciated) Message-ID: <9403290603.AA24995@netmail2.microsoft.com> Extended Commentary: 1) While the most likely possibility is that the Net will simply mirror current society, a Net of this [mirror] structure would fail to realize its potential as an agent of social change. COMMENT: That is, supposing that the net was designed to be an "agent for social change". I have not read where it was designed to exist for that specific purpose. A social effect which is not intentioned is simply a by-product of the fact that many people have found an avenue or tool useful for the satisfaction of their own particular purposes. Since communication itself is a medium for the accomplishment of most purposes which involve others; it is not exceptional, therefore, that the net should have become such a popular tool, it being so easy to use compared to the other means available. The important thing which I see about the net is not that it serves "social purposes", but that it helps individuals to achieve their *own* purposes. This sounds like only a difference in wording, but the difference is in what is judged as a 'good' purpose, or which end of the telescope you are using to view the situation: why is the end of having a collective 'good' better than the activity of simply achieving one's own ideal (of goodness, happiness, propriety, etc.). What is so unsubstantial about the uncounted individual that only a large number of them can be considered worthy of consideration. 3) Current arguments for regulation of cryptography by government agencies depend on the argument [that] they are maintaining their current abilities in the brave new world of cyberspace. I argue that even if this were the case, we have a responsibility to do more than simply maintain the status quo. . . . . COMMENT: What responsibility? (Irresponsible Unit wants to know) If the government centralizes responsibility, there will be none for the rest of us to comprehend. 4) It is the responsibility of the information haves to spread their knowledge to the information have-nots. ......... Knowledge which is not of a personal nature should be freely accessible. COMMENT: The library is full of information which many people do not take advantage of, and it's "free". Many wise people have written much that they wished to share with others, yet many 'havenots' do not avail themselves of it (at least, not the ones who seem to need it). 1) how much intellectual support does everyone need, anyway; 2) access to information does not replace having the incentive to appreciate it or the ability to understand it; 3) where does all this information come from, anyway? How did it become "information"; what was it before it was converted into an abstract form (carbon-based or electronic)? If it is moral to have information, and immoral *not* to have it, then many people are guilty of criminal negligence for not using their faculties of observation & thought in regard of all the data which exists all around them in an immediately accessible form. 6) ... People cannot participate in a democratic society if they are not educated to a minimal level required for functioning in that society. This is the crux of our societal problems, as well as the crux of possible problems with the Net. COMMENT: They should all understand the purpose of "society". Is it to be social, or to be free to be themselves, or what. If the purpose is more clearly stated and understood (and communicated to its members) then they each can decide whether, or how much, they wish to participate in its "goals". Societies are complex mixtures of people with all sorts of motives. At least on the net, it is easy to leave when your motives are in conflict, especially if your subscription is up. 7) ... one human has an enormous capacity to injure and exploit another human. We must decide which ability we wish to empower, and judge which we actually do. COMMENT: If everyone were equally able to injure & exploit others, people would become sensitive to what kind of effect they intended to achieve (upon others), and become more acutely attuned to the possible consequences. But if everyone was much more respectable & honorable than they presently are, there would be fewer reasons to attempt to bring harm to them; admiration itself would serve to prevent thoughts of evil deeds against those whose qualities one valued. You could as easily say that those who wish to be treated kindly should cultivate noble qualities and character, so that others will not be easily inspired to hit them over the head. 8) . . . My hope is that this restructuring will create a better society than the one I know. COMMENT: It would be possible to make society better, if people were not always changing their mind, developing new ideas, learning new things about themselves and the world, attempting to adjust to changing circumstances, and generally getting in each other's way as they accomplish all of these things. Pehaps if there were more space between people (like on the net), where they could engage in these activities without easily affecting others, this in itself could "improve" "society". But they always seem to want to grow up in each other's company, instead of doing their homework in private. 9) My beliefs are [hopelessly] utopian. . This faith must not be confused with [certainty]. . We must be satisfied with [approximations]. . I have faith in democratic principles to [shape society] . . . . . It is impossible to [predict the shape] of the society . . . . A few risks are of the [tyranny of the majority], ...... . The will of the people is [impossible to define], ..... COMMENT: I re-arranged your paragraphs to associate the meanings which I saw in them, and they do appear to be in conflict. 10) All actions have moral implications. Ignoring these implications is irresponsible and, yes... immoral. COMMENT: Se la vie'. Therefore what. Final comment: "Society" is in the quality of the contact. Blanc From lcottrell at popmail.ucsd.edu Mon Mar 28 23:20:04 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Mon, 28 Mar 94 23:20:04 PST Subject: cfp '94 transcript Message-ID: <199403290719.XAA08308@ucsd.edu> >Also note that the Fifth Circuit recently discarded the "exculpatory no" >defense to Sec. 1001. See _United States v. Rodriguez-Rios_, No. 92- >8257 (5th Cir. 2/11/94) (Smith, J.). Reported at 54 CrimLRptr 1528. > >Now, in the Fifth Circuit, you can't even say "No, I never did/say/thought >that" without committing a crime! I think this needs more explanation. I am not sure I understand what you are saying. What exactly is it illegal for you to say? -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From 68954 at brahms.udel.edu Mon Mar 28 23:27:42 1994 From: 68954 at brahms.udel.edu (Foetus) Date: Mon, 28 Mar 94 23:27:42 PST Subject: test Message-ID: <199403290727.CAA06809@brahms.udel.edu> im verrry soorry to waste this message but I have reason to suspect some recent system changes have bungled my mail kinda harsh, so I'm testing this list. From hayden at krypton.mankato.msus.edu Mon Mar 28 23:28:30 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 28 Mar 94 23:28:30 PST Subject: Unrelated Message-ID: Sorry that this isn't on topic, but I figure with all the net surfers here, it couldn't hurt to ask. Anyone happen to know of a site where I can get the most recent Jargon file in either postscript or dvi formats? I know I could a2ps the text version, but if there is already a nicely formatted version, I'd hate to duplicate efforts. thanks. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From ag588 at cleveland.Freenet.Edu Tue Mar 29 05:32:43 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Tue, 29 Mar 94 05:32:43 PST Subject: cfp '94 transcript Message-ID: <199403291332.IAA29105@piglet.INS.CWRU.Edu> > > >SINCLAIR DOUGLAS writes: > >> I'm not sure what the NSA policy is on this. However, at >> that same conference Jim Settle from the FBI told us >> plainly that he is allowed to lie, and that the courts have >> confirmed this right. I doubt Baker would have confessed >> to a back door even if one existed and the question was >> complete. > But wait! How do we know he's telling us the truth when he says he's allowed to lie? I mean, if he's telling the truth, then he might be lying, and if he's lying then either he's not allowed to lie or the courts have not confirmed this "right." On the other hand, if he's lying, then he might be telling the truth --- Aw, shit. You can't even trust the FBI anymore! ;) -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From gjk at well.sf.ca.us Tue Mar 29 05:52:34 1994 From: gjk at well.sf.ca.us (Jack King) Date: Tue, 29 Mar 94 05:52:34 PST Subject: cfp '94 transcript Message-ID: <199403291352.FAA10544@well.sf.ca.us> In Texas, Louisiana and Mississippi, it is now a federal crime to state orally or in writing to any federal administrative or law enforcement officer, during the course of an official investigation that you don't know what they are talking about if in fact you do. So if, for instance, you are a user on an anonymous bulletin board and you are asked if you are "X" when in fact you *are* X and you deny it, you can get a couple of years for that, even if you are not the subject of the investigation or guilty of any criminal activity--in theory, at least. This also pertains to any other kind of investigation: tax, environmental, drugs, antitrust, armed carjacking, international weapons trafficking, or anything else coming under federal jurisdiction. Mike Godwin stated that the FBI agent said something like " "we can lie to you, but you can't lie to us." That has always been true under 18 U.S.C. 1001. But now you can't even answer one of their questions with a "no" if the truthful answer would be "yes." You should read up on this, it's scarier than Clipper and the digital telephony proposal combined. From werner at mc.ab.com Tue Mar 29 06:52:25 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Tue, 29 Mar 94 06:52:25 PST Subject: cfp '94 transcript Message-ID: <9403291452.AA05320@werner.mc.ab.com> >Date: Tue, 29 Mar 1994 05:52:22 -0800 >From: Jack King > >In Texas, Louisiana and Mississippi, it is now a federal crime to state >orally or in writing to any federal administrative or law enforcement >officer, during the course of an official investigation that you don't know >what they are talking about if in fact you do. How can something be a federal crime in only 3 states? From gtoal at an-teallach.com Tue Mar 29 06:57:20 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 29 Mar 94 06:57:20 PST Subject: Very funny, Polyanna [this one's deliberately encrypted] Message-ID: <199403291456.PAA17958@an-teallach.com> -----BEGIN PGP MESSAGE----- Version: 2.3a hDwCGdGCGGWZy6cBAX9EYKxKaePdGU/Qb0pzsztLSruZL+zNVf0ucwsBR5fGHgBZ 687ttq0EBkSdWh3GMQWmAAABXWONJilD1xs1PYCDp9DPRa+F2EF8VIAp8nJ6sWQj gMaenXPiMQBpLLzfVkCgahsqRBG24zdpJxaaxaeaRhg/NM350vsTlpULlXrP0/fA jy23PO+fZBPdOYbH0RqRIalKGxdcb8JjHYwEhymTT13irZJ260YUHSu22s1hz2JM 4lZzqjWXY5PBebBQMDL3uKE29Rpxl+OZnQnofxbVliWQzZfIxtxKgW/LXw8hmp5G dIoBEjcNM9ta10a1ADpgnIOz5TiQ0OmN7S5Y3d7O5uT/CncJHBKeiXR+YDjcezyx oarVzIMxpLVNONBDlN18cEGHTxZCKJ7sQH3APPs78TmscJIq4WW+NJ3zb6BnkH3j 4PGnhTLadYObAoKY2ZVkE4I1F4yvXq1eLfUbvMGDZFvdSZXFLyA6Oq/Y6kV99wvu t+b10207DGnDuI9o4hLF6L1GvcSxLojSPsbngZcKXOs= =2PF0 -----END PGP MESSAGE----- From moormajb at vuse.vanderbilt.edu Tue Mar 29 07:34:28 1994 From: moormajb at vuse.vanderbilt.edu (Joseph Moorman) Date: Tue, 29 Mar 94 07:34:28 PST Subject: federal crime Message-ID: <9403291534.AA02056@necs.vuse> >>Date: Tue, 29 Mar 1994 05:52:22 -0800 >>From: Jack King >> >>In Texas, Louisiana and Mississippi, it is now a federal crime to state >>orally or in writing to any federal administrative or law enforcement >>officer, during the course of an official investigation that you don't know >>what they are talking about if in fact you do. >How can something be a federal crime in only 3 states? I think he probably meant "felony" not "federal crime." From frissell at panix.com Tue Mar 29 07:36:22 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 29 Mar 94 07:36:22 PST Subject: cfp '94 transcript In-Reply-To: <199403291352.FAA10544@well.sf.ca.us> Message-ID: On Tue, 29 Mar 1994, Jack King wrote: > Mike Godwin stated that the FBI agent said something like " > "we can lie to you, but you can't lie to us." That has always been true > under 18 U.S.C. 1001. But now you can't even answer one of their questions > with a "no" if the truthful answer would be "yes." You should read up on > this, it's scarier than Clipper and the digital telephony proposal combined. Of course you can still refuse to say anything which is what you should have always done in any case. I wonder that if you tell the agents that you reserve the right to lie -- in other words disclaim an oath. Swear to lie. If you can beat such a rap. DCF From frissell at panix.com Tue Mar 29 07:38:09 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 29 Mar 94 07:38:09 PST Subject: cfp '94 transcript In-Reply-To: <9403291452.AA05320@werner.mc.ab.com> Message-ID: On Tue, 29 Mar 1994 werner at mc.ab.com wrote: > > How can something be a federal crime in only 3 states? If the (Fifth?) local circuit Court of Appeals has established a particular legal interpretation. DCF From mnemonic at eff.org Tue Mar 29 07:40:57 1994 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 29 Mar 94 07:40:57 PST Subject: cfp '94 transcript In-Reply-To: <9403291452.AA05320@werner.mc.ab.com> Message-ID: <199403291540.KAA08667@eff.org> > >Date: Tue, 29 Mar 1994 05:52:22 -0800 > >From: Jack King > > > >In Texas, Louisiana and Mississippi, it is now a federal crime to state > >orally or in writing to any federal administrative or law enforcement > >officer, during the course of an official investigation that you don't know > >what they are talking about if in fact you do. > > How can something be a federal crime in only 3 states? 18 USC 1001 is a crime in every state, but interpretations of the law may vary by circuit. We're talking about the Fifth Circuit here, looks like. --Mike From mnemonic at eff.org Tue Mar 29 07:44:06 1994 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 29 Mar 94 07:44:06 PST Subject: federal crime In-Reply-To: <9403291534.AA02056@necs.vuse> Message-ID: <199403291543.KAA08738@eff.org> > >>Date: Tue, 29 Mar 1994 05:52:22 -0800 > >>From: Jack King > >> > >>In Texas, Louisiana and Mississippi, it is now a federal crime to state > >>orally or in writing to any federal administrative or law enforcement > >>officer, during the course of an official investigation that you don't know > >>what they are talking about if in fact you do. > > >How can something be a federal crime in only 3 states? > > I think he probably meant "felony" not "federal crime." No, he meant federal crime. --Mike From sommerfeld at orchard.medford.ma.us Tue Mar 29 08:05:33 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 29 Mar 94 08:05:33 PST Subject: questions for review committee. In-Reply-To: <9403282338.AA13435@bloom-beacon.mit.edu> Message-ID: <199403291556.KAA00736@orchard.medford.ma.us> Question: How many bits of true "hardware randomness" go into the generation of each set of unit keys? Question: Exactly how are these random numbers generated? Which entity or entities provide the hardware and/or software to generate them? Are they generated inside the "vault" at the time of programming or "off-line"? Question: Are any of the random inputs to the key generation algorithm held constant during the generation of a "batch" of chips? If so, what is the justification for this practice? Question: What is the current batch size? What will the batch size be if production reaches ~1 million units per year, or ~4000 per work day? Question: What assurances are there that the key generation algorithm documented and examined by the review committee is the one actually used in production? Question: What assurances are there that the encryption algorithm studied by the review committee is the same as the one implemented by the chip? More specifically, have several members of the review committee each coded their own SKIPJACK implementations, including the escrow protocols, "from scratch" on computer systems not owned or provided by the U.S. government, and compared their outputs to that of the chips under study? If this is not feasible, please explain why. Question: What assurances are there that the actual physical chip(s) implementing the EES implements exactly and only the skipjack algorithm, the documented escrow procedures, and other publicly documented features? Are there any VLSI experts on the review committee? If so, what chips have they designed, and what chips have they "reverse engineered"? ---- By "assurances" I mean that there is an active process in place for validating compliance to a particular requirement such that no single *organization*, or single model of hardware can "fail" in a way such that violation of the requirement goes undetected. I consider the set of current and former employees of the Executive Branch of the U.S. Government to be a single organization for purposes of assurance. Addendum to all of these: If this information is classified, please justify this classification etc., etc., Steve, I hope you don't consider any of these "have you stopped beating your spouse".. - Bill From karn at qualcomm.com Tue Mar 29 08:21:45 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 29 Mar 94 08:21:45 PST Subject: Very funny, Polyanna :-( [namespace pollution] In-Reply-To: <199403281958.UAA26598@an-teallach.com> Message-ID: <199403291620.IAA27281@servo.qualcomm.com> Isn't this really just a special case of the more general problem of deciding which keys on a public key ring you're willing to trust? Perhaps your mailer script should automatically encrypt only when a keyid is found with a signature trail that you trust. I do see a signature for that key from Miron Cuperman. Perhaps you'd want to modify your trust parameters for him... Phil From gtoal at an-teallach.com Tue Mar 29 09:36:13 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 29 Mar 94 09:36:13 PST Subject: Very funny, Polyanna :-( [namespace pollution] Message-ID: <199403291734.SAA20964@an-teallach.com> :Isn't this really just a special case of the more general problem of :deciding which keys on a public key ring you're willing to trust? :Perhaps your mailer script should automatically encrypt only when a :keyid is found with a signature trail that you trust. No, that's a totally separate problem. What I'm worried about is some comedian publishing a public key for addresses like "alt.security.pgp at cs.utexas.edu" or any of the common mailing gateways, and suddenly people using auto-encrypting mail programs find that no-one can read their posts. It kind of throws a spanner in the works for completely transparent pgp shells. :I do see a signature for that key from Miron Cuperman. Perhaps :you'd want to modify your trust parameters for him... That's not the point; someday soon people will be using mailers that auto-pgp without them even realising it. I don't want to have to hassle those people with interactive questions about whether they trust someone, or force them to maintain personal lists of bad addresses. Whatever solution we can find will have to involve active support from the keyservers I suspect. thoth at netcom - I hope you're listening to this! There's a definite problem of a denial-of-service attack here that the current scheme makes hard to avoid. Hence why I called it 'namespace pollution' in the subject line. G From ravage at bga.com Tue Mar 29 10:04:23 1994 From: ravage at bga.com (Jim choate) Date: Tue, 29 Mar 94 10:04:23 PST Subject: Crypto and new computing strategies Message-ID: <199403291804.AA01129@zoom.bga.com> In the latest issue of Scientific American there is an article on quantum computing and how the first working machine is to be built in the immediate future. This raises dark portents in my mind when one considers the rate and the size constraints on such devices. We may be looking at a technology birth which will allow brute force computation of RSA style algorithms and their cracking. As an aside in a Physics mailing list I subscribe to Rajashi Roy from Georgian Tech supposedly has managed to synchronize two chaotic lasers which would provide a basis for a optical one-time pad system. From phantom at u.washington.edu Tue Mar 29 10:35:02 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Tue, 29 Mar 94 10:35:02 PST Subject: Keyserver addresses? Message-ID: I haven't seen mention of the keyservers by name for a long while -- the one I used to use (toxicwaste) is long gone. Perhaps we should add the keyservers' addresses to the active remailer list posted here periodically? Could someone send me a keyserver address, in any case? mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From mrose at stsci.edu Tue Mar 29 10:38:44 1994 From: mrose at stsci.edu (Mike Rose) Date: Tue, 29 Mar 94 10:38:44 PST Subject: NSA in the WSJ In-Reply-To: <199403281548.AA15995@panix.com> Message-ID: <9403291838.AA19252@MARIAN.STSCI.EDU> >>>>> On Mon, 28 Mar 1994 10:48:04 -0500, Duncan Frissell said: >From: The Wall Street Journal, Tuesday March 22, 1994, p. B1 >The project "is a focal point for the >distrust of government," acknowledges Clinton Brooks, the NSA scientist >who led the so-called Clipper Chip project >Enigma started as >a commercial product; recognizing its military value, the Nazis pulled >it off the market. "That was the concern we're wrestling with today," >Mr. Brooks says --- commercial encryption technology becoming so good that >U.S. spy agencies can't crack it. Wow. Now the NSA is comparing itself to Nazis, and are damn proud of it. Mike From tcmay at netcom.com Tue Mar 29 10:44:00 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 29 Mar 94 10:44:00 PST Subject: Crypto and new computing strategies In-Reply-To: <199403291804.AA01129@zoom.bga.com> Message-ID: <199403291844.KAA29627@mail.netcom.com> Jim Choate writes: > In the latest issue of Scientific American there is an article on quantum > computing and how the first working machine is to be built in the > immediate future. This raises dark portents in my mind when one considers > the rate and the size constraints on such devices. We may be looking at a > technology birth which will allow brute force computation of RSA style > algorithms and their cracking. No need to worry just yet. There is no convincing evidence that "quantum computers" can calculate in any way differently from "ordinary" computers. I'm not sure if Jim is referring to the Bennett-Brassard talk of computers exploiting QM principles in a new way, or the stuff on quantum-well sorts of devices (single-electron wells). My issue of Sci Am is buried somewhere. Devices that are built on a size scale where quantum effects are important, such as quantum-well devices, don't use QM as a computational mechanism per se. The devices are just real small. But not small enough to matter for large RSA moduli--the computations required to factor a 1000-decimal-digit number swamp even a universe _made_ of computers! The issue of "rate and size constraints" is a different issue for several reasons: 1. Quantum computers (of the Bennett-Brassard sort), in their nascent stage, are very large and cumbersome affairs....lots of light tables, lasers, beam splitters, and interferometers. This will shrink, but not for a while. 2. Nanotechnology and other "small" technologies may someday make computers much more capable than the silicon-based technologies of today. I'm not holding my breath, for lots of reasons. And, like I said, a long-enough modulus defeats even a universe filled with computers. It's in the math. Can NP-hard problems be skirted with "nondeterministic" computers (whatever _they_ are)? Not that we know of. Just speculation at this point. (And it hasn't been proved that factoring, let alone RSA, is NP-hard or NP-complete or anything else.) So I'm not worried. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ag588 at cleveland.Freenet.Edu Tue Mar 29 10:54:14 1994 From: ag588 at cleveland.Freenet.Edu (John C. Brice) Date: Tue, 29 Mar 94 10:54:14 PST Subject: cfp '94 transcript Message-ID: <199403291853.NAA08399@eeyore.INS.CWRU.Edu> > > > >On Tue, 29 Mar 1994, Jack King wrote: > >> Mike Godwin stated that the FBI agent said something like " >> "we can lie to you, but you can't lie to us." That has always been true >> under 18 U.S.C. 1001. But now you can't even answer one of their questions >> with a "no" if the truthful answer would be "yes." You should read up on >> this, it's scarier than Clipper and the digital telephony proposal combined. > >Of course you can still refuse to say anything which is what you should >have always done in any case. > >I wonder that if you tell the agents that you reserve the right to lie -- >in other words disclaim an oath. Swear to lie. If you can beat such a rap. > >DCF > > > > Don't try to be clever when you're talking with the Feds. Your best bet is simply to demand a lawyer and then shut up. -- ------------------------------------------------------------------------- I am an attorney, seeking a position in the area of Computer Law. If you know of such a position available, or of someone who may know of such a position, please send e-mail! Thanks. From talon57 at well.sf.ca.us Tue Mar 29 10:56:16 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 29 Mar 94 10:56:16 PST Subject: Ames/ clipper compromised? Message-ID: <199403291855.KAA29477@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Jim Gillogly quoted then replied: >>Brian D Williams writes: >>I remember awhile back someone posted some clipper documents that >>were released under FOIA as I recall. The thing that struck me >>was that the NSA was refering internally to clipper as "The >>Trapdoor chip." Why refer to it as such if there is no back door? >Those letters made it clear the "trapdoor" was the escrow, and the >internal debate was over whether the existence of the escrow would >be made public. So far it's been NSA's consistent public position >that the escrow is the only way in... and from the FOIA, that's >evidently what they're telling the President also. >Most days I'm pretty sure I believe that there aren't any known >gotchas in the Skipjack algorithm. If they can really get the >escrow, it's ever so much cheaper than doing real cryptanalysis. >As Carl Ellison and others point out, that's really one of the big >dangers -- if LE doesn't have to break Skipjack to read the >traffic, neither do the attackers... and breaking the escrow is >probably much cheaper than breaking the algorithm. >My position is that Clipper is iniquitous whether or not there's >a[nother] trap door. > Jim Gillogly > Mersday, 6 Astron S.R. 1994, 21:58 Hmmmm, lets look at the article I referred to Ahh, here it is: - From toad.com!gnu Mon Jun 21 14:54:03 1993 From: gnu at toad.com (John Gilmore) To: cypherpunks at toad.com Subject: Some FOIA results re Clipper Date: Mon, 21 Jun 1993 14:29:59 -0700 Lee Tien and I have submitted a pile of FOIA requests about Clipper. Here is scanned-in text from some of the more interesting results, courtesy of Lee. Search for "required", for a mention of the proposal to require the use of Clipper. Also note that the role of the "national security community" has been deliberately withheld from the public statements (search for "mentioned"). Most agencies have not yet responded with documents. FBI is claiming it will take them a year, and we are preparing to file suit to force them to do it within 10 days like the law requires. (Our NSA suit over the same thing, is continuing through the gears of the court process.) John Gilmore [This page originally XXXXXXXXXXXXXXX TOP SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON, DC 20301-3040 COMMAND CONTROL COMMUNICATIONS AND INTELLIGENCE MEMORANDUM FOR MS. JOANN H. GRUBE, NSA REPRESENTATIVE/NSC PRD-27 EXPORT CONTROL WORKING GROUP SUBJECT: Comments on PRD-27/NSA Draft (U) (U) Following are comments concerning your proposed memorandum to Jim Lewis, Department of State: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX blacked out via FOIA (b)(1) exemption. XXXXXXXXXXXXXXXXXXX (U) The assertions in this draft are merely unsupported statements. Recommend that the memorandum provide more empirical evidence to back up its assertions, and that the above comments be reflected in its contents. (signed) Daniel J. Ryan Director, Information Systems Security CLASSIFIED BY: OASD(C3I)/DIR, ISS DECLASSIFY ON: OADR [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE 30 APR 1993 (stamped) MEMORANDUM FOR THE ACTING ASSISTANT SECRETARY OF DEFENSE (C3I) Subject: PRD/NSC-27 Advanced Telecommunications and Encryption (U) (U) Advances in telecommunications have created the opportunity for public use of encryption to ensure the privacy and integrity of business and personal communications. These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and SIGINT targets. Diverse interests are in diametric opposition with regard to industry's right to sell and the public's right to use such capabilities. A highly-emotional, spirited public debate is likely. (U) In its simplest construct, this complex set of issues places the public's right to privacy in opposition to the public's desire for safety. The law enforcement and national security communities argue that if the public's right to privacy prevails and free use of cryptography is allowed, criminals and spies will avoid wiretaps and other intercepts and consequently prosper. They propose that cryptography be made available and required which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications. Such cryptography exists, and while there are many practical problems to be solved, this proposal is technically possible to achieve. (U) Opponents of the proposal argue that the public has a right to and an expectation of privacy, that a trapdoor system would be prone to misuse and abuse, and that the proposed solution would not work in any practical sense. They assert that people who are deliberately breaking much more serious laws would not hesitate to use cryptography that does not have a trapdoor, and that secure cryptography will inevitably be supplied by offshore companies. Thus, freedom will be lost and many tax dollars spent to no effect. (U) This situation is complicated by the existence of other interests. For example, there currently exist strict controls on the export of cryptography. The computer industry points out that it has one of the few remaining positive trade balances and that it is vital that the dominance of the American computer industry in world markets be preserved. The industry fears that this will be lost if offshore developers incorporate high-quality cryptography into their products while U.S. industry either cannot do so or suffers higher costs or delays due to requirements for export licenses. The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. In support of their argument, they note that powerful public-key cryptography developed and patented by RSA using U.S. tax dollars is free to developers in Europe, subject to royalties in the United States, and cannot be exported without expensive and time-late export licenses. These charges are true. (U) The national security community is especially interested in preventing the spread of high-quality encipherment routines overseas, and argues that more extensive use here at home will inevitably result in such a proliferation. Actually, it is too late. The Data Encryption Standard (DES) is already widely available throughout the world in both hardware and software forms, and DES software can be downloaded anywhere in the world from public bulletin boards by anyone with a PC, a MODEM and a telephone. In one recent experiment it took three minutes and fourteen seconds to locate a source-code version of DES on the INTERNET. Widespread availability of DES and RSA will enable offshore developers to provide high-quality encipherment for voice and data communications in competition with U.S. industry's products. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX blacked out via FOIA exemption (b)(1) XXXXXXXXXXX (U) Despite these concerns, the President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip, and at least AT&T has been reported willing to do so (having been suitably incentivised by promises of Government purchases). The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. (U) The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned. (U) The new administration is committed to the development of an information superhighway and a National Information Infrastructure in support of the economy. This worthy goal is independent of arguments as to whether or not law enforcement and national security officials will be able to read at will traffic passing along the information superhighway. A full-scale public debate is needed to ascertain the wishes of U.S. citizens with regard to their privacy, and the impact on public safety of preserving privacy at the expense of wiretapping and communications intercept capabilities of law enforcement and national security personnel. It is not clear what the public will decide. In the meantime, DoD has trapdoor technology and the Government is proceeding with development of the processes needed to apply that technology in order to maintain the capability to perform licit intercept of communications in support of law enforcement and national security. (signed) Ray Pollari Acting DASD (CI & SCM) [This page originally SECRET; now UNCLASSIFIED] ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 May 3, 1993 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE EXECUTIVE SUMMARY MEMORANDUM FOR DEPUTY SECRETARY OF DEFENSE FROM: CHARLES A. HAWKINS, JR., ACTING ASD(C3I) (initialed C. Hxxx) SUBJECT: Advanced Telecommunications and Encryption (U) PURPOSE: INFORMATION DISCUSSION:(U) In response to DEPSECDEF's tasking of 21 Apr 93 (TAB A) this information is provided. Advances in telecommunications have created the opportunity for public use of encryption to ensure the privacy and integrity of business and personal communications. These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and a broad range of SIGINT targets. Diverse interests are in diametric opposition with regard to industry's right to sell and the public's right to use such capabilities. A highly-emotional, spirited public debate is likely. (U) The law enforcement and national security communities argue that if the public's right to privacy prevails and free use of cryptography is allowed, criminals and spies will avoid wiretaps and other intercepts. They propose that cryptography be made available to the public which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications. Such cryptography exists, and while there are many practical problems to be solved, this proposal is technically possible to implement. (U) Opponents of the proposal argue that the public has a right to and expectation of privacy, that such a system would be prone to misuse and abuse, and that the proposed solution would not work in any practical sense. They assert that criminals and spies will not hesitate to use secure cryptography supplied by offshore companies. Thus, the loss of privacy would outweigh any advantages to law enforcement or national security. (U) The computer industry points out that it has one of the few remaining positive trade balances and that it is vital that the dominance of the American computer industry in world markets be preserved. The industry fears that this will be lost if offshore developers incorporate high-quality cryptography into their products while U.S. industry either cannot do so or suffers higher costs or delays due to requirements for export licenses because of strict controls of export of cryptography. The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. CLASSIFIED BY: DASD(CI&SCM) DECLASSIFY ON: OADR [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] (U) The national security community is especially interested in preventing the spread of high-quality encipherment routines overseas, and argues that more extensive use here at home will inevitably result in such a proliferation. This would increase the cost of performing the SIGINT mission or decrease the amount of intelligence, or both. The Data Encryption Standard (DES) is already widely available throughout the world in both hardware and software forms, and DES software can be downloaded anywhere in the world from public bulletin boards by anyone with a PC, a MODEM, and a telephone. Thus far, widespread availability has not led to widespread use. However, widespread availability of DES and RSA will make it possible for offshore developers to provide high- quality encipherment for voice and data communications in competition with U.S. industry's products. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX blacked out under FOIA exemption (b)(1) XXXXXXXXXXXXXXXXXXXXX (U) The President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip. The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned. (U) The new administration is committed to the development of an information superhighway and a National Information Infrastructure in support of the economy. This worthy goal is independent of arguments as to whether or not law enforcement and national security officials will be able to read at will traffic passing along the information superhighway. A full-scale public debate is beginning which will ascertain the wishes of U.S. citizens with regard to their privacy and the impact on public safety of preserving privacy at the expense of wiretapping and communications intercept capabilities of law enforcement and national security personnel. It is not clear what the public will decide. In the meantime, DoD has trapdoor technology and the Government is proceeding with development of the processes needed to apply that technology in order to maintain the capability to perform licit intercept of communications in support of law enforcement and national security. Prepared by: Dan Ryan/ODASD(CI & SCM)/x 41779/28 Apr 93/OSD - ------- End of Forwarded Message Okay, I had to reread it several times, but I see your point! Why do they refer to it as a "trapdoor" when there going in the "frontdoor?" I'm still not convinced that there is no "trapdoor", and will never be as long as the algorithm remains secret. Hey just for snicks, (and new members of the list) lets look at the report on Skipjack again. SKIPJACK Review Interim Report The SKIPJACK Algorithm Ernest F. Brickell, Sandia National Laboratories Dorothy E. Denning, Georgetown University Stephen T. Kent, BBN Communications Corporation David P. Maher, AT&T Walter Tuchman, Amperif Corporation July 28, 1993 (copyright 1993) Executive Summary The objective of the SKIPJACK review was to provide a mechanism whereby persons outside the government could evaluate the strength of the classified encryption algorithm used in the escrowed encryption devices and publicly report their findings. Because SKIPJACK is but one component of a large, complex system, and because the security of communications encrypted with SKIPJACK depends on the security of the system as a whole, the review was extended to encompass other components of the system. The purpose of this Interim Report is to report on our evaluation of the SKIPJACK algorithm. A later Final Report will address the broader system issues. The results of our evaluation of the SKIPJACK algorithm are as follows: 1. Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2. There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3. While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. 1. Background On April 16, the President announced a new technology initiative aimed at providing a high level of security for sensitive, unclassified communications, while enabling lawfully authorized intercepts of telecommunications by law enforcement officials for criminal investigations. The initiative includes several components: A classified encryption/decryption algorithm called "SKIPJACK." Tamper-resistant cryptographic devices (e.g., electronic chips), each of which contains SKIPJACK, classified control software, a device identification number, a family key used by law enforcement, and a device unique key that unlocks the session key used to encrypt a particular communication. A secure facility for generating device unique keys and programming the devices with the classified algorithms, identifiers, and keys. Two escrow agents that each hold a component of every device unique key. When combined, those two components form the device unique key. A law enforcement access field (LEAF), which enables an authorized law enforcement official to recover the session key. The LEAF is created by a device at the start of an encrypted communication and contains the session key encrypted under the device unique key together with the device identifier, all encrypted under the family key. LEAF decoders that allow an authorized law enforcement official to extract the device identifier and encrypted session key from an intercepted LEAF. The identifier is then sent to the escrow agents, who return the components of the corresponding device unique key. Once obtained, the components are used to reconstruct the device unique key, which is then used to decrypt the session key. This report reviews the security provided by the first component, namely the SKIPJACK algorithm. The review was performed pursuant to the President's direction that "respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their finding." The Acting Director of the National Institute of Standards and Technology (NIST) sent letters of invitation to potential reviewers. The authors of this report accepted that invitation. We attended an initial meeting at the Institute for Defense Analyses Supercomputing Research Center (SRC) from June 21-23. At that meeting, the designer of SKIPJACK provided a complete, detailed description of the algorithm, the rationale for each feature, and the history of the design. The head of the NSA evaluation team described the evaluation process and its results. Other NSA staff briefed us on the LEAF structure and protocols for use, generation of device keys, protection of the devices against reverse engineering, and NSA's history in the design and evaluation of encryption methods contained in SKIPJACK. Additional NSA and NIST staff were present at the meeting to answer our questions and provide assistance. All staff members were forthcoming in providing us with requested information. At the June meeting, we agreed to integrate our individual evaluations into this joint report. We also agreed to reconvene at SRC from July 19-21 for further discussions and to complete a draft of the report. In the interim, we undertook independent tasks according to our individual interests and availability. Ernest Brickell specified a suite of tests for evaluating SKIPJACK. Dorothy Denning worked at NSA on the refinement and execution of these and other tests that took into account suggestions solicited from Professor Martin Hellman at Stanford University. NSA staff assisted with the programming and execution of these tests. Denning also analyzed the structure of SKIPJACK and its susceptibility to differential cryptanalysis. Stephen Kent visited NSA to explore in more detail how SKIPJACK compared with NSA encryption algorithms that he already knew and that were used to protect classified data. David Maher developed a risk assessment approach while continuing his ongoing work on the use of the encryption chip in the AT&T Telephone Security Device. Walter Tuchman investigated the anti-reverse engineering properties of the chips. We investigated more than just SKIPJACK because the security of communications encrypted with the escrowed encryption technology depends on the security provided by all the components of the initiative, including protection of the keys stored on the devices, protection of the key components stored with the escrow agents, the security provided by the LEAF and LEAF decoder, protection of keys after they have been transmitted to law enforcement under court order, and the resistance of the devices to reverse engineering. In addition, the success of the technology initiative depends on factors besides security, for example, performance of the chips. Because some components of the escrowed encryption system, particularly the key escrow system, are still under design, we decided to issue this Interim Report on the security of the SKIPJACK algorithm and to defer our Final Report until we could complete our evaluation of the system as a whole. 2. Overview of the SKIPJACK Algorithm SKIPJACK is a 64-bit "electronic codebook" algorithm that transforms a 64-bit input block into a 64-bit output block. The transformation is parameterized by an 80-bit key, and involves performing 32 steps or iterations of a complex, nonlinear function. The algorithm can be used in any one of the four operating modes defined in FIPS 81 for use with the Data Encryption Standard (DES). The SKIPJACK algorithm was developed by NSA and is classified SECRET. It is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms, suitable for protecting all levels of classified data. The specific algorithm, SKIPJACK, is intended to be used with sensitive but unclassified information. The strength of any encryption algorithm depends on its ability to withstand an attack aimed at determining either the key or the unencrypted ("plaintext") communications. There are basically two types of attack, brute-force and shortcut. 3. Susceptibility to Brute Force Attack by Exhaustive Search In a brute-force attack (also called "exhaustive search"), the adversary essentially tries all possible keys until one is found that decrypts the intercepted communications into a known or meaningful plaintext message. The resources required to perform an exhaustive search depend on the length of the keys, since the number of possible keys is directly related to key length. In particular, a key of length N bits has 2^N possibilities. SKIPJACK uses 80-bit keys, which means there are 2^80 (approximately 10^24) or more than 1 trillion trillion possible keys. An implementation of SKIPJACK optimized for a single processor on the 8-processor Cray YMP performs about 89,000 encryptions per second. At that rate, it would take more than 400 billion years to try all keys. Assuming the use of all 8 processors and aggressive vectorization, the time would be reduced to about a billion years. A more speculative attack using a future, hypothetical, massively parallel machine with 100,000 RISC processors, each of which was capable of 100,000 encryptions per second, would still take about 4 million years. The cost of such a machine might be on the order of $50 million. In an even more speculative attack, a special purpose machine might be built using 1.2 billion $1 chips with a 1 GHz clock. If the algorithm could be pipelined so that one encryption step were performed per clock cycle, then the $1.2 billion machine could exhaust the key space in 1 year. Another way of looking at the problem is by comparing a brute force attack on SKIPJACK with one on DES, which uses 56-bit keys. Given that no one has demonstrated a capability for breaking DES, DES offers a reasonable benchmark. Since SKIPJACK keys are 24 bits longer than DES keys, there are 2^24 times more possibilities. Assuming that the cost of processing power is halved every eighteen months, then it will not be for another 24 * 1.5 = 36 years before the cost of breaking SKIPJACK is equal to the cost of breaking DES today. Given the lack of demonstrated capability for breaking DES, and the expectation that the situation will continue for at least several more years, one can reasonably expect that SKIPJACK will not be broken within the next 30-40 years. Conclusion 1: Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 4. Susceptibility to Shortcut Attacks In a shortcut attack, the adversary exploits some property of the encryption algorithm that enables the key or plaintext to be determined in much less time than by exhaustive search. For example, the RSA public-key encryption method is attacked by factoring a public value that is the product of two secret primes into its primes. Most shortcut attacks use probabilistic or statistical methods that exploit a structural weakness, unintentional or intentional (i.e., a "trapdoor"), in the encryption algorithm. In order to determine whether such attacks are possible, it is necessary to thoroughly examine the structure of the algorithm and its statistical properties. In the time available for this review, it was not feasible to conduct an evaluation on the scale that NSA has conducted or that has been conducted on the DES. Such review would require many man-years of effort over a considerable time interval. Instead, we concentrated on reviewing NSA's design and evaluation process. In addition, we conducted several of our own tests. 4.1 NSA's Design and Evaluation Process SKIPJACK was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in combinatorics and abstract algebra. SKIPJACK's more immediate heritage dates to around 1980, and its initial design to 1987. SKIPJACK was designed to be evaluatable, and the design and evaluation approach was the same used with algorithms that protect the country's most sensitive classified information. The specific structures included in SKIPJACK have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987. Thus, an arsenal of tools and data was available. This arsenal was used by dozens of adversarial evaluators whose job was to break SKIPJACK. Many spent at least a full year working on the algorithm. Besides highly experienced evaluators, SKIPJACK was subjected to cryptanalysis by less experienced evaluators who were untainted by past approaches. All known methods of attacks were explored, including differential cryptanalysis. The goal was a design that did not allow a shortcut attack. The design underwent a sequence of iterations based on feedback from the evaluation process. These iterations eliminated properties which, even though they might not allow successful attack, were related to properties that could be indicative of vulnerabilities. The head of the NSA evaluation team confidently concluded "I believe that SKIPJACK can only be broken by brute force there is no better way." In summary, SKIPJACK is based on some of NSA's best technology. Considerable care went into its design and evaluation in accordance with the care given to algorithms that protect classified data. 4.2 Independent Analysis and Testing Our own analysis and testing increased our confidence in the strength of SKIPJACK and its resistance to attack. 4.2.1 Randomness and Correlation Tests A strong encryption algorithm will behave like a random function of the key and plaintext so that it is impossible to determine any of the key bits or plaintext bits from the ciphertext bits (except by exhaustive search). We ran two sets of tests aimed at determining whether SKIPJACK is a good pseudo random number generator. These tests were run on a Cray YMP at NSA. The results showed that SKIPJACK behaves like a random function and that ciphertext bits are not correlated with either key bits or plaintext bits. Appendix A gives more details. 4.2.2 Differential Cryptanalysis Differential cryptanalysis is a powerful method of attack that exploits structural properties in an encryption algorithm. The method involves analyzing the structure of the algorithm in order to determine the effect of particular differences in plaintext pairs on the differences of their corresponding ciphertext pairs, where the differences are represented by the exclusive-or of the pair. If it is possible to exploit these differential effects in order to determine a key in less time than with exhaustive search, an encryption algorithm is said to be susceptible to differential cryptanalysis. However, an actual attack using differential cryptanalysis may require substantially more chosen plaintext than can be practically acquired. We examined the internal structure of SKIPJACK to determine its susceptibility to differential cryptanalysis. We concluded it was not possible to perform an attack based on differential cryptanalysis in less time than with exhaustive search. 4.2.3 Weak Key Test Some algorithms have "weak keys" that might permit a shortcut solution. DES has a few weak keys, which follow from a pattern of symmetry in the algorithm. We saw no pattern of symmetry in the SKIPJACK algorithm which could lead to weak keys. We also experimentally tested the all "0" key (all 80 bits are "0") and the all "1" key to see if they were weak and found they were not. 4.2.4 Symmetry Under Complementation Test The DES satisfies the property that for a given plaintext-ciphertext pair and associated key, encryption of the one's complement of the plaintext with the one's complement of the key yields the one's complement of the ciphertext. This "complementation property" shortens an attack by exhaustive search by a factor of two since half the keys can be tested by computing complements in lieu of performing a more costly encryption. We tested SKIPJACK for this property and found that it did not hold. 4.2.5 Comparison with Classified Algorithms We compared the structure of SKIPJACK to that of NSA Type I algorithms used in current and near-future devices designed to protect classified data. This analysis was conducted with the close assistance of the cryptographer who developed SKIPJACK and included an in-depth discussion of design rationale for all of the algorithms involved. Based on this comparative, structural analysis of SKIPJACK against these other algorithms, and a detailed discussion of the similarities and differences between these algorithms, our confidence in the basic soundness of SKIPJACK was further increased. Conclusion 2: There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 5. Secrecy of the Algorithm The SKIPJACK algorithm is sensitive for several reasons. Disclosure of the algorithm would permit the construction of devices that fail to properly implement the LEAF, while still interoperating with legitimate SKIPJACK devices. Such devices would provide high quality cryptographic security without preserving the law enforcement access capability that distinguishes this cryptographic initiative. Additionally, the SKIPJACK algorithm is classified SECRET NOT RELEASABLE TO FOREIGN NATIONALS. This classification reflects the high quality of the algorithm, i.e., it incorporates design techniques that are representative of algorithms used to protect classified information. Disclosure of the algorithm would permit analysis that could result in discovery of these classified design techniques, and this would be detrimental to national security. However, while full exposure of the internal details of SKIPJACK would jeopardize law enforcement and national security objectives, it would not jeopardize the security of encrypted communications. This is because a shortcut attack is not feasible even with full knowledge of the algorithm. Indeed, our analysis of the susceptibility of SKIPJACK to a brute force or shortcut attack was based on the assumption that the algorithm was known. Conclusion 3: While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. - ------- End of forwarded message ------- Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZh2xdCcBnAsu2t1AQHSLwP+KQ8GLveVcE9Tv6ES+Y8Y2/hWWJW+i2Vl 1nwhzll4XqcHBM00+8d/SIWGR0tmdq3tySKifDa/zdX6bz7hNUuwjeAG3hwUXROj CquRYngU8akbTNkifulJrkgOBVYdN/QdZXn9fullQC5pBWexOtRBWb6cR5XrNnRu 6WUKfvzsXtA= =3qXS -----END PGP SIGNATURE----- From f_griffith at ccsvax.sfasu.edu Tue Mar 29 11:06:47 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Tue, 29 Mar 94 11:06:47 PST Subject: federal crime Message-ID: <9403291906.AA03604@toad.com> >> >> >How can something be a federal crime in only 3 states? >> >> > By interpretation of the circuit court of appeals (federal) for that area. From mwhitson at MIT.EDU Tue Mar 29 11:15:36 1994 From: mwhitson at MIT.EDU (mwhitson at MIT.EDU) Date: Tue, 29 Mar 94 11:15:36 PST Subject: Keyserver addresses? In-Reply-To: Message-ID: <199403291915.OAA06083@dragons-lair.MIT.EDU> There is now a PGP keyserver running on martigny.ai.mit.edu. If you use Mosaic 2.0 or some other Web client with forms support, you can even get at it through the Web. The URL is http://martigny.ai.mit.edu/~bal/pks-toplev.html -Michael Whitson mwhitson at mit.edu From MaraW at fs-gate.uchicago.edu Tue Mar 29 11:17:03 1994 From: MaraW at fs-gate.uchicago.edu (Whitney, Mara) Date: Tue, 29 Mar 94 11:17:03 PST Subject: No Subject Message-ID: <2D987DBF@FS-GATE.UCHICAGO.EDU> Hi. Netta suggested I write you about joining your list, or at least that's what I think she said. We were at CFP '94 and a lot was goining on simultaneously. My name is Mara Whitney and you can reach me at maraw at fs- gate.uchicago.edu. Thanks, Mara From tcmay at netcom.com Tue Mar 29 11:26:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 29 Mar 94 11:26:01 PST Subject: Ames/ clipper compromised? In-Reply-To: <199403291855.KAA29477@well.sf.ca.us> Message-ID: <199403291926.LAA05736@mail.netcom.com> (40 pages of quoted material mercifully not included here!) I'd like to encourage my colleague Brian Williams and others _not_ to copy 40 pages of stuff that's already been posted here just to add a few comments (or even a _lot_ of comments). One of the problems with a mailing list like ours is that the same articles--be they announcements from the EFF or CPSR, articles from the Wall Street Journal, or whatever--are being posted multiple times. Sometimes because people didn't apparently see that the stuff had _already _ been posted, sometimes because Cypherpunks is on a "junk mail" list of EFF, CPSR, ACLU, etc. mailers, and sometimes (as here with Brian) because folks seem to think the material _needs_ repetition. Thanks for reading this. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From wcs at anchor.ho.att.com Tue Mar 29 11:44:53 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 29 Mar 94 11:44:53 PST Subject: cfp '94 transcript Message-ID: <9403291939.AA29718@anchor.ho.att.com> > I have a question concerning the algorithm that is used in the > Clipper Chip, Skipjack..[]..There is a certain amount of conjecture > that in fact the algorithm contains a deliberately encoded weakness > that will allow the NSA, without access to the escrow keys, to be > able to intercept communication in their mission to monitor on- > shore and off-shore communications..[].. > > BAKER I'll answer it yes or no if you'll > tell me exactly the question. > > UNKNOWN Does it or does it not contain a > weakness that allows you to intercept the communications without > access to the escrow keys. > > BAKER No. The response is incorrect; I'll leave moral judgements about whether the constitutes deliberate lying or mere confusion to others :-) Specifically, the Clipper Chip does *not* use the escrow keys - it uses its device unique key, which can be derived from them. It *could* have been designed to use the escrow keys to do the device-unique-key generation internally, or even to do *two* separate encryption rounds in LEAF creation so there isn't just one key, but nooo. Decryption of LEAF also does not use the escrow keys, it uses the device unique key as well. The Black Box For Cops may very well use the escrow keys to derive the device unique key, but anybody who has access to the Skipjack and LEAF algorithms and Family Key and the device unique key can do the decryption, and you can probably feed the Black Box For Cops the device-unique key and 000000..00 instead of the escrowed key-parts. (They'd have to do some *really* special checking otherwise.) So how do you get the device unique key without using the escrow keys? - Maybe you can FOIA it - Maybe the Key Generation Bureau can steal it during manufacturing - Maybe the Key Generation Bureau can just *take* it during manufacturing, since the Attorney General's rules don't say not to. - Maybe the Key Generation Bureau can steal the two half-keys before (or after) giving them to the so-called "escrow" agents, which means they're not really the escrow keys. - Maybe the Key Generation Bureau can re-generate the keys, either by stealing the input batch parameters from the escrow agents or by brute-force searching the range of inputs they might have provided or something similar. - Maybe the Black Box For Cops lets you extract the data from it, either directly or by handing it carefully-designed input - Maybe authorized government employees can obtain the keys for chips for internal use, and then distribute those chips to victims\\\\\\\suckers\\\\\\customers outside government. - Maybe the rules for access to government-used Clipper-chip keys are or will be different than for keys used by the public. After all, their responsibilities for protecting internal information are different than their ability to wiretap people. So maybe they just "misread" a serial number and get the chip keys from the wiretapping-each-other list instead of the escrow agencies by "mistake - those keys aren't "escrowed", since the escrow agents don't have them they're just "retained for internal use". "Wiretap the usual suspects!" Bill Stewart # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From samman at CS.YALE.EDU Tue Mar 29 13:25:20 1994 From: samman at CS.YALE.EDU (Senator Bedfellow) Date: Tue, 29 Mar 94 13:25:20 PST Subject: Ames/ clipper compromised? In-Reply-To: <199403291855.KAA29477@well.sf.ca.us> Message-ID: Where can I get a copy of the entire original paper document regarding Clipper. I'd like to include it in a paper I'm writing and I'd like the Appendices that are spoken of. Thanks Ben. From warlord at MIT.EDU Tue Mar 29 13:48:49 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 29 Mar 94 13:48:49 PST Subject: Keyserver addresses? In-Reply-To: <199403291915.OAA06083@dragons-lair.MIT.EDU> Message-ID: <9403292148.AA01625@toxicwaste.media.mit.edu> I should add that the email address for that server is: public-key-server at martigny.ai.mit.edu You can also try: pgp-public-keys at dsi.unimi.it @pgp.ox.ac.uk @demon.co.uk And a few others I can't remember offhand. -derek From adam at bwh.harvard.edu Tue Mar 29 13:58:10 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 29 Mar 94 13:58:10 PST Subject: Ames/ clipper compromised? In-Reply-To: <199403291855.KAA29477@well.sf.ca.us> Message-ID: <199403292157.QAA18896@freud.bwh.harvard.edu> The skipjack review committe wrote: | 3. Susceptibility to Brute Force Attack by Exhaustive Search [...] | An implementation of SKIPJACK optimized for a single processor on | the 8-processor Cray YMP performs about 89,000 encryptions per | second. At that rate, it would take more than 400 billion years to | try all keys. Assuming the use of all 8 processors and aggressive | vectorization, the time would be reduced to about a billion years Could someone explain why jumping to 8 processors knocks the time down by a factor of 400, instead of a factor of 8? Is the 400 billion years a load of crap, intended to sound more impressive than 8? adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From hlin at nas.edu Tue Mar 29 14:07:34 1994 From: hlin at nas.edu (Herb Lin) Date: Tue, 29 Mar 94 14:07:34 PST Subject: questions for the NRC crypto committee... Message-ID: <9402297649.AA764987901@nas.edu> Bellovin writes: A useful exercise for this group might be to compile a list of questions that they *should* answer if they're playing it straight. These could be forwarded to the review committee, too. If we come up with a good list, I'm willing to submit it to them. **** As the guy staffing the NRC's review project of national cryptography policy, I encourage you (and other cypherpunks) to do so. Please forward to me the questions you think the review panel should be asking. So that your questions stand out, please put in the subject line: Crypto panel question thanks.. herb lin From jim at rand.org Tue Mar 29 14:39:08 1994 From: jim at rand.org (Jim Gillogly) Date: Tue, 29 Mar 94 14:39:08 PST Subject: Ames/ clipper compromised? In-Reply-To: <199403292157.QAA18896@freud.bwh.harvard.edu> Message-ID: <9403292238.AA13080@mycroft.rand.org> > Adam Shostack writes: > The skipjack review committe wrote: > | second. At that rate, it would take more than 400 billion years to > | try all keys. Assuming the use of all 8 processors and aggressive > | vectorization, the time would be reduced to about a billion years > > Could someone explain why jumping to 8 processors knocks the > time down by a factor of 400, instead of a factor of 8? Is the 400 > billion years a load of crap, intended to sound more impressive than > 8? Without seeing the algorithm we can't be sure, but that could be OK for ballpark: the 8 processors gives you 50 billion years, and the aggressive vectorization gives you the other factor of 50. Since they've said there are 32 rounds of in there, I assume the point is to run those rounds in parallel... or overlap the output of that round of one key with the next round of a previous key, or some such dramatic stuff, and 32 is close enough to 50 for this level of estimate. Sounds aggressive to , anyway -- how about you? But it's meaningless to ask how long today's hardware would take to solve this stuff. Extrapolations aren't much better, but at least they give a convenient exponential benchmark. Let's take Wiener's proposed design for 3.5-hour cracks on a $1M machine as the benchmark of solving a single key at acceptable expense. Note that the speed or power of machines has been doubling about once every 12-18 months. Wiener's machine brute-forces a 56-bit key in reasonable time, so if your bang/buck ratio keeps going at the current rate, in 24-36 years something equivalent would be able to brute-force an 80-bit key. That might explain why they chose 80 bits instead of 128... if the algorithm escapes, they don't lose contact with its product forever. Note that the Skipjack Review committee was not in fact using the billion years "load of crap" mode. In the executive summary, they say: 1. Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. I located and cut&pasted this after writing my previous paragraph, so we can call these independent findings. :) Note that they produced this before Wiener presented his design, so the cost of a break was not (publically) known at that point. Jim Gillogly Highday, 7 Astron S.R. 1994, 22:34 From v-garthb at microsoft.com Tue Mar 29 15:23:07 1994 From: v-garthb at microsoft.com (Garth Brown (Skylight Software)) Date: Tue, 29 Mar 94 15:23:07 PST Subject: FW: mail problem Message-ID: <9403292324.AA22631@netmail2.microsoft.com> The author stated use of 8 processors and "aggressive vectorization", or, IOW, Using the 8 processors in conjunction instead of as 8 separate data paths, making their co-operative speed MUCH faster than an 8X increase. ---------- | From: Adam Shostack | | Could someone explain why jumping to 8 processors knocks the | time down by a factor of 400, instead of a factor of 8? Is the 400 | billion years a load of crap, intended to sound more impressive than | 8? | From ddt at lsd.com Tue Mar 29 15:42:48 1994 From: ddt at lsd.com (David Del Torto) Date: Tue, 29 Mar 94 15:42:48 PST Subject: RANDOM>Quantum Randoms? Message-ID: <199403292343.PAA17515@mail.netcom.com> Yatahey, Listen, I've been lurking the list for many moons, but will be visiting more regularly again, so please forgive if this has already been discussed. However much I tilt at Life's many windmills, I never for a moment lack interest in Crypto matters, so natcherly I noticed the juicy tidbit below in Sci Am with great interest (what jumped out at me was the part about "'truly' random numbers"). I OCRed it and am posting it to see if any of you saw it and what comments you might have about its implications for the future generation of randoms... not to mention for regular computing. dave ******* David Del Torto ******* ******* Level Seven Development ******* ******* "If you don't like your Government, grow your own." ******* ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Quantum Computing Creeps Closer to Reality More than a decade ago a small group of physicists, among them Richard P. Feynman, began wondering whether it would be possible to harness quantum effects for computation. Until recently, such investigations have been highly abstract and mathematical. Now Seth Lloyd, a researcher at Los Alamos National Laboratory, has proposed in Science how a so-called quantum computer might actually be built. Lloyd points out that in one sense "everything, including conventional computers, and you and me, is quantum mechanical," since all matter obeys the laws of physics. One feature distinguishing quantum computers from conventional ones, Lloyd explains, is the way they store information. Conventional computers use electrical charge or its absence to represent 0's or l's used in the binary language of data storage. In a quantum machine, information would be represented by the energy levels of individual particles or clusters of particles, which according to quantum mechanics occupy discrete states; the ground, or "dow n," state could signify a 0 and the excited, "up" state a 1. Lloyd says such computers could be made out of materials with identical, repeating units that behave quantum mechanically, including long organic molecules, or polymers; arrays of quantum dots, which are clusters of atoms with precisely controllable electronic properties; and crystals. "Something as simple as a salt crystal might do," he states. Input is supplied by pulses of light or radio waves, which would nudge the atoms, molecules or quantum dots into energy levels representing, say, a particular number. More pulses of light would cause the system to carry out a computation and disgorge an answer. Because quantum systems are notoriously susceptible to disruption from external effects, an error-correction program would monitor the progress of a computation and put it back on track when it goes awry. Such a computer would be much smaller and faster than any current model, Lloyd contends. It could also perform certain tasks beyond the range o f any classical device by exploiting a bizarre quantum effect known as superposition. Under certain precisely controlled conditions, a particle can briefly inhabit a "superposed" energy state that is, in a sense, both down and up. It has a 50-50 probability of "collapsing" into one state or the other. Computers that can store information in a superposed form, Lloyd suggests, could generate truly random numbers, a task that has proved fiendishly difficult for classical computers. They could thus solve certain problems with a probabilistic element-such as those involving quantum mechanics-more accurately than can conventional machines. Rolf Landauer of the IBM Thomas J. Watson Research Center, an authority on the limits of computing, has "a number of reservations" regarding Lloyd's scheme. Landauer argues, for example, that Lloyd's error-correction method will destroy the very superposition that he seeks (for reasons related to the fact that mere observation of a quantum system alters it). Yet Lloyd's work is still "a step forward," Landauer says. "He's given us something to evaluate in more detail." -John Horgan Scientific American, April 1994, Page 18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAitfCt4AAAEEANk+zWV0Z1tnxsJm25BAvH2NI68RbNOaumDofJgVUL9BePQI HNNbOdu4gAmhcEXMvFVwu3vju4nh9qnzz7lYpw5Yh6TcgVI+vb9OsljfAR+ibhDN j5ParKfwZ+mexOCAfrgdt1z71XLY588qxs70ha6u76dvxUsdw6HBOF9KrwDlAAUT tCJEYXZpZCBEZWwgVG9ydG8gPGRlbHRvcnRvQGFvbC5jb20+ =YGwT -----END PGP PUBLIC KEY BLOCK----- From rishab at dxm.ernet.in Tue Mar 29 16:24:55 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 29 Mar 94 16:24:55 PST Subject: Call setup without warrants? Message-ID: Everyone talks about the DTII Act's allowing the monitoring of 'call setup information' without a warrant. I can't seem to find where exactly in the text of the Act is this stated. All paragraphs about call setup information mention the requirement of 'court order or lawful authorization,' exactly as required for interception. These include Section 3a(1)-(4) defining the 'assistance requirements' of common carriers, as well as 3i(7), which defines 'call setup information': > (7) 'call set up information' shall mean the information > generated which identifies the origin and destination of a wire or > electronic communication placed to, or received by, the facility or > service that is the subject of a court order or lawful authorization, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > including information associated with any telecommunication system dialing > or calling features or services; In the EFF's section-wise analysis of the draft bill last month, there was no indication of any loopholes in the 'lawful authorization' bit. The only thing I noticed was the 'routability exceptions' in Section 3a(4) allowing monitoring at the common carrier's premises about which the EFF analysis said: > The exceptions to this "routability requirement" occur when a criminal or > intelligence emergency pre-empts the normal process of seeking an order, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > or when there is an attempt by the person committing an offense to thwart > interception by changing facilities. These types of situations are provided > for under current law. However, it seems clear that (a) this is exceptional and (b) it is equally applicable to *both* call setup as well as interception. What I want to know is whether I'm missing any basis *in the Act itself* for this assumption of CS information without authorization? If not, is there any other *specific* basis, such as that for the possible outlawing of encryption in the statement that "there is no constitutional guarantee to unbreakable crypto?" -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From fnerd at smds.com Tue Mar 29 16:29:26 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 29 Mar 94 16:29:26 PST Subject: Crypto and new computing strategies Message-ID: <9403292209.AA29520@smds.com> > Jim Choate writes: > > > In the latest issue of Scientific American there is an article... On Seth Lloyd's grain-of-salt computer, actually. I didn't know he was going to build one. Anyway, his technique *may* be useful to make quantum computers, but it's more likely to be useful for making regular deterministic massive single-instruction-multiple-data computers out of fairly simple crystals--"maybe even a grain of salt." His technique would make every repeating unit of the 3D crystal into a computing unit. You lose a couple factors of 10 for addressing, making higher-level modules, and error-correction. Still, that's a lot of compute power. Tim May says- > No need to worry just yet. > > There is no convincing evidence that "quantum computers" can calculate > in any way differently from "ordinary" computers. Right. This is just a large power increase using deterministic stuff. It's based on electrons in the shells of atoms in crystals responding to different frequencies of photons depending on their own and neighboring atoms' shells' states. > Devices that are built on a size scale where quantum effects are > important, such as quantum-well devices, don't use QM as a > computational mechanism per se. The devices are just real small. But > not small enough to matter for large RSA moduli--the computations > required to factor a 1000-decimal-digit number swamp even a universe > _made_ of computers! Which is what a naive guess would have said about 129-digit numbers. I would love to see some sort of curve of factoring algorithm efficiencies over time. You could show the log of the difficulty for a selection of number sizes over the past hundred years, say. The experts say it's flattening out and will probably stay that way. A sudden jump in the high end of computer power would mean that we would need to use larger keys sooner than we thought. A key length requiring a little bit more work on the user's part means a lot more work on the cracker's part, but I don't know how many more bits of key compensate for a 10^9 increase in cracking power, say. -fnerd quote me - - - - - - - - - - - - - - - blue pill, Pharm. a pill of blue mass, used as an alterative... alterative, adj. tending to alter... -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From wd6cmu at netcom.com Tue Mar 29 16:44:10 1994 From: wd6cmu at netcom.com (Eric Williams) Date: Tue, 29 Mar 94 16:44:10 PST Subject: Ames/ clipper compromised? In-Reply-To: <199403291855.KAA29477@well.sf.ca.us> Message-ID: <199403300044.QAA28657@mail.netcom.com> Did anyone else noticed the blacked-out paragraphs in the two FOIA documents just before the administration stated its intent to ignore all the computer industry's counter-arguments to Clipper? Does anyone else wonder what is there that they found so compelling? -- Eric Williams | wd6cmu at netcom.com | WD6CMU at WD6CMU.#NOCAL.CA.USA.NA From jim at rand.org Tue Mar 29 17:12:17 1994 From: jim at rand.org (Jim Gillogly) Date: Tue, 29 Mar 94 17:12:17 PST Subject: Ames/ clipper compromised? In-Reply-To: <199403300044.QAA28657@mail.netcom.com> Message-ID: <9403300111.AA13980@mycroft.rand.org> > wd6cmu at netcom.com (Eric Williams) writes: > Did anyone else noticed the blacked-out paragraphs in the two FOIA > documents just before the administration stated its intent to ignore > all the computer industry's counter-arguments to Clipper? Does anyone > else wonder what is there that they found so compelling? Yes, John Gilmore saw those and wondered about them, and filed an administrative appeal on them. Here's the result. I don't know if it was posted here before, so I'll apologize in advance if it was. The second such document was similarly repaired, and said the same thing in slightly different words. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX The entire paragraph that follows was originally withheld as XX XXXX classified information. We appealed the withholding, and XXXXX XXXX most of the paragraph was released, with only one or two XXXXXX XXXX sentences withheld at the bottom. XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [(S) crossed out, replaced by] (U) Trapdoor encryption technology is not essential to the debate (a system that required the escrow of keys by users of cryptographic technologies could be established even if the trapdoor chips did not exist), proposed use of trapdoor technology does raise a further complication: neither the academic community nor private industry is comfortable with encryption algorithms that are kept secret, as will be the case with the trapdoor chip. It has been suggested that an independent panel of cryptography experts will be invited to evaluate the algorithm. This will undoubtedly fail to reassure the community at large that there are no unrecognized vulneratilities, since the panel will be perceived as captive and tainted. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX One or two sentences blacked out via FOIA exemption (b)(1) XXXX (U) Despite these concerns, the President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip, and at least AT&T has been reported willing to do so (having been suitably incentivised by promises of Government purchases). [and so on] Jim Gillogly Sterday, 8 Astron S.R. 1994, 01:06 From sonny at netcom.com Tue Mar 29 17:47:05 1994 From: sonny at netcom.com (James Hicks) Date: Tue, 29 Mar 94 17:47:05 PST Subject: Anti-Clipper Resolution (fwd) Message-ID: <199403300147.RAA08813@mail.netcom.com> I thought this was interesting. >James< Begin forwarded message: > From netcom.com!netcomsv!decwrl!elroy.jpl.nasa.gov!swrinde!news.uh.edu!nuchat!cld9!alaric Tue Mar 29 17:30:26 1994 > Xref: netcom.com alt.privacy:13504 > Newsgroups: alt.privacy > Subject: Anti-Clipper Resolution > From: alaric at cld9.com (Alaric) > Path: netcom.com!netcomsv!decwrl!elroy.jpl.nasa.gov!swrinde!news.uh.edu!nuchat!cld9!alaric > Distribution: world > Message-ID: <7.7096.1006.0N5DB0C2 at cld9.com> > Date: Fri, 25 Mar 94 22:13:00 -0600 > Organization: C-9 Communications > Lines: 22 > > Today in Houston at the District 6 State Senatorial Convention of the > Democratic Party of Texas, as an initial step in the formation of the > platform of the Democratic Party, a resolution was passed taking a stand > against the program of a thousand names - Clipper Chip/Skipjack/Digital > telephony bill. > The journey of a thousand miles begins under your feet. If all > Libertarians, democrats, republicans and independents who oppose the > Clipper chip will take a step this thing can be beaten. At the state > convention, a Harris county resolution carries a lot of weight > (registered voters). In the national convention a Texas resolution will > carry a lot of weight (electoral college votes). Do more than send an > e-mail, call your precinct captain and your congresscritters, send 'em > a snail mail. > I'm a bit euphoric seeing something happen against this chip. I've seen > the power of the people in action. Whoa, I'm getting a bit carried > away. I'll be my same cynical self tomorrow, but I still hope each of > you takes another step against the Clipper chip. > > Alaric at archives.cld9.com > --- > * OLX 2.1 * Paranoid? Sure, but that alone doesn't make me wrong! > .............................................................................................................................. * Synchronet * Archives BBS 1-713-896-1721 reply to: @arch.cld9.com > From keenan at acs.ucalgary.ca Tue Mar 29 20:29:53 1994 From: keenan at acs.ucalgary.ca (Tom Keenan) Date: Tue, 29 Mar 94 20:29:53 PST Subject: radio security through obscurity Message-ID: <9403300431.AA42214@acs3.acs.ucalgary.ca> Thanks to the 2 dozen or so people who gave me interviews at CFP94. As I mentioned the primary purpose of them is for a CBC Radio segment to be aired on "Sunday Morning" (which many NPR stations carry.) I think I told you that it would air on Easter Sunday but I now realize the show is pre-empted so it will be some other Sunday. i will put the exact time in the list when I have it. As for TV coverage I am going to do an open-line phone in show on CFP related things on CBC's NEWSWORLD network. The airdate for that is (live of course) 1230-1300 MST (and local equivalent) Thursday April 7/94. Would love to have some intelligent phone calls. The 1-800 number (not sure what it is offhand) is Canada only but somehow I don't think that will be much of a barrier! Cheers, Tom -- Dr. Tom Keenan, I.S.P. Dean, Faculty of Continuing Education University of Calgary 2500 University Dr. NW Calgary, AB T2N 1N4 CANADA Voice: (403) 220-5429 FAX: (403) BUG-EXIT = 284-3948 From ebrandt at jarthur.cs.hmc.edu Tue Mar 29 22:23:36 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Tue, 29 Mar 94 22:23:36 PST Subject: Cerf calls for "international cryptography standard" Message-ID: <9403300623.AA11132@toad.com> Forwarded message: > Subject: E-d-u-p-a-g-e 03/29/94 > INTERNET STILL VULNERABLE > Testimony at a House Subcommittee on Science indicates that threats to > Internet security should be viewed as on-going rather than isolated events. > Internet Society President Vinton Cerf says that development and use of an > international encryption standard is the only reliable solution to the > problem. (Chronicle of Higher Education 3/30/94 A22) He's right, but I'd like to think he doesn't have Clipper/Capstone in mind. Oh, I'll throw this in too: > SOFTWARE REPLACES SPORTSWRITERS > A $100 software program called Sportswriter is capable of churning out > reasonably good sports copy by intelligently stringing together words > between facts. Some 80 small newspapers in the Midwest have purchased the > program and are using it to cover high school sports events. (Wall Street > Journal 3/29/94 A1) Eli ebrandt at hmc.edu finger for PGP key. From hlin at nas.edu Wed Mar 30 03:02:56 1994 From: hlin at nas.edu (Herb Lin) Date: Wed, 30 Mar 94 03:02:56 PST Subject: questions for the NRC crypto committee... Message-ID: <9402307650.AA765036053@nas.edu> The NRC crypto study is a study of national cryptography policy intended to lay down a framework for the long term; this study was ordered by the U.S. Congress and will be launched this summer (we hope). It is not focused on any particular technology such as Clipper, Skipjack, or Tessera, though the study committee will be addressing these and other technologies as necessary. Thus, it is different from the review committee charged with examining Clipper. Indeed, the composition of the NRC study committee has not been determined at this time. This committee will still be soliciting input from the community, and the offer I made earlier stands -- If you (and other cypherpunks) have questions you think the NRC committee should be asking regarding the formulation of crypto policy, please forward them to me. tnx herb lin Computer Science and Telecommunications Board National Research Council National Academy of Sciences *** Bellovin writes: A useful exercise for this group might be to compile a list of questio ns that they *should* answer if they're playing it straight. These could be forwarded to the review committee, too. If we come up with a good list, I'm willing to submit it to them. **** As the guy staffing the NRC's review project of national cryptography policy, I encourage you (and other cypherpunks) to do so. Please forward to me the questions you think the review panel should be asking. So that your q uestions stand out, please put in the subject line: Crypto panel question thanks.. herb lin Do you want to collect the questions or should I? I volunteered because I know 3 of the 5 committee members. From ravage at bga.com Wed Mar 30 06:36:57 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 06:36:57 PST Subject: Crypto and new computing strategies In-Reply-To: <9403292209.AA29520@smds.com> Message-ID: <199403301436.AA24132@zoom.bga.com> While I can understand the commen wisdom such QM type machines are not a threat to the present cyrpto-cracking horsepower race I must admit I don't agree with it. First, historicaly (and emotionaly on my part) I have a hard time taking the premise that the status quo will stay the status quo. I have this belief that some bright person is going to come along and blow all our pipe dreams away. It has happened before and it WILL happen again, especially when you consider the resources available to the government. As to the NSA and their resources, they try to stay 5 yrs. ahead of others on specific topics, you can bet this is one. Also, when you throw compartmented security into the mix I see it as completely possible that the vast majority of the NSA itself believes it doesn't exist while in some basement office there is a little super-cooled sugar cube sized widget cranking out numbers at a high rate of speed. As to the computing power of QM, when one considers that electrons shift orbits instantly (otherwise photons would have to have momentum) and the distances are so small the scaling factor is NOT strictly linear. I completely fail to understand the position that it is an extension of a SIMD architecture, at that scale MIMD architectures will be the standard. My .02... From m5 at vail.tivoli.com Wed Mar 30 07:00:29 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 30 Mar 94 07:00:29 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301436.AA24132@zoom.bga.com> Message-ID: <9403301459.AA18143@vail.tivoli.com> Jim choate writes: > While I can understand the commen wisdom such QM type machines are > not a threat to the present cyrpto-cracking horsepower race I must > admit I don't agree with it. First, historicaly (and emotionaly on > my part) I have a hard time taking the premise that the status quo > will stay the status quo. I have this belief that some bright > person is going to come along and blow all our pipe dreams away. > It has happened before and it WILL happen again, especially when > you consider the resources available to the government. Remember, however, that advances in technology benefit encryptors as well as codebreakers. Unless the "bright person" comes along and proves P == NP, there's still opportunity to develop strong cryptosystems. (Indeed, if a bright person comes along and proves that P != NP, then things look pretty good.) -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From frissell at panix.com Wed Mar 30 07:44:56 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 30 Mar 94 07:44:56 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301436.AA24132@zoom.bga.com> Message-ID: On Wed, 30 Mar 1994, Jim choate wrote: > it. First, historicaly (and emotionaly on my part) I have a hard time taking the > premise that the status quo will stay the status quo. I have this belief that > some bright person is going to come along and blow all our pipe dreams away. However faster cracking means faster encrypting (using larger keys) as well. I don't think the US government can maintain a tech edge over the market for long in any case. The Soviet government couldn't. DCF From hughes at ah.com Wed Mar 30 07:51:12 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 07:51:12 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301436.AA24132@zoom.bga.com> Message-ID: <9403301536.AA00533@ah.com> >First, historicaly (and emotionaly on my part) I have a hard time >taking the premise that the status quo will stay the status quo. I >have this belief that some bright person is going to come along and >blow all our pipe dreams away. When quark theory was invented, it didn't change the conservation of mass-energy. When quantum computers are invented, it won't change the fact that they're still Turing machines. If it does, that's a revolution; I'm not waiting. A single tape Turing machine has the same computational ability--though not the speed--of a multitape Turing machine, of a multihead Turing machine, of a multihead multitape Turing machine, of a register machine, of single/multiple instruction single/multiple data multiple register machine, of the lambda calculus, of recursive function theory, and of pretty much every other rich computational system every invented. If you still don't agree, I can only steer you to pretty much any first year formal logic textbook. Eric From hughes at ah.com Wed Mar 30 07:59:31 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 07:59:31 PST Subject: Very funny, Polyanna :-( [namespace pollution] In-Reply-To: <199403291734.SAA20964@an-teallach.com> Message-ID: <9403301545.AA00575@ah.com> >What I'm worried about is >some comedian publishing a public key for addresses like >"alt.security.pgp at cs.utexas.edu" or any of the common mailing >gateways, and suddenly people using auto-encrypting mail programs >find that no-one can read their posts. Presence on a keyring means that a key exists, not that the owner of a key has a policy that it should always be used, or that it should be used by everybody. Both PGP and PEM get this completely wrong. Not every key will be used for every purpose. Mere existence of a key should not indicate permission to encrypt with it. No current cryptosystem has a way of specifying policy in a public key distribution system. I want separate keys for separate machines, separate keys for signing and for secrecy, separate keys for contracting and for authentication. The current systems don't support this, and will, I suspect, not support this any time soon. In the meanwhile such policies will have to be created manually, even if their operation is transparent. >Whatever solution we can find will have to involve active support >from the keyservers I suspect. The key servers are just serving data. To add policy criteria to the key servers is to extend their functionality beyond their original intent. Eric From talon57 at well.sf.ca.us Wed Mar 30 09:05:28 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 30 Mar 94 09:05:28 PST Subject: the rest of the key Message-ID: <199403301705.JAA19822@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I was just wondering.... If the NSA could get it's hands on half (40) of any particular clipper key, wouldn't that just leave 2^40 to compute? Even with brute force, it's trivial even next to DES. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZmvbtCcBnAsu2t1AQE5MwP9E46rrqaqqDRASdd5EHuRgkvGmax3y/3n RQ7xIRT+ixXBfKMnSDdcScdV9OqR6JcQJFru88zynqj4XaU6u1olYKPKJhjpO1ry nE8vHi4UO8qkg4B3cnf2XZVlkwrICTzGGhZjHuqws0R3C++1AGmVBA/UrlHQxwZn h9jU4GRUHQI= =xVfX -----END PGP SIGNATURE----- From hfinney at shell.portal.com Wed Mar 30 09:16:44 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 30 Mar 94 09:16:44 PST Subject: Web of Trust? Message-ID: <199403301717.JAA14861@jobe.shell.portal.com> One of the key concepts widely used to describe PGP is the "web of trust". This brings to mind a network of connections between people who know and communicate with each other. Two people who want to communicate can do so securely if there is a path of connections in the form of signed keys that joins them. But this is not quite right. The fundamental fact about PGP key signatures, which is often misunderstood, is this: You can only communicate securely with someone whose key is signed by a person you know, either personally or by reputation. In other words, if I want to communicate with joe at abc.com, I can only do so if one of the signators of his key is a person I know. If not, I have no way of judging the validity of his key. This belies simple interpretations of the "web of trust". I may have signed A's key, A has signed B's, B has signed C's, C has signed D's, and D has signed Joe's, but this is of no value unless I know D. Only then can I trust Joe's key. This means that, in the "web" picture, I can only communicate securely with people who are at most two hops away in the web of connections. I can communicate with the people I know, and I can communicate with the people they know, and that is it. This is unfortunate, because the simple web model ties into some famous research which suggests that any two people chosen at random are only about half a dozen steps apart in the web of who-knows-whom connections. (This result is where the title of the movie "Six Degrees of Separation" comes from.) If you had a system which actually supported communications via such a web model, it actually would have hope of letting two people communicate who did not have a very long chain between them. But PGP, with a maximum chain length of two, will not allow this. What would have to be added in order to allow a true web of trust model to be used in a program like PGP? Basically what is needed is some way to judge the trustworthyness of signatures by people you don't know. This would most plausibly be provided by the people who had signed their keys. For example, if there were another type of key signature which did not only vouch for the person's identity, but also for his trustworthyness and care in signing keys, then a chain of such signatures could serve as the basis for a true web of trust. Obviously such signatures could not be given out nearly as easily as the kind we have now, where a glance at some stranger's drivers' licence is often all we get, but they could be given to close friends and those we know and trust. More elaborate systems might include numerical ratings of trustworthiness which would help to estimate the strength of any given path. The main point is that some information of this kind would be needed in order to allow communication with people distant in the web of connections. Without this, I think we will continue to have problems with PGP being unable to validate keys of people we want to communicate with. People will collect huge laundry lists of signatures in the hopes that whoever wants to commu- nicate with them will know one of those people. Centralized key validators will appear (as in the case of the SLED service being started now, which will sign a key based on a signed check with your name on it). The result may be a choice between using an unsigned key or using one signed by some faceless bureaucracy, which is no better than the original PEM conception. (People may be confused by this essay because they thought PGP worked this way already. PGP does have a follow-the-web model, but that is only for following signatures. In the example above, where I wanted to talk to Joe and there was a chain to him through A, B, C, and D, we have to first sup- pose that I know and trust all of A, B, C, and D. Given that, what PGP can do is to determine whether I have valid keys for all of those people. It will notice that A has signed B's key, so it is valid. I know B and told PGP he was trustworthy, and he signed C's key, so therefore that one is valid. Sim- ilarly, I know C and I know D so PGP can follow the chain through them. Fin- ally we come to Joe, whom I don't know, but because I know D and PGP followed the web to determine that D's key is valid, PGP can determine that Joe's key is valid. But again, that was only because I knew D and everyone else in the chain. The bottom line is still that I can only communicate with people who know someone I know.) Hal From jim at rand.org Wed Mar 30 09:28:10 1994 From: jim at rand.org (Jim Gillogly) Date: Wed, 30 Mar 94 09:28:10 PST Subject: the rest of the key In-Reply-To: <199403301705.JAA19822@well.sf.ca.us> Message-ID: <9403301727.AA15480@mycroft.rand.org> > I was just wondering.... If the NSA could get it's hands on half > (40) of any particular clipper key, wouldn't that just leave 2^40 > to compute? Even with brute force, it's trivial even next to DES. No -- not like that, anyway. The two halves are each 80-bit numbers constructed from the key generation process, and the unit key is the XOR of the two of them. Having one doesn't give any information about the key, if the key generation people are behaving honestly. Obviously if one of the halves is supplied by somebody sneaky they don't need the other half; but the procedure as outlined by Denning would make this impossible if Skipjack is as strong as she believes. I understand the Skipjack review committee will be looking into the key generation process at Mykotronx also. The procedures originally proposed for burning in the keys has some annoying flaws that have been pointed out frequently, like the existence of both halves in the same room at the same time, which would be a tempting target for somebody siphoning them off to a private single-site escrow. :) Various people have suggested that the two halves of the key could be burned in at separate locations, so that the only place they're put together is in the key itself; this was not part of the proposal as we've seen it so far out here. Jim Gillogly Sterday, 8 Astron S.R. 1994, 17:25 From jim at mycroft.rand.org Wed Mar 30 09:33:40 1994 From: jim at mycroft.rand.org (Jim Gillogly) Date: Wed, 30 Mar 94 09:33:40 PST Subject: Another view of the CFP Message-ID: <9403301733.AA15513@mycroft.rand.org> This is redistributed with the author's permission. Do a search on "Lytel" for some especially interesting stuff. Jim Gillogly Sterday, 8 Astron S.R. 1994, 17:30 ------- Forwarded Message Subject: CFP summary Lorrie Cranor's CFP94 Conference Review The following is my second annual Computers, Freedom, and Privacy conference report. Last year I wrote a report on CFP93 for my advisor and friends and soon had requests to distribute it around the world (followed by rebuttals from half the EFF board). So this year I'll go ahead and grant permission for reposting in advance. If you do repost or if you have any comments or corrections, please let me know. I have tried my best to accurately quote people and get the spelling of speakers' names right. However, I have not had the opportunity to listen to a tape of the proceedings, double check with the speakers themselves, or even carefully edit this report, so there may be some (hopefully minor) errors. Anyway, here is the CFP94 conference as I experienced it. All unattributed opinions are my own. I flew into Chicago around noon on March 23 and took the train to the Palmer House Hilton, the conference hotel. I was impressed with the way the train stopped almost right at the hotel entrance -- until I realized that my room was almost directly above the train station. At CFP93 last year I was often tempted to skip a session, enjoy the sunshine, and walk along the bay. However, at CFP94, held in a high rise hotel in the middle of a maze of very tall buildings and elevated train tracks that prevented all but the most determined sun beams from making their way down to street level, this was not a temptation. I missed the morning pre-conference tutorials, but arrived in time to attend a three-hour afternoon tutorial session at the John Marshall Law School (a few blocks away from the conference hotel). The election tutorial I had planned on attending was canceled, so I went to a tutorial on cryptography instead. Despite the hot stuffy air in the room (as they wheeled in auxiliary air conditioners and draped air hoses around the room the people from Chicago kept explaining that it wasn't supposed to be 75 degrees in Chicago in March and that very tall buildings don't adapt well to temperature change), the cryptography tutorial was quite interesting and informative. Lawyer Mark Hellmann gave some good background information in his introduction, but Matt Blaze of AT&T Bell Labs stole the show with his presentation titled "Everything you need to know about cryptography in just 60 easy minutes." Blaze explained why cryptography is useful/necessary, how some popular cryptosystems work, some applications in which cryptography is used, and questions people should ask before using a cryptosystem. His conclusion was "Be realistic, but be paranoid." Douglas Engert of Argonne National Laboratory followed with a rather rushed and confusing explanation and demonstration of Kerberos, a "practical implementation of encryption." Conference chair George Trubow officially opened the single-track conference at 8:30 a.m. on Thursday morning. He announced some changes to the conference program and introduced John McMullen, scholarship chair. McMullen introduced the scholarship recipients (including myself) and noted that three-time scholarship winner Phiber Optik would not be in attendance because he is currently in jail. The keynote address, originally scheduled to be delivered by John Podesta, was delivered by David Lytel of the White House Office of Science and Technology Policy. Lytel first spoke about the administration's plans for the National Information Infrastructure (NII), explaining that the white house was attempting to lead by example by accepting email correspondence (and maybe soon actually responding to it properly) and making white house publications available electronically. (Look for a "welcome to the white house" WWW server sometime soon. Information from the II task force is currently available via gopher from iitf.doc.gov.) Lytel then put himself in the line of fire by discussing the administration's encryption policy. He stated the goals of this policy as 1) to provide a higher baseline security for everyone and 2) to maintain the ability to do wiretaps. Notably, he stated: "There will be no restrictions on domestic use of encryption," and "If you don't think Clipper is secure, don't use it." Then the bombing began. In the following Q&A session, Lytel claimed ignorance on many points of the Clipper proposal, but did make some interesting claims. He stated that (here I've paraphrased): - Clipper will be a government procurement standard that agencies may choose to use in addition to other standards. - The establishment of a public key registration system for all public key cryptosystems is important (this has not been officially proposed). - Clipper-encrypted messages may be further encrypted with another cryptosystem. However, messages may not be encrypted before being encrypted with Clipper. - The public is more at risk from criminal activity (which Clipper may be able to prevent) than from government abuse of power. - Clipper was designed by the government for it's own use. But they wouldn't mind if it becomes popularized as a commercial product. - Clipper was only designed to catch "dumb criminals." - Clipper does not make it easier or harder for law enforcement to get permission to do a wire tap. After a short break, Lytel took the podium again as one of six panelists in a discussion of "The Information Superhighway: Politics and the Public Interest." The panelists generally agreed that the information superhighway should provide "universal access" and two-way communication. They all seemed to fear a future in which the information superhighway was simply a 500 channel cable television network in which two-way communication only occurred when consumers ordered products from the home shopping network. Jeff Chester of the Center for Media Education stressed the need for public activism to prevent the form and content of the information superhighway from being determined only by cable and telephone providers. In the following Q&A session the "information superhighway" was dubbed a bad metaphor ("The vice president's office is the department of metaphor control," quipped Lytel.), and subsequently used sparingly for the remainder of the conference. Thursday's lunch (all lunches and dinners were included in the price of admission) was the first of many really bad meals served at CFP. I requested vegetarian meals and winded up eating plate after plate of steamed squash. My meat-eating friends claimed not to enjoy their meals either. Fortunately the lunch speaker was much better than the lunch itself. David Flaherty, Canada's Information and Privacy Commissioner, explained what his job entails and gave some interesting examples of privacy cases he has worked on. The first panel discussion after lunch was titled "Is it Time for a U.S. Data Protection Agency?" The panelists agreed that with all the information currently being collected about people, it is time for the U.S. to institute an organization to help protect privacy. Currently, litigation is the only way to force compliance with the "patchwork" of privacy laws in the U.S. However, the panelists disagreed on what form a privacy protection organization should take. The most concrete proposal came from Khristina Zahorik, a congressional staffer who works for Senator Paul Simon. Simon recently introduced legislation to form a five-member independent privacy commission. Martin Abrams of TRW objected to the formation of a commission, but supported the formation of a "fair information office." Law professor Paul Schwartz then discussed the European draft directive on data protection and stated that once the Europeans approve this directive the U.S. will have difficulty doing business with Europe unless a U.S. data protection board is formed. In the next panel discussion, "Owning and Operating the NII: Who, How, and When?" Mark Rotenberg of Computer Professionals for Social Responsibility (CPSR) played talk show host as he questioned four panelists. The panelists stressed the importance of universal access and privacy for the NII. Barbara Simons, chair of ACM's new public policy committee USACM, was particularly concerned that the NII would be viewed as an electronic democracy even though large segments of the U.S. population would be unlikely to have access to it. "I worry that when people talk about electronic democracy they might be serious," she said. She added that NII discussions are exposing all of the major problems with our society including poverty and poor education. Her comments were interrupted by a call to the podium phone, which turned out to be a wrong number. Jamie Love of the Taxpayer Assets Project pointed out problems that could occur if NII providers do not have flat rate fees. For example, listservers, which are often used as organizational and community-building tools, would not be able to exist unless somebody volunteered to pick up the tab. Somebody from the audience pointed out that throughout the day panelists had been opposing plans for carrying entertainment on the NII, despite the fact that most Americans want entertainment, especially shows like Beavis and Butthead. Love explained that the panelists were not opposing entertainment plans, just plans that only include entertainment. He noted, "I personally like to watch Beavis and Butthead." After the panel discussion, conference organizers scurried to hook up a teleconference with Senator Patrick Leahy, author of the 1986 Electronic Privacy Act. Jerry Berman acted as moderator, speaking to Leahy through the podium phone as audience members watched and listened to Leahy on a projection TV. The teleconference began with some technical difficulties during which the audience could see Leahy, but only Berman could hear him. Berman reported this problem to Leahy and then told the audience, "Senator Leahy may hold his speech up in front of his face." Once the technical difficulties had been worked out, Leahy discussed the NII and problems with the Clipper proposal. The final panel discussion of the day was titled, "Data Encryption: Who Holds the Keys?" The discussion began with a presentation from Professor George Davida, whose 1970s crypto research brought him some unwanted attention from the National Security Agency (NSA). Davida explained the importance of cryptography for both privacy and authentication. The Clipper proposal, he said, was a bad idea because it would attempt to escrow privacy. He pointed out that the bad guys have a lot of money to hire hackers to write encryption schemes for them that the government does not hold the keys to. Furthermore, he opposed the idea of the NSA being responsible for an encryption scheme that many people would use to guard their privacy. "Asking the NSA to guarantee privacy is kind of like asking Playboy to guard chastity belts," he explained. Next, Stewart Baker of the NSA took the podium to deliver an ultra-slick presentation on the "Seven Myths about Key Escrow Encryption." His main points (here paraphrased) were: - If you think key escrow encryption will create a "brave new world" of governmental intrusion, ask yourself how bad governmental intrusion is today. If won't be any worse with key escrow encryption. - If you think unreadable encryption is the key to our future liberty, you should be aware that the beneficiaries of unreadable encryption are going to be bad guys. - If you think key escrow encryption will never work because crooks won't use it if it's voluntary and therefore there must be a secret plan to make key escrow encryption mandatory, you're wrong. - If you think the government is interfering with the free market by forcing key escrow on the private sector, remember that nobody is forcing the private sector to use Clipper. - If you think the NSA is a spy agency and thus has no business worrying about domestic encryption policy, you should realize that the NSA also designs encryption technology for government use. David Banisar of CPSR followed Baker with more anti-Clipper arguments. Banisar pointed out that communication systems are designed to communicate, not to provide intelligence information. If we build communications systems as intelligence systems, we are treating everyone as a criminal, he said. He pointed out that there were about 14 million arrests in the U.S. in 1992, but only about 800 wire taps. The encryption panel was followed by the annual EFF awards reception and the conference banquet. (Incidentally, I can't complain about the EFF board the way I did last year because most board members were not present this year. Seriously, though, I have been much more impressed with the way EFF has been reaching out to its members this year.) During dinner (more squash) Ben Masel of NORML lectured my table on how to legally harvest marijuana. After dinner, the lights dimmed, choir music played, and Simon Davies walked through the banquet hall garbed in pontifical robes. The founder and Director General of Privacy International, Davies told the audience he would read from "The Book of Unix." Davies read a witty parable about privacy in the U.S. and then urged the audience to "get off their computer screens and start lobbying ordinary people." He said efforts like CPSR's anti-Clipper petition only reach people on the net, not the general public. Unless the public becomes aware of privacy problems, there will be no privacy in the U.S. within 15 years he stated. Following Davies' talk, conference participants went to Birds-of-a-Feather sessions, some of which ran until almost midnight. I stopped by a BOF for scholarship winners before attending a lively discussion on "Censorship of Computer-Generated Fictional Interactivity." The second day of the conference began at 9 a.m. Many participants had not gotten enough sleep the night before, and many skipped the first session on health information policy. Congressional staffer Bob Gellman discussed a bill in the U.S. House of Representatives that would provide for comprehensive rules for using health information, patient rights for access to and correction of their health information, and security of health data. He said the bill was important because health reform will increase the use of medical information. (The bill is available via gopher from cpsr.org. An OTA report on privacy of computerized medical information is available via FTP from ota.gov.) Janlori Goldman of the ACLU added that privacy has been an afterthought in health care reform proposals. All panelists agreed that if the privacy problem is not dealt with, patients will withhold important information from their doctors so that it does not appear in their medical records. In response to a question from the audience about the use of social security numbers as medical identification numbers, the panelists gave conflicting responses. Goldman opposed the use of the SSN for identification purposes because it is not a unique identifier and because it is already used for other purposes and thus easy to cross reference. However, Gellman argued that if a new identification number is introduced, it will soon have the same problems as the SSN. He said the SSN should be used, but there should be restrictions on its use. Lee Ledbetter of HDX added that most databases can do cross references based on telephone numbers. The panelists also discussed the problem of informed consent. Gellman explained that people often sign away privacy rights through informed consent because they think they have to, not because they really are informed or consenting. The next panel was titled, "Can Market Mechanisms Protect Consumer Privacy?" This discussion, which centered around whether privacy is a right or good, was probably most easily understood by the lawyers and economists (I am neither) in the audience. Of note, panelist Eli Noam suggested that consumers could reduce intrusion on their privacy by telemarketers if telemarketers could only reach them through personal 900 numbers. Mark Rotenberg explained that the real problem with caller ID is that the phone companies use it to sell rights to consumers. One audience member challenged a panelist's proposal that people should own the information about themselves asking, "Who owns your birthday -- you or your mother?" The lunch lecture was eloquently delivered by Phil Zimmermann, author of Pretty Good Privacy (PGP), a public key encryption tool. Zimmermann, who is being investigated for export control violations but has not been indicted, told the audience that the future of privacy in America is not hopeless. Referring to the Clipper proposal he said, "We live in a democracy here... we ought to be able to stop it." Zimmermann explained why he developed PGP and allows it to be distributed free of charge. He also spoke out against the fact that all public key cryptography patents are in the hands of one company (thus those who use PGP without licensing the cryptographic algorithm may be breaking the law). The next panel discussion focused on "Creating an Ethical Community in Cyberspace." Computer science professor Martin van Swaay began by explaining the importance of trust in a free society. "Freedom is not the absence of restraint, but the presence of self restraint," he stated. He said freedom is necessary to earn trust, and trust is necessary to give laws meaning. Philosophy professor Bruce Umbaugh then discussed anonymity and pseudonymity in cyberspace. He gave some examples of cases where pseudonymity is useful but anonymity is not and explained why anonymity is much more of a threat than pseudonymity. Steven Levy, author of Hackers, then discussed the hacker ethic and how it is helping to shape cyberspace. In response to a question, van Swaay said he reserves the right to ignore anonymous messages because, "If you have something real to say, why do you want to hide? And if you want to hide, it makes me wonder why." Most non-computer-scientists skipped the next panel discussion, "Standards for Certifying Computer Professionals." However, among computer scientists, the panel was quite controversial. Professor Donald Gotterbarn explained that both ACM and IEEE are considering licensing proposals. He discussed one proposal that would impose mandatory licensing on computer professionals. The proposal called for various levels of licensing, based on skill and areas of competence. Attorney Steve Barber explained some of the problems with a licensing model, including the fact that licensing is usually handled by the states and thus varies from state to state. John Marciniak of CTA Inc. stated that the computer industry does not need licensing because the companies, not the programmers, stand behind their products. He suggested that a voluntary certification program be considered instead. Another panelist (whose name was not in the program) insisted that "when a B777 [a plane with completely computerized controls] goes down, we will have licensing." He suggested that computer professionals come to a consensus about what kind of licensing they want so that they can tell congress when congress demands licensing. Gotterbarn urged people interested in working on a licensing proposal to contact him at d.gotterbarn at computer.org. The final panel of the day, "Hackers and Crackers: Using and Abusing the Networks," was led by Emmanuel Goldstein, publisher of 2600 magazine. Goldstein hung a sign reading "hackers" on the table where the four other panelists sat. He hung a sign reading "crackers" on an empty table at the opposite side of the podium. "One thing that distinguishes hackers from crackers is that hackers are here and crackers are not," said Goldstein. After rattling off several other differences he looked under the empty table and retrieved three boxes of crackers (the edible kind). "Alright I stand corrected," he quipped. As Goldstein spoke admiringly about hackers and their quest for knowledge, several audience members were mumbling that they didn't understand. Goldstein then unveiled a large photograph of hacker Phiber Optik and played a taped message that Phiber recorded from prison. Panelist Bruce Fancher of Mindvox said he used to think there was no problem with breaking into other peoples' computer systems. "I think my opinion changed when I started running a public access Internet site....[I discovered that a breakin] wasn't that charming." He encouraged hackers to explore and learn about computer systems, but urged them not to break into other peoples' systems. Panelist Robert Steele described hacking as "elegance." He explained, "Hacking is doing it better than it has ever been done before," no matter what "it" is. He added that hackers should not be blamed for breaking into systems because most systems are wide open to attack. "Ethics is nice. Engineering is better," he stated. Panelist Bob Strantton of UUNET discussed the need for an electronic "place" people can go to learn things without disrupting the work of others. During the Q&A session Goldstein illustrated how unsecure computer and telecommunication systems are by picking up a cellular phone call on a hand-held scanner, much to the amazement of some audience members. The day's program concluded with a dinner reception at Chicago's Museum of Science and Industry. The food was tasty (finally a decent meal) and the museum exhibits were both educational and enjoyable. The final day of the conference began with a 9 a.m. panel on "The Role of Libraries on the Information Superhighway." Carl Kadie, editor of Computers and Academic Freedom News, described several cases in which he had turned to library policies when recommending solutions to computers and academic freedom problems. Kadie explained that libraries have adopted policies that protect free speech and free access to information. Next Bernard Margolis, director of Pikes Peak Library District discussed the roles of libraries on the information superhighway, describing libraries as on ramps, filling stations, and driver training schools. He also noted that as electronic resources have been added to the Pikes Peak libraries, the demand for traditional resources has not decreased. Elaine Albright of the University of Maine library described some of the issues related to electronic information delivery currently being discussed by librarians. A pamphlet discussing these issues is available from the American Library Association by contacting u58552 at uicvm.uic.edu. The next panel, "International Governance of Cyberspace: New Wine in Old Bottles -- Or is it Time for New Bottles?" was another discussion for the lawyers in attendance. I got lost in the legal jargon as panelist discussed whether cyberspace has sovereignty and what sort of laws could be practically enforced there. Panelist Herbert Burkett described the net as "the greatest threat to national sovereignty since the opening of the first McDonalds in Paris." In the Q&A period, cypherpunk Eric Hughes put the whole conversation in perspective (for me at least) when, referring to people who use cryptography to hide their identities, he asked "How is national sovereignty going to have any effect if you can't find us?" The final conference lunch featured more squash and short presentations from three of the student paper competition winners (the fourth winner, a student from the computers and society course I taught last semester, was not able to attend the conference). The first panel after lunch discussed "The Electronic Republic: Delivery of Government Services over the Information Superhighway." This was an interesting, but relatively low bandwidth session about how governments can use information technology to collect and disseminate information. Panelists from information "kiosk" vendors had nothing but praise for pilot projects in several states. However, Jeff Arnold of the Cook County circuit court raised a number of concerns about allowing the public to access computerized court records. In particular he was concerned about people who want to use court records to generate advertising mailing lists (a list of recent divorcees or traffic offenders for example) and liability for incorrect information. The next panel, "Education and NREN, K-12" was quite interesting, but not well attended. (By this time most conference participants were networking in the hallway outside the main conference room.) The panelists generally agreed that most schools are organized in a way that is not reflected in the organization of the Internet. Panelist Steve Hodas explained that schools are usually organized into tidy departments and that information flows mostly in one direction (from book to student). In addition schools generally regard the absence of censorship as a system failure. The Internet, on the other hand, is not tidy, allows a two-way flow of information, and views censorship as a system failure. Hodas warned, as people rush in to protect schools from the net, "we must remember to protect the net from the schools." Panelist Philip Agre added, "American democracy is suffering, in part because of educational practices." Janet Murray, a school librarian, gave a humorous presentation in which she emphasized the importance of freedom of access to information. "If you're worried about what students can access on the Internet, think about what else they have access to," she said as she displayed slides of racy material found in popular news publications. The final CFP94 session was titled "Guarding the Digital Persona." The panelists first discussed the problem of too much personal information finding its way into the hands of direct marketers. Possible solutions discussed included requiring yellow-page style advertising and creating a new legal fiction -- an electronic person with the right to own money, communicate electronically, and not be arbitrarily deleted. The legal fiction suggestion was motivated by the idea that it would be impossible to create useful profiles of people if all the information about them was compartmentalized and each compartment had a separate identity. This idea seemed to be bordering on science fiction, and thus the final speaker, science fiction writer Bruce Sterling, seemed an appropriate choice to bat cleanup. I had considered writing an abstract for this lengthy report, but I don't think I could do as good a job as Sterling did in his remarks. I have read some of Sterling's books, but this was the first time I have heard him speak. I must say, the man can speak as well as he writes, and he writes pretty darned well. Sterling began his talk by stating his general lack of concern about privacy. "Being afraid of monolithic organizations, especially when they have computers, is like being afraid of really big gorillas, especially when they are on fire," he explained. "How can privacy abuses be kept a secret?" He then proceeded to describe what he will remember about CFP94. He characterized this conference (the fourth CFP) as "the darkest CFP by far." Referring to the administration's proposed encryption policy he stated, "I see nothing but confrontation ahead." Sterling reminded the audience of David Lytel's unsettling key note address ("Who was briefing that guy?") and Stewart Baker and the seven myths that the NSA wants you to believe are not true ("a tone of intolerable arrogance"). And he mentioned Dorothy Denning, one of the few Clipper supporters in the computer science community. Denning was not in attendance this year, but she was worth mentioning because she was certainly present in spirit. Read the talk yourself if you see it posted on the net. I think Sterling identified what was on the minds of most conference attendees. While some attendees were extremely concerned about their privacy, most had never really considered that they had anything to hide, or even anything that anyone else really wanted to know. And yet, almost everyone was bothered by the Clipper proposal and the fact that it would treat them as if they had something to hide. Last year's conference was much more animated and controversial. People were constantly complaining that there wasn't enough time for all views to be heard. This year there was much more harmony; but it was a dark harmony. The disagreements among panelists seemed relatively insignificant when compared to the disagreement between the people and their government. Epilogue: As I rode the train out to the airport, I noticed an advertisement for the Chicago Sun-Times "Social Security Sweepstakes." It seems the Sun-Times is asking people to send in their names and social security numbers for a chance to win a trip to Hawaii. Is this informed consent? -- Lorrie Faith Cranor March 27, 1994 /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Lorrie Faith Cranor Engineering and Policy, Computer Science Washington University http://dworkin.wustl.edu/pub/lorracks/home.html 1 Brookings Dr Box 1045 St. Louis, MO 63130 "UNLESS someone like you cares a whole awful lot, lorracks at cs.wustl.edu nothing is going to get better. It's not." -Dr.Seuss \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ------- End of Forwarded Message From hughes at ah.com Wed Mar 30 10:04:20 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 10:04:20 PST Subject: the rest of the key In-Reply-To: <199403301705.JAA19822@well.sf.ca.us> Message-ID: <9403301750.AA00784@ah.com> > I was just wondering.... If the NSA could get it's hands on half >(40) of any particular clipper key, wouldn't that just leave 2^40 >to compute? Even with brute force, it's trivial even next to DES. "half" is a a random number which is XOR'd with 80 bits. Both halves look random. The XOR of the two halves is not. Eric From gnu at cygnus.com Wed Mar 30 10:05:41 1994 From: gnu at cygnus.com (John Gilmore) Date: Wed, 30 Mar 94 10:05:41 PST Subject: Stanford,CA Clipper debate Wed 30Mar: Rotenberg vs. Asst US Atty Message-ID: <9403301805.AA06590@cygnus.com> Sorry for the late notice; I just found out today: ... I saw this notice at the law school yesterday ... "Encryption and digital communications: law enforcement or privcacy? An Oxford-style depate with J. Kent Walker, Assistant US Attorney and Coordinator, high-tech task force; and Marc Rotenberg, Wash. Director, Computer Professionals for Social Responsibiltiy Wed. March 30 at 5:30 Stanford Law school room 290 From ravage at bga.com Wed Mar 30 11:10:56 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 11:10:56 PST Subject: Crypto and new computing strategies In-Reply-To: <9403301536.AA00533@ah.com> Message-ID: <199403301754.AA00993@zoom.bga.com> I am not shure that it has been demonstrated that a QM mechanis is necessarily solely of a Turing architecture. When one considers the dependancy of electron spin (for example) over distance (which happens to break the 'speed of light' limit) there is sufficient reason (to my mind) to suspect that there will be some additional funkyness going on here. Also there is the potential to use neural networks at these levels (which are not necessarily reducable to Turing models, the premise has never been proven) which coupled w/ the speed of computation considerations leaves a lot to be said for the security of all the existing 'time to crack' computations that I have seen to date. The bottem line is that this whole area is a unknown and if we persist in carrying unproven assumptions from the macro-world over into the QM model we WILL be in for a nasty surprise. I want to reiterate that I am not saying there is a threat, simply that what we know about it know is not sufficiently strong enough in the 'proof' area to carry the weight of resolution some c-punks would like to assign it. Beware, there be Ogres there... From m5 at vail.tivoli.com Wed Mar 30 11:12:31 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 30 Mar 94 11:12:31 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301756.AA01088@zoom.bga.com> Message-ID: <9403301800.AA19557@vail.tivoli.com> Jim choate writes: > The problem w/ the whole N - NP approach P - NP > is that is assumes that the QM > model behaves as we would expect it to, it doesn't. I think this is one of > those assumptions that are better left un-made. I have worked w/ enough QM > projects throug UT and Discovery Hall (Dr. Turner and Dr. Prigogine) that > I am not comfortable assuming the QM world even cares about the N or NP > issues we are debating. It sounds as if you're claiming that mathematics as we know it does not apply when dealing with quantum effects. I suggest that this is a strong statement, and I add that I see no reason to believe it. At the same time, I'm neither a mathematician or a physicist. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From ravage at bga.com Wed Mar 30 11:14:45 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 11:14:45 PST Subject: Crypto and new computing strategies In-Reply-To: <9403301459.AA18143@vail.tivoli.com> Message-ID: <199403301756.AA01088@zoom.bga.com> > > > Jim choate writes: > > While I can understand the commen wisdom such QM type machines are > > not a threat to the present cyrpto-cracking horsepower race I must > > admit I don't agree with it. First, historicaly (and emotionaly on > > my part) I have a hard time taking the premise that the status quo > > will stay the status quo. I have this belief that some bright > > person is going to come along and blow all our pipe dreams away. > > It has happened before and it WILL happen again, especially when > > you consider the resources available to the government. > > Remember, however, that advances in technology benefit encryptors as > well as codebreakers. Unless the "bright person" comes along and > proves P == NP, there's still opportunity to develop strong > cryptosystems. (Indeed, if a bright person comes along and proves > that P != NP, then things look pretty good.) > > -- > | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | > | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | > | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | > The problem w/ the whole N - NP approach is that is assumes that the QM model behaves as we would expect it to, it doesn't. I think this is one of those assumptions that are better left un-made. I have worked w/ enough QM projects throug UT and Discovery Hall (Dr. Turner and Dr. Prigogine) that I am not comfortable assuming the QM world even cares about the N or NP issues we are debating. From m5 at vail.tivoli.com Wed Mar 30 11:31:32 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 30 Mar 94 11:31:32 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301754.AA00993@zoom.bga.com> Message-ID: <9403301931.AA19705@vail.tivoli.com> Jim choate writes: > Also there is the potential to use neural networks at these levels > (which are not necessarily reducable to Turing models, the premise > has never been proven) Uhh, gee; given that I've seen neural networks implemented on conventional computer systems, and as far as I know those were perfectly functional (if slow) neural networks, I think that pretty much proves it (as if it needed to be). I'd say that the burden of proof is to demonstrate that there are algorithms implementable on a neural network which are unimplementable on a Turing machine. That'd be a pretty significant breakthrough. > The bottom line is that this whole area is a unknown and if we persist in > carrying unproven assumptions from the macro-world over into the QM > model we WILL be in for a nasty surprise. Complexity theory doesn't have anything to do with any world, macro- or micro- or mega- or whatever. It's mathematics. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From pcw at access.digex.net Wed Mar 30 11:32:01 1994 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 30 Mar 94 11:32:01 PST Subject: Crypto and new computing strategies Message-ID: <199403301930.AA19134@access2.digex.net> Analog computers have very different behaviors than digital computers. I believe that it is possible to find the longest path in a graph merely by building a string model of it which takes O(n) time. This is rusty. Some guys have also build an analog machine that can solve 3SAT problems in linear time. They surmise, though, that the machine must be built with precision that is exponential in the number of terms. I.e. it won't work. I would assume that any QM machines will _not_ be exclusively digital. This is the easiest programming model, but someone may come up with a better one. -Peter From danisch at ira.uka.de Wed Mar 30 11:34:30 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 30 Mar 94 11:34:30 PST Subject: Secure MPEG ??? Message-ID: <9403301752.AA14531@deathstar.iaks.ira.uka.de> Hello, does anyone know what's "Secure MPEG" and how it works? Of course it must have something to do with security and mpeg compression, but I am looking for details and specs. thanks Hadmut From ravage at bga.com Wed Mar 30 11:38:31 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 11:38:31 PST Subject: Crypto and new computing strategies In-Reply-To: Message-ID: <199403301746.AA00769@zoom.bga.com> > > > > On Wed, 30 Mar 1994, Jim choate wrote: > > > it. First, historicaly (and emotionaly on my part) I have a hard time taking the > > premise that the status quo will stay the status quo. I have this belief that > > some bright person is going to come along and blow all our pipe dreams away. > > However faster cracking means faster encrypting (using larger keys) as > well. I don't think the US government can maintain a tech edge over the > market for long in any case. The Soviet government couldn't. > > DCF > > > > The point that is being missed is that if a method arrises to crack a n-bit key there is sufficient reason to believe that it can be used to crack a m-bit key, where m>n. I suspect that when the algorithm is worked out that it will NOT be bit length dependant. Also remember where most crypto folks get their funding from...Uncle Sam or his kin. From mimsy!anagld!decode!system at uunet.UU.NET Wed Mar 30 11:40:07 1994 From: mimsy!anagld!decode!system at uunet.UU.NET (System Operator) Date: Wed, 30 Mar 94 11:40:07 PST Subject: Anti-Clipper leaflet at government expo Message-ID: This is a few days late, but in a going through the stack of items I picked up at the FOSE show in Washington, DC, last week, I found a 3 inch by 5 inch yellow flyer with the following message: ----------------------------------------------------------------------- STOP THE CLIPPER CHIP! For more info Before it's too late: [ fist with two lightning bolts ] CYBER RIGHTS NOW! Electronic Frontier Foundation - membership at eff.org Computer Professionals for Social Responsibility - cpsr.info at cpsr.org WIRED's infobot - infobot at wired.com "get help" in msg body Read the April 1994 issue of WIRED Concerned Cyberdykes for Electronic Freedom Not associated with WIRED, EFF, or CPSR ----------------------------------------------------------------------- Someone was busy with a copy machine. The FOSE show was a particularly good choice -- the vast majority of attendees were government employees, presumably the ones most likely to be using Clipper. Dan -- system at decode.UUCP (System Operator) Cryptography, Security, Privacy BBS +1 410 730 6734 Data/FAX From strat at uunet.uu.net Wed Mar 30 11:57:10 1994 From: strat at uunet.uu.net (Bob Stratton) Date: Wed, 30 Mar 94 11:57:10 PST Subject: Cerf calls for "international cryptography standard" In-Reply-To: <9403300623.AA11132@toad.com> Message-ID: <9403301806.AA03065@odin.UU.NET> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Eli" == Eli Brandt writes: >> ... >> Cerf says that development and use of an international >> encryption standard is the only reliable solution to the >> problem. (Chronicle of Higher Education 3/30/94 A22) Eli> He's right, but I'd like to think he doesn't have Eli> Clipper/Capstone in mind. He doesn't. I was at the hearings, and both Vint and Steve Crocker from TIS were clear that the U.S. Gov't needed to lighten up, or we'd take it in the pants from a competitive perspective, amongst other things. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZm/gNpAw4w47a4DAQGVrAQAwJ+cg5IlSYacifZvyARcwQKnqaFkEmeo ozQJ2ttx7dgrS/RTwJsHeNYMZpYzq74fK3rIwRoqSCTK3xxWVByrHd7i9YXwC8xl EoYh/YWZZfsd+M1b5ZxVzkFZVSfH60zNMpRP8nTvi6/KB25pU/sISrRJTzkkHiGv FuQORzaD33E= =2cIK -----END PGP SIGNATURE----- From tcmay at netcom.com Wed Mar 30 12:10:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 30 Mar 94 12:10:49 PST Subject: The Focus on Clipper Details Plays into Their Hands Message-ID: <199403301845.KAA14830@mail.netcom.com> I believe the focus on Clipper/Skipjack details and technical issues plays into the hands of those who want to deploy these systems. * By concentrating on issues of key length, escrow details, availability of the chips, etc., attention is shifted from the real issue--the mandatory use of Clipper (probably) and why this is so wrong--to the issue of _practicality_. * If the issue becomes _practicality_ instead of _ethicality_, then we ultimately lose, I fear. Any criticisms we successfully raise can be more or less responded to by the NSA, Denning, Sternlight, and so on. Then we'll look for new practical problems, and the chase will continue. Meanwhile, Clipper will be that much furhter along. * My response when people ask me about arcane details of key length, family keys, etc., is to just _snort_ and shake my head and say: "Who cares? I don't plan to use it." * I'm really not slamming those on this list who are actual experts on the Clipper system, as much as anyone outside the NSA can be of course. Their intelligent comments, their poking of holes, and so forth, has been useful. * My concern is that too much attention can be focussed on a fundamentally wrong idea, much like the syndrome of the pilot of an aircraft staring at his altimeter and tapping it furiously as he crashes. * If, for example, the Cypherpunks and others help to compile a list of questions about Clipper (and recall that we did just that about a year ago) and then these questions are answered or otherwise dealt with, where does this leave us? In my opinion, the very notion that one's private keys have to "escrowed" with the local cops is ethically flawed. If the proposal were that house keys had to be escrowed, or that personal diaries had to be escrowed, would we be debating the technical details of what kinds of envelopes the diaries would be sealed in? Granted, Cypherpunks is a techncally-oriented group, more so than legally or politically oriented (though most of us are politically aware and motivated by ideology), and so we have a store of knowledge about crypto that most folks don't have. Hence a focus on Clipper's arcane details is to be expected. But let's be sure it doesn't divert us away from a prinicple rejection of the whole concept of key escrow. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From gtoal at an-teallach.com Wed Mar 30 12:14:50 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 30 Mar 94 12:14:50 PST Subject: Very funny, Polyanna :-( [namespace pollution] Message-ID: <199403301844.TAA19801@an-teallach.com> From: Eric Hughes contracting and for authentication. The current systems don't support this, and will, I suspect, not support this any time soon. In the meanwhile such policies will have to be created manually, even if their operation is transparent. >Whatever solution we can find will have to involve active support >from the keyservers I suspect. The key servers are just serving data. To add policy criteria to the key servers is to extend their functionality beyond their original intent. So? It has to be done *sometime* by someone. The point I was making was that for pgp (or any equivalent cyphered mail system) to work *en masse*, it has to be completely automatic and idiot-proof. I'm not talking about *us* here, I'm talking about your old mother, or Mac users, or the company technophobic managing director etc. What I see as desirable for such people is that their mail is encrypted whenever possible, but they don't have to do anything to make it happen. This means that the current web of trust scheme is not an applicable model, because these people have defined *no* trusted paths at all. We need some relatively trustworthy mechanism for getting pgp keys that will foil a denial-of-service attack - either the one I suggested where someone sets up a key for a mailing list or mail2news gateway (either maliciously or accidentally as with our friend Paulie-Anna) - or where someone creates a key for a specific person (as one joker did for Sternlight last year (this was a second one; Sternlight had one of his own first which he never revoked before he deleted his private key...)) which means that person won't be able to receive mail - if auto-pgp mechanisms become common. To me it looks like this has to be done by heavy-handed control coming from the keyserver admins, though I'd prefer that there was a more democratic way. Please suggest anything you think is appropriate... For the moment, I think that an auto-pgp mechanism will have to use a relatively secure server like SLED that can't have arbitrary keys added to it by all and sundry. If this is sufficiently different to the current key server mechanism that Eric doesn't object, then fine :-) Actually, the mechanism I forsee for doing this sort of thing is the tcp/ip interface to a keyserver that Ben Cox suggested last november. It *could* be bolted on to the finger server at wasabi, but I think the whole concept needs us to stand back a bit and think of what we really want before we start hacking. One mechanism that crossed my mind - when a new key is added, the keyserver that gets it first might hold on to the new key until after it had mailed the key owner and requested confirmation. This ought to be possible to automate. This would also block the cases where someone bulk uploads their keyring with keys on it which they'd been given in confidence, by people who didn't want their employers or government to know they were using pgp... Graham PS cc'd to alt.security.pgp - would the cypherpunks interested in this thread follow it there with me please? From hughes at ah.com Wed Mar 30 12:23:42 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 12:23:42 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301754.AA00993@zoom.bga.com> Message-ID: <9403302009.AA00292@ah.com> >I am not shure that it has been demonstrated that a QM mechanis is necessarily >solely of a Turing architecture. The Bekenstein Bound gives limits both on the expected maximum number of quantum states encodable in a given volume of space and on the expected maximum number os transitions between these states. If this bound holds (and it certainly seems to hold for EM fields), then a probabilistic Turing machine will be able to simulate it. >Also there is the potential to use neural networks at these levels (which are >not necessarily reducable to Turing models, the premise has never been proven) If you have infinite precision, the statement is unproven. If you have finite precision, you get a Turing machine. You never get infinite precision in real life, even with quantum superposition. Steve Smale did some work a few years ago where he made Turing-type machines out of real numbers, i.e. infinite precision. P=NP for this model, and the proof is fairly easy. From an information-theoretic point of view, you can encode two real numbers inside of another one and do computations in that encoded form, because a real number encodes an infinite amount of information. If it's finite, it's a Turing machine. If it's expected finite, it's a probabilistic Turing machine. If it's infinite, it cannot be implemented in hardware. Eric From hughes at ah.com Wed Mar 30 12:31:37 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 12:31:37 PST Subject: Crypto and new computing strategies In-Reply-To: <199403301930.AA19134@access2.digex.net> Message-ID: <9403302016.AA00316@ah.com> >Analog computers have very different behaviors than >digital computers. But these difference are differences in constant factors of computation, not of computational expressibility. >Some guys have also build an analog machine that can >solve 3SAT problems in linear time. They surmise, though, >that the machine must be built with precision that is >exponential in the number of terms. I.e. it won't work. You can design an infinite family of finite circuits which do 3SAT in linear time as well. The only problem is that it takes an exponentially increasing number of gates. It's exactly the same asymptotic effect, which, as you should all know by now, comes as no surprise to me. >I would assume that any QM machines will _not_ be >exclusively digital. This is the easiest programming >model, but someone may come up with a better one. I don't anticipate QM machines will be deterministic, but they certainly will be bounded in the expected sizes of their state spaces. This will make them simulable by, and therefore equivalent to, probabilistic Turing machines. A significant number of real-life crypto algorithms are already using this model (like primality testing), so there's no advantage in the computational model. Eric From ravage at bga.com Wed Mar 30 12:32:08 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 12:32:08 PST Subject: Crypto and new computing strategies In-Reply-To: <9403301941.AA12612@ciis.mitre.org> Message-ID: <199403302031.AA07448@zoom.bga.com> > > Jim Choate wroate: > >The problem w/ the whole N - NP approach is that is assumes that the QM > >model behaves as we would expect it to, it doesn't. I think this is one of > >those assumptions that are better left un-made. I have worked w/ enough QM > >projects throug UT and Discovery Hall (Dr. Turner and Dr. Prigogine) that > >I am not comfortable assuming the QM world even cares about the N or NP > >issues we are debating. > > What effects at the quantum level lead you to this conclusion? Have you > noticed non-linear increases in computational power or other similar > occurrences? > > -- > Best regards, > > Curtis D. Frye - Job Search Underway!!! > cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu > "Here today, gone ?????" > > > The whole problem w/ QM is that it is not, by its very nature, linear. Every logical thought pattern you have needs to basicly be thrown away when you deal with this real of physics. Consider an electron emitter that throws them out 180 degrees out. Because of the conservation of spin rules the electrons must have opposite spins. However, when they are emitted you can't tell what their individual spins are. However, when you measure one the other INSTANTLY orients to the other value (ie +/- 1). This change happens faster than light (there is no way a electron can emit a photon before you measure it unless it can somehow jump into the future and know a priori when you measure it. Very nasty problem w/ no explanation at this point. You can propose Tachyons and other exotic particles but detecting them because of their lower limit velocity (ie they must always travel faster than light) keeps us from measuring them. The point I am making is that the logical rules you use don't apply down here. From gtoal at an-teallach.com Wed Mar 30 12:32:23 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 30 Mar 94 12:32:23 PST Subject: the rest of the key Message-ID: <199403302029.VAA22528@an-teallach.com> > I was just wondering.... If the NSA could get it's hands on half >(40) of any particular clipper key, wouldn't that just leave 2^40 >to compute? Even with brute force, it's trivial even next to DES. "half" is a a random number which is XOR'd with 80 bits. Both halves look random. The XOR of the two halves is not. Oh yes, and the guy who is asking the spooks about the technical stuff - be sure to find out where this 80-bit random number comes from and where it goes when it's been used... Anyone who knows the split-pattern only needs to subvert *one* of the escrow agencies. G From ravage at bga.com Wed Mar 30 12:36:20 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 12:36:20 PST Subject: Crypto and new computing strategies In-Reply-To: <9403301931.AA19705@vail.tivoli.com> Message-ID: <199403302035.AA07693@zoom.bga.com> > > > Jim choate writes: > > Also there is the potential to use neural networks at these levels > > (which are not necessarily reducable to Turing models, the premise > > has never been proven) > > Uhh, gee; given that I've seen neural networks implemented on > conventional computer systems, and as far as I know those were > perfectly functional (if slow) neural networks, I think that pretty > much proves it (as if it needed to be). > > I'd say that the burden of proof is to demonstrate that there are > algorithms implementable on a neural network which are unimplementable > on a Turing machine. That'd be a pretty significant breakthrough. > > > The bottom line is that this whole area is a unknown and if we persist in > > carrying unproven assumptions from the macro-world over into the QM > > model we WILL be in for a nasty surprise. > > Complexity theory doesn't have anything to do with any world, macro- > or micro- or mega- or whatever. It's mathematics. > > -- > | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | > | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | > | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | > I use both digital and analog circuits in some of my designs and they are not necessarily reducable. Just because you can use a neural network to solve a problem using conventional architecture machines does not a priori prove anything about the reducability of the technology. I would have to say that 'spin glass' model neural networks might be such a model. However, either way you approach it (yours o r mine) it has not been done and assuming it is the same will lead to some problems. Complexity theory is mathematics so I would have to say your last assertion is total drivel. r From ravage at bga.com Wed Mar 30 12:39:29 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 12:39:29 PST Subject: Crypto and new computing strategies In-Reply-To: <9403301800.AA19557@vail.tivoli.com> Message-ID: <199403302039.AA07880@zoom.bga.com> > > > Jim choate writes: > > The problem w/ the whole N - NP approach > > P - NP > > > is that is assumes that the QM > > model behaves as we would expect it to, it doesn't. I think this is one of > > those assumptions that are better left un-made. I have worked w/ enough QM > > projects throug UT and Discovery Hall (Dr. Turner and Dr. Prigogine) that > > I am not comfortable assuming the QM world even cares about the N or NP > > issues we are debating. > > It sounds as if you're claiming that mathematics as we know it does > not apply when dealing with quantum effects. I suggest that this is a > strong statement, and I add that I see no reason to believe it. At > the same time, I'm neither a mathematician or a physicist. > > -- > | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | > | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | > | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | > Mathematics as you and I use to solve most real-world problem don't always work w/ quantum mechanics. It is one of the problems w/ this field. I am not a physicist but am trying to go to school and get a degree in it. From m5 at vail.tivoli.com Wed Mar 30 12:46:38 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 30 Mar 94 12:46:38 PST Subject: Crypto and new computing strategies In-Reply-To: <199403302035.AA07693@zoom.bga.com> Message-ID: <9403302046.AA19970@vail.tivoli.com> Jim choate writes: > > Complexity theory doesn't have anything to do with any world, macro- > > or micro- or mega- or whatever. It's mathematics. > > Complexity theory is mathematics so I would have to say your last > assertion is total drivel. I think you've misunderstood. What I meant was that because it's a purely mathematical set of concepts, it doesn't have anything to do with hardware details. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From ravage at bga.com Wed Mar 30 12:48:36 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 12:48:36 PST Subject: Crypto and new computing strategies In-Reply-To: <9403302009.AA00292@ah.com> Message-ID: <199403302048.AA08237@zoom.bga.com> > > >I am not shure that it has been demonstrated that a QM mechanis is necessarily > >solely of a Turing architecture. > > The Bekenstein Bound gives limits both on the expected maximum number > of quantum states encodable in a given volume of space and on the > expected maximum number os transitions between these states. If this > bound holds (and it certainly seems to hold for EM fields), then a > probabilistic Turing machine will be able to simulate it. > > >Also there is the potential to use neural networks at these levels (which are > >not necessarily reducable to Turing models, the premise has never been proven) > > If you have infinite precision, the statement is unproven. If you > have finite precision, you get a Turing machine. You never get > infinite precision in real life, even with quantum superposition. > > Steve Smale did some work a few years ago where he made Turing-type > machines out of real numbers, i.e. infinite precision. P=NP for this > model, and the proof is fairly easy. From an information-theoretic > point of view, you can encode two real numbers inside of another one > and do computations in that encoded form, because a real number > encodes an infinite amount of information. > > If it's finite, it's a Turing machine. If it's expected finite, it's > a probabilistic Turing machine. If it's infinite, it cannot be > implemented in hardware. > > Eric > First off, EM fields are NOT QM. They do have some characteristics which 'bleed' over form the Quark level. Also since EM fields are made of hardons and not leptons (which an electron is) may blow a hole in this approach since leptons do not follow the same sort of charge conservation rules as hadrons. As to infinite precision and its non-presence....Beeep....wrong answer... Electrons change state in zero time, this implies at least some form o f infinite precision (otherwise how does the system know the difference between zero and some small-o value?). I suspect this is another error based on the implied (and incorrect) implication in this line of discussion that hadrons and leptons use the same rules. From ravage at bga.com Wed Mar 30 12:50:13 1994 From: ravage at bga.com (Jim choate) Date: Wed, 30 Mar 94 12:50:13 PST Subject: Crypto and new computing strategies In-Reply-To: <9403302046.AA19970@vail.tivoli.com> Message-ID: <199403302049.AA08336@zoom.bga.com> > > > Jim choate writes: > > > Complexity theory doesn't have anything to do with any world, macro- > > > or micro- or mega- or whatever. It's mathematics. > > > > Complexity theory is mathematics so I would have to say your last > > assertion is total drivel. > > I think you've misunderstood. What I meant was that because it's a > purely mathematical set of concepts, it doesn't have anything to do > with hardware details. > > -- > | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | > | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | > | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | > I have to disagree, the implimentation of such a theory by a physical model will have some hardware dependancy. From mrs at tinac.com Wed Mar 30 12:50:17 1994 From: mrs at tinac.com (Mike Schenk) Date: Wed, 30 Mar 94 12:50:17 PST Subject: Cryptography banned in the Netherlands.... Message-ID: <9403302049.AA01890@the-hague> I have always thought that the Netherlands was a very liberal country. But now the government is proposing a law that totally outlaws the use of encryption methods. According to this proposal anyone that wants to use encryption have to register the keys they use with the government, thus allowing the government to decrypt anything they want to decrypt. It is also proposed to totally ban the sales of anything that can be used to encrypt data. Ofcourse this is a blatant violation of civil rights, but to my big surprise the opposition is not even acting upon it. According to them, the matter is not interesting!!!! It most certainly would not surprise you that this news has really outraged almost anyone in the computer and telecommunications industry. But the really sad thing is the procedure. Here in the United States there is a at least a public discussion about the use of the Clipper chip. In the Netherlands the government planned to approve this law before the upcoming elections in the beginning of May '94. Given the total lack of interest from the opposition it seems that they might actually succeed with these dirty scheme. Any comments???? Mike From jim at rand.org Wed Mar 30 12:52:00 1994 From: jim at rand.org (Jim Gillogly) Date: Wed, 30 Mar 94 12:52:00 PST Subject: The Focus on Clipper Details Plays into Their Hands In-Reply-To: <199403301845.KAA14830@mail.netcom.com> Message-ID: <9403302051.AA16429@mycroft.rand.org> > tcmay at netcom.com (Timothy C. May) writes: > I believe the focus on Clipper/Skipjack details and technical issues > plays into the hands of those who want to deploy these systems. ... > But let's be sure it doesn't divert us away from a prinicple rejection > of the whole concept of key escrow. I agree that focussing on the technical side is a diversion, and I have been a major offender here lately. But I also think it's important that we understand what it is we're opposed to. When challenged by an articulate LE spokesperson in front of people we want to influence, if we blurt out things about 40 bits being half of 80, or about acknowledged trapdoors in Skipjack, or hogwash about pre-or post-encrypting on one side or the other of Clipper, we won't be taken seriously -- so I think it's important to counter misinformation with hard information when possible. [And yes, I did misstate myself a bit on the 80-bit halves stuff... sorry.] I'm opposed to key escrow because it gives government too much control of my privacy and because it gives potential enemies other than the government (such as criminals who want to get into my finances) a cheaper target than strong encryption. Understanding precisely how the government claims they're protecting my rights is important to me, so that I can tell them and anybody else willing to listen how they're not. Jim Gillogly Sterday, 8 Astron S.R. 1994, 20:46 From eagle at deeptht.armory.com Wed Mar 30 13:04:07 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 30 Mar 1994 13:04:07 -0800 (PST) Subject: Encryption Privacy for Digitized Money Message-ID: <9403301304.aa16145@deeptht.armory.com> Howdy Stanton, I'm going to see Thomas M. Hoenig, Federal Reserve Bankf Kansas City President, (1 of 12 in the US), in a public forum Tuesday, 5 April. I need a crash course in encryption privacy for credit card use and digitized financial transactions. Given the opportunity to ask a pointed question or two in a room full of people, I'll have about 3 minutes to gain a room full of converts, and perhaps Hoenig. I have to be polished and precise. Please help. -- PGP PUBLIC KEY available via finger- don't email home without it! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From hughes at ah.com Wed Mar 30 13:04:20 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 13:04:20 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <9403302049.AA01890@the-hague> Message-ID: <9403302049.AA00449@ah.com> >But now the government is proposing a law that totally outlaws the use >of encryption methods. >Any comments???? Yes. Find the coalition that has repeatedly prevented the imposition of national identity cards, and educate them about cryptography. It's much the same issue. Eric From m5 at vail.tivoli.com Wed Mar 30 13:07:05 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 30 Mar 94 13:07:05 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <9403302049.AA01890@the-hague> Message-ID: <9403302106.AA20032@vail.tivoli.com> Mike Schenk writes: > It is also proposed to totally ban the sales of anything that can > be used to encrypt data. Well, there goes the Netherlands as a market for personal computers, I guess. (Has anyone mentioned to appropriate local hardware/software firms that the implications of the above could have severe negative impact on their bottom lines?) -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From mech at eff.org Wed Mar 30 13:23:27 1994 From: mech at eff.org (Stanton McCandlish) Date: Wed, 30 Mar 94 13:23:27 PST Subject: Encryption Privacy for Digitized Money - please help! Message-ID: <199403302121.QAA16608@eff.org> Can someone help out Jeff here? This could be important. Please reply via email to: Jeff Davis Forwarded message: From hughes at ah.com Wed Mar 30 13:32:45 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 30 Mar 94 13:32:45 PST Subject: Crypto and new computing strategies In-Reply-To: <199403302048.AA08237@zoom.bga.com> Message-ID: <9403302118.AA00503@ah.com> >> The Bekenstein Bound gives limits both on the expected maximum number >> of quantum states encodable in a given volume of space and on the >> expected maximum number os transitions between these states. If this >> bound holds (and it certainly seems to hold for EM fields), then a >> probabilistic Turing machine will be able to simulate it. >First off, EM fields are NOT QM. The "EM fields" I was referring to mean electromagnetic interactions, that's all. The argument on the Bekenstein bound does not depend on the nature of the particles mediating the field, but on the existence of non-zero commutators for position and momentum, i.e. Heisenberg uncertainty. Bekenstein uses his argument to try to constrain the possibilities of interaction inside the proton, for example. I'm not sure it works for that, but the argument is pretty clear about states mediated by electromagnetic interaction. >As to infinite precision and its non-presence....Beeep....wrong answer... You must not understand what the Bekenstein bound says. It says, very clearly, infinite precision does not exist. If you disagree with the applicability of the result, then say so, but you'd better know what the result is before you go haplessly denying it. >Electrons change state in zero time, this implies at least some form o f >infinite precision The second half of the Bekenstein bound says that infinitely fast state changes do not occur. Again, no infinite precision. "Zero time" is a different statement than "almost zero time" or "so small that we can't measure how small." What may be reasonably taken to be instantaneous in one model, with it's own characteristic approximations, need not be instantaneous in another. Eric From warlord at MIT.EDU Wed Mar 30 13:39:58 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 30 Mar 94 13:39:58 PST Subject: Zero Knowledge Trust? (was Re: Very funny, Polyanna :-( [namespace pollution]) In-Reply-To: <199403301844.TAA19801@an-teallach.com> Message-ID: <9403302139.AA07928@toxicwaste.media.mit.edu> Gtoal at an-teallach.com said: > What I see > as desirable for such people is that their mail is encrypted whenever > possible, but they don't have to do anything to make it happen. This > means that the current web of trust scheme is not an applicable model, > because these people have defined *no* trusted paths at all. No, you want to give the user the option to sign and/or encrypt the message. Just like I can optionally sigh a letter, or optionally write it on a postcard vs. putting it in an envelope. It should be an option, not a mandate. It *shouldn't* be automagic. It should be configurable. It should give the user a choice. Maybe that user decides "encrypt all the time"... That is his/her perogative to do so. > We need some relatively trustworthy mechanism for getting pgp keys > that will foil a denial-of-service attack - either the one I suggested No, this is not a reasonable goal. No, let me rephrase that. This is a reasonable goal, but the current implementation of PGP is not the answer. If you want zero-knowledge authentication of total strangers, then you *require* a certification hierarchy, and the most effiecient is one similar to that defined in RFC 1422. PGP has a more grass roots method of determining key validity. Let me give you an example where PGP *works* -- Today. Say, for example, that I own a retail store. I print my key on all my receipts, and anyone can get it. It is published widely, so basically there is no easy way to spoof it. But this doesn't matter. The only reason I use my key is because I want to be able to certify customer's keys. Ok, a customer comes in and gives me, somehow, a credit-card and a PGP key. I can validate the credit card, and if it validates, then I sign this key. Now, anytime this person wants to buy something, all they have to do is sign an order slip with their key, and I can validate it, and I know that this is a "valid" customer. There is no way to perform a denial of service attack (except load me down with bogus email, but lets disregard that attack). You can't forge a PGP key, and I only accept keys that I've certified myself. Ok, maybe you don't like that idea. Ok, say that VISA starts signing PGP keys for it's customers. I can get the VISA Public Key directly from VISA, then I know that any key signed by VISA is a valid key, and I should accept orders from them. Same thing. No way to spoof it. However, all of these require some out-of-band communication to make sure you have the real key. Unfortunately, *every* Privacy Enhanced Mail system has this *feature* (or mis-feature, or bug, or however you feel like looking at it). > To me it looks like this has to be done by heavy-handed control > coming from the keyserver admins, though I'd prefer that there > was a more democratic way. Please suggest anything you think is > appropriate... Basically, what you want is the RFC 1422 Certification Tree. With that tree, you can verify the authenticity of a key with zero knowledge about that tree. The only knowledge you need to know a priori is the root key of the tree. Before many people start responding to me saying that the 1422 CA Tree is a Bad Thing, let me state for the record that I believe that there are valid uses for the tree. What Graham wants is a valid usage of the tree. What I am saying, however, is that there are other uses for other trust mechanisms. Graham: It is not the keyserver's job to certify keys. It never has been, and I still believe that it shouldn't be its job. However, it sounds like you are requesting that PGP have imbedded in it knowledge about the RFC 1422 Hierarchy. I believe this is a valid goal, and should be pursued. In fact, the PEM-DEV group is looking at adding alternative turst models to the PEM system, which would merge the current PGP web-of-trust model with the current PEM Strict Hierarchy model, blending them into something which will solve both Graham's problem of zero-knowledge trust, and also allow my retailer example to work without all the overhead of applying to ISOC to get into the tree. What do people think? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From kinney at bogart.Colorado.EDU Wed Mar 30 15:08:57 1994 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 30 Mar 94 15:08:57 PST Subject: Quantum Physics Message-ID: <9403302308.AA27276@bogart.Colorado.EDU> Jim Choate is making a lot of strange statements, but I'm picking this one: > First off, EM fields are NOT QM. Sure they are, in Quantum Electrodynamics, which is the quantum-mechanical theory of electromagnetism. > They do have some characteristics which > 'bleed' over form the Quark level. Quarks have nothing whatsoever to do with electromagnetic fields, except that they carry charge. >Also since EM fields are made of > hardons [sic ;-)] No. Protons and neutrons are hadrons. Hadron comes from the (Greek?) word for "heavy", lepton from "light". The distinction you're trying to make here is that matter fields are _fermions_, with spins an integral multiple of 1/2, and gauge fields (like photons) are bosons, with integral spin. Both hadrons and leptons are fermions. >and not leptons (which an electron is) may blow a hole in this > approach since leptons do not follow the same sort of charge conservation > rules as hadrons. Charge conservation applies to everybody. Hadrons, leptons, everybody. Even your mother. Perhaps you're thinking of the fact that bosons and fermions obey different spin-statistics rules. > > As to infinite precision and its non-presence....Beeep....wrong answer... > > Electrons change state in zero time, this implies at least some form o f > infinite precision (otherwise how does the system know the difference between > zero and some small-o value?). I suspect this is another error based on > the implied (and incorrect) implication in this line of discussion that > hadrons and leptons use the same rules. What? Not that this is the appropriate list for particle physics, but this kind of semi-mystical expounding on how quantum mechanics forces you to rethink all the rules is better science fiction than science. QM _does_ include some spooky things, but by and large they are subtle and limited -- for instance, the "faster than light communication" implied by spin-polarization measurements cannot be used to transmit information. It's a purely statistical effect, and it does _not_ violate relativity. Nothing I've ever heard of in QM invalidates assumptions one might make about computability or the properties Turing machines. Stuff like Roger Penrose comes up with in _The Emperor's New Mind_ is speculation, and he clearly labeled it as such in his book. Don't take it too seriously. -- Will From kinney at bogart.Colorado.EDU Wed Mar 30 16:34:56 1994 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 30 Mar 94 16:34:56 PST Subject: Quantum Physics Message-ID: <9403310034.AA28342@bogart.Colorado.EDU> I write, with head firmly implanted in a posterior orifice: >No. Protons and neutrons are hadrons. Hadron comes from the (Greek?) word >for "heavy", lepton from "light". The distinction you're trying to make "Baryon" comes from the Greek for "heavy". "Hadron" is a blanket term covering both baryons (like protons and neutrons), and mesons. Now back to your regularly scheduled cryptography. -- Will From solovay at math.berkeley.edu Wed Mar 30 16:48:42 1994 From: solovay at math.berkeley.edu (Robert M. Solovay) Date: Wed, 30 Mar 94 16:48:42 PST Subject: Crypto and new computing strategies In-Reply-To: <9403302118.AA00503@ah.com> Message-ID: <199403310048.QAA23096@math.berkeley.edu> hughes at ah.com writes: >> The Bekenstein Bound gives limits both on the expected maximum number >> of quantum states encodable in a given volume of space and on the >> expected maximum number os transitions between these states. If this >> bound holds (and it certainly seems to hold for EM fields), then a >> probabilistic Turing machine will be able to simulate it. Can you give a reference for this Bekenstein bound? Thanks, Bob Solovay From wcs at anchor.ho.att.com Wed Mar 30 17:35:38 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 30 Mar 94 17:35:38 PST Subject: The Focus on Clipper Details Plays into Their Hands Message-ID: <9403310134.AA18969@anchor.ho.att.com> Jim Gillogly writes: > > tcmay at netcom.com (Timothy C. May) writes: > > I believe the focus on Clipper/Skipjack details and technical issues > > plays into the hands of those who want to deploy these systems. > > I agree that focussing on the technical side is a diversion, and I have > been a major offender here lately. But I also think it's important that > we understand what it is we're opposed to. [....] > Understanding precisely how the government > claims they're protecting my rights is important to me, so that I can tell > them and anybody else willing to listen how they're not. Technical discussion (aside from being fun :-) is useful in understanding *what* the government is really up to, how much privacy/freedom is being stolen, what things they're telling the truth or lying about, and how much work it takes to break the systems they're proposing to implement or ban. It's also useful for understanding how to build systems that *do* protect privacy, and for showing how those systems are generally better technically than the privacy-stealing systems the government wants us to use. But as Jim pointed out, getting the details wrong can lose us a lot of credibility. Bill From wcs at anchor.ho.att.com Wed Mar 30 17:41:12 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 30 Mar 94 17:41:12 PST Subject: Another view of the CFP Message-ID: <9403310139.AA19008@anchor.ho.att.com> Harry Shapiro Hawk wrote: > The White House Guy wrote: > - Clipper-encrypted messages may be further encrypted with another > cryptosystem. However, messages may not be encrypted before being > encrypted with Clipper. > I can understand why they would want to do this as a policy. > e.g., they can see who is using other encryption > 1) Was he saying they would make this the law? > 2) Is there any technical reason it should be this way? The proposed standards I've seen on the net say you can't encrypt *after* using Clipper, because that makes Clipper key-theft useless. On the other hand, encryption with real systems before encrypting with Clipper is undetectable until after they decrypt the Clipper, so it's hard to enforce except on people who are already suspects, and is unlikely to be convenient to implement (for interoperability) on some of the major Clipper targets, like cellphones and fax machines. ...... Wiretap the usual suspects! From wcs at anchor.ho.att.com Wed Mar 30 17:56:35 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 30 Mar 94 17:56:35 PST Subject: Very funny, Polyanna :-( [namespace pollution] Message-ID: <9403310155.AA19126@anchor.ho.att.com> > >gateways, and suddenly people using auto-encrypting mail programs > >find that no-one can read their posts. > > Presence on a keyring means that a key exists, not that the owner of a > key has a policy that it should always be used, or that it should be > used by everybody. Both PGP and PEM get this completely wrong. Not > every key will be used for every purpose. Mere existence of a key > should not indicate permission to encrypt with it. PGP lets you choose which key to use when you care, and doesn't care what's in the Name field; if you want to implement behavior inside of that it will handle it transparently; e.g. "Digicash: Eric Hughes " (though it would be nice if it had more Unix-like regexp code for selecting keys). > No current cryptosystem has a way of specifying policy in a public key > distribution system. I want separate keys for separate machines, Policy isn't really the cryptosystem's job; it's the application's. > >Whatever solution we can find will have to involve active support > >from the keyservers I suspect. > The key servers are just serving data. To add policy criteria to the > key servers is to extend their functionality beyond their original > intent. The intent of keyservers is to have a convenient mechanism for finding keys when you want them. Having specific keyservers keep track of specific bunches of keys is a reasonable use of that convenience. Maybe a bankers' association would run a keyserver to serve keys for banks and (if appropriate) for customers, with the location known by most of the common software, and maybe a remailer operators' group would do the same for their remailer cooperative. There are a lot of wys to use mechanisms... Bill Stewart From sinclai at ecf.toronto.edu Wed Mar 30 18:12:40 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Wed, 30 Mar 94 18:12:40 PST Subject: Another view of the CFP In-Reply-To: <9403310139.AA19008@anchor.ho.att.com> Message-ID: <94Mar30.211225edt.12125@cannon.ecf.toronto.edu> > The proposed standards I've seen on the net say you can't encrypt > *after* using Clipper, because that makes Clipper key-theft useless. > On the other hand, encryption with real systems before encrypting with > Clipper is undetectable until after they decrypt the Clipper, so it's > hard to enforce except on people who are already suspects, > and is unlikely to be convenient to implement (for interoperability) > on some of the major Clipper targets, like cellphones and fax machines. Makes sense, doesn't it? When the whitehouse guy said that encryption below clipper was legal but not above, we thought he was confused. However, we ACKed it with an NSA employee, and he confirmed it. His reasoning went like this: encryption below clipper can't be stopped, since one can just splice a cryptdec into the phone line. Encryption on top of clipper is impossible since the clipper phone will only accept audio input. No word on how that would effect clipper modems. Having said all this, I should note that the NSA employee was not acting in an official capacity, and that he was not directly working on clipper. From bjh at northshore.ecosoft.com Wed Mar 30 19:04:17 1994 From: bjh at northshore.ecosoft.com (Brian J. Harvey) Date: Wed, 30 Mar 94 19:04:17 PST Subject: The dumbest question... Message-ID: ... is the one you don't ask. So here I go... #1 Isn't "part of the deal" of patent granting a requirement that the details of the thing being patented be revealed. If so, why isn't IBM required to reveal the details of s-box design? After all, they hold the patent on DES. #2 Skipjack has a 80 bit key which is proposed to be "escrowed" in two parts. Now considering that the likeliest attack on DES is a brute force key search of 2^55 keys, isn't it true that a compromise of one half of a "Clipper key" would allow a brute force attack to "discover the remaining 40 bits. If 2^55 is possible, then 2^40 is even easier, no? Brian From koontzd at lrcs.loral.com Wed Mar 30 19:16:54 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 30 Mar 94 19:16:54 PST Subject: Another view of the CFP Message-ID: <9403310316.AA18861@io.lrcs.loral.com> >Subject: Re: Another view of the CFP >From: SINCLAIR DOUGLAS N >In-Reply-To: <9403310139.AA19008 at anchor.ho.att.com>; from >"bill.stewart at pleasant > >> The proposed standards I've seen on the net say you can't encrypt >> *after* using Clipper, because that makes Clipper key-theft useless. >> On the other hand, encryption with real systems before encrypting with >> Clipper is undetectable until after they decrypt the Clipper, so it's >> hard to enforce except on people who are already suspects, >> and is unlikely to be convenient to implement (for interoperability) >> on some of the major Clipper targets, like cellphones and fax machines. > >Makes sense, doesn't it? When the whitehouse guy said that encryption >below clipper was legal but not above, we thought he was confused. However, >we ACKed it with an NSA employee, and he confirmed it. His reasoning went >like this: encryption below clipper can't be stopped, since one can just >splice a cryptdec into the phone line. Encryption on top of clipper is >impossible since the clipper phone will only accept audio input. No >word on how that would effect clipper modems. > >Having said all this, I should note that the NSA employee was not acting >in an official capacity, and that he was not directly working on clipper. The AT&T Surety Communications Voice/Data Terminal 4100 is an STUIII with a type IIIe (e for export, read clipper) cryptographic algorithm, the model numbers for type I and type II STUIIIs are series 1000 and 2000 respectively. AT&T Surity (tm) Voice/Data Terminal 4100 For Sensitive, Business Applications The AT&T Surity Voice/Data Terminal 4100 provides secure voice and data communications in one integrated package. It works both as a full-featured telephone for voice calls and as a smart modem for data applications. Part of an AT&T familty of Surity products, the Voice/Data Terminal is compact and light enough to carry with you when you travel. Developed in conjunction with the U.S. Government's STU-III program, the Voice/Data Terminal 4100 is designed to protect domestic and internation business communications. .... 4100 Specifications: Information protected - Sensitive business and/or business-proprietary User Community - U.S. corporations - High tech manufacturing - Multinational corporations - Legal and financial organizations Security features - Clipper encryption algorthin - Display window for - Secure Access Control authentification identification System (SACS) - Information to create a call - Auto-answer, auto-secure audit trail - Active and passive terminal - Non-error propagating zeroization - Plain text inhibit Key management - Negotiated key - Self-generated key - Secret key - Negotiated key with authentication Voice modes - Clear voice - Secure voice [] 4.8 kbps full-duplex CELP [] 2.4 kbps half-duplex [] 2.4 kpbs full-duplex LPC10e LPC10e Telephone features ... Secure data operation modes - 9.6 kbps full-duplex - 2.4 kbps full-duplex sync/async sync/async - 4.8 kbps full-duplex - 2.4 kbps half-duplex sync sync/async .... ------ There are clipper phones that accept data. This is probably the one the DOJ buys. Basing arguments on fallicies is counterproductive, and is the sort of thing Tim May was talking about. From smb at research.att.com Wed Mar 30 19:17:19 1994 From: smb at research.att.com (smb at research.att.com) Date: Wed, 30 Mar 94 19:17:19 PST Subject: The dumbest question... Message-ID: <9403310317.AA05982@toad.com> ... is the one you don't ask. So here I go... #1 Isn't "part of the deal" of patent granting a requirement that the details of the thing being patented be revealed. If so, why isn't IBM required to reveal the details of s-box design? After all, they hold the patent on DES. They revealed the values of the S-box. Unless the patent included claimes relating to its design criteria, they didn't have to disclose them. Of course, then they wouldn't be protected if someone else were to reinvent and use those criteria in a cipher that isn't covered by other parts of the DES patent. #2 Skipjack has a 80 bit key which is proposed to be "escrowed" in two parts. Now considering that the likeliest attack on DES is a brute force key search of 2^55 keys, isn't it true that a compromise of one half of a "Clipper key" would allow a brute force attack to "discover the remaining 40 bits. If 2^55 is possible, then 2^40 is even easier, no? As several people have pointed out today, the two halves are 80 bits apiece, and they're XORed together to make the full key. You can't do a brute-force search on 80 bits. From jimn8 at netcom.com Wed Mar 30 19:51:43 1994 From: jimn8 at netcom.com (Jim Nitchals) Date: Wed, 30 Mar 94 19:51:43 PST Subject: LPC10 and CELP implementations Message-ID: I'm working on implementing both of the above on Mac platforms, on an unofficial basis (I work for Apple.) The CELP decoder ran in realtime on a IIci (030) class Mac by recoding everything in integer instead of FP, but the encoder was too CPU intensive. Making the decoder even run was a big chore, involving a lot of rewrite and some assembly language in the worst parts. So I've set aside CELP for the time being, and will later see if it runs well on PowerPC. The LPC10 algorithm posted on super.org (along with CELP3.2a) is, like CELP, floating point intensive. I'm going to get both running on PowerPC native first, then recode LPC10 in integer and see if it will run in full-duplex on an '030 or '040 later. On a IIfx (fast '030), LPC10 requires about 7x realtime to process prerecorded sample speech. That's encouraging, because on CELP the changeover to integer sped up processing by about a factor of 7. The source code for LPC10 is clearly marked "NSA", which would make it especially ironic :) if someone happens to use my port in a secure voice application, subject to what Apple wants to do with my work. CELP at 4800 bits/second sounds very reasonable, and LPC10 at 2400 is quite passably intelligible although a bit robotic. I could improve LPC10's intelligibility with a little redesign but not without blowing off bitstream compatibility. If I built an improved speech coder (at 9600 or 14.4k bit/second) I'd have to find volunteers to port it to DOS & Windows boxes, or keep it proprietary to Apple. If anyone here is working on a secure voice application, may I suggest background file transfer capabilities. LPC10 leaves a lot of unused bandwidth on a 14.4k baud modem! Anyone interested in collaborating, or getting a current-status report at any time is welcome to write to me. I promise to keep it technical and avoid ranting & raving about Dorothy Denning :) Joe Campbell hasn't yet returned my recent message commenting on bugs and asking clarification on commercial use of the source. If Apple doesn't get clear rights to use it in system software I'll probably just post the improved versions to an ftp site somewhere and let it go at that. --------------------------------------------------------------------------- "UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT Information is ENCOURAGED." - R. McElwaine From jimn8 at netcom.com Wed Mar 30 19:56:03 1994 From: jimn8 at netcom.com (Jim Nitchals) Date: Wed, 30 Mar 94 19:56:03 PST Subject: (help with "To" field?) Message-ID: <199403310357.TAA03787@netcom9.netcom.com> I thought it was elm causing the problem, so I posted the message regarding LPC10 and CELP using PINE. Sorry that the from field looks wrong. Can anyone tell me what I'm doing wrong (in email, not to the whole Cypherpunks group please?) - Jim Nitchals (jimn8 at netcom.com) From markh at wimsey.bc.ca Wed Mar 30 20:05:31 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Wed, 30 Mar 94 20:05:31 PST Subject: crypto software/papers/docs CD -- is there any interest? Message-ID: Forgive the somewhat commercial nature of this message, but I think it is well within the lines of the cypherpunks mission of getting code out to people. --- I'm considering the possibility of producing a CD (for distribution in North America only) of crypto source code, information/papers and binaries for common platforms. It would include the software available from the common ftp archives (soda.berkeley.edu, wimsey.bc.ca, ripem.msu.edu, ftp.dsi.unimi.it &c.) plus other assorted tidbits I've collected over the last few years. The cost would be somewhere around US$50 depending upon the demand (more CDs pressed translates into a lower price; there would be some equipment costs to offset). The CD doesn't exist yet; I'm just considering the possibility of putting this together. So, would anyone be interested in such a CD? -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- anon ftp -- wimsey.bc.ca:/pub/crypto From hfinney at shell.portal.com Wed Mar 30 20:30:31 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 30 Mar 94 20:30:31 PST Subject: Crypto and new computing strategies Message-ID: <199403310431.UAA16193@jobe.shell.portal.com> British physicist David Deutsch has been writing for several years on the theoretical properties of computers which would exploit quantum mechanics. Here is the abstract from his paper in Proc. R. Soc. Lond. A, v 400, p97-117, 1985: Quantum Theory, the Church-Turing Principle and the Universal Quantum Computer "It is argued that underlying the Church-Turing hypothesis there is an implicit physical assertion. Here, this assertion is presented explicitly as a physical principle: 'every finitely realizable physical system can be perfectly simulated by a universal model computing machine operating by finite means.' Classical physics and the universal Turing machine, because the former is continuous and the latter discrete, do not obey the principle, at least in the strong form above. A class of model computing machines that is the quantum generalization of the class of Turing machines is described, and it is shown that quantum theory and the 'universal quantum computer' are compatible with the principle. Computing machines resembling the universal quantum computer could, in principle, be built and would have many remarkable properties not reproducible by any Turing machine. These do not include the computation of non-recursive functions, but they do include 'quantum parallelism,' a method by which certain probabilistic tasks can be performed faster by a universal quantum computer than by any classical restriction of it. The intuitive explanation of these properties places an intolerable strain on all interpretations of quantum theory other than Everett's. Some of the numerous connections between the quantum theory of computation and the rest of physics are explored. Quantum complexity theory allows a physically more reasonable definition of the 'complexity' or 'knowledge' in a physical system than does classical complexity theory." From tcmay at netcom.com Wed Mar 30 21:59:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 30 Mar 94 21:59:23 PST Subject: crypto software/papers/docs CD -- is there any interest? In-Reply-To: Message-ID: <199403310558.VAA07831@mail.netcom.com> Mark Henderson writes: > Forgive the somewhat commercial nature of this message, but I think > it is well within the lines of the cypherpunks mission of getting > code out to people. ... > I'm considering the possibility of producing a CD (for distribution > in North America only) of crypto source code, information/papers and > binaries for common platforms. > > It would include the software available from the common ftp archives > (soda.berkeley.edu, wimsey.bc.ca, ripem.msu.edu, ftp.dsi.unimi.it > &c.) plus other assorted tidbits I've collected over the last few > years. The cost would be somewhere around US$50 depending upon the > demand (more CDs pressed translates into a lower price; there would > be some equipment costs to offset). You'll have to be real careful here, as charging money means copyrights have to be more scrupulously watched than when sites just "informally" contain copyrighted material. (I'm not arguing for these laws, just noting them.) For example, essentially all of the crypto papers at the soda site are actually copyrighted papers from journals or books that were "contributed" by various folks (such as the not-seen-recently "Information Liberation Front"). Try publishing this, whether for "free" or for a fee, and watch what happens! So, you'll need to get releases. waivers, permissions, etc., on all this material. The official material, for sure. The article folks have written may also be problematic....recall the intense debate several years back about folk selling compilations of other people's stuff. (There are lots of issues here, which get debated over and over again in various forums. All I'm saying is that charging $50 for a compilation of articles, FAQs, scanned items, etc. is likely to trigger a lot of things. Just a heads up.) Devious note: You could avoid legal actions, injunctions, etc., by publishing anonymously. Makes getting assistance tougher. And makes payment much iffier. Of course, an ideal situation for "anonymous anonymous ftp" and digital cash, for network transfers. Physical disks will be harder to sell anonymously. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Wed Mar 30 22:04:59 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 30 Mar 94 22:04:59 PST Subject: Bekenstein Bound (was: Crypto and new computing strategies) Message-ID: <199403310605.WAA22633@jobe.shell.portal.com> The Deutsch paper I quoted before was where I first heard of the Bekenstein Bound which Eric Hughes mentioned. According to Deutsch: "If the theory of the thermodynamics of black holes is trustworthy, no system enclosed by a surface with an appropriately defined area A can have more than a finite number N(A) = exp(A c^3 / 4 hbar G) of distinguishable accessible states (hbar is the Planck reduced constant, G is the gravitational constant, and c is the speed of light.)" The reference he gives is: Bekenstein, J.D. 1981 Phys Rev D v23, p287 For those with calculators, c is approximately 3.00*10^10 cm/s, G is 6.67*10^-8 cm^3/g s^2, and hbar is 1.05*10^-27 g cm^2/s. N comes out to be pretty darn big by our standards! Hal From tcmay at netcom.com Wed Mar 30 22:15:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 30 Mar 94 22:15:55 PST Subject: crypto software/papers/docs CD -- is there any interest? In-Reply-To: Message-ID: <199403310616.WAA09826@mail.netcom.com> I just wanted to add another point about what Mark Henderson proposed: > I'm considering the possibility of producing a CD (for distribution > in North America only) of crypto source code, information/papers and > binaries for common platforms. I guess I concentrated on the "information/papers" part of your proposal, as that's the only stuff that could really begin to need a CD-ROM. (I think Bruce Schneier's source code diskettes fill less than 3 MB, and contain documented, tested code.) Can "Mosaic/WWW"-compliant CDs be made? (I'm showing my ignorance of Mosaic and WWW here, as I have not yet made the jump into either.) A documentation system that allows code to be browsed, run, etc., sort of a hypertect version of Schneier, could be quite useful. (I use Mathematica, from Wolfram, and the popular thing is for books to be written as Mathematica Notebooks, complete with executable code in the Notebooks. The code version is either included in a diskette with the book or is ftp-able from a site. Schneier decided to do neither of these, for reasons having to do with his publisher fearing export of the book would not be allowed if a diskette was included. The reason an ftp site was not included is less clear. Maybe it had to do with making money from the sale of the diskettes.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at rand.org Wed Mar 30 22:35:14 1994 From: jim at rand.org (Jim Gillogly) Date: Wed, 30 Mar 94 22:35:14 PST Subject: crypto software/papers/docs CD -- is there any interest? In-Reply-To: Message-ID: <9403310635.AA18387@mycroft.rand.org> -----BEGIN PGP SIGNED MESSAGE----- Just to cover one base... some of the code at ripem and unimi at least was written by me. I give permission for my DES, SHA, and other miscellaneous cryptography and cryptanalysis code to be distributed royalty-free. Jim Gillogly 9 Astron S.R. 1994, 06:31 -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCwAgUBLZpuweoK3+P04l2BAQHCOATSAkYp5HACNynzsqHxwD13NY6ipzQBGOoD zeMbQyuNpE05Qr5exjj75DYzbWMy6IhbmZjUm9plqPbHpDHGGwTZf5K4JIVH0yFA RK2neHDMUzvZx68r6toVGtLjpJyls9s1U/8UJU8xwo2Ol94PvC49QQBFIcHGes3R 9+9a4A5CzGNcPA/pluGAfiTKP503S1PGydQOhAK1P/kNid0= =bSB9 -----END PGP SIGNATURE----- From qwerty at netcom.com Thu Mar 31 00:51:09 1994 From: qwerty at netcom.com (-=Xenon=-) Date: Thu, 31 Mar 94 00:51:09 PST Subject: New MacPGP, but only in German? Message-ID: <199403310852.AAA11435@mail.netcom.com> Forward from Usenet. If anybody knows where to get the English version please let me know; I'd like to make it available. I checked, and this new version has a fix of MacPGP2.3's worst bug, which is a System Crash when you don't have the public key needed to check a signature, and you are using the Clipboard feature. I started translating it with Resedit, but decided it wasn't a half-hour job afterall, especially since I don't know any German. alt.security.pgp #10674 (0 + 13 more) [1] From: andreas.elbert at gmd.de (A.Elbert) [1] MacPGP2.3a V1.1 Date: Tue Mar 29 08:09:03 EST 1994 Followup-To: alt.security.pgp Organization: GMD Lines: 6 i recently purchased "Mausefalle", a UA for the MausNet, which came with a AppleScript-able version of MacPGP. You can find it a copy (of MacPGP2.3V1.1) in ftp://ftp.darmstadt.gmd.de/incoming/MacPGP not sources, so far, but some ReadMe's and signatures. The author can be reached as Christoph_Pagalies at hh2.maus.de I posted this, and that's all there is of the thread so far: -----BEGIN PGP SIGNED MESSAGE----- I fetched that file (slowwwww). The readme file says, >This archive contains: >1. MacPGP 2.3a V1.1 German version (including international language.txt >and German readme) >2. MacPGP 2.3a V1.1 English (including the English readme for V1.1) >3. Documentation (English only) Each of the three folders has been signed so you can check for any manipulations (if you already have a previous PGP version). Yet all I saw was a folder with the German program: MacPGP 2.3a V1.1 Q dt. All the menus and buttons are in German, but the message window is English. Where's the English version? And what's the date of origin of this program? It seems to be an independent MacPGP2.3, as it only mentions changes since MacPGP2.2, not since MacPGP2.3v.1.0.5, which is what everybody is using now, otherwise known as just "MacPGP2.3". No mention of fixes for bugs that were in MacPGP2.3v.1.0.5, such as crashing during decryption using the Clipboard feature, if you don't have the right public key to check a signature with. We shall see (once I can read the damn menus) :-) ! -=Xenon=- P.S. If you want to know what version you have (which will turn out to be 1.0.5 if you have "MacPGP2.3"), open the program with ResEdit and look in the "Version" resource. P.S.S. The source code for MacPGP2.3 has always only been labeled as version 1.0.4! Does this mean the version I'm using has no source code available? I guess the NSA didn't want us to know what they put in there? -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLZmT6gSzG6zrQn1RAQEKbAQAjiNGnwprYEz0uGTSvMkGzb5Bk4oFKuUR Si0pJJ6n+ebiOvcs8G3cycH54Mb43ULJFegqlg+k3fyxz0ijtRjqe4zFgIuFEXsn QGEUdtPZ2cRWmeVaATNJuQk8dEJixy+QSBA2GI3MRcoHoKJ73nU9ToPTYunSAcfT /Ea8czh4ygo= =UomE -----END PGP SIGNATURE----- From ravage at bga.com Thu Mar 31 05:54:56 1994 From: ravage at bga.com (Jim choate) Date: Thu, 31 Mar 94 05:54:56 PST Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199403310605.WAA22633@jobe.shell.portal.com> Message-ID: <199403311354.AA01893@zoom.bga.com> > > The Deutsch paper I quoted before was where I first heard of the Bekenstein > Bound which Eric Hughes mentioned. According to Deutsch: > > "If the theory of the thermodynamics of black holes is trustworthy, no > system enclosed by a surface with an appropriately defined area A can have > more than a finite number > > N(A) = exp(A c^3 / 4 hbar G) > > of distinguishable accessible states (hbar is the Planck reduced constant, > G is the gravitational constant, and c is the speed of light.)" > > The reference he gives is: > > Bekenstein, J.D. 1981 Phys Rev D v23, p287 > > For those with calculators, c is approximately 3.00*10^10 cm/s, G is > 6.67*10^-8 cm^3/g s^2, and hbar is 1.05*10^-27 g cm^2/s. N comes out > to be pretty darn big by our standards! > > Hal > > The problem I see with this is that there is no connection between a black holes mass and surface area (it doesn't have one). In reference to the 'A' in the above, is it the event horizon? A funny thing about black holes is that as the mass increases the event horizon gets larger not smaller (ie gravitational contraction). From ravage at bga.com Thu Mar 31 06:11:10 1994 From: ravage at bga.com (Jim choate) Date: Thu, 31 Mar 94 06:11:10 PST Subject: Crypto and new computing strategies In-Reply-To: <9403302118.AA00503@ah.com> Message-ID: <199403311410.AA02376@zoom.bga.com> If the Bekenstein Bound states that no infinitely fast state changes occur then it is proved wrong by the electron orbital shift when it absorbs a photon. On my post yesterday about EM fields, QED, etc.; sorry for the confusion, I read it this morning and groaned. Perhaps it was the glue which permeated the building yesterday (repairing stairwell outside my office) which caused my brain to become stupid. I aplogize and agree that I got it bass-ackwards... The point I was trying to make was that EM fields themselves are NOT QM, their interaction w/ Hadrons ARE. Leptons themselves (which a photon and a electron are) are not constrained by the same rules that limit Hadrons because Hadrons are made from Quarks. Last time I checked Leptons don't care a flip about color, charm, etc. The uncertainties which arise in QM arise from the interactions of Hadrons. If a system does not involve a Hadron then it is pretty deterministic, sorta like a billiard ball. However, there has been some research recently (there was an article in SciAm, had a pool table on the cover) where they were discussing chaos and the pooltable which brings into doubt even the premise that macro-scale interactions are perfectly deterministic. From ravage at bga.com Thu Mar 31 06:13:38 1994 From: ravage at bga.com (Jim choate) Date: Thu, 31 Mar 94 06:13:38 PST Subject: Crypto and new computing strategies In-Reply-To: <9403302057.AA13529@ciis.mitre.org> Message-ID: <199403311413.AA02419@zoom.bga.com> > > You wrote: > > >The point I am making is that the logical rules you use don't apply down here. > > I believe I see what you mean - your argument is that there's no way to > know whether or not there will be a dramatic increase in computational > ability through QM, whether it be through brute force or "smarter" quantum > techniques. What comes to mind immediately is a quantum-oriented genetic > decryption algorithm running on a QM computer. If this algorithm could > sense and maintain memory of subtle c-text differences, it could make > optimizing choices toward eventual decryption. > > I guess my confusion came from the notion that "well, you're only examining > one part of the state space at any given instant, so what's the big deal so > long as we increase key length to compensate" ? Under QM, it seems that > leaps, somewhat akin to human "intuition", could occur. > > I hope I'm closer to understanding your point. > > -- > Best regards, > > Curtis D. Frye - Job Search Underway!!! > cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu > "Here today, gone ?????" > > > That sums up pretty nicely. Another aspect that I was getting at is that this is new and using the old rules to handle new technology has always been proven wrong historicaly. And I figure it is a cinch that Big Brother won't tell us ahead of time if we are wrong. Take care. From GERSTEIN at SCSUD.CTSTATEU.EDU Thu Mar 31 07:41:31 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Thu, 31 Mar 94 07:41:31 PST Subject: crypto software/papers/docs CD -- is there any interest? Message-ID: <940331104326.2020825a@SCSUD.CTSTATEU.EDU> Tim May writes: >Mark Henderson writes: > >> Forgive the somewhat commercial nature of this message, but I think >> it is well within the lines of the cypherpunks mission of getting >> code out to people. >> >> I'm considering the possibility of producing a CD (for distribution >> in North America only) of crypto source code, information/papers and >> binaries for common platforms. >>...[BUNCH OF STUFF DELETED]...... > >You'll have to be real careful here, as charging money means >copyrights have to be more scrupulously watched than when sites just >"informally" contain copyrighted material. (I'm not arguing for these >laws, just noting them.) ...[ANOTHER BUNCH OF STUFF DELETED]...... >(There are lots of issues here, which get debated over and over again >in various forums. All I'm saying is that charging $50 for a >compilation of articles, FAQs, scanned items, etc. is likely to >trigger a lot of things. Just a heads up.) > ...[STILL MORE DELETED]...... >--Tim May -=-=-=-=-=-=-=-=-=-=- Wouldn't doing something like this be like distributing shareware on a CD-Rom? Most of the Rom's I've seen have programs and the like, but a few have had source code, papers, hypercard stacks, etc. that were all copyrighted but still pushed out on the Rom. I think the only problem would be if you were charging more money than a "reasonable duplication fee". Most people will agree that this would be the cost of the media and maybe a little something for your time. Just another of my 0.02�... Adam Gerstein "After this, nothing will shock me." ---------- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4, 1994 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- To sign on to the letter, send a message to: Clipper.petition at cpsr.org with the message "I oppose Clipper" (no quotes). You will receive a return message confirming your vote. From hfinney at shell.portal.com Thu Mar 31 08:03:00 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 31 Mar 94 08:03:00 PST Subject: Bekenstein Bound Message-ID: <199403311608.IAA05406@jobe.shell.portal.com> From: Jim choate > The problem I see with this is that there is no connection between a black holes > mass and surface area (it doesn't have one). In reference to the 'A' in the > above, is it the event horizon? A funny thing about black holes is that as the > mass increases the event horizon gets larger not smaller (ie gravitational > contraction). Actually black holes do have a defined surface area, which is basically, as you suggest, the area of the event horizon. And of course this is larger for more massive black holes, as you say. I believe the Bekenstein bound is based on reasoning that suggests that if the state density of a region exceeds that bound, it will essentially collapse into a black hole and be inaccessible to the rest of the universe. The surface area in that context can be the conventionally defined area. To bring this back to crypto a bit, the point of this discussion was that there can be only a finite amount of processing done in finite time by a finite-sized machine, even when QM is taken into consideration. Note, though, that this result appears to require bringing in quantum gravitation, a very poorly understood theory at present. Hal From paul at hawksbill.sprintmrn.com Thu Mar 31 08:27:34 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 31 Mar 94 08:27:34 PST Subject: Clipper/Capstone/Skipjack excerpts from Cud 6.28 Message-ID: <9403311635.AA17171@hawksbill.sprintmrn.com> A couple of interesting articles on Clipper/Capstone/Skipjack which were included in the latest CuD, for those who haven't already seen it... - paul 8<-------------------- cut here ------------------------------- Date: Wed, 30 Mar 1994 22:03:00 CST Sender: CU-DIGEST list From: "(Jim Thomas)" Subject: Cu Digest, #6.28 ---------------------------------------------------------------------- Date: Sun, 27 Mar 94 17:35:00 -0700 From: walter.scott at HOTLINE.COM(Walter Scott) Subject: File 1--Downs Down On Clipper The Clipper Chip proposal from the Clinton Administration -- which would essentially have government broker individual electronic privacy rights -- is collecting still more opposition. One of the most recent opponents to Clipper is media icon Hugh Downs. Downs is well known for his days as a co-host of the Today Show, host of the game show Concentration, and his current position as co-host of ABC-TV's 20/20. Downs is also a respected advocate for "mature" adults. Downs delivered his "perspective" as to Clipper on the 03-27-94 edition of ABC radio's "PERSPECTIVES." In Downs' segment, much cryptography history -- as it relates to radio -- was explained while Downs laid the foundation for expression of his opinion on Clipper. The following text is a direct transcript of Downs' summation: ------------- TRANSCRIPT BEGINS ------------------------ It's not designed to stop criminals from sending encrypted messages because criminals will always be able to do that. If the NATIONAL SECURITY AGENCY puts a spy chip on American computers, then the criminals will simply avoid the chip and use other computers that don't spy on them. But, it wouldn't be just criminals who would buy foreign made computers. Anyone who wants a private life would have to buy foreign, too. According to John Perry Barlow, who's co-founder and Vice-chair of the Electronic Frontier Foundation, Vice President Gore says he wants the Clipper Chip installed in all American-made computers designed for export. Now, you don't have to be a computer whiz to realize that -- if American computers were forced to have a spy chip built into them -- then fewer people would buy American computers. The computer owes an enormous debt to cryptologists because cryptologists needed machines to disguise radio messages. The information highway is certainly as wide open as radio. Indeed, much of it is already radio. Cellular phones and cellular FAX will quickly expand to cellular modem and satellite communications. As it is, most of this information goes out unprotected. The time has arrived for individuals to have high levels of security. The information superhighway will eventually contain every scrap of information we could possibly imagine. And that means there will be all sorts of unscrupulous people out there trying to hack into our lives. Information-highwaymen are bad enough when they're fourteen years old. But now, adults -- who work for the government -- want to play hacker, too. The Clipper spy chip is bad business for everyone. Information-highway-safety should be a top priority for all of us. ------------ TRANSCRIPT ENDS -------------------- The Hotline/Seattle ~ (206) 450-0948 ------------------------------ Date: Tue, 22 Mar 1994 15:47:00 GMT From: chris.hind at MAVERICKBBS.COM(Chris Hind) Subject: File 2--Reply to "Clipper Paranoia" (CuD #6.26) This is my reply to: shadow at VORTEX.ITHACA.NY.US(bruce edwards) Subject--Opposing Clipper is "paranoia" with good Reason (Cu Digest, #6.26) >Its existence will make no difference at all. The very smart ones >may use PGP or something else, and again, clipper will be meaningless. We could easily build it into the net, making it impossible for the government to stop us. Sound like a good plan? >Because it will probably prove constitutionally impossible >to outlaw widespread private encryption -- something big brother finds >hard to swallow -- the clipper/encryption push seems to me to be about >another kettle of sharks. Completely true, encryption cannot be outlawed. The government is ripping itself off by giving us powerful encryption for personal use. But for the dark personal secrets, are we really gonna use the clip chip? Not me! I'll use PGP or something else. Criminals aren't going to use the chip unless they're really ignorant or blatantly idiotic. So the government is really spending lots of money to making our lines more secure from illegal phone tappers and such but not doing a thing for them. I believe we're getting the better part of the deal! Do they really want to listen in on phone calls to our relatives? I don't think so. I promote the Clipper Chip! Thanks for the free gift! T> In my opinion (and this I am sure is obvious to most everyone) the >encryption, bugging-port, e-mail reading agenda pursued by government >is no more than the first icy finger of the Empire, encircling the >throat of cyberspace. A little dramatic here? They might win the battle but they haven't won the war. The final battle will be when we establish a global Interactive Television system. Then it will pit the public against the US government and the allies it has in this dispute (if any). Nobody wants a video camera normally used for video conferencing to be watching them in their own living room without them even knowing it. By this time, people will know a lot more about this scheme and most likely the public will win this battle unless the majority of the population is as ignorant as a two year old child to the world around them. ------------------------------ Date: Wed, 30 Mar 94 13:24:38 PST From: dave at PCE1.HAC.COM(Dave Fandel) Subject: File 9--How Clipper Actually Works In all the anti-Clipper flaming that has been occuring I haven't seen anything about how Clipper actually works. I generated the following based on a lecture in a secure computer systems class I am taking. +---------------------------------------------------- Clipper Operations: Chip +----------------+ | | Message (M) -->| Algorithm (E) |--> Encrypted Message (B) = E [M] | Chip ID (ID) | K | Chip Key (U) | User Key (K) -->| Family Key (F) |--> Encrypted ID and Key (A) = | | E [ID | E [K]] +----------------+ F U Note: E [Q] means Encrypt Q with key R R +----------------------------------------------------------- The User Key is a session key that is generated by the two ends in the following manner: Side A Side B Generate a, X Generate Y a, X and Y are random # Send a and a^X ------> Receive a and a^X <------ Send a^Y Receive a^Y Generate K=(a^Y)^X Generate K=(a^X)^Y ie key K=a^(XY) So a, a^X, and a^Y can all be intercepted without giving away key. +---------------------------------------------------------------- So where does the government and the Key Escrow come into it? Note the 2nd output from the clipper chip - it is the ID of the chip and an encrypted version of the session key. The government will know the family key and can extract the ID. Then they go to the two escrow agencies (NIST and the Treasury Dept.) and get the two components of the chip key U. This allows the session key to be extracted and the message to be decrypted. Agency 1: ID and U(A) U(A) --+ OR --> U Agency 2: ID and U(B) U(B) --+ +------------------------------------------------------ General comments: 1. The Algorithm for the clipper chip is an NSA Type II algorithm called Skipjack. Type II is for unclassified, but sensitive. 2. If you could reprogram the Chip Key (U) or block the transmission of the encrypted ID and key this concept wouldn't be to bad. 3. The other point of vulnerability is at the manufacturing location where the Chip Key is originally generated. All 3 pieces of info (ID, U(A), and U(B)) have to be in the same place to generate the key. Dave Fandel dave at pce2.hac.com 3/30/94 If there is anything incorrect in this document please let me know. ------------------------------ 8<--------------------------- cut here ------------------------------ Cheers, _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From hughes at ah.com Thu Mar 31 08:36:59 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 31 Mar 94 08:36:59 PST Subject: Zero Knowledge Trust? (was Re: Very funny, Polyanna :-( [namespace pollution]) In-Reply-To: <9403302139.AA07928@toxicwaste.media.mit.edu> Message-ID: <9403311629.AA01618@ah.com> >However, all of these require some out-of-band communication to make >sure you have the real key. Unfortunately, *every* Privacy Enhanced >Mail system has this *feature* (or mis-feature, or bug, or however you >feel like looking at it). I feel like looking at it as a necessity. Every system for dissemination of public keys requires at least two paths of communication. If there is only one, an interposer can sever the connection graph of key assurances and create two different key worlds. Eric From ph at netcom.com Thu Mar 31 08:49:20 1994 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 31 Mar 94 08:49:20 PST Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199403311354.AA01893@zoom.bga.com> Message-ID: <199403311657.IAA29961@mail.netcom.com> Jim Choate writes: >> >> The Deutsch paper I quoted before was where I first heard of the Bekenstein >> Bound which Eric Hughes mentioned. According to Deutsch: >> >> "If the theory of the thermodynamics of black holes is trustworthy, no >> system enclosed by a surface with an appropriately defined area A can have >> more than a finite number ... > The problem I see with this is that there is no connection between a > black holes mass and surface area (it doesn't have one). In > reference to the 'A' in the above, is it the event horizon? A funny > thing about black holes is that as the mass increases the event > horizon gets larger not smaller (ie gravitational contraction). If I read the quote correctly, the surface area of the black hole itself is not under discussion. Rather, whether it can be contained in a surface with some area, which it can be. Peter From ecarp at netcom.com Thu Mar 31 10:26:40 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 31 Mar 94 10:26:40 PST Subject: crypto software/papers/docs CD -- is there any interest? In-Reply-To: <199403310616.WAA09826@mail.netcom.com> Message-ID: > I guess I concentrated on the "information/papers" part of your > proposal, as that's the only stuff that could really begin to need a > CD-ROM. (I think Bruce Schneier's source code diskettes fill less than > 3 MB, and contain documented, tested code.) Where can Bruce's code be found? I looked on the Dr. Dobbs FTP site, but it was nowhere to be found... :( From eb at sr.hp.com Thu Mar 31 10:28:19 1994 From: eb at sr.hp.com (Eric Blossom) Date: Thu, 31 Mar 94 10:28:19 PST Subject: Another view of the CFP In-Reply-To: <9403310316.AA18861@io.lrcs.loral.com> Message-ID: <9403311847.AA07309@srlr14.sr.hp.com> David Koontz writes: > The AT&T Surety Communications Voice/Data Terminal 4100 is > an STUIII with a type IIIe (e for export, read clipper) cryptographic > algorithm, the model numbers for type I and type II STUIIIs are series > 1000 and 2000 respectively. > Wow, I'm pretty sure I have some 4100 data sheets I got ~9 months ago that said the 4100 did not use clipper, but used some "proprietary" algorithm. The 3600 sheets I rcvd at the same time did make reference to clipper. I'll have to dig them out and check. > AT&T Surity (tm) > Voice/Data Terminal 4100 > For Sensitive, > Business Applications > > 4100 > > Specifications: ... > Security features > > - Clipper encryption algorthin - Display window for > - Secure Access Control authentification identification > System (SACS) - Information to create a call > - Auto-answer, auto-secure audit trail > - Active and passive terminal - Non-error propagating > zeroization - Plain text inhibit > Anybody know what SACS is? Eric Blossom From cme at sw.stratus.com Thu Mar 31 10:29:46 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Thu, 31 Mar 94 10:29:46 PST Subject: Is this list alive? Message-ID: <199403311844.NAA04532@galt.sw.stratus.com> >>> Is this mailing list still alive? >>> I do not get any message for about one week. >> >>Well, technically it's working. Just doesn't seem to be much traffic... >> >> Julf >> >> >es scheint, ich bin nicht der einzige der Probleme hat. Es kommen zwar rund >fuenfzig mail taeglich :-) hier an, aber manchmal fehlen Mails, zu denen >ich replys sehe. Hat wahrscheinlich mit der Umstellung der >Mailreflectorsoftware zu tun. Andreas, ich habe das auch gesehen. Aber, manchmal kommen die urspruengliche Mails *nach* den Replien (sp? :-). Vielleicht ist das immer das Problem. - Carl From emv at mail.msen.com Thu Mar 31 10:39:00 1994 From: emv at mail.msen.com (emv at mail.msen.com) Date: Thu, 31 Mar 94 10:39:00 PST Subject: [mccon@erim.org (Joe McConnell): Latest Headlines ] Message-ID: +===========================================================================+ | Copyright 1994 by Wood-Charles Associates. All rights reserved. | | WCA News is available on the Msen Gopher. | | gopher://gopher.msen.com/11/vendor/wca | +===========================================================================+ HEADLINES FROM THE NATION'S NEWS COMPILED BY DISINFORMATION SYSTEMS EDITOR, FAIRLY N. COHERENT BATF JUMPS ON ENCRYPTION BANDWAGON WASHINGTON: THE BUREAU OF ALCOHOL, TOBACCO, AND FIREARMS (THE ONLY FEDERAL AGENCY WHOSE NAME SOUNDS LIKE A SUPPLIES LIST FOR A HIGH SCHOOL PROM) IS GETTING INTO THE ENCRYPTION MANDATE GAME WITH ITS OWN VERSION OF A TAPPABLE-MESSAGE-MANGLER. BATF IS PUSHING FOR A DESIGN CALLED THE "WACO" CHIP WHICH WOULD ALLOW ATF AGENTS TO SMASH IN THE FRONT DOOR OF YOUR SYSTEM, ERASE ALL YOUR FILES, REFORMAT YOUR DRIVES, AND SEND ABUSIVE EMAIL TO YOUR CAT. THE ADMINISTRATION'S OFFICE OF CAVING IN TO LAW ENFORCEMENT AGENCIES ISSUED A STATEMENT SUPPORTING THE PROGRAM. NEW INTERNET PUBLICATIONS ON SHELVES ANN ARBOR: THE OUTPOURING OF PUBLIC INTEREST IN CONNECTIVITY HAS, PREDICTABLY, RESULTED IN A SPATE OF INTERNET BOOKS. AS YOU MIGHT EXPECT, THE FIRST CROP WERE MOSTLY INTRODUCTORY AND AIMED AT GENERAL AUDIENCES. NOW, HOWEVER, THE TITLES ARE BECOMING MORE NICHE-ORIENTED, WITH THE FOLLOWING NEW VOLUMES HITTING THE STORES NOW. THE INTERNET GUIDE FOR CATS: INCLUDES CHAPTERS ON "HOW TO SEND ONE OF YOUR OWNERS MAIL DENYING THAT THE OTHER ONE HAS REMEMBERED TO FEED YOU," "WALLOWING AROUND ON THE KEYBOARD: THE ULTIMATE ENCRYPTION SYSTEM?" AND "HOW TO TELL IF SOMEONE ON THE INTERNET REALLY _IS_ A DOG." EVERYTHING THE GOVERNOR OF MICHIGAN NEEDS TO KNOW ABOUT THE INTERNET: A LANDMARK IN NICHE MARKETING -- A BOOK AIMED AT ONE INDIVIDUAL READER. FEATURES: "GET RICH FAST! 1001 SCHEMES FOR FUNDING YOUR SCHOOL SYSTEM," AND "EVEN ON THE INTERNET, EVERYONE CAN TELL YOU'RE A MORON." LOCAL FIRM OFFERS ELECTRONIC DECOR ANN ARBOR: "SO YOU GOT THIS INFO HIGHWAY THING. SO YOU GOT PEOPLE DRIVING BY ON IT. SO WHAT YOU NEED IS SOMETHING FOR 'EM TO LOOK AT." SO SAYS THE PRESIDENT OF ZASTRONICS, INC., MAKERS OF ELECTRONIC LAWN ORNAMENTS. THE ZASTRONICS LINE FEATURES LITTLE KISSING EECS UNDERGRADS, BIG CONCRETE PARENT PROCESSES WITH A WHOLE STRING OF LITTLE CHILD PROCESSES FOLLOWING THEM AROUND, AND A LINE OF COY, PLYWOOD HOME PAGE BUTTS. "ON THE INTERNET, NO ONE CAN TELL THAT YOU'VE EATEN A TEMPEH BURGER," SAID AN OLD TOWN WAITPERSONAGE WHO CHARACTERIZED HIS PLACE OF EMPLOYMENT AS "KIND OF A SEA SHELL CITY ON THE INFO SUPERHIGHWAY." -30- ------- End of Forwarded Message From tcmay at netcom.com Thu Mar 31 10:52:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 31 Mar 94 10:52:19 PST Subject: crypto software/papers/docs CD -- is there any interest? In-Reply-To: Message-ID: <199403311909.LAA13231@mail.netcom.com> Ed Carp writes: > > I guess I concentrated on the "information/papers" part of your > > proposal, as that's the only stuff that could really begin to need a > > CD-ROM. (I think Bruce Schneier's source code diskettes fill less than > > 3 MB, and contain documented, tested code.) > > Where can Bruce's code be found? I looked on the Dr. Dobbs FTP site, but > it was nowhere to be found... :( > The back of his book contains ordering instructions. Diskettes are ordered direct from his company, Counterpane Systems. $30 for the 2-disk set, $90 for a 2-year subscription. There is no ftp site, for reasons I can only speculate on. Some wild guesses: 1. Schneier wanted to make money on the diskettes. He mentioned wanting to distribute the diskettes with the book, for a higher price, but was not able to. (Export issues feared.) 2. An ftp site would allow easy access to anyone in the world, even with the nonsensical "Yes, I am a U.S. citizen" screens. Perhaps the NSA folks urged him not to go this route. (Yes, the diskettes can similarly be ordered. Only U.S. and Canadia delivery sites are accepted. Easy to bypass. Mail forwarding services routinely do this.) Inasmuch as his code has been vetted by bieng discussed in his very popular book, "competitors" who offer their own collections, a la Mr. Harvey, may find it a tough sell. And, as I said in an earlier message, a lot of releases and waivers will have to be gotten. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From phantom at u.washington.edu Thu Mar 31 11:41:21 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Thu, 31 Mar 94 11:41:21 PST Subject: Sternlight update Message-ID: I know this isn't immediately pertinent, but I wanted to offer a pointer to sci.crypt. Currently a discussion of key lengths ("how long do {RSA|IDEA} keys have to be to be `safe'?") is going on; pretty interesting. Funny, I noticed a familiar name contributing (well, asking questions) and then _this_ post: ---------- Forwarded message ---------- From: strnlght at netcom.com (David Sternlight) Subject: Re: I concede the key length/cracking point. [...](matt) Finally, it's been suggested to me that the Clipper issue isn't about today, but about tomorrow,and that rich, smart cryptologic organizations may have no trouble today, but it's hoped that by the time tomorrow comes along, Clipper will be so widespread that non-Clipper can be handled by "other" means. In conclusion, I have to give a nod to the folks who are afraid non-Clipper might be banned some day: If in a few years widely available cheap machines (after all the roughly $1500 Power Mac is what, about 50 MHz?) make much longer keys easily feasible with short encryption/decryption times, then in a few years the government MIGHT actually want to ban non-escrowed crypto very badly. It would probably happen after the current Administration leaves office, making the current White House statements the literal truth for THIS administration. Alternatively, if the NSA has approaches we don't know about which mean that such longer keys are still vulnerable, then we might never see such a ban in the U.S. Note that it's possible to state the above carefully, non-hysterically, and without being offensive. Having taken a few hesitant steps down that path, a few things become clearer. For example the current effort in the Netherlands to ban non-escrowed crypto, and all crypto without permission, perhaps suggests that in the Netherlands they are there already--that is that their cryptologic capabilites aren't of an order comparable to some others and thus they have to face the "banning" decision now. Perhaps the same has been true for France for a while. We do have good reason to believe GCHQ is very advanced--we Americans have learned a thing or three from them, from what I read in the open literature. Thus it's possible the issue hasn't yet become critical in the U.K. Dunno about the Germans. It's possible that they got more from Hitler's former crypto experts than anyone knows and they are very advanced, or it's possible they have "special" relations with the U.S. or maybe even (this would be interesting) the U.K. of a kind that gives them capabilities the Dutch don't have. Given their forward position in the old Cold War days, it wouldn't surprise me. David -----------End Forwarded Message---------- Whoa! blew my mind. I think we finally got through to him. Now we'll have to finish brainwashing him (ready, tentacles?) and put him in a suit and tie. He can be our new spokesman. By the way, this isn't a fake mail -- he's been waltzing around like this for a week or so. matt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From mrs at tinac.com Thu Mar 31 12:37:54 1994 From: mrs at tinac.com (Mike Schenk) Date: Thu, 31 Mar 94 12:37:54 PST Subject: Cryptography banned in the Netherlands.... Message-ID: <9403312055.AA01131@the-hague> I wrote: > >But now the government is proposing a law that totally outlaws the use > >of encryption methods. > > >Any comments???? And hughes at ah.com (Eric Hughes) replied: > Yes. Find the coalition that has repeatedly prevented the imposition > of national identity cards, and educate them about cryptography. It's > much the same issue. Well, first of all, it seems that the identification requirement seems to have passed anyway. But it's not as strict as it was proposed. But you do have a point, it's the same issue, although I believe that completely banning the use of cryptography is an even bigger violation of civil rights than requiring the people that they should be able to show some ID at any time of the day. It's exactly the same coalition that argued against national identity cards that now just says that banning cryptography is not an interesting matter so they will not even join the debates. It looks like the biggest hope comes from the industry. Companies in the Netherlands really feel threatened by this ban on cryptography and I hope that they will be powerfull enough to stop this law. For once, the corporate lobby seems to be on the side of the people! Mike From koontzd at lrcs.loral.com Thu Mar 31 12:52:31 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Thu, 31 Mar 94 12:52:31 PST Subject: Data on clipper phones Message-ID: <9403312111.AA19122@io.lrcs.loral.com> >Subject: Another view of the CFP >From: Eric Blossom > >Wow, I'm pretty sure I have some 4100 data sheets I got ~9 months ago >that said the 4100 did not use clipper, but used some "proprietary" >algorithm. The 3600 sheets I rcvd at the same time did make reference >to clipper. I'll have to dig them out and check. > >> Security features >> >> - Clipper encryption algorithm - Display window for (sp) >> - Secure Access Control authentification identification >> System (SACS) - Information to create a call > >Anybody know what SACS is? > >Eric Blossom The data sheet is labeled 5/93. I received in in July 1993. I just called up a marketing guy at AT&T and asked. The 4100 is not available with clipper now, but should be available in late summer. It is unclear whether 4100s will be able to interoperate in clipper mode with other 4100s or just talk to 3600s in clipper mode. The clipper systems delivered to date are 3600s. The 4100 is currently available with one of two proprietary encryption algorithms, one for export. SACS is a screening mechanism to prevent you from going secure, except with expected callers. It also provides user and security level authentication. By definition, data transmission is not available on clipper phones now. From the FIPS Pub it is permissible (see the following). You'll have to wait to see if AT&T will produce a product that can this summer. The reason would not be that it is forbidden (its not), rather muddying of product definitions and competition between products. >From FIPS PUB 185: ... The SKIPJACK encryption/decryption algorithm has been approved for government applications requiring encryption of sensitive but unclassified data telecommunications as defined herein. The specific operations of the SKIPJACK algorithm and the LEAF creation method are classified and hence are referenced, but not specified, in this standard. Data for purposes of this standard includes voice, facsimile and computer information communicated in a telephone system. A telephone system for purposes of this standard is limited to a system which is circuit switched and operating at data rates of standard commercial modems over analog voice circuits or which uses basic-rate ISDN or a similar grade wireless service. From mpj at netcom.com Thu Mar 31 13:36:12 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Thu, 31 Mar 94 13:36:12 PST Subject: Blowfish is at csn.org//mpj In-Reply-To: Message-ID: <199403312156.NAA01205@netcom9.netcom.com> > Where can Bruce's code be found? I looked on the Dr. Dobbs FTP site, but > it was nowhere to be found... :( I snagged a copy of Bruce's Blowfish code from his sci.crypt posting and put it in ftp:csn.org//mpj/I_will_not_export/crypto_???????/blowfish/blowfish (see ftp:csn.org//mpj/README.MPJ for the ??????? and export warning). ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ |aka mpj at netcom.com mpjohnso at nyx.cs.du.edu mikej at exabyte.com| | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| From a-ophirr at microsoft.com Thu Mar 31 13:39:59 1994 From: a-ophirr at microsoft.com (Ophir Ronen (Rho)) Date: Thu, 31 Mar 94 13:39:59 PST Subject: FW: Our Tax dollars at work! (NOT a sick joke) Message-ID: <9403312159.AA16779@netmail2.microsoft.com> ---------- From: Setheni Davidson (CompuCom) Trust Congress? Not With This Unbelieveable Lair of Slop PC Computing, April 1994, page 88. By John C. Dvorak When Vice President Gore began talking about the Information Highway, we all knew the bureaucrats would get involved more than we might like. In fact, it may already be too late to stop a horrible Senate bill from becoming law. The moniker -- Information Highway -- itself seems to be responsible for SB #040194. Introduced by Senator Patrick Leahy, it's designed to prohibit anyone from using a public computer network (Information Highway) while the computer user is intoxicated. I know how silly this sounds, but Congress apparently thinks that being drunk on a highway is bad no matter what kind of highway it is. The bill is expected to pass this month. There already are rampant arguments as to how this proposed law can possibly be enforced. The FBI hopes to use it as an excuse to do routine wiretaps on any computer if there is any evidence that the owner "uses or abuses alcohol and has access to a modem." Note how it slips in the word 'uses'. This means if you've been seen drinking one lone beer, you can have your line tapped. Because this law would be so difficult to enforce, police officials are drooling over the prospect of easily obtaining permits to do wiretaps. Ask enforcement officials in Washington and they'll tell you the proposed law is idiotic, but none will oppose it. Check the classified ads in the "Washington Post" and you'll find the FBI, National Security Agency, and something called the Online Enforcement Agency (when did they set that up?) all soliciting experts in phone technology, specifically wiretapping. It gets worse. The Congressional Record of February 19, 1994, has a report that outlines the use of computerized BBSes, Internet, Inter-Relay Chat, and CompuServe CB as "propagating illicit sexual encounters and meetings between couples -- any of whom are underage... Even people purporting to routinely have sex with animals are present on these systems to foster their odd beliefs on the public-at-large." A rider on SB #040194 makes it a felony to discuss sexual matters on any public-access network, including the Internet, America Online, and CompuServe. I wondered how private companies such as America Online can be considered public-access networks, so I called Senator Barbara Boxer's office and talked to an aide, a woman named Felicia. She said the use of promotional cards that give away a free hour or two of service constitues public access. You know, like the ones found in the back of books or in modem boxes. She also told me most BBS systems fall under this proposed statute. When asked how they propose to enforce this law, she said it's not Congress's problem. "Enforcement works itself out over time," she said. The group fighting this moronic law is led by Jerome Bernstein of the Washington law firm of Bernstein, Bernstein and Knowles (the firm that first took Ollie North as a client). I couldn't get in touch with any of the co-sponsors of the bill (including Senator Ted Kennedy, if you can believe it!), but Bernstein was glad to talk. "These people have no clue about the Information Highway or what it does. The whole thing got started last Christmas during an antidrinking campaign in the Washington D.C., metro area," Bernstein said, "I'm convinced someone jokingly told Leahy's office about drunk driving on the Information High and the idea snowballed. These senators actually think there is a physical highway. Seriously, Senator Pat Moynihan asked me if you needed a driving permit to 'drive' a modem on the Information Highway! He has no clue what a modem is, and neither does the rest of Congress." According to Bernstein, the antisexual wording in the bill was attributed to Kennedy's office. "Kennedy thought that technology was leaving him behind, and he wanted to be perceived as more up-to-date technologically. He also though this would make amends for his alleged philandering." Unfortunately, the public is not much better informed than the Senate. The Gallup Organization, at the behest of Congress, is polling the public regarding intoxication while using a computer and online "hot chatting." The results are chilling. More than half of the public thinks that using a computer while intoxicated should be illegal! The results of the sexuality poll are not available. But one question, "Should a teenage boy be encouraged to pretend he is a girl while chatting with another person online?" has civil rights activists alarmed. According to Kevin Avril of the ACLU, "This activity doesn't even qualify as virtual cross-dressing. Who cares about this stuff? What are we going to do? Legislate an anti-boys-will-be-boys law? It sets a bad precedent." I could go on and on with quotes and complaints from people regarding this bill. But most of the complaints are getting nowhere. Pressure groups, such as one led by Baptist ministers from De Kalb County, Georgia, are supporting the law with such vehemence that they've managed to derail an effort by modem manufacturers (the biggest being Georgia-based Hayes) to lobby against the law. "Who wants to come out and support drunkenness and computer sex?" asked a congressman who requested anonymity. So, except for Bernstein, Bernstein, and Knowles, and a few members of the ACLU, there is nothing to stop this bill from becoming law. You can register your protests with your congressperson or Ms. Lirpa Sloof in the Senate Legislative Analysts Office. Her name spelled backward says it all. From jgross at microsoft.com Thu Mar 31 13:58:21 1994 From: jgross at microsoft.com (Jeff Gross) Date: Thu, 31 Mar 94 13:58:21 PST Subject: Our Tax dollars at work! (NOT a sick joke) Message-ID: <9403312218.AA17305@netmail2.microsoft.com> Get real! Lirpa Sloof spelled backwards is April Fools. You're right, it's not a sick joke, it's an April Fools joke. ---------- > From: Ophir Ronen (Rho) > To: Eric Geyser (Computer People); cypherpunks at toad.com; Jeff Gross; Ofer Bar; > Greg Malinski (Apex PC Solutions) > Subject: FW: Our Tax dollars at work! (NOT a sick joke) > Date: Thursday, March 31, 1994 1:56PM > > > > > ---------- > From: Setheni Davidson (CompuCom) > > Trust Congress? Not With This Unbelieveable Lair of Slop > PC Computing, April 1994, page 88. > By John C. Dvorak > > When Vice President Gore began talking about the Information Highway, we > all knew the bureaucrats would get involved more than we might like. In > fact, it may already be too late to stop a horrible Senate bill from > becoming law. > > The moniker -- Information Highway -- itself seems to be responsible for SB > #040194. Introduced by Senator Patrick Leahy, it's designed to prohibit > anyone from using a public computer network (Information Highway) while the > computer user is intoxicated. I know how silly this sounds, but Congress > apparently thinks that being drunk on a highway is bad no matter what kind > of highway it is. The bill is expected to pass this month. > > There already are rampant arguments as to how this proposed law can > possibly be enforced. The FBI hopes to use it as an excuse to do routine > wiretaps on any computer if there is any evidence that the owner "uses or > abuses alcohol and has access to a modem." Note how it slips in the word > 'uses'. This means if you've been seen drinking one lone beer, you can have > your line tapped. > > Because this law would be so difficult to enforce, police officials are > drooling over the prospect of easily obtaining permits to do wiretaps. Ask > enforcement officials in Washington and they'll tell you the proposed law is > idiotic, but none will oppose it. Check the classified ads in the > "Washington Post" and you'll find the FBI, National Security Agency, and > something called the Online Enforcement Agency (when did they set that up?) > all soliciting experts in phone technology, specifically wiretapping. > > It gets worse. The Congressional Record of February 19, 1994, has a report > that outlines the use of computerized BBSes, Internet, Inter-Relay Chat, and > CompuServe CB as "propagating illicit sexual encounters and meetings > between couples -- any of whom are underage... Even people purporting to > routinely have sex with animals are present on these systems to foster their > odd beliefs on the public-at-large." A rider on SB #040194 makes it a felony > to discuss sexual matters on any public-access network, including the > Internet, America Online, and CompuServe. > > I wondered how private companies such as America Online can be considered > public-access networks, so I called Senator Barbara Boxer's office and > talked to an aide, a woman named Felicia. She said the use of promotional > cards that give away a free hour or two of service constitues public access. > You know, like the ones found in the back of books or in modem boxes. She > also told me most BBS systems fall under this proposed statute. When asked > how they propose to enforce this law, she said it's not Congress's problem. > "Enforcement works itself out over time," she said. > > The group fighting this moronic law is led by Jerome Bernstein of the > Washington law firm of Bernstein, Bernstein and Knowles (the firm that > first took Ollie North as a client). I couldn't get in touch with any > of the co-sponsors of the bill (including Senator Ted Kennedy, if you > can believe it!), but Bernstein was glad to talk. "These people have no > clue about the Information Highway or what it does. The whole thing got > started last Christmas during an antidrinking campaign in the Washington > D.C., metro area," Bernstein said, "I'm convinced someone jokingly told > Leahy's office about drunk driving on the Information High and the idea > snowballed. These senators actually think there is a physical highway. > Seriously, Senator Pat Moynihan asked me if you needed a driving permit > to 'drive' a modem on the Information Highway! He has no clue what a > modem is, and neither does the rest of Congress." > > According to Bernstein, the antisexual wording in the bill was attributed > to Kennedy's office. "Kennedy thought that technology was leaving him > behind, and he wanted to be perceived as more up-to-date technologically. > He also though this would make amends for his alleged philandering." > > Unfortunately, the public is not much better informed than the Senate. > The Gallup Organization, at the behest of Congress, is polling the > public regarding intoxication while using a computer and online "hot > chatting." The results are chilling. More than half of the public thinks > that using a computer while intoxicated should be illegal! The results > of the sexuality poll are not available. But one question, "Should a > teenage boy be encouraged to pretend he is a girl while chatting with > another person online?" has civil rights activists alarmed. According > to Kevin Avril of the ACLU, "This activity doesn't even qualify as > virtual cross-dressing. Who cares about this stuff? What are we going > to do? Legislate an anti-boys-will-be-boys law? It sets a bad > precedent." > > I could go on and on with quotes and complaints from people regarding > this bill. But most of the complaints are getting nowhere. Pressure > groups, such as one led by Baptist ministers from De Kalb County, > Georgia, are supporting the law with such vehemence that they've managed > to derail an effort by modem manufacturers (the biggest being > Georgia-based Hayes) to lobby against the law. "Who wants to come out > and support drunkenness and computer sex?" asked a congressman who > requested anonymity. > > So, except for Bernstein, Bernstein, and Knowles, and a few members of > the ACLU, there is nothing to stop this bill from becoming law. You can > register your protests with your congressperson or Ms. Lirpa Sloof in > the Senate Legislative Analysts Office. Her name spelled backward says > it all. > > > From tcmay at netcom.com Thu Mar 31 14:10:05 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 31 Mar 94 14:10:05 PST Subject: Collapse of the Wave Function Predicted, Timing Uncertain In-Reply-To: <9403312159.AA16779@netmail2.microsoft.com> Message-ID: <199403312230.OAA04421@mail.netcom.com> Ophir Ronen has forwarded us the Dvorak article. I had planned to wait until midnight to reply, but, hey, it's past midnight _someplace_. Ophir titles his post "Our Tax dollars at work! (NOT a sick joke)," but the situation is actually much grimmer than what Dvorak wrote about: > From: Setheni Davidson (CompuCom) > > Trust Congress? Not With This Unbelieveable Lair of Slop > PC Computing, April 1994, page 88. > By John C. Dvorak > > The moniker -- Information Highway -- itself seems to be responsible for SB > #040194. Introduced by Senator Patrick Leahy, it's designed to prohibit > anyone from using a public computer network (Information Highway) while the > computer user is intoxicated. I know how silly this sounds, but Congress ....rest of Dvorak's April column elided.. Further provisions: - Speaking on telephones while intoxicated (.03% blood alchohol level) is also illegal, as the slurred speech interferes with normal voice recognition and tracking software the NSA runs. "Speak clearly into the microphone." - Writing software while on drugs, apparently a longstanding practice amongst some segments of the hacker community, is banned. As Professor Denning puts it: "Drugs and code don't mix. This is what got us into this whole crypto mess in the first place." - Encrypting while drunk is specifically forbidden. Apparently recent work in the Cryptologic Science Section of the Agency, and since confirmed by noted Russian quantum theorist Dmitri Jokovich, is that careless use of RSA and other NP-confusing algorithms could produce superluminal effect-before-cause cryptoquantum fluctuations. Based on the Choate Effect, these fluctuations could cause the collapse of the universal wave function! - To ensure that illegal knowledge is no longer carelessly distributed, and following the example set by our Canadian brothers (who have limited distribution of several newsgroups related to the Karla Homulka and Paul Teale matter), the following newsgroups are now declared contraband in the United States: sci.crypt talk.politics.crypto alt.clipper alt.fan.david-sternlight alt.fan.dorothy-denning alt.fan.clint-brooks alt.fan.john-dvorak Have a nice day. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From gtoal at an-teallach.com Thu Mar 31 14:56:44 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 31 Mar 94 14:56:44 PST Subject: Our Tax dollars at work! (NOT a sick joke) Message-ID: <199403312315.AAA25668@an-teallach.com> :Get real! Lirpa Sloof spelled backwards is April Fools. You're right, :it's not a sick joke, it's an April Fools joke. :> Trust Congress? Not With This Unbelieveable Lair of Slop |||||||||||| :> The moniker -- Information Highway -- itself seems to be responsible for SB :> #040194. Introduced by Senator Patrick Leahy, it's designed to prohibit ||||||| :> to Kevin Avril of the ACLU, "This activity doesn't even qualify as ||||| :> register your protests with your congressperson or Ms. Lirpa Sloof in ||||||||||| Gosh, we're slow today kids... G From pgpkeys at wasabi.io.com Thu Mar 31 17:15:58 1994 From: pgpkeys at wasabi.io.com (PGP Slave Key Server) Date: Thu, 31 Mar 94 17:15:58 PST Subject: Update to finger keyserver at wasabi.io.com Message-ID: <199403311907.TAA03887@wasabi.io.com> Following suggestions on the net, the wasabi.io.com keyserver has been upgraded to allow arbitrary comments to be attached to public keys in the archive. This is primarily for the benefit of people who lost their master keyring and had not prepared a revocation certificate in advance. For an example of how this might be used, try finger 0x445051 at wasabi.io.com finger 0xbdfe4d at wasabi.io.com As you see, the key is still returned. It is up to you to read the attached comments and to decide not to use the key. This solution to the lost key problem was chosen in order to prevent a denial of service attack on the keyservers. Anyone who wishes their key to be revoked in this way, please post publicly to alt.security.pgp The Mgt. From blancw at microsoft.com Thu Mar 31 17:37:59 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 31 Mar 94 17:37:59 PST Subject: Quantum Physics Message-ID: <9404010138.AA22709@netmail2.microsoft.com> So, Jim, I figured the whole thing out and just had to share with you the fact that apparently, This doesn't have anything to do with That Here doesn't have anything to do with There and neither does These with Those I think it's a Principle of some kind. :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) :>) Blanc From wcs at anchor.ho.att.com Thu Mar 31 20:06:36 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 31 Mar 94 20:06:36 PST Subject: Collapse of the Wave Function Predicted, Timing Uncertain Message-ID: <9404010405.AA14680@anchor.ho.att.com> > - Writing software while on drugs, apparently a longstanding practice > amongst some segments of the hacker community, is banned. As Professor > Denning puts it: "Drugs and code don't mix. This is what got us into > this whole crypto mess in the first place." Wait - they're not including *caffeine* are they? No way! It's a Commie Plot to decaffeinate our Precious Bodily Fluids, and down-right Un-American! (Or un-Colombian, or un-something!) Mr. Coffee From wcs at anchor.ho.att.com Thu Mar 31 20:20:23 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 31 Mar 94 20:20:23 PST Subject: the rest of the key Message-ID: <9404010412.AA15384@anchor.ho.att.com> > Oh yes, and the guy who is asking the spooks about the technical stuff - > be sure to find out where this 80-bit random number comes from and > where it goes when it's been used... Anyone who knows the split-pattern > only needs to subvert *one* of the escrow agencies. The Key Generation Bureau plans which Dorothy Denning originally broadcast (the NSA has since said they've changed, but not said what to) worked somewhere along the lines of: - the two keymaster agencies each bring some keying material to the vault. - the NSA guy puts them into his laptop, and runs a bunch of calculations like serialno += 1 string = SkipjackE(K1, SkipjackD(K2, SkipjackE(K1, serialno))) E1 = scroungebits1(string) E2 = scroungebits2(string) Key = E1 XOR E2 Burn Key into chip, store En on Keymastern's floppy repeat for entire batch nuke the laptop pay no attention to the man behind the curtain. From ub075 at freenet.victoria.bc.ca Thu Mar 31 20:54:42 1994 From: ub075 at freenet.victoria.bc.ca (Ryan A. Perkins) Date: Thu, 31 Mar 94 20:54:42 PST Subject: Collapse of the Wave Function Predicted, Timing Uncertain Message-ID: <9404010456.AA16858@freenet.victoria.bc.ca> >- Encrypting while drunk is specifically forbidden. Apparently recent >work in the Cryptologic Science Section of the Agency, and since >confirmed by noted Russian quantum theorist Dmitri Jokovich, is that >careless use of RSA and other NP-confusing algorithms could produce >superluminal effect-before-cause cryptoquantum fluctuations. Based on >the Choate Effect, these fluctuations could cause the collapse of the >universal wave function! The other problem with encrypting while drunk, is that the cleartext is impossible to decrypt, because it doesn't make any sense in the first place... even with the right key, it looks something like this: Esopbew rje sruha ro,,peiw. :) -- Ryan Perkins - 1:340/13 | I feel that suicide jumpers see a glimpse of ub075 at freenet.victoria.bc.ca | sanity as they throw themselves from the ledge. Ask for PGP 2.3 public key | That's why they scream all the way down. 8C5357 : 9F FF BA 93 54 D5 18 78 4B 1E DA GC E3 4E From hughes at ah.com Thu Mar 31 21:26:18 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 31 Mar 94 21:26:18 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <9403312055.AA01131@the-hague> Message-ID: <9404010512.AA02510@ah.com> >And hughes at ah.com (Eric Hughes) replied: >> Yes. Find the coalition that has repeatedly prevented the imposition >> of national identity cards, and educate them about cryptography. It's >> much the same issue. >It's exactly the same coalition that argued against national identity >cards that now just says that banning cryptography is not an interesting >matter so they will not even join the debates. This is where the education part comes in. Start with the most widely heard members. Eric From ebrandt at jarthur.cs.hmc.edu Thu Mar 31 21:55:28 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 31 Mar 94 21:55:28 PST Subject: anon-mail article in LA Times Message-ID: <9404010555.AA26792@toad.com> Today's L.A. Times had an article, on the front page of the Business section, on the hazards and benefits of anonymous e-mail. It opened with a narrative concerning a fictional ("composite") company whose internal cover-up of project failures was blown by anonymous mail. There are some quotes saying that it bypasses hierarchical stupidity, and some saying that it's for gutless harassers. The article mentions the situation on the Internet, including the basics of remailer mechanics (no addresses, though). Pretty good article, with less than the usual amount of confusion. Is the author on the list? Eli ebrandt at hmc.edu From hfinney at shell.portal.com Thu Mar 31 23:10:40 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 31 Mar 94 23:10:40 PST Subject: Traceable Digicash? Message-ID: <199404010711.XAA19280@jobe.shell.portal.com> The Magic Money digital cash system, which is based on one of the earliest papers on electronic cash, is traceable. That is, the payer can collude with the bank and together they can recognize when the payed-out cash is turned in. In some situations, this could be beneficial. If people have bank accounts in their True Names, or are otherwise physically traceable when they turn in money, then if someone steals cash or otherwise uses coercion to acquire it, then they will not be able to turn it in without being caught. Virtually all of the digital cash proposals that I am aware of have this property. They protect the payer's privacy very strongly, but they don't offer much protection to the payee. Technically it is difficult to protect the payee because the cash would have to be changed while in his hands so that it is not recognizable to either the bank or the payer. This would require two re-blinding operations, one by the payer and one by the payee, and it is hard to have a system which could do this and still detect double- spending. People might want to think about the pros and cons of traceable cash. It could limit some possible applications. On the other hand, it may be good to help prevent coercion. One of the cash papers (I can't remember which one) mentioned this as an explicit advantage of the cash that was proposed. Does anyone know of any cash systems which protect the payee's privacy? Hal From catalyst-remailer at netcom.com Thu Mar 31 23:37:22 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Thu, 31 Mar 94 23:37:22 PST Subject: anon-mail article in LA Times Message-ID: <199404010738.XAA27957@mail.netcom.com> The Los Angeles Times Thursday, March 31, 1994, p.B1, Business Innovation Pros and Cons of Anonymous Corporate E-Mail By Michael Schrage XYZ Corp. (not its real name) has a problem that's driving top management crazy. A rogue piece of software has appeared that lets employees send electronic mail messages anonymously. There's been a rash of sexually suggestive -- and even obscene -- e-mail sent to several female employees. Unpopular managers have received insulting e-mail appraisals of their style and performance. More ominously, several messages have been broadcast detailing serious problems with several of XYZ's key projects. These were setbacks that had previously been the secret of top management but, thanks to XYZ's global network, have now been instantly distributed worldwide to launch hundreds of e-mail queries and thousands of water- cooler conversations. Like kerosene poured on a fire, this act of e-mail anonymity has ignited once-smoldering resentments into openly burning issues. While half the company is thrilled that anonymity has caused these problems to surface for corporate-wide discussion, the other half is furious that the leakers can't be found and punished. Ultimately, XYZ's top management pulled the plug on its global e- mail system, rewrote the network software to assure that all messages can be tracked at least two ways and issued an edict that absolutely forbids anonymous messages. The traffic that now flows on XYZ's network is excruciatingly polite. This XYZ Corp. example is hardly fictitious; it's an unhappy composite of real-world confrontations that recently occurred in several Fortune 1,000 companies. More than any other e-mail issue, the anonymity option provokes the most heated debate in organizational network design. The right to e-mail anonymity strikes at the very heart of values that organizations either cherish or try to suppress. Some organizations see anonymity as a healthy, essential part of their internal dialogue, a mechanism that promotes free and unfettered comment. Others see anonymity as a sleazy virtual mask that lets corporate mischief makers and malcontents get away with cheap shots at people who have the guts to sign their names to their messages. At one giant aerospace manufacturer, for example, managers are positively grateful that their brainstorming software encourages anonymous contributions. "If we had to attach our names to our suggestions, I think people would be less forthcoming," insists one engineer there who, yes, asks no to be identified. The culture of the company, he argues, makes it difficult for younger engineers to publicly make comments critical of senior engineering decisions. The fact that software anonymity effectively subsidizes the existing culture rather than encouraging a more open and honest exchange of ideas is dismissed as politically unrealistic. "Have you lost your mind?" the engineer asks. The anonymity issue becomes even more intense when one considers the speed at which organizations are linking their e-mail networks together in hopes of creating "virtual" corporations and accelerating the flow of vital data. Companies are hooking up with key customers and suppliers. Suppose at the customer network, anonymous messages are permitted and even encouraged; at the supplier, they're strictly forbidden. When these two companies collaborate on a project, whose e-mail protocol should win? Ironically, the ability to communicate via e- mail may lead more to a hostile clash of values than to the desired goal of better communications. Privacy is relative; anonymity is an absolute. So how does the Internet, the world's biggest and best e-mail network, handle this thorny issue? In fact, it is "illegal" and technically impossible to send an Internet message without a "return address," i.e., without some sort of identifying header. Nevertheless, the Internet has become a hotbed of detailed, intimate and absolutely anonymous communications. Indeed, there is a whistle-blowers Usenet group on the Internet -- a kind of forum -- as well as a support group for victims of sexual abuse. Is it in the best interests of these participants to be readily identifiable? These groups depend on anonymous communications. Market forces have created innovations for anonymity. Because there is a demand for anonymity on the Internet, there is now a supply of anonymity on the Internet. Individuals can send their messages to "remailers" that can strip out the headers containing the authentic return address. These remailers, in turn, can send the messages on to other remailers. In other words, Internet remailers can "launder" messages on the road to their intended destinations in ways that completely obliterate their origins. A company that's on the Internet could use remailers to send e- mail or post messages anonymously, but there are no known Fortune 500 companies that provide such remailers internally. Essentially, the rise of e-mail is forcing companies to decide explicitly what kind of values they want their networks to embody. Should employees be allowed or encouraged to send anonymous e-mail? Or should it be strictly forbidden? Or is there a middle way that creates bulletin boards or other e-mail "Democracy Walls" where individuals can safely post their comments? Whatever the answer to these questions, more and more organizations are painfully becoming aware that their new networks can raise cultural tensions just as easily as they create economic efficiencies. +------------------------------------------------------------------------+ | Michael Schrage is a writer, consultant and research associate at the | | Massachusetts Institute of Technology. He writes this column | | independently for The Times. He can be reached at schrage at latimes.com | | by electronic mail via the Internet. | +------------------------------------------------------------------------+ From jkreznar at ininx.com Thu Mar 31 23:52:34 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Thu, 31 Mar 94 23:52:34 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <9403302049.AA01890@the-hague> Message-ID: <9404010752.AA05258@ininx> -----BEGIN PGP SIGNED MESSAGE----- > I have always thought that the Netherlands was a very liberal country. > But now the government is proposing a law that totally outlaws the use > of encryption methods. Actually, these are quite consistent. Much of the ``liberal'' agenda relies on government, whether to impose taxes to support welfare, or to enforce political correctness, or whatever. But the continued effectiveness of government (and other large institutions) is threatened by strong cryptography. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZvR98Dhz44ugybJAQEOvgP/fdC/EIrFinCitRUR5pfmFn6wisVfiqtz 2U/WSk3FqX8o06amJ219iEIPJ4O7GTHU+xhGRHdXTw/JUoI7bMNDwazKIQ9R3TDo 6JapjXPTJWTTB/og5H8n19moT8VJribgx1UeWH4nP5yDuTeuZjb2Vt/XhWQPxqoK XqPYUDUf1b8= =Wovx -----END PGP SIGNATURE-----